PHP :: Bug #50896 :: Bus error on execution on a MIPS system

Bug #50896

Bus error on execution on a MIPS system

Submitted:

2010-02-01 10:07 UTC

Modified:

2010-03-01 17:04 UTC

Votes:	2
Avg. Score:	4.0 ± 1.0
Reproduced:	2 of 2 (100.0%)
Same Version:	2 (100.0%)
Same OS:	1 (50.0%)

From:

angel at wututu dot com

Assigned:

Status:

Not a bug

Package:

Reproducible crash

PHP Version:

5.2snapshot-201002171530

OS:

GNU/Linux

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	angel at wututu dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2010-02-01 10:07 UTC] angel at wututu dot com

Description:
------------
I've been trying to cros-compile PHP for an embedded MIPS device with no luck, so I decided to build a developing environment inside a virtual machine with QEMU for developing PHP inside first.

I have been trying different options for configure and all I get is a
Bus Error 138 when I run the executable. I've seen there is another
thread about this same error and I applied the patches but the error was still present.

I've tried to debug a little the code to find where the error is. I'm
explaining it right now:

I ran it first under gdb:

--------------
GNU gdb 6.8
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "mipsel-unknown-linux-gnu"...
(gdb) run
Starting program: /build/php-5.3.1/sapi/cli/php
warning: no loadable sections found in added symbol-file
/usr/lib/libiconv.so.2
starting php right now at main...

Program received signal SIGBUS, Bus error.
0x00a51634 in _zend_mm_alloc_int (heap=0xef92f0, size=14)
   at /build/php-5.3.1/Zend/zend_alloc.c:1892
1892                    ZEND_MM_CHECK_BLOCK_LINKAGE(best_fit);
(gdb) backtrace
#0  0x00a51634 in _zend_mm_alloc_int (heap=0xef92f0, size=14)
   at /build/php-5.3.1/Zend/zend_alloc.c:1892
#1  0x00a53018 in _emalloc (size=14) at
/build/php-5.3.1/Zend/zend_alloc.c:2295
#2  0x00a8be90 in zend_str_tolower_dup (source=0xe89fa8 "func_num_args",
   length=13) at /build/php-5.3.1/Zend/zend_operators.c:1856
#3  0x00a9dcf4 in zend_register_functions (scope=0x0, functions=0xec43d8,
   function_table=0x0, type=1) at /build/php-5.3.1/Zend/zend_API.c:1897
#4  0x00a9c57c in zend_register_module_ex (module=0xef9b98)
   at /build/php-5.3.1/Zend/zend_API.c:1714
#5  0x00aafdd8 in zend_startup_builtin_functions ()
   at /build/php-5.3.1/Zend/zend_builtin_functions.c:319
#6  0x00a90bb4 in zend_startup (utility_functions=0x7fd0e9d4,
extensions=0x0)
   at /build/php-5.3.1/Zend/zend.c:696
#7  0x009d6e14 in php_module_startup (sf=0xedb8bc, additional_modules=0x0,
   num_additional_modules=0) at /build/php-5.3.1/main/main.c:1821
#8  0x00bea104 in php_cli_startup (sapi_module=0xedb8bc)
   at /build/php-5.3.1/sapi/cli/php_cli.c:399
#9  0x00beb610 in main (argc=1, argv=0x7fd0ede4)
   at /build/php-5.3.1/sapi/cli/php_cli.c:774
-------------------

Then I implemented the macro ZEND_MM_CHECK_BLOCK_LINKAGE in the place
where it was run so I could see which function was creating the error.

-------------------
              //ZEND_MM_CHECK_BLOCK_LINKAGE(best_fit);

               printf("crashes before \n");
               int size = (best_fit)->info._size;
               printf("crashes between \n");
               unsigned int size2 = ZEND_MM_FREE_BLOCK_SIZE(best_fit);
               printf("crashes between 2, best_fit: %p size2:
%d\n",best_fit,size2);
               zend_mm_block* bloq = ZEND_MM_BLOCK_AT(best_fit, size2);
               printf("crashes between 3, bloq %p:\n",bloq);
               zend_mm_block* bloque = bloq->info._prev;

               printf("crashes before if\n");
               if ( UNEXPECTED(size != bloque) ||

UNEXPECTED(!UNEXPECTED(ZEND_MM_IS_FIRST_BLOCK(best_fit)) &&
                   UNEXPECTED(ZEND_MM_PREV_BLOCK(best_fit)->info._size
!= (best_fit)->info._prev)) ){
                       zend_mm_panic("zend_mm_heap corrupted");
               }
               zend_mm_remove_from_free_list(heap, best_fit);
-------------------


With the modification now the output of the executable is this:
------------
(gdb) run
Starting program: /build/php-5.3.1/sapi/cli/php
warning: no loadable sections found in added symbol-file
/usr/lib/libiconv.so.2
starting php right now at main...
crashes before
crashes between
crashes between 2, best_fit: 0x2b458018 size2: 253928
crashes between 3, bloq 0x2b496000:
crashes before if
crashes before
crashes between
crashes between 2, best_fit: 0x2b458028 size2: 1852795251
crashes between 3, bloq 0x99b4e99b:

Program received signal SIGBUS, Bus error.
0x00a516e4 in _zend_mm_alloc_int (heap=0xef92f0, size=14)
   at /build/php-5.3.1/Zend/zend_alloc.c:1905
1905                    zend_mm_block* bloque = bloq->info._prev;

------------

What it seems is that size2 gets extremely big and then ZEND_MM_BLOCK_AT
returns a very high memory address.
I have tried to trace the source of the error but i can't see where it
starts at all. 

The configure line is the following:
CFLAGS="-Os" ./configure --prefix=/local --with-db4=/local --with-bz2 --with-cgi --with-cli --with-crypt --with-curl=/local --enable-ftp --with-gd --with-gdbm=/local --with-iconv --with-ncurses --with-nls --with-pcre --with-pdo --with-readline --with-reflection --with-session --with-sqlite --with-simplexml --enable-sockets --with-spl --with-openssl --with-unicode --enable-zip --with-zlib --with-libxml --with-png-dir=/local --with-jpeg-dir=/local --disable-ipv6 --with-apxs2=/local/bin/apxs

I also tried with -g and -O0 for debugging.


Reproduce code:
---------------
/*
Any code?
*/

Expected result:
----------------
At least I expect to get the command-line help.

Actual result:
--------------
It returns Bus error. The backtrace is above shown.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-02-01 17:25 UTC] angel at wututu dot com

Still the same error with the snapshot:

Generating phar.php
/bin/sh: line 1: 29472 Bus error               ` if test -x "/build/php5.3-201002010930/sapi/cli/php"; then /build/php5.3-201002010930/build/shtool echo -n -- "/build/php5.3-201002010930/sapi/cli/php -n"; if test "x" != "x"; then /build/php5.3-201002010930/build/shtool echo -n -- " -d extension_dir=/build/php5.3-201002010930/modules"; for i in bz2 zlib phar; do if test -f "/build/php5.3-201002010930/modules/$i.la"; then . /build/php5.3-201002010930/modules/$i.la; /build/php5.3-201002010930/build/shtool echo -n -- " -d extension=$dlname"; fi; done; fi; else /build/php5.3-201002010930/build/shtool echo -n -- "/build/php5.3-201002010930/sapi/cli/php"; fi;` -d 'open_basedir=' -d 'output_buffering=0' -d 'memory_limit=-1' -d phar.readonly=0 -d 'safe_mode=0' /build/php5.3-201002010930/ext/phar/build_precommand.php > ext/phar/phar.php
make: *** [ext/phar/phar.php] Error 138

And when being run:

root@(none):/build/php5.3-201002010930# ./sapi/cli/php
Bus error

Let's see if someone can fix it or at least point me how to fix it.

[2010-02-17 15:59 UTC] jani@php.net

Is the gdb backtrace same for it? Does it happen with latest PHP-5.2 snapshot? (found at http://snaps.php.net/ ) ?

[2010-02-18 08:38 UTC] angel at wututu dot com

-Status: Feedback
+Status: Open
-PHP Version: 5.3SVN-2010-02-10
+PHP Version: 5.2snapshot-201002171530

The backtrace in this case is more or less the same as before:

(gdb) run
Starting program: /build/php5.2-201002171530/sapi/cli/php 
warning: no loadable sections found in added symbol-file /usr/lib/libiconv.so.2

Program received signal SIGBUS, Bus error.
0x0071e704 in _zend_mm_alloc_int (heap=0x91f300, size=13)
    at /build/php5.2-201002171530/Zend/zend_alloc.c:1897
1897                    ZEND_MM_CHECK_BLOCK_LINKAGE(best_fit);
(gdb) backtrace 
#0  0x0071e704 in _zend_mm_alloc_int (heap=0x91f300, size=13)
    at /build/php5.2-201002171530/Zend/zend_alloc.c:1897
#1  0x0074a5b4 in zend_register_functions (scope=0x0, functions=0x911ad0, 
    function_table=<value optimized out>, type=<value optimized out>)
    at /build/php5.2-201002171530/Zend/zend_operators.h:287
#2  0x0074358c in zend_startup (utility_functions=<value optimized out>, 
    extensions=<value optimized out>, start_builtin_functions=1)
    at /build/php5.2-201002171530/Zend/zend.c:676
#3  0x006ead00 in php_module_startup (sf=<value optimized out>, 
    additional_modules=0x0, num_additional_modules=0)
    at /build/php5.2-201002171530/main/main.c:1710
#4  0x007ef254 in php_cli_startup (sapi_module=0x0)
    at /build/php5.2-201002171530/sapi/cli/php_cli.c:389
#5  0x007efdd8 in main (argc=1, argv=0x7f948dc4)
    at /build/php5.2-201002171530/sapi/cli/php_cli.c:748

[2010-02-19 08:34 UTC] jani@php.net

-Status: Open
+Status: Bogus

Oh, you're cross-compiling this. We do not support that out-of-box, you're totally on your own with it.

[2010-02-22 16:09 UTC] angel at wututu dot com

Well... not cross compiling. I'm compiling it natively inside a virtual machine because I can't use the final machine because it lacks memory.

[2010-02-24 07:33 UTC] aharvey@php.net

I can't reproduce this on a Debian testing install within a mipsel 
QEMU VM: the current PHP 5.2 and 5.3 SVN branches compile and appear 
to work normally, at least for trivial scripts.

So, a few questions:

Are you only seeing the Bus Errors on the actual MIPS devices, or 
within QEMU as well?

Are you using a particular Linux distribution?

Which machine type are you emulating with QEMU (ie what -M option, if 
any, are you passing to qemu-system-mipsel)?

Have you tried a minimal build without any extensions enabled (ie just 
./configure --enable-debug)? Does PHP still Bus Error out in that 
case? (If PHP works OK without any extensions, then it would be 
incredibly helpful if you were able to narrow down the problem to a 
particular extension that causes PHP to crash when it's compiled in.)

[2010-02-26 13:13 UTC] angel at wututu dot com

Hi!

Sorry to say that, but I no longer have access to that machine for testing this bug :/

At this moment I saw the Bus Error inside QEMU but copying the file over the device when running it got stuck, with no error message, I had to ctrl+c it to exit.

With QEMU I was using Ubuntu 9.10, and inside the device there was an special version of openwrt.

About the -M option I don't remember much of it, I suppose it was mips or mipsel. 

And that's all I can say about that, sorry :(

[2010-03-01 17:04 UTC] jani@php.net

No problem. No testing, no way to reproduce -> bogus.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Apr 27 08:01:29 2024 UTC