Segmentation fault in zend_mm_alloc_small, heap->free_slot corrupted

[shm-dmitry]

Description

I have site running under apache & php. One of apache process crashes in random moment of time a few times per hour. Apache log:

[Thu Jul 11 10:24:38.513496 2024] [core:notice] [pid 10220] AH00052: child pid 10451 exit signal Segmentation fault (11)
[Thu Jul 11 10:24:44.520621 2024] [core:notice] [pid 10220] AH00052: child pid 10450 exit signal Segmentation fault (11)
[Thu Jul 11 10:25:15.553693 2024] [core:notice] [pid 10220] AH00052: child pid 10483 exit signal Segmentation fault (11)
[Thu Jul 11 10:26:46.647515 2024] [core:notice] [pid 10220] AH00052: child pid 10456 exit signal Segmentation fault (11)
[Thu Jul 11 10:30:50.893853 2024] [core:notice] [pid 10220] AH00052: child pid 10518 exit signal Segmentation fault (11)
[Thu Jul 11 10:31:34.940498 2024] [core:notice] [pid 10220] AH00052: child pid 10569 exit signal Segmentation fault (11)

I took core dump and opened it in gdb.

Core was generated by `/usr/sbin/httpd -DFOREGROUND'.
Program terminated with signal 11, Segmentation fault.
#0  zend_mm_alloc_small (bin_num=13, heap=0x2ad188a00040) at /usr/src/debug/php-8.3.8/Zend/zend_alloc.c:1312
1312                    heap->free_slot[bin_num] = p->next_free_slot;
(gdb) p *heap
$1 = {use_custom_heap = 0, storage = 0x0, size = 10617048, peak = 10618672, free_slot = {0x2ad188a81930, 0x2ad188a835e0, 0x2ad19e8071b0, 0x2ad19e702620, 0x2ad19e690460, 0x2ad19e5384b0, 0x2ad19e955c78, 
    0x2ad19e943540, 0x2ad19e9549b0, 0x2ad19e55d600, 0x2ad19e5dc3f0, 0x2ad19e59ac80, 0x2ad19e993be0, 0x7f800002ad188ae, 0x2ad19e9491c0, 0x2ad19e889c00, 0x2ad19e94f280, 0x2ad19ded2980, 0x2ad19e80b8c0, 
    0x2ad19e991c00, 0x2ad19e624000, 0x2ad19e816000, 0x2ad188b2b180, 0x2ad188b2dc00, 0x2ad19e651000, 0x2ad19dec4a00, 0x2ad188afa500, 0x2ad188ac8800, 0x2ad19e887200, 0x2ad188b39800}, real_size = 12582912, 
  real_peak = 12582912, limit = 2122317824, overflow = 0, huge_list = 0x0, main_chunk = 0x2ad188a00000, cached_chunks = 0x0, chunks_count = 6, peak_chunks_count = 6, cached_chunks_count = 0, 
  avg_chunks_count = 5.0007341797857006, last_chunks_delete_boundary = 0, last_chunks_delete_count = 0, custom_heap = {std = {_malloc = 0x0, _free = 0x0, _realloc = 0x0}, debug = {_malloc = 0x0, _free = 0x0, 
      _realloc = 0x0}}, tracked_allocs = 0x0}
(gdb) p heap->free_slot[13]
$2 = (zend_mm_free_slot *) 0x7f800002ad188ae

As you see heap->free_slot[13] is an invalid pointer.

Backtrace:

(gdb) bt
#0  zend_mm_alloc_small (bin_num=13, heap=0x2ad188a00040) at /usr/src/debug/php-8.3.8/Zend/zend_alloc.c:1312
#1  zend_mm_alloc_heap (size=<optimized out>, heap=0x2ad188a00040) at /usr/src/debug/php-8.3.8/Zend/zend_alloc.c:1383
#2  _emalloc () at /usr/src/debug/php-8.3.8/Zend/zend_alloc.c:2615
#3  0x00002ad18694a70b in zend_objects_new (ce=0x2ad12ade2320) at /usr/src/debug/php-8.3.8/Zend/zend_objects_API.h:83
#4  0x00002ad1868bbe05 in _object_and_properties_init (properties=0x0, class_type=0x2ad12ade2320, arg=0x2ad188a1ae60) at /usr/src/debug/php-8.3.8/Zend/zend_API.c:1772
#5  object_init_ex () at /usr/src/debug/php-8.3.8/Zend/zend_API.c:1795
#6  0x00002ad1868f7bd1 in ZEND_NEW_SPEC_CONST_UNUSED_HANDLER () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:10537
#7  0x00002ad1869234ae in execute_ex () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:58125
#8  0x00002ad186669fcc in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:2052
#9  0x00002ad18666aed1 in execute_ex (ex=0x2ad188a00040) at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:57256
#10 0x00002ad186669fcc in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:2052
#11 0x00002ad18666aed1 in execute_ex (ex=0x2ad188a00040) at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:57256
#12 0x00002ad186669fcc in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:2052
#13 0x00002ad18666aed1 in execute_ex (ex=0x2ad188a00040) at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:57256
#14 0x00002ad186669fcc in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:2052
#15 0x00002ad18666aed1 in execute_ex (ex=0x2ad188a00040) at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:57256
#16 0x00002ad186669fcc in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:2052
#17 0x00002ad18666aed1 in execute_ex (ex=0x2ad188a00040) at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:57256
#18 0x00002ad186669fcc in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:2052
#19 0x00002ad18666aed1 in execute_ex (ex=0x2ad188a00040) at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:57256
#20 0x00002ad186669fcc in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:2052
#21 0x00002ad18666aed1 in execute_ex (ex=0x2ad188a00040) at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:57256
#22 0x00002ad186669fcc in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:2052
#23 0x00002ad18666aed1 in execute_ex (ex=0x2ad188a00040) at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:57256
#24 0x00002ad1868fa8a4 in ZEND_INCLUDE_OR_EVAL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:5125
#25 0x00002ad1869230aa in execute_ex () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:57332
#26 0x00002ad186669fcc in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:2052
#27 0x00002ad18666aed1 in execute_ex (ex=0x2ad188a00040) at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:57256
#28 0x00002ad186669fcc in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:2052
#29 0x00002ad18666aed1 in execute_ex (ex=0x2ad188a00040) at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:57256
#30 0x00002ad186669fcc in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:2052
#31 0x00002ad18666aed1 in execute_ex (ex=0x2ad188a00040) at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:57256
#32 0x00002ad186669fcc in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:2052
#33 0x00002ad18666aed1 in execute_ex (ex=0x2ad188a00040) at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:57256
#34 0x00002ad1868fa8a4 in ZEND_INCLUDE_OR_EVAL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:5125
#35 0x00002ad1869230aa in execute_ex () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:57332
#36 0x00002ad186669fcc in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:2052
#37 0x00002ad18666aed1 in execute_ex (ex=0x2ad188a00040) at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:57256
#38 0x00002ad186669fcc in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:2052
#39 0x00002ad18666aed1 in execute_ex (ex=0x2ad188a00040) at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:57256
#40 0x00002ad186669fcc in ZEND_DO_FCALL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:2052
#41 0x00002ad18666aed1 in execute_ex (ex=0x2ad188a00040) at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:57256
#42 0x00002ad1868fa8a4 in ZEND_INCLUDE_OR_EVAL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:5125
#43 0x00002ad1869230aa in execute_ex () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:57332
#44 0x00002ad1868fa8a4 in ZEND_INCLUDE_OR_EVAL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:5125
#45 0x00002ad1869230aa in execute_ex () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:57332
#46 0x00002ad1868fa8a4 in ZEND_INCLUDE_OR_EVAL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:5125
#47 0x00002ad1869230aa in execute_ex () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:57332
#48 0x00002ad1868fa8a4 in ZEND_INCLUDE_OR_EVAL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:5125
#49 0x00002ad1869230aa in execute_ex () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:57332
#50 0x00002ad1868fa8a4 in ZEND_INCLUDE_OR_EVAL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:5125
#51 0x00002ad1869230aa in execute_ex () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:57332
#52 0x00002ad1868fa8a4 in ZEND_INCLUDE_OR_EVAL_SPEC_OBSERVER_HANDLER () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:5125
#53 0x00002ad1869230aa in execute_ex () at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:57332
---Type <return> to continue, or q <return> to quit---
#54 0x00002ad18692c4d1 in zend_execute (op_array=0x2ad188a80000, return_value=0x0) at /usr/src/debug/php-8.3.8/Zend/zend_vm_execute.h:61604
#55 0x00002ad1868b9190 in zend_execute_scripts () at /usr/src/debug/php-8.3.8/Zend/zend.c:1891
#56 0x00002ad18684d27e in php_execute_script () at /usr/src/debug/php-8.3.8/main/main.c:2515
#57 0x00002ad1869a2a88 in php_handler () at /usr/src/debug/php-8.3.8/sapi/apache2handler/sapi_apache2.c:721
#58 0x0000560790ec4050 in ap_run_handler (r=r@entry=0x56079273b768) at config.c:169
#59 0x0000560790ec4599 in ap_invoke_handler (r=r@entry=0x56079273b768) at config.c:439
#60 0x0000560790ed887c in ap_internal_redirect (new_uri=<optimized out>, r=<optimized out>) at http_request.c:762
#61 0x00002ad182d30fcc in handler_redirect (r=0x5607927a4980) at mod_rewrite.c:5133
#62 0x0000560790ec4050 in ap_run_handler (r=r@entry=0x5607927a4980) at config.c:169
#63 0x0000560790ec4599 in ap_invoke_handler (r=r@entry=0x5607927a4980) at config.c:439
#64 0x0000560790ed951a in ap_process_async_request (r=r@entry=0x5607927a4980) at http_request.c:440
#65 0x0000560790ed9802 in ap_process_request (r=r@entry=0x5607927a4980) at http_request.c:475
#66 0x0000560790ed5662 in ap_process_http_sync_connection (c=0x560792734960) at http_core.c:190
#67 ap_process_http_connection (c=0x560792734960) at http_core.c:231
#68 0x0000560790ecd680 in ap_run_process_connection (c=c@entry=0x560792734960) at connection.c:41
#69 0x0000560790ecda98 in ap_process_connection (c=c@entry=0x560792734960, csd=<optimized out>) at connection.c:212
#70 0x00002ad184b757ef in child_main (child_num_arg=child_num_arg@entry=17) at prefork.c:707
#71 0x00002ad184b75a35 in make_child (s=0x560792338350, slot=slot@entry=17) at prefork.c:810
#72 0x00002ad184b75a96 in startup_children (number_to_start=43) at prefork.c:828
#73 0x00002ad184b767a0 in prefork_run (_pconf=<optimized out>, plog=0x56079233c358, s=0x560792338350) at prefork.c:986
#74 0x0000560790ea83be in ap_run_mpm (pconf=pconf@entry=0x56079230f138, plog=0x56079233c358, s=0x560792338350) at mpm_common.c:96
#75 0x0000560790ea1116 in main (argc=2, argv=0x7ffd3dc18698) at main.c:783

zbacktrace:

(gdb) zbacktrace 
[0x2ad188a1ad10] Bitrix\Main\ORM\Query\Chain->getChainByDefinition(object[0x2ad188a1ad60], "CHAT.ID") /home/bitrix/www/bitrix/modules/main/lib/orm/query/chain.php:215 
[0x2ad188a1ac60] Bitrix\Main\ORM\Query\Query->getRegisteredChain("CHAT.ID", true) /home/bitrix/www/bitrix/modules/main/lib/orm/query/query.php:3465 
[0x2ad188a1aab0] Bitrix\Main\ORM\Query\Query->addToSelectChain("CHAT.ID", "CHAT_ID") /home/bitrix/www/bitrix/modules/main/lib/orm/query/query.php:1201 
[0x2ad188a1a8d0] Bitrix\Main\ORM\Query\Query->buildQuery() /home/bitrix/www/bitrix/modules/main/lib/orm/query/query.php:2431 
[0x2ad188a1a800] Bitrix\Main\ORM\Query\Query->exec() /home/bitrix/www/bitrix/modules/main/lib/orm/query/query.php:933 
[0x2ad188a1a710] Bitrix\Main\ORM\Data\DataManager->getList(array(5)[0x2ad188a1a760]) /home/bitrix/www/bitrix/modules/main/lib/orm/data/datamanager.php:513 
[0x2ad188a1a4c0] Bitrix\Im\Recent->getList(679180, array(4)[0x2ad188a1a520]) /home/bitrix/www/bitrix/modules/im/lib/recent.php:323 
[0x2ad188a1a340] CIMMessenger->GetV2TemplateJS(array(5)[0x2ad188a1a390]) /home/bitrix/www/bitrix/modules/im/classes/general/im_messenger.php:3867 
[0x2ad188a1a1f0] CBitrixComponentTemplate->(main) /home/bitrix/www/bitrix/templates/bitrix24/components/bitrix/im.messenger/.default/template.php:226 
[0x2ad188a1a060] CBitrixComponentTemplate->__IncludePHPTemplate(reference, reference, "") /home/bitrix/www/bitrix/modules/main/classes/general/component_template.php:790 
[0x2ad188a19f40] CBitrixComponentTemplate->IncludeTemplate(reference) /home/bitrix/www/bitrix/modules/main/classes/general/component_template.php:885 
[0x2ad188a19e80] CBitrixComponent->showComponentTemplate() /home/bitrix/www/bitrix/modules/main/classes/general/component.php:784 
[0x2ad188a19de0] CBitrixComponent->includeComponentTemplate() /home/bitrix/www/bitrix/modules/main/classes/general/component.php:724 
[0x2ad188a19c90] CBitrixComponent->(main) /home/bitrix/www/bitrix/components/bitrix/im.messenger/component.php:37 
[0x2ad188a19b50] CBitrixComponent->__includeComponent() /home/bitrix/www/bitrix/modules/main/classes/general/component.php:615 
[0x2ad188a19a30] CBitrixComponent->includeComponent("", reference, false, false) /home/bitrix/www/bitrix/modules/main/classes/general/component.php:692 
[0x2ad188a19860] CAllMain->IncludeComponent("bitrix:im.messenger", "", array(3)[0x2ad188a198d0], false, array(1)[0x2ad188a198f0]) /home/bitrix/www/bitrix/modules/main/classes/general/main.php:1195 
[0x2ad188a19690] (main) /home/bitrix/www/bitrix/templates/bitrix24/header.php:387 
[0x2ad188a194d0] (main) /home/bitrix/www/bitrix/modules/main/include/prolog_after.php:120 
[0x2ad188a19440] (main) /home/bitrix/www/bitrix/modules/main/include/prolog.php:11 
[0x2ad188a193c0] (main) /home/bitrix/www/bitrix/header.php:1 
[0x2ad188a192d0] (main) /home/bitrix/www/company/personal.php:2 
[0x2ad188a190a0] (main) /home/bitrix/www/bitrix/modules/main/include/urlrewrite.php:184 
[0x2ad188a19020] (main) /home/bitrix/www/bitrix/urlrewrite.php:2 

php.ini:

; Set parameters required for proper Bitrix engine functioning.
; You can redefine parameters specified in this file
; by editing /etc/php.d/z_bx_custom_settings.ini

; Configure error processing
display_errors = On
error_reporting = E_ALL & ~E_NOTICE & ~E_WARNING

error_log=/var/log/httpd/php.error.log
log_errors=1

; Set some more PHP parameters
enable_dl = Off
short_open_tag = On
allow_url_fopen = On

; Change default values of important constants
max_input_vars = 10000
max_file_uploads = 100
max_execution_time = 300
post_max_size = 1024M
upload_max_filesize = 1024M
pcre.backtrack_limit = 1000000
pcre.recursion_limit = 14000
realpath_cache_size = 4096k
mysql.default_socket = /var/lib/mysqld/mysqld.sock
mysqli.default_socket = /var/lib/mysqld/mysqld.sock

# Security headers
mail.add_x_header = Off
expose_php = Off

; Utf-8 support
#default_charset = cp1251
default_charset = windows-1251
default_charset = windows-1251

; Configure PHP sessions
session.entropy_length = 128
session.entropy_file = /dev/urandom
;session.save_path = "/tmp/php_sessions/www"
session.save_path = "/home/bitrix/tmp_sess/"
session.save_handler = memcache
session.use_trans_sid = 0
session.cookie_httponly = On

; Set directory for temporary files
upload_tmp_dir = "/tmp/php_upload/www"

sendmail_path = msmtp -t -i
; sendmail_path = /usr/bin/test_email.sh
memory_limit = 2048M
session.cookie_domain = ***
session.gc_maxlifetime = 172800

opcache.protect_memory=1

The opcache.protect_memory string does not affect crashes.

PHP Version

PHP 8.3.8

Operating System

CentOS Linux 7

[devnexen]

Hi

The opcache.protect_memory string does not affect crashes.

are you using opcache JIT ?

[shm-dmitry]

@devnexen Hi, JIT is disabled

[iluuu1994]

Hi @shm-dmitry! Can you try disabling observers? The stack trace itself is not super indicative of the error, because it is likely cause by a buffer overwrite in some other place. If you can reproduce the error locally, you could try compiling PHP with the --enable-address-sanitizer flag, set the USE_ZEND_ALLOC=0 environment variable, and see if you get a more useful error.

[dstogov]

You got a heap corruption because of use-after-free or double free. Very probably (but not necesarry) this occurs because of a bug in third-party PHP extension. Unfortunately your backtrace doesn't shows the source of the real failure. Running your app with with some heap debugger (address sanitizer or valgrind) may give more info.

[shm-dmitry]

@dstogov , this is production server with old operation system. I tried to compile php, but I was having problems with dependencies. Maybe we can transfer it to a actual ubuntu and compile it there, but it's a complicated process.

Modules list

[PHP Modules]
calendar
Core
ctype
curl
date
dom
exif
FFI
fileinfo
filter
ftp
gd
gettext
hash
iconv
imagick
intl
json
libxml
mbstring
mysqli
mysqlnd
openssl
pcntl
pcre
PDO
pdo_mysql
Phar
posix
readline
Reflection
session
shmop
SimpleXML
soap
sockets
sodium
SPL
standard
sysvmsg
sysvsem
sysvshm
tokenizer
xml
xmlreader
xmlwriter
xsl
Zend OPcache
zip
zlib

[Zend Modules]
Zend OPcache

[dstogov]

I see, you don't use third-party extensions, so the bug should be in the mai PHP source tree. I know, it's really hard to localize this kind of bugs, but they hardly ever can be fixed without a reproduction case. Localization of the invalid free() may be only the first step of debugging, because it may be caused by invalid reference-counting or interaction with garbage collectior...

[shm-dmitry]

@dstogov , I'm sorry, but my previous modules list was from another server. There are actual modules list. I see XDebug - can it help you?

[PHP Modules]
apcu
bcmath
bz2
calendar
Core
ctype
curl
date
dom
exif
fileinfo
filter
ftp
gd
geoip
gettext
hash
iconv
intl
json
ldap
libxml
mbstring
mcrypt
memcache
mysqli
mysqlnd
openssl
pcntl
pcre
PDO
pdo_mysql
Phar
posix
pspell
random
readline
Reflection
rrd
session
shmop
SimpleXML
sockets
sodium
SPL
sqlite3
standard
sysvmsg
sysvsem
sysvshm
tokenizer
xdebug
xml
xmlreader
xmlwriter
xsl
Zend OPcache
zip
zlib

[Zend Modules]
Xdebug
Zend OPcache

[dstogov]

This won't help me to identify the problem, but now I see third-party extensions that may be the source of failure.

[shm-dmitry]

I can try to disable it, which modules are you talking about? I saw

extension=zip.so
extension = apcu.so
extension=geoip.so
extension=memcache.so
extension=rrd.so
zend_extension=opcache.so
zend_extension=xdebug.so

I've seen some problems with the geo-ip extension somewhere, I'll try to disable it.

[dstogov]

Most probably the "bad" extension is used by your app and won't work without it. Even if you find the "bad" extension, it won't help to identify the bug there. The only way to start debugging is identifying the consistent reproduction scenario...

[iluuu1994]

@shm-dmitry You might want to try to remove Xdebug at least, which should generally not be installed in your production environment.

[shm-dmitry]

@iluuu1994 , yes, I disabled xdebug, and no crashes have occurred in the last hour. I am continuing to check this now and will write a message when I am sure of the result.

[shm-dmitry]

I waited for a while and ran some tests, and now I'm sure the problem was in the xdebug module. I do not know how it corruptes memory, because no one uses it, but turning on this module leads to a crash, and when I turn it off, I cannot reproduce this crash. Versions:

php.x86_64                         8.3.8-1.el7.remi              @remi-php83    
php-debuginfo.x86_64               8.3.8-1.el7.remi              @remi-php83-debuginfo
php-pecl-xdebug3.x86_64            3.3.2-1.el7.remi.8.3          @remi-php83    
php-pecl-xdebug3-debuginfo.x86_64  3.3.2-1.el7.remi.8.3          @remi-php83-debuginfo

I think this issue can be closed due to a problem (probably?) in the external module. I can answer to another questions (and make another tests) if any. Thanks to all.

[dstogov]

As you didn't have a consistent reproduction case, removal of xdebug might only hide the problem and it might appear back on some conditions. Also may be xdebug has to be fixed. Anyway, it's good you don't see crashes any more. Please reopen the issue if you'll see crashes again.