Edit report at https://bugs.php.net/bug.php?id=54488&edit=1
ID: 54488 User updated by: dbetz at df dot eu Reported by: dbetz at df dot eu Summary: SIGSEGV in zend_assign_to_variable Status: Bogus Type: Bug Package: FPM related Operating System: Gentoo PHP Version: 5.3.6 Assigned To: fat Block user comment: N Private report: N New Comment: Hello, after some time without problems now i get many segfaults: Program received signal SIGSEGV, Segmentation fault. _zend_mm_alloc_int (heap=0x8a65570, size=52) at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_alloc.c:1835 1835 /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_alloc.c: No such file or directory. in /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_alloc.c (gdb) bt full #0 _zend_mm_alloc_int (heap=0x8a65570, size=52) at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_alloc.c:1835 bitmap = <value optimized out> best_fit = <value optimized out> true_size = 60 block_size = <value optimized out> remaining_size = <value optimized out> segment_size = <value optimized out> segment = <value optimized out> keep_rest = <value optimized out> #1 0x08450e8c in _zend_hash_quick_add_or_update (ht=0x94a6144, arKey=0x94a2ecc "plaintext_parser", nKeyLength=17, h=3773187690, pData=0x94a2eb8, nDataSize=4, pDest=0xb4dfd1f8, flag=1) at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_hash.c:315 p = 0x0 #2 0x08451386 in zend_hash_copy (target=0x94a6144, source=0x92a7994, pCopyConstructor=0x8443f90 <zval_add_ref>, tmp=0xb4dfd238, size=4) at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_hash.c:787 p = 0x94a2eac new_entry = 0x94a2e08 #3 0x0844407f in _zval_copy_ctor_func (zvalue=0x935eb10) at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_variables.c:134 tmp = 0x5b original_ht = 0x92a7994 #4 0x0844487d in _zval_copy_ctor (type=8, format=0x89b9f2c "Use of undefined constant %s - assumed '%s'") at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_variables.h:45 No locals. #5 zend_error (type=8, format=0x89b9f2c "Use of undefined constant %s - assumed '%s'") at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend.c:1078 retval = <value optimized out> z_error_type = 0x93ccd28 z_error_message = 0x94a49d8 z_error_filename = 0x935cd3c z_error_lineno = 0x935cd88 z_context = 0x935eb10 error_filename = 0x949feec "/kunden/145279_85737/liveforen/domaingo/includes/functions_newpost.php(668) : eval()'d code" error_lineno = 43 orig_user_error_handler = <value optimized out> in_compilation = <value optimized out> saved_class_entry = <value optimized out> #6 0x0846a0d6 in ZEND_FETCH_CONSTANT_SPEC_UNUSED_CONST_HANDLER (execute_data=0x8bca78c) at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_vm_execute.h:17844 actual = 0x94a5574 "postid" opline = 0x94a825c #7 0x0846eaee in execute (op_array=0x8e24980) at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_vm_execute.h:107 ret = <value optimized out> execute_data = 0x8bca78c nested = 1 '\001' original_in_execution = 0 '\000' #8 0x084443e6 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend.c:1195 i = 1 file_handle = 0xb4e01790 orig_op_array = 0x0 orig_retval_ptr_ptr = 0x0 #9 0x083f2bd6 in php_execute_script (primary_file=0xb4e01790) at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/main/main.c:2284 realfile = "èãôC\021M\b\000\060X¢ÿÿÿÿ\000\000\000\000#\217B\bô\020+\tÃ\\ãÃÃ*\tlõôå\235X\001\065~\r\000\030äô©RL\b\003\000\000\000\bäô\b\000\000\000\000\000\000\000pU¦\bn|A£\001\005\000\001\000\000\000\000\001\000\000\000lõô¸.\027\t\220\002\000\000pU¦\b¸.\027\tHäô#\217B\b\210ÃN£\002\000\000\000\001\000\000\000däô\001ôô\000\000\000\000¸ÃN£»Ã?\bl/\027\t\020\000\000\000\002\000\000\000/ÃL£\200ÃN£Ã\032\002\000¸ÃN£ô¿N£\200ÃN£Ã\000+\t\230äô|¢A£"..---Type <return> to continue, or q <return> to quit--- . __orig_bailout = 0xb4e01640 __bailout = {{__jmpbuf = {-1260382320, 153810792, -1260391280, -1260391208, 2072411008, -1166720775}, __mask_was_saved = 0, __saved_mask = { __val = {0, 41205, 0, 4096, 96, 0, 1308693440, 0, 1307472900, 0, 1308693441, 0, 852891, 0, 153900944, 148950944, 153813200, 3034576088, 138386641, 3, 4, 3034575952, 1, 153812952, 3034584640, 3034575976, 153813428, 153810792, 149062664, 3034576088, 2076760960, 2305}}}} prepend_file_p = 0x0 append_file_p = <value optimized out> prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 0, closer = 0}}, free_filename = 0 '\000'} append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 0, closer = 0}}, free_filename = 0 '\000'} retval = 0 #10 0x084ce08c in main (argc=3, argv=Cannot access memory at address 0x23 ) at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/sapi/fpm/fpm/fpm_main.c:1900 __bailout = {{__jmpbuf = {0, -1260381964, 0, -1260382152, 2076793728, 1570506489}, __mask_was_saved = 0, __saved_mask = {__val = {2738603973, 2749034436, 70078602, 2741702958, 2741557004, 2749023548, 3034584724, 2745840432, 13, 2741565964, 2741510004, 1480958541, 3034584860, 32, 2744109768, 0, 0, 1, 560, 2738520464, 2744109768, 2741702958, 2741609996, 2741565964, 1, 2749034436, 3034584992, 2744110208, 3034584952, 2748954464, 3034584936, 2741565964}}}} exit_status = 0 c = <value optimized out> file_handle = {type = ZEND_HANDLE_MAPPED, filename = 0x92b00d0 "/www/145279_85737/liveforen/domaingo/newreply.php", opened_path = 0x0, handle = { fd = 153901444, fp = 0x92c5984, stream = {handle = 0x92c5984, isatty = 0, mmap = {len = 41205, pos = 0, map = 0xa30e0000, buf = 0xa30e0000 <Address 0xa30e0000 out of bounds>, old_handle = 0x8e0cfa0, old_closer = 0x8458cb0 <zend_stream_stdio_closer>}, reader = 0x8459290 <zend_stream_stdio_reader>, fsizer = 0x84591c0 <zend_stream_stdio_fsizer>, closer = 0x8459210 <zend_stream_mmap_closer>}}, free_filename = 0 '\000'} orig_optind = 1 orig_optarg = 0x0 ini_entries_len = <value optimized out> max_requests = 1000 requests = 3 fcgi_fd = <value optimized out> request = {listen_socket = 0, fd = 3, id = 1, keep = 0, closed = 0, in_len = 0, in_pad = 0, out_hdr = 0x0, out_pos = 0xb4dff590 "\001\003", out_buf = "\001\003\000\001\000\b\000\000\000\000\000\000\000B\020=q~cC^Â¥R>hñ°!¿uû\020\220ÃQåà W·qÃüG·lÃ.&+ª:£q\a\207cÃ\t>ö\237ã|wë\233½ü\220gÃ8\b\bhg¾Ãa\217ïóÃ\026¬²£\021\216«¹ûÃ5Â¥N\220\bz\032\027Ã\024)JÃðÿ\203Y\227î¹\216ï¬\017¹7<}\të\205§¬^],Ãx\220ÿsÃ\210ô\006®Ã,KÃ\215\200i\207$lÃqcâ÷\204\217:\222Ã\027Ãm\237\033ëzúæúÃ¥²¥\224Â÷\207\226\217.N¢ÃÃHi«|¿åfÃõ2éÃ"..., reserved = '\000' <repeats 15 times>, env = 0x92acf98} fpm_config = 0xb4e01a8c "" fpm_prefix = 0x0 fpm_pid = 0x0 test_conf = 0 valgrind didnt work correct. it shows me always an "out of memory" error, but there is enough memory free ... Previous Comments: ------------------------------------------------------------------------ [2011-07-13 05:59:13] f...@php.net OK, closed now. You can still reopen it if it happens again ------------------------------------------------------------------------ [2011-07-13 05:41:59] dbetz at df dot eu Thanks for all your help. The segfault isnt reproducable now. Maybe the last vBulletin Board update changes some thing in the Object handling or maybe i have updated some librarys. I have tested with PHP-FPM 5.3.6 and the latest Snapshot. So i think you can close this bugreport. Greets, Daniel ------------------------------------------------------------------------ [2011-07-13 04:33:38] tony2...@php.net Valgrind log would be quite helpful: https://bugs.php.net/bugs-getting-valgrind-log.php ------------------------------------------------------------------------ [2011-07-12 19:08:38] f...@php.net I've asked for help on internals: http://news.php.net/php.internals/53922 see where it goes ------------------------------------------------------------------------ [2011-07-07 02:38:16] dbetz at df dot eu Hello, with 5.3.7RC3-dev i cant hit the bug anymore ( i think ) I will keep on testing. Thx, Daniel ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=54488 -- Edit this bug report at https://bugs.php.net/bug.php?id=54488&edit=1