Edit report at http://bugs.php.net/bug.php?id=53333&edit=1
ID: 53333
Comment by: kriscr...@php.net
Reported by: paj...@php.net
Summary: Random crash
Status: Feedback
Type: Bug
Package: MySQLi related
Operating System: *
PHP Version: 5.3.3
Assigned To: mysql
Block user comment: N
Private report: N
New Comment:
Sorry for not keeping these comments up-to-date. I've had my head
buried triaging this for the last two months now.
Anyway, there's a few things to cover. First, I was able to get your
mysqlnd debug to work. However, because you have it outputting the
debug to a file on each and every PHP run, this filesystem stress is
creating a major bottleneck, bringing PHP's perf understress down from
around 50 tps (transactions per second) to about 1 or 2 tps. As a
result, I am unable to repro this crash with this enabled as you
specified in your comment.
I would recommend that you perhaps find a way to store this data as an
object or whatever and only output to a file in the event of a crash or
other error.
In any case, I spent some time backtracing this and I believe what we're
dealing with is a classic double-free and/or corruption. I have no
explanation as to what's causing the corruption to begin with though.
I also investigated whether or not this is a threading issue. Contrary
to what common sense would suggest, this does not appear to be the case,
either. I ran the stress test again on Apache with the -X option (Debug
mode), which forces httpd.exe to run as a single process. The crash
still occured. No relevant change in the repro.
I have also confirmed that this bug is still present in the latest
release of 5.3.5.
Finally, given the difficulty in reproducing this bug, not to mention
the general difficulty in tracking down memory corruption issues in ANSI
C in general, I'm now trying a bandaid approach. I added an ifcheck to
_zend_mm_free_int in zend_alloc.c at the spot of the top of the crash
stack, forcing it to skip the free attempt if the variable in question
(next_block) is NULL. I then added some exception handling (using
setjmp.h) code to mysqli_result_free_storage in mysqli.c at a spot
earlier in the stack, forcing it to throw a PHP warning error (which is
set to output to a log file) if there's an exception. I've never tried
this in ANSI C before but I think I've got it right.
The test is running now and may take awhile to yield a result. I will
post a patch early next week. If successful, this won't fix whatever
the underlying cause of the corruption is, but it will at least throw an
error and spare us a crash, which will allow me to start generating PHP
perf results under stress conditions along with the standard perf data.
I'll post again when I have the results of this latest test run.
Previous Comments:
------------------------------------------------------------------------
[2010-12-02 11:26:33] paj...@php.net
You need a debug build to get it working.
------------------------------------------------------------------------
[2010-12-02 08:45:42] kriscr...@php.net
Unfortunately, still no go with the forward slashes. Has this new debug
feature actually been tested yet, or perhaps it needs to be enabled in
the source then rebuilt? I'm fresh out of ideas. :/
------------------------------------------------------------------------
[2010-12-01 23:25:47] kriscr...@php.net
Alrighty, I'll try using forward slashes and will post the outcome when
it's done. The bug typically takes anywhere from 1 hour up to around 4
hours to repro under stress, so stand by for now. =)
------------------------------------------------------------------------
[2010-12-01 14:13:55] paj...@php.net
Right, but only for the ini setting tests, as it should not be enabled
by default :)
------------------------------------------------------------------------
[2010-12-01 14:10:34] and...@php.net
Pierre, I'm a fan of this, but it can, and will probably, hit the
run-time performance. But I can't tell without a benchmark.
Unfortunately Ulf has some other things to do at the moment. It is easy
to change that, just edit mysqlnd.h and find MYSQLND_DBG_ENABLED and set
it to 1 in all cases.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/bug.php?id=53333
--
Edit this bug report at http://bugs.php.net/bug.php?id=53333&edit=1
