|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70985 segfault
Submitted: 2015-11-27 13:56 UTC Modified: 2015-12-06 04:22 UTC
Avg. Score:4.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: danjou dot philippe at yahoo dot de Assigned:
Status: No Feedback Package: FPM related
PHP Version: 7.0.0RC8 OS: Debian 8.1 Jessie
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2015-11-27 13:56 UTC] danjou dot philippe at yahoo dot de
Sorry I have only limited information, I saw many segfaults in dmesg. Usually for a short time every minute and then not for hours. I don't know which part of the code causes this (huge drupal site). Here is a gdb backtrace of a coredump.

#0  0x00007fb00fca9cc9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007fb00fcad0d8 in __GI_abort () at abort.c:89
#2  0x00007fb00fca2b86 in __assert_fail_base (fmt=0x7fb00fdf3830 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
    assertion=assertion@entry=0x11cb4e0 "(ref)->gc.u.v.type == 7 || (ref)->gc.u.v.type == 8", file=file@entry=0x11cb4b8 "/opt/php-7.0.0RC8/Zend/zend_gc.c", 
    line=line@entry=226, function=function@entry=0x11cb5f0 <__PRETTY_FUNCTION__.10153> "gc_possible_root") at assert.c:92
#3  0x00007fb00fca2c32 in __GI___assert_fail (assertion=0x11cb4e0 "(ref)->gc.u.v.type == 7 || (ref)->gc.u.v.type == 8", 
    file=0x11cb4b8 "/opt/php-7.0.0RC8/Zend/zend_gc.c", line=226, function=0x11cb5f0 <__PRETTY_FUNCTION__.10153> "gc_possible_root") at assert.c:101
#4  0x0000000000b660f7 in gc_possible_root (ref=0x7fafffae39c0) at /opt/php-7.0.0RC8/Zend/zend_gc.c:226
#5  0x0000000000b42556 in gc_check_possible_root (z=0x7fb004a8f7c0) at /opt/php-7.0.0RC8/Zend/zend_gc.h:136
#6  0x0000000000b425b4 in i_zval_ptr_dtor (zval_ptr=0x7fb004a8f7c0, __zend_filename=0x11c91d0 "/opt/php-7.0.0RC8/Zend/zend_hash.c", __zend_lineno=1305)
    at /opt/php-7.0.0RC8/Zend/zend_variables.h:60
#7  0x0000000000b468dd in zend_array_destroy (ht=0x7fb004a85480) at /opt/php-7.0.0RC8/Zend/zend_hash.c:1305
#8  0x0000000000b2a7d4 in _zval_dtor_func_for_ptr (p=0x7fb004a85480, __zend_filename=0x11c5f88 "/opt/php-7.0.0RC8/Zend/zend_opcode.c", __zend_lineno=377)
    at /opt/php-7.0.0RC8/Zend/zend_variables.c:96
#9  0x0000000000b199d3 in _zval_ptr_dtor_nogc (zval_ptr=0x7fb004a70e40, __zend_filename=0x11c5f88 "/opt/php-7.0.0RC8/Zend/zend_opcode.c", __zend_lineno=377)
    at /opt/php-7.0.0RC8/Zend/zend_variables.h:50
#10 0x0000000000b1abba in destroy_op_array (op_array=0x7fb004a2a448) at /opt/php-7.0.0RC8/Zend/zend_opcode.c:377
#11 0x0000000000b19dc4 in zend_function_dtor (zv=0x7fb004c83a80) at /opt/php-7.0.0RC8/Zend/zend_opcode.c:124
#12 0x0000000000b4660d in zend_hash_destroy (ht=0x7fb004a23350) at /opt/php-7.0.0RC8/Zend/zend_hash.c:1242
#13 0x0000000000b1a80d in destroy_zend_class (zv=0x7fff9d316080) at /opt/php-7.0.0RC8/Zend/zend_opcode.c:289
#14 0x0000000000b45c81 in _zend_hash_del_el_ex (ht=0x1bb8040, idx=348, p=0x1f94a00, prev=0x0) at /opt/php-7.0.0RC8/Zend/zend_hash.c:992
#15 0x0000000000b45d4c in _zend_hash_del_el (ht=0x1bb8040, idx=348, p=0x1f94a00) at /opt/php-7.0.0RC8/Zend/zend_hash.c:1016
#16 0x0000000000b475e8 in zend_hash_reverse_apply (ht=0x1bb8040, apply_func=0xb117ff <clean_non_persistent_class>) at /opt/php-7.0.0RC8/Zend/zend_hash.c:1594
#17 0x0000000000b1340d in shutdown_executor () at /opt/php-7.0.0RC8/Zend/zend_execute_API.c:367
#18 0x0000000000b2e179 in zend_deactivate () at /opt/php-7.0.0RC8/Zend/zend.c:967
#19 0x0000000000a6da21 in php_request_shutdown (dummy=0x0) at /opt/php-7.0.0RC8/main/main.c:1810
#20 0x0000000000c0e991 in main (argc=3, argv=0x7fff9d316908) at /opt/php-7.0.0RC8/sapi/fpm/fpm/fpm_main.c:1972


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2015-11-27 13:57 UTC] danjou dot philippe at yahoo dot de
I forgot to mention that I had segfaults also in PHP 5.6.14 and 7RC7, probably same cause.
 [2015-11-27 14:06 UTC]
-Status: Open +Status: Feedback
 [2015-11-27 14:06 UTC]
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

please try to find a script to reproduce this, otherwise we can not do much things here.

especially this seems a user after free problems.
 [2015-12-06 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 [2016-02-13 01:23 UTC] matej21 at matej21 dot cz
Hi, I have the same issue. It only happens to me with fpm (or at least not in a cli) and only with debug build. My php version is 7.0.3

I was able to isolate it:

class Foo
	private $bar;

	public function __construct($bar)
		$this->bar = $bar;

class Bar
	private $foo;

	private $obj;

	public function run()
		$this->foo = new Foo($this);
		$this->obj = (object) [[]];


$bar = new Bar();
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat Jul 31 04:01:24 2021 UTC