[Bug 503396] Re: canary mismatch on efree()
Hello. I am back. We have moved all the vhosted clients from this system to another Ubuntu 8.04 and this problem has not resurfaced since then. These systems are very, very similar in their configurations. Both are primarily web servers. Its been now 28 days, and that is probably a good sign that the problem was left behind. Until now, it had been persistent, anywhere from 1 day to maybe 2.5 weeks. Always same error, at the same line, in the same file. I am glad to be rid of it, but don't have a good explanation to explain it. Thanks for the help. -- canary mismatch on efree() https://bugs.launchpad.net/bugs/503396 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 503396] Re: canary mismatch on efree()
Didn't help. The error is back again today (without extension). -- canary mismatch on efree() https://bugs.launchpad.net/bugs/503396 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 503396] Re: canary mismatch on efree()
Hal, are we speaking about php5-suhosin package or just plain libapache2-mod- php5 and your sentence I've removed suhosin means that you have recompiled php5 from source and quilt-deleted suhosin patch from series? Those are two different things. Ondrej -- canary mismatch on efree() https://bugs.launchpad.net/bugs/503396 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 503396] Re: canary mismatch on efree()
Sorry, I removed the php5-suhosin package for now. I'd really like to get it back, but I need to have things stabilized for a while for the client's sake. -- canary mismatch on efree() https://bugs.launchpad.net/bugs/503396 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 503396] Re: canary mismatch on efree()
It's fine with me :), and I understand your concern...I've worked for webhosting company some time ago. I was just asking if you have just removed php5-suhosin (extension) or if you recompiled php5 to disable suhosin patch. http://www.hardened-php.net/suhosin/download.html If you have just removed php5-suhosin package - then you are still protected by suhosin patch (and it is suhosin patch detecting canaries). So either you will be hit by same issue again or there is some bug in current suhosin extension which triggers those canaries. -- canary mismatch on efree() https://bugs.launchpad.net/bugs/503396 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 503396] Re: canary mismatch on efree()
Yes, I thought I had seen that in my googling. And I really hope, this helps isolate the problem (for everybody's sake). If there are other ideas on things to try, I am open to those. Just keeping in mind this is in a production environment so I have some limitations. Thanks. -- canary mismatch on efree() https://bugs.launchpad.net/bugs/503396 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 503396] Re: canary mismatch on efree()
Another episode of this happened last night, about 4.5 hours after rebooting to install the new kernel. This is a much shorter timeframe between episodes. I don't know if this is a fluke or something else. Same pattern though: the exact same line in the exact same file on the same site. Again, I've removed sushosin. Hopefully this helps. -- canary mismatch on efree() https://bugs.launchpad.net/bugs/503396 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 503396] Re: canary mismatch on efree()
Are you able to reproduce this bug under controlled environment? On testing machine, inside KVM, etc.? I know that I may be asking too much, but could you try running PHP with suhosin under valgrind? -- canary mismatch on efree() https://bugs.launchpad.net/bugs/503396 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 503396] Re: canary mismatch on efree()
I have not been able to reproduce this problem outside of the current production environment. And I can't realistically try to run php under valgrind since these are paying clients, and I can't risk their sites stability, etc. The other problem with reproducing this is that it takes some time to manifest. Its related to the form submissions on the site. On any given day there probably are 25-50 form submissions (some are very large multi-page forms too), and it takes maybe a week or so of this, for the error to start showing up. I don't really know a way to duplicate all that in a controlled environment. My guess is that if I restart apache every day, I'd never see the error at all. I do have a copy of the site in a staging environment. I have never seen the error there, but there is really no traffic to speak of. -- canary mismatch on efree() https://bugs.launchpad.net/bugs/503396 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 503396] Re: canary mismatch on efree()
We had another episode of this today. The previous configuration changes didn't help, obviously. The client mildly freaked. I am removing suhosin for the time being. I hate to do it ... but ... If I have time, I will try the updated kernel today. -- canary mismatch on efree() https://bugs.launchpad.net/bugs/503396 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 503396] Re: canary mismatch on efree()
I've installed the latest kernel. Then had a change of heart, and put sushosin back. Maybe the reboot brings good ju-ju. -- canary mismatch on efree() https://bugs.launchpad.net/bugs/503396 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 503396] Re: canary mismatch on efree()
Looks like a common issue when running PHP with suhosin: http://www.suspekt.org/2008/10/12/suhosin-canary-mismatch-on-efree-heap-overflow-detected/ http://bugs.php.net/bug.php?id=44872 ** Bug watch added: bugs.php.net/ #44872 http://bugs.php.net/bug.php?id=44872 ** Changed in: php5 (Ubuntu) Importance: Undecided = Medium ** Changed in: php5 (Ubuntu) Status: New = Confirmed -- canary mismatch on efree() https://bugs.launchpad.net/bugs/503396 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 503396] Re: canary mismatch on efree()
Thierry, yes, thanks, I had actually come across both of these. A couple of points: On the first link ... this same site ran fine on another 8.04 system with a very similar configuration for 8-9 months without this error. Secondly, if I have hit a php bug that is corrupting memory (ie suhosin is just the messenger of bad news), why does it take days worth of submitting these forms, to trigger the bug? (My wild, wild theory is that it is xcache related, but who knows ... BTW the problem system is 3G RAM vs the non-problem former system 1G). On the second link, it looks like all these are using mysqli extension, or mssql. There is no shortage of similar problems with mssql. The site in question is using plain mysql (not mysqli). Not sure this is necessarily significant or not. Lastly, I have probably 4 or 5 systems using 8.04 with suhosin, and this is the only time I ever have seen this error. Thanks. -- canary mismatch on efree() https://bugs.launchpad.net/bugs/503396 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 503396] Re: canary mismatch on efree()
Hal, is your system fully upgraded? Where does the difference between kernel versions come from? I remember there was some security upgrade in libpcre last year... Ondrej -- canary mismatch on efree() https://bugs.launchpad.net/bugs/503396 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 503396] Re: canary mismatch on efree()
The server is updated, except for some packages held back, which includes a newer kernel. libpcre is up to date. I haven't done the kernel upgrade (yet), because of the reboot, and the server is remote from where I am (and /me worry over such things :). I will do that soon, just in case it is relevant. I also yesterday am trying 2 suhosin ini setttings, one references apc and the other related to encrypted sessions (based on googling). Shots in the dark though. -- canary mismatch on efree() https://bugs.launchpad.net/bugs/503396 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 503396] Re: canary mismatch on efree()
As far as I remember, the session encryption bug was related to new version of php (in karmic?). Another shot in the dark - is there different setting in MaxRequestsPerChild setting in apache2? Could you set it to some arbitrary number, so apache2 child gets reloaded once in a while? (I know it's not a solution, but it could help...) -- canary mismatch on efree() https://bugs.launchpad.net/bugs/503396 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 503396] Re: canary mismatch on efree()
Ondřej, both systems were already set to 1000 MaxRequestsPerChild. -- canary mismatch on efree() https://bugs.launchpad.net/bugs/503396 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 503396] Re: canary mismatch on efree()
Is there a difference in the architecture? There are some bugs in PHP triggered by 64-bit (amd64) arch. -- canary mismatch on efree() https://bugs.launchpad.net/bugs/503396 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 503396] Re: canary mismatch on efree()
Thanks. Not 64bit. Here are the kernels: Problematic system: # uname -a Linux Garth 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux Previous system: # uname -a Linux ratt 2.6.24-24-server #1 SMP Tue Aug 18 17:46:20 UTC 2009 i686 GNU/Linux -- canary mismatch on efree() https://bugs.launchpad.net/bugs/503396 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs