ID: 43295 User updated by: pioklo at serveradmin dot pl Reported By: pioklo at serveradmin dot pl Status: Open Bug Type: CGI related Operating System: Debian 4.0 kernel 2.6.23.1 PHP Version: 5.2.5 New Comment:
Bellow is clean backtrace: hardware is ok because I have tested this on 5 different servers.. ns79:~# gdb /usr/local/bin/php-cgi /home/admin/domains/poszkole.pl/public_html/beta/core GNU gdb 6.6.90.20070912-debian Copyright (C) 2007 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu"... Using host libthread_db library "/lib/libthread_db.so.1". warning: Can't read pathname for load map: Input/output error. Reading symbols from /lib/libcrypt.so.1...done. Loaded symbols for /lib/libcrypt.so.1 Reading symbols from /lib/librt.so.1...done. Loaded symbols for /lib/librt.so.1 Reading symbols from /usr/local/mysql/lib/mysql/libmysqlclient.so.15...done. Loaded symbols for /usr/local/mysql/lib/mysql/libmysqlclient.so.15 Reading symbols from /usr/lib/libz.so.1...done. Loaded symbols for /usr/lib/libz.so.1 Reading symbols from /usr/local/lib/libiconv.so.2...done. Loaded symbols for /usr/local/lib/libiconv.so.2 Reading symbols from /usr/local/lib/libfreetype.so.6...done. Loaded symbols for /usr/local/lib/libfreetype.so.6 Reading symbols from /usr/local/lib/libpng.so.3...done. Loaded symbols for /usr/local/lib/libpng.so.3 Reading symbols from /lib/libresolv.so.2...done. Loaded symbols for /lib/libresolv.so.2 Reading symbols from /lib/libm.so.6...done. Loaded symbols for /lib/libm.so.6 Reading symbols from /lib/libdl.so.2...done. Loaded symbols for /lib/libdl.so.2 Reading symbols from /lib/libnsl.so.1...done. Loaded symbols for /lib/libnsl.so.1 Reading symbols from /usr/lib/libxml2.so.2...done. Loaded symbols for /usr/lib/libxml2.so.2 Reading symbols from /lib/libc.so.6...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/libpthread.so.0...done. Loaded symbols for /lib/libpthread.so.0 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /usr/lib/libnss_db.so.2...done. Loaded symbols for /usr/lib/libnss_db.so.2 Reading symbols from /lib/libnss_files.so.2...done. Loaded symbols for /lib/libnss_files.so.2 Reading symbols from /usr/lib/libdb-4.3.so...done. Loaded symbols for /usr/lib/libdb-4.3.so Reading symbols from /lib/libnss_dns.so.2...done. Loaded symbols for /lib/libnss_dns.so.2 Core was generated by `/usr/local/bin/php-cgi -b 80.86.81.87:1026'. Program terminated with signal 11, Segmentation fault. #0 0x08391412 in zend_mm_check_ptr (heap=0x86ee138, ptr=0x8820e54, silent=1, __zend_filename=0x868d9f7 "/root/php-5.2.5/main/SAPI.c", __zend_lineno=445, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /root/php-5.2.5/Zend/zend_alloc.c:1276 1276 if (p->info._size != ZEND_MM_NEXT_BLOCK(p)->info._prev) { (gdb) bt full #0 0x08391412 in zend_mm_check_ptr (heap=0x86ee138, ptr=0x8820e54, silent=1, __zend_filename=0x868d9f7 "/root/php-5.2.5/main/SAPI.c", __zend_lineno=445, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /root/php-5.2.5/Zend/zend_alloc.c:1276 p = (zend_mm_block *) 0x8820e2c no_cache_notice = 0 had_problems = 0 valid_beginning = 1 #1 0x08392961 in _zend_mm_free_int (heap=0x86ee138, p=0x8820e54, __zend_filename=0x868d9f7 "/root/php-5.2.5/main/SAPI.c", __zend_lineno=445, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /root/php-5.2.5/Zend/zend_alloc.c:1909 mm_block = (zend_mm_block *) 0xcf0 next_block = (zend_mm_block *) 0x1 size = 3214980088 #2 0x0839396a in _efree (ptr=0x8820e54, __zend_filename=0x868d9f7 "/root/php-5.2.5/main/SAPI.c", __zend_lineno=445, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /root/php-5.2.5/Zend/zend_alloc.c:2277 No locals. #3 0x08366c4a in sapi_deactivate () at /root/php-5.2.5/main/SAPI.c:445 No locals. #4 0x0835f207 in php_request_shutdown (dummy=0x0) at /root/php-5.2.5/main/main.c:1494 __orig_bailout = (jmp_buf *) 0xbfa0c514 __bailout = {{__jmpbuf = {-1212280844, -1208259360, 0, -1079982904, 1434960001, 2145648110}, __mask_was_saved = 0, __saved_mask = {__val = {0, 3082575350, 0, 142330428, 0, 0, 1, 142330525, 0, 3082686452, 142634872, 3081258672, 3214984296, 3081774445, 3086707936, 0, 3214984360, 137964004, 142330468, 90, 57, 141237152, 1968, 0, 0, 0, 3082686452, 0, 3082690880, 3214984360, 142330428, 3082690880}}}} report_memleaks = 1 '\001' #5 0x0842cb32 in main (argc=3, argv=0xbfa0e784) at /root/php-5.2.5/sapi/cgi/cgi_main.c:1972 path_translated = 0x8809f28 "/home/admin/domains/poszkole.pl/public_html/beta/gry.php" __orig_bailout = (jmp_buf *) 0x0 __bailout = {{__jmpbuf = {-1212280844, -1208259360, 0, -1079974168, 1435082881, -1853892114}, __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 32 times>}}}} free_query_string = 0 exit_status = 0 cgi = 0 c = 60 i = -1079974096 len = -1208256920 file_handle = {type = 2 '\002', filename = 0x87bca64 'Z' <repeats 57 times>, "Fi\024\017", opened_path = 0x0, handle = {fd = 142634872, fp = 0x8806f78, stream = {handle = 0x8806f78, reader = 0x83c6f0c <zend_stream_stdio_reader>, closer = 0x83c6f35 <zend_stream_stdio_closer>, fteller = 0x83c6f54 <zend_stream_stdio_fteller>, interactive = 0}}, free_filename = 0 '\0'} retval = 0 s = 0x0 behavior = 1 no_headers = 0 orig_optind = 1 orig_optarg = 0x0 script_file = 0x0 ---Type <return> to continue, or q <return> to quit--- ini_entries_len = 0 max_requests = 500 requests = 7 fastcgi = 1 bindpath = 0x86ee110 "80.86.81.87:1026" fcgi_fd = 3 request = {listen_socket = 3, fd = 4, id = 1, keep = 1, in_len = 0, in_pad = 0, out_hdr = 0x0, out_pos = 0xbfa0c5f8 "\001\006", out_buf = "\001\006\000\001\fč\000\000t goog\">\n\t\t\t<script type=\"text/javascript\"><!--\r\ngoogle_ad_client = \"pub-4042275753879057\";\r\ngoogle_ad_width = 120;\r\ngoogle_ad_height = 600;\r\ngoogle_ad_format = \"120x600_as\";\r\ngoogle_ad_type ="..., reserved = '\0' <repeats 15 times>, env = {nTableSize = 32, nTableMask = 31, nNumOfElements = 27, nNextFreeElement = 0, pInternalPointer = 0x87fac80, pListHead = 0x87fac80, pListTail = 0x87b85c8, arBuckets = 0x87fb680, pDestructor = 0x8428945 <fcgi_free_var>, persistent = 1 '\001', nApplyCount = 0 '\0', bApplyProtection = 1 '\001', inconsistent = 0}} repeats = 1 benchmark = 0 start = {tv_sec = 0, tv_usec = 0} end = {tv_sec = 0, tv_usec = 0} status = 0 (gdb) Regards, Piotr Previous Comments: ------------------------------------------------------------------------ [2007-11-17 20:53:28] pioklo at serveradmin dot pl I have disable Xcache recompile php with --enable-debug I spawned php process using spawn-fcgi from lighttpd --------------------------------------- [Sat Nov 17 21:40:49 2007] Script: '/home/admin/domains/poszkole.pl/public_html/beta/gry.php' --------------------------------------- /root/php-5.2.5/main/SAPI.c(445) : Block 0x08820bec status: Invalid pointer: ((size=0x00000000) != (next.prev=0x0000000e)) Invalid pointer: ((prev=0x0000000e) != (prev.size=0x086a56d8)) --------------------------------------- [Sat Nov 17 21:41:02 2007] Script: '/home/admin/domains/poszkole.pl/public_html/beta/gry.php' --------------------------------------- /root/php-5.2.5/main/SAPI.c(445) : Block 0x0881dc44 status: Beginning: Freed (magic=0x00000010, expected=0x99954317) Start: Overflown (magic=0x914E91A4 instead of 0x3AF0ADC9) At least 4 bytes overflown [Sat Nov 17 21:42:58 2007] Script: '/home/admin/domains/poszkole.pl/public_html/beta/gry.php' --------------------------------------- /root/php-5.2.5/main/SAPI.c(445) : Block 0x08861764 status: Beginning: Freed (magic=0x00000007, expected=0x99954317) Start: Overflown (magic=0x00000080 instead of 0x3AF0ADC9) At least 4 bytes overflown [Sat Nov 17 21:42:59 2007] Script: '/home/admin/domains/poszkole.pl/public_html/beta/gry.php' --------------------------------------- /root/php-5.2.5/main/SAPI.c(445) : Block 0x08824004 status: Invalid pointer: ((size=0x00000041) != (next.prev=0x086ee1f4)) [Sat Nov 17 21:43:59 2007] Script: '/home/admin/domains/poszkole.pl/public_html/beta/gry.php' --------------------------------------- /root/php-5.2.5/main/SAPI.c(445) : Block 0x08822308 status: Invalid pointer: ((size=0x00000041) != (next.prev=0x00000000)) [Sat Nov 17 21:46:46 2007] Script: '/home/admin/domains/poszkole.pl/public_html/beta/gry.php' --------------------------------------- /root/php-5.2.5/main/SAPI.c(445) : Block 0x08822bec status: Invalid pointer: ((prev=0x000000fc) != (prev.size=0x3af0adc9)) --------------------------------------- [Sat Nov 17 21:47:13 2007] Script: '/home/admin/domains/poszkole.pl/public_html/beta/gry.php' --------------------------------------- /root/php-5.2.5/main/SAPI.c(445) : Block 0x08828034 status: Invalid pointer: ((size=0x0000000a) != (next.prev=0x5a5a5a5a)) [Sat Nov 17 21:47:18 2007] Script: '/home/admin/domains/poszkole.pl/public_html/beta/gry.php' --------------------------------------- /root/php-5.2.5/main/SAPI.c(445) : Block 0x08823344 status: Invalid pointer: ((size=0x0000002d) != (next.prev=0x00000089)) zend_mm_heap corrupted [Sat Nov 17 21:49:03 2007] Script: '/home/admin/domains/poszkole.pl/public_html/beta/gry.php' --------------------------------------- /root/php-5.2.5/main/SAPI.c(445) : Block 0x0886192c status: Invalid pointer: ((size=0x000000ac) != (next.prev=0x5a5a5a5a)) Regards, Piotr ------------------------------------------------------------------------ [2007-11-14 23:35:49] [EMAIL PROTECTED] First of all: Disable ALL 3rd party shared extensions. (Like xcache for starters) If after that you're still able to reproduce this, generate a clean backtrace. ------------------------------------------------------------------------ [2007-11-14 19:50:22] pioklo at serveradmin dot pl ns78:~/root/php-5.2.5/sapi/cgi# /usr/local/bin/php-cgi -m [PHP Modules] cgi-fcgi ctype date dom exif fileinfo filter ftp gd gettext hash iconv json libxml mbstring mysql pcre PDO pdo_sqlite posix Reflection session SimpleXML sockets SPL SQLite standard tokenizer XCache xml xmlreader xmlwriter zlib [Zend Modules] XCache Segmentation fault (core dumped) ns78:~/root/php-5.2.5/sapi/cgi# gdb /usr/local/bin/php-cgi core GNU gdb 6.4.90-debian Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i486-linux-gnu"...Using host libthread_db library "/lib/tls/libthread_db.so.1". warning: Can't read pathname for load map: Input/output error. Reading symbols from /lib/tls/libcrypt.so.1...done. Loaded symbols for /lib/tls/libcrypt.so.1 Reading symbols from /lib/tls/librt.so.1...done. Loaded symbols for /lib/tls/librt.so.1 Reading symbols from /usr/local/mysql/lib/mysql/libmysqlclient.so.15...done. Loaded symbols for /usr/local/mysql/lib/mysql/libmysqlclient.so.15 Reading symbols from /usr/lib/libz.so.1...done. Loaded symbols for /usr/lib/libz.so.1 Reading symbols from /usr/local/lib/libiconv.so.2...done. Loaded symbols for /usr/local/lib/libiconv.so.2 Reading symbols from /usr/local/lib/libfreetype.so.6...done. Loaded symbols for /usr/local/lib/libfreetype.so.6 Reading symbols from /usr/local/lib/libpng.so.3...done. Loaded symbols for /usr/local/lib/libpng.so.3 Reading symbols from /lib/tls/libresolv.so.2...done. Loaded symbols for /lib/tls/libresolv.so.2 Reading symbols from /lib/tls/libm.so.6...done. Loaded symbols for /lib/tls/libm.so.6 Reading symbols from /lib/tls/libdl.so.2...done. Loaded symbols for /lib/tls/libdl.so.2 Reading symbols from /lib/tls/libnsl.so.1...done. Loaded symbols for /lib/tls/libnsl.so.1 Reading symbols from /usr/lib/libxml2.so.2...done. Loaded symbols for /usr/lib/libxml2.so.2 Reading symbols from /lib/tls/libc.so.6...done. Loaded symbols for /lib/tls/libc.so.6 Reading symbols from /lib/tls/libpthread.so.0...done. Loaded symbols for /lib/tls/libpthread.so.0 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /usr/local/lib/php/extensions/no-debug-non-zts-20060613/fileinfo.so...done. Loaded symbols for /usr/local/lib/php/extensions/no-debug-non-zts-20060613/fileinfo.so Reading symbols from /usr/lib/libmagic.so.1...done. Loaded symbols for /usr/lib/libmagic.so.1 Reading symbols from /lib/tls/libnss_files.so.2...done. Loaded symbols for /lib/tls/libnss_files.so.2 Core was generated by `/usr/local/bin/php-cgi -m'. Program terminated with signal 11, Segmentation fault. #0 0xb7978db0 in ?? () (gdb) bt full #0 0xb7978db0 in ?? () No symbol table info available. #1 <signal handler called> No symbol table info available. #2 0xb7978e00 in ?? () No symbol table info available. #3 0x082ee8e2 in module_destructor (module=0x86ce280) at /root/root/php-5.2.5/Zend/zend_API.c:1916 No locals. #4 0x082f4967 in zend_hash_apply_deleter (ht=0x85fd2e0, p=0x86ce250) at /root/root/php-5.2.5/Zend/zend_hash.c:611 retval = <value optimized out> #5 0x082f4be7 in zend_hash_graceful_reverse_destroy (ht=0x85fd2e0) at /root/root/php-5.2.5/Zend/zend_hash.c:646 p = (Bucket *) 0xb7978e00 #6 0x082eb3ae in zend_shutdown () at /root/root/php-5.2.5/Zend/zend.c:733 No locals. #7 0x082aba6f in php_module_shutdown () at /root/root/php-5.2.5/main/main.c:1887 No locals. #8 0x08365bdf in main (argc=2, argv=0xbff614b4) at /root/root/php-5.2.5/sapi/cgi/cgi_main.c:2055 sec = <value optimized out> usec = <value optimized out> free_query_string = 0 exit_status = 0 cgi = 0 c = <value optimized out> i = <value optimized out> len = <value optimized out> file_handle = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = { handle = 0x0, reader = 0xbff61460, closer = 0xb7ff34f8, fteller = 0x806c723, interactive = 24641422}}, free_filename = 0 '\0'} retval = <value optimized out> s = 0x0 behavior = 1 no_headers = 0 orig_optind = 1 orig_optarg = 0x0 script_file = 0x0 ini_entries_len = 0 max_requests = 500 requests = 0 fastcgi = 0 bindpath = 0x0 fcgi_fd = <value optimized out> request = {listen_socket = 0, fd = 0, id = 0, keep = 0, in_len = 0, in_pad = 0, out_hdr = 0x0, out_pos = 0x0, out_buf = '\0' <repeats 4612 times>, "\200\002°ˇ(\004öżi\220ţˇĎ\024Żˇ\214\002°ˇô/˙ˇŕ1˙ˇ\000\000\000\000¨\006öż\2346ţˇĹ\024Żˇ¸Vġ", '\0' <repeats 16 times>, "Ď\024Żˇ\000\000\000\000 0˙ˇ", '\0' <repeats 14 times>, "°ˇ", '\0' <repeats 16 times>, "¸Vġ", '\0' <repeats 24 times>, "\200\002°ˇ°\004öżi\220ţˇ\223\032ąˇ\214\002°ˇô/˙ˇŕ1˙ˇ\000\000\000\0000\aöż\2346ţˇ", '\0' <repeats 24 times>, "\223\032ąˇ\000\000\000\000 0˙ˇ", '\0' <repeats 12 times>, "¸ü١", '\0' <repeats 40 times>..., ---Type <return> to continue, or q <return> to quit--- reserved = "-smp-19102007-1", env = {nTableSize = 0, nTableMask = 0, nNumOfElements = 0, nNextFreeElement = 0, pInternalPointer = 0x0, pListHead = 0x0, pListTail = 0x0, arBuckets = 0x0, pDestructor = 0x23000000, persistent = 49 '1', nApplyCount = 32 ' ', bApplyProtection = 83 'S'}} repeats = 1 benchmark = 0 start = {tv_sec = 134802161, tv_usec = -1208012812} end = {tv_sec = 140313464, tv_usec = -1074392040} status = 0 (gdb) up #1 <signal handler called> (gdb) #2 0xb7978e00 in ?? () (gdb) #3 0x082ee8e2 in module_destructor (module=0x86ce280) at /root/root/php-5.2.5/Zend/zend_API.c:1916 1916 module->module_shutdown_func(module->type, module->module_number TSRMLS_CC); (gdb) #4 0x082f4967 in zend_hash_apply_deleter (ht=0x85fd2e0, p=0x86ce250) at /root/root/php-5.2.5/Zend/zend_hash.c:611 611 ht->pDestructor(p->pData); (gdb) #5 0x082f4be7 in zend_hash_graceful_reverse_destroy (ht=0x85fd2e0) at /root/root/php-5.2.5/Zend/zend_hash.c:646 646 zend_hash_apply_deleter(ht, p); (gdb) #6 0x082eb3ae in zend_shutdown () at /root/root/php-5.2.5/Zend/zend.c:733 733 zend_hash_graceful_reverse_destroy(&module_registry); (gdb) #7 0x082aba6f in php_module_shutdown () at /root/root/php-5.2.5/main/main.c:1887 1887 zend_shutdown(TSRMLS_C); (gdb) #8 0x08365bdf in main (argc=2, argv=0xbff614b4) at /root/root/php-5.2.5/sapi/cgi/cgi_main.c:2055 2055 php_module_shutdown(TSRMLS_C); (gdb) Initial frame selected; you cannot go up. (gdb) I dont know what is going on We have replace all RAM on server today.. Regards, Piotr ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/43295 -- Edit this bug report at http://bugs.php.net/?id=43295&edit=1
