On Wed, Nov 11, 2015 at 11:24 PM, Frank M. Kromann <f...@webbypixel.com> wrote:
> Hi Dmitry, > > Here is the output. > > ==28336== Conditional jump or move depends on uninitialised value(s) > ==28336== at 0x64EF568: tzload (FSTimeZones.c:794) > ==28336== by 0x64EFBC0: fstzZoneFromData (FSTimeZones.c:1765) > ==28336== by 0x64EA5ED: fbctzTimeZone (FBCTimeZones.c:51) > ==28336== by 0x64EA19A: fbcrhInitWithOptions (FBCRowHandler.c:94) > ==28336== by 0x587D8C: phpfbFetchRow (php_fbsql.c:986) > ==28336== by 0x58A1BB: php_fbsql_fetch_hash.isra.10 (php_fbsql.c:3089) > ==28336== by 0x85B72D: ZEND_DO_ICALL_SPEC_HANDLER > (zend_vm_execute.h:586) > ==28336== by 0x84CECA: execute_ex (zend_vm_execute.h:414) > ==28336== by 0x89D968: zend_execute (zend_vm_execute.h:458) > ==28336== by 0x80DB36: zend_execute_scripts (zend.c:1428) > ==28336== by 0x7A2ADF: php_execute_script (main.c:2471) > ==28336== by 0x89F789: do_cli (php_cli.c:974) > ==28336== > ==28336== > ==28336== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- n > ==28336== Invalid read of size 4 > ==28336== at 0x89BE3B: i_free_compiled_variables (zend_execute.c:2052) > ==28336== by 0x89BE3B: zend_leave_helper_SPEC (zend_vm_execute.h:470) > ==28336== by 0x84CECA: execute_ex (zend_vm_execute.h:414) > ==28336== by 0x89D968: zend_execute (zend_vm_execute.h:458) > ==28336== by 0x80DB36: zend_execute_scripts (zend.c:1428) > ==28336== by 0x7A2ADF: php_execute_script (main.c:2471) > ==28336== by 0x89F789: do_cli (php_cli.c:974) > ==28336== by 0x443466: main (php_cli.c:1345) > ==28336== Address 0x1329d150 is 0 bytes inside a block of size 24 free'd > ==28336== at 0x4C2AD17: free (in > /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) > ==28336== by 0x81E095: _zend_hash_del_el_ex (zend_hash.c:958) > ==28336== by 0x81E095: zend_hash_index_del (zend_hash.c:1170) > ==28336== by 0x89BE52: i_free_compiled_variables (zend_execute.c:2055) > ==28336== by 0x89BE52: zend_leave_helper_SPEC (zend_vm_execute.h:470) > ==28336== by 0x84CECA: execute_ex (zend_vm_execute.h:414) > ==28336== by 0x89D968: zend_execute (zend_vm_execute.h:458) > ==28336== by 0x80DB36: zend_execute_scripts (zend.c:1428) > ==28336== by 0x7A2ADF: php_execute_script (main.c:2471) > ==28336== by 0x89F789: do_cli (php_cli.c:974) > ==28336== by 0x443466: main (php_cli.c:1345) > > The first issue is a leak inside the C API for the FrontBase database. > It's a known issue that is fixed by the vendor but not yet released and it > does not cause any segfaults on scripts that don't use autoload of classes. > This is use-after-free. most probably, because of wrong reference counting. This may be caused by a bug in third party extension. Can you reproduce the failure without them? Thanks. Dmitry. > > - Frank > > > On 11/11/15 12:16, Dmitry Stogov wrote: > > I added zend_add_live_range() into master a day ago and replaced it with > zend_start_live_range/zend_end_live_range today. > > Thanks. Dmitry. > > On Wed, Nov 11, 2015 at 11:02 PM, Anatol Belski <anatol....@belski.net> > <anatol....@belski.net> > wrote: > > > -----Original Message----- > From: Frank M. Kromann [mailto:f...@webbypixel.com <f...@webbypixel.com>] > Sent: Wednesday, November 11, 2015 8:51 PM > To: Anatol Belski <anatol....@belski.net> <anatol....@belski.net>; 'Dmitry > Stogov' < > > dmi...@zend.com> > > Cc: 'PHP Internals' <internals@lists.php.net> <internals@lists.php.net> > Subject: Re: [PHP-DEV] PHP 7 Segmentation fault > > Just switched to PHP-7.0 and there is no longer any references to > > _live_range > > but the problem with the segfault is still there. Here is a new > > backtrace. > > #0 zend_mm_alloc_small (size=<optimized out>, bin_num=<optimized out>, > heap=<optimized out>) at /home/frank/Source/php-src- > 7/Zend/zend_alloc.c:1291 > #1 zend_mm_alloc_heap (size=<optimized out>, heap=<optimized out>) at > /home/frank/Source/php-src-7/Zend/zend_alloc.c:1358 > #2 _emalloc (size=2) at > > /home/frank/Source/php-src-7/Zend/zend_alloc.c:2442 > > #3 0x00000000007e724d in _safe_emalloc (nmemb=nmemb@entry=24, > size=<optimized out>, offset=offset@entry=0) at > /home/frank/Source/php-src-7/Zend/zend_alloc.c:2510 > #4 0x00000000007f0b93 in zend_compile_params > (ast=ast@entry=0x7ffff0ab7250, > return_type_ast=return_type_ast@entry=0x0) at > /home/frank/Source/php-src-7/Zend/zend_compile.c:4429 > #5 0x00000000007fa240 in zend_compile_func_decl (result=result@entry > > =0x0, > > ast=ast@entry=0x7ffff0ab7668) at > /home/frank/Source/php-src-7/Zend/zend_compile.c:4879 > #6 0x00000000007f799a in zend_compile_stmt (ast=0x7ffff0ab7668) at > /home/frank/Source/php-src-7/Zend/zend_compile.c:7048 > #7 0x00000000007f8487 in zend_compile_stmt_list > (ast=ast@entry=0x7ffff0ab8388) at > /home/frank/Source/php-src-7/Zend/zend_compile.c:4347 > #8 0x00000000007f781e in zend_compile_stmt > (ast=ast@entry=0x7ffff0ab8388) at > /home/frank/Source/php-src-7/Zend/zend_compile.c:6992 > #9 0x00000000007f88bf in zend_compile_class_decl > (ast=ast@entry=0x7ffff0ab8720) at > /home/frank/Source/php-src-7/Zend/zend_compile.c:5289 > #10 0x00000000007f7938 in zend_compile_stmt > (ast=ast@entry=0x7ffff0ab8720) at > /home/frank/Source/php-src-7/Zend/zend_compile.c:7060 > #11 0x00000000007fa67a in zend_compile_top_stmt (ast=0x7ffff0ab8720) at > /home/frank/Source/php-src-7/Zend/zend_compile.c:6966 > #12 0x00000000007fa6bf in zend_compile_top_stmt (ast=0x7ffff0ab4018) at > /home/frank/Source/php-src-7/Zend/zend_compile.c:6961 > #13 0x00000000007cde07 in compile_file (file_handle=<optimized out>, > type=<optimized out>) at Zend/zend_language_scanner.l:607 > #14 0x000000000065434e in phar_compile_file (file_handle=<optimized > out>, type=<optimized out>) at > /home/frank/Source/php-src-7/ext/phar/phar.c:3311 > #15 0x00000000007cdf35 in compile_filename (type=2, > filename=filename@entry=0x7ffff0a14550) at > Zend/zend_language_scanner.l:647 > #16 0x0000000000899a2f in ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER () > at > /home/frank/Source/php-src-7/Zend/zend_vm_execute.h:29114 > #17 0x000000000084cecb in execute_ex (ex=<optimized out>) at > /home/frank/Source/php-src-7/Zend/zend_vm_execute.h:414 > #18 0x00000000007fe607 in zend_call_function (fci=0x7ffff0a89aa0, > fci@entry=0x7fffffffa8f0, fci_cache=fci_cache@entry=0x7fffffffa8c0) > at /home/frank/Source/php-src-7/Zend/zend_execute_API.c:854 > #19 0x000000000082b244 in zend_call_method (object=0x7ffff0aa38d8, > obj_ce=<optimized out>, fn_proxy=<optimized out>, > function_name=0x7ffff0aaf108 > "composer\\autoload\\classloader::loadclass\001", > function_name_len=<optimized out>, retval_ptr=retval_ptr@entry=0x0, > param_count=param_count@entry=1, arg1=0x7ffff0a14430, > arg2=arg2@entry=0x0) at > /home/frank/Source/php-src-7/Zend/zend_interfaces.c:104 > #20 0x00000000006c1324 in zif_spl_autoload_call (execute_data=<optimized > out>, return_value=<optimized out>) at > /home/frank/Source/php-src-7/ext/spl/php_spl.c:425 > #21 0x00000000007fe6a0 in zend_call_function (fci=fci@entry > > =0x7fffffffab40, > > fci_cache=fci_cache@entry=0x7fffffffab10) > at /home/frank/Source/php-src-7/Zend/zend_execute_API.c:873 > #22 0x00000000007feec9 in zend_lookup_class_ex > (name=name@entry=0x7ffff0a55e80, key=0x7ffff0a70420, > use_autoload=use_autoload@entry=1) > at /home/frank/Source/php-src-7/Zend/zend_execute_API.c:1036 > #23 0x00000000007ffa18 in zend_fetch_class_by_name > (class_name=0x7ffff0a55e80, key=<optimized out>, > fetch_type=fetch_type@entry=512) > at /home/frank/Source/php-src-7/Zend/zend_execute_API.c:1383 > #24 0x000000000089af51 in ZEND_NEW_SPEC_CONST_HANDLER () at > /home/frank/Source/php-src-7/Zend/zend_vm_execute.h:3354 > #25 0x000000000084cecb in execute_ex (ex=<optimized out>) at > /home/frank/Source/php-src-7/Zend/zend_vm_execute.h:414 > #26 0x000000000089d969 in zend_execute (op_array=<optimized out>, > return_value=<optimized out>) at > /home/frank/Source/php-src-7/Zend/zend_vm_execute.h:458 > #27 0x000000000080db37 in zend_execute_scripts (type=type@entry=8, > retval=retval@entry=0x0, file_count=file_count@entry=3) at > /home/frank/Source/php-src-7/Zend/zend.c:1428 > #28 0x00000000007a2ae0 in php_execute_script > (primary_file=primary_file@entry=0x7fffffffd070) at > /home/frank/Source/php-src-7/main/main.c:2471 > #29 0x000000000089f78a in do_cli (argc=4, argv=0x1167c60) at > /home/frank/Source/php-src-7/sapi/cli/php_cli.c:974 > #30 0x0000000000443467 in main (argc=4, argv=0x1167c60) at > /home/frank/Source/php-src-7/sapi/cli/php_cli.c:1345 > > > Ok, but in master there's no zend_add_live_range() as well, so that is > what was strange. Could you please USE_ZEND_ALLOC=0 to collect the BT? > > Thanks > > Anatol > > > > > -- > Frank M. Kromann, M.Sc.E.E. > Web by Pixel, Inc. > > Phone: +1 949 742 7533 > Fax: +1 949 742 7534 > Cell: +1 949 702 1794 > Denmark: +45 78 79 11 48 > > Web: http://webbypixel.com >
