Edit report at https://bugs.php.net/bug.php?id=64463&edit=1
ID: 64463
Comment by: julien at palard dot fr
Reported by: julien at palard dot fr
Summary: Segfault (For the moment, can't reproduce it)
Status: Feedback
Type: Bug
Package: Reproducible crash
Operating System: Debian 6.0.7
PHP Version: 5.4.13
Block user comment: N
Private report: N
New Comment:
@laruence :
> could you please disable all these exts and try ?
As we are unable to reproduce the bug in a dev server, and only able to
reproduce it after a buch of traffic went to it, it's not an option to disable
modules in production.
But i have a hint : We do not use rar plugin for this request.
And another hint : Since I restarted php-fpm at 11h46 today (to test with
valgrind) it never segfaulted (previously we had almost 1 segfault / hour),
like if it's an APC cache "random bug" corrupting something at compile time.
So two solutions :
* As i though in the past, the bug takes times to come (users / requests /
time ...)
* The bug does not happen at every restart of PHP-FPM but take place at
bytecode-compiling time, murphy helping in not producing the bug when I want to
try, leading me to think that a fresh php-fpm does not segfault.
> I assume the segfault is caused by some out-bounder write
Same asumption here.
Previous Comments:
------------------------------------------------------------------------
[2013-03-21 14:21:54] larue...@php.net
could you please disable all these exts and try ?
I assume the segfault is caused by some out-bounder write
------------------------------------------------------------------------
[2013-03-21 13:50:43] julien at palard dot fr
@laruence :
Yes, exactly : rar-3.0.1 mongo-1.3.5 APC-3.1.13
And PHP compiled from sources (5.4.13) with :
./configure --disable-all --prefix=/usr/local/php-5.4.13 --enable-fpm
--enable-ctype --enable-mbstring --enable-gd-native-ttf --enable-zip
--with-mcrypt --with-openssl --with-gd --with-jpeg-dir=/usr/lib
--with-freetype-dir --with-curl --with-pcre-regex --with-gettext --enable-pdo
--with-pdo-mysql=mysqlnd --with-iconv --enable-fileinfo --enable-filter
--enable-json --enable-session --enable-hash --enable-libxml --enable-dom
--enable-libxml --enable-simplexml --enable-bcmath
------------------------------------------------------------------------
[2013-03-21 13:42:24] larue...@php.net
do you use any non-offcial php extension, includes the exts at PECL?
------------------------------------------------------------------------
[2013-03-21 10:21:21] julien at palard dot fr
Sometimes segfault occur in php_request_shutdown (57 times since a few days)
and sometimes in php_execute_script (32 times in the same timespan).
Here are two segfaults occuring during php_execute_script :
Program terminated with signal 11, Segmentation fault.
#0 _zend_mm_alloc_int (heap=0x143a330, size=72) at
/usr/src/php-5.4.13/Zend/zend_alloc.c:2016
2016 ZEND_MM_CHECK_BLOCK_LINKAGE(best_fit);
(gdb) p best_fit
$1 = (zend_mm_free_block *) 0x1c7e050
(gdb) p *best_fit
$2 = {info = {_size = 7308604897320202088, _prev = 28263411883601481},
prev_free_block = 0x1c7e710, next_free_block = 0x143a728, parent =
0x687461703f2f6e75, child = {0x31243d, 0x59}}
core.php-fpm.11335
#0 _zend_mm_realloc_int (heap=0x143a330, p=0x1665e78, size=452) at
/usr/src/php-5.4.13/Zend/zend_alloc.c:2151
2151 if (ZEND_MM_IS_FREE_BLOCK(next_block)) {
(gdb) p *next_block
Cannot access memory at address 0x656d616e75d9cdd0
------------------------------------------------------------------------
[2013-03-21 10:00:42] julien at palard dot fr
Good news of the day : We have collected some core dumps, and the URL producing
the segfault is always the same.
Bad news of the day : This URL does a lot of work, so it's not a "little
script".
Bad news of the day 2 : If we restart php-fpm, for a few minutes it will not
segfault, we have to let some users hit the server first, wait a bit, and it
will start to segfault.
Bad news of the day 3 : As we have to wait for traffic to see the segfault we
can't reproduce it under valgrind.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=64463
--
Edit this bug report at https://bugs.php.net/bug.php?id=64463&edit=1
