PHP :: Bug #70985 :: segfault

Bug #70985

segfault

Submitted:

2015-11-27 13:56 UTC

Modified:

2015-12-06 04:22 UTC

Votes:	2
Avg. Score:	4.5 ± 0.5
Reproduced:	2 of 2 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

danjou dot philippe at yahoo dot de

Assigned:

Status:

No Feedback

Package:

FPM related

PHP Version:

7.0.0RC8

OS:

Debian 8.1 Jessie

Private report:

CVE-ID:

None

View Developer Edit

[2015-11-27 13:56 UTC] danjou dot philippe at yahoo dot de

Description:
------------
Sorry I have only limited information, I saw many segfaults in dmesg. Usually for a short time every minute and then not for hours. I don't know which part of the code causes this (huge drupal site). Here is a gdb backtrace of a coredump.

#0  0x00007fb00fca9cc9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007fb00fcad0d8 in __GI_abort () at abort.c:89
#2  0x00007fb00fca2b86 in __assert_fail_base (fmt=0x7fb00fdf3830 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
    assertion=assertion@entry=0x11cb4e0 "(ref)->gc.u.v.type == 7 || (ref)->gc.u.v.type == 8", file=file@entry=0x11cb4b8 "/opt/php-7.0.0RC8/Zend/zend_gc.c", 
    line=line@entry=226, function=function@entry=0x11cb5f0 <__PRETTY_FUNCTION__.10153> "gc_possible_root") at assert.c:92
#3  0x00007fb00fca2c32 in __GI___assert_fail (assertion=0x11cb4e0 "(ref)->gc.u.v.type == 7 || (ref)->gc.u.v.type == 8", 
    file=0x11cb4b8 "/opt/php-7.0.0RC8/Zend/zend_gc.c", line=226, function=0x11cb5f0 <__PRETTY_FUNCTION__.10153> "gc_possible_root") at assert.c:101
#4  0x0000000000b660f7 in gc_possible_root (ref=0x7fafffae39c0) at /opt/php-7.0.0RC8/Zend/zend_gc.c:226
#5  0x0000000000b42556 in gc_check_possible_root (z=0x7fb004a8f7c0) at /opt/php-7.0.0RC8/Zend/zend_gc.h:136
#6  0x0000000000b425b4 in i_zval_ptr_dtor (zval_ptr=0x7fb004a8f7c0, __zend_filename=0x11c91d0 "/opt/php-7.0.0RC8/Zend/zend_hash.c", __zend_lineno=1305)
    at /opt/php-7.0.0RC8/Zend/zend_variables.h:60
#7  0x0000000000b468dd in zend_array_destroy (ht=0x7fb004a85480) at /opt/php-7.0.0RC8/Zend/zend_hash.c:1305
#8  0x0000000000b2a7d4 in _zval_dtor_func_for_ptr (p=0x7fb004a85480, __zend_filename=0x11c5f88 "/opt/php-7.0.0RC8/Zend/zend_opcode.c", __zend_lineno=377)
    at /opt/php-7.0.0RC8/Zend/zend_variables.c:96
#9  0x0000000000b199d3 in _zval_ptr_dtor_nogc (zval_ptr=0x7fb004a70e40, __zend_filename=0x11c5f88 "/opt/php-7.0.0RC8/Zend/zend_opcode.c", __zend_lineno=377)
    at /opt/php-7.0.0RC8/Zend/zend_variables.h:50
#10 0x0000000000b1abba in destroy_op_array (op_array=0x7fb004a2a448) at /opt/php-7.0.0RC8/Zend/zend_opcode.c:377
#11 0x0000000000b19dc4 in zend_function_dtor (zv=0x7fb004c83a80) at /opt/php-7.0.0RC8/Zend/zend_opcode.c:124
#12 0x0000000000b4660d in zend_hash_destroy (ht=0x7fb004a23350) at /opt/php-7.0.0RC8/Zend/zend_hash.c:1242
#13 0x0000000000b1a80d in destroy_zend_class (zv=0x7fff9d316080) at /opt/php-7.0.0RC8/Zend/zend_opcode.c:289
#14 0x0000000000b45c81 in _zend_hash_del_el_ex (ht=0x1bb8040, idx=348, p=0x1f94a00, prev=0x0) at /opt/php-7.0.0RC8/Zend/zend_hash.c:992
#15 0x0000000000b45d4c in _zend_hash_del_el (ht=0x1bb8040, idx=348, p=0x1f94a00) at /opt/php-7.0.0RC8/Zend/zend_hash.c:1016
#16 0x0000000000b475e8 in zend_hash_reverse_apply (ht=0x1bb8040, apply_func=0xb117ff <clean_non_persistent_class>) at /opt/php-7.0.0RC8/Zend/zend_hash.c:1594
#17 0x0000000000b1340d in shutdown_executor () at /opt/php-7.0.0RC8/Zend/zend_execute_API.c:367
#18 0x0000000000b2e179 in zend_deactivate () at /opt/php-7.0.0RC8/Zend/zend.c:967
#19 0x0000000000a6da21 in php_request_shutdown (dummy=0x0) at /opt/php-7.0.0RC8/main/main.c:1810
#20 0x0000000000c0e991 in main (argc=3, argv=0x7fff9d316908) at /opt/php-7.0.0RC8/sapi/fpm/fpm/fpm_main.c:1972

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-11-27 13:57 UTC] danjou dot philippe at yahoo dot de

I forgot to mention that I had segfaults also in PHP 5.6.14 and 7RC7, probably same cause.

[2015-11-27 14:06 UTC] laruence@php.net

-Status: Open +Status: Feedback

[2015-11-27 14:06 UTC] laruence@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc. If the script requires a 
database to demonstrate the issue, please make sure it creates 
all necessary tables, stored procedures etc.

Please avoid embedding huge scripts into the report.

please try to find a script to reproduce this, otherwise we can not do much things here.

especially this seems a user after free problems.

[2015-12-06 04:22 UTC] php-bugs at lists dot php dot net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.

[2016-02-13 01:23 UTC] matej21 at matej21 dot cz

Hi, I have the same issue. It only happens to me with fpm (or at least not in a cli) and only with debug build. My php version is 7.0.3

I was able to isolate it:

<?php
class Foo
{
	private $bar;

	public function __construct($bar)
	{
		$this->bar = $bar;
	}
}


class Bar
{
	private $foo;

	private $obj;

	public function run()
	{
		$this->foo = new Foo($this);
		$this->obj = (object) [[]];
	}

}

$bar = new Bar();
$bar->run();

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Dec 20 10:00:02 2025 UTC