Bug #63407 [Fbk]: segmentation fault in zval_mark_grey()

Thu, 01 Nov 2012 20:38:27 -0700 

Edit report at https://bugs.php.net/bug.php?id=63407&edit=1

 ID:                 63407
 Updated by:         larue...@php.net
 Reported by:        ber...@php.net
 Summary:            segmentation fault in zval_mark_grey()
 Status:             Feedback
 Type:               Bug
 Package:            Reproducible crash
 Operating System:   linux
 PHP Version:        5.4.8
 Block user comment: N
 Private report:     N

 New Comment:

I can not reproduce this segfault according to your test steps...


Previous Comments:
------------------------------------------------------------------------
[2012-11-02 01:41:12] ber...@php.net

Tried that, still crashes, although now it seems to happen on the line below?

Updated gdb backtrace. Do you need something else?

Program received signal SIGSEGV, Segmentation fault.
zval_mark_grey (pz=0x1a9fafa00) at .../php5.4-201211020030/Zend/zend_gc.c:426
426                             if (Z_TYPE_P(pz) != IS_ARRAY || Z_ARRVAL_P(pz) 
!= &EG(symbol_table)) {
(gdb) bt
#0  zval_mark_grey (pz=0x1a9fafa00) at .../php5.4-
201211020030/Zend/zend_gc.c:426
#1  0x00000000007e43a4 in zval_mark_grey (pz=<optimized out>) at .../php5.4-
201211020030/Zend/zend_gc.c:432
#2  0x00000000007e43a4 in zval_mark_grey (pz=<optimized out>) at .../php5.4-
201211020030/Zend/zend_gc.c:432
#3  0x00000000007e43a4 in zval_mark_grey (pz=<optimized out>) at .../php5.4-
201211020030/Zend/zend_gc.c:432
#4  0x00000000007e43dd in zval_mark_grey (pz=<optimized out>) at .../php5.4-
201211020030/Zend/zend_gc.c:407
#5  0x00000000007e51f5 in gc_mark_roots () at .../php5.4-
201211020030/Zend/zend_gc.c:501
#6  gc_collect_cycles () at .../php5.4-201211020030/Zend/zend_gc.c:793
#7  0x00000000007e5584 in gc_zval_possible_root (zv=<optimized out>) at 
.../php5.4-201211020030/Zend/zend_gc.c:166
#8  0x00000000007d4138 in zend_hash_destroy (ht=0x214ea30) at .../php5.4-
201211020030/Zend/zend_hash.c:560
#9  0x00000000007c5787 in _zval_dtor_func (zvalue=0x1db4ba0) at .../php5.4-
201211020030/Zend/zend_variables.c:43
#10 0x000000000086ca10 in _zval_dtor (zvalue=0x1db4ba0) at .../php5.4-
201211020030/Zend/zend_variables.h:35
#11 i_zval_ptr_dtor (zval_ptr=0x1db4ba0) at .../php5.4-
201211020030/Zend/zend_execute.h:87
#12 zend_vm_stack_clear_multiple () at .../php5.4-
201211020030/Zend/zend_execute.h:339
#13 zend_do_fcall_common_helper_SPEC (execute_data=<optimized out>) at 
.../php5.4-201211020030/Zend/zend_vm_execute.h:736
#14 0x0000000000826cdf in execute (op_array=0x1174570) at .../php5.4-
201211020030/Zend/zend_vm_execute.h:410
#15 0x00000000007c7ea9 in zend_execute_scripts (type=8, retval=0x0, 
file_count=3) at .../php5.4-201211020030/Zend/zend.c:1279
#16 0x0000000000767763 in php_execute_script (primary_file=0x7fffffffcd80) at 
.../php5.4-201211020030/main/main.c:2473
#17 0x000000000086f45f in do_cli (argc=10, argv=0x7fffffffe168) at .../php5.4-
201211020030/sapi/cli/php_cli.c:988
#18 0x0000000000435dce in main (argc=10, argv=0x7fffffffe168) at .../php5.4-
201211020030/sapi/cli/php_cli.c:1364

------------------------------------------------------------------------
[2012-11-01 02:23:19] larue...@php.net

Please try using this snapshot:

  http://snaps.php.net/php5.4-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

there is a knew issue of segfault caused by traits alias.

please try with the 5.4-snapshot

------------------------------------------------------------------------
[2012-10-31 22:55:43] ber...@php.net

Description:
------------
I'm experiencing segfaults in the mentioned function while working on Drupal 8. 
Here's what I found out so far:

- Happens both with the default ubuntu 12.04 php 5.3.10 and php 5.4.8 from 
https://launchpad.net/~ondrej/+archive/php5
- See http://drupal.org/node/512026#comment-6673974 for the backtrace
- Happens both on my local installation and our automated testbots
- The segfault does not happen if zend.enable_gc is Off.

It's non-trivial to set up, see "script" below, so just tell me what commands 
to 
run in gdb to give you additional information if required.

Test script:
---------------
git clone g...@git.drupal.org:project/drupal.git --branch=8.x
# Install Drupal, enable Testing module.
wget http://drupal.org/files/form-state-keyvalue-512026-98.patch
git apply form-state-keyvalue-512026-98.patch

php core/scripts/run-tests.sh --class 
"Drupal\views\Tests\Handler\FilterStringTest"


Expected result:
----------------
Drupal test run
---------------

Tests to be run:
 -  (Drupal\views\Tests\Handler\FilterStringTest)

Test run started:
 Wednesday, October 31, 2012 - 23:50

Test summary
------------

Filter: String n passes, 0 fails, and 0 exception

Test run duration: n sec

Actual result:
--------------
Drupal test run
---------------

Tests to be run:
 -  (Drupal\views\Tests\Handler\FilterStringTest)

Test run started:
 Wednesday, October 31, 2012 - 23:50

Test summary
------------

Segmentation fault (core dumped)
FATAL Drupal\views\Tests\Handler\FilterStringTest: test runner returned a non-
zero error code (139).
- Found database prefix 'simpletest916618' for test ID 372.
- Removed test files directory.
- Removed 43 leftover tables.

Test run duration: 11 sec



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=63407&edit=1

Reply via email to