From: angel at wututu dot com Operating system: GNU/Linux PHP version: 5.3.1 PHP Bug Type: Reproducible crash Bug description: Bus error on execution on a MIPS system
Description: ------------ I've been trying to cros-compile PHP for an embedded MIPS device with no luck, so I decided to build a developing environment inside a virtual machine with QEMU for developing PHP inside first. I have been trying different options for configure and all I get is a Bus Error 138 when I run the executable. I've seen there is another thread about this same error and I applied the patches but the error was still present. I've tried to debug a little the code to find where the error is. I'm explaining it right now: I ran it first under gdb: -------------- GNU gdb 6.8 Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "mipsel-unknown-linux-gnu"... (gdb) run Starting program: /build/php-5.3.1/sapi/cli/php warning: no loadable sections found in added symbol-file /usr/lib/libiconv.so.2 starting php right now at main... Program received signal SIGBUS, Bus error. 0x00a51634 in _zend_mm_alloc_int (heap=0xef92f0, size=14) at /build/php-5.3.1/Zend/zend_alloc.c:1892 1892 ZEND_MM_CHECK_BLOCK_LINKAGE(best_fit); (gdb) backtrace #0 0x00a51634 in _zend_mm_alloc_int (heap=0xef92f0, size=14) at /build/php-5.3.1/Zend/zend_alloc.c:1892 #1 0x00a53018 in _emalloc (size=14) at /build/php-5.3.1/Zend/zend_alloc.c:2295 #2 0x00a8be90 in zend_str_tolower_dup (source=0xe89fa8 "func_num_args", length=13) at /build/php-5.3.1/Zend/zend_operators.c:1856 #3 0x00a9dcf4 in zend_register_functions (scope=0x0, functions=0xec43d8, function_table=0x0, type=1) at /build/php-5.3.1/Zend/zend_API.c:1897 #4 0x00a9c57c in zend_register_module_ex (module=0xef9b98) at /build/php-5.3.1/Zend/zend_API.c:1714 #5 0x00aafdd8 in zend_startup_builtin_functions () at /build/php-5.3.1/Zend/zend_builtin_functions.c:319 #6 0x00a90bb4 in zend_startup (utility_functions=0x7fd0e9d4, extensions=0x0) at /build/php-5.3.1/Zend/zend.c:696 #7 0x009d6e14 in php_module_startup (sf=0xedb8bc, additional_modules=0x0, num_additional_modules=0) at /build/php-5.3.1/main/main.c:1821 #8 0x00bea104 in php_cli_startup (sapi_module=0xedb8bc) at /build/php-5.3.1/sapi/cli/php_cli.c:399 #9 0x00beb610 in main (argc=1, argv=0x7fd0ede4) at /build/php-5.3.1/sapi/cli/php_cli.c:774 ------------------- Then I implemented the macro ZEND_MM_CHECK_BLOCK_LINKAGE in the place where it was run so I could see which function was creating the error. ------------------- //ZEND_MM_CHECK_BLOCK_LINKAGE(best_fit); printf("crashes before \n"); int size = (best_fit)->info._size; printf("crashes between \n"); unsigned int size2 = ZEND_MM_FREE_BLOCK_SIZE(best_fit); printf("crashes between 2, best_fit: %p size2: %d\n",best_fit,size2); zend_mm_block* bloq = ZEND_MM_BLOCK_AT(best_fit, size2); printf("crashes between 3, bloq %p:\n",bloq); zend_mm_block* bloque = bloq->info._prev; printf("crashes before if\n"); if ( UNEXPECTED(size != bloque) || UNEXPECTED(!UNEXPECTED(ZEND_MM_IS_FIRST_BLOCK(best_fit)) && UNEXPECTED(ZEND_MM_PREV_BLOCK(best_fit)->info._size != (best_fit)->info._prev)) ){ zend_mm_panic("zend_mm_heap corrupted"); } zend_mm_remove_from_free_list(heap, best_fit); ------------------- With the modification now the output of the executable is this: ------------ (gdb) run Starting program: /build/php-5.3.1/sapi/cli/php warning: no loadable sections found in added symbol-file /usr/lib/libiconv.so.2 starting php right now at main... crashes before crashes between crashes between 2, best_fit: 0x2b458018 size2: 253928 crashes between 3, bloq 0x2b496000: crashes before if crashes before crashes between crashes between 2, best_fit: 0x2b458028 size2: 1852795251 crashes between 3, bloq 0x99b4e99b: Program received signal SIGBUS, Bus error. 0x00a516e4 in _zend_mm_alloc_int (heap=0xef92f0, size=14) at /build/php-5.3.1/Zend/zend_alloc.c:1905 1905 zend_mm_block* bloque = bloq->info._prev; ------------ What it seems is that size2 gets extremely big and then ZEND_MM_BLOCK_AT returns a very high memory address. I have tried to trace the source of the error but i can't see where it starts at all. The configure line is the following: CFLAGS="-Os" ./configure --prefix=/local --with-db4=/local --with-bz2 --with-cgi --with-cli --with-crypt --with-curl=/local --enable-ftp --with-gd --with-gdbm=/local --with-iconv --with-ncurses --with-nls --with-pcre --with-pdo --with-readline --with-reflection --with-session --with-sqlite --with-simplexml --enable-sockets --with-spl --with-openssl --with-unicode --enable-zip --with-zlib --with-libxml --with-png-dir=/local --with-jpeg-dir=/local --disable-ipv6 --with-apxs2=/local/bin/apxs I also tried with -g and -O0 for debugging. Reproduce code: --------------- /* Any code? */ Expected result: ---------------- At least I expect to get the command-line help. Actual result: -------------- It returns Bus error. The backtrace is above shown. -- Edit bug report at http://bugs.php.net/?id=50896&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=50896&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=50896&r=trysnapshot53 Try a snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=50896&r=trysnapshot60 Fixed in SVN: http://bugs.php.net/fix.php?id=50896&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=50896&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=50896&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=50896&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=50896&r=needscript Try newer version: http://bugs.php.net/fix.php?id=50896&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=50896&r=support Expected behavior: http://bugs.php.net/fix.php?id=50896&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=50896&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=50896&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=50896&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=50896&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=50896&r=dst IIS Stability: http://bugs.php.net/fix.php?id=50896&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=50896&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=50896&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=50896&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=50896&r=mysqlcfg
