Edit report at http://bugs.php.net/bug.php?id=53333&edit=1
ID: 53333 Comment by: kriscr...@php.net Reported by: paj...@php.net Summary: Random crash Status: Feedback Type: Bug Package: MySQLi related Operating System: * PHP Version: 5.3.3 Assigned To: mysql Block user comment: N Private report: N New Comment: Sorry for not keeping these comments up-to-date. I've had my head buried triaging this for the last two months now. Anyway, there's a few things to cover. First, I was able to get your mysqlnd debug to work. However, because you have it outputting the debug to a file on each and every PHP run, this filesystem stress is creating a major bottleneck, bringing PHP's perf understress down from around 50 tps (transactions per second) to about 1 or 2 tps. As a result, I am unable to repro this crash with this enabled as you specified in your comment. I would recommend that you perhaps find a way to store this data as an object or whatever and only output to a file in the event of a crash or other error. In any case, I spent some time backtracing this and I believe what we're dealing with is a classic double-free and/or corruption. I have no explanation as to what's causing the corruption to begin with though. I also investigated whether or not this is a threading issue. Contrary to what common sense would suggest, this does not appear to be the case, either. I ran the stress test again on Apache with the -X option (Debug mode), which forces httpd.exe to run as a single process. The crash still occured. No relevant change in the repro. I have also confirmed that this bug is still present in the latest release of 5.3.5. Finally, given the difficulty in reproducing this bug, not to mention the general difficulty in tracking down memory corruption issues in ANSI C in general, I'm now trying a bandaid approach. I added an ifcheck to _zend_mm_free_int in zend_alloc.c at the spot of the top of the crash stack, forcing it to skip the free attempt if the variable in question (next_block) is NULL. I then added some exception handling (using setjmp.h) code to mysqli_result_free_storage in mysqli.c at a spot earlier in the stack, forcing it to throw a PHP warning error (which is set to output to a log file) if there's an exception. I've never tried this in ANSI C before but I think I've got it right. The test is running now and may take awhile to yield a result. I will post a patch early next week. If successful, this won't fix whatever the underlying cause of the corruption is, but it will at least throw an error and spare us a crash, which will allow me to start generating PHP perf results under stress conditions along with the standard perf data. I'll post again when I have the results of this latest test run. Previous Comments: ------------------------------------------------------------------------ [2010-12-02 11:26:33] paj...@php.net You need a debug build to get it working. ------------------------------------------------------------------------ [2010-12-02 08:45:42] kriscr...@php.net Unfortunately, still no go with the forward slashes. Has this new debug feature actually been tested yet, or perhaps it needs to be enabled in the source then rebuilt? I'm fresh out of ideas. :/ ------------------------------------------------------------------------ [2010-12-01 23:25:47] kriscr...@php.net Alrighty, I'll try using forward slashes and will post the outcome when it's done. The bug typically takes anywhere from 1 hour up to around 4 hours to repro under stress, so stand by for now. =) ------------------------------------------------------------------------ [2010-12-01 14:13:55] paj...@php.net Right, but only for the ini setting tests, as it should not be enabled by default :) ------------------------------------------------------------------------ [2010-12-01 14:10:34] and...@php.net Pierre, I'm a fan of this, but it can, and will probably, hit the run-time performance. But I can't tell without a benchmark. Unfortunately Ulf has some other things to do at the moment. It is easy to change that, just edit mysqlnd.h and find MYSQLND_DBG_ENABLED and set it to 1 in all cases. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/bug.php?id=53333 -- Edit this bug report at http://bugs.php.net/bug.php?id=53333&edit=1