From: Operating system: Gentoo PHP version: 5.3.8 Package: FPM related Bug Type: Bug Bug description:Segmentation fault at _zend_mm_alloc_int
Description: ------------ Hello, when posting in vBulletin Board the PHP-FPM receives an segfault. Program received signal SIGSEGV, Segmentation fault. _zend_mm_alloc_int (heap=0x8a3aa30, size=52) at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_alloc.c:1835 1835 /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_alloc.c: No such file or directory. in /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_alloc.c (gdb) bt full #0 _zend_mm_alloc_int (heap=0x8a3aa30, size=52) at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_alloc.c:1835 bitmap = <value optimized out> best_fit = <value optimized out> true_size = 60 block_size = <value optimized out> remaining_size = <value optimized out> segment_size = <value optimized out> segment = <value optimized out> keep_rest = <value optimized out> #1 0x0842ea0c in _zend_hash_quick_add_or_update (ht=0x90dc2f0, arKey=0x90d8b78 "plaintext_parser", nKeyLength=17, h=3773187690, pData=0x90d8b64, nDataSize=4, pDest=0xba7522a8, flag=1) at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_hash.c:315 p = 0x0 #2 0x0842ef06 in zend_hash_copy (target=0x90dc2f0, source=0x8e88318, pCopyConstructor=0x84216f0 <zval_add_ref>, tmp=0xba7522e8, size=4) at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_hash.c:788 p = 0x90d8b58 new_entry = 0x90d8a40 #3 0x084217df in _zval_copy_ctor_func (zvalue=0x9003c60) at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_variables.c:134 tmp = 0x5b original_ht = 0x8e88318 #4 0x084226a0 in _zval_copy_ctor (type=8, format=0x898f84c "Use of undefined constant %s - assumed '%s'") at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_variables.h:45 No locals. #5 zend_error (type=8, format=0x898f84c "Use of undefined constant %s - assumed '%s'") at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend.c:1103 retval = <value optimized out> z_error_type = 0x90054d4 z_error_message = 0x90da358 z_error_filename = 0x90082a0 z_error_lineno = 0x90082f4 z_context = 0x9003c60 error_filename = 0x90d5b34 "/home/user/testforen/domaingo/includes/functions_newpost.php(668) : eval()'d code" error_lineno = 43 orig_user_error_handler = <value optimized out> in_compilation = <value optimized out> saved_class_entry = <value optimized out> #6 0x08448926 in ZEND_FETCH_CONSTANT_SPEC_UNUSED_CONST_HANDLER (execute_data=0x8b92abc) at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_vm_execute.h:17844 actual = 0x90dafe4 "postid" opline = 0x90de7e0 #7 0x0844d33e in execute (op_array=0x8e90548) at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_vm_execute.h:107 ret = <value optimized out> execute_data = 0x8b92abc nested = 1 '\001' original_in_execution = 0 '\000' #8 0x08421b46 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend.c:1236 i = 1 file_handle = 0xba7568a0 orig_op_array = 0x0 orig_retval_ptr_ptr = 0x0 #9 0x083cf596 in php_execute_script (primary_file=0xba7568a0) at /root/compile/php-5.3/latest/php-5.3.8/main/main.c:2284 realfile = "ø4uºóûJ\b\000ý©ÿÿÿÿ\000\000\000\000sd@\b@è¼\b\020@¿©8´¼\b|FuºO±Ã\001ù\213\t\000(5uº\t;J\b\003\000\000\000\030\065uº\b\000\000\000\000\000\000\000 \203=©ôo=©NÃ.©\000\000\000\000\001\000\000\000|Fuº¤ö¼\bô\206\000\000\060ª£\b¤ö¼\bX5uº\002\000\000\000 \000\000\000\002\000\000\000\001\000\000\000P\204=©\025A;©\000\000\000\000Ã\203=©ä?;©ïB;©\020\000\000\000\000\000\000\000\a\000\000\000 \203=©\000\000\002\000Ã\203=©ôo=© \203=©ôðä\b¨5uº,\005/©"... ---Type <return> to continue, or q <return> to quit--- __orig_bailout = 0xba756750 __bailout = {{__jmpbuf = {-1166710624, 149219088, -1166719584, -1166719512, 2100435798, -292405198}, __mask_was_saved = 0, __saved_mask = { __val = {0, 41205, 0, 4096, 96, 0, 1307476459, 0, 1307472900, 0, 1307476461, 0, 851998, 0, 149313384, 148992216, 149221620, 3128247784, 138241681, 3, 4, 3128247648, 1, 149221372, 3128256336, 3128247672, 149215192, 149219088, 147225912, 3128247784, 2112977750, 2305}}}} prepend_file_p = 0x0 append_file_p = <value optimized out> prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 0, closer = 0}}, free_filename = 0 '\000'} append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0, mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 0, closer = 0}}, free_filename = 0 '\000'} retval = 0 #10 0x084acb2c in main (argc=3, argv=Cannot access memory at address 0x23 ) at /root/compile/php-5.3/latest/php-5.3.8/sapi/fpm/fpm/fpm_main.c:1902 __bailout = {{__jmpbuf = {0, -1166710268, 0, -1166710456, 2112944982, 48940594}, __mask_was_saved = 0, __saved_mask = {__val = {2841137454, 2840991500, 2847910100, 3128256408, 2843228222, 13, 2841000460, 2837881952, 1480958541, 3128256544, 29, 2843041792, 0, 0, 1, 560, 2837877936, 2843041792, 2841137454, 2841044492, 2841000460, 1, 2847924164, 3128256688, 2843042232, 3128256648, 2847840384, 3128256632, 2841000460, 3128256620, 2847926868, 0}}}} exit_status = 0 c = <value optimized out> file_handle = {type = ZEND_HANDLE_MAPPED, filename = 0x8e4f0f4 "/home/user/testforen/domaingo/newreply.php", opened_path = 0x0, handle = { fd = 149313884, fp = 0x8e6595c, stream = {handle = 0x8e6595c, isatty = 0, mmap = {len = 41205, pos = 0, map = 0xa0dda000, buf = 0xa0dda000 <Address 0xa0dda000 out of bounds>, old_handle = 0x8e170d8, old_closer = 0x8437520 <zend_stream_stdio_closer>}, reader = 0x8437b00 <zend_stream_stdio_reader>, fsizer = 0x8437a30 <zend_stream_stdio_fsizer>, closer = 0x8437a80 <zend_stream_mmap_closer>}}, free_filename = 0 '\000'} orig_optind = 1 orig_optarg = 0x0 ini_entries_len = <value optimized out> max_requests = 1000 requests = 6 fcgi_fd = <value optimized out> request = {listen_socket = 0, fd = 3, id = 1, keep = 0, closed = 0, in_len = 0, in_pad = 0, out_hdr = 0x0, out_pos = 0xba7546a0 "\001\006", out_buf = "\001\006\000\001\001'\001\000X-Powered-By: PHP/5.3.8\r\nExpires: 0\r\nCache-Control: private, post-check=0, pre-check=0, max-age=0\r\nPragma: no-cache\r\nContent-Type: text/xml; charset=windows-1252\r\n\r\n<?xml version=\"1.0\" encodin"..., reserved = '\000' <repeats 15 times>, env = 0x8e4bcf8} fpm_config = 0xba756b91 "factory-kunde.de" fpm_prefix = 0x0 fpm_pid = 0x0 test_conf = 0 (gdb) fram 0 #0 _zend_mm_alloc_int (heap=0x8a3aa30, size=52) at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_alloc.c:1835 1835 in /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_alloc.c (gdb) print heap $1 = (zend_mm_heap *) 0x8a3aa30 (gdb) print *heap $2 = {use_zend_alloc = 1, _malloc = 0, _free = 0, _realloc = 0, free_bitmap = 67584, large_free_bitmap = 131072, block_size = 262144, compact_size = 2097152, segments_list = 0x90c6cc8, storage = 0x8a3aa20, real_size = 4718592, real_peak = 4718592, limit = 104857600, size = 4555868, peak = 4565368, reserve_size = 8192, reserve = 0x8e49cf0, overflow = 0, internal = 0, cached = 23360, cache = {0x90db358, 0x90d974c, 0x90d9904, 0x9008260, 0x90ded84, 0x90cf010, 0x90dc840, 0x90db2e4, 0x90dc9d0, 0x90d5978, 0x90d8978, 0x59244e84, 0x90d8404, 0x90d837c, 0x90d67dc, 0x8e9ae3c, 0x90da5d0, 0x8ee6e20, 0x0, 0x90108f4, 0x90cd84c, 0x90dee90, 0x90d5c50, 0x90cd940, 0x8d81024, 0x9070550, 0x90d5890, 0x8e83f1c, 0x90d5728, 0x8ee6ed0, 0x0, 0x9006230}, free_buckets = {0x8a3aaf8, 0x8a3aaf8, 0x8a3ab00, 0x8a3ab00, 0x8a3ab08, 0x8a3ab08, 0x8a3ab10, 0x8a3ab10, 0x8a3ab18, 0x8a3ab18, 0x8a3ab20, 0x8a3ab20, 0x8a3ab28, 0x8a3ab28, 0x8a3ab30, 0x8a3ab30, 0x8a3ab38, 0x8a3ab38, 0x8a3ab40, 0x8a3ab40, 0x8a3ab48, 0x8a3ab48, 0x90dc7dc, 0x90dc7dc, 0x8a3ab58, 0x8a3ab58, 0x8a3ab60, 0x8a3ab60, 0x8a3ab68, 0x8a3ab68, 0x8a3ab70, 0x8a3ab70, 0x90dee08, 0x90dee08, 0x8a3ab80, 0x8a3ab80, 0x8a3ab88, 0x8a3ab88, 0x8a3ab90, 0x8a3ab90, 0x8a3ab98, 0x8a3ab98, 0x8a3aba0, 0x8a3aba0, 0x8a3aba8, 0x8a3aba8, 0x8a3abb0, 0x8a3abb0, 0x8a3abb8, 0x8a3abb8, 0x8a3abc0, 0x8a3abc0, 0x8a3abc8, 0x8a3abc8, 0x8a3abd0, 0x8a3abd0, 0x8a3abd8, 0x8a3abd8, 0x8a3abe0, 0x8a3abe0, 0x8a3abe8, 0x8a3abe8, 0x8a3abf0, 0x8a3abf0}, large_free_buckets = {0x0 <repeats 17 times>, 0x90df2b8, 0x0 <repeats 14 times>}, rest_buckets = {0x8a3ac78, 0x8a3ac78}} (gdb) I am able to reproduce this every time with PHP 5.3.8 FPM w/o --enable-debug When compiling with --enable-debug the FPM wont segfault anymore. I think there is an problem, when an error in the script occurs: "functions_newpost.php(668) : eval()'d code" The line looks like this: ($hook = vBulletinHook::fetch_hook('newpost_complete')) ? eval($hook) : false; $hook is NULL in this case. Configure: ./configure --with-mysql=/usr/local/mysql \ --with-mysqli \ --with-config-file-path=/usr/local/php53-fpm \ --with-openssl \ --with-gd \ --with-t1lib \ --enable-ftp \ --enable-calendar \ --with-libxml-dir \ --with-jpeg-dir=../jpeg-6b/ \ --with-freetype-dir=/usr/lib \ --with-gettext \ --with-zlib-dir=../zlib-1.1.3/ \ --with-png-dir=../libpng-1.0.6/ \ --with-gdbm \ --with-ndbm \ --enable-dba \ --with-imap=/usr/local/imap-2007e \ --with-imap-ssl=/usr/local/imap-2007e \ --enable-wddx \ --enable-bcmath \ --enable-exif \ --with-curl \ --enable-inline-optimization \ --enable-zend-multibyte \ --with-gnu-ld \ --with-zlib \ --with-mcrypt= \ --enable-wddx \ --with-mhash \ --with-pgsql \ --with-bz2 \ --with-pdo-mysql=/usr \ --with-iconv \ --enable-soap \ --with-xsl \ --with-t1lib \ --enable-fpm \ --enable-mbstring fpm config: listen = /etc/httpd/fastcgi/dynamic/socket user = u145279 group = nobody pm = ondemand pm.max_children = 500 pm.min_spare_servers = 2 pm.max_spare_servers = 250 pm.process_idle_timeout = 300 pm.max_requests = 1000 Test script: --------------- Sry, no test script avail. Expected result: ---------------- Redirect after forum post works Actual result: -------------- Segmentation fault occurred at 59244e8c in /usr/bin/php5.3.8-fpm[php5.3.8-fpm:24964] -- Edit bug report at https://bugs.php.net/bug.php?id=60156&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=60156&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=60156&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=60156&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=60156&r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=60156&r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=60156&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=60156&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=60156&r=needscript Try newer version: https://bugs.php.net/fix.php?id=60156&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=60156&r=support Expected behavior: https://bugs.php.net/fix.php?id=60156&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=60156&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=60156&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=60156&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=60156&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=60156&r=dst IIS Stability: https://bugs.php.net/fix.php?id=60156&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=60156&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=60156&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=60156&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=60156&r=mysqlcfg