php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #42920 glibc memory errors in fastcgi mode
Submitted: 2007-10-10 17:32 UTC Modified: 2007-10-11 13:50 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: ben dot lavender at mcdean-europe dot com Assigned:
Status: Closed Package: Reproducible crash
PHP Version: 5.2.4 OS: RHEL5
Private report: No CVE-ID: None
View Developer Edit
 [2007-10-10 17:32 UTC] ben dot lavender at mcdean-europe dot com 
Description:
------------
Running PHP 5.2.4 in FastCGI mode results in recurring crashes.  These happen both with and without APC, with or without APD (I'm not trying to use both at once, of course).  Once a crash happens, the process will continue to crash over and over on any page request.  

With APD installed, crashes are reported and I'm attaching an APD stack trace here.  Without APD, FastCGI simply catches the failure and restarts the process--sometimes a page is not even missed by the end user, but sometimes it is.

I'm using PHP 5.2.4, slightly patched; it's based on the RHEL 5.1.6 RPM.  I can provide an SRPM of the version of PHP I'm using; apd is installed with pecl.

Reproduce code:
---------------
We are using a rather massive Drupal installation (600k+ lines of code).  It would obviously be impractical to post all of this.  Furthermore, reproducing the problem is an irregular process--I simply keep hitting refresh until it happens.  Using multiple browsers speeds the process, as long as php doesn't start waiting on the database.  

After a failure, phpinfo() will display the problem over and over.

Expected result:
----------------
PHP in FastCGI mode would not eventually fail.

Actual result:
--------------
Without APD, FastCGI spits out messages about restarting the process, and there's nothing interesting to see.


With APD, the apache log files end up with entries like these.  The client is 127.0.0.1 as this is a staging server and the load balance proxy is on the same box for testing.

*** glibc detected *** /usr/bin/php-cgi: malloc(): memory corruption: 0xb7fc8008 ***
======= Backtrace: =========
/lib/libc.so.6[0x4d03168b]
/lib/libc.so.6(__libc_malloc+0x7e)[0x4d032dae]
/usr/bin/php-cgi(zend_hash_sort+0x3b)[0x82119db]
/usr/bin/php-cgi(zend_ini_sort_entries+0x42)[0x82197c2]
/usr/bin/php-cgi(php_print_info+0x77)[0x8169337]
/usr/bin/php-cgi(zif_phpinfo+0x6d)[0x816a64d]
/usr/bin/php-cgi(execute_internal+0x51)[0x8224f71]
/usr/lib/php/modules/apd.so(apd_execute_internal+0x74)[0x113404]
/usr/bin/php-cgi[0x82279d2]
/usr/bin/php-cgi(execute+0x15d)[0x8226a3d]
/usr/lib/php/modules/apd.so(apd_execute+0x64)[0x113494]
/usr/bin/php-cgi(zend_execute_scripts+0x1ba)[0x8205cea]
/usr/bin/php-cgi(php_execute_script+0x1f3)[0x81bf003]
/usr/bin/php-cgi(main+0x11d9)[0x828d899]
/lib/libc.so.6(__libc_start_main+0xdc)[0x4cfe0dec]
/usr/bin/php-cgi[0x8077df1]
.. *memory map snipped* ..
[Wed Oct 10 20:18:26 2007] [error] [client 127.0.0.1] (104)Connection reset by peer: FastCGI: comm with server "/var/www/cgi-bin/php-wrapper" aborted: read failed
[Wed Oct 10 20:18:26 2007] [error] [client 127.0.0.1] FastCGI: incomplete headers (0 bytes) received from server "/var/www/cgi-bin/php-wrapper"


*** glibc detected *** /usr/bin/php-cgi: malloc(): memory corruption: 0xb7fc8008 ***
======= Backtrace: =========
/lib/libc.so.6[0x4d03168b]
/lib/libc.so.6(__libc_malloc+0x7e)[0x4d032dae]
/usr/bin/php-cgi(_zend_hash_add_or_update+0x26b)[0x821224b]
/usr/lib/php/modules/apd.so[0x112872]
/usr/lib/php/modules/apd.so(apd_execute+0x56)[0x113486]
/usr/bin/php-cgi(zend_execute_scripts+0x1ba)[0x8205cea]
/usr/bin/php-cgi(php_execute_script+0x1f3)[0x81bf003]
/usr/bin/php-cgi(main+0x11d9)[0x828d899]
/lib/libc.so.6(__libc_start_main+0xdc)[0x4cfe0dec]
/usr/bin/php-cgi[0x8077df1]
* memory map snipped *
[Wed Oct 10 20:14:05 2007] [error] [client 127.0.0.1] (104)Connection reset by peer: FastCGI: comm with server "/var/www/cgi-bin/php-wrapper" aborted: read failed
[Wed Oct 10 20:14:05 2007] [error] [client 127.0.0.1] FastCGI: incomplete headers (0 bytes) received from server "/var/www/cgi-bin/php-wrapper"


*** glibc detected *** /usr/bin/php-cgi: double free or corruption (!prev): 0x09fe0108 ***
======= Backtrace: =========
/lib/libc.so.6[0x4d030f7d]
/lib/libc.so.6(cfree+0x90)[0x4d0345d0]
/lib/libc.so.6(fclose+0x134)[0x4d0202d4]
/usr/lib/php/modules/apd.so(zm_deactivate_apd+0x2c)[0xee19cc]
/usr/bin/php-cgi(module_registry_cleanup+0x20)[0x82079d0]
/usr/bin/php-cgi(zend_hash_apply+0x4c)[0x821086c]
/usr/bin/php-cgi(zend_deactivate_modules+0x61)[0x8205f41]
/usr/bin/php-cgi(php_request_shutdown+0x2ba)[0x81bfb1a]
/usr/bin/php-cgi(main+0x120e)[0x828d8ce]
/lib/libc.so.6(__libc_start_main+0xdc)[0x4cfe0dec]
/usr/bin/php-cgi[0x8077df1]

*** glibc detected *** /usr/bin/php-cgi: double free or corruption (!prev): 0x0a3c6c48 ***
======= Backtrace: =========
/lib/libc.so.6[0x4d030f7d]
/lib/libc.so.6(cfree+0x90)[0x4d0345d0]
/lib/libc.so.6(fclose+0x134)[0x4d0202d4]
/usr/lib/php/modules/apd.so(zm_deactivate_apd+0x2c)[0x2fc9cc]
/usr/bin/php-cgi(module_registry_cleanup+0x20)[0x82079d0]
/usr/bin/php-cgi(zend_hash_apply+0x4c)[0x821086c]
/usr/bin/php-cgi(zend_deactivate_modules+0x61)[0x8205f41]
/usr/bin/php-cgi(php_request_shutdown+0x2ba)[0x81bfb1a]
/usr/bin/php-cgi(main+0x120e)[0x828d8ce]
/lib/libc.so.6(__libc_start_main+0xdc)[0x4cfe0dec]
/usr/bin/php-cgi[0x8077df1]

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-10-11 13:33 UTC] jani@php.net 
Can you reproduce this with non-patched PHP and without loading ANY Zend extensions (like apc/apd/zend optimizer/etc).. ?
 [2007-10-11 13:50 UTC] ben dot lavender at mcdean-europe dot com 
I seem to have been able to track this down to a rogue PECL module that was compiled for 5.1.6.
 
PHP Copyright © 2001-2026 The PHP Group
All rights reserved. 		Last updated: Thu Jan 01 11:00:01 2026 UTC