Bug #1006
closed
digest is down; suggestions welcome
0%
Description
I upgraded shiningsilence.com from 1.12.1 to 1.12.2 last night; since
then, PHP applications crash.
The DragonFlyBSD Digest is run with WordPress, which is in PHP, so
I'm having a bit of trouble posting anything. I'm seeing a whole
lot of this:
[Mon May 12 21:08:51 2008] [notice] child pid 61809 exit signal
Segmentation fault (11)
I occasionally get something in PHP (squirrelmail) to run after a
restart of Apache, but it will stop after a few page loads. I've
updated and rebuilt Apache and ap_php; I'm running out of ideas on
what could cause this or how to troubleshoot - I don't see any core
files being created. Suggestions welcome.
Updated by justin over 16 years ago
... and if it helps, backtrace obtained with sjg's help here:
Updated by dillon over 16 years ago
:
:... and if it helps, backtrace obtained with sjg's help here:
:
:http://www.pastebin.org/35576
:
I google searched zif_unserialize and found a bunch of bug reports
from 2005/2006 that look similar. I couldn't find anything definitive
but there was one suggestion that the thread stack might be too small,
another someone else posted something about a bug being fixed in PHP_5_2.
This was 2 years ago, though.The only other thing I can suggest is to check the dates on the various
.so libraries being accessed. You may have updated the application but
not the shared library backing it.-Matt
Matthew Dillon
<dillon@backplane.com>
Updated by justin over 16 years ago
On May 12, 2008, at 11:53 PM, Justin Sherrill wrote:
http://www.pastebin.org/35758 has the same results with more
debugging info retained by recompiling the applications.
Updated by Johannes.Hofmann over 16 years ago
as there seems to something pthread related in the stack, where
does /usr/lib/libpthread.so.0 point to on your system?
Does it help to change the link to either libthread_xu.so or
libc_r.so?
Johannes
Updated by dillon over 16 years ago
:
:
:On May 12, 2008, at 11:53 PM, Justin Sherrill wrote:
:
:> ... and if it helps, backtrace obtained with sjg's help here:
:>
:> http://www.pastebin.org/35576
:>
:
:http://www.pastebin.org/35758 has the same results with more
:debugging info retained by recompiling the applications.
I hate to suggest it but... if you can get that mess (the core,
binaries, and libraries) onto your leaf account so I can gdb it
myself, I can try to track down why it crashed.-Matt
Matthew Dillon
<dillon@backplane.com>
Updated by tuxillo over 16 years ago
What about the commits between 1.12.1 and 1.12.2 related with threading lib?
Updated by justin over 16 years ago
I'm still using the same threading library in both cases - libc_r.
Updated by joerg over 16 years ago
I've been seeing random PHP segfaults lately in the module init code.
That's a standalone PHP using FastCGI.
Joerg
Updated by dblazakis over 16 years ago
It seems there was an off-by-one error in the strspn code in our libc.
The buffer was a byte too small and resulted in overwriting the saved
ebx which was the offset to the GOT -- but only if strspn was used
with a \xff in the second string.
I have a patch here:
http://dblaz.beevomit.org/dfly/strspn.patch
I've verified it fixes the PHP problem. Also, I tested it against a
small program that called strspn with a \xff in the second string and
verified that ebx was correctly restored (unlike prior to the patch).
-- Dion
On Wed, May 14, 2008 at 2:32 PM, Joerg Sonnenberger
<joerg@britannica.bec.de> wrote:
On Wed, May 14, 2008 at 11:30:19AM -0400, Justin C. Sherrill wrote:
Antonio Huete Jimenez wrote:
Antonio Huete Jimenez <tuxillo@quantumachine.net> added the comment:
What about the commits between 1.12.1 and 1.12.2 related with threading lib?
I'm still using the same threading library in both cases - libc_r.
I've been seeing random PHP segfaults lately in the module init code.
That's a standalone PHP using FastCGI.Joerg
Updated by joerg over 16 years ago
That doesn't make sense. The array is indexed by 0..255 below and 256 is
certainly not a valid character.
Joerg
Updated by dblazakis over 16 years ago
But the size of the array is 256; 0-255 inclusive.
-- Dion
On Wed, May 14, 2008 at 3:16 PM, Joerg Sonnenberger
<joerg@britannica.bec.de> wrote:
On Wed, May 14, 2008 at 02:49:14PM -0400, Dionysus Blazakis wrote:
I have a patch here:
http://dblaz.beevomit.org/dfly/strspn.patchThat doesn't make sense. The array is indexed by 0..255 below and 256 is
certainly not a valid character.Joerg
Updated by justin over 16 years ago
This fixed it - the Digest is back up, thanks to Dave.
This would be worth bringing back to 1.12.2.
Updated by justin over 16 years ago
On Wed, May 14, 2008 4:06 pm, Justin C. Sherrill wrote:
I meant Dion. Dave was the one who explained how to recompile easily.
"Thanks, a bunch of helpful people".
Updated by jspringe over 16 years ago
On Wed, 14 May 2008 16:06:19 -0400 (EDT)
"Justin C. Sherrill" <justin@shiningsilence.com> wrote:
It definitely would be,
just as a side-note, I am curious if that also may have something to do with Johannes Problem
that he mentioned in the gcc Fortran base thread and here:
http://leaf.dragonflybsd.org/mailarchive/users/2007-11/msg00032.html
If that's pure nonsense ignore it but i remember him having problems with strspn !?
Updated by Johannes.Hofmann over 16 years ago
As far as I can see it's unrelated. It seems to be another libc bug
that has been fixed in FreeBSD some time ago:
http://leaf.dragonflybsd.org/mailarchive/users/2008-05/msg00097.html
Johannes
Updated by dillon over 16 years ago
:
:On Wed, May 14, 2008 4:06 pm, Justin C. Sherrill wrote:
:
:> This fixed it - the Digest is back up, thanks to Dave.
:
:I meant Dion. Dave was the one who explained how to recompile easily.
:"Thanks, a bunch of helpful people".
Excellent!-Matt
Matthew Dillon
<dillon@backplane.com>