Bug #1006

digest is down; suggestions welcome

Added by justin about 6 years ago. Updated over 5 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

I upgraded shiningsilence.com from 1.12.1 to 1.12.2 last night; since
then, PHP applications crash.

The DragonFlyBSD Digest is run with WordPress, which is in PHP, so
I'm having a bit of trouble posting anything. I'm seeing a whole
lot of this:

[Mon May 12 21:08:51 2008] [notice] child pid 61809 exit signal
Segmentation fault (11)

I occasionally get something in PHP (squirrelmail) to run after a
restart of Apache, but it will stop after a few page loads. I've
updated and rebuilt Apache and ap_php; I'm running out of ideas on
what could cause this or how to troubleshoot - I don't see any core
files being created. Suggestions welcome.

History

#1 Updated by justin about 6 years ago

... and if it helps, backtrace obtained with sjg's help here:

http://www.pastebin.org/35576

#2 Updated by dillon about 6 years ago

:
:... and if it helps, backtrace obtained with sjg's help here:
:
:http://www.pastebin.org/35576
:

I google searched zif_unserialize and found a bunch of bug reports
from 2005/2006 that look similar. I couldn't find anything definitive
but there was one suggestion that the thread stack might be too small,
another someone else posted something about a bug being fixed in PHP_5_2.
This was 2 years ago, though.

The only other thing I can suggest is to check the dates on the various
.so libraries being accessed. You may have updated the application but
not the shared library backing it.

-Matt
Matthew Dillon
<>

#3 Updated by justin about 6 years ago

On May 12, 2008, at 11:53 PM, Justin Sherrill wrote:

http://www.pastebin.org/35758 has the same results with more
debugging info retained by recompiling the applications.

#4 Updated by Johannes.Hofmann about 6 years ago

as there seems to something pthread related in the stack, where
does /usr/lib/libpthread.so.0 point to on your system?
Does it help to change the link to either libthread_xu.so or
libc_r.so?

Johannes

#5 Updated by dillon about 6 years ago

:
:
:On May 12, 2008, at 11:53 PM, Justin Sherrill wrote:
:
:> ... and if it helps, backtrace obtained with sjg's help here:
:>
:> http://www.pastebin.org/35576
:>
:
:http://www.pastebin.org/35758 has the same results with more
:debugging info retained by recompiling the applications.

I hate to suggest it but... if you can get that mess (the core,
binaries, and libraries) onto your leaf account so I can gdb it
myself, I can try to track down why it crashed.

-Matt
Matthew Dillon
<>

#6 Updated by tuxillo about 6 years ago

What about the commits between 1.12.1 and 1.12.2 related with threading lib?

#7 Updated by justin about 6 years ago

I'm still using the same threading library in both cases - libc_r.

#8 Updated by joerg about 6 years ago

I've been seeing random PHP segfaults lately in the module init code.
That's a standalone PHP using FastCGI.

Joerg

#9 Updated by dblazakis about 6 years ago

It seems there was an off-by-one error in the strspn code in our libc.
The buffer was a byte too small and resulted in overwriting the saved
ebx which was the offset to the GOT -- but only if strspn was used
with a \xff in the second string.

I have a patch here:
http://dblaz.beevomit.org/dfly/strspn.patch

I've verified it fixes the PHP problem. Also, I tested it against a
small program that called strspn with a \xff in the second string and
verified that ebx was correctly restored (unlike prior to the patch).

-- Dion

On Wed, May 14, 2008 at 2:32 PM, Joerg Sonnenberger
<> wrote:
> On Wed, May 14, 2008 at 11:30:19AM -0400, Justin C. Sherrill wrote:
>> Antonio Huete Jimenez wrote:
>>> Antonio Huete Jimenez <> added the comment:
>>>
>>> What about the commits between 1.12.1 and 1.12.2 related with threading lib?
>>
>> I'm still using the same threading library in both cases - libc_r.
>
> I've been seeing random PHP segfaults lately in the module init code.
> That's a standalone PHP using FastCGI.
>
> Joerg
>

#10 Updated by joerg about 6 years ago

That doesn't make sense. The array is indexed by 0..255 below and 256 is
certainly not a valid character.

Joerg

#11 Updated by dblazakis about 6 years ago

But the size of the array is 256; 0-255 inclusive.

-- Dion

On Wed, May 14, 2008 at 3:16 PM, Joerg Sonnenberger
<> wrote:
> On Wed, May 14, 2008 at 02:49:14PM -0400, Dionysus Blazakis wrote:
>> I have a patch here:
>> http://dblaz.beevomit.org/dfly/strspn.patch
>
> That doesn't make sense. The array is indexed by 0..255 below and 256 is
> certainly not a valid character.
>
> Joerg
>

#12 Updated by joerg about 6 years ago

Bah.

/me can't think

Joerg

#13 Updated by justin about 6 years ago

This fixed it - the Digest is back up, thanks to Dave.

This would be worth bringing back to 1.12.2.

#14 Updated by justin about 6 years ago

On Wed, May 14, 2008 4:06 pm, Justin C. Sherrill wrote:

I meant Dion. Dave was the one who explained how to recompile easily.
"Thanks, a bunch of helpful people".

#15 Updated by jspringe about 6 years ago

On Wed, 14 May 2008 16:06:19 -0400 (EDT)
"Justin C. Sherrill" <> wrote:

It definitely would be,
just as a side-note, I am curious if that also may have something to do with Johannes Problem
that he mentioned in the gcc Fortran base thread and here:
http://leaf.dragonflybsd.org/mailarchive/users/2007-11/msg00032.html
If that's pure nonsense ignore it but i remember him having problems with strspn !?

#16 Updated by Johannes.Hofmann about 6 years ago

As far as I can see it's unrelated. It seems to be another libc bug
that has been fixed in FreeBSD some time ago:
http://leaf.dragonflybsd.org/mailarchive/users/2008-05/msg00097.html

Johannes

#17 Updated by dillon about 6 years ago

:
:On Wed, May 14, 2008 4:06 pm, Justin C. Sherrill wrote:
:
:> This fixed it - the Digest is back up, thanks to Dave.
:
:I meant Dion. Dave was the one who explained how to recompile easily.
:"Thanks, a bunch of helpful people".

Excellent!

-Matt
Matthew Dillon
<>

Also available in: Atom PDF