From: Operating system: Debian Squeeze x86_64 PHP version: 5.3.10 Package: FPM related Bug Type: Bug Bug description:Segfault when trying to allocate more memory
Description: ------------ Kernel: 2.6.32.50 with Grsecurity+PAX PHP Version 5.3.10-1~dotdeb.1 Grsecurity/PAX installed Additional .ini files parsed /etc/php5/fpm/conf.d/apc.ini, /etc/php5/fpm/conf.d/curl.ini, /etc/php5/fpm/conf.d/gd.ini, /etc/php5/fpm/conf.d/imagick.ini, /etc/php5/fpm/conf.d/mysql.ini, /etc/php5/fpm/conf.d/mysqli.ini, /etc/php5/fpm/conf.d/pdo.ini, /etc/php5/fpm/conf.d/pdo_mysql.ini, /etc/php5/fpm/conf.d/pdo_sqlite.ini, /etc/php5/fpm/conf.d/sqlite.ini, /etc/php5/fpm/conf.d/sqlite3.ini, /etc/php5/fpm/conf.d/suhosin.ini Test script: --------------- - Expected result: ---------------- - Actual result: -------------- gdb /usr/sbin/php5-fpm ./core-phpfpm GNU gdb (GDB) 7.0.1-debian Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/sbin/php5-fpm...Reading symbols from /usr/lib/debug/usr/sbin/php5-fpm...done. (no debugging symbols found)...done. Reading symbols from /lib/libcrypt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/libcrypt.so.1 Reading symbols from /usr/lib/libz.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libz.so.1 Reading symbols from /usr/lib/libonig.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libonig.so.2 Reading symbols from /usr/lib/libcrypto.so.0.9.8...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libcrypto.so.0.9.8 Reading symbols from /usr/lib/libssl.so.0.9.8...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libssl.so.0.9.8 Reading symbols from /usr/lib/libdb-4.8.so...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libdb-4.8.so Reading symbols from /usr/lib/libqdbm.so.14...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libqdbm.so.14 Reading symbols from /lib/libbz2.so.1.0...(no debugging symbols found)...done. Loaded symbols for /lib/libbz2.so.1.0 Reading symbols from /lib/librt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/librt.so.1 Reading symbols from /lib/libm.so.6...(no debugging symbols found)...done. Loaded symbols for /lib/libm.so.6 Reading symbols from /lib/libdl.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/libdl.so.2 Reading symbols from /lib/libnsl.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/libnsl.so.1 Reading symbols from /usr/lib/libgssapi_krb5.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgssapi_krb5.so.2 Reading symbols from /usr/lib/libkrb5.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libkrb5.so.3 Reading symbols from /usr/lib/libk5crypto.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libk5crypto.so.3 Reading symbols from /lib/libcom_err.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/libcom_err.so.2 Reading symbols from /usr/lib/libxml2.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libxml2.so.2 Reading symbols from /lib/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/libresolv.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/libresolv.so.2 Reading symbols from /lib/libpthread.so.0...(no debugging symbols found)...done. Loaded symbols for /lib/libpthread.so.0 Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/ld-linux-x86-64.so.2 Reading symbols from /usr/lib/libkrb5support.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libkrb5support.so.0 Reading symbols from /lib/libkeyutils.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/libkeyutils.so.1 Reading symbols from /usr/lib/php5/20090626/apc.so...(no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/apc.so Reading symbols from /usr/lib/php5/20090626/curl.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/curl.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/curl.so Reading symbols from /usr/lib/libcurl.so.4...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libcurl.so.4 Reading symbols from /usr/lib/libidn.so.11...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libidn.so.11 Reading symbols from /usr/lib/libssh2.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libssh2.so.1 Reading symbols from /usr/lib/liblber-2.4.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/liblber-2.4.so.2 Reading symbols from /usr/lib/libldap_r-2.4.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libldap_r-2.4.so.2 Reading symbols from /usr/lib/libgcrypt.so.11...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgcrypt.so.11 Reading symbols from /usr/lib/libsasl2.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libsasl2.so.2 Reading symbols from /usr/lib/libgnutls.so.26...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgnutls.so.26 Reading symbols from /usr/lib/libgpg-error.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgpg-error.so.0 Reading symbols from /usr/lib/libtasn1.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libtasn1.so.3 Reading symbols from /usr/lib/php5/20090626/gd.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/gd.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/gd.so Reading symbols from /usr/lib/libt1.so.5...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libt1.so.5 Reading symbols from /usr/lib/libfreetype.so.6...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libfreetype.so.6 Reading symbols from /usr/lib/libX11.so.6...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libX11.so.6 Reading symbols from /usr/lib/libXpm.so.4...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libXpm.so.4 Reading symbols from /lib/libpng12.so.0...(no debugging symbols found)...done. Loaded symbols for /lib/libpng12.so.0 Reading symbols from /usr/lib/libjpeg.so.62...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libjpeg.so.62 Reading symbols from /usr/lib/libxcb.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libxcb.so.1 Reading symbols from /usr/lib/libXau.so.6...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libXau.so.6 Reading symbols from /usr/lib/libXdmcp.so.6...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libXdmcp.so.6 Reading symbols from /usr/lib/php5/20090626/imagick.so...(no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/imagick.so Reading symbols from /usr/lib/libMagickWand.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libMagickWand.so.3 Reading symbols from /usr/lib/libMagickCore.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libMagickCore.so.3 Reading symbols from /usr/lib/liblcms.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/liblcms.so.1 Reading symbols from /usr/lib/libtiff.so.4...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libtiff.so.4 Reading symbols from /usr/lib/liblqr-1.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib/liblqr-1.so.0 Reading symbols from /lib/libglib-2.0.so.0...(no debugging symbols found)...done. Loaded symbols for /lib/libglib-2.0.so.0 Reading symbols from /usr/lib/libfontconfig.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libfontconfig.so.1 Reading symbols from /usr/lib/libXext.so.6...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libXext.so.6 Reading symbols from /usr/lib/libSM.so.6...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libSM.so.6 Reading symbols from /usr/lib/libICE.so.6...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libICE.so.6 Reading symbols from /usr/lib/libXt.so.6...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libXt.so.6 Reading symbols from /usr/lib/libgomp.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgomp.so.1 Reading symbols from /usr/lib/libltdl.so.7...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libltdl.so.7 Reading symbols from /lib/libpcre.so.3...(no debugging symbols found)...done. Loaded symbols for /lib/libpcre.so.3 Reading symbols from /usr/lib/libexpat.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libexpat.so.1 Reading symbols from /lib/libuuid.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/libuuid.so.1 Reading symbols from /usr/lib/php5/20090626/mysql.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/mysql.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/mysql.so Reading symbols from /usr/lib/php5/20090626/mysqli.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/mysqli.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/mysqli.so Reading symbols from /usr/lib/php5/20090626/pdo.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/pdo.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/pdo.so Reading symbols from /usr/lib/php5/20090626/pdo_mysql.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/pdo_mysql.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/pdo_mysql.so Reading symbols from /usr/lib/php5/20090626/pdo_sqlite.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/pdo_sqlite.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/pdo_sqlite.so Reading symbols from /usr/lib/libsqlite3.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libsqlite3.so.0 Reading symbols from /usr/lib/php5/20090626/sqlite.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/sqlite.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/sqlite.so Reading symbols from /usr/lib/libsqlite.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libsqlite.so.0 Reading symbols from /usr/lib/php5/20090626/sqlite3.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/sqlite3.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/sqlite3.so Reading symbols from /usr/lib/php5/20090626/suhosin.so...(no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/suhosin.so Reading symbols from /lib/libnss_files.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/libnss_files.so.2 Reading symbols from /lib/libnss_compat.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/libnss_compat.so.2 Reading symbols from /lib/libnss_nis.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/libnss_nis.so.2 Reading symbols from /usr/lib/gconv/ISO8859-2.so...(no debugging symbols found)...done. Loaded symbols for /usr/lib/gconv/ISO8859-2.so Core was generated by `php-fpm: pool xxxxx '. Program terminated with signal 11, Segmentation fault. #0 zend_mm_remove_from_free_list (heap=0xe40ab0, mm_block=0x1c85988) at /usr/src/php5/source/php5-5.3.10/Zend/zend_alloc_canary.c:880 880 /usr/src/php5/source/php5-5.3.10/Zend/zend_alloc_canary.c: No such file or directory. in /usr/src/php5/source/php5-5.3.10/Zend/zend_alloc_canary.c (gdb) bt #0 zend_mm_remove_from_free_list (heap=0xe40ab0, mm_block=0x1c85988) at /usr/src/php5/source/php5-5.3.10/Zend/zend_alloc_canary.c:880 #1 0x00000000006e4738 in _zend_mm_free_canary_int (heap=0xe40ab0, p=0x1c85960) at /usr/src/php5/source/php5-5.3.10/Zend/zend_alloc_canary.c:2133 #2 0x00000000006d0712 in zend_hash_apply_deleter (ht=0xe31168, p=0x1126638) at /usr/src/php5/source/php5-5.3.10/Zend/zend_hash.c:814 #3 0x00000000006d0998 in zend_hash_graceful_reverse_destroy (ht=0xe31168) at /usr/src/php5/source/php5-5.3.10/Zend/zend_hash.c:850 #4 0x00000000006b7b0e in shutdown_executor () at /usr/src/php5/source/php5-5.3.10/Zend/zend_execute_API.c:256 #5 0x00000000006c4762 in zend_deactivate () at /usr/src/php5/source/php5-5.3.10/Zend/zend.c:963 #6 0x000000000066f3e5 in php_request_shutdown (dummy=0xe40ab0) at /usr/src/php5/source/php5-5.3.10/main/main.c:1664 #7 0x0000000000758ca0 in main (argc=18462176, argv=0x119c2f0) at /usr/src/php5/source/php5-5.3.10/sapi/fpm/fpm/fpm_main.c:1886 (gdb) x/8i $pc 0x6e4178 <zend_mm_remove_from_free_list+104>: cmp (%rax),%rdx 0x6e417b <zend_mm_remove_from_free_list+107>: jne 0x6e4333 <zend_mm_remove_from_free_list+547> 0x6e4181 <zend_mm_remove_from_free_list+113>: mov %ecx,%ecx 0x6e4183 <zend_mm_remove_from_free_list+115>: movq $0x0,(%rax) 0x6e418a <zend_mm_remove_from_free_list+122>: lea 0x698(%rdi,%rcx,8),%rax 0x6e4192 <zend_mm_remove_from_free_list+130>: cmp %rax,0x38(%rdx) 0x6e4196 <zend_mm_remove_from_free_list+134>: je 0x6e41a0 <zend_mm_remove_from_free_list+144> 0x6e4198 <zend_mm_remove_from_free_list+136>: add $0x8,%rsp (gdb) x/8x $sp 0x3be1991dad0: 0x01c85960 0x00000000 0x006e4738 0x00000000 0x3be1991dae0: 0x00e31168 0x00000000 0x01126638 0x00000000 (gdb) info reg rax 0x0 0 rbx 0xe40ab0 14944944 rcx 0x9 9 rdx 0x1c85988 29907336 rsi 0x1c85988 29907336 rdi 0xe40ab0 14944944 rbp 0x1c85960 0x1c85960 rsp 0x3be1991dad0 0x3be1991dad0 r8 0x1c85988 29907336 r9 0x10cf050 17625168 r10 0x33eae48be90 3567746858640 r11 0x33eae1ac5ae 3567743845806 r12 0x1c85938 29907256 r13 0x1c85988 29907336 r14 0x50 80 r15 0x104a140 17080640 rip 0x6e4178 0x6e4178 <zend_mm_remove_from_free_list+104> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 fctrl 0x27f 639 fstat 0x0 0 ftag 0xffff 65535 fiseg 0x0 0 fioff 0x6c2150 7086416 foseg 0x3be 958 fooff 0x1991b460 428979296 fop 0x0 0 mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ] -- Edit bug report at https://bugs.php.net/bug.php?id=60990&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=60990&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=60990&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=60990&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=60990&r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=60990&r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=60990&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=60990&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=60990&r=needscript Try newer version: https://bugs.php.net/fix.php?id=60990&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=60990&r=support Expected behavior: https://bugs.php.net/fix.php?id=60990&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=60990&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=60990&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=60990&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=60990&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=60990&r=dst IIS Stability: https://bugs.php.net/fix.php?id=60990&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=60990&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=60990&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=60990&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=60990&r=mysqlcfg
