ID: 43295 Updated by: [EMAIL PROTECTED] Reported By: pioklo at serveradmin dot pl -Status: Open +Status: Feedback Bug Type: CGI related Operating System: Debian 4.0 kernel 2.6.23.1 PHP Version: 5.2.5 New Comment:
Please don't post any backtraces anymore. What exactly does this gry.php do? Try shorten the script to bare minimum which still causes the problem. Previous Comments: ------------------------------------------------------------------------ [2007-11-18 21:42:53] pioklo at serveradmin dot pl I have installed php 5.1.6 and the problem has passed away. ------------------------------------------------------------------------ [2007-11-17 21:46:43] pioklo at serveradmin dot pl Bellow is clean backtrace: hardware is ok because I have tested this on 5 different servers.. ns79:~# gdb /usr/local/bin/php-cgi /home/admin/domains/poszkole.pl/public_html/beta/core GNU gdb 6.6.90.20070912-debian Copyright (C) 2007 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu"... Using host libthread_db library "/lib/libthread_db.so.1". warning: Can't read pathname for load map: Input/output error. Reading symbols from /lib/libcrypt.so.1...done. Loaded symbols for /lib/libcrypt.so.1 Reading symbols from /lib/librt.so.1...done. Loaded symbols for /lib/librt.so.1 Reading symbols from /usr/local/mysql/lib/mysql/libmysqlclient.so.15...done. Loaded symbols for /usr/local/mysql/lib/mysql/libmysqlclient.so.15 Reading symbols from /usr/lib/libz.so.1...done. Loaded symbols for /usr/lib/libz.so.1 Reading symbols from /usr/local/lib/libiconv.so.2...done. Loaded symbols for /usr/local/lib/libiconv.so.2 Reading symbols from /usr/local/lib/libfreetype.so.6...done. Loaded symbols for /usr/local/lib/libfreetype.so.6 Reading symbols from /usr/local/lib/libpng.so.3...done. Loaded symbols for /usr/local/lib/libpng.so.3 Reading symbols from /lib/libresolv.so.2...done. Loaded symbols for /lib/libresolv.so.2 Reading symbols from /lib/libm.so.6...done. Loaded symbols for /lib/libm.so.6 Reading symbols from /lib/libdl.so.2...done. Loaded symbols for /lib/libdl.so.2 Reading symbols from /lib/libnsl.so.1...done. Loaded symbols for /lib/libnsl.so.1 Reading symbols from /usr/lib/libxml2.so.2...done. Loaded symbols for /usr/lib/libxml2.so.2 Reading symbols from /lib/libc.so.6...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/libpthread.so.0...done. Loaded symbols for /lib/libpthread.so.0 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /usr/lib/libnss_db.so.2...done. Loaded symbols for /usr/lib/libnss_db.so.2 Reading symbols from /lib/libnss_files.so.2...done. Loaded symbols for /lib/libnss_files.so.2 Reading symbols from /usr/lib/libdb-4.3.so...done. Loaded symbols for /usr/lib/libdb-4.3.so Reading symbols from /lib/libnss_dns.so.2...done. Loaded symbols for /lib/libnss_dns.so.2 Core was generated by `/usr/local/bin/php-cgi -b 80.86.81.87:1026'. Program terminated with signal 11, Segmentation fault. #0 0x08391412 in zend_mm_check_ptr (heap=0x86ee138, ptr=0x8820e54, silent=1, __zend_filename=0x868d9f7 "/root/php-5.2.5/main/SAPI.c", __zend_lineno=445, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /root/php-5.2.5/Zend/zend_alloc.c:1276 1276 if (p->info._size != ZEND_MM_NEXT_BLOCK(p)->info._prev) { (gdb) bt full #0 0x08391412 in zend_mm_check_ptr (heap=0x86ee138, ptr=0x8820e54, silent=1, __zend_filename=0x868d9f7 "/root/php-5.2.5/main/SAPI.c", __zend_lineno=445, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /root/php-5.2.5/Zend/zend_alloc.c:1276 p = (zend_mm_block *) 0x8820e2c no_cache_notice = 0 had_problems = 0 valid_beginning = 1 #1 0x08392961 in _zend_mm_free_int (heap=0x86ee138, p=0x8820e54, __zend_filename=0x868d9f7 "/root/php-5.2.5/main/SAPI.c", __zend_lineno=445, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /root/php-5.2.5/Zend/zend_alloc.c:1909 mm_block = (zend_mm_block *) 0xcf0 next_block = (zend_mm_block *) 0x1 size = 3214980088 #2 0x0839396a in _efree (ptr=0x8820e54, __zend_filename=0x868d9f7 "/root/php-5.2.5/main/SAPI.c", __zend_lineno=445, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /root/php-5.2.5/Zend/zend_alloc.c:2277 No locals. #3 0x08366c4a in sapi_deactivate () at /root/php-5.2.5/main/SAPI.c:445 No locals. #4 0x0835f207 in php_request_shutdown (dummy=0x0) at /root/php-5.2.5/main/main.c:1494 __orig_bailout = (jmp_buf *) 0xbfa0c514 __bailout = {{__jmpbuf = {-1212280844, -1208259360, 0, -1079982904, 1434960001, 2145648110}, __mask_was_saved = 0, __saved_mask = {__val = {0, 3082575350, 0, 142330428, 0, 0, 1, 142330525, 0, 3082686452, 142634872, 3081258672, 3214984296, 3081774445, 3086707936, 0, 3214984360, 137964004, 142330468, 90, 57, 141237152, 1968, 0, 0, 0, 3082686452, 0, 3082690880, 3214984360, 142330428, 3082690880}}}} report_memleaks = 1 '\001' #5 0x0842cb32 in main (argc=3, argv=0xbfa0e784) at /root/php-5.2.5/sapi/cgi/cgi_main.c:1972 path_translated = 0x8809f28 "/home/admin/domains/poszkole.pl/public_html/beta/gry.php" __orig_bailout = (jmp_buf *) 0x0 __bailout = {{__jmpbuf = {-1212280844, -1208259360, 0, -1079974168, 1435082881, -1853892114}, __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 32 times>}}}} free_query_string = 0 exit_status = 0 cgi = 0 c = 60 i = -1079974096 len = -1208256920 file_handle = {type = 2 '\002', filename = 0x87bca64 'Z' <repeats 57 times>, "Fi\024\017", opened_path = 0x0, handle = {fd = 142634872, fp = 0x8806f78, stream = {handle = 0x8806f78, reader = 0x83c6f0c <zend_stream_stdio_reader>, closer = 0x83c6f35 <zend_stream_stdio_closer>, fteller = 0x83c6f54 <zend_stream_stdio_fteller>, interactive = 0}}, free_filename = 0 '\0'} retval = 0 s = 0x0 behavior = 1 no_headers = 0 orig_optind = 1 orig_optarg = 0x0 script_file = 0x0 ---Type <return> to continue, or q <return> to quit--- ini_entries_len = 0 max_requests = 500 requests = 7 fastcgi = 1 bindpath = 0x86ee110 "80.86.81.87:1026" fcgi_fd = 3 request = {listen_socket = 3, fd = 4, id = 1, keep = 1, in_len = 0, in_pad = 0, out_hdr = 0x0, out_pos = 0xbfa0c5f8 "\001\006", out_buf = "\001\006\000\001\fč\000\000t goog\">\n\t\t\t<script type=\"text/javascript\"><!--\r\ngoogle_ad_client = \"pub-4042275753879057\";\r\ngoogle_ad_width = 120;\r\ngoogle_ad_height = 600;\r\ngoogle_ad_format = \"120x600_as\";\r\ngoogle_ad_type ="..., reserved = '\0' <repeats 15 times>, env = {nTableSize = 32, nTableMask = 31, nNumOfElements = 27, nNextFreeElement = 0, pInternalPointer = 0x87fac80, pListHead = 0x87fac80, pListTail = 0x87b85c8, arBuckets = 0x87fb680, pDestructor = 0x8428945 <fcgi_free_var>, persistent = 1 '\001', nApplyCount = 0 '\0', bApplyProtection = 1 '\001', inconsistent = 0}} repeats = 1 benchmark = 0 start = {tv_sec = 0, tv_usec = 0} end = {tv_sec = 0, tv_usec = 0} status = 0 (gdb) Regards, Piotr ------------------------------------------------------------------------ [2007-11-17 20:53:28] pioklo at serveradmin dot pl I have disable Xcache recompile php with --enable-debug I spawned php process using spawn-fcgi from lighttpd --------------------------------------- [Sat Nov 17 21:40:49 2007] Script: '/home/admin/domains/poszkole.pl/public_html/beta/gry.php' --------------------------------------- /root/php-5.2.5/main/SAPI.c(445) : Block 0x08820bec status: Invalid pointer: ((size=0x00000000) != (next.prev=0x0000000e)) Invalid pointer: ((prev=0x0000000e) != (prev.size=0x086a56d8)) --------------------------------------- [Sat Nov 17 21:41:02 2007] Script: '/home/admin/domains/poszkole.pl/public_html/beta/gry.php' --------------------------------------- /root/php-5.2.5/main/SAPI.c(445) : Block 0x0881dc44 status: Beginning: Freed (magic=0x00000010, expected=0x99954317) Start: Overflown (magic=0x914E91A4 instead of 0x3AF0ADC9) At least 4 bytes overflown [Sat Nov 17 21:42:58 2007] Script: '/home/admin/domains/poszkole.pl/public_html/beta/gry.php' --------------------------------------- /root/php-5.2.5/main/SAPI.c(445) : Block 0x08861764 status: Beginning: Freed (magic=0x00000007, expected=0x99954317) Start: Overflown (magic=0x00000080 instead of 0x3AF0ADC9) At least 4 bytes overflown [Sat Nov 17 21:42:59 2007] Script: '/home/admin/domains/poszkole.pl/public_html/beta/gry.php' --------------------------------------- /root/php-5.2.5/main/SAPI.c(445) : Block 0x08824004 status: Invalid pointer: ((size=0x00000041) != (next.prev=0x086ee1f4)) [Sat Nov 17 21:43:59 2007] Script: '/home/admin/domains/poszkole.pl/public_html/beta/gry.php' --------------------------------------- /root/php-5.2.5/main/SAPI.c(445) : Block 0x08822308 status: Invalid pointer: ((size=0x00000041) != (next.prev=0x00000000)) [Sat Nov 17 21:46:46 2007] Script: '/home/admin/domains/poszkole.pl/public_html/beta/gry.php' --------------------------------------- /root/php-5.2.5/main/SAPI.c(445) : Block 0x08822bec status: Invalid pointer: ((prev=0x000000fc) != (prev.size=0x3af0adc9)) --------------------------------------- [Sat Nov 17 21:47:13 2007] Script: '/home/admin/domains/poszkole.pl/public_html/beta/gry.php' --------------------------------------- /root/php-5.2.5/main/SAPI.c(445) : Block 0x08828034 status: Invalid pointer: ((size=0x0000000a) != (next.prev=0x5a5a5a5a)) [Sat Nov 17 21:47:18 2007] Script: '/home/admin/domains/poszkole.pl/public_html/beta/gry.php' --------------------------------------- /root/php-5.2.5/main/SAPI.c(445) : Block 0x08823344 status: Invalid pointer: ((size=0x0000002d) != (next.prev=0x00000089)) zend_mm_heap corrupted [Sat Nov 17 21:49:03 2007] Script: '/home/admin/domains/poszkole.pl/public_html/beta/gry.php' --------------------------------------- /root/php-5.2.5/main/SAPI.c(445) : Block 0x0886192c status: Invalid pointer: ((size=0x000000ac) != (next.prev=0x5a5a5a5a)) Regards, Piotr ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/43295 -- Edit this bug report at http://bugs.php.net/?id=43295&edit=1