Edit report at https://bugs.php.net/bug.php?id=64827&edit=1
ID: 64827 Updated by: johan...@php.net Reported by: odou...@php.net Summary: Segfault in zval_mark_grey (zend_gc.c) -Status: Open +Status: Not a bug Type: Bug Package: *General Issues Operating System: Linux PHP Version: 5.4.15 Block user comment: N Private report: N New Comment: Do not file bugs when you have Zend extensions (zend_extension=) loaded. Examples are Zend Optimizer, Zend Debugger, Turck MM Cache, APC, Xdebug and ionCube loader. These extensions often modify engine behavior which is not related to PHP itself. . Previous Comments: ------------------------------------------------------------------------ [2013-05-13 15:17:26] odou...@php.net Description: ------------ Bug cannot be reproduced easily, as it requires a Magento install with many products in it. Bug can be reproduced on PHP 5.4.15 and 5.3.25 It does not happen when using cgi mode (only on FastCGI). I assume memory management is not handled equally between these modes. Running a specific page on Magento, page is rendered correctly, but at the end a SIGSEGV happens on PHP process. Program received signal SIGSEGV, Segmentation fault. zval_mark_grey (pz=0x272afb8) at /usr/src/build/php-5.4.15/Zend/zend_gc.c:388 (if needed, you can check source code here : http://svn.php.net/viewvc/php/php- src/trunk/Zend/zend_gc.c?view=markup) Tell me how I can help debug this error, as I cannot provide a reproducible code. Expected result: ---------------- result page complete with no error Actual result: -------------- result page complete + SIGSEGV of the process after, which leads to streange behaviour depending on server used (nginx hides the segfault, Apache concatenates a 500 error page if used with mod_fcgid). (gdb) bt #0 zval_mark_grey (pz=0x272afb8) at /usr/src/build/php- 5.4.15/Zend/zend_gc.c:388 #1 0x00000000007fafe5 in zval_mark_grey (pz=0x272afb8) at /usr/src/build/php- 5.4.15/Zend/zend_gc.c:432 #2 0x00000000007fbf05 in gc_mark_roots () at /usr/src/build/php- 5.4.15/Zend/zend_gc.c:501 #3 gc_collect_cycles () at /usr/src/build/php-5.4.15/Zend/zend_gc.c:795 #4 0x00000000007fc290 in gc_zval_possible_root (zv=<optimized out>) at /usr/src/build/php-5.4.15/Zend/zend_gc.c:166 #5 0x00000000007fe297 in zend_object_std_dtor (object=0x390ab38) at /usr/src/build/php-5.4.15/Zend/zend_objects.c:54 #6 0x00000000007fe2c9 in zend_objects_free_object_storage (object=0x272afb8) at /usr/src/build/php- 5.4.15/Zend/zend_objects.c:137 #7 0x000000000080406b in zend_objects_store_del_ref_by_handle_ex (handle= <optimized out>, handlers=<optimized out>) at /usr/src/build/php-5.4.15/Zend/zend_objects_API.c:221 #8 0x0000000000804093 in zend_objects_store_del_ref (zobject=0x390b088) at /usr/src/build/php- 5.4.15/Zend/zend_objects_API.c:173 #9 0x00000000007ce03d in _zval_dtor (zvalue=<optimized out>) at /usr/src/build/php-5.4.15/Zend/zend_variables.h:35 #10 _zval_ptr_dtor (zval_ptr=0x39781f8) at /usr/src/build/php- 5.4.15/Zend/zend_execute_API.c:438 #11 0x00000000007e9200 in zend_hash_destroy (ht=0x3978130) at /usr/src/build/php-5.4.15/Zend/zend_hash.c:560 #12 0x00000000007db01d in _zval_dtor_func (zvalue=0x390acd0) at /usr/src/build/php-5.4.15/Zend/zend_variables.c:45 #13 0x00000000007ce03d in _zval_dtor (zvalue=<optimized out>) at /usr/src/build/php-5.4.15/Zend/zend_variables.h:35 #14 _zval_ptr_dtor (zval_ptr=0x390d798) at /usr/src/build/php- 5.4.15/Zend/zend_execute_API.c:438 #15 0x00000000007fe297 in zend_object_std_dtor (object=0x38e4fb8) at /usr/src/build/php-5.4.15/Zend/zend_objects.c:54 #16 0x00000000007fe2c9 in zend_objects_free_object_storage (object=0x272afb8) at /usr/src/build/php- 5.4.15/Zend/zend_objects.c:137 #17 0x000000000080406b in zend_objects_store_del_ref_by_handle_ex (handle= <optimized out>, handlers=<optimized out>) at /usr/src/build/php-5.4.15/Zend/zend_objects_API.c:221 #18 0x0000000000804093 in zend_objects_store_del_ref (zobject=0x3992400) at /usr/src/build/php- 5.4.15/Zend/zend_objects_API.c:173 #19 0x00000000007ce03d in _zval_dtor (zvalue=<optimized out>) at /usr/src/build/php-5.4.15/Zend/zend_variables.h:35 #20 _zval_ptr_dtor (zval_ptr=0x39922f8) at /usr/src/build/php- 5.4.15/Zend/zend_execute_API.c:438 #21 0x00000000007e9200 in zend_hash_destroy (ht=0x2533ab8) at /usr/src/build/php-5.4.15/Zend/zend_hash.c:560 #22 0x00000000007db01d in _zval_dtor_func (zvalue=0x2528948) at /usr/src/build/php-5.4.15/Zend/zend_variables.c:45 #23 0x00000000007ce03d in _zval_dtor (zvalue=<optimized out>) at /usr/src/build/php-5.4.15/Zend/zend_variables.h:35 #24 _zval_ptr_dtor (zval_ptr=0x2518c40) at /usr/src/build/php- 5.4.15/Zend/zend_execute_API.c:438 #25 0x00000000007fe297 in zend_object_std_dtor (object=0x250cd28) at /usr/src/build/php-5.4.15/Zend/zend_objects.c:54 #26 0x00000000007fe2c9 in zend_objects_free_object_storage (object=0x272afb8) at /usr/src/build/php- 5.4.15/Zend/zend_objects.c:137 #27 0x000000000080406b in zend_objects_store_del_ref_by_handle_ex (handle= <optimized out>, handlers=<optimized out>) at /usr/src/build/php-5.4.15/Zend/zend_objects_API.c:221 #28 0x0000000000804093 in zend_objects_store_del_ref (zobject=0x250cb78) at /usr/src/build/php- 5.4.15/Zend/zend_objects_API.c:173 #29 0x00000000007ce03d in _zval_dtor (zvalue=<optimized out>) at /usr/src/build/php-5.4.15/Zend/zend_variables.h:35 #30 _zval_ptr_dtor (zval_ptr=0x2533c30) at /usr/src/build/php- 5.4.15/Zend/zend_execute_API.c:438 #31 0x00000000007e9200 in zend_hash_destroy (ht=0x2528898) at /usr/src/build/php-5.4.15/Zend/zend_hash.c:560 #32 0x00000000007db01d in _zval_dtor_func (zvalue=0x2523e80) at /usr/src/build/php-5.4.15/Zend/zend_variables.c:45 #33 0x00000000007ce03d in _zval_dtor (zvalue=<optimized out>) at /usr/src/build/php-5.4.15/Zend/zend_variables.h:35 #34 _zval_ptr_dtor (zval_ptr=0x25336d0) at /usr/src/build/php- 5.4.15/Zend/zend_execute_API.c:438 #35 0x00000000007fe297 in zend_object_std_dtor (object=0x2537758) at /usr/src/build/php-5.4.15/Zend/zend_objects.c:54 #36 0x00000000007fe2c9 in zend_objects_free_object_storage (object=0x272afb8) at /usr/src/build/php- 5.4.15/Zend/zend_objects.c:137 #37 0x000000000080406b in zend_objects_store_del_ref_by_handle_ex (handle= <optimized out>, handlers=<optimized out>) at /usr/src/build/php-5.4.15/Zend/zend_objects_API.c:221 #38 0x0000000000804093 in zend_objects_store_del_ref (zobject=0x25376c8) at /usr/src/build/php- 5.4.15/Zend/zend_objects_API.c:173 #39 0x00007fc2385281a7 in accel_fast_hash_destroy (ht=<optimized out>) at /usr/src/build/ZendOptimizerPlus/ZendAccelerator.c:2141 #40 accel_fast_zval_ptr_dtor (zval_ptr=<optimized out>) at /usr/src/build/ZendOptimizerPlus/ZendAccelerator.c:2162 #41 0x00007fc23852823f in accel_clean_non_persistent_class (pce=<optimized out>) at /usr/src/build/ZendOptimizerPlus/ZendAccelerator.c:2238 #42 0x00000000007e8f73 in zend_hash_reverse_apply (ht=0x2174c60, apply_func=0x7fc2385281f0 <accel_clean_non_persistent_class>) at /usr/src/build/php-5.4.15/Zend/zend_hash.c:799 #43 0x00007fc238528042 in zend_accel_fast_shutdown () at /usr/src/build/ZendOptimizerPlus/ZendAccelerator.c:2290 #44 0x00007fc23852bddd in accel_deactivate () at /usr/src/build/ZendOptimizerPlus/ZendAccelerator.c:2319 #45 0x00000000007d16be in zend_llist_apply (l=<optimized out>, func=0x7cd270 <zend_extension_deactivator>) at /usr/src/build/php-5.4.15/Zend/zend_llist.c:193 #46 0x00000000007d0c7b in shutdown_executor () at /usr/src/build/php- 5.4.15/Zend/zend_execute_API.c:246 #47 0x00000000007dc302 in zend_deactivate () at /usr/src/build/php- 5.4.15/Zend/zend.c:938 #48 0x000000000077dfbc in php_request_shutdown (dummy=<optimized out>) at /usr/src/build/php-5.4.15/main/main.c:1800 #49 0x000000000088c10c in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/build/php- 5.4.15/sapi/cgi/cgi_main.c:2502 [...] with breakpoint line 388: (gdb) print *pz $9 = {value = {lval = 743, dval = 3.6709077486004618e-321, str = {val = 0x2e7 <Address 0x2e7 out of bounds>, len = 16560416}, ht = 0x2e7, obj = {handle = 743, handlers = 0xfcb120}}, refcount__gc = 0, type = 5 '\005', is_ref__gc = 0 '\000'} (gdb) print obj $10 = <optimized out> ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=64827&edit=1