Project

General

Profile

Actions

Bug #1006

closed

digest is down; suggestions welcome

Added by justin over 16 years ago. Updated almost 16 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

I upgraded shiningsilence.com from 1.12.1 to 1.12.2 last night; since
then, PHP applications crash.

The DragonFlyBSD Digest is run with WordPress, which is in PHP, so
I'm having a bit of trouble posting anything. I'm seeing a whole
lot of this:

[Mon May 12 21:08:51 2008] [notice] child pid 61809 exit signal
Segmentation fault (11)

I occasionally get something in PHP (squirrelmail) to run after a
restart of Apache, but it will stop after a few page loads. I've
updated and rebuilt Apache and ap_php; I'm running out of ideas on
what could cause this or how to troubleshoot - I don't see any core
files being created. Suggestions welcome.

Actions #1

Updated by justin over 16 years ago

... and if it helps, backtrace obtained with sjg's help here:

http://www.pastebin.org/35576

Actions #2

Updated by dillon over 16 years ago

:
:... and if it helps, backtrace obtained with sjg's help here:
:
:http://www.pastebin.org/35576
:

I google searched zif_unserialize and found a bunch of bug reports
from 2005/2006 that look similar. I couldn't find anything definitive
but there was one suggestion that the thread stack might be too small,
another someone else posted something about a bug being fixed in PHP_5_2.
This was 2 years ago, though.
The only other thing I can suggest is to check the dates on the various
.so libraries being accessed. You may have updated the application but
not the shared library backing it.
-Matt
Matthew Dillon
<>
Actions #3

Updated by justin over 16 years ago

On May 12, 2008, at 11:53 PM, Justin Sherrill wrote:

http://www.pastebin.org/35758 has the same results with more
debugging info retained by recompiling the applications.

Actions #4

Updated by Johannes.Hofmann over 16 years ago

as there seems to something pthread related in the stack, where
does /usr/lib/libpthread.so.0 point to on your system?
Does it help to change the link to either libthread_xu.so or
libc_r.so?

Johannes
Actions #5

Updated by dillon over 16 years ago

:
:
:On May 12, 2008, at 11:53 PM, Justin Sherrill wrote:
:
:> ... and if it helps, backtrace obtained with sjg's help here:
:>
:> http://www.pastebin.org/35576
:>
:
:http://www.pastebin.org/35758 has the same results with more
:debugging info retained by recompiling the applications.

I hate to suggest it but... if you can get that mess (the core,
binaries, and libraries) onto your leaf account so I can gdb it
myself, I can try to track down why it crashed.
-Matt
Matthew Dillon
<>
Actions #6

Updated by tuxillo over 16 years ago

What about the commits between 1.12.1 and 1.12.2 related with threading lib?

Actions #7

Updated by justin over 16 years ago

I'm still using the same threading library in both cases - libc_r.

Actions #8

Updated by joerg over 16 years ago

I've been seeing random PHP segfaults lately in the module init code.
That's a standalone PHP using FastCGI.

Joerg

Actions #9

Updated by dblazakis over 16 years ago

It seems there was an off-by-one error in the strspn code in our libc.
The buffer was a byte too small and resulted in overwriting the saved
ebx which was the offset to the GOT -- but only if strspn was used
with a \xff in the second string.

I have a patch here:
http://dblaz.beevomit.org/dfly/strspn.patch

I've verified it fixes the PHP problem. Also, I tested it against a
small program that called strspn with a \xff in the second string and
verified that ebx was correctly restored (unlike prior to the patch).

-- Dion

On Wed, May 14, 2008 at 2:32 PM, Joerg Sonnenberger
<> wrote:

On Wed, May 14, 2008 at 11:30:19AM -0400, Justin C. Sherrill wrote:

Antonio Huete Jimenez wrote:

Antonio Huete Jimenez <> added the comment:

What about the commits between 1.12.1 and 1.12.2 related with threading lib?

I'm still using the same threading library in both cases - libc_r.

I've been seeing random PHP segfaults lately in the module init code.
That's a standalone PHP using FastCGI.

Joerg

Actions #10

Updated by joerg over 16 years ago

That doesn't make sense. The array is indexed by 0..255 below and 256 is
certainly not a valid character.

Joerg

Actions #11

Updated by dblazakis over 16 years ago

But the size of the array is 256; 0-255 inclusive.

-- Dion

On Wed, May 14, 2008 at 3:16 PM, Joerg Sonnenberger
<> wrote:

On Wed, May 14, 2008 at 02:49:14PM -0400, Dionysus Blazakis wrote:

I have a patch here:
http://dblaz.beevomit.org/dfly/strspn.patch

That doesn't make sense. The array is indexed by 0..255 below and 256 is
certainly not a valid character.

Joerg

Actions #12

Updated by joerg over 16 years ago

Bah.

/me can't think

Joerg

Actions #13

Updated by justin over 16 years ago

This fixed it - the Digest is back up, thanks to Dave.

This would be worth bringing back to 1.12.2.

Actions #14

Updated by justin over 16 years ago

On Wed, May 14, 2008 4:06 pm, Justin C. Sherrill wrote:

I meant Dion. Dave was the one who explained how to recompile easily.
"Thanks, a bunch of helpful people".

Actions #15

Updated by jspringe over 16 years ago

On Wed, 14 May 2008 16:06:19 -0400 (EDT)
"Justin C. Sherrill" <> wrote:

It definitely would be,
just as a side-note, I am curious if that also may have something to do with Johannes Problem
that he mentioned in the gcc Fortran base thread and here:
http://leaf.dragonflybsd.org/mailarchive/users/2007-11/msg00032.html
If that's pure nonsense ignore it but i remember him having problems with strspn !?

Actions #16

Updated by Johannes.Hofmann over 16 years ago

As far as I can see it's unrelated. It seems to be another libc bug
that has been fixed in FreeBSD some time ago:
http://leaf.dragonflybsd.org/mailarchive/users/2008-05/msg00097.html

Johannes
Actions #17

Updated by dillon over 16 years ago

:
:On Wed, May 14, 2008 4:06 pm, Justin C. Sherrill wrote:
:
:> This fixed it - the Digest is back up, thanks to Dave.
:
:I meant Dion. Dave was the one who explained how to recompile easily.
:"Thanks, a bunch of helpful people".

Excellent!
-Matt
Matthew Dillon
&lt;&gt;
Actions

Also available in: Atom PDF