Bug #54488 [Bgs]: SIGSEGV in zend_assign_to_variable

Mon, 31 Oct 2011 06:02:34 -0700 

Edit report at https://bugs.php.net/bug.php?id=54488&edit=1

 ID:                 54488
 Updated by:         paj...@php.net
 Reported by:        dbetz at df dot eu
 Summary:            SIGSEGV in zend_assign_to_variable
 Status:             Bogus
 Type:               Bug
 Package:            FPM related
 Operating System:   Gentoo
 PHP Version:        5.3.6
 Assigned To:        fat
 Block user comment: N
 Private report:     N

 New Comment:

@dbetz at df dot eu

Please provide a way to reproduce this problem (aka not randomly). That means 
to 
debug a little bit to see what happens in your app while it crashes. using 
vBulletin as a base to fix such crashes is not an option for us.

Thanks for your understanding,


Previous Comments:
------------------------------------------------------------------------
[2011-07-22 05:20:45] dbetz at df dot eu

Hello,

after some time without problems now i get many segfaults:

Program received signal SIGSEGV, Segmentation fault.
_zend_mm_alloc_int (heap=0x8a65570, size=52) at 
/root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_alloc.c:1835
1835    /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_alloc.c: 
No such file or directory.
        in /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_alloc.c
(gdb) bt full
#0  _zend_mm_alloc_int (heap=0x8a65570, size=52) at 
/root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_alloc.c:1835
        bitmap = <value optimized out>
        best_fit = <value optimized out>
        true_size = 60
        block_size = <value optimized out>
        remaining_size = <value optimized out>
        segment_size = <value optimized out>
        segment = <value optimized out>
        keep_rest = <value optimized out>
#1  0x08450e8c in _zend_hash_quick_add_or_update (ht=0x94a6144, arKey=0x94a2ecc 
"plaintext_parser", nKeyLength=17, h=3773187690, pData=0x94a2eb8,
    nDataSize=4, pDest=0xb4dfd1f8, flag=1) at 
/root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_hash.c:315
        p = 0x0
#2  0x08451386 in zend_hash_copy (target=0x94a6144, source=0x92a7994, 
pCopyConstructor=0x8443f90 <zval_add_ref>, tmp=0xb4dfd238, size=4)
    at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_hash.c:787
        p = 0x94a2eac
        new_entry = 0x94a2e08
#3  0x0844407f in _zval_copy_ctor_func (zvalue=0x935eb10) at 
/root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_variables.c:134
        tmp = 0x5b
        original_ht = 0x92a7994
#4  0x0844487d in _zval_copy_ctor (type=8, format=0x89b9f2c "Use of undefined 
constant %s - assumed '%s'")
    at 
/root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_variables.h:45
No locals.
#5  zend_error (type=8, format=0x89b9f2c "Use of undefined constant %s - 
assumed '%s'")
    at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend.c:1078
        retval = <value optimized out>
        z_error_type = 0x93ccd28
        z_error_message = 0x94a49d8
        z_error_filename = 0x935cd3c
        z_error_lineno = 0x935cd88
        z_context = 0x935eb10
        error_filename = 0x949feec 
"/kunden/145279_85737/liveforen/domaingo/includes/functions_newpost.php(668) : 
eval()'d code"
        error_lineno = 43
        orig_user_error_handler = <value optimized out>
        in_compilation = <value optimized out>
        saved_class_entry = <value optimized out>
#6  0x0846a0d6 in ZEND_FETCH_CONSTANT_SPEC_UNUSED_CONST_HANDLER 
(execute_data=0x8bca78c)
    at 
/root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_vm_execute.h:17844
        actual = 0x94a5574 "postid"
        opline = 0x94a825c
#7  0x0846eaee in execute (op_array=0x8e24980) at 
/root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_vm_execute.h:107
        ret = <value optimized out>
        execute_data = 0x8bca78c
        nested = 1 '\001'
        original_in_execution = 0 '\000'
#8  0x084443e6 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at 
/root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend.c:1195
        i = 1
        file_handle = 0xb4e01790
        orig_op_array = 0x0
        orig_retval_ptr_ptr = 0x0
#9  0x083f2bd6 in php_execute_script (primary_file=0xb4e01790) at 
/root/compile/php-5.3-fpm/snaps/php5.3-201107150430/main/main.c:2284
        realfile = 
"èãß´C\021M\b\000\060X¢ÿÿÿÿ\000\000\000\000#\217B\bô\020+\tÀ\\Ú£ÀÏ*\tlõß´å\235X\001\065~\r\000\030äß´©RL\b\003\000\000\000\bäß´\b\000\000\000\000\000\000\000pU¦\bn|A£\001\005\000\001\000\000\000\000\001\000\000\000lõß´¸.\027\t\220\002\000\000pU¦\b¸.\027\tHäß´#\217B\b\210ÓN£\002\000\000\000\001\000\000\000däß´\001ôß´\000\000\000\000¸ÓN£»Ô?\bl/\027\t\020\000\000\000\002\000\000\000/ÁL£\200ÓN£È\032\002\000¸ÓN£ô¿N£\200ÓN£Ð\000+\t\230äß´|¢A£"..---Type
 <return> to continue, or q <return> to quit---
.
        __orig_bailout = 0xb4e01640
        __bailout = {{__jmpbuf = {-1260382320, 153810792, -1260391280, 
-1260391208, 2072411008, -1166720775}, __mask_was_saved = 0, __saved_mask = {
              __val = {0, 41205, 0, 4096, 96, 0, 1308693440, 0, 1307472900, 0, 
1308693441, 0, 852891, 0, 153900944, 148950944, 153813200, 3034576088,
                138386641, 3, 4, 3034575952, 1, 153812952, 3034584640, 
3034575976, 153813428, 153810792, 149062664, 3034576088, 2076760960, 2305}}}}
        prepend_file_p = 0x0
        append_file_p = <value optimized out>
        prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, 
opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 
0,
              mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, 
old_closer = 0}, reader = 0, fsizer = 0, closer = 0}},
          free_filename = 0 '\000'}
        append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path 
= 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0,
              mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, 
old_closer = 0}, reader = 0, fsizer = 0, closer = 0}},
          free_filename = 0 '\000'}
        retval = 0
#10 0x084ce08c in main (argc=3, argv=Cannot access memory at address 0x23
) at 
/root/compile/php-5.3-fpm/snaps/php5.3-201107150430/sapi/fpm/fpm/fpm_main.c:1900
        __bailout = {{__jmpbuf = {0, -1260381964, 0, -1260382152, 2076793728, 
1570506489}, __mask_was_saved = 0, __saved_mask = {__val = {2738603973,
                2749034436, 70078602, 2741702958, 2741557004, 2749023548, 
3034584724, 2745840432, 13, 2741565964, 2741510004, 1480958541, 3034584860,
                32, 2744109768, 0, 0, 1, 560, 2738520464, 2744109768, 
2741702958, 2741609996, 2741565964, 1, 2749034436, 3034584992, 2744110208,
                3034584952, 2748954464, 3034584936, 2741565964}}}}
        exit_status = 0
        c = <value optimized out>
        file_handle = {type = ZEND_HANDLE_MAPPED, filename = 0x92b00d0 
"/www/145279_85737/liveforen/domaingo/newreply.php", opened_path = 0x0, handle 
= {
            fd = 153901444, fp = 0x92c5984, stream = {handle = 0x92c5984, 
isatty = 0, mmap = {len = 41205, pos = 0, map = 0xa30e0000,
                buf = 0xa30e0000 <Address 0xa30e0000 out of bounds>, old_handle 
= 0x8e0cfa0, old_closer = 0x8458cb0 <zend_stream_stdio_closer>},
              reader = 0x8459290 <zend_stream_stdio_reader>, fsizer = 0x84591c0 
<zend_stream_stdio_fsizer>,
              closer = 0x8459210 <zend_stream_mmap_closer>}}, free_filename = 0 
'\000'}
        orig_optind = 1
        orig_optarg = 0x0
        ini_entries_len = <value optimized out>
        max_requests = 1000
        requests = 3
        fcgi_fd = <value optimized out>
        request = {listen_socket = 0, fd = 3, id = 1, keep = 0, closed = 0, 
in_len = 0, in_pad = 0, out_hdr = 0x0, out_pos = 0xb4dff590 "\001\003",
          out_buf = 
"\001\003\000\001\000\b\000\000\000\000\000\000\000B\020=q~cC^¥R>hñ°!¿uÑ»\020\220ØQåàW·qÎüG·lÙ.&+ª:£q\a\207cÎ\t>ö\237ã|wë\233½ü\220gÈ8\b\bhg¾Àa\217߯óÄ\026¬²£\021\216«¹ûÃ5¥N\220\bz\032\027ß\024)JÖðÿ\203Y\227î¹\216Ö¯¬\017¹7<}\të\205§¬^],Îx\220ÿsÐ\210ô\006®Ú,KÔ\215\200i\207$lÏqcâ÷\204\217:\222Í\027Ûm\237\033ëzúæúí¥²¥\224­÷\207\226\217.N¢É×Hi­«|¿åfÒõ2éÈ"...,
 reserved = '\000' <repeats 15 times>, env = 0x92acf98}
        fpm_config = 0xb4e01a8c ""
        fpm_prefix = 0x0
        fpm_pid = 0x0
        test_conf = 0

valgrind didnt work correct. it shows me always an "out of memory" error, but 
there is enough memory free ...

------------------------------------------------------------------------
[2011-07-13 05:59:13] f...@php.net

OK, closed now. You can still reopen it if it happens again

------------------------------------------------------------------------
[2011-07-13 05:41:59] dbetz at df dot eu

Thanks for all your help.

The segfault isnt reproducable now.
Maybe the last vBulletin Board update changes some thing in the Object handling 
or maybe i have updated some librarys.
I have tested with PHP-FPM 5.3.6 and the latest Snapshot.

So i think you can close this bugreport.

Greets,
Daniel

------------------------------------------------------------------------
[2011-07-13 04:33:38] tony2...@php.net

Valgrind log would be quite helpful: 
https://bugs.php.net/bugs-getting-valgrind-log.php

------------------------------------------------------------------------
[2011-07-12 19:08:38] f...@php.net

I've asked for help on internals: http://news.php.net/php.internals/53922

see where it goes

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    https://bugs.php.net/bug.php?id=54488


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=54488&edit=1

Reply via email to