Hi Dmitry,
Here is the output.
==28336== Conditional jump or move depends on uninitialised value(s)
==28336== at 0x64EF568: tzload (FSTimeZones.c:794)
==28336== by 0x64EFBC0: fstzZoneFromData (FSTimeZones.c:1765)
==28336== by 0x64EA5ED: fbctzTimeZone (FBCTimeZones.c:51)
==28336== by 0x64EA19A: fbcrhInitWithOptions (FBCRowHandler.c:94)
==28336== by 0x587D8C: phpfbFetchRow (php_fbsql.c:986)
==28336== by 0x58A1BB: php_fbsql_fetch_hash.isra.10 (php_fbsql.c:3089)
==28336== by 0x85B72D: ZEND_DO_ICALL_SPEC_HANDLER (zend_vm_execute.h:586)
==28336== by 0x84CECA: execute_ex (zend_vm_execute.h:414)
==28336== by 0x89D968: zend_execute (zend_vm_execute.h:458)
==28336== by 0x80DB36: zend_execute_scripts (zend.c:1428)
==28336== by 0x7A2ADF: php_execute_script (main.c:2471)
==28336== by 0x89F789: do_cli (php_cli.c:974)
==28336==
==28336==
==28336== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- n
==28336== Invalid read of size 4
==28336== at 0x89BE3B: i_free_compiled_variables (zend_execute.c:2052)
==28336== by 0x89BE3B: zend_leave_helper_SPEC (zend_vm_execute.h:470)
==28336== by 0x84CECA: execute_ex (zend_vm_execute.h:414)
==28336== by 0x89D968: zend_execute (zend_vm_execute.h:458)
==28336== by 0x80DB36: zend_execute_scripts (zend.c:1428)
==28336== by 0x7A2ADF: php_execute_script (main.c:2471)
==28336== by 0x89F789: do_cli (php_cli.c:974)
==28336== by 0x443466: main (php_cli.c:1345)
==28336== Address 0x1329d150 is 0 bytes inside a block of size 24 free'd
==28336== at 0x4C2AD17: free (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==28336== by 0x81E095: _zend_hash_del_el_ex (zend_hash.c:958)
==28336== by 0x81E095: zend_hash_index_del (zend_hash.c:1170)
==28336== by 0x89BE52: i_free_compiled_variables (zend_execute.c:2055)
==28336== by 0x89BE52: zend_leave_helper_SPEC (zend_vm_execute.h:470)
==28336== by 0x84CECA: execute_ex (zend_vm_execute.h:414)
==28336== by 0x89D968: zend_execute (zend_vm_execute.h:458)
==28336== by 0x80DB36: zend_execute_scripts (zend.c:1428)
==28336== by 0x7A2ADF: php_execute_script (main.c:2471)
==28336== by 0x89F789: do_cli (php_cli.c:974)
==28336== by 0x443466: main (php_cli.c:1345)
The first issue is a leak inside the C API for the FrontBase database.
It's a known issue that is fixed by the vendor but not yet released and
it does not cause any segfaults on scripts that don't use autoload of
classes.
- Frank
On 11/11/15 12:16, Dmitry Stogov wrote:
I added zend_add_live_range() into master a day ago and replaced it with
zend_start_live_range/zend_end_live_range today.
Thanks. Dmitry.
On Wed, Nov 11, 2015 at 11:02 PM, Anatol Belski <anatol....@belski.net>
wrote:
-----Original Message-----
From: Frank M. Kromann [mailto:f...@webbypixel.com]
Sent: Wednesday, November 11, 2015 8:51 PM
To: Anatol Belski <anatol....@belski.net>; 'Dmitry Stogov' <
dmi...@zend.com>
Cc: 'PHP Internals' <internals@lists.php.net>
Subject: Re: [PHP-DEV] PHP 7 Segmentation fault
Just switched to PHP-7.0 and there is no longer any references to
_live_range
but the problem with the segfault is still there. Here is a new
backtrace.
#0 zend_mm_alloc_small (size=<optimized out>, bin_num=<optimized out>,
heap=<optimized out>) at /home/frank/Source/php-src-
7/Zend/zend_alloc.c:1291
#1 zend_mm_alloc_heap (size=<optimized out>, heap=<optimized out>) at
/home/frank/Source/php-src-7/Zend/zend_alloc.c:1358
#2 _emalloc (size=2) at
/home/frank/Source/php-src-7/Zend/zend_alloc.c:2442
#3 0x00000000007e724d in _safe_emalloc (nmemb=nmemb@entry=24,
size=<optimized out>, offset=offset@entry=0) at
/home/frank/Source/php-src-7/Zend/zend_alloc.c:2510
#4 0x00000000007f0b93 in zend_compile_params
(ast=ast@entry=0x7ffff0ab7250,
return_type_ast=return_type_ast@entry=0x0) at
/home/frank/Source/php-src-7/Zend/zend_compile.c:4429
#5 0x00000000007fa240 in zend_compile_func_decl (result=result@entry
=0x0,
ast=ast@entry=0x7ffff0ab7668) at
/home/frank/Source/php-src-7/Zend/zend_compile.c:4879
#6 0x00000000007f799a in zend_compile_stmt (ast=0x7ffff0ab7668) at
/home/frank/Source/php-src-7/Zend/zend_compile.c:7048
#7 0x00000000007f8487 in zend_compile_stmt_list
(ast=ast@entry=0x7ffff0ab8388) at
/home/frank/Source/php-src-7/Zend/zend_compile.c:4347
#8 0x00000000007f781e in zend_compile_stmt
(ast=ast@entry=0x7ffff0ab8388) at
/home/frank/Source/php-src-7/Zend/zend_compile.c:6992
#9 0x00000000007f88bf in zend_compile_class_decl
(ast=ast@entry=0x7ffff0ab8720) at
/home/frank/Source/php-src-7/Zend/zend_compile.c:5289
#10 0x00000000007f7938 in zend_compile_stmt
(ast=ast@entry=0x7ffff0ab8720) at
/home/frank/Source/php-src-7/Zend/zend_compile.c:7060
#11 0x00000000007fa67a in zend_compile_top_stmt (ast=0x7ffff0ab8720) at
/home/frank/Source/php-src-7/Zend/zend_compile.c:6966
#12 0x00000000007fa6bf in zend_compile_top_stmt (ast=0x7ffff0ab4018) at
/home/frank/Source/php-src-7/Zend/zend_compile.c:6961
#13 0x00000000007cde07 in compile_file (file_handle=<optimized out>,
type=<optimized out>) at Zend/zend_language_scanner.l:607
#14 0x000000000065434e in phar_compile_file (file_handle=<optimized
out>, type=<optimized out>) at
/home/frank/Source/php-src-7/ext/phar/phar.c:3311
#15 0x00000000007cdf35 in compile_filename (type=2,
filename=filename@entry=0x7ffff0a14550) at
Zend/zend_language_scanner.l:647
#16 0x0000000000899a2f in ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER ()
at
/home/frank/Source/php-src-7/Zend/zend_vm_execute.h:29114
#17 0x000000000084cecb in execute_ex (ex=<optimized out>) at
/home/frank/Source/php-src-7/Zend/zend_vm_execute.h:414
#18 0x00000000007fe607 in zend_call_function (fci=0x7ffff0a89aa0,
fci@entry=0x7fffffffa8f0, fci_cache=fci_cache@entry=0x7fffffffa8c0)
at /home/frank/Source/php-src-7/Zend/zend_execute_API.c:854
#19 0x000000000082b244 in zend_call_method (object=0x7ffff0aa38d8,
obj_ce=<optimized out>, fn_proxy=<optimized out>,
function_name=0x7ffff0aaf108
"composer\\autoload\\classloader::loadclass\001",
function_name_len=<optimized out>, retval_ptr=retval_ptr@entry=0x0,
param_count=param_count@entry=1, arg1=0x7ffff0a14430,
arg2=arg2@entry=0x0) at
/home/frank/Source/php-src-7/Zend/zend_interfaces.c:104
#20 0x00000000006c1324 in zif_spl_autoload_call (execute_data=<optimized
out>, return_value=<optimized out>) at
/home/frank/Source/php-src-7/ext/spl/php_spl.c:425
#21 0x00000000007fe6a0 in zend_call_function (fci=fci@entry
=0x7fffffffab40,
fci_cache=fci_cache@entry=0x7fffffffab10)
at /home/frank/Source/php-src-7/Zend/zend_execute_API.c:873
#22 0x00000000007feec9 in zend_lookup_class_ex
(name=name@entry=0x7ffff0a55e80, key=0x7ffff0a70420,
use_autoload=use_autoload@entry=1)
at /home/frank/Source/php-src-7/Zend/zend_execute_API.c:1036
#23 0x00000000007ffa18 in zend_fetch_class_by_name
(class_name=0x7ffff0a55e80, key=<optimized out>,
fetch_type=fetch_type@entry=512)
at /home/frank/Source/php-src-7/Zend/zend_execute_API.c:1383
#24 0x000000000089af51 in ZEND_NEW_SPEC_CONST_HANDLER () at
/home/frank/Source/php-src-7/Zend/zend_vm_execute.h:3354
#25 0x000000000084cecb in execute_ex (ex=<optimized out>) at
/home/frank/Source/php-src-7/Zend/zend_vm_execute.h:414
#26 0x000000000089d969 in zend_execute (op_array=<optimized out>,
return_value=<optimized out>) at
/home/frank/Source/php-src-7/Zend/zend_vm_execute.h:458
#27 0x000000000080db37 in zend_execute_scripts (type=type@entry=8,
retval=retval@entry=0x0, file_count=file_count@entry=3) at
/home/frank/Source/php-src-7/Zend/zend.c:1428
#28 0x00000000007a2ae0 in php_execute_script
(primary_file=primary_file@entry=0x7fffffffd070) at
/home/frank/Source/php-src-7/main/main.c:2471
#29 0x000000000089f78a in do_cli (argc=4, argv=0x1167c60) at
/home/frank/Source/php-src-7/sapi/cli/php_cli.c:974
#30 0x0000000000443467 in main (argc=4, argv=0x1167c60) at
/home/frank/Source/php-src-7/sapi/cli/php_cli.c:1345
Ok, but in master there's no zend_add_live_range() as well, so that is
what was strange. Could you please USE_ZEND_ALLOC=0 to collect the BT?
Thanks
Anatol
--
Frank M. Kromann, M.Sc.E.E.
Web by Pixel, Inc.
Phone: +1 949 742 7533
Fax: +1 949 742 7534
Cell: +1 949 702 1794
Denmark: +45 78 79 11 48
Web: http://webbypixel.com
