https://bugzilla.wikimedia.org/show_bug.cgi?id=62623
--- Comment #14 from Tim Starling <tstarl...@wikimedia.org> --- (In reply to Tim Starling from comment #12) > $ cd > /srv/ssd/jenkins-slave/workspace/mediawiki-core-phpunit-databaseless/tests/ > phpunit But of course, that only worked for a few minutes, and then the source tree was replaced with some other patchset and it stopped working. I still don't have a reliable reproduction procedure. (In reply to Antoine "hashar" Musso from comment #11) > Core file is available at tin.eqiad.wmnet:/home/hashar/bug62623-2.core It says that it crashed while freeing the property table an XMPReader object, specifically the bucket for the extendedXMPOffset property. The bucket was apparently valid and had a valid allocation header, but when the allocator tried to merge the newly-freed item with the next item in the region, it found that that next item had garbage in its header. With a deterministic reproduction procedure, it would be possible to set a hardware watchpoint on the corrupt allocation header, and see what writes to that memory location over the course of the program. That may allow us to identify the source of the dangling pointer. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
