View Issue Details

IDProjectCategoryView StatusLast Update
0001387XdebugUsage problems (Wrong Results)public2017-01-14 15:16
ReporterkelunikAssigned Toderick 
PrioritynormalSeveritycrashReproducibilityalways
Status assignedResolutionopen 
Platformx64OSUbuntuOS Version16.04
Product Version2.5.0 
Target VersionFixed in Version 
Summary0001387: Segfault in GC
DescriptionRunning the Humbug PHPUnit test suite with xdebug loaded makes PHP segfault at the end of the tests.

Note: Running on PHP 7.1.0, but only 7.1-dev is available in the select box.
Steps To Reproduce1. git clone https://github.com/padraic/humbug
2. cd humbug
3. composer install
4. vendor/bin/phpunit
Additional InformationGDB LOG
=======

php: /home/kelunik/.php-build/release/Zend/zend_gc.c:276: gc_possible_root: Assertion `(ref)->gc.u.v.type == 7 || (ref)->gc.u.v.type == 8' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff49c2428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
54 ../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht gefunden.
(gdb) bt
#0 0x00007ffff49c2428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1 0x00007ffff49c402a in __GI_abort () at abort.c:89
0000002 0x00007ffff49babd7 in __assert_fail_base (fmt=<optimized out>,
    assertion=assertion@entry=0x102d198 "(ref)->gc.u.v.type == 7 || (ref)->gc.u.v.type == 8",
    file=file@entry=0x102d168 "/home/kelunik/.php-build/release/Zend/zend_gc.c", line=line@entry=276,
    function=function@entry=0x102d2b0 <__PRETTY_FUNCTION__.9732> "gc_possible_root") at assert.c:92
0000003 0x00007ffff49bac82 in __GI___assert_fail (
    assertion=0x102d198 "(ref)->gc.u.v.type == 7 || (ref)->gc.u.v.type == 8",
    file=0x102d168 "/home/kelunik/.php-build/release/Zend/zend_gc.c", line=276,
    function=0x102d2b0 <__PRETTY_FUNCTION__.9732> "gc_possible_root") at assert.c:101
0000004 0x00000000009444c6 in gc_possible_root (ref=0x7fffed53c8a0)
    at /home/kelunik/.php-build/release/Zend/zend_gc.c:276
0000005 0x0000000000921f09 in gc_check_possible_root (z=0x7fffed523e60)
    at /home/kelunik/.php-build/release/Zend/zend_gc.h:136
0000006 0x0000000000921f68 in i_zval_ptr_dtor (zval_ptr=0x7fffed523e60,
    __zend_filename=0x10291a0 "/home/kelunik/.php-build/release/Zend/zend_hash.c", __zend_lineno=1310)
    at /home/kelunik/.php-build/release/Zend/zend_variables.h:50
0000007 0x0000000000925d99 in zend_array_destroy (ht=0x7fffed53c900)
    at /home/kelunik/.php-build/release/Zend/zend_hash.c:1310
0000008 0x000000000090d126 in _zval_dtor_func (p=0x7fffed53c900,
    __zend_filename=0x1024ae8 "/home/kelunik/.php-build/release/Zend/zend_opcode.c", __zend_lineno=397)
    at /home/kelunik/.php-build/release/Zend/zend_variables.c:43
0000009 0x00000000008fcb6d in _zval_ptr_dtor_nogc (zval_ptr=0x7fffedfedbe0,
    __zend_filename=0x1024ae8 "/home/kelunik/.php-build/release/Zend/zend_opcode.c", __zend_lineno=397)
    at /home/kelunik/.php-build/release/Zend/zend_variables.h:40
0000010 0x00000000008fddf4 in destroy_op_array (op_array=0x7fffed5145c0)
    at /home/kelunik/.php-build/release/Zend/zend_opcode.c:397
0000011 0x00000000008fcf40 in zend_function_dtor (zv=0x7fffed58d820)
    at /home/kelunik/.php-build/release/Zend/zend_opcode.c:122
0000012 0x0000000000925a74 in zend_hash_destroy (ht=0x7fffed514338)
    at /home/kelunik/.php-build/release/Zend/zend_hash.c:1236
0000013 0x00000000008fd8ac in destroy_zend_class (zv=0x7fffffffb2a0)
    at /home/kelunik/.php-build/release/Zend/zend_opcode.c:287
0000014 0x000000000092513c in _zend_hash_del_el_ex (ht=0x1344eb0, idx=218, p=0x1584f40, prev=0x0)
    at /home/kelunik/.php-build/release/Zend/zend_hash.c:998
0000015 0x000000000092521c in _zend_hash_del_el (ht=0x1344eb0, idx=218, p=0x1584f40)
    at /home/kelunik/.php-build/release/Zend/zend_hash.c:1021
0000016 0x0000000000926ac4 in zend_hash_reverse_apply (ht=0x1344eb0,
    apply_func=0x8f7350 <clean_non_persistent_class>)
    at /home/kelunik/.php-build/release/Zend/zend_hash.c:1603
0000017 0x00000000008f7de8 in shutdown_executor ()
    at /home/kelunik/.php-build/release/Zend/zend_execute_API.c:369
0000018 0x000000000090f5a1 in zend_deactivate () at /home/kelunik/.php-build/release/Zend/zend.c:997
0000019 0x000000000087f2e5 in php_request_shutdown (dummy=0x0)
    at /home/kelunik/.php-build/release/main/main.c:1873
0000020 0x00000000009f39f9 in do_cli (argc=2, argv=0x13150c0)
    at /home/kelunik/.php-build/release/sapi/cli/php_cli.c:1157
0000021 0x00000000009f420c in main (argc=2, argv=0x13150c0)
    at /home/kelunik/.php-build/release/sapi/cli/php_cli.c:1378
TagsSIGSEGV
Operating SystemUbuntu 16.04
PHP Version7.1-dev

Activities

kelunik

2017-01-08 18:47

reporter   ~0004161

This doesn't happen on 7.0.5 with xdebug 2.5.0

derick

2017-01-08 20:33

administrator   ~0004163

I can not reproduce this. Can you please try the following:

install valgrind (apt-get install valgrind).

Then on the shell, run the following:

export USE_ZEND_ALLOC=0

The first test:

gdb --args php vendor/bin/phpunit

and on the GDB prompt: "run". Then when it crashes, type "bt full". And attach the output as a file to this issue.

The second test:

valgrind php vendor/bin/phpunit

and attach the output as a file to this issue.

kelunik

2017-01-08 21:25

reporter  

gdb1.txt (8,262 bytes)
php: /home/kelunik/.php-build/release/Zend/zend_gc.c:276: gc_possible_root: Assertion `(ref)->gc.u.v.type == 7 || (ref)->gc.u.v.type == 8' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff49c2428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
54  ../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht gefunden.
(gdb) bt full
#0  0x00007ffff49c2428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
        resultvar = 0
        pid = 7219
        selftid = 7219
#1  0x00007ffff49c402a in __GI_abort () at abort.c:89
        save_stage = 2
        act = {__sigaction_handler = {sa_handler = 0x4, sa_sigaction = 0x4}, sa_mask = {__val = {0, 
              18446744069414584320, 140737488334288, 0, 140737353932800, 16961944, 276, 16962224, 0, 0, 
              140737297582476, 140737298679384, 140737298693040, 0, 140737298679384, 16961944}}, 
          sa_flags = -134422528, sa_restorer = 0x102d198}
        sigs = {__val = {32, 0 <repeats 15 times>}}
#2  0x00007ffff49babd7 in __assert_fail_base (fmt=<optimized out>, 
    assertion=assertion@entry=0x102d198 "(ref)->gc.u.v.type == 7 || (ref)->gc.u.v.type == 8", 
    file=file@entry=0x102d168 "/home/kelunik/.php-build/release/Zend/zend_gc.c", line=line@entry=276, 
    function=function@entry=0x102d2b0 <__PRETTY_FUNCTION__.9732> "gc_possible_root") at assert.c:92
        str = 0x16ae760 "\360\243\b\002"
        total = 4096
#3  0x00007ffff49bac82 in __GI___assert_fail (
    assertion=0x102d198 "(ref)->gc.u.v.type == 7 || (ref)->gc.u.v.type == 8", 
    file=0x102d168 "/home/kelunik/.php-build/release/Zend/zend_gc.c", line=276, 
    function=0x102d2b0 <__PRETTY_FUNCTION__.9732> "gc_possible_root") at assert.c:101
No locals.
#4  0x00000000009444c6 in gc_possible_root (ref=0x167a6f0)
    at /home/kelunik/.php-build/release/Zend/zend_gc.c:276
        newRoot = 0x17a43e0
        __PRETTY_FUNCTION__ = "gc_possible_root"
#5  0x0000000000921f09 in gc_check_possible_root (z=0x17a43e0)
    at /home/kelunik/.php-build/release/Zend/zend_gc.h:136
No locals.
#6  0x0000000000921f68 in i_zval_ptr_dtor (zval_ptr=0x17a43e0, 
    __zend_filename=0x10291a0 "/home/kelunik/.php-build/release/Zend/zend_hash.c", __zend_lineno=1310)
    at /home/kelunik/.php-build/release/Zend/zend_variables.h:50
No locals.
#7  0x0000000000925d99 in zend_array_destroy (ht=0x1741f50)
    at /home/kelunik/.php-build/release/Zend/zend_hash.c:1310
        p = 0x17a43e0
        end = 0x17a4400
#8  0x000000000090d126 in _zval_dtor_func (p=0x1741f50, 
    __zend_filename=0x1024ae8 "/home/kelunik/.php-build/release/Zend/zend_opcode.c", __zend_lineno=397)
    at /home/kelunik/.php-build/release/Zend/zend_variables.c:43
        arr = 0x1741f50
#9  0x00000000008fcb6d in _zval_ptr_dtor_nogc (zval_ptr=0x17adc90, 
    __zend_filename=0x1024ae8 "/home/kelunik/.php-build/release/Zend/zend_opcode.c", __zend_lineno=397)
    at /home/kelunik/.php-build/release/Zend/zend_variables.h:40
No locals.
#10 0x00000000008fddf4 in destroy_op_array (op_array=0x1750380)
    at /home/kelunik/.php-build/release/Zend/zend_opcode.c:397
        literal = 0x17adc90
---Type <return> to continue, or q <return> to quit---
        end = 0x17add00
        i = 0
#11 0x00000000008fcf40 in zend_function_dtor (zv=0x17b69d0)
    at /home/kelunik/.php-build/release/Zend/zend_opcode.c:122
        function = 0x1750380
        __PRETTY_FUNCTION__ = "zend_function_dtor"
#12 0x0000000000925a74 in zend_hash_destroy (ht=0x17500f8)
    at /home/kelunik/.php-build/release/Zend/zend_hash.c:1236
        p = 0x17b69d0
        end = 0x17b8cd0
#13 0x00000000008fd8ac in destroy_zend_class (zv=0x7fffffffb220)
    at /home/kelunik/.php-build/release/Zend/zend_opcode.c:287
        prop_info = 0x1751160
        ce = 0x17500b8
#14 0x000000000092513c in _zend_hash_del_el_ex (ht=0x13450d0, idx=218, p=0x2233fa0, prev=0x0)
    at /home/kelunik/.php-build/release/Zend/zend_hash.c:998
        tmp = {value = {lval = 24445112, dval = 1.2077490047941606e-316, counted = 0x17500b8, 
            str = 0x17500b8, arr = 0x17500b8, obj = 0x17500b8, res = 0x17500b8, ref = 0x17500b8, 
            ast = 0x17500b8, zv = 0x17500b8, ptr = 0x17500b8, ce = 0x17500b8, func = 0x17500b8, ww = {
              w1 = 24445112, w2 = 0}}, u1 = {v = {type = 17 '\021', type_flags = 0 '\000', 
              const_flags = 0 '\000', reserved = 0 '\000'}, type_info = 17}, u2 = {next = 0, 
            cache_slot = 0, lineno = 0, num_args = 0, fe_pos = 0, fe_iter_idx = 0, access_flags = 0, 
            property_guard = 0}}
#15 0x000000000092521c in _zend_hash_del_el (ht=0x13450d0, idx=218, p=0x2233fa0)
    at /home/kelunik/.php-build/release/Zend/zend_hash.c:1021
        prev = 0x0
#16 0x0000000000926ac4 in zend_hash_reverse_apply (ht=0x13450d0, 
    apply_func=0x8f7350 <clean_non_persistent_class>)
    at /home/kelunik/.php-build/release/Zend/zend_hash.c:1603
        idx = 218
        p = 0x2233fa0
        result = 1
#17 0x00000000008f7de8 in shutdown_executor ()
    at /home/kelunik/.php-build/release/Zend/zend_execute_API.c:369
        __orig_bailout = 0x7fffffffda00
        __bailout = {{__jmpbuf = {0, -7009542391521690356, 4467808, 140737488346032, 0, 0, 
              -7009542391221797620, 7009541335187635468}, __mask_was_saved = 0, __saved_mask = {
              __val = {7151120547840, 140737488337616, 140737488337616, 31694912, 31695056, 0, 0, 0, 
                515396075520, 16956304, 140737488337216, 140737488336976, 9405198, 0, 515396075520, 
                16956304}}}}
        func = 0x14fc4f0
        ce = 0x14f18a0
#18 0x000000000090f5a1 in zend_deactivate () at /home/kelunik/.php-build/release/Zend/zend.c:997
No locals.
#19 0x000000000087f2e5 in php_request_shutdown (dummy=0x0)
    at /home/kelunik/.php-build/release/main/main.c:1873
        report_memleaks = 1 '\001'
#20 0x00000000009f39f9 in do_cli (argc=2, argv=0x1315330)
---Type <return> to continue, or q <return> to quit---
    at /home/kelunik/.php-build/release/sapi/cli/php_cli.c:1157
        c = -1
        file_handle = {handle = {fd = 22238448, fp = 0x15354f0, stream = {handle = 0x15354f0, 
              isatty = 0, mmap = {len = 1259, pos = 0, map = 0x7ffff7fd0000, buf = 0x7ffff7fd0013 "", 
                old_handle = 0x14fc560, old_closer = 0x93714e <zend_stream_stdio_closer>}, 
              reader = 0x93711f <zend_stream_stdio_reader>, 
              fsizer = 0x93717d <zend_stream_stdio_fsizer>, 
              closer = 0x9372b6 <zend_stream_mmap_closer>}}, filename = 0x1315400 "vendor/bin/phpunit", 
          opened_path = 0x0, type = ZEND_HANDLE_MAPPED, free_filename = 0 '\000'}
        behavior = 1
        reflection_what = 0x0
        request_started = 1
        exit_status = 0
        php_optarg = 0x0
        orig_optarg = 0x0
        php_optind = 2
        orig_optind = 1
        exec_direct = 0x0
        exec_run = 0x0
        exec_begin = 0x0
        exec_end = 0x0
        arg_free = 0x1315400 "vendor/bin/phpunit"
        arg_excp = 0x1315338
        script_file = 0x1315400 "vendor/bin/phpunit"
        translated_path = 0x14fdcb0 "/home/kelunik/GitHub/padraic/humbug/vendor/phpunit/phpunit/phpunit"
        interactive = 0
        lineno = 2
        param_error = 0x0
        hide_argv = 0
#21 0x00000000009f420c in main (argc=2, argv=0x1315330)
    at /home/kelunik/.php-build/release/sapi/cli/php_cli.c:1378
        __orig_bailout = 0x0
        __bailout = {{__jmpbuf = {0, -7009542390418588404, 4467808, 140737488346032, 0, 0, 
              -7009542390443754228, 7009541197364903180}, __mask_was_saved = 0, __saved_mask = {
              __val = {0, 0, 0, 0, 0, 0, 0, 0, 18374686479671623680, 1, 10477997, 0, 0, 10477920, 
                4467808, 140737488346032}}}}
        c = -1
        exit_status = 0
        module_started = 1
        sapi_started = 1
        php_optarg = 0x0
        php_optind = 1
        use_extended_info = 0
        ini_path_override = 0x0
        ini_entries = 0x1344de0 "html_errors=0\nregister_argc_argv=1\nimplicit_flush=1\noutput_buffering=0\nmax_execution_time=0\nmax_input_time=-1\n"
        ini_entries_len = 110
        ini_ignore = 0
---Type <return> to continue, or q <return> to quit---
        sapi_module = 0x12e8f20 <cli_sapi_module>

gdb1.txt (8,262 bytes)

kelunik

2017-01-08 21:25

reporter  

gdb2.txt (12,109 bytes)
[22:20:13][4946][~/GitHub/padraic/humbug] $ valgrind ~/.phpenv/versions/7.1.0/bin/php vendor/bin/phpunit==7560== Memcheck, a memory error detector
==7560== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==7560== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==7560== Command: /home/kelunik/.phpenv/versions/7.1.0/bin/php vendor/bin/phpunit
==7560== 
--7560-- WARNING: Serious error when reading debug info
--7560-- When reading debug info from /usr/lib/x86_64-linux-gnu/libcurl.so.4.4.0:
--7560-- Ignoring non-Dwarf2/3/4 block in .debug_info
--7560-- WARNING: Serious error when reading debug info
--7560-- When reading debug info from /usr/lib/x86_64-linux-gnu/libcurl.so.4.4.0:
--7560-- Last block truncated in .debug_info; ignoring
--7560-- WARNING: Serious error when reading debug info
--7560-- When reading debug info from /usr/lib/x86_64-linux-gnu/libcurl.so.4.4.0:
--7560-- parse_CU_Header: is neither DWARF2 nor DWARF3 nor DWARF4
PHPUnit 5.7.5 by Sebastian Bergmann and contributors.

.....I..............................WW.........................  63 / 308 ( 20%)
............................................................... 126 / 308 ( 40%)
............................................................... 189 / 308 ( 61%)
............................................................... 252 / 308 ( 81%)
.................................WWW....................        308 / 308 (100%)

Time: 1.01 minutes, Memory: 0.00MB

There were 5 warnings:

1) Humbug\Test\Adapter\Phpunit\XmlConfigurationTest::testShouldAddListener
PHPUnit_Framework_TestCase::getMock() is deprecated, use PHPUnit_Framework_TestCase::createMock() or PHPUnit_Framework_TestCase::getMockBuilder() instead

2) Humbug\Test\Adapter\Phpunit\XmlConfigurationTest::testShouldAddListeners
PHPUnit_Framework_TestCase::getMock() is deprecated, use PHPUnit_Framework_TestCase::createMock() or PHPUnit_Framework_TestCase::getMockBuilder() instead

3) Humbug\Test\Report\TextTest::testShouldPrepareSingleReport
PHPUnit_Framework_TestCase::getMock() is deprecated, use PHPUnit_Framework_TestCase::createMock() or PHPUnit_Framework_TestCase::getMockBuilder() instead

4) Humbug\Test\Report\TextTest::testShouldPrepareSingleReportWithError
PHPUnit_Framework_TestCase::getMock() is deprecated, use PHPUnit_Framework_TestCase::createMock() or PHPUnit_Framework_TestCase::getMockBuilder() instead

5) Humbug\Test\Report\TextTest::testShouldPrepareAllMutantsReport
PHPUnit_Framework_TestCase::getMock() is deprecated, use PHPUnit_Framework_TestCase::createMock() or PHPUnit_Framework_TestCase::getMockBuilder() instead

WARNINGS!
Tests: 308, Assertions: 542, Warnings: 5, Incomplete: 1.
==7560== Invalid read of size 4
==7560==    at 0x9218F9: zval_delref_p (zend_types.h:834)
==7560==    by 0x921F3C: i_zval_ptr_dtor (zend_variables.h:47)
==7560==    by 0x925D98: zend_array_destroy (zend_hash.c:1310)
==7560==    by 0x90D125: _zval_dtor_func (zend_variables.c:43)
==7560==    by 0x8FCB6C: _zval_ptr_dtor_nogc (zend_variables.h:40)
==7560==    by 0x8FDDF3: destroy_op_array (zend_opcode.c:397)
==7560==    by 0x8FCF3F: zend_function_dtor (zend_opcode.c:122)
==7560==    by 0x925A73: zend_hash_destroy (zend_hash.c:1236)
==7560==    by 0x8FD8AB: destroy_zend_class (zend_opcode.c:287)
==7560==    by 0x92513B: _zend_hash_del_el_ex (zend_hash.c:998)
==7560==    by 0x92521B: _zend_hash_del_el (zend_hash.c:1021)
==7560==    by 0x926AC3: zend_hash_reverse_apply (zend_hash.c:1603)
==7560==  Address 0xfe132d0 is 0 bytes inside a block of size 56 free'd
==7560==    at 0x4C2EDEB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7560==    by 0x8DBCF2: _efree (zend_alloc.c:2428)
==7560==    by 0x9464E6: zend_gc_collect_cycles (zend_gc.c:1179)
==7560==    by 0x8F7D48: shutdown_executor (zend_execute_API.c:354)
==7560==    by 0x90F5A0: zend_deactivate (zend.c:997)
==7560==    by 0x87F2E4: php_request_shutdown (main.c:1873)
==7560==    by 0x9F39F8: do_cli (php_cli.c:1157)
==7560==    by 0x9F420B: main (php_cli.c:1378)
==7560==  Block was alloc'd at
==7560==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7560==    by 0x8DC958: __zend_malloc (zend_alloc.c:2820)
==7560==    by 0x8DBC4B: _emalloc (zend_alloc.c:2413)
==7560==    by 0x9158B8: _array_init (zend_API.c:1060)
==7560==    by 0x8EF595: zend_try_ct_eval_array (zend_compile.c:6597)
==7560==    by 0x8F4538: zend_eval_const_expr (zend_compile.c:8231)
==7560==    by 0x8EF504: zend_try_ct_eval_array (zend_compile.c:6583)
==7560==    by 0x8F125E: zend_compile_array (zend_compile.c:7203)
==7560==    by 0x8F3716: zend_compile_expr (zend_compile.c:7951)
==7560==    by 0x8F03F3: zend_compile_cast (zend_compile.c:6877)
==7560==    by 0x8F35F6: zend_compile_expr (zend_compile.c:7914)
==7560==    by 0x8F1343: zend_compile_array (zend_compile.c:7232)
==7560== 
==7560== Invalid write of size 4
==7560==    at 0x9218FE: zval_delref_p (zend_types.h:834)
==7560==    by 0x921F3C: i_zval_ptr_dtor (zend_variables.h:47)
==7560==    by 0x925D98: zend_array_destroy (zend_hash.c:1310)
==7560==    by 0x90D125: _zval_dtor_func (zend_variables.c:43)
==7560==    by 0x8FCB6C: _zval_ptr_dtor_nogc (zend_variables.h:40)
==7560==    by 0x8FDDF3: destroy_op_array (zend_opcode.c:397)
==7560==    by 0x8FCF3F: zend_function_dtor (zend_opcode.c:122)
==7560==    by 0x925A73: zend_hash_destroy (zend_hash.c:1236)
==7560==    by 0x8FD8AB: destroy_zend_class (zend_opcode.c:287)
==7560==    by 0x92513B: _zend_hash_del_el_ex (zend_hash.c:998)
==7560==    by 0x92521B: _zend_hash_del_el (zend_hash.c:1021)
==7560==    by 0x926AC3: zend_hash_reverse_apply (zend_hash.c:1603)
==7560==  Address 0xfe132d0 is 0 bytes inside a block of size 56 free'd
==7560==    at 0x4C2EDEB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7560==    by 0x8DBCF2: _efree (zend_alloc.c:2428)
==7560==    by 0x9464E6: zend_gc_collect_cycles (zend_gc.c:1179)
==7560==    by 0x8F7D48: shutdown_executor (zend_execute_API.c:354)
==7560==    by 0x90F5A0: zend_deactivate (zend.c:997)
==7560==    by 0x87F2E4: php_request_shutdown (main.c:1873)
==7560==    by 0x9F39F8: do_cli (php_cli.c:1157)
==7560==    by 0x9F420B: main (php_cli.c:1378)
==7560==  Block was alloc'd at
==7560==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7560==    by 0x8DC958: __zend_malloc (zend_alloc.c:2820)
==7560==    by 0x8DBC4B: _emalloc (zend_alloc.c:2413)
==7560==    by 0x9158B8: _array_init (zend_API.c:1060)
==7560==    by 0x8EF595: zend_try_ct_eval_array (zend_compile.c:6597)
==7560==    by 0x8F4538: zend_eval_const_expr (zend_compile.c:8231)
==7560==    by 0x8EF504: zend_try_ct_eval_array (zend_compile.c:6583)
==7560==    by 0x8F125E: zend_compile_array (zend_compile.c:7203)
==7560==    by 0x8F3716: zend_compile_expr (zend_compile.c:7951)
==7560==    by 0x8F03F3: zend_compile_cast (zend_compile.c:6877)
==7560==    by 0x8F35F6: zend_compile_expr (zend_compile.c:7914)
==7560==    by 0x8F1343: zend_compile_array (zend_compile.c:7232)
==7560== 
==7560== Invalid read of size 4
==7560==    at 0x921900: zval_delref_p (zend_types.h:834)
==7560==    by 0x921F3C: i_zval_ptr_dtor (zend_variables.h:47)
==7560==    by 0x925D98: zend_array_destroy (zend_hash.c:1310)
==7560==    by 0x90D125: _zval_dtor_func (zend_variables.c:43)
==7560==    by 0x8FCB6C: _zval_ptr_dtor_nogc (zend_variables.h:40)
==7560==    by 0x8FDDF3: destroy_op_array (zend_opcode.c:397)
==7560==    by 0x8FCF3F: zend_function_dtor (zend_opcode.c:122)
==7560==    by 0x925A73: zend_hash_destroy (zend_hash.c:1236)
==7560==    by 0x8FD8AB: destroy_zend_class (zend_opcode.c:287)
==7560==    by 0x92513B: _zend_hash_del_el_ex (zend_hash.c:998)
==7560==    by 0x92521B: _zend_hash_del_el (zend_hash.c:1021)
==7560==    by 0x926AC3: zend_hash_reverse_apply (zend_hash.c:1603)
==7560==  Address 0xfe132d0 is 0 bytes inside a block of size 56 free'd
==7560==    at 0x4C2EDEB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7560==    by 0x8DBCF2: _efree (zend_alloc.c:2428)
==7560==    by 0x9464E6: zend_gc_collect_cycles (zend_gc.c:1179)
==7560==    by 0x8F7D48: shutdown_executor (zend_execute_API.c:354)
==7560==    by 0x90F5A0: zend_deactivate (zend.c:997)
==7560==    by 0x87F2E4: php_request_shutdown (main.c:1873)
==7560==    by 0x9F39F8: do_cli (php_cli.c:1157)
==7560==    by 0x9F420B: main (php_cli.c:1378)
==7560==  Block was alloc'd at
==7560==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7560==    by 0x8DC958: __zend_malloc (zend_alloc.c:2820)
==7560==    by 0x8DBC4B: _emalloc (zend_alloc.c:2413)
==7560==    by 0x9158B8: _array_init (zend_API.c:1060)
==7560==    by 0x8EF595: zend_try_ct_eval_array (zend_compile.c:6597)
==7560==    by 0x8F4538: zend_eval_const_expr (zend_compile.c:8231)
==7560==    by 0x8EF504: zend_try_ct_eval_array (zend_compile.c:6583)
==7560==    by 0x8F125E: zend_compile_array (zend_compile.c:7203)
==7560==    by 0x8F3716: zend_compile_expr (zend_compile.c:7951)
==7560==    by 0x8F03F3: zend_compile_cast (zend_compile.c:6877)
==7560==    by 0x8F35F6: zend_compile_expr (zend_compile.c:7914)
==7560==    by 0x8F1343: zend_compile_array (zend_compile.c:7232)
==7560== 
==7560== Invalid read of size 1
==7560==    at 0x90D09C: _zval_dtor_func (zend_variables.c:33)
==7560==    by 0x921F59: i_zval_ptr_dtor (zend_variables.h:48)
==7560==    by 0x925D98: zend_array_destroy (zend_hash.c:1310)
==7560==    by 0x90D125: _zval_dtor_func (zend_variables.c:43)
==7560==    by 0x8FCB6C: _zval_ptr_dtor_nogc (zend_variables.h:40)
==7560==    by 0x8FDDF3: destroy_op_array (zend_opcode.c:397)
==7560==    by 0x8FCF3F: zend_function_dtor (zend_opcode.c:122)
==7560==    by 0x925A73: zend_hash_destroy (zend_hash.c:1236)
==7560==    by 0x8FD8AB: destroy_zend_class (zend_opcode.c:287)
==7560==    by 0x92513B: _zend_hash_del_el_ex (zend_hash.c:998)
==7560==    by 0x92521B: _zend_hash_del_el (zend_hash.c:1021)
==7560==    by 0x926AC3: zend_hash_reverse_apply (zend_hash.c:1603)
==7560==  Address 0xfe132d4 is 4 bytes inside a block of size 56 free'd
==7560==    at 0x4C2EDEB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7560==    by 0x8DBCF2: _efree (zend_alloc.c:2428)
==7560==    by 0x9464E6: zend_gc_collect_cycles (zend_gc.c:1179)
==7560==    by 0x8F7D48: shutdown_executor (zend_execute_API.c:354)
==7560==    by 0x90F5A0: zend_deactivate (zend.c:997)
==7560==    by 0x87F2E4: php_request_shutdown (main.c:1873)
==7560==    by 0x9F39F8: do_cli (php_cli.c:1157)
==7560==    by 0x9F420B: main (php_cli.c:1378)
==7560==  Block was alloc'd at
==7560==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7560==    by 0x8DC958: __zend_malloc (zend_alloc.c:2820)
==7560==    by 0x8DBC4B: _emalloc (zend_alloc.c:2413)
==7560==    by 0x9158B8: _array_init (zend_API.c:1060)
==7560==    by 0x8EF595: zend_try_ct_eval_array (zend_compile.c:6597)
==7560==    by 0x8F4538: zend_eval_const_expr (zend_compile.c:8231)
==7560==    by 0x8EF504: zend_try_ct_eval_array (zend_compile.c:6583)
==7560==    by 0x8F125E: zend_compile_array (zend_compile.c:7203)
==7560==    by 0x8F3716: zend_compile_expr (zend_compile.c:7951)
==7560==    by 0x8F03F3: zend_compile_cast (zend_compile.c:6877)
==7560==    by 0x8F35F6: zend_compile_expr (zend_compile.c:7914)
==7560==    by 0x8F1343: zend_compile_array (zend_compile.c:7232)
==7560== 
==7560== 
==7560== HEAP SUMMARY:
==7560==     in use at exit: 75,889 bytes in 30 blocks
==7560==   total heap usage: 5,088,100 allocs, 5,088,070 frees, 484,450,630 bytes allocated
==7560== 
==7560== LEAK SUMMARY:
==7560==    definitely lost: 24 bytes in 1 blocks
==7560==    indirectly lost: 0 bytes in 0 blocks
==7560==      possibly lost: 0 bytes in 0 blocks
==7560==    still reachable: 75,865 bytes in 29 blocks
==7560==         suppressed: 0 bytes in 0 blocks
==7560== Rerun with --leak-check=full to see details of leaked memory
==7560== 
==7560== For counts of detected and suppressed errors, rerun with: -v
==7560== ERROR SUMMARY: 16 errors from 4 contexts (suppressed: 0 from 0)

gdb2.txt (12,109 bytes)

kelunik

2017-01-08 21:25

reporter   ~0004165

Done. :-)

derick

2017-01-11 20:35

administrator   ~0004173

I can still not reproduce this, not even with Ubuntu 16.04 and the compiler it comes with. Can you try disabling Xdebug in php.ini and try to run the test again? Nothing in the valgrind or gdb output even hints that Xdebug is the culprit here as it is not mentioned at all in the traces.

kelunik

2017-01-11 22:13

reporter   ~0004174

Last edited: 2017-01-11 22:14

View 2 revisions

I've set up things on another server and can reproduce it there, too. Disabling xDebug fails some tests, but doesn't crash at the end.

Maybe it's not xDebug directly, a GC issue that does only appear on certain memory allocations and xDebug changes those to show up?

I'll upload my php.sh and xdebug.sh files which I used to set things up.

./php.sh 7.1.0 && ./xdebug.sh 2.5.0

Used the default php.ini-development from current master and added the extension at the top.

kelunik

2017-01-11 22:13

reporter  

php.sh (1,992 bytes)

kelunik

2017-01-11 22:13

reporter  

xdebug.sh (453 bytes)

derick

2017-01-13 16:50

administrator   ~0004177

I can reproduce that now on Joe's box, but no idea how and why this happens...

kelunik

2017-01-14 15:16

reporter   ~0004183

My previous statement was wrong. This happens with 7.0.0-7.0.14, too.

Issue History

Date Modified Username Field Change
2017-01-08 18:35 kelunik New Issue
2017-01-08 18:36 kelunik Tag Attached: SIGSEGV
2017-01-08 18:47 kelunik Note Added: 0004161
2017-01-08 20:33 derick Note Added: 0004163
2017-01-08 20:33 derick Assigned To => derick
2017-01-08 20:33 derick Status new => feedback
2017-01-08 21:25 kelunik File Added: gdb1.txt
2017-01-08 21:25 kelunik File Added: gdb2.txt
2017-01-08 21:25 kelunik Note Added: 0004165
2017-01-08 21:25 kelunik Status feedback => assigned
2017-01-11 20:35 derick Note Added: 0004173
2017-01-11 20:35 derick Status assigned => feedback
2017-01-11 22:13 kelunik Note Added: 0004174
2017-01-11 22:13 kelunik Status feedback => assigned
2017-01-11 22:13 kelunik File Added: php.sh
2017-01-11 22:13 kelunik File Added: xdebug.sh
2017-01-11 22:14 kelunik Note Edited: 0004174 View Revisions
2017-01-13 16:50 derick Note Added: 0004177
2017-01-14 15:16 kelunik Note Added: 0004183