Edit report at https://bugs.php.net/bug.php?id=64463&edit=1
ID: 64463
Comment by: julien at palard dot fr
Reported by: julien at palard dot fr
Summary: Segfault (For the moment, can't reproduce it)
Status: Open
Type: Bug
Package: *General Issues
Operating System: Debian 6.0.7
PHP Version: 5.4.13
Block user comment: N
Private report: N
New Comment:
Same segfault, other stacktrace, don't think it help a lot :
Program terminated with signal 11, Segmentation fault.
#0 _zend_mm_alloc_int (heap=0x143a330, size=82) at
/usr/src/php-5.4.13/Zend/zend_alloc.c:2016
2016 ZEND_MM_CHECK_BLOCK_LINKAGE(best_fit);
(gdb) bt
#0 _zend_mm_alloc_int (heap=0x143a330, size=82) at
/usr/src/php-5.4.13/Zend/zend_alloc.c:2016
#1 0x0000000000691791 in _zend_hash_quick_add_or_update (ht=0x1675e18,
arKey=0x7fc905b7fb50 "regexChar", nKeyLength=<value optimized out>,
h=8246864001117707262, pData=0x1, nDataSize=8, pDest=0x7fc9207513a8, flag=1) at
/usr/src/php-5.4.13/Zend/zend_hash.c:330
#2 0x00000000006a9948 in _get_zval_cv_lookup_BP_VAR_W (ptr=0x7fc9207513a8,
var=<value optimized out>) at /usr/src/php-5.4.13/Zend/zend_execute.c:281
#3 0x000000000070557a in _get_zval_ptr_ptr_cv_BP_VAR_W
(execute_data=0x7fc9207512c8) at /usr/src/php-5.4.13/Zend/zend_execute.c:442
#4 ZEND_ASSIGN_SPEC_CV_VAR_HANDLER (execute_data=0x7fc9207512c8) at
/usr/src/php-5.4.13/Zend/zend_vm_execute.h:33048
#5 0x00000000006e8990 in execute (op_array=0x1a22840) at
/usr/src/php-5.4.13/Zend/zend_vm_execute.h:410
#6 0x0000000000676473 in zend_call_function (fci=0x7fff3c616460,
fci_cache=<value optimized out>) at
/usr/src/php-5.4.13/Zend/zend_execute_API.c:958
#7 0x000000000055bf1a in zim_reflection_method_invokeArgs (ht=<value optimized
out>, return_value=0x166df40, return_value_ptr=<value optimized out>,
this_ptr=<value optimized out>, return_value_used=<value optimized out>)
at /usr/src/php-5.4.13/ext/reflection/php_reflection.c:3017
#8 0x00000000006fb5dc in zend_do_fcall_common_helper_SPEC
(execute_data=0x7fc92074d7f8) at /usr/src/php-5.4.13/Zend/zend_vm_execute.h:642
#9 0x00000000006e8990 in execute (op_array=0x17b52b0) at
/usr/src/php-5.4.13/Zend/zend_vm_execute.h:410
#10 0x0000000000681d9e in zend_execute_scripts (type=8, retval=<value optimized
out>, file_count=3) at /usr/src/php-5.4.13/Zend/zend.c:1315
#11 0x000000000062746e in php_execute_script (primary_file=<value optimized
out>) at /usr/src/php-5.4.13/main/main.c:2492
#12 0x0000000000730fda in main (argc=<value optimized out>, argv=<value
optimized out>) at /usr/src/php-5.4.13/sapi/fpm/fpm/fpm_main.c:1924
(gdb) list
2021
2022 remaining_size = block_size - true_size;
2023
2024 if (remaining_size < ZEND_MM_ALIGNED_MIN_HEADER_SIZE) {
2025 true_size = block_size;
2026 ZEND_MM_BLOCK(best_fit, ZEND_MM_USED_BLOCK, true_size);
2027 } else {
2028 zend_mm_free_block *new_free_block;
2029
2030 /* prepare new free block */
(gdb) p *best_fit->info._prev
Cannot access memory at address 0x64696c61766e49
Same as the last, seems ASCII data instead of memory pointer :
$ echo $'\x64\x69\x6c\x61\x76\x6e\x49'
dilavnI
Previous Comments:
------------------------------------------------------------------------
[2013-03-20 14:44:59] julien at palard dot fr
Description:
------------
I got a chance of 0.018% of segfaulting in my current setup, can't reproduce it
for the moment.
But I got a stacktrace ! :-)
gdb /usr/local/php-current/sbin/php-fpm ./core.php-fpm.9958
list
2105 mm_block = ZEND_MM_PREV_BLOCK(mm_block);
2106 zend_mm_remove_from_free_list(heap, (zend_mm_free_block
*) mm_block);
2107 size += ZEND_MM_FREE_BLOCK_SIZE(mm_block);
2108 }
2109 if (ZEND_MM_IS_FIRST_BLOCK(mm_block) &&
2110 ZEND_MM_IS_GUARD_BLOCK(ZEND_MM_BLOCK_AT(mm_block, size))) {
2111 zend_mm_del_segment(heap, (zend_mm_segment *) ((char
*)mm_block - ZEND_MM_ALIGNED_SEGMENT_SIZE));
2112 } else {
2113 ZEND_MM_BLOCK(mm_block, ZEND_MM_FREE_BLOCK, size);
2114 zend_mm_add_to_free_list(heap, (zend_mm_free_block *)
mm_block);
(gdb) bt
#0 _zend_mm_free_int (heap=0x143a330, p=0x1b15518) at
/usr/src/php-5.4.13/Zend/zend_alloc.c:2100
#1 0x000000000068ef1b in zend_hash_destroy (ht=0x1700318) at
/usr/src/php-5.4.13/Zend/zend_hash.c:560
#2 0x00000000006a2ffc in zend_object_std_dtor (object=0x168a238) at
/usr/src/php-5.4.13/Zend/zend_objects.c:44
#3 0x00000000006a3089 in zend_objects_free_object_storage (object=0x143a330)
at /usr/src/php-5.4.13/Zend/zend_objects.c:137
#4 0x00000000006a87ca in zend_objects_store_free_object_storage
(objects=0xe2d3c0) at /usr/src/php-5.4.13/Zend/zend_objects_API.c:92
#5 0x0000000000677f9a in shutdown_executor () at
/usr/src/php-5.4.13/Zend/zend_execute_API.c:297
#6 0x0000000000682c93 in zend_deactivate () at
/usr/src/php-5.4.13/Zend/zend.c:938
#7 0x0000000000627e0f in php_request_shutdown (dummy=<value optimized out>) at
/usr/src/php-5.4.13/main/main.c:1800
#8 0x0000000000730c63 in main (argc=<value optimized out>, argv=<value
optimized out>) at /usr/src/php-5.4.13/sapi/fpm/fpm/fpm_main.c:1952
(gdb) p *next_block
Cannot access memory at address 0x656d616e7624c470
(gdb) print next_block
$7 = (zend_mm_block *) 0x656d616e7624c470
Pointer strangely look like ASCII / UTF8 data, but .. don't know, dropping it
here, if it can help :
$ echo $'\x65\x6d\x61\x6e\x76\x24\xc4\x70'
emanv$�p
Expected result:
----------------
No Segfault :)
Actual result:
--------------
Segfault ):
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=64463&edit=1
