ns78:~/root/php-5.2.5/sapi/cgi# /usr/local/bin/php-cgi  -m
[PHP Modules]
cgi-fcgi
ctype
date
dom
exif
fileinfo
filter
ftp
gd
gettext
hash
iconv
json
libxml
mbstring
mysql
pcre
PDO
pdo_sqlite
posix
Reflection
session
SimpleXML
sockets
SPL
SQLite
standard
tokenizer
XCache
xml
xmlreader
xmlwriter
zlib

[Zend Modules]
XCache

Segmentation fault (core dumped)


ns78:~/root/php-5.2.5/sapi/cgi# gdb /usr/local/bin/php-cgi core
GNU gdb 6.4.90-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...Using host libthread_db library "/lib/tls/libthread_db.so.1".


warning: Can't read pathname for load map: Input/output error.
Reading symbols from /lib/tls/libcrypt.so.1...done.
Loaded symbols for /lib/tls/libcrypt.so.1
Reading symbols from /lib/tls/librt.so.1...done.
Loaded symbols for /lib/tls/librt.so.1
Reading symbols from /usr/local/mysql/lib/mysql/libmysqlclient.so.15...done.
Loaded symbols for /usr/local/mysql/lib/mysql/libmysqlclient.so.15
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /usr/local/lib/libiconv.so.2...done.
Loaded symbols for /usr/local/lib/libiconv.so.2
Reading symbols from /usr/local/lib/libfreetype.so.6...done.
Loaded symbols for /usr/local/lib/libfreetype.so.6
Reading symbols from /usr/local/lib/libpng.so.3...done.
Loaded symbols for /usr/local/lib/libpng.so.3
Reading symbols from /lib/tls/libresolv.so.2...done.
Loaded symbols for /lib/tls/libresolv.so.2
Reading symbols from /lib/tls/libm.so.6...done.
Loaded symbols for /lib/tls/libm.so.6
Reading symbols from /lib/tls/libdl.so.2...done.
Loaded symbols for /lib/tls/libdl.so.2
Reading symbols from /lib/tls/libnsl.so.1...done.
Loaded symbols for /lib/tls/libnsl.so.1
Reading symbols from /usr/lib/libxml2.so.2...done.
Loaded symbols for /usr/lib/libxml2.so.2
Reading symbols from /lib/tls/libc.so.6...done.
Loaded symbols for /lib/tls/libc.so.6
Reading symbols from /lib/tls/libpthread.so.0...done.
Loaded symbols for /lib/tls/libpthread.so.0
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /usr/local/lib/php/extensions/no-debug-non-zts-20060613/fileinfo.so...done.
Loaded symbols for /usr/local/lib/php/extensions/no-debug-non-zts-20060613/fileinfo.so
Reading symbols from /usr/lib/libmagic.so.1...done.
Loaded symbols for /usr/lib/libmagic.so.1
Reading symbols from /lib/tls/libnss_files.so.2...done.
Loaded symbols for /lib/tls/libnss_files.so.2
Core was generated by `/usr/local/bin/php-cgi -m'.
Program terminated with signal 11, Segmentation fault.
#0  0xb7978db0 in ?? ()
(gdb) bt full
#0  0xb7978db0 in ?? ()
No symbol table info available.
#1  <signal handler called>
No symbol table info available.
#2  0xb7978e00 in ?? ()
No symbol table info available.
#3  0x082ee8e2 in module_destructor (module=0x86ce280) at /root/root/php-5.2.5/Zend/zend_API.c:1916
No locals.
#4  0x082f4967 in zend_hash_apply_deleter (ht=0x85fd2e0, p=0x86ce250) at /root/root/php-5.2.5/Zend/zend_hash.c:611
        retval = <value optimized out>
#5  0x082f4be7 in zend_hash_graceful_reverse_destroy (ht=0x85fd2e0) at /root/root/php-5.2.5/Zend/zend_hash.c:646
        p = (Bucket *) 0xb7978e00
#6  0x082eb3ae in zend_shutdown () at /root/root/php-5.2.5/Zend/zend.c:733
No locals.
#7  0x082aba6f in php_module_shutdown () at /root/root/php-5.2.5/main/main.c:1887
No locals.
#8  0x08365bdf in main (argc=2, argv=0xbff614b4) at /root/root/php-5.2.5/sapi/cgi/cgi_main.c:2055
        sec = <value optimized out>
        usec = <value optimized out>
        free_query_string = 0
        exit_status = 0
        cgi = 0
        c = <value optimized out>
        i = <value optimized out>
        len = <value optimized out>
        file_handle = {type = 0 '\0', filename = 0x0, opened_path = 0x0, handle = {fd = 0, fp = 0x0, stream = {
      handle = 0x0, reader = 0xbff61460, closer = 0xb7ff34f8, fteller = 0x806c723, interactive = 24641422}},
  free_filename = 0 '\0'}
        retval = <value optimized out>
        s = 0x0
        behavior = 1
        no_headers = 0
        orig_optind = 1
        orig_optarg = 0x0
        script_file = 0x0
        ini_entries_len = 0
        max_requests = 500
        requests = 0
        fastcgi = 0
        bindpath = 0x0
        fcgi_fd = <value optimized out>
        request = {listen_socket = 0, fd = 0, id = 0, keep = 0, in_len = 0, in_pad = 0, out_hdr = 0x0, out_pos = 0x0,
  out_buf = '\0' <repeats 4612 times>, "\200\002?&#711;(\004?&#380;i\220&#355;&#711;&#270;\024&#379;&#711;\214\002?&#711;?/&#729;&#711;&#341;1&#729;&#711;\000\000\000\000?\006?&#380;\2346&#355;&#711;&#313;\024&#379;&#711;?V?&#711;", '\0' <repeats 16 times>, "&#270;\024&#379;&#711;\000\000\000\000 0&#729;&#711;", '\0' <repeats 14 times>, "?&#711;", '\0' <repeats 16 times>, "?V?&#711;", '\0' <repeats 24 times>, "\200\002?&#711;?\004?&#380;i\220&#355;&#711;\223\032&#261;&#711;\214\002?&#711;?/&#729;&#711;&#341;1&#729;&#711;\000\000\000\0000\a?&#380;\2346&#355;&#711;", '\0' <repeats 24 times>, "\223\032&#261;&#711;\000\000\000\000 0&#729;&#711;", '\0' <repeats 12 times>, "??&#366;&#711;", '\0' <repeats 40 times>...,
---Type <return> to continue, or q <return> to quit---
  reserved = "-smp-19102007-1", env = {nTableSize = 0, nTableMask = 0, nNumOfElements = 0, nNextFreeElement = 0,
    pInternalPointer = 0x0, pListHead = 0x0, pListTail = 0x0, arBuckets = 0x0, pDestructor = 0x23000000,
    persistent = 49 '1', nApplyCount = 32 ' ', bApplyProtection = 83 'S'}}
        repeats = 1
        benchmark = 0
        start = {tv_sec = 134802161, tv_usec = -1208012812}
        end = {tv_sec = 140313464, tv_usec = -1074392040}
        status = 0
(gdb) up
#1  <signal handler called>
(gdb)
#2  0xb7978e00 in ?? ()
(gdb)
#3  0x082ee8e2 in module_destructor (module=0x86ce280) at /root/root/php-5.2.5/Zend/zend_API.c:1916
1916                    module->module_shutdown_func(module->type, module->module_number TSRMLS_CC);
(gdb)
#4  0x082f4967 in zend_hash_apply_deleter (ht=0x85fd2e0, p=0x86ce250) at /root/root/php-5.2.5/Zend/zend_hash.c:611
611                     ht->pDestructor(p->pData);
(gdb)
#5  0x082f4be7 in zend_hash_graceful_reverse_destroy (ht=0x85fd2e0) at /root/root/php-5.2.5/Zend/zend_hash.c:646
646                     zend_hash_apply_deleter(ht, p);
(gdb)
#6  0x082eb3ae in zend_shutdown () at /root/root/php-5.2.5/Zend/zend.c:733
733             zend_hash_graceful_reverse_destroy(&module_registry);
(gdb)
#7  0x082aba6f in php_module_shutdown () at /root/root/php-5.2.5/main/main.c:1887
1887            zend_shutdown(TSRMLS_C);
(gdb)
#8  0x08365bdf in main (argc=2, argv=0xbff614b4) at /root/root/php-5.2.5/sapi/cgi/cgi_main.c:2055
2055            php_module_shutdown(TSRMLS_C);
(gdb)
Initial frame selected; you cannot go up.
(gdb)


I dont know what is going on
We have replace all RAM on server today..

Regards,
Piotr

First of all: Disable ALL 3rd party shared extensions. (Like xcache for starters) If after that you're still able to reproduce this, generate a clean backtrace.

I have disable Xcache  recompile php with --enable-debug

I spawned php process using spawn-fcgi from lighttpd

---------------------------------------
[Sat Nov 17 21:40:49 2007]  Script:  '/home/admin/domains/poszkole.pl/public_html/beta/gry.php'
---------------------------------------
/root/php-5.2.5/main/SAPI.c(445) : Block 0x08820bec status:
Invalid pointer: ((size=0x00000000) != (next.prev=0x0000000e))
Invalid pointer: ((prev=0x0000000e) != (prev.size=0x086a56d8))
---------------------------------------
[Sat Nov 17 21:41:02 2007]  Script:  '/home/admin/domains/poszkole.pl/public_html/beta/gry.php'
---------------------------------------
/root/php-5.2.5/main/SAPI.c(445) : Block 0x0881dc44 status:
Beginning:      Freed (magic=0x00000010, expected=0x99954317)
    Start:      Overflown (magic=0x914E91A4 instead of 0x3AF0ADC9)
                At least 4 bytes overflown
[Sat Nov 17 21:42:58 2007]  Script:  '/home/admin/domains/poszkole.pl/public_html/beta/gry.php'
---------------------------------------
/root/php-5.2.5/main/SAPI.c(445) : Block 0x08861764 status:
Beginning:      Freed (magic=0x00000007, expected=0x99954317)
    Start:      Overflown (magic=0x00000080 instead of 0x3AF0ADC9)
                At least 4 bytes overflown
[Sat Nov 17 21:42:59 2007]  Script:  '/home/admin/domains/poszkole.pl/public_html/beta/gry.php'
---------------------------------------
/root/php-5.2.5/main/SAPI.c(445) : Block 0x08824004 status:
Invalid pointer: ((size=0x00000041) != (next.prev=0x086ee1f4))
[Sat Nov 17 21:43:59 2007]  Script:  '/home/admin/domains/poszkole.pl/public_html/beta/gry.php'
---------------------------------------
/root/php-5.2.5/main/SAPI.c(445) : Block 0x08822308 status:
Invalid pointer: ((size=0x00000041) != (next.prev=0x00000000))
[Sat Nov 17 21:46:46 2007]  Script:  '/home/admin/domains/poszkole.pl/public_html/beta/gry.php'
---------------------------------------
/root/php-5.2.5/main/SAPI.c(445) : Block 0x08822bec status:
Invalid pointer: ((prev=0x000000fc) != (prev.size=0x3af0adc9))
---------------------------------------
[Sat Nov 17 21:47:13 2007]  Script:  '/home/admin/domains/poszkole.pl/public_html/beta/gry.php'
---------------------------------------
/root/php-5.2.5/main/SAPI.c(445) : Block 0x08828034 status:
Invalid pointer: ((size=0x0000000a) != (next.prev=0x5a5a5a5a))
[Sat Nov 17 21:47:18 2007]  Script:  '/home/admin/domains/poszkole.pl/public_html/beta/gry.php'
---------------------------------------
/root/php-5.2.5/main/SAPI.c(445) : Block 0x08823344 status:
Invalid pointer: ((size=0x0000002d) != (next.prev=0x00000089))
zend_mm_heap corrupted
[Sat Nov 17 21:49:03 2007]  Script:  '/home/admin/domains/poszkole.pl/public_html/beta/gry.php'
---------------------------------------
/root/php-5.2.5/main/SAPI.c(445) : Block 0x0886192c status:
Invalid pointer: ((size=0x000000ac) != (next.prev=0x5a5a5a5a))


Regards,
Piotr

Bellow is clean backtrace:
hardware is ok because I have tested this on 5 different servers..

ns79:~# gdb /usr/local/bin/php-cgi /home/admin/domains/poszkole.pl/public_html/beta/core
GNU gdb 6.6.90.20070912-debian
Copyright (C) 2007 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
Using host libthread_db library "/lib/libthread_db.so.1".

warning: Can't read pathname for load map: Input/output error.
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/librt.so.1...done.
Loaded symbols for /lib/librt.so.1
Reading symbols from /usr/local/mysql/lib/mysql/libmysqlclient.so.15...done.
Loaded symbols for /usr/local/mysql/lib/mysql/libmysqlclient.so.15
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /usr/local/lib/libiconv.so.2...done.
Loaded symbols for /usr/local/lib/libiconv.so.2
Reading symbols from /usr/local/lib/libfreetype.so.6...done.
Loaded symbols for /usr/local/lib/libfreetype.so.6
Reading symbols from /usr/local/lib/libpng.so.3...done.
Loaded symbols for /usr/local/lib/libpng.so.3
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /usr/lib/libxml2.so.2...done.
Loaded symbols for /usr/lib/libxml2.so.2
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libpthread.so.0...done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /usr/lib/libnss_db.so.2...done.
Loaded symbols for /usr/lib/libnss_db.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /usr/lib/libdb-4.3.so...done.
Loaded symbols for /usr/lib/libdb-4.3.so
Reading symbols from /lib/libnss_dns.so.2...done.
Loaded symbols for /lib/libnss_dns.so.2
Core was generated by `/usr/local/bin/php-cgi -b 80.86.81.87:1026'.
Program terminated with signal 11, Segmentation fault.
#0  0x08391412 in zend_mm_check_ptr (heap=0x86ee138, ptr=0x8820e54, silent=1,
    __zend_filename=0x868d9f7 "/root/php-5.2.5/main/SAPI.c", __zend_lineno=445, __zend_orig_filename=0x0,
    __zend_orig_lineno=0) at /root/php-5.2.5/Zend/zend_alloc.c:1276
1276            if (p->info._size != ZEND_MM_NEXT_BLOCK(p)->info._prev) {
(gdb) bt full
#0  0x08391412 in zend_mm_check_ptr (heap=0x86ee138, ptr=0x8820e54, silent=1,
    __zend_filename=0x868d9f7 "/root/php-5.2.5/main/SAPI.c", __zend_lineno=445, __zend_orig_filename=0x0,
    __zend_orig_lineno=0) at /root/php-5.2.5/Zend/zend_alloc.c:1276
        p = (zend_mm_block *) 0x8820e2c
        no_cache_notice = 0
        had_problems = 0
        valid_beginning = 1
#1  0x08392961 in _zend_mm_free_int (heap=0x86ee138, p=0x8820e54, __zend_filename=0x868d9f7 "/root/php-5.2.5/main/SAPI.c",
    __zend_lineno=445, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /root/php-5.2.5/Zend/zend_alloc.c:1909
        mm_block = (zend_mm_block *) 0xcf0
        next_block = (zend_mm_block *) 0x1
        size = 3214980088
#2  0x0839396a in _efree (ptr=0x8820e54, __zend_filename=0x868d9f7 "/root/php-5.2.5/main/SAPI.c", __zend_lineno=445,
    __zend_orig_filename=0x0, __zend_orig_lineno=0) at /root/php-5.2.5/Zend/zend_alloc.c:2277
No locals.
#3  0x08366c4a in sapi_deactivate () at /root/php-5.2.5/main/SAPI.c:445
No locals.
#4  0x0835f207 in php_request_shutdown (dummy=0x0) at /root/php-5.2.5/main/main.c:1494
        __orig_bailout = (jmp_buf *) 0xbfa0c514
        __bailout = {{__jmpbuf = {-1212280844, -1208259360, 0, -1079982904, 1434960001, 2145648110}, __mask_was_saved = 0,
    __saved_mask = {__val = {0, 3082575350, 0, 142330428, 0, 0, 1, 142330525, 0, 3082686452, 142634872, 3081258672,
        3214984296, 3081774445, 3086707936, 0, 3214984360, 137964004, 142330468, 90, 57, 141237152, 1968, 0, 0, 0,
        3082686452, 0, 3082690880, 3214984360, 142330428, 3082690880}}}}
        report_memleaks = 1 '\001'
#5  0x0842cb32 in main (argc=3, argv=0xbfa0e784) at /root/php-5.2.5/sapi/cgi/cgi_main.c:1972
        path_translated = 0x8809f28 "/home/admin/domains/poszkole.pl/public_html/beta/gry.php"
        __orig_bailout = (jmp_buf *) 0x0
        __bailout = {{__jmpbuf = {-1212280844, -1208259360, 0, -1079974168, 1435082881, -1853892114}, __mask_was_saved = 0,
    __saved_mask = {__val = {0 <repeats 32 times>}}}}
        free_query_string = 0
        exit_status = 0
        cgi = 0
        c = 60
        i = -1079974096
        len = -1208256920
        file_handle = {type = 2 '\002', filename = 0x87bca64 'Z' <repeats 57 times>, "Fi\024\017", opened_path = 0x0,
  handle = {fd = 142634872, fp = 0x8806f78, stream = {handle = 0x8806f78, reader = 0x83c6f0c <zend_stream_stdio_reader>,
      closer = 0x83c6f35 <zend_stream_stdio_closer>, fteller = 0x83c6f54 <zend_stream_stdio_fteller>, interactive = 0}},
  free_filename = 0 '\0'}
        retval = 0
        s = 0x0
        behavior = 1
        no_headers = 0
        orig_optind = 1
        orig_optarg = 0x0
        script_file = 0x0
---Type <return> to continue, or q <return> to quit---
        ini_entries_len = 0
        max_requests = 500
        requests = 7
        fastcgi = 1
        bindpath = 0x86ee110 "80.86.81.87:1026"
        fcgi_fd = 3
        request = {listen_socket = 3, fd = 4, id = 1, keep = 1, in_len = 0, in_pad = 0, out_hdr = 0x0,
  out_pos = 0xbfa0c5f8 "\001\006",
  out_buf = "\001\006\000\001\f&#269;\000\000t goog\">\n\t\t\t<script type=\"text/javascript\"><!--\r\ngoogle_ad_client = \"pub-4042275753879057\";\r\ngoogle_ad_width = 120;\r\ngoogle_ad_height = 600;\r\ngoogle_ad_format = \"120x600_as\";\r\ngoogle_ad_type ="..., reserved = '\0' <repeats 15 times>, env = {nTableSize = 32, nTableMask = 31, nNumOfElements = 27,
    nNextFreeElement = 0, pInternalPointer = 0x87fac80, pListHead = 0x87fac80, pListTail = 0x87b85c8,
    arBuckets = 0x87fb680, pDestructor = 0x8428945 <fcgi_free_var>, persistent = 1 '\001', nApplyCount = 0 '\0',
    bApplyProtection = 1 '\001', inconsistent = 0}}
        repeats = 1
        benchmark = 0
        start = {tv_sec = 0, tv_usec = 0}
        end = {tv_sec = 0, tv_usec = 0}
        status = 0
(gdb)


Regards,
Piotr

I have installed php 5.1.6 and the problem has passed away.

Please don't post any backtraces anymore. What exactly does this gry.php do? Try shorten the script to bare minimum which still causes the problem.

The problem isnt only with  gry.php  but many other scripts..
I use external sql servers and I'm connection to them through mysql_pconnect method . Changing method to mysql_connect provides less amount of crashes but finally when i changed php version to 5.1.6  segfault was eliminated  at all.

Regards,
Piotr

What is the content-type on these pages where it crashes? What is the diff between your php.ini and the stock php.ini-dist / php.ini-recommended (depending what you used as base for your php.ini)

The diff is here :
http://tapsy.pl/phpdiff.txt

Content-Type text/html

hi,I have same problem on my update php to 5.2.5.

My System is FreeBSD 6.1 + Lighttpd 1.4.18 + php5.2.5 + php-cgi. 

[user@www] ~#/usr/local/bin/php-cgi -m
[PHP Modules]
cgi-fcgi
date
gd
iconv
libxml
mbstring
memcache
mysql
pcre
Reflection
session
standard
xml
zlib

[Zend Modules]



In Lighttpd Logs:

2007-11-20 18:25:24: (mod_fastcgi.c.2462) unexpected end-of-file (perhaps the fastcgi process died): pid: 4823 socket: unix:/tmp/php-fastcgi.socket-0 
2007-11-20 18:25:24: (mod_fastcgi.c.3269) response already sent out, but backend returned error on socket: unix:/tmp/php-fastcgi.socket-0 for /detail.php , terminating connection

I also have such bug appeared after update to PHP 5.2.5.
System Info: FreeBSD 6.2-RELEASE-p3, nginx/0.5.32, PHP 5.2.5
# php -m
[PHP Modules]
bcmath
bz2
ctype
curl
date
dom
gd
gettext
hash
iconv
libxml
mbstring
mhash
mysql
pcre
PDO
pgsql
posix
readline
Reflection
session
SimpleXML
sockets
SPL
SQLite
standard
tokenizer
xml
xmlreader
xmlwriter
zlib

[Zend Modules]

#gdb /usr/local/bin/php-cgi php-cgi.core
--SKIPED--
(gdb) bt
#0  0x00000000004e79cf in _zend_mm_free_int ()
#1  0x00000000004c858a in sapi_deactivate ()
#2  0x00000000004c1eea in php_request_shutdown ()
#3  0x0000000000591943 in main ()

It crashes with such baktrace on ANY script.

Additional backtrace for previous comment:
(gdb) bt
#0  0x0000000000537d09 in zend_mm_check_ptr (heap=0x7bf000, ptr=0xb29818, silent=1, __zend_filename=0x6445d8 "/usr/ports/lang/php5/work/php-5.2.5/main/SAPI.c", __zend_lineno=445, __zend_orig_filename=0x0,
    __zend_orig_lineno=0) at /usr/ports/lang/php5/work/php-5.2.5/Zend/zend_alloc.c:1276
#1  0x0000000000539451 in _zend_mm_free_int (heap=0x7bf000, p=0xb29818, __zend_filename=0x6445d8 "/usr/ports/lang/php5/work/php-5.2.5/main/SAPI.c", __zend_lineno=445, __zend_orig_filename=0x0,
    __zend_orig_lineno=0) at /usr/ports/lang/php5/work/php-5.2.5/Zend/zend_alloc.c:1909
#2  0x000000000053a64c in _efree (ptr=0xb29818, __zend_filename=0x6445d8 "/usr/ports/lang/php5/work/php-5.2.5/main/SAPI.c", __zend_lineno=445, __zend_orig_filename=0x0, __zend_orig_lineno=0)
    at /usr/ports/lang/php5/work/php-5.2.5/Zend/zend_alloc.c:2277
#3  0x000000000050b99e in sapi_deactivate () at /usr/ports/lang/php5/work/php-5.2.5/main/SAPI.c:445
#4  0x0000000000502397 in php_request_shutdown (dummy=0x0) at /usr/ports/lang/php5/work/php-5.2.5/main/main.c:1494
#5  0x00000000005d8771 in main (argc=3, argv=0x7fffffffea98) at /usr/ports/lang/php5/work/php-5.2.5/sapi/cgi/cgi_main.c:1972

PS System is AMD64

now,more error msg "
[user@www] ~#zend_mm_heap corrupted
zend_mm_heap corrupted
zend_mm_heap corrupted
zend_mm_heap corrupted
zend_mm_heap corrupted
zend_mm_heap corrupted
zend_mm_heap corrupted
zend_mm_heap corrupted"

display on my console!

I can confirm the last additions to this bug.

I am also on FreeBSD/AMD64, and today I started getting "zend_mm_heap corrupted" messages. Also, PHP started to sig11 and what I did so far was disable all modules that I do not need - doing this I got rid off some of the obvious crashes.

This is my extension.ini
http://pastie.caboo.se/private/ytqpr1hnn0slvjsvabt70g

php -m:
http://pastie.caboo.se/private/yscuxwtkvromili7m15w


What can we do to provide more feedback?

I am also seeing problems with FastCGI and PHP-5.2.5.
FreeBSD 6.2-p8 (jail) and Lighttpd 1.4.18. No third party extensions.

root@www2:~ # pkg_info | grep php
php5-5.2.5          PHP Scripting Language
php5-gettext-5.2.5  The gettext shared extension for php
php5-mysql-5.2.5    The mysql shared extension for php
php5-pcre-5.2.5     The pcre shared extension for php
php5-session-5.2.5  The session shared extension for php
php5-xml-5.2.5      The xml shared extension for php
php5-zlib-5.2.5     The zlib shared extension for php

From the log file:

[Tue Nov 27 14:35:18 2007]  Script:  
'/usr/local/www/www.<site>.com/blog/wpcontent/themes/default/images/he
ader-img.php'
---------------------------------------
/var/ports/basejail/usr/ports/lang/php5/work/php-
5.2.5/main/SAPI.c(445) : Block 0x08289e30 status:
Invalid pointer: ((size=0x00000005) != (next.prev=0x5445475f))
2007-11-27 14:35:18: (mod_fastcgi.c.2462) unexpected end-of-file 
(perhaps the fastcgi process died): pid: 96290 socket: unix:/tmp/php-
fastcgi.socket-0
2007-11-27 14:35:18: (mod_fastcgi.c.3269) response already sent out, 
but backend returned error on socket: unix:/tmp/php-fastcgi.socket-0 
for /blog/wp-content/themes/default/images/header-img.php , 
terminating connection
[Tue Nov 27 14:40:21 2007]  Script:  
'/usr/local/www/www.<site>.com/index.php'
---------------------------------------
/var/ports/basejail/usr/ports/lang/php5/work/php-
5.2.5/main/SAPI.c(445) : Block 0x08289d10 status:
Beginning:      Freed (magic=0x00000000, expected=0x99954317)
    Start:      Overflown (magic=0x00000000 instead of 0x678FA504)
                At least 4 bytes overflown
      End:      Overflown (magic=0x0000000E instead of 0x0A184C31)
                At least 4 bytes overflown
---------------------------------------

I went back to php4, this seems to work fine.

Hi,

Same problem here with CentOS 4.5.


-Tareq

Dmitry, this has propably something to do with your patch for this:

"- Added ability to control memory consumption between request using
  ZEND_MM_COMPACT environment variable. (Dmitry)"

See also bug #43459 and bug #43387

The crash in main/SAPI.c(445) must be fixed in CVS.
It wasn't releated to CGI sapi or memory manager.
It was just because of uninitialized variable.

It is a duplicate of #43476, but not #43387 and #43459.