Configure Command =>  './configure'  '--with-mysql=/usr/local/mysql' '--enable-debug' '--with-mysqli' '--with-config-file-path=/usr/local/php53-fpm' '--with-openssl' '--with-gd' '--with-t1lib' '--enable-ftp' '--enable-calendar' '--with-libxml-dir' '--with-jpeg-dir=../jpeg-6b/' '--with-freetype-dir=/usr/lib' '--with-gettext' '--with-zlib-dir=../zlib-1.1.3/' '--with-png-dir=../libpng-1.0.6/' '--with-gdbm' '--with-ndbm' '--enable-dba' '--with-imap=/usr/local/imap-2007e' '--with-imap-ssl=/usr/local/imap-2007e' '--enable-wddx' '--enable-bcmath' '--enable-exif' '--with-curl' '--enable-inline-optimization' '--with-gnu-ld' '--with-zlib' '--with-mcrypt' '--enable-wddx' '--with-mhash' '--with-pgsql' '--enable-sockets' '--with-tidy' '--with-xmlrpc' '--enable-zip' '--with-bz2' '--with-pdo-mysql=/usr' '--with-iconv' '--enable-soap' '--with-ldap' '--with-xsl' '--with-t1lib' '--enable-fpm' '--enable-mbstring'

here the php-fpm.conf:

[global]

pid = /var/run/php5-53LATEST.pid
error_log = /var/log/php-fpm.log
log_level = debug
emergency_restart_threshold = 10

[default]

listen = localhost:9000
user = nobody
group = apache

pm = dynamic
pm.max_children = 1000
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 1
pm.max_requests = 1000
pm.status_path = /status


[domain.com]

listen = /etc/httpd/fastcgi/domain.com
user = u222227
group = nobody

pm = dynamic
pm.max_children = 1000
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 1
pm.max_requests = 1000

Hello,

here are some more infos

it seems **variable_ptr_ptr is empty

(gdb) print variable_ptr_ptr
$6 = (zval **) 0x9289bb4
(gdb) print *variable_ptr_ptr
$7 = (zval *) 0x5a5a5a5a
(gdb) print **variable_ptr_ptr
Cannot access memory at address 0x5a5a5a5a


(gdb) print opline
$1 = (zend_op *) 0x926d958
(gdb) print *opline
$2 = {handler = 0x865abb8 <ZEND_ASSIGN_SPEC_CV_VAR_HANDLER>, result = {op_type = 4, u = {constant = {value = {lval = 660,
          dval = 3.2608332625522272e-321, str = {val = 0x294 <Address 0x294 out of bounds>, len = 0}, ht = 0x294, obj = {handle = 660, handlers = 0x0}},
        refcount__gc = 0, type = 0 '\000', is_ref__gc = 0 '\000'}, var = 660, opline_num = 660, op_array = 0x294, jmp_addr = 0x294, EA = {var = 660,
        type = 0}}}, op1 = {op_type = 16, u = {constant = {value = {lval = 0, dval = 3.3951932655444357e-313, str = {val = 0x0, len = 16}, ht = 0x0,
          obj = {handle = 0, handlers = 0x10}}, refcount__gc = 1, type = 6 '\006', is_ref__gc = 0 '\000'}, var = 0, opline_num = 0, op_array = 0x0,
      jmp_addr = 0x0, EA = {var = 0, type = 16}}}, op2 = {op_type = 4, u = {constant = {value = {lval = 640, dval = 1.6975966643924192e-313, str = {
            val = 0x280 <Address 0x280 out of bounds>, len = 8}, ht = 0x280, obj = {handle = 640, handlers = 0x8}}, refcount__gc = 0, type = 0 '\000',
        is_ref__gc = 0 '\000'}, var = 640, opline_num = 640, op_array = 0x280, jmp_addr = 0x280, EA = {var = 640, type = 8}}}, extended_value = 0,
  lineno = 403, opcode = 38 '&'}
(gdb) print opline->op2
$3 = {op_type = 4, u = {constant = {value = {lval = 640, dval = 1.6975966643924192e-313, str = {val = 0x280 <Address 0x280 out of bounds>, len = 8},
        ht = 0x280, obj = {handle = 640, handlers = 0x8}}, refcount__gc = 0, type = 0 '\000', is_ref__gc = 0 '\000'}, var = 640, opline_num = 640,
    op_array = 0x280, jmp_addr = 0x280, EA = {var = 640, type = 8}}}
(gdb) print &opline->op1
$8 = (struct _znode *) 0x926d970
(gdb) print opline->op1
$9 = {op_type = 16, u = {constant = {value = {lval = 0, dval = 3.3951932655444357e-313, str = {val = 0x0, len = 16}, ht = 0x0, obj = {handle = 0,
          handlers = 0x10}}, refcount__gc = 1, type = 6 '\006', is_ref__gc = 0 '\000'}, var = 0, opline_num = 0, op_array = 0x0, jmp_addr = 0x0, EA = {
      var = 0, type = 16}}}
(gdb) print (&opline->op1)->u.var
$13 = 0
(gdb) print (&opline->op1)->u
$14 = {constant = {value = {lval = 0, dval = 3.3951932655444357e-313, str = {val = 0x0, len = 16}, ht = 0x0, obj = {handle = 0, handlers = 0x10}},
    refcount__gc = 1, type = 6 '\006', is_ref__gc = 0 '\000'}, var = 0, opline_num = 0, op_array = 0x0, jmp_addr = 0x0, EA = {var = 0, type = 16}}

Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.


Is it possible for you to test without FPM (with php-cgi or mod_php for apache) 
please ?

I'd like to first ensure the bug is exclusively related to FPM.

thx

Hello,

the problem ist only in FPM. Running php-cgi works for me.

Thx and greetings

Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.


can you please provide the configure options you used to compile PHP please ?

thx
++ jerome

Oh sorry,

here the configure options:

./configure --with-mysql=/usr/local/mysql \
--enable-debug \
--with-mysqli \
--with-config-file-path=/usr/local/php53-fpm \
--with-openssl \
--with-gd \
--with-t1lib \
--enable-ftp \
--enable-calendar \
--with-libxml-dir \
--with-jpeg-dir=../jpeg-6b/ \
--with-freetype-dir=/usr/lib \
--with-gettext \
--with-zlib-dir=../zlib-1.1.3/ \
--with-png-dir=../libpng-1.0.6/ \
--with-gdbm \
--with-ndbm \
--enable-dba \
--with-imap=/usr/local/imap-2007e \
--with-imap-ssl=/usr/local/imap-2007e \
--enable-wddx \
--enable-bcmath \
--enable-exif \
--with-curl \
--enable-inline-optimization \
--with-gnu-ld \
--with-zlib \
--with-mcrypt \
--enable-wddx \
--with-mhash \
--with-pgsql \
--enable-sockets \
--with-tidy \
--with-xmlrpc \
--enable-zip \
--with-bz2 \
--with-pdo-mysql=/usr \
--with-iconv \
--enable-soap \
--with-ldap \
--with-xsl \
--with-t1lib \
--enable-fpm \
--enable-mbstring

Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.


I'm sorry to bother you again. Can you please give us the apache configuration and 
a phpinfo() output ?

thx

Hello,

no problem. :-)

The apache config is a little bit difficult, so i only paste the relevant things:

  LoadModule fastcgi_module     mod_fastcgi.so
  LoadModule ldap_module        mod_ldap.so
  LoadModule vhost_ldap_module  mod_vhost_ldap.so

  LDAPSharedCacheSize 2000000
  LDAPCacheEntries 4096
  LDAPCacheTTL 5
  LDAPOpCacheEntries 4096
  LDAPOpCacheTTL 5

  FastCgiExternalServer /etc/httpd/fastcgi/php-fcgi-starter -socket /etc/httpd/fastcgi/php5-53LATEST
  Action php-fastcgi /php/php-fcgi-starter

<VirtualHost _default_:80>
  ServerName domainname.de
  SuexecUserGroup apache nobody
  DocumentRoot /kunden/shadow/htdocs/

  ScriptAlias /php/ /etc/httpd/fastcgi/

  VhostLDAPEnabled on
  VhostLDAPUrl "ldap://localhost/cn=bla,sec=hosting,o=domain,c=de"
  VhostLdapBindDN "cn=username,cn=bla,sec=hosting,o=domain,c=de"
  VhostLDAPBindPassword "noone"
</Virtualhost>

FPM Config:

;;;;;;;;;;;;;;;;;;;;;
; FPM Configuration ;
;;;;;;;;;;;;;;;;;;;;;

; All relative paths in this configuration file are relative to PHP's install
; prefix.

; Include one or more files. If glob(3) exists, it is used to include a bunch of
; files from a glob(3) pattern. This directive can be used everywhere in the
; file.
include=/usr/local/etc/fpm.d/5-53LATEST-*.conf

;;;;;;;;;;;;;;;;;;
; Global Options ;
;;;;;;;;;;;;;;;;;;

[global]

pid = /var/run/php5-53LATEST.pid

; Error log file
; Note: the default prefix is /usr/local/var
; Default Value: log/php-fpm.log
error_log = /var/log/php-fpm.log

; Log level
; Possible Values: alert, error, warning, notice, debug
; Default Value: notice
log_level = warning

; If this number of child processes exit with SIGSEGV or SIGBUS within the time
; interval set by emergency_restart_interval then FPM will restart. A value
; of '0' means 'Off'.
; Default Value: 0
emergency_restart_threshold = 10

[default]

listen = /etc/httpd/fastcgi/5-53LATEST
user = root
group = nobody

pm = dynamic
pm.max_children = 1000
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 1
pm.max_requests = 1000

; PHP.ini Settings:

php_flag[track_errors] = Off
php_flag[allow_url_fopen] = On
php_flag[sql.safe_mode] = Off
..
tons of php_(admin)_flags



phpinfo() can be found at http://imageupgrade2.domainfactory-kunde.de/info.php

Thanks for your help

Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.


you are reporting using 5.3.6 but on the phpinfo() page you provide us it's 5.3.5.

Is it possible for you to test using the last snapshot of 5.3 please ?

thx
++ jerome

Oh sorry, my failure.

Now its 5.3.6 and the problem still exists with that version.

Greetings,
Daniel

Ah, what i have forgotten:
With debug flags in the php-fpm binary the segfaults seems not to occur so often.
I try now the latest snapshot to see if the problem is there too.

Hello,

with 5.3.7RC3-dev i cant hit the bug anymore ( i think )
I will keep on testing.

Thx,
Daniel

I've asked for help on internals: http://news.php.net/php.internals/53922

see where it goes

Valgrind log would be quite helpful: https://bugs.php.net/bugs-getting-valgrind-log.php

Thanks for all your help.

The segfault isnt reproducable now.
Maybe the last vBulletin Board update changes some thing in the Object handling or maybe i have updated some librarys.
I have tested with PHP-FPM 5.3.6 and the latest Snapshot.

So i think you can close this bugreport.

Greets,
Daniel

OK, closed now. You can still reopen it if it happens again

Hello,

after some time without problems now i get many segfaults:

Program received signal SIGSEGV, Segmentation fault.
_zend_mm_alloc_int (heap=0x8a65570, size=52) at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_alloc.c:1835
1835    /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_alloc.c: No such file or directory.
        in /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_alloc.c
(gdb) bt full
#0  _zend_mm_alloc_int (heap=0x8a65570, size=52) at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_alloc.c:1835
        bitmap = <value optimized out>
        best_fit = <value optimized out>
        true_size = 60
        block_size = <value optimized out>
        remaining_size = <value optimized out>
        segment_size = <value optimized out>
        segment = <value optimized out>
        keep_rest = <value optimized out>
#1  0x08450e8c in _zend_hash_quick_add_or_update (ht=0x94a6144, arKey=0x94a2ecc "plaintext_parser", nKeyLength=17, h=3773187690, pData=0x94a2eb8,
    nDataSize=4, pDest=0xb4dfd1f8, flag=1) at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_hash.c:315
        p = 0x0
#2  0x08451386 in zend_hash_copy (target=0x94a6144, source=0x92a7994, pCopyConstructor=0x8443f90 <zval_add_ref>, tmp=0xb4dfd238, size=4)
    at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_hash.c:787
        p = 0x94a2eac
        new_entry = 0x94a2e08
#3  0x0844407f in _zval_copy_ctor_func (zvalue=0x935eb10) at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_variables.c:134
        tmp = 0x5b
        original_ht = 0x92a7994
#4  0x0844487d in _zval_copy_ctor (type=8, format=0x89b9f2c "Use of undefined constant %s - assumed '%s'")
    at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_variables.h:45
No locals.
#5  zend_error (type=8, format=0x89b9f2c "Use of undefined constant %s - assumed '%s'")
    at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend.c:1078
        retval = <value optimized out>
        z_error_type = 0x93ccd28
        z_error_message = 0x94a49d8
        z_error_filename = 0x935cd3c
        z_error_lineno = 0x935cd88
        z_context = 0x935eb10
        error_filename = 0x949feec "/kunden/145279_85737/liveforen/domaingo/includes/functions_newpost.php(668) : eval()'d code"
        error_lineno = 43
        orig_user_error_handler = <value optimized out>
        in_compilation = <value optimized out>
        saved_class_entry = <value optimized out>
#6  0x0846a0d6 in ZEND_FETCH_CONSTANT_SPEC_UNUSED_CONST_HANDLER (execute_data=0x8bca78c)
    at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_vm_execute.h:17844
        actual = 0x94a5574 "postid"
        opline = 0x94a825c
#7  0x0846eaee in execute (op_array=0x8e24980) at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend_vm_execute.h:107
        ret = <value optimized out>
        execute_data = 0x8bca78c
        nested = 1 '\001'
        original_in_execution = 0 '\000'
#8  0x084443e6 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/Zend/zend.c:1195
        i = 1
        file_handle = 0xb4e01790
        orig_op_array = 0x0
        orig_retval_ptr_ptr = 0x0
#9  0x083f2bd6 in php_execute_script (primary_file=0xb4e01790) at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/main/main.c:2284
        realfile = "èãß´C\021M\b\000\060X¢ÿÿÿÿ\000\000\000\000#\217B\bô\020+\tÀ\\Ú£ÀÏ*\tlõß´å\235X\001\065~\r\000\030äß´©RL\b\003\000\000\000\bäß´\b\000\000\000\000\000\000\000pU¦\bn|A£\001\005\000\001\000\000\000\000\001\000\000\000lõß´¸.\027\t\220\002\000\000pU¦\b¸.\027\tHäß´#\217B\b\210ÓN£\002\000\000\000\001\000\000\000däß´\001ôß´\000\000\000\000¸ÓN£»Ô?\bl/\027\t\020\000\000\000\002\000\000\000/ÁL£\200ÓN£È\032\002\000¸ÓN£ô¿N£\200ÓN£Ð\000+\t\230äß´|¢A£"..---Type <return> to continue, or q <return> to quit---
.
        __orig_bailout = 0xb4e01640
        __bailout = {{__jmpbuf = {-1260382320, 153810792, -1260391280, -1260391208, 2072411008, -1166720775}, __mask_was_saved = 0, __saved_mask = {
              __val = {0, 41205, 0, 4096, 96, 0, 1308693440, 0, 1307472900, 0, 1308693441, 0, 852891, 0, 153900944, 148950944, 153813200, 3034576088,
                138386641, 3, 4, 3034575952, 1, 153812952, 3034584640, 3034575976, 153813428, 153810792, 149062664, 3034576088, 2076760960, 2305}}}}
        prepend_file_p = 0x0
        append_file_p = <value optimized out>
        prepend_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0,
              mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 0, closer = 0}},
          free_filename = 0 '\000'}
        append_file = {type = ZEND_HANDLE_FILENAME, filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {handle = 0x0, isatty = 0,
              mmap = {len = 0, pos = 0, map = 0x0, buf = 0x0, old_handle = 0x0, old_closer = 0}, reader = 0, fsizer = 0, closer = 0}},
          free_filename = 0 '\000'}
        retval = 0
#10 0x084ce08c in main (argc=3, argv=Cannot access memory at address 0x23
) at /root/compile/php-5.3-fpm/snaps/php5.3-201107150430/sapi/fpm/fpm/fpm_main.c:1900
        __bailout = {{__jmpbuf = {0, -1260381964, 0, -1260382152, 2076793728, 1570506489}, __mask_was_saved = 0, __saved_mask = {__val = {2738603973,
                2749034436, 70078602, 2741702958, 2741557004, 2749023548, 3034584724, 2745840432, 13, 2741565964, 2741510004, 1480958541, 3034584860,
                32, 2744109768, 0, 0, 1, 560, 2738520464, 2744109768, 2741702958, 2741609996, 2741565964, 1, 2749034436, 3034584992, 2744110208,
                3034584952, 2748954464, 3034584936, 2741565964}}}}
        exit_status = 0
        c = <value optimized out>
        file_handle = {type = ZEND_HANDLE_MAPPED, filename = 0x92b00d0 "/www/145279_85737/liveforen/domaingo/newreply.php", opened_path = 0x0, handle = {
            fd = 153901444, fp = 0x92c5984, stream = {handle = 0x92c5984, isatty = 0, mmap = {len = 41205, pos = 0, map = 0xa30e0000,
                buf = 0xa30e0000 <Address 0xa30e0000 out of bounds>, old_handle = 0x8e0cfa0, old_closer = 0x8458cb0 <zend_stream_stdio_closer>},
              reader = 0x8459290 <zend_stream_stdio_reader>, fsizer = 0x84591c0 <zend_stream_stdio_fsizer>,
              closer = 0x8459210 <zend_stream_mmap_closer>}}, free_filename = 0 '\000'}
        orig_optind = 1
        orig_optarg = 0x0
        ini_entries_len = <value optimized out>
        max_requests = 1000
        requests = 3
        fcgi_fd = <value optimized out>
        request = {listen_socket = 0, fd = 3, id = 1, keep = 0, closed = 0, in_len = 0, in_pad = 0, out_hdr = 0x0, out_pos = 0xb4dff590 "\001\003",
          out_buf = "\001\003\000\001\000\b\000\000\000\000\000\000\000B\020=q~cC^¥R>hñ°!¿uÑ»\020\220ØQåàW·qÎüG·lÙ.&+ª:£q\a\207cÎ\t>ö\237ã|wë\233½ü\220gÈ8\b\bhg¾Àa\217߯óÄ\026¬²£\021\216«¹ûÃ5¥N\220\bz\032\027ß\024)JÖðÿ\203Y\227î¹\216Ö¯¬\017¹7<}\të\205§¬^],Îx\220ÿsÐ\210ô\006®Ú,KÔ\215\200i\207$lÏqcâ÷\204\217:\222Í\027Ûm\237\033ëzúæúí¥²¥\224­÷\207\226\217.N¢É×Hi­«|¿åfÒõ2éÈ"..., reserved = '\000' <repeats 15 times>, env = 0x92acf98}
        fpm_config = 0xb4e01a8c ""
        fpm_prefix = 0x0
        fpm_pid = 0x0
        test_conf = 0

valgrind didnt work correct. it shows me always an "out of memory" error, but there is enough memory free ...

@dbetz at df dot eu

Please provide a way to reproduce this problem (aka not randomly). That means to 
debug a little bit to see what happens in your app while it crashes. using 
vBulletin as a base to fix such crashes is not an option for us.

Thanks for your understanding,