Edit report at https://bugs.php.net/bug.php?id=64297&edit=1
ID: 64297
User updated by: jille at hexon dot cx
Reported by: jille at hexon dot cx
Summary: Segfault after allowed memory exhausted
Status: Open
Type: Bug
Package: Reproducible crash
Operating System: Linux
PHP Version: 5.4.12
Block user comment: N
Private report: N
New Comment:
(gdb) f 3
#3 0x000000000079f861 in zend_shutdown () at /tmp/php-5.4.12/Zend/zend.c:822
822 zend_hash_destroy(GLOBAL_FUNCTION_TABLE);
(gdb) f 2
#2 0x00000000007ad658 in zend_hash_destroy (ht=0xf9fe90)
at /tmp/php-5.4.12/Zend/zend_hash.c:560
560 ht->pDestructor(q->pData);
(gdb) print *q
$5 = {h = 13860750752776937334, nKeyLength = 14, pData = 0x11d99b0,
pDataPtr = 0x0, pListNext = 0x11d9ab0, pListLast = 0x11d6fe0, pNext = 0x0,
pLast = 0x0, arKey = 0x7ffff7ed6f18 "udp_getsocket"}
(gdb) f 1
#1 0x0000000000795d62 in destroy_op_array (op_array=0x11d99b0)
at /tmp/php-5.4.12/Zend/zend_opcode.c:356
356 efree(op_array->run_time_cache);
(gdb) print *op_array
$6 = {type = 2 '\002', function_name = 0x7ffff7fd4638 "udp_getSocket",
scope = 0x0, fn_flags = 134217728, prototype = 0x0, num_args = 0,
required_num_args = 0, arg_info = 0x0, refcount = 0x7ffff7fd5e20,
opcodes = 0x7ffff7fd7838, last = 17, vars = 0x7ffff7fd3fc8, last_var = 1,
T = 6, brk_cont_array = 0x0, last_brk_cont = 0, try_catch_array = 0x0,
last_try_catch = 0, static_variables = 0x7ffff7fd4e80,
this_var = 4294967295, filename = 0x7ffff7fd0ba0 "", line_start = 3,
line_end = 9, doc_comment = 0x0, doc_comment_len = 0,
early_binding = 4294967295, literals = 0x7ffff7fd4fd0, last_literal = 8,
run_time_cache = 0x3a0f81a0, last_cache_slot = 2, reserved = {0x0, 0x0, 0x0,
0x0}}
(gdb) print *op_array->run_time_cache
Cannot access memory at address 0x3a0f81a0
Previous Comments:
------------------------------------------------------------------------
[2013-03-01 09:43:41] jille at hexon dot cx
Yes. Exactly the same.
------------------------------------------------------------------------
[2013-03-01 09:38:53] [email protected]
nothing serious,
so the segufalt backtrace is the same as before?
------------------------------------------------------------------------
[2013-03-01 08:15:56] jille at hexon dot cx
==30922== Memcheck, a memory error detector
==30922== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==30922== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==30922== Command: ./sapi/cli/php -d auto_prepend_file=auto_prepend_prepend.lib
/data/www/htdocs/wheeler/daemons/daemon_wrapper 1023 live memcrash.php
==30922==
==30922== Invalid read of size 8
==30922== at 0x77954D: _zend_mm_free_int (zend_alloc.c:2071)
==30922== by 0x795D61: destroy_op_array (zend_opcode.c:356)
==30922== by 0x7AD657: zend_hash_destroy (zend_hash.c:560)
==30922== by 0x79F860: zend_shutdown (zend.c:822)
==30922== by 0x741019: php_module_shutdown (main.c:2365)
==30922== by 0x433BE6: main (php_cli.c:1379)
==30922== Address 0x4ca5d948 is not stack'd, malloc'd or (recently) free'd
==30922==
==30922==
==30922== Process terminating with default action of signal 11 (SIGSEGV)
==30922== Access not within mapped region at address 0x4CA5D948
==30922== at 0x77954D: _zend_mm_free_int (zend_alloc.c:2071)
==30922== by 0x795D61: destroy_op_array (zend_opcode.c:356)
==30922== by 0x7AD657: zend_hash_destroy (zend_hash.c:560)
==30922== by 0x79F860: zend_shutdown (zend.c:822)
==30922== by 0x741019: php_module_shutdown (main.c:2365)
==30922== by 0x433BE6: main (php_cli.c:1379)
==30922== If you believe this happened as a result of a stack
==30922== overflow in your program's main thread (unlikely but
==30922== possible), you can try to increase the size of the
==30922== main thread stack using the --main-stacksize= flag.
==30922== The main thread stack size used in this run was 8388608.
==30922==
==30922== HEAP SUMMARY:
==30922== in use at exit: 7,553,441 bytes in 20,136 blocks
==30922== total heap usage: 2,020,750 allocs, 2,000,614 frees, 1,564,536,722
bytes allocated
==30922==
==30922== LEAK SUMMARY:
==30922== definitely lost: 203,536 bytes in 3,635 blocks
==30922== indirectly lost: 4,029,186 bytes in 2,979 blocks
==30922== possibly lost: 70,648 bytes in 43 blocks
==30922== still reachable: 3,250,071 bytes in 13,479 blocks
==30922== suppressed: 0 bytes in 0 blocks
==30922== Rerun with --leak-check=full to see details of leaked memory
==30922==
==30922== For counts of detected and suppressed errors, rerun with: -v
==30922== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2)
Segmentation fault
------------------------------------------------------------------------
[2013-03-01 03:12:22] [email protected]
do you get the new valgrind log?
thanks
------------------------------------------------------------------------
[2013-02-25 15:51:09] jille at hexon dot cx
Removing the memcache extension doesn't help. (gdb output seems the same, do
you want the new valgrind output? (Takes a while))
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=64297
--
Edit this bug report at https://bugs.php.net/bug.php?id=64297&edit=1
