This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 475809 - php segfaults in ld-2.8.so, apparently loading shared library
php segfaults in ld-2.8.so, apparently loading shared library
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: glibc (Show other bugs)
9
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-12-10 10:57 EST by Orion Poplawski
Modified: 2016-11-24 07:35 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-14 12:59:56 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Orion Poplawski 2008-12-10 10:57:34 EST
Description of problem:

Running cacti.  Periodically (4-8 times a day) php segfaults running the poller script (/usr/bin/php /usr/share/cacti/poller.php).  cacti.log for these runs reports:

12/10/2008 08:30:04 AM - CMDPHP: Poller[0] Host[5] DS[71] WARNING: Result from CMD not valid.  Partial Result:

dmesg:
php[22170] general protection ip:45692b sp:bfd4f3e0 error:0 in ld-2.8.so[448000+1c000]


gdb:
#0  0x0045692b in _dl_init (main_map=<value optimized out>,
    argc=<value optimized out>, argv=<value optimized out>,
    env=<value optimized out>) at dl-init.c:70
#1  0x0045abc2 in dl_open_worker (a=<value optimized out>) at dl-open.c:516
#2  0x004564f6 in _dl_catch_error (objname=<value optimized out>,
    errstring=<value optimized out>, mallocedp=<value optimized out>, operate=Could not find the frame base for "_dl_catch_error".
)
    at dl-error.c:178
#3  0x0045a2f2 in _dl_open (file=<value optimized out>,
    mode=<value optimized out>, caller_dlopen=<value optimized out>,
    nsid=<value optimized out>, argc=<value optimized out>,
    argv=<value optimized out>, env=<value optimized out>) at dl-open.c:596
#4  0x005fec2c in dlopen_doit (a=<value optimized out>) at dlopen.c:66
#5  0x004564f6 in _dl_catch_error (objname=<value optimized out>,
    errstring=<value optimized out>, mallocedp=<value optimized out>, operate=Could not find the frame base for "_dl_catch_error".
)
    at dl-error.c:178
#6  0x005ff05c in _dlerror_run (operate=<value optimized out>,
    args=<value optimized out>) at dlerror.c:164
#7  0x005feb61 in __dlopen (file=<value optimized out>,
    mode=<value optimized out>) at dlopen.c:87
#8  0x08153d41 in php_dl (file=0x9adb970, type=1, return_value=0xbfd4f7c4,
    start_now=0) at /usr/src/debug/php-5.2.6/ext/standard/dl.c:150
#9  0x081cbd74 in php_load_function_extension_cb (arg=0x9adb970)
    at /usr/src/debug/php-5.2.6/main/php_ini.c:235
#10 0x082033a0 in zend_llist_apply (l=0x833787c,
    func=0x81cbd40 <php_load_function_extension_cb>)
    at /usr/src/debug/php-5.2.6/Zend/zend_llist.c:193
#11 0x081cbd17 in php_ini_register_extensions ()
    at /usr/src/debug/php-5.2.6/main/php_ini.c:590
#12 0x081c57a3 in php_module_startup (sf=<value optimized out>,
    additional_modules=0x0, num_additional_modules=0)
    at /usr/src/debug/php-5.2.6/main/main.c:1824
#13 0x08283bed in php_cli_startup (sapi_module=0x8336040)
    at /usr/src/debug/php-5.2.6/sapi/cli/php_cli.c:358
#14 0x082844b7 in main (argc=3, argv=0xbfd4fba4)
    at /usr/src/debug/php-5.2.6/sapi/cli/php_cli.c:717

Version-Release number of selected component (if applicable):
glibc-2.8-8.i686
php-5.2.6-2.fc9.i386
cacti-0.8.7b-1.fc9.noarch
Comment 1 Orion Poplawski 2008-12-18 10:43:38 EST
Something similar on F10:

[KCrash handler]
#6  0x001fb1eb in _dl_init_internal () from /lib/ld-linux.so.2
#7  0x001ff8d2 in dl_open_worker () from /lib/ld-linux.so.2
#8  0x001fadb6 in _dl_catch_error () from /lib/ld-linux.so.2
#9  0x001fef5e in _dl_open () from /lib/ld-linux.so.2
#10 0x003b1c2c in dlopen_doit () from /lib/libdl.so.2
#11 0x001fadb6 in _dl_catch_error () from /lib/ld-linux.so.2
#12 0x003b205c in _dlerror_run () from /lib/libdl.so.2
#13 0x003b1b61 in dlopen@@GLIBC_2.1 () from /lib/libdl.so.2
#14 0x053c0af7 in QLibraryPrivate::load_sys (this=0x89ff3f0)
    at plugin/qlibrary_unix.cpp:204
#15 0x053bb01c in QLibraryPrivate::load (this=0x2f) at plugin/qlibrary.cpp:458
#16 0x053bb2a8 in QLibraryPrivate::loadPlugin (this=0x89ff3f0)
    at plugin/qlibrary.cpp:487

this is from a kxkb backtrace

kdebase-workspace-4.1.3-7.fc10.i386glibc-2.9-3.i686
glibc-2.9-3.i686

again, it's not easily reproducible.
Comment 2 Ulrich Drepper 2008-12-30 11:36:57 EST
This crash happens in the call to the init functions.  The value used comes from the DSO.  I.e., if the DSO provides a wrong value there of course will be a crash.  Nothing suggests that this is a problem in glibc.

Look at the DSO using readelf, examine the DT_INIT value.
Comment 3 Orion Poplawski 2009-01-23 10:11:36 EST
Okay, collected a couple more core files.  It happens while loading php modules, but it happens with different modules each time:

"/usr/lib/php/modules/soap.so"
"/usr/lib/php/modules/snmp.so"
"/usr/lib/php/modules/pdo_pgsql.so"
"/usr/lib/php/modules/zip.so"

#0  0x002051eb in call_init () at dl-init.c:70
#1  _dl_init (main_map=0x9191170, argc=3, argv=0xbfdfcd94, env=0xbfdfcda4)
    at dl-init.c:134
#2  0x002098d2 in dl_open_worker (a=0xbfdfc78c) at dl-open.c:516
#3  0x00204db6 in _dl_catch_error (objname=0xbfdfc7b4, errstring=0xbfdfc7b0,
    mallocedp=0xbfdfc7bb, operate=0x209510 <dl_open_worker>, args=0xbfdfc78c)
    at dl-error.c:178
#4  0x00208f5e in _dl_open (file=0xb7fa90c8 "/usr/lib/php/modules/zip.so",
    mode=-2147483382, caller_dlopen=0x8153de1, nsid=-2, argc=3,
    argv=0xbfdfcd94, env=0xbfdfcda4) at dl-open.c:596

69            /* Call the function.  */
70            init (argc, argv, env);

(gdb) print init
$1 = {void (void)} 0x3bbf90 <init>

# readelf -d "/usr/lib/php/modules/zip.so" | grep -Fi ini
 0x0000000c (INIT)                       0x2978
 0x0000000d (FINI)                       0xda58

not sure what to do after this...
Comment 4 Ulrich Drepper 2009-03-16 18:08:06 EDT
(In reply to comment #3)
> # readelf -d "/usr/lib/php/modules/zip.so" | grep -Fi ini
>  0x0000000c (INIT)                       0x2978
>  0x0000000d (FINI)                       0xda58
> 
> not sure what to do after this...  

You'll have to look at the appropriate offsets mentioned in the INIT and FINI entries.  Use objdump -d to disassemble the files.  Perhaps first examine whether these are correct code addresses by looking at the eu-readelf -p output (the offsets must be in PT_LOAD segments that are executable).
Comment 5 Bug Zapper 2009-06-09 23:24:37 EDT
This message is a reminder that Fedora 9 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 9.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '9'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 9's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 9 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 6 Bug Zapper 2009-07-14 12:59:56 EDT
Fedora 9 changed to end-of-life (EOL) status on 2009-07-10. Fedora 9 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.