Edit report at https://bugs.php.net/bug.php?id=64463&edit=1
ID: 64463
Updated by: larue...@php.net
Reported by: julien at palard dot fr
Summary: Segfault (For the moment, can't reproduce it)
Status: Feedback
Type: Bug
Package: Reproducible crash
Operating System: Debian 6.0.7
PHP Version: 5.4.13
Block user comment: N
Private report: N
New Comment:
could you please disable all these exts and try ?
I assume the segfault is caused by some out-bounder write
Previous Comments:
------------------------------------------------------------------------
[2013-03-21 13:50:43] julien at palard dot fr
@laruence :
Yes, exactly : rar-3.0.1 mongo-1.3.5 APC-3.1.13
And PHP compiled from sources (5.4.13) with :
./configure --disable-all --prefix=/usr/local/php-5.4.13 --enable-fpm
--enable-ctype --enable-mbstring --enable-gd-native-ttf --enable-zip
--with-mcrypt --with-openssl --with-gd --with-jpeg-dir=/usr/lib
--with-freetype-dir --with-curl --with-pcre-regex --with-gettext --enable-pdo
--with-pdo-mysql=mysqlnd --with-iconv --enable-fileinfo --enable-filter
--enable-json --enable-session --enable-hash --enable-libxml --enable-dom
--enable-libxml --enable-simplexml --enable-bcmath
------------------------------------------------------------------------
[2013-03-21 13:42:24] larue...@php.net
do you use any non-offcial php extension, includes the exts at PECL?
------------------------------------------------------------------------
[2013-03-21 10:21:21] julien at palard dot fr
Sometimes segfault occur in php_request_shutdown (57 times since a few days)
and sometimes in php_execute_script (32 times in the same timespan).
Here are two segfaults occuring during php_execute_script :
Program terminated with signal 11, Segmentation fault.
#0 _zend_mm_alloc_int (heap=0x143a330, size=72) at
/usr/src/php-5.4.13/Zend/zend_alloc.c:2016
2016 ZEND_MM_CHECK_BLOCK_LINKAGE(best_fit);
(gdb) p best_fit
$1 = (zend_mm_free_block *) 0x1c7e050
(gdb) p *best_fit
$2 = {info = {_size = 7308604897320202088, _prev = 28263411883601481},
prev_free_block = 0x1c7e710, next_free_block = 0x143a728, parent =
0x687461703f2f6e75, child = {0x31243d, 0x59}}
core.php-fpm.11335
#0 _zend_mm_realloc_int (heap=0x143a330, p=0x1665e78, size=452) at
/usr/src/php-5.4.13/Zend/zend_alloc.c:2151
2151 if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
(gdb) p *next_block
Cannot access memory at address 0x656d616e75d9cdd0
------------------------------------------------------------------------
[2013-03-21 10:00:42] julien at palard dot fr
Good news of the day : We have collected some core dumps, and the URL producing
the segfault is always the same.
Bad news of the day : This URL does a lot of work, so it's not a "little
script".
Bad news of the day 2 : If we restart php-fpm, for a few minutes it will not
segfault, we have to let some users hit the server first, wait a bit, and it
will start to segfault.
Bad news of the day 3 : As we have to wait for traffic to see the segfault we
can't reproduce it under valgrind.
------------------------------------------------------------------------
[2013-03-21 09:43:20] julien at palard dot fr
No, sadly, for the moment we do not have any small script to reproduce it. It
happen some times in our production servers, but never in our development one,
so, for the moment, we can't try to reduce the script to a minimal test case...
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=64463
--
Edit this bug report at https://bugs.php.net/bug.php?id=64463&edit=1
