From:
Operating system: Gentoo
PHP version: 5.3.8
Package: FPM related
Bug Type: Bug
Bug description:Segmentation fault at _zend_mm_alloc_int
Description:
------------
Hello,
when posting in vBulletin Board the PHP-FPM receives an segfault.
Program received signal SIGSEGV, Segmentation fault.
_zend_mm_alloc_int (heap=0x8a3aa30, size=52) at
/root/compile/php-5.3/latest/php-5.3.8/Zend/zend_alloc.c:1835
1835 /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_alloc.c: No such
file or directory.
in /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_alloc.c
(gdb) bt full
#0 _zend_mm_alloc_int (heap=0x8a3aa30, size=52) at
/root/compile/php-5.3/latest/php-5.3.8/Zend/zend_alloc.c:1835
bitmap = <value optimized out>
best_fit = <value optimized out>
true_size = 60
block_size = <value optimized out>
remaining_size = <value optimized out>
segment_size = <value optimized out>
segment = <value optimized out>
keep_rest = <value optimized out>
#1 0x0842ea0c in _zend_hash_quick_add_or_update (ht=0x90dc2f0,
arKey=0x90d8b78 "plaintext_parser", nKeyLength=17, h=3773187690,
pData=0x90d8b64,
nDataSize=4, pDest=0xba7522a8, flag=1) at
/root/compile/php-5.3/latest/php-5.3.8/Zend/zend_hash.c:315
p = 0x0
#2 0x0842ef06 in zend_hash_copy (target=0x90dc2f0, source=0x8e88318,
pCopyConstructor=0x84216f0 <zval_add_ref>, tmp=0xba7522e8, size=4)
at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_hash.c:788
p = 0x90d8b58
new_entry = 0x90d8a40
#3 0x084217df in _zval_copy_ctor_func (zvalue=0x9003c60) at
/root/compile/php-5.3/latest/php-5.3.8/Zend/zend_variables.c:134
tmp = 0x5b
original_ht = 0x8e88318
#4 0x084226a0 in _zval_copy_ctor (type=8, format=0x898f84c "Use of
undefined constant %s - assumed '%s'")
at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_variables.h:45
No locals.
#5 zend_error (type=8, format=0x898f84c "Use of undefined constant %s -
assumed '%s'") at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend.c:1103
retval = <value optimized out>
z_error_type = 0x90054d4
z_error_message = 0x90da358
z_error_filename = 0x90082a0
z_error_lineno = 0x90082f4
z_context = 0x9003c60
error_filename = 0x90d5b34
"/home/user/testforen/domaingo/includes/functions_newpost.php(668) :
eval()'d code"
error_lineno = 43
orig_user_error_handler = <value optimized out>
in_compilation = <value optimized out>
saved_class_entry = <value optimized out>
#6 0x08448926 in ZEND_FETCH_CONSTANT_SPEC_UNUSED_CONST_HANDLER
(execute_data=0x8b92abc)
at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_vm_execute.h:17844
actual = 0x90dafe4 "postid"
opline = 0x90de7e0
#7 0x0844d33e in execute (op_array=0x8e90548) at
/root/compile/php-5.3/latest/php-5.3.8/Zend/zend_vm_execute.h:107
ret = <value optimized out>
execute_data = 0x8b92abc
nested = 1 '\001'
original_in_execution = 0 '\000'
#8 0x08421b46 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
at /root/compile/php-5.3/latest/php-5.3.8/Zend/zend.c:1236
i = 1
file_handle = 0xba7568a0
orig_op_array = 0x0
orig_retval_ptr_ptr = 0x0
#9 0x083cf596 in php_execute_script (primary_file=0xba7568a0) at
/root/compile/php-5.3/latest/php-5.3.8/main/main.c:2284
realfile =
"ø4uºóûJ\b\000ý©ÿÿÿÿ\000\000\000\000sd@\b@è¼\b\020@¿©8´¼\b|FuºO±Ã\001ù\213\t\000(5uº\t;J\b\003\000\000\000\030\065uº\b\000\000\000\000\000\000\000 \203=©ôo=©NÃ.©\000\000\000\000\001\000\000\000|Fuº¤ö¼\bô\206\000\000\060ª£\b¤ö¼\bX5uº\002\000\000\000
\000\000\000\002\000\000\000\001\000\000\000P\204=©\025A;©\000\000\000\000Ã\203=©ä?;©ïB;©\020\000\000\000\000\000\000\000\a\000\000\000 \203=©\000\000\002\000Ã\203=©ôo=© \203=©ôðä\b¨5uº,\005/©"...
---Type <return> to continue, or q <return> to quit---
__orig_bailout = 0xba756750
__bailout = {{__jmpbuf = {-1166710624, 149219088, -1166719584,
-1166719512, 2100435798, -292405198}, __mask_was_saved = 0, __saved_mask =
{
__val = {0, 41205, 0, 4096, 96, 0, 1307476459, 0, 1307472900,
0, 1307476461, 0, 851998, 0, 149313384, 148992216, 149221620, 3128247784,
138241681, 3, 4, 3128247648, 1, 149221372, 3128256336,
3128247672, 149215192, 149219088, 147225912, 3128247784, 2112977750,
2305}}}}
prepend_file_p = 0x0
append_file_p = <value optimized out>
prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0,
opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0,
isatty = 0,
mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle =
0x0, old_closer = 0}, reader = 0, fsizer = 0, closer = 0}},
free_filename = 0 '\000'}
append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0,
opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0,
isatty = 0,
mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle =
0x0, old_closer = 0}, reader = 0, fsizer = 0, closer = 0}},
free_filename = 0 '\000'}
retval = 0
#10 0x084acb2c in main (argc=3, argv=Cannot access memory at address 0x23
) at /root/compile/php-5.3/latest/php-5.3.8/sapi/fpm/fpm/fpm_main.c:1902
__bailout = {{__jmpbuf = {0, -1166710268, 0, -1166710456,
2112944982, 48940594}, __mask_was_saved = 0, __saved_mask = {__val =
{2841137454,
2840991500, 2847910100, 3128256408, 2843228222, 13,
2841000460, 2837881952, 1480958541, 3128256544, 29, 2843041792, 0, 0, 1,
560,
2837877936, 2843041792, 2841137454, 2841044492, 2841000460,
1, 2847924164, 3128256688, 2843042232, 3128256648, 2847840384, 3128256632,
2841000460, 3128256620, 2847926868, 0}}}}
exit_status = 0
c = <value optimized out>
file_handle = {type = ZEND_HANDLE_MAPPED, filename = 0x8e4f0f4
"/home/user/testforen/domaingo/newreply.php", opened_path = 0x0, handle =
{
fd = 149313884, fp = 0x8e6595c, stream = {handle = 0x8e6595c,
isatty = 0, mmap = {len = 41205, pos = 0, map = 0xa0dda000,
buf = 0xa0dda000 <Address 0xa0dda000 out of bounds>,
old_handle = 0x8e170d8, old_closer = 0x8437520
<zend_stream_stdio_closer>},
reader = 0x8437b00 <zend_stream_stdio_reader>, fsizer =
0x8437a30 <zend_stream_stdio_fsizer>,
closer = 0x8437a80 <zend_stream_mmap_closer>}}, free_filename
= 0 '\000'}
orig_optind = 1
orig_optarg = 0x0
ini_entries_len = <value optimized out>
max_requests = 1000
requests = 6
fcgi_fd = <value optimized out>
request = {listen_socket = 0, fd = 3, id = 1, keep = 0, closed = 0,
in_len = 0, in_pad = 0, out_hdr = 0x0, out_pos = 0xba7546a0 "\001\006",
out_buf = "\001\006\000\001\001'\001\000X-Powered-By:
PHP/5.3.8\r\nExpires: 0\r\nCache-Control: private, post-check=0,
pre-check=0, max-age=0\r\nPragma: no-cache\r\nContent-Type: text/xml;
charset=windows-1252\r\n\r\n<?xml version=\"1.0\" encodin"..., reserved =
'\000' <repeats 15 times>,
env = 0x8e4bcf8}
fpm_config = 0xba756b91 "factory-kunde.de"
fpm_prefix = 0x0
fpm_pid = 0x0
test_conf = 0
(gdb) fram 0
#0 _zend_mm_alloc_int (heap=0x8a3aa30, size=52) at
/root/compile/php-5.3/latest/php-5.3.8/Zend/zend_alloc.c:1835
1835 in /root/compile/php-5.3/latest/php-5.3.8/Zend/zend_alloc.c
(gdb) print heap
$1 = (zend_mm_heap *) 0x8a3aa30
(gdb) print *heap
$2 = {use_zend_alloc = 1, _malloc = 0, _free = 0, _realloc = 0, free_bitmap
= 67584, large_free_bitmap = 131072, block_size = 262144,
compact_size = 2097152, segments_list = 0x90c6cc8, storage = 0x8a3aa20,
real_size = 4718592, real_peak = 4718592, limit = 104857600, size =
4555868,
peak = 4565368, reserve_size = 8192, reserve = 0x8e49cf0, overflow = 0,
internal = 0, cached = 23360, cache = {0x90db358, 0x90d974c, 0x90d9904,
0x9008260, 0x90ded84, 0x90cf010, 0x90dc840, 0x90db2e4, 0x90dc9d0,
0x90d5978, 0x90d8978, 0x59244e84, 0x90d8404, 0x90d837c, 0x90d67dc,
0x8e9ae3c,
0x90da5d0, 0x8ee6e20, 0x0, 0x90108f4, 0x90cd84c, 0x90dee90, 0x90d5c50,
0x90cd940, 0x8d81024, 0x9070550, 0x90d5890, 0x8e83f1c, 0x90d5728,
0x8ee6ed0,
0x0, 0x9006230}, free_buckets = {0x8a3aaf8, 0x8a3aaf8, 0x8a3ab00,
0x8a3ab00, 0x8a3ab08, 0x8a3ab08, 0x8a3ab10, 0x8a3ab10, 0x8a3ab18,
0x8a3ab18,
0x8a3ab20, 0x8a3ab20, 0x8a3ab28, 0x8a3ab28, 0x8a3ab30, 0x8a3ab30,
0x8a3ab38, 0x8a3ab38, 0x8a3ab40, 0x8a3ab40, 0x8a3ab48, 0x8a3ab48,
0x90dc7dc,
0x90dc7dc, 0x8a3ab58, 0x8a3ab58, 0x8a3ab60, 0x8a3ab60, 0x8a3ab68,
0x8a3ab68, 0x8a3ab70, 0x8a3ab70, 0x90dee08, 0x90dee08, 0x8a3ab80,
0x8a3ab80,
0x8a3ab88, 0x8a3ab88, 0x8a3ab90, 0x8a3ab90, 0x8a3ab98, 0x8a3ab98,
0x8a3aba0, 0x8a3aba0, 0x8a3aba8, 0x8a3aba8, 0x8a3abb0, 0x8a3abb0,
0x8a3abb8,
0x8a3abb8, 0x8a3abc0, 0x8a3abc0, 0x8a3abc8, 0x8a3abc8, 0x8a3abd0,
0x8a3abd0, 0x8a3abd8, 0x8a3abd8, 0x8a3abe0, 0x8a3abe0, 0x8a3abe8,
0x8a3abe8,
0x8a3abf0, 0x8a3abf0}, large_free_buckets = {0x0 <repeats 17 times>,
0x90df2b8, 0x0 <repeats 14 times>}, rest_buckets = {0x8a3ac78, 0x8a3ac78}}
(gdb)
I am able to reproduce this every time with PHP 5.3.8 FPM w/o
--enable-debug
When compiling with --enable-debug the FPM wont segfault anymore.
I think there is an problem, when an error in the script occurs:
"functions_newpost.php(668) : eval()'d code"
The line looks like this:
($hook = vBulletinHook::fetch_hook('newpost_complete')) ? eval($hook) :
false;
$hook is NULL in this case.
Configure:
./configure --with-mysql=/usr/local/mysql \
--with-mysqli \
--with-config-file-path=/usr/local/php53-fpm \
--with-openssl \
--with-gd \
--with-t1lib \
--enable-ftp \
--enable-calendar \
--with-libxml-dir \
--with-jpeg-dir=../jpeg-6b/ \
--with-freetype-dir=/usr/lib \
--with-gettext \
--with-zlib-dir=../zlib-1.1.3/ \
--with-png-dir=../libpng-1.0.6/ \
--with-gdbm \
--with-ndbm \
--enable-dba \
--with-imap=/usr/local/imap-2007e \
--with-imap-ssl=/usr/local/imap-2007e \
--enable-wddx \
--enable-bcmath \
--enable-exif \
--with-curl \
--enable-inline-optimization \
--enable-zend-multibyte \
--with-gnu-ld \
--with-zlib \
--with-mcrypt= \
--enable-wddx \
--with-mhash \
--with-pgsql \
--with-bz2 \
--with-pdo-mysql=/usr \
--with-iconv \
--enable-soap \
--with-xsl \
--with-t1lib \
--enable-fpm \
--enable-mbstring
fpm config:
listen = /etc/httpd/fastcgi/dynamic/socket
user = u145279
group = nobody
pm = ondemand
pm.max_children = 500
pm.min_spare_servers = 2
pm.max_spare_servers = 250
pm.process_idle_timeout = 300
pm.max_requests = 1000
Test script:
---------------
Sry, no test script avail.
Expected result:
----------------
Redirect after forum post works
Actual result:
--------------
Segmentation fault occurred at 59244e8c in
/usr/bin/php5.3.8-fpm[php5.3.8-fpm:24964]
--
Edit bug report at https://bugs.php.net/bug.php?id=60156&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=60156&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=60156&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=60156&r=trysnapshottrunk
Fixed in SVN:
https://bugs.php.net/fix.php?id=60156&r=fixed
Fixed in SVN and need be documented:
https://bugs.php.net/fix.php?id=60156&r=needdocs
Fixed in release:
https://bugs.php.net/fix.php?id=60156&r=alreadyfixed
Need backtrace:
https://bugs.php.net/fix.php?id=60156&r=needtrace
Need Reproduce Script:
https://bugs.php.net/fix.php?id=60156&r=needscript
Try newer version:
https://bugs.php.net/fix.php?id=60156&r=oldversion
Not developer issue:
https://bugs.php.net/fix.php?id=60156&r=support
Expected behavior:
https://bugs.php.net/fix.php?id=60156&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=60156&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=60156&r=submittedtwice
register_globals:
https://bugs.php.net/fix.php?id=60156&r=globals
PHP 4 support discontinued:
https://bugs.php.net/fix.php?id=60156&r=php4
Daylight Savings: https://bugs.php.net/fix.php?id=60156&r=dst
IIS Stability:
https://bugs.php.net/fix.php?id=60156&r=isapi
Install GNU Sed:
https://bugs.php.net/fix.php?id=60156&r=gnused
Floating point limitations:
https://bugs.php.net/fix.php?id=60156&r=float
No Zend Extensions:
https://bugs.php.net/fix.php?id=60156&r=nozend
MySQL Configuration Error:
https://bugs.php.net/fix.php?id=60156&r=mysqlcfg
