Edit report at https://bugs.php.net/bug.php?id=60990&edit=1
ID: 60990 Comment by: stefan at nopiracy dot de Reported by: flatline at hardwired dot hu Summary: Segfault when trying to allocate more memory Status: Open Type: Bug Package: FPM related Operating System: Debian Squeeze x86_64 PHP Version: 5.3.10 Block user comment: N Private report: N New Comment: Because you are running Suhosin you will most probably get no help here. Anyway to increase your chances try the following: restart PHP with the environment variable SUHOSIN_MM_USE_CANARY_PROTECTION=0 If you do this then PHP will no longer use the memory allocator with carnaries, but use the normal one which is nearly identical to the vanilla one. Check if that gives you a similar backtrace. The code is obviously crashing while shutting down the system. There is a NULL pointer dereference. And the code triggering this is: zend_hash_graceful_reverse_destroy(&EG(symbol_table)); This means something is corrupt in the symbol_table. Do you have NO PHP code running on the system? Or does it crash always? Or...? Previous Comments: ------------------------------------------------------------------------ [2012-02-06 13:15:14] flatline at hardwired dot hu Description: ------------ Kernel: 2.6.32.50 with Grsecurity+PAX PHP Version 5.3.10-1~dotdeb.1 Grsecurity/PAX installed Additional .ini files parsed /etc/php5/fpm/conf.d/apc.ini, /etc/php5/fpm/conf.d/curl.ini, /etc/php5/fpm/conf.d/gd.ini, /etc/php5/fpm/conf.d/imagick.ini, /etc/php5/fpm/conf.d/mysql.ini, /etc/php5/fpm/conf.d/mysqli.ini, /etc/php5/fpm/conf.d/pdo.ini, /etc/php5/fpm/conf.d/pdo_mysql.ini, /etc/php5/fpm/conf.d/pdo_sqlite.ini, /etc/php5/fpm/conf.d/sqlite.ini, /etc/php5/fpm/conf.d/sqlite3.ini, /etc/php5/fpm/conf.d/suhosin.ini Test script: --------------- - Expected result: ---------------- - Actual result: -------------- gdb /usr/sbin/php5-fpm ./core-phpfpm GNU gdb (GDB) 7.0.1-debian Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/sbin/php5-fpm...Reading symbols from /usr/lib/debug/usr/sbin/php5-fpm...done. (no debugging symbols found)...done. Reading symbols from /lib/libcrypt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/libcrypt.so.1 Reading symbols from /usr/lib/libz.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libz.so.1 Reading symbols from /usr/lib/libonig.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libonig.so.2 Reading symbols from /usr/lib/libcrypto.so.0.9.8...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libcrypto.so.0.9.8 Reading symbols from /usr/lib/libssl.so.0.9.8...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libssl.so.0.9.8 Reading symbols from /usr/lib/libdb-4.8.so...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libdb-4.8.so Reading symbols from /usr/lib/libqdbm.so.14...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libqdbm.so.14 Reading symbols from /lib/libbz2.so.1.0...(no debugging symbols found)...done. Loaded symbols for /lib/libbz2.so.1.0 Reading symbols from /lib/librt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/librt.so.1 Reading symbols from /lib/libm.so.6...(no debugging symbols found)...done. Loaded symbols for /lib/libm.so.6 Reading symbols from /lib/libdl.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/libdl.so.2 Reading symbols from /lib/libnsl.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/libnsl.so.1 Reading symbols from /usr/lib/libgssapi_krb5.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgssapi_krb5.so.2 Reading symbols from /usr/lib/libkrb5.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libkrb5.so.3 Reading symbols from /usr/lib/libk5crypto.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libk5crypto.so.3 Reading symbols from /lib/libcom_err.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/libcom_err.so.2 Reading symbols from /usr/lib/libxml2.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libxml2.so.2 Reading symbols from /lib/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/libresolv.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/libresolv.so.2 Reading symbols from /lib/libpthread.so.0...(no debugging symbols found)...done. Loaded symbols for /lib/libpthread.so.0 Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/ld-linux-x86-64.so.2 Reading symbols from /usr/lib/libkrb5support.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libkrb5support.so.0 Reading symbols from /lib/libkeyutils.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/libkeyutils.so.1 Reading symbols from /usr/lib/php5/20090626/apc.so...(no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/apc.so Reading symbols from /usr/lib/php5/20090626/curl.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/curl.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/curl.so Reading symbols from /usr/lib/libcurl.so.4...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libcurl.so.4 Reading symbols from /usr/lib/libidn.so.11...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libidn.so.11 Reading symbols from /usr/lib/libssh2.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libssh2.so.1 Reading symbols from /usr/lib/liblber-2.4.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/liblber-2.4.so.2 Reading symbols from /usr/lib/libldap_r-2.4.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libldap_r-2.4.so.2 Reading symbols from /usr/lib/libgcrypt.so.11...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgcrypt.so.11 Reading symbols from /usr/lib/libsasl2.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libsasl2.so.2 Reading symbols from /usr/lib/libgnutls.so.26...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgnutls.so.26 Reading symbols from /usr/lib/libgpg-error.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgpg-error.so.0 Reading symbols from /usr/lib/libtasn1.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libtasn1.so.3 Reading symbols from /usr/lib/php5/20090626/gd.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/gd.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/gd.so Reading symbols from /usr/lib/libt1.so.5...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libt1.so.5 Reading symbols from /usr/lib/libfreetype.so.6...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libfreetype.so.6 Reading symbols from /usr/lib/libX11.so.6...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libX11.so.6 Reading symbols from /usr/lib/libXpm.so.4...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libXpm.so.4 Reading symbols from /lib/libpng12.so.0...(no debugging symbols found)...done. Loaded symbols for /lib/libpng12.so.0 Reading symbols from /usr/lib/libjpeg.so.62...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libjpeg.so.62 Reading symbols from /usr/lib/libxcb.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libxcb.so.1 Reading symbols from /usr/lib/libXau.so.6...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libXau.so.6 Reading symbols from /usr/lib/libXdmcp.so.6...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libXdmcp.so.6 Reading symbols from /usr/lib/php5/20090626/imagick.so...(no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/imagick.so Reading symbols from /usr/lib/libMagickWand.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libMagickWand.so.3 Reading symbols from /usr/lib/libMagickCore.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libMagickCore.so.3 Reading symbols from /usr/lib/liblcms.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/liblcms.so.1 Reading symbols from /usr/lib/libtiff.so.4...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libtiff.so.4 Reading symbols from /usr/lib/liblqr-1.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib/liblqr-1.so.0 Reading symbols from /lib/libglib-2.0.so.0...(no debugging symbols found)...done. Loaded symbols for /lib/libglib-2.0.so.0 Reading symbols from /usr/lib/libfontconfig.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libfontconfig.so.1 Reading symbols from /usr/lib/libXext.so.6...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libXext.so.6 Reading symbols from /usr/lib/libSM.so.6...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libSM.so.6 Reading symbols from /usr/lib/libICE.so.6...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libICE.so.6 Reading symbols from /usr/lib/libXt.so.6...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libXt.so.6 Reading symbols from /usr/lib/libgomp.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgomp.so.1 Reading symbols from /usr/lib/libltdl.so.7...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libltdl.so.7 Reading symbols from /lib/libpcre.so.3...(no debugging symbols found)...done. Loaded symbols for /lib/libpcre.so.3 Reading symbols from /usr/lib/libexpat.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libexpat.so.1 Reading symbols from /lib/libuuid.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/libuuid.so.1 Reading symbols from /usr/lib/php5/20090626/mysql.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/mysql.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/mysql.so Reading symbols from /usr/lib/php5/20090626/mysqli.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/mysqli.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/mysqli.so Reading symbols from /usr/lib/php5/20090626/pdo.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/pdo.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/pdo.so Reading symbols from /usr/lib/php5/20090626/pdo_mysql.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/pdo_mysql.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/pdo_mysql.so Reading symbols from /usr/lib/php5/20090626/pdo_sqlite.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/pdo_sqlite.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/pdo_sqlite.so Reading symbols from /usr/lib/libsqlite3.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libsqlite3.so.0 Reading symbols from /usr/lib/php5/20090626/sqlite.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/sqlite.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/sqlite.so Reading symbols from /usr/lib/libsqlite.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libsqlite.so.0 Reading symbols from /usr/lib/php5/20090626/sqlite3.so...Reading symbols from /usr/lib/debug/usr/lib/php5/20090626/sqlite3.so...done. (no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/sqlite3.so Reading symbols from /usr/lib/php5/20090626/suhosin.so...(no debugging symbols found)...done. Loaded symbols for /usr/lib/php5/20090626/suhosin.so Reading symbols from /lib/libnss_files.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/libnss_files.so.2 Reading symbols from /lib/libnss_compat.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/libnss_compat.so.2 Reading symbols from /lib/libnss_nis.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/libnss_nis.so.2 Reading symbols from /usr/lib/gconv/ISO8859-2.so...(no debugging symbols found)...done. Loaded symbols for /usr/lib/gconv/ISO8859-2.so Core was generated by `php-fpm: pool xxxxx '. Program terminated with signal 11, Segmentation fault. #0 zend_mm_remove_from_free_list (heap=0xe40ab0, mm_block=0x1c85988) at /usr/src/php5/source/php5-5.3.10/Zend/zend_alloc_canary.c:880 880 /usr/src/php5/source/php5-5.3.10/Zend/zend_alloc_canary.c: No such file or directory. in /usr/src/php5/source/php5-5.3.10/Zend/zend_alloc_canary.c (gdb) bt #0 zend_mm_remove_from_free_list (heap=0xe40ab0, mm_block=0x1c85988) at /usr/src/php5/source/php5-5.3.10/Zend/zend_alloc_canary.c:880 #1 0x00000000006e4738 in _zend_mm_free_canary_int (heap=0xe40ab0, p=0x1c85960) at /usr/src/php5/source/php5-5.3.10/Zend/zend_alloc_canary.c:2133 #2 0x00000000006d0712 in zend_hash_apply_deleter (ht=0xe31168, p=0x1126638) at /usr/src/php5/source/php5-5.3.10/Zend/zend_hash.c:814 #3 0x00000000006d0998 in zend_hash_graceful_reverse_destroy (ht=0xe31168) at /usr/src/php5/source/php5-5.3.10/Zend/zend_hash.c:850 #4 0x00000000006b7b0e in shutdown_executor () at /usr/src/php5/source/php5-5.3.10/Zend/zend_execute_API.c:256 #5 0x00000000006c4762 in zend_deactivate () at /usr/src/php5/source/php5-5.3.10/Zend/zend.c:963 #6 0x000000000066f3e5 in php_request_shutdown (dummy=0xe40ab0) at /usr/src/php5/source/php5-5.3.10/main/main.c:1664 #7 0x0000000000758ca0 in main (argc=18462176, argv=0x119c2f0) at /usr/src/php5/source/php5-5.3.10/sapi/fpm/fpm/fpm_main.c:1886 (gdb) x/8i $pc 0x6e4178 <zend_mm_remove_from_free_list+104>: cmp (%rax),%rdx 0x6e417b <zend_mm_remove_from_free_list+107>: jne 0x6e4333 <zend_mm_remove_from_free_list+547> 0x6e4181 <zend_mm_remove_from_free_list+113>: mov %ecx,%ecx 0x6e4183 <zend_mm_remove_from_free_list+115>: movq $0x0,(%rax) 0x6e418a <zend_mm_remove_from_free_list+122>: lea 0x698(%rdi,%rcx,8),%rax 0x6e4192 <zend_mm_remove_from_free_list+130>: cmp %rax,0x38(%rdx) 0x6e4196 <zend_mm_remove_from_free_list+134>: je 0x6e41a0 <zend_mm_remove_from_free_list+144> 0x6e4198 <zend_mm_remove_from_free_list+136>: add $0x8,%rsp (gdb) x/8x $sp 0x3be1991dad0: 0x01c85960 0x00000000 0x006e4738 0x00000000 0x3be1991dae0: 0x00e31168 0x00000000 0x01126638 0x00000000 (gdb) info reg rax 0x0 0 rbx 0xe40ab0 14944944 rcx 0x9 9 rdx 0x1c85988 29907336 rsi 0x1c85988 29907336 rdi 0xe40ab0 14944944 rbp 0x1c85960 0x1c85960 rsp 0x3be1991dad0 0x3be1991dad0 r8 0x1c85988 29907336 r9 0x10cf050 17625168 r10 0x33eae48be90 3567746858640 r11 0x33eae1ac5ae 3567743845806 r12 0x1c85938 29907256 r13 0x1c85988 29907336 r14 0x50 80 r15 0x104a140 17080640 rip 0x6e4178 0x6e4178 <zend_mm_remove_from_free_list+104> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 fctrl 0x27f 639 fstat 0x0 0 ftag 0xffff 65535 fiseg 0x0 0 fioff 0x6c2150 7086416 foseg 0x3be 958 fooff 0x1991b460 428979296 fop 0x0 0 mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ] ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=60990&edit=1
