Summary
Unprivileged LXC containers running PHP-FPM 5.6 cause host kernel NULL pointer dereferences and kernel panics on kernel versions 6.17.4-1-pve.Environment
- Kernel Versions Affected: 6.17.4-1-pve
- Hardware: AMD EPYC 9334 with 512GB RAM
- Container Type: Unprivileged LXC
- Container OS: Debian-based with PHP-FPM 5.6
Problem Description
When processes inside an unprivileged LXC container crash with SIGBUS (signal 7), the host kernel experiences NULL pointer dereferences leading to kernel panics and immediate system reboots. This has occurred repeatedly since December 2024.Crash Pattern
- PHP-FPM 5.6 process inside container crashes with SIGBUS
- Sometimes followed by other process crashes
- Host kernel NULL pointer dereference occurs
- System panics and reboots after 10 seconds (panic=10 kernel parameter)
Example Crash Sequence from journalctl
Code:
Jan 04 18:33:04 asus kernel: php-fpm5.6[638695]: segfault at 128 ip 0000650a72a8287c sp 00007ffcda2a1220 error 4 in php-fpm5.6
Jan 04 18:33:04 asus kernel: php-fpm5.6[641881]: segfault at 0 ip 0000650a72a4e069 sp 00007ffcda2a0c70 error 4 in php-fpm5.6
Jan 04 18:33:05 asus zabbix_agent2[3588]: fatal error: bad sweepgen in refill
Jan 04 18:33:05 asus kernel: slab proc_inode_cache start ff324ab19d0bdd80 pointer offset 376 size 696
Jan 04 18:33:05 asus kernel: BUG: kernel NULL pointer dereference, address: 0000000000000000
Jan 04 18:33:05 asus kernel: #PF: supervisor instruction fetch in kernel mode
Jan 04 18:33:05 asus kernel: #PF: error_code(0x0010) - not-present pageContainer Configuration
Code:
arch: amd64
cores: 8
features: nesting=1
hostname: container-014
memory: 40000
onboot: 1
ostype: debian
rootfs: AsusSSDStorage:subvol-101-disk-0,size=500G
swap: 10000
unprivileged: 1Thanks!