Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 153934 - Segmentation faults using dev-php4/pecl-apc-3.0.12_p2 on AMD64+grsec
Summary: Segmentation faults using dev-php4/pecl-apc-3.0.12_p2 on AMD64+grsec
Status: RESOLVED TEST-REQUEST
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: AMD64 Linux
: High normal (vote)
Assignee: AMD64 Project
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-11-03 06:43 UTC by Gabe Martin-Dempesy
Modified: 2007-03-06 23:34 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gabe Martin-Dempesy 2006-11-03 06:43:56 UTC
After installing the pecl-apc PHP accelerator package on AMD64, after about 24 hours of continued use without a restart, the included 'apc.php' will segmentation fault apache2 when being viewed.  This file, included with the package, monitors the performance of apc by calling several functions that the module provides.

Shortly after this behavior begins, ALL requests to Apache, regardless of if they are using the apc functions, with signal 11:

(syslog entry for grsec alerts of signal 11 snippet):
Nov  3 07:10:28 rackspace grsec: From 83.204.23.254: signal 11 sent to /usr/sbin/apache2[apache2:31706] uid/euid:81/81 gid/egid:81/81, parent /usr/sbin/apache2[apache2:18804] uid/euid:0/0 gid/egid:0/0
Nov  3 07:10:28 rackspace grsec: From 83.204.23.254: signal 11 sent to /usr/sbin/apache2[apache2:31706] uid/euid:81/81 gid/egid:81/81, parent /usr/sbin/apache2[apache2:18804] uid/euid:0/0 gid/egid:0/0
Nov  3 07:10:29 rackspace grsec: From 66.249.66.104: signal 11 sent to /usr/sbin/apache2[apache2:23183] uid/euid:81/81 gid/egid:81/81, parent /usr/sbin/apache2[apache2:18804] uid/euid:0/0 gid/egid:0/0
Nov  3 07:10:29 rackspace grsec: From 66.249.66.104: signal 11 sent to /usr/sbin/apache2[apache2:23183] uid/euid:81/81 gid/egid:81/81, parent /usr/sbin/apache2[apache2:18804] uid/euid:0/0 gid/egid:0/0
Nov  3 07:10:35 rackspace grsec: From 68.14.113.90: signal 11 sent to /usr/sbin/apache2[apache2:14187] uid/euid:81/81 gid/egid:81/81, parent /usr/sbin/apache2[apache2:18804] uid/euid:0/0 gid/egid:0/0
Nov  3 07:10:54 rackspace grsec: From 67.191.144.3: signal 11 sent to /usr/sbin/apache2[apache2:32335] uid/euid:81/81 gid/egid:81/81, parent /usr/sbin/apache2[apache2:18804] uid/euid:0/0 gid/egid:0/0
Nov  3 07:10:54 rackspace grsec: From 67.191.144.3: signal 11 sent to /usr/sbin/apache2[apache2:32335] uid/euid:81/81 gid/egid:81/81, parent /usr/sbin/apache2[apache2:18804] uid/euid:0/0 gid/egid:0/0
Nov  3 07:10:55 rackspace grsec: From 192.11.226.104: signal 11 sent to /usr/sbin/apache2[apache2:11147] uid/euid:81/81 gid/egid:81/81, parent /usr/sbin/apache2[apache2:18804] uid/euid:0/0 gid/egid:0/0
Nov  3 07:10:55 rackspace grsec: From 192.11.226.104: signal 11 sent to /usr/sbin/apache2[apache2:11147] uid/euid:81/81 gid/egid:81/81, parent /usr/sbin/apache2[apache2:18804] uid/euid:0/0 gid/egid:0/0
Nov  3 07:11:00 rackspace grsec: From 66.186.253.46: signal 11 sent to /usr/sbin/apache2[apache2:14219] uid/euid:81/81 gid/egid:81/81, parent /usr/sbin/apache2[apache2:18804] uid/euid:0/0 gid/egid:0/0

To give a bit of perspective on the load of this particular apache server, it receives approximately 10 connects / second during peak hours, and about 3 connects / second during night time hours.

Upon restarting apache, everything returns to normal for approximately another 24 hours, at which point the segmentation fault behavior starts again.  I have seen this behavior reproduced 4 times since I installed it 5 days ago.  I unfortunately can not provide any coredumps as the only AMD64 processor I have is my production server, and I'm not willing to risk reproducing this on a production server.

Note that this package is currently marked as being stable on amd64; I would recommend marking it as unstable until further details can be worked out.  I have a similar setup on an x86 machine without any problems.


/etc/php/apache2-php4/ext/apc.ini:
; (This file is defaults except the increase to 2 shm_segments and the num_files_hint to 18000 to reflect the actual number of .php files on my server)
; See http://www.zend.com/manual/ref.apc.php for a description
extension=apc.so
apc.enabled="1"
apc.shm_segments="2"
; Do *NOT* increase this above this value.  Linux has a 32MB limit on shm
; segments, and Apache will not start if this value exceeds that. (Gabe)
apc.shm_size="30"
apc.optimization="0"
apc.num_files_hint="18000"
apc.ttl="7200"
apc.user_ttl="7200"
apc.gc_ttl="3600"
apc.cache_by_default="1"
;apc.mmap_file_mask="/tmp/apcphp4.XXXXXX"
apc.file_update_protection="2"
apc.enable_cli="0"
apc.max_file_size="1M"
apc.stat="1"
apc.write_lock="1"



emerge --info:
Portage 2.1.1-r1 (hardened/amd64/multilib, gcc-3.4.6, glibc-2.3.6-r4, 2.6.16-hardened-r10 x86_64)
=================================================================
System uname: 2.6.16-hardened-r10 x86_64 AMD Athlon(tm) 64 Processor 3000+
Gentoo Base System version 1.12.5
Last Sync: Fri, 03 Nov 2006 05:20:01 +0000
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.3.5-r2, 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=athlon64 -pipe -O2"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /var/bind /var/qmail/alias /var/qmail/control /var/vpopmail/domains /var/vpopmail/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=athlon64 -pipe -O2"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict"
GENTOO_MIRRORS="http://gentoo.osuosl.org/ http://distro.ibiblio.org/pub/linux/distributions/gentoo/ http://ftp.ucsb.edu/pub/mirrors/linux/gentoo/ http://gentoo.chem.wisc.edu/gentoo/"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.us.gentoo.org/gentoo-portage"
USE="amd64 apache2 bzip2 chroot clearpasswd cli crypt curl dlloader doc elibc_glibc expat gd hardened imap input_devices_keyboard input_devices_mouse ipalias jpeg justify kernel_linux mpm-prefork mysql nls notlsbeforeauth nptl pam pcre perl pic png posix qmail readline ruby sendfile session sftplogging spamassassin ssl symlink tcpd threads unicode userland_GNU userlocales utf8 vchroot vhosts xml xorg zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Gabe Martin-Dempesy 2006-11-03 06:47:00 UTC
Oops! I forgot to leave the version that I'm referring to in the summary:

dev-php4/pecl-apc-3.0.12_p2
Comment 2 Luca Longinotti (RETIRED) gentoo-dev 2007-03-06 20:20:55 UTC
Could you please try with dev-php4/pecl-apc-3.0.13? That fixes lots of issues...
Also, I don't think we need the hardened people CCed here, grsecurity is just logging and reporting the segfault, it's not the cause.
Best regards, CHTEKK.
Comment 3 Gabe Martin-Dempesy 2007-03-06 23:34:22 UTC
(In reply to comment #2)
I unfortunately no longer have an AMD64 server to test with, as I migrated all my servers back to Intels due to the number of issues that were popping up with the arch. Hopefully someone else with a fairly loaded server can test this in my stead.