Edit report at https://bugs.php.net/bug.php?id=60156&edit=1
ID: 60156 User updated by: dbetz at df dot eu Reported by: dbetz at df dot eu Summary: Segmentation fault at _zend_mm_alloc_int -Status: Feedback +Status: Open Type: Bug Package: FPM related Operating System: Gentoo PHP Version: 5.3.8 Block user comment: N Private report: N New Comment: Hello, i cant reproduce this with php-cgi and php-fpm with --enable-debug When i compile php-fpm w/o --enable-debug i hit this segfault. With php <= 5.3.7rc3-dev i always get an segfault in zend_assign_to_variable See https://bugs.php.net/bug.php?id=54488 It is always the same procedure to reproduce this segfaults. Previous Comments: ------------------------------------------------------------------------ [2011-10-31 10:56:23] f...@php.net Not enough information was provided for us to be able to handle this bug. Please re-read the instructions at http://bugs.php.net/how-to-report.php If you can provide more information, feel free to add it to this bug and change the status back to "Open". Thank you for your interest in PHP. It does not seem to be a problem related to FPM but to core. Can you reproduce the bug with php-cgi, php-cli or mod_php ? ------------------------------------------------------------------------ [2011-10-28 06:43:44] dbetz at df dot eu Description: ------------ Hello, when posting in vBulletin Board the PHP-FPM receives an segfault. Program received signal SIGSEGV, Segmentation fault. _zend_mm_alloc_int (heap=0x8a3aa30, size=52) at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_alloc.c:1835 1835 /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_alloc.c: No such file or directory. in /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_alloc.c (gdb) bt full #0 _zend_mm_alloc_int (heap=0x8a3aa30, size=52) at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_alloc.c:1835 bitmap = <value optimized out> best_fit = <value optimized out> true_size = 60 block_size = <value optimized out> remaining_size = <value optimized out> segment_size = <value optimized out> segment = <value optimized out> keep_rest = <value optimized out> #1 0x0842ea0c in _zend_hash_quick_add_or_update (ht=0x90dc2f0, arKey=0x90d8b78 "plaintext_parser", nKeyLength=17, h=3773187690, pData=0x90d8b64, nDataSize=4, pDest=0xba7522a8, flag=1) at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_hash.c:315 p = 0x0 #2 0x0842ef06 in zend_hash_copy (target=0x90dc2f0, source=0x8e88318, pCopyConstructor=0x84216f0 <zval_add_ref>, tmp=0xba7522e8, size=4) at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_hash.c:788 p = 0x90d8b58 new_entry = 0x90d8a40 #3 0x084217df in _zval_copy_ctor_func (zvalue=0x9003c60) at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_variables.c:134 tmp = 0x5b original_ht = 0x8e88318 #4 0x084226a0 in _zval_copy_ctor (type=8, format=0x898f84c "Use of undefined constant %s - assumed '%s'") at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_variables.h:45 No locals. #5 zend_error (type=8, format=0x898f84c "Use of undefined constant %s - assumed '%s'") at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend.c:1103 retval = <value optimized out> z_error_type = 0x90054d4 z_error_message = 0x90da358 z_error_filename = 0x90082a0 z_error_lineno = 0x90082f4 z_context = 0x9003c60 error_filename = 0x90d5b34 "/home/user/testforen/domaingo/includes/functions_newpost.php(668) : eval()'d code" error_lineno = 43 orig_user_error_handler = <value optimized out> in_compilation = <value optimized out> saved_class_entry = <value optimized out> #6 0x08448926 in ZEND_FETCH_CONSTANT_SPEC_UNUSED_CONST_HANDLER (execute_data=0x8b92abc) at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_vm_execute.h:17844 actual = 0x90dafe4 "postid" opline = 0x90de7e0 #7 0x0844d33e in execute (op_array=0x8e90548) at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_vm_execute.h:107 ret = <value optimized out> execute_data = 0x8b92abc nested = 1 '\001' original_in_execution = 0 '\000' #8 0x08421b46 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend.c:1236 i = 1 file_handle = 0xba7568a0 orig_op_array = 0x0 orig_retval_ptr_ptr = 0x0 #9 0x083cf596 in php_execute_script (primary_file=0xba7568a0) at /root/compile/php-5.3/latest/php-5.3.8/main/main.c:2284 realfile = "ø4uºóûJ\b\000ý©ÿÿÿÿ\000\000\000\000sd@\b@è¼\b\020@¿©8´¼\b|FuºO±Ã\001ù\213\t\000(5uº\t;J\b\003\000\000\000\030\065uº\b\000\000\000\000\000\000\000 \203=©ôo=©NÃ.©\000\000\000\000\001\000\000\000|Fuº¤ö¼\bô\206\000\000\060ª£\b¤ö¼\bX5uº\002\000\000\000 \000\000\000\002\000\000\000\001\000\000\000P\204=©\025A;©\000\000\000\000Ã\203=©ä?;©ïB;©\020\000\000\000\000\000\000\000\a\000\000\000 \203=©\000\000\002\000Ã\203=©ôo=© \203=©ôðä\b¨5uº,\005/©"... ---Type <return> to continue, or q <return> to quit--- __orig_bailout = 0xba756750 __bailout = {{__jmpbuf = {-1166710624, 149219088, -1166719584, -1166719512, 2100435798, -292405198}, __mask_was_saved = 0, __saved_mask = { __val = {0, 41205, 0, 4096, 96, 0, 1307476459, 0, 1307472900, 0, 1307476461, 0, 851998, 0, 149313384, 148992216, 149221620, 3128247784, 138241681, 3, 4, 3128247648, 1, 149221372, 3128256336, 3128247672, 149215192, 149219088, 147225912, 3128247784, 2112977750, 2305}}}} prepend_file_p = 0x0 append_file_p = <value optimized out> prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 0, closer = 0}}, free_filename = 0 '\000'} append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 0, closer = 0}}, free_filename = 0 '\000'} retval = 0 #10 0x084acb2c in main (argc=3, argv=Cannot access memory at address 0x23 ) at /root/compile/php-5.3/latest/php-5.3.8/sapi/fpm/fpm/fpm_main.c:1902 __bailout = {{__jmpbuf = {0, -1166710268, 0, -1166710456, 2112944982, 48940594}, __mask_was_saved = 0, __saved_mask = {__val = {2841137454, 2840991500, 2847910100, 3128256408, 2843228222, 13, 2841000460, 2837881952, 1480958541, 3128256544, 29, 2843041792, 0, 0, 1, 560, 2837877936, 2843041792, 2841137454, 2841044492, 2841000460, 1, 2847924164, 3128256688, 2843042232, 3128256648, 2847840384, 3128256632, 2841000460, 3128256620, 2847926868, 0}}}} exit_status = 0 c = <value optimized out> file_handle = {type = ZEND_HANDLE_MAPPED, filename = 0x8e4f0f4 "/home/user/testforen/domaingo/newreply.php", opened_path = 0x0, handle = { fd = 149313884, fp = 0x8e6595c, stream = {handle = 0x8e6595c, isatty = 0, mmap = {len = 41205, pos = 0, map = 0xa0dda000, buf = 0xa0dda000 <Address 0xa0dda000 out of bounds>, old_handle = 0x8e170d8, old_closer = 0x8437520 <zend_stream_stdio_closer>}, reader = 0x8437b00 <zend_stream_stdio_reader>, fsizer = 0x8437a30 <zend_stream_stdio_fsizer>, closer = 0x8437a80 <zend_stream_mmap_closer>}}, free_filename = 0 '\000'} orig_optind = 1 orig_optarg = 0x0 ini_entries_len = <value optimized out> max_requests = 1000 requests = 6 fcgi_fd = <value optimized out> request = {listen_socket = 0, fd = 3, id = 1, keep = 0, closed = 0, in_len = 0, in_pad = 0, out_hdr = 0x0, out_pos = 0xba7546a0 "\001\006", out_buf = "\001\006\000\001\001'\001\000X-Powered-By: PHP/5.3.8\r\nExpires: 0\r\nCache-Control: private, post-check=0, pre-check=0, max-age=0\r\nPragma: no-cache\r\nContent-Type: text/xml; charset=windows-1252\r\n\r\n<?xml version=\"1.0\" encodin"..., reserved = '\000' <repeats 15 times>, env = 0x8e4bcf8} fpm_config = 0xba756b91 "factory-kunde.de" fpm_prefix = 0x0 fpm_pid = 0x0 test_conf = 0 (gdb) fram 0 #0 _zend_mm_alloc_int (heap=0x8a3aa30, size=52) at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_alloc.c:1835 1835 in /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_alloc.c (gdb) print heap $1 = (zend_mm_heap *) 0x8a3aa30 (gdb) print *heap $2 = {use_zend_alloc = 1, _malloc = 0, _free = 0, _realloc = 0, free_bitmap = 67584, large_free_bitmap = 131072, block_size = 262144, compact_size = 2097152, segments_list = 0x90c6cc8, storage = 0x8a3aa20, real_size = 4718592, real_peak = 4718592, limit = 104857600, size = 4555868, peak = 4565368, reserve_size = 8192, reserve = 0x8e49cf0, overflow = 0, internal = 0, cached = 23360, cache = {0x90db358, 0x90d974c, 0x90d9904, 0x9008260, 0x90ded84, 0x90cf010, 0x90dc840, 0x90db2e4, 0x90dc9d0, 0x90d5978, 0x90d8978, 0x59244e84, 0x90d8404, 0x90d837c, 0x90d67dc, 0x8e9ae3c, 0x90da5d0, 0x8ee6e20, 0x0, 0x90108f4, 0x90cd84c, 0x90dee90, 0x90d5c50, 0x90cd940, 0x8d81024, 0x9070550, 0x90d5890, 0x8e83f1c, 0x90d5728, 0x8ee6ed0, 0x0, 0x9006230}, free_buckets = {0x8a3aaf8, 0x8a3aaf8, 0x8a3ab00, 0x8a3ab00, 0x8a3ab08, 0x8a3ab08, 0x8a3ab10, 0x8a3ab10, 0x8a3ab18, 0x8a3ab18, 0x8a3ab20, 0x8a3ab20, 0x8a3ab28, 0x8a3ab28, 0x8a3ab30, 0x8a3ab30, 0x8a3ab38, 0x8a3ab38, 0x8a3ab40, 0x8a3ab40, 0x8a3ab48, 0x8a3ab48, 0x90dc7dc, 0x90dc7dc, 0x8a3ab58, 0x8a3ab58, 0x8a3ab60, 0x8a3ab60, 0x8a3ab68, 0x8a3ab68, 0x8a3ab70, 0x8a3ab70, 0x90dee08, 0x90dee08, 0x8a3ab80, 0x8a3ab80, 0x8a3ab88, 0x8a3ab88, 0x8a3ab90, 0x8a3ab90, 0x8a3ab98, 0x8a3ab98, 0x8a3aba0, 0x8a3aba0, 0x8a3aba8, 0x8a3aba8, 0x8a3abb0, 0x8a3abb0, 0x8a3abb8, 0x8a3abb8, 0x8a3abc0, 0x8a3abc0, 0x8a3abc8, 0x8a3abc8, 0x8a3abd0, 0x8a3abd0, 0x8a3abd8, 0x8a3abd8, 0x8a3abe0, 0x8a3abe0, 0x8a3abe8, 0x8a3abe8, 0x8a3abf0, 0x8a3abf0}, large_free_buckets = {0x0 <repeats 17 times>, 0x90df2b8, 0x0 <repeats 14 times>}, rest_buckets = {0x8a3ac78, 0x8a3ac78}} (gdb) I am able to reproduce this every time with PHP 5.3.8 FPM w/o --enable-debug When compiling with --enable-debug the FPM wont segfault anymore. I think there is an problem, when an error in the script occurs: "functions_newpost.php(668) : eval()'d code" The line looks like this: ($hook = vBulletinHook::fetch_hook('newpost_complete')) ? eval($hook) : false; $hook is NULL in this case. Configure: ./configure --with-mysql=/usr/local/mysql \ --with-mysqli \ --with-config-file-path=/usr/local/php53-fpm \ --with-openssl \ --with-gd \ --with-t1lib \ --enable-ftp \ --enable-calendar \ --with-libxml-dir \ --with-jpeg-dir=../jpeg-6b/ \ --with-freetype-dir=/usr/lib \ --with-gettext \ --with-zlib-dir=../zlib-1.1.3/ \ --with-png-dir=../libpng-1.0.6/ \ --with-gdbm \ --with-ndbm \ --enable-dba \ --with-imap=/usr/local/imap-2007e \ --with-imap-ssl=/usr/local/imap-2007e \ --enable-wddx \ --enable-bcmath \ --enable-exif \ --with-curl \ --enable-inline-optimization \ --enable-zend-multibyte \ --with-gnu-ld \ --with-zlib \ --with-mcrypt= \ --enable-wddx \ --with-mhash \ --with-pgsql \ --with-bz2 \ --with-pdo-mysql=/usr \ --with-iconv \ --enable-soap \ --with-xsl \ --with-t1lib \ --enable-fpm \ --enable-mbstring fpm config: listen = /etc/httpd/fastcgi/dynamic/socket user = u145279 group = nobody pm = ondemand pm.max_children = 500 pm.min_spare_servers = 2 pm.max_spare_servers = 250 pm.process_idle_timeout = 300 pm.max_requests = 1000 Test script: --------------- Sry, no test script avail. Expected result: ---------------- Redirect after forum post works Actual result: -------------- Segmentation fault occurred at 59244e8c in /usr/bin/php5.3.8-fpm[php5.3.8-fpm:24964] ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=60156&edit=1