PHP :: Bug #57680 :: Apache child exit with signal Bus error (misaligned memory access)

Bug #57680	Apache child exit with signal Bus error (misaligned memory access)
Submitted:	2007-05-23 07:11 UTC	Modified:	2007-07-21 22:18 UTC
From:	andre dot lagadec at education dot gouv dot fr	Assigned:
Status:	Closed	Package:	APC (PECL)
PHP Version:	4.3.10	OS:	Solaris 9
Private report:	No	CVE-ID:	None

View Developer Edit

[2007-05-23 07:11 UTC] andre dot lagadec at education dot gouv dot fr

Description:
------------
Environnement
=============
Systeme Solaris 9
Apache 2.0.59
PHP-4.3.10
APC-3.0.14

How PHP is compiled
=======================
'./configure' '--with-config-file-path=/usr/local/apache2/conf' '--prefix=/usr/local/apache2-0_php4_3_10
' '--exec-prefix=/usr/local/apache2-0_php4_3_10' '--with-expat-dir=/usr/local' '--with-png-dir=/usr/sfw' '--with-jpeg-dir=/usr
/sfw' '--with-freetype-dir=/usr/sfw' '--with-xpm-dir=/usr/sfw' '--with-iconv=/usr/local' '--with-iconv-dir=/usr/local' '--with
-curl=/usr/local' '--with-openssl=/usr/local/ssl' '--with-dom=/usr' '--with-zlib=/usr' '--with-zlib-dir=/usr' '--with-gd=/usr/
local' '--enable-gd-native-ttf' '--with-apxs2=/usr/local/apache2/bin/apxs' '--with-oci8=/produits/oracle/product/8.1.7' '--wit
h-ldap' '--enable-ftp' '--with-gettext' '--enable-track-vars' '--enable-libgcc' '--enable-inline-optimization'

Commands to compile APC
=======================
phpize
./configure --enable-apc --with-apxs=/usr/local/apache2/bin/apxs --with-php-config=/usr/local/apache2_php4_3_10/bin/php-config
make
make install

Added lines in php.ini
======================
extension_dir = "/usr/local/apache2-0_php4_3_10/lib/php/extensions/no-debug-non-zts-20020429"
extension=apc.so
;  apc.enabled=1
  apc.mode=shm
;  apc.shm_segments=1
;  apc.shm_size=128
;  apc.shm_size=1
;  apc.ttl=7200
;  apc.user_ttl=7200
;  apc.num_files_hint=1024
;  apc.mmap_file_mask=/tmp/apc.XXXXXX
;  apc.enable_cli=1

If I run with PHP Cli this script
<?php
phpinfo();
?>

I get for APC, theses lines
apc

APC Support => disabled
Version => 3.0.14
MMAP Support => Enabled
MMAP File Mask =>
Locking type => File Locks
Revision => $Revision: 3.140 $
Build Date => May 23 2007 12:44:08

Directive => Local Value => Master Value
apc.cache_by_default => On => On
apc.enable_cli => Off => Off
apc.enabled => On => On
apc.file_update_protection => 2 => 2
apc.filters => no value => no value
apc.gc_ttl => 3600 => 3600
apc.include_once_override => Off => Off
apc.localcache => Off => Off
apc.localcache.size => 512 => 512
apc.max_file_size => 1M => 1M
apc.mmap_file_mask => no value => no value
apc.num_files_hint => 1000 => 1000
apc.report_autofilter => Off => Off
apc.shm_segments => 1 => 1
apc.shm_size => 30 => 30
apc.slam_defense => 0 => 0
apc.stat => On => On
apc.stat_ctime => Off => Off
apc.ttl => 0 => 0
apc.user_entries_hint => 4096 => 4096
apc.user_ttl => 0 => 0
apc.write_lock => On => On



Reproduce code:
---------------
<?
phpinfo();
?>

Or any other php code.


Actual result:
--------------
Blank page

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-05-23 11:25 UTC] andre dot lagadec at education dot gouv dot fr

Hi

For APC works, does PHP compile with these options ?
        --enable-sysvsem
        --enable-sysvshm
        --enable-sysvmsg

On Solaris, is it necessary to add line in /etc/system to define shared memory like this ?
set shmsys:shminfo_shmmax=16777216

Thanks for your help.
AL

[2007-06-06 16:13 UTC] nospam at aol dot com

APC-3.0.12p2 / PHP-4.4.4 works fine.  Similar options for PHP compile.

APC-3.0.14 segfaults PHP on Solaris 9.  Above options not needed.

[2007-06-12 09:45 UTC] andre dot lagadec at education dot gouv dot fr

Yes, you are right.

Same configuration works for apc-3.0.12p2 but doesn't work with apc-3.0.13 and apc-3.0.14 !

Now, when I run phpinfo(), I get "APC Support => enabled"

When I compile APC-3.0.12p2, it asks me 2 time : one for mmap and the other for apxs. But when I compile APC-3.0.13 or APC-3.0.14, it asks me only for apxs ! Is it normal ?

Thanks for your help.

[2007-06-15 11:53 UTC] gopalv82 at yahoo dot com

I don't know where you got 'apc.mode' from, but that is not read by apc as far as I know.

Please set apc.mmap_file_mask=/apc.shm.XXXXXX and see if it works.

If not, try re-compiling APC with --disable-apc-mmap

[2007-07-16 06:16 UTC] christian_boitel at yahoo dot fr

I have the same pb with Solaris 9 and PHP 5.2.3 and APC 3.0.14.

Note: I have compiled with apc-mmap disabled.

Stack trace follows:
(gdb) bt full
#0  0xfef3d0e4 in my_copy_znode ()
   from /usr/local/httpd-2.2.4-apr-1.2.8-apr-util-reslist_patch-1.2.8-libiconv-1.9.2-expat-2.0.0-php-5.2.3-tidy-26102005-libxml2-2.6.26-zlib-1.2.3-APC-3.0.14-inst/lib/php/extensions/no-debug-non-zts-20060613/apc.so
No symbol table info available.
#1  0xfef3d1c8 in my_copy_zend_op ()
   from /usr/local/httpd-2.2.4-apr-1.2.8-apr-util-reslist_patch-1.2.8-libiconv-1.9.2-expat-2.0.0-php-5.2.3-tidy-26102005-libxml2-2.6.26-zlib-1.2.3-APC-3.0.14-inst/lib/php/extensions/no-debug-non-zts-20060613/apc.so
No symbol table info available.
#2  0xfef3f760 in apc_copy_op_array ()
   from /usr/local/httpd-2.2.4-apr-1.2.8-apr-util-reslist_patch-1.2.8-libiconv-1.9.2-expat-2.0.0-php-5.2.3-tidy-26102005-libxml2-2.6.26-zlib-1.2.3-APC-3.0.14-inst/lib/php/extensions/no-debug-non-zts-20060613/apc.so
No symbol table info available.
#3  0xfef4461c in my_compile_file ()
   from /usr/local/httpd-2.2.4-apr-1.2.8-apr-util-reslist_patch-1.2.8-libiconv-1.9.2-expat-2.0.0-php-5.2.3-tidy-26102005-libxml2-2.6.26-zlib-1.2.3-APC-3.0.14-inst/lib/php/extensions/no-debug-non-zts-20060613/apc.so
No symbol table info available.
#4  0xfe7e3b30 in zend_execute_scripts () from /usr/local/apache2-instdev3/modules/libphp5.so
No symbol table info available.
#5  0xfe76fe1c in php_execute_script () from /usr/local/apache2-instdev3/modules/libphp5.so
No symbol table info available.
#6  0xfe889ff8 in php_handler () from /usr/local/apache2-instdev3/modules/libphp5.so
No symbol table info available.
#7  0x000520d4 in ap_run_handler ()
No symbol table info available.
#8  0x00052da8 in ap_invoke_handler ()
No symbol table info available.
#9  0x00074d24 in ap_process_request ()
No symbol table info available.
#10 0x00070328 in ap_process_http_connection ()
No symbol table info available.
#11 0x0005dfa8 in ap_run_process_connection ()
No symbol table info available.
#12 0x0005e618 in ap_process_connection ()
No symbol table info available.
#13 0x000990ec in child_main ()
No symbol table info available.
#14 0x0009935c in make_child ()
No symbol table info available.
#15 0x000993fc in startup_children ()
No symbol table info available.
#16 0x00099bb0 in ap_mpm_run ()
No symbol table info available.
#17 0x0002ea64 in main ()

[2007-07-16 06:55 UTC] gopalv82 at yahoo dot com

If APC is getting SIGBUS errors on shm (i.e mmap disabled) memory, I don't know what else to do ?

If anybody here can give me shell access or at least IRC-ghost-debug with me, then maybe this bug will see some attention.

[2007-07-17 04:53 UTC] christian_boitel at yahoo dot fr

Went into the processing of starting from 3.0.12p2 version code and adding changes to code from CVS.

I found that changes between 3.0.12p2 up to end of Jan 2007 are all ok. When applying changes between jan and feb, sigbus starts to occur.

I will keep on investigating to locate the CVS commit which made the sigbus appear. Once done, i will enable debug data into PHP and APC and give you a complete bt.

[2007-07-18 10:13 UTC] christian_boitel at yahoo dot fr

I have finally identified that using version 1.60 of apc_sma.c causes the SIGBUS to occur

Difference between version 1.59 and 1.60 is "Enbale canary checks outside loops by default"
=> http://cvs.php.net/viewvc.cgi/pecl/apc/apc_sma.c?r1=1.59&r2=1.60

I have found that it was an alignment pb. Using the following patch on 1.59 makes the pb vanish:
--- apc_sma.c   2007-07-18 16:06:13.696471000 +0200
+++ apc_sma.c.old       2007-07-18 16:05:39.156080000 +0200
@@ -84,6 +84,8 @@
     size_t canary;     /* canary to check for memory overwrites */
 #ifdef __APC_SMA_DEBUG__
     size_t id;         /* identifier for the memory block */ 
+#else
+    size_t dummy;         /* identifier for the memory block */ 
 #endif
 };

Suggested patch for laster cvs version of apc_sma.c will be attached.

[2007-07-18 10:14 UTC] christian_boitel at yahoo dot fr

Suggested patch for latest cvs version (a better one might be submitted):

--- apc_sma.c.old       2007-07-18 16:12:02.593750000 +0200
+++ apc_sma.c   2007-07-18 16:12:41.781250000 +0200
@@ -85,9 +85,13 @@
     size_t next;       /* offset in segment of next free block */
 #ifdef APC_SMA_CANARIES
     size_t canary;     /* canary to check for memory overwrites */
+#else
+    size_t dummy1;
 #endif
 #ifdef __APC_SMA_DEBUG__
     size_t id;         /* identifier for the memory block */ 
+#else
+    size_t dummy2;
 #endif
 };

[2007-07-19 15:26 UTC] gopalv82 at yahoo dot com

Somehow I'm a little scared of padding around data sizes in 
there. Take a look at 

http://t3.dotgnu.info/blog/php/apc-and-40bytes

I'll see if I can work out a quick way of detecting optimum 
padding for the structure in compiler land. Thanks for the 
debugging, will update the bug when I check-in a real fix.

[2007-07-21 20:05 UTC] gopalv82 at yahoo dot com

Please confirm patch

http://t3.dotgnu.info/code/apc-align.patch

[2007-07-21 22:18 UTC] gopalv82 at yahoo dot com

Tested on x86/x86_64 & checked into CVS

http://cvs.php.net/viewvc.cgi/pecl/apc/apc_sma.c?r1=1.65&r2=1.66

Please reopen if the problem hasn't been fixed.

[2007-07-23 08:43 UTC] christian_boitel at yahoo dot fr

It worked on Solaris

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Nov 08 15:00:02 2025 UTC