Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:89189 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 523 invoked from network); 11 Nov 2015 20:25:00 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 11 Nov 2015 20:25:00 -0000 Authentication-Results: pb1.pair.com header.from=fmk@webbypixel.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=fmk@webbypixel.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain webbypixel.com designates 173.255.241.80 as permitted sender) X-PHP-List-Original-Sender: fmk@webbypixel.com X-Host-Fingerprint: 173.255.241.80 mail.webbypixel.com Received: from [173.255.241.80] ([173.255.241.80:50056] helo=mail.webbypixel.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 94/63-16149-B14A3465 for ; Wed, 11 Nov 2015 15:24:59 -0500 Received: from PA004424MAC.local (206-190-75-9.static.twtelecom.net [206.190.75.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: frank) by mail.webbypixel.com (Postfix) with ESMTPSA id 8515460E0; Wed, 11 Nov 2015 12:24:56 -0800 (PST) To: Dmitry Stogov , Anatol Belski References: <56428A30.4060803@php.net> <56439392.2020608@php.net> <01ab01d11cb7$f9605d10$ec211730$@belski.net> <5643993C.3020908@php.net> <5643999D.2070207@webbypixel.com> <56439C2D.70600@webbypixel.com> <01b701d11cbb$f1fd33a0$d5f79ae0$@belski.net> Cc: PHP Internals Message-ID: <5643A418.9030905@webbypixel.com> Date: Wed, 11 Nov 2015 12:24:56 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------090004060909070407000408" Subject: Re: [PHP-DEV] PHP 7 Segmentation fault From: fmk@webbypixel.com ("Frank M. Kromann") --------------090004060909070407000408 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Hi Dmitry, Here is the output. ==28336== Conditional jump or move depends on uninitialised value(s) ==28336== at 0x64EF568: tzload (FSTimeZones.c:794) ==28336== by 0x64EFBC0: fstzZoneFromData (FSTimeZones.c:1765) ==28336== by 0x64EA5ED: fbctzTimeZone (FBCTimeZones.c:51) ==28336== by 0x64EA19A: fbcrhInitWithOptions (FBCRowHandler.c:94) ==28336== by 0x587D8C: phpfbFetchRow (php_fbsql.c:986) ==28336== by 0x58A1BB: php_fbsql_fetch_hash.isra.10 (php_fbsql.c:3089) ==28336== by 0x85B72D: ZEND_DO_ICALL_SPEC_HANDLER (zend_vm_execute.h:586) ==28336== by 0x84CECA: execute_ex (zend_vm_execute.h:414) ==28336== by 0x89D968: zend_execute (zend_vm_execute.h:458) ==28336== by 0x80DB36: zend_execute_scripts (zend.c:1428) ==28336== by 0x7A2ADF: php_execute_script (main.c:2471) ==28336== by 0x89F789: do_cli (php_cli.c:974) ==28336== ==28336== ==28336== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- n ==28336== Invalid read of size 4 ==28336== at 0x89BE3B: i_free_compiled_variables (zend_execute.c:2052) ==28336== by 0x89BE3B: zend_leave_helper_SPEC (zend_vm_execute.h:470) ==28336== by 0x84CECA: execute_ex (zend_vm_execute.h:414) ==28336== by 0x89D968: zend_execute (zend_vm_execute.h:458) ==28336== by 0x80DB36: zend_execute_scripts (zend.c:1428) ==28336== by 0x7A2ADF: php_execute_script (main.c:2471) ==28336== by 0x89F789: do_cli (php_cli.c:974) ==28336== by 0x443466: main (php_cli.c:1345) ==28336== Address 0x1329d150 is 0 bytes inside a block of size 24 free'd ==28336== at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==28336== by 0x81E095: _zend_hash_del_el_ex (zend_hash.c:958) ==28336== by 0x81E095: zend_hash_index_del (zend_hash.c:1170) ==28336== by 0x89BE52: i_free_compiled_variables (zend_execute.c:2055) ==28336== by 0x89BE52: zend_leave_helper_SPEC (zend_vm_execute.h:470) ==28336== by 0x84CECA: execute_ex (zend_vm_execute.h:414) ==28336== by 0x89D968: zend_execute (zend_vm_execute.h:458) ==28336== by 0x80DB36: zend_execute_scripts (zend.c:1428) ==28336== by 0x7A2ADF: php_execute_script (main.c:2471) ==28336== by 0x89F789: do_cli (php_cli.c:974) ==28336== by 0x443466: main (php_cli.c:1345) The first issue is a leak inside the C API for the FrontBase database. It's a known issue that is fixed by the vendor but not yet released and it does not cause any segfaults on scripts that don't use autoload of classes. - Frank On 11/11/15 12:16, Dmitry Stogov wrote: > I added zend_add_live_range() into master a day ago and replaced it with > zend_start_live_range/zend_end_live_range today. > > Thanks. Dmitry. > > On Wed, Nov 11, 2015 at 11:02 PM, Anatol Belski > wrote: > >> >>> -----Original Message----- >>> From: Frank M. Kromann [mailto:fmk@webbypixel.com] >>> Sent: Wednesday, November 11, 2015 8:51 PM >>> To: Anatol Belski ; 'Dmitry Stogov' < >> dmitry@zend.com> >>> Cc: 'PHP Internals' >>> Subject: Re: [PHP-DEV] PHP 7 Segmentation fault >>> >>> Just switched to PHP-7.0 and there is no longer any references to >> _live_range >>> but the problem with the segfault is still there. Here is a new >> backtrace. >>> #0 zend_mm_alloc_small (size=, bin_num=, >>> heap=) at /home/frank/Source/php-src- >>> 7/Zend/zend_alloc.c:1291 >>> #1 zend_mm_alloc_heap (size=, heap=) at >>> /home/frank/Source/php-src-7/Zend/zend_alloc.c:1358 >>> #2 _emalloc (size=2) at >> /home/frank/Source/php-src-7/Zend/zend_alloc.c:2442 >>> #3 0x00000000007e724d in _safe_emalloc (nmemb=nmemb@entry=24, >>> size=, offset=offset@entry=0) at >>> /home/frank/Source/php-src-7/Zend/zend_alloc.c:2510 >>> #4 0x00000000007f0b93 in zend_compile_params >>> (ast=ast@entry=0x7ffff0ab7250, >>> return_type_ast=return_type_ast@entry=0x0) at >>> /home/frank/Source/php-src-7/Zend/zend_compile.c:4429 >>> #5 0x00000000007fa240 in zend_compile_func_decl (result=result@entry >> =0x0, >>> ast=ast@entry=0x7ffff0ab7668) at >>> /home/frank/Source/php-src-7/Zend/zend_compile.c:4879 >>> #6 0x00000000007f799a in zend_compile_stmt (ast=0x7ffff0ab7668) at >>> /home/frank/Source/php-src-7/Zend/zend_compile.c:7048 >>> #7 0x00000000007f8487 in zend_compile_stmt_list >>> (ast=ast@entry=0x7ffff0ab8388) at >>> /home/frank/Source/php-src-7/Zend/zend_compile.c:4347 >>> #8 0x00000000007f781e in zend_compile_stmt >>> (ast=ast@entry=0x7ffff0ab8388) at >>> /home/frank/Source/php-src-7/Zend/zend_compile.c:6992 >>> #9 0x00000000007f88bf in zend_compile_class_decl >>> (ast=ast@entry=0x7ffff0ab8720) at >>> /home/frank/Source/php-src-7/Zend/zend_compile.c:5289 >>> #10 0x00000000007f7938 in zend_compile_stmt >>> (ast=ast@entry=0x7ffff0ab8720) at >>> /home/frank/Source/php-src-7/Zend/zend_compile.c:7060 >>> #11 0x00000000007fa67a in zend_compile_top_stmt (ast=0x7ffff0ab8720) at >>> /home/frank/Source/php-src-7/Zend/zend_compile.c:6966 >>> #12 0x00000000007fa6bf in zend_compile_top_stmt (ast=0x7ffff0ab4018) at >>> /home/frank/Source/php-src-7/Zend/zend_compile.c:6961 >>> #13 0x00000000007cde07 in compile_file (file_handle=, >>> type=) at Zend/zend_language_scanner.l:607 >>> #14 0x000000000065434e in phar_compile_file (file_handle=>> out>, type=) at >>> /home/frank/Source/php-src-7/ext/phar/phar.c:3311 >>> #15 0x00000000007cdf35 in compile_filename (type=2, >>> filename=filename@entry=0x7ffff0a14550) at >>> Zend/zend_language_scanner.l:647 >>> #16 0x0000000000899a2f in ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER () >>> at >>> /home/frank/Source/php-src-7/Zend/zend_vm_execute.h:29114 >>> #17 0x000000000084cecb in execute_ex (ex=) at >>> /home/frank/Source/php-src-7/Zend/zend_vm_execute.h:414 >>> #18 0x00000000007fe607 in zend_call_function (fci=0x7ffff0a89aa0, >>> fci@entry=0x7fffffffa8f0, fci_cache=fci_cache@entry=0x7fffffffa8c0) >>> at /home/frank/Source/php-src-7/Zend/zend_execute_API.c:854 >>> #19 0x000000000082b244 in zend_call_method (object=0x7ffff0aa38d8, >>> obj_ce=, fn_proxy=, >>> function_name=0x7ffff0aaf108 >>> "composer\\autoload\\classloader::loadclass\001", >>> function_name_len=, retval_ptr=retval_ptr@entry=0x0, >>> param_count=param_count@entry=1, arg1=0x7ffff0a14430, >>> arg2=arg2@entry=0x0) at >>> /home/frank/Source/php-src-7/Zend/zend_interfaces.c:104 >>> #20 0x00000000006c1324 in zif_spl_autoload_call (execute_data=>> out>, return_value=) at >>> /home/frank/Source/php-src-7/ext/spl/php_spl.c:425 >>> #21 0x00000000007fe6a0 in zend_call_function (fci=fci@entry >> =0x7fffffffab40, >>> fci_cache=fci_cache@entry=0x7fffffffab10) >>> at /home/frank/Source/php-src-7/Zend/zend_execute_API.c:873 >>> #22 0x00000000007feec9 in zend_lookup_class_ex >>> (name=name@entry=0x7ffff0a55e80, key=0x7ffff0a70420, >>> use_autoload=use_autoload@entry=1) >>> at /home/frank/Source/php-src-7/Zend/zend_execute_API.c:1036 >>> #23 0x00000000007ffa18 in zend_fetch_class_by_name >>> (class_name=0x7ffff0a55e80, key=, >>> fetch_type=fetch_type@entry=512) >>> at /home/frank/Source/php-src-7/Zend/zend_execute_API.c:1383 >>> #24 0x000000000089af51 in ZEND_NEW_SPEC_CONST_HANDLER () at >>> /home/frank/Source/php-src-7/Zend/zend_vm_execute.h:3354 >>> #25 0x000000000084cecb in execute_ex (ex=) at >>> /home/frank/Source/php-src-7/Zend/zend_vm_execute.h:414 >>> #26 0x000000000089d969 in zend_execute (op_array=, >>> return_value=) at >>> /home/frank/Source/php-src-7/Zend/zend_vm_execute.h:458 >>> #27 0x000000000080db37 in zend_execute_scripts (type=type@entry=8, >>> retval=retval@entry=0x0, file_count=file_count@entry=3) at >>> /home/frank/Source/php-src-7/Zend/zend.c:1428 >>> #28 0x00000000007a2ae0 in php_execute_script >>> (primary_file=primary_file@entry=0x7fffffffd070) at >>> /home/frank/Source/php-src-7/main/main.c:2471 >>> #29 0x000000000089f78a in do_cli (argc=4, argv=0x1167c60) at >>> /home/frank/Source/php-src-7/sapi/cli/php_cli.c:974 >>> #30 0x0000000000443467 in main (argc=4, argv=0x1167c60) at >>> /home/frank/Source/php-src-7/sapi/cli/php_cli.c:1345 >>> >> Ok, but in master there's no zend_add_live_range() as well, so that is >> what was strange. Could you please USE_ZEND_ALLOC=0 to collect the BT? >> >> Thanks >> >> Anatol >> >> -- Frank M. Kromann, M.Sc.E.E. Web by Pixel, Inc. Phone: +1 949 742 7533 Fax: +1 949 742 7534 Cell: +1 949 702 1794 Denmark: +45 78 79 11 48 Web: http://webbypixel.com --------------090004060909070407000408--