search

dunglas / frankenphp

🧟 The modern PHP app server
https://frankenphp.dev
MIT License
6.88k stars 235 forks source link

Server crashes (134) in worker mode under certain conditions #803

Closed AlliBalliBaba closed 5 months ago

AlliBalliBaba commented 5 months ago

What happened?

I am seeing weird server crashes in the dunglas/frankenphp:1.1-php8.3-bookworm and dunglas/frankenphp:1.1-php8.3-alpine images if the pcntl extension is also installed.

The Frankenphp worker server will crash when uploading a multipart/form-data image and then redirecting afterwards. The issue seems to stem from some memory misallocation. The bug seems to happen consistently when the worker only handles 1 request. For reproducing this minimal example, you have to create a frankenphp-worker.php with the following content:

$handle = function()
{
    $file = $_FILES["file"] ?? null;
    $content =( $file['tmp_name'] ?? null) ? file_get_contents($file['tmp_name']) : null;
    if($file){
        header('Location: /?success');
    }
    echo "<form method='POST' enctype='multipart/form-data'><input type='file' name='file'><button>go</button></form>";
};

frankenphp_handle_request($handle);

To get the server crash, I had to do the following:

  1. Start the server docker image (dunglas/frankenphp:1.1-php8.3-bookworm)
  2. Install pcnt if it's not installed already (install-php-extensions pcntl)
  3. Visit the page served by frankenphp-worker.php in a browser and see the upload form
  4. Upload any file or image with the form

It is also weird that this is not 100% consistent.

I recorded this bug in Ubuntu (WSL) (amd) in both the dunglas/frankenphp:1.1-php8.3-bookworm and dunglas/frankenphp:1.1-php8.3-alpine docker images. But -only- if the pcntl extension is also installed so maybe there's an incompatiblity there? It feels very random

Also when the bug occurs (inconsistently) I see either free(): invalid pointer in the output before the POST request is handled or double free or corruption (out) after the request is handled.

Build Type

Docker (Debian Bookworm)

Worker Mode

Yes

Operating System

GNU/Linux

CPU Architecture

x86_64

PHP configuration

PHP Version 8.3.7
System  Linux 6199cc9a8b22 5.15.146.1-microsoft-standard-WSL2 #1 SMP Thu Jan 11 04:09:03 UTC 2024 x86_64
Build Date  May 10 2024 21:41:14
Build System    Linux - Docker
Build Provider  https://github.com/docker-library/php
Configure Command   './configure' '--build=x86_64-linux-gnu' '--with-config-file-path=/usr/local/etc/php' '--with-config-file-scan-dir=/usr/local/etc/php/conf.d' '--enable-option-checking=fatal' '--with-mhash' '--with-pic' '--enable-mbstring' '--enable-mysqlnd' '--with-password-argon2' '--with-sodium=shared' '--with-pdo-sqlite=/usr' '--with-sqlite3=/usr' '--with-curl' '--with-iconv' '--with-openssl' '--with-readline' '--with-zlib' '--enable-phpdbg' '--enable-phpdbg-readline' '--with-pear' '--with-libdir=lib/x86_64-linux-gnu' '--enable-embed' '--enable-zts' '--disable-zend-signals' 'build_alias=x86_64-linux-gnu'
Server API  FrankenPHP
Virtual Directory Support   enabled
Configuration File (php.ini) Path   /usr/local/etc/php
Loaded Configuration File   (none)
Scan this dir for additional .ini files /usr/local/etc/php/conf.d
Additional .ini files parsed    /usr/local/etc/php/conf.d/99-octane.ini, /usr/local/etc/php/conf.d/docker-php-ext-gd.ini, /usr/local/etc/php/conf.d/docker-php-ext-opcache.ini, /usr/local/etc/php/conf.d/docker-php-ext-pcntl.ini, /usr/local/etc/php/conf.d/docker-php-ext-pdo_mysql.ini, /usr/local/etc/php/conf.d/docker-php-ext-redis.ini, /usr/local/etc/php/conf.d/docker-php-ext-sodium.ini
PHP API 20230831
PHP Extension   20230831
Zend Extension  420230831
Zend Extension Build    API420230831,TS
PHP Extension Build API20230831,TS
Debug Build no
Thread Safety   enabled
Thread API  POSIX Threads
Zend Signal Handling    disabled
Zend Memory Manager enabled
Zend Multibyte Support  provided by mbstring
Zend Max Execution Timers   enabled
IPv6 Support    enabled
DTrace Support  disabled
Registered PHP Streams  https, ftps, compress.zlib, php, file, glob, data, http, ftp, phar
Registered Stream Socket Transports tcp, udp, unix, udg, ssl, tls, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3
Registered Stream Filters   zlib.*, convert.iconv.*, string.rot13, string.toupper, string.tolower, convert.*, consumed, dechunk
Zend logoThis program makes use of the Zend Scripting Language Engine:
Zend Engine v4.3.7, Copyright (c) Zend Technologies with Zend OPcache v8.3.7, Copyright (c), by Zend Technologies
Configuration
Core
PHP Version 8.3.7
Directive   Local Value Master Value
allow_url_fopen On  On
allow_url_include   Off Off
arg_separator.input &   &
arg_separator.output    &   &
auto_append_file    no value    no value
auto_globals_jit    On  On
auto_prepend_file   no value    no value
browscap    no value    no value
default_charset UTF-8   UTF-8
default_mimetype    text/html   text/html
disable_classes no value    no value
disable_functions   no value    no value
display_errors  Off On
display_startup_errors  On  On
doc_root    no value    no value
docref_ext  no value    no value
docref_root no value    no value
enable_dl   On  On
enable_post_data_reading    On  On
error_append_string no value    no value
error_log   no value    no value
error_log_mode  0644    0644
error_prepend_string    no value    no value
error_reporting -1  no value
expose_php  Off Off
extension_dir   /usr/local/lib/php/extensions/no-debug-zts-20230831 /usr/local/lib/php/extensions/no-debug-zts-20230831
fiber.stack_size    no value    no value
file_uploads    On  On
hard_timeout    2   2
highlight.comment   #FF8000 #FF8000
highlight.default   #0000BB #0000BB
highlight.html  #000000 #000000
highlight.keyword   #007700 #007700
highlight.string    #DD0000 #DD0000
html_errors On  On
ignore_repeated_errors  Off Off
ignore_repeated_source  Off Off
ignore_user_abort   On  Off
implicit_flush  Off Off
include_path    .:/usr/local/lib/php    .:/usr/local/lib/php
input_encoding  no value    no value
internal_encoding   no value    no value
log_errors  Off Off
mail.add_x_header   Off Off
mail.force_extra_parameters no value    no value
mail.log    no value    no value
mail.mixed_lf_and_crlf  Off Off
max_execution_time  60  30
max_file_uploads    20  20
max_input_nesting_level 64  64
max_input_time  -1  -1
max_input_vars  1000    1000
max_multipart_body_parts    -1  -1
memory_limit    128M    128M
open_basedir    no value    no value
output_buffering    0   0
output_encoding no value    no value
output_handler  no value    no value
post_max_size   100M    100M
precision   14  14
realpath_cache_size 16M 16M
realpath_cache_ttl  360 360
register_argc_argv  On  On
report_memleaks On  On
report_zend_debug   Off Off
request_order   no value    no value
sendmail_from   no value    no value
sendmail_path   /usr/sbin/sendmail -t -i    /usr/sbin/sendmail -t -i
serialize_precision -1  -1
short_open_tag  On  On
SMTP    localhost   localhost
smtp_port   25  25
sys_temp_dir    no value    no value
syslog.facility LOG_USER    LOG_USER
syslog.filter   no-ctrl no-ctrl
syslog.ident    php php
unserialize_callback_func   no value    no value
upload_max_filesize 100M    100M
upload_tmp_dir  no value    no value
user_dir    no value    no value
user_ini.cache_ttl  300 300
user_ini.filename   .user.ini   .user.ini
variables_order EGPCS   EGPCS
xmlrpc_error_number 0   0
xmlrpc_errors   Off Off
zend.assertions 1   1
zend.detect_unicode On  On
zend.enable_gc  On  On
zend.exception_ignore_args  Off Off
zend.exception_string_param_max_len 15  15
zend.max_allowed_stack_size 0   0
zend.multibyte  Off Off
zend.reserved_stack_size    0   0
zend.script_encoding    no value    no value
ctype
ctype functions enabled
curl
cURL support    enabled
cURL Information    7.88.1
Age 10
Features
AsynchDNS   Yes
CharConv    No
Debug   No
GSS-Negotiate   No
IDN Yes
IPv6    Yes
krb4    No
Largefile   Yes
libz    Yes
NTLM    Yes
NTLMWB  Yes
SPNEGO  Yes
SSL Yes
SSPI    No
TLS-SRP Yes
HTTP2   Yes
GSSAPI  Yes
KERBEROS5   Yes
UNIX_SOCKETS    Yes
PSL Yes
HTTPS_PROXY Yes
MULTI_SSL   No
BROTLI  Yes
ALTSVC  Yes
HTTP3   No
UNICODE No
ZSTD    Yes
HSTS    Yes
GSASL   No
Protocols   dict, file, ftp, ftps, gopher, gophers, http, https, imap, imaps, ldap, ldaps, mqtt, pop3, pop3s, rtmp, rtmpe, rtmps, rtmpt, rtmpte, rtmpts, rtsp, scp, sftp, smb, smbs, smtp, smtps, telnet, tftp
Host    x86_64-pc-linux-gnu
SSL Version OpenSSL/3.0.11
ZLib Version    1.2.13
libSSH Version  libssh2/1.10.0
Directive   Local Value Master Value
curl.cainfo no value    no value
date
date/time support   enabled
timelib version 2022.10
"Olson" Timezone Database Version   2024.1
Timezone Database   internal
Default timezone    Europe/Vienna
Directive   Local Value Master Value
date.default_latitude   31.7667 31.7667
date.default_longitude  35.2333 35.2333
date.sunrise_zenith 90.833333   90.833333
date.sunset_zenith  90.833333   90.833333
date.timezone   UTC UTC
dom
DOM/XML enabled
DOM/XML API Version 20031129
libxml Version  2.9.14
HTML Support    enabled
XPath Support   enabled
XPointer Support    enabled
Schema Support  enabled
RelaxNG Support enabled
fileinfo
fileinfo support    enabled
libmagic    543
filter
Input Validation and Filtering  enabled
Directive   Local Value Master Value
filter.default  unsafe_raw  unsafe_raw
filter.default_flags    no value    no value
frankenphp
Version v1.1.5
gd
GD Support  enabled
GD Version  bundled (2.1.0 compatible)
FreeType Support    enabled
FreeType Linkage    with freetype
FreeType Version    2.12.1
GIF Read Support    enabled
GIF Create Support  enabled
JPEG Support    enabled
libJPEG Version 6b
PNG Support enabled
libPNG Version  1.6.39
WBMP Support    enabled
XPM Support enabled
libXpm Version  30411
XBM Support enabled
WebP Support    enabled
BMP Support enabled
AVIF Support    enabled
TGA Read Support    enabled
Directive   Local Value Master Value
gd.jpeg_ignore_warning  On  On
hash
hash support    enabled
Hashing Engines md2 md4 md5 sha1 sha224 sha256 sha384 sha512/224 sha512/256 sha512 sha3-224 sha3-256 sha3-384 sha3-512 ripemd128 ripemd160 ripemd256 ripemd320 whirlpool tiger128,3 tiger160,3 tiger192,3 tiger128,4 tiger160,4 tiger192,4 snefru snefru256 gost gost-crypto adler32 crc32 crc32b crc32c fnv132 fnv1a32 fnv164 fnv1a64 joaat murmur3a murmur3c murmur3f xxh32 xxh64 xxh3 xxh128 haval128,3 haval160,3 haval192,3 haval224,3 haval256,3 haval128,4 haval160,4 haval192,4 haval224,4 haval256,4 haval128,5 haval160,5 haval192,5 haval224,5 haval256,5
MHASH support   Enabled
MHASH API Version   Emulated Support
iconv
iconv support   enabled
iconv implementation    glibc
iconv library version   2.36
Directive   Local Value Master Value
iconv.input_encoding    no value    no value
iconv.internal_encoding no value    no value
iconv.output_encoding   no value    no value
json
json support    enabled
libxml
libXML support  active
libXML Compiled Version 2.9.14
libXML Loaded Version   20914
libXML streams  enabled
mbstring
Multibyte Support   enabled
Multibyte string engine libmbfl
HTTP input encoding translation disabled
libmbfl version 1.3.2
mbstring extension makes use of "streamable kanji code filter and converter", which is distributed under the GNU Lesser General Public License version 2.1.
Multibyte (japanese) regex support  enabled
Multibyte regex (oniguruma) version 6.9.8
Directive   Local Value Master Value
mbstring.detect_order   no value    no value
mbstring.encoding_translation   Off Off
mbstring.http_input no value    no value
mbstring.http_output    no value    no value
mbstring.http_output_conv_mimetypes ^(text/|application/xhtml\+xml) ^(text/|application/xhtml\+xml)
mbstring.internal_encoding  no value    no value
mbstring.language   neutral neutral
mbstring.regex_retry_limit  1000000 1000000
mbstring.regex_stack_limit  100000  100000
mbstring.strict_detection   Off Off
mbstring.substitute_character   no value    no value
mysqlnd
mysqlnd enabled
Version mysqlnd 8.3.7
Compression supported
core SSL    supported
extended SSL    supported
Command buffer size 4096
Read buffer size    32768
Read timeout    86400
Collecting statistics   Yes
Collecting memory statistics    No
Tracing n/a
Loaded plugins  mysqlnd,debug_trace,auth_plugin_mysql_native_password,auth_plugin_mysql_clear_password,auth_plugin_caching_sha2_password,auth_plugin_sha256_password
API Extensions  pdo_mysql
openssl
OpenSSL support enabled
OpenSSL Library Version OpenSSL 3.0.11 19 Sep 2023
OpenSSL Header Version  OpenSSL 3.0.11 19 Sep 2023
Openssl default config  /usr/lib/ssl/openssl.cnf
Directive   Local Value Master Value
openssl.cafile  no value    no value
openssl.capath  no value    no value
pcntl
pcntl support   enabled
pcre
PCRE (Perl Compatible Regular Expressions) Support  enabled
PCRE Library Version    10.42 2022-12-12
PCRE Unicode Version    14.0.0
PCRE JIT Support    enabled
PCRE JIT Target x86 64bit (little endian + unaligned)
Directive   Local Value Master Value
pcre.backtrack_limit    1000000 1000000
pcre.jit    On  On
pcre.recursion_limit    100000  100000
PDO
PDO support enabled
PDO drivers sqlite, mysql
pdo_mysql
PDO Driver for MySQL    enabled
Client API version  mysqlnd 8.3.7
Directive   Local Value Master Value
pdo_mysql.default_socket    no value    no value
pdo_sqlite
PDO Driver for SQLite 3.x   enabled
SQLite Library  3.40.1
Phar
Phar: PHP Archive support   enabled
Phar API version    1.1.1
Phar-based phar archives    enabled
Tar-based phar archives enabled
ZIP-based phar archives enabled
gzip compression    enabled
bzip2 compression   disabled (install ext/bz2)
Native OpenSSL support  enabled
Phar based on pear/PHP_Archive, original concept by Davey Shafik.
Phar fully realized by Gregory Beaver and Marcus Boerger.
Portions of tar implementation Copyright (c) 2003-2009 Tim Kientzle.
Directive   Local Value Master Value
phar.cache_list no value    no value
phar.readonly   On  On
phar.require_hash   On  On
posix
POSIX support   enabled
random
Version 8.3.7
readline
Readline Support    enabled
Readline library    8.2
Directive   Local Value Master Value
cli.pager   no value    no value
cli.prompt  \b \>   \b \>
redis
Redis Support   enabled
Redis Version   6.0.2
Redis Sentinel Version  1.0
Available serializers   php, json
Available compression   lzf, zstd, lz4
Directive   Local Value Master Value
redis.arrays.algorithm  no value    no value
redis.arrays.auth   no value    no value
redis.arrays.autorehash 0   0
redis.arrays.connecttimeout 0   0
redis.arrays.consistent 0   0
redis.arrays.distributor    no value    no value
redis.arrays.functions  no value    no value
redis.arrays.hosts  no value    no value
redis.arrays.index  0   0
redis.arrays.lazyconnect    0   0
redis.arrays.names  no value    no value
redis.arrays.pconnect   0   0
redis.arrays.previous   no value    no value
redis.arrays.readtimeout    0   0
redis.arrays.retryinterval  0   0
redis.clusters.auth no value    no value
redis.clusters.cache_slots  0   0
redis.clusters.persistent   0   0
redis.clusters.read_timeout 0   0
redis.clusters.seeds    no value    no value
redis.clusters.timeout  0   0
redis.pconnect.connection_limit 0   0
redis.pconnect.echo_check_liveness  1   1
redis.pconnect.pool_detect_dirty    0   0
redis.pconnect.pool_pattern no value    no value
redis.pconnect.pool_poll_timeout    0   0
redis.pconnect.pooling_enabled  1   1
redis.session.early_refresh 0   0
redis.session.lock_expire   0   0
redis.session.lock_retries  100 100
redis.session.lock_wait_time    20000   20000
redis.session.locking_enabled   0   0
Reflection
Reflection  enabled
session
Session Support enabled
Registered save handlers    files user redis rediscluster
Registered serializer handlers  php_serialize php php_binary
Directive   Local Value Master Value
session.auto_start  Off Off
session.cache_expire    180 180
session.cache_limiter   nocache nocache
session.cookie_domain   no value    no value
session.cookie_httponly Off Off
session.cookie_lifetime 0   0
session.cookie_path /   /
session.cookie_samesite no value    no value
session.cookie_secure   Off Off
session.gc_divisor  100 100
session.gc_maxlifetime  1440    1440
session.gc_probability  1   1
session.lazy_write  On  On
session.name    PHPSESSID   PHPSESSID
session.referer_check   no value    no value
session.save_handler    files   files
session.save_path   no value    no value
session.serialize_handler   php php
session.sid_bits_per_character  4   4
session.sid_length  32  32
session.upload_progress.cleanup On  On
session.upload_progress.enabled On  On
session.upload_progress.freq    1%  1%
session.upload_progress.min_freq    1   1
session.upload_progress.name    PHP_SESSION_UPLOAD_PROGRESS PHP_SESSION_UPLOAD_PROGRESS
session.upload_progress.prefix  upload_progress_    upload_progress_
session.use_cookies On  On
session.use_only_cookies    On  On
session.use_strict_mode Off Off
session.use_trans_sid   Off Off
SimpleXML
SimpleXML support   enabled
Schema support  enabled
sodium
sodium support  enabled
libsodium headers version   1.0.18
libsodium library version   1.0.18
SPL
SPL support enabled
Interfaces  OuterIterator, RecursiveIterator, SeekableIterator, SplObserver, SplSubject
Classes AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, CallbackFilterIterator, DirectoryIterator, DomainException, EmptyIterator, FilesystemIterator, FilterIterator, GlobIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, MultipleIterator, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveCallbackFilterIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RecursiveTreeIterator, RegexIterator, RuntimeException, SplDoublyLinkedList, SplFileInfo, SplFileObject, SplFixedArray, SplHeap, SplMinHeap, SplMaxHeap, SplObjectStorage, SplPriorityQueue, SplQueue, SplStack, SplTempFileObject, UnderflowException, UnexpectedValueException
sqlite3
SQLite3 support enabled
SQLite Library  3.40.1
Directive   Local Value Master Value
sqlite3.defensive   On  On
sqlite3.extension_dir   no value    no value
standard
Dynamic Library Support enabled
Path to sendmail    /usr/sbin/sendmail -t -i
Directive   Local Value Master Value
assert.active   On  On
assert.bail Off Off
assert.callback no value    no value
assert.exception    On  On
assert.warning  On  On
auto_detect_line_endings    Off Off
default_socket_timeout  60  60
from    no value    no value
session.trans_sid_hosts no value    no value
session.trans_sid_tags  a=href,area=href,frame=src,form=    a=href,area=href,frame=src,form=
unserialize_max_depth   4096    4096
url_rewriter.hosts  no value    no value
url_rewriter.tags   form=   form=
user_agent  no value    no value
tokenizer
Tokenizer Support   enabled
xml
XML Support active
XML Namespace Support   active
libxml2 Version 2.9.14
xmlreader
XMLReader   enabled
xmlwriter
XMLWriter   enabled
Zend OPcache
Opcode Caching  Up and Running
Optimization    Enabled
SHM Cache   Enabled
File Cache  Disabled
JIT On
Startup OK
Shared memory model mmap
Cache hits  5245
Cache misses    1665
Used memory 35794008
Free memory 232641448
Wasted memory   0
Interned Strings Used memory    5718664
Interned Strings Free memory    2669944
Cached scripts  871
Cached keys 1668
Max keys    32531
OOM restarts    0
Hash keys restarts  0
Manual restarts 0
Start time  2024-05-19T23:53:50+0200
Last restart time   none
Last force restart time none
Directive   Local Value Master Value
opcache.blacklist_filename  no value    no value
opcache.dups_fix    Off Off
opcache.enable  On  On
opcache.enable_cli  On  On
opcache.enable_file_override    Off Off
opcache.error_log   no value    no value
opcache.file_cache  no value    no value
opcache.file_cache_consistency_checks   On  On
opcache.file_cache_only Off Off
opcache.file_update_protection  2   2
opcache.force_restart_timeout   180 180
opcache.huge_code_pages Off Off
opcache.interned_strings_buffer 8   8
opcache.jit tracing tracing
opcache.jit_bisect_limit    0   0
opcache.jit_blacklist_root_trace    16  16
opcache.jit_blacklist_side_trace    8   8
opcache.jit_buffer_size 128M    128M
opcache.jit_debug   0   0
opcache.jit_hot_func    127 127
opcache.jit_hot_loop    64  64
opcache.jit_hot_return  8   8
opcache.jit_hot_side_exit   8   8
opcache.jit_max_exit_counters   8192    8192
opcache.jit_max_loop_unrolls    8   8
opcache.jit_max_polymorphic_calls   2   2
opcache.jit_max_recursive_calls 2   2
opcache.jit_max_recursive_returns   2   2
opcache.jit_max_root_traces 1024    1024
opcache.jit_max_side_traces 128 128
opcache.jit_max_trace_length    1024    1024
opcache.jit_prof_threshold  0.005   0.005
opcache.lockfile_path   /tmp    /tmp
opcache.log_verbosity_level 1   1
opcache.max_accelerated_files   32531   32531
opcache.max_file_size   0   0
opcache.max_wasted_percentage   5   5
opcache.memory_consumption  256M    256M
opcache.opt_debug_level 0   0
opcache.optimization_level  0x7FFEBFFF  0x7FFEBFFF
opcache.preferred_memory_model  no value    no value
opcache.preload no value    no value
opcache.preload_user    no value    no value
opcache.protect_memory  Off Off
opcache.record_warnings Off Off
opcache.restrict_api    no value    no value
opcache.revalidate_freq 2   2
opcache.revalidate_path Off Off
opcache.save_comments   On  On
opcache.use_cwd Off Off
opcache.validate_permission Off Off
opcache.validate_root   Off Off
opcache.validate_timestamps Off Off
zlib
ZLib Support    enabled
Stream Wrapper  compress.zlib://
Stream Filter   zlib.inflate, zlib.deflate
Compiled Version    1.2.13
Linked Version  1.2.13
Directive   Local Value Master Value
zlib.output_compression On  On
zlib.output_compression_level   9   9
zlib.output_handler no value    no value
Additional Modules
Module Name

Relevant log output

backend  | {"level":"info","ts":1716157049.991952,"msg":"restarting","worker":"/app/public/frankenphp-worker.php"}
backend  | free(): invalid pointer
backend  | {"level":"info","ts":1716157053.8772733,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.48
.1","remote_port":"34614","client_ip":"192.168.48.1","proto":"HTTP/1.1","method":"POST","host":"backend.cms.localhost:8033","uri":"/?success","headers":
{"Sec-Fetch-Site":["same-origin"],"Accept-Encoding":["gzip, deflate, br, zstd"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537
.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"],"Sec-Fetch-Mode":["navigate"],"Referer":["http://localhost:8033/?success"],"Accept-
Language":["en,de-AT;q=0.9,de;q=0.8"],"Connection":["keep-alive"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Origin":["http://localhost:8033"],"C
ookie":[],"Cache-Control":["max-age=0"],"Sec-Ch-Ua-Mobile":["?0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp
,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Content-Type":["multipart/form-data; boundary=----WebKitFormBoundaryBfhPuMOgZLPpnABw"],"
Sec-Fetch-User":["?1"],"Sec-Fetch-Dest":["document"],"Content-Length":["62477"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"125\", \"Chromium\";v=\"125\", \"Not
.A/Brand\";v=\"24\""],"Upgrade-Insecure-Requests":["1"]}},"bytes_read":62477,"user_id":"","duration":0.043359339,"size":107,"status":302,"resp_headers":{"Location":["/?success"],"Content-Type":["text/html; charset=UTF-8"],"Server":["Caddy"],"X-Powered-By":["PHP/8.3.7"]}}
backend exited with code 134
withinboredom commented 5 months ago

Interesting! Thank you for providing a minimal reproducer, that helps a ton.

I happen to be working on a php-src RFC for someone right now so I popped over to the pcntl extension to just take a quick gander. From the looks of it, it probably isn't compatible with FrankenPHP.

  1. It was written with the assumption that PHP is the process owner ... Caddy is the process owner in FrankenPHP. That means making changes to the current process will make changes to the Caddy process. This is probably not what you want.
  2. The bug here appears to be stemming from the fact that at the end of a request, pcntl appears to try and reset a global signal table that spans all threads. This will probably result in a race condition when different threads try to change the same memory without coordination giving a potential "invalid pointer" at the beginning of a request or a "double free" at the end of a request.

I'd have to actually debug it to figure out what is going on, but in theory this bug would happen on any ZTS build with this extension and multiple threads.

AlliBalliBaba commented 5 months ago

Thanks for looking into it @withinboredom This is unfortunate since some worker implementations like the one in laravel explicitly require you to have pcntl installed. I guess the workaround right now would be to just handle a lot of requests before gracefully restarting the worker. The chance for a server crash would then probably be very small.

dunglas commented 5 months ago

Actually Laravel Octane only needs pcntl for the CLI SAPI... to start FrankenPHP. FrankenPHP itself doesn't need nor use pcntl.

It should be possible to install pcntl for CLI but not for FrankenPHP, and this should work for Octane.

lermontex commented 5 months ago

Symfony Messenger may also require pcntl. In any case, without this extension I can’t run a project that uses message processing in batches (not sure if this is related)

https://symfony.com/doc/current/messenger.html#process-messages-by-batches

I'm using RabbitMQ, the following packages are installed: symfony/messenger symfony/doctrine-messenger symfony/amqp-messenger

I also had strange crashes with a large number of messages. It's very sad if this is related

messenger-1   |
messenger-1   | In DispatchPcntlSignalListener.php line 24:
messenger-1   |
messenger-1   |   [Symfony\Component\ErrorHandler\Error\UndefinedFunctionError]
messenger-1   |   Attempted to call function "pcntl_signal_dispatch" from namespace "Symfony\
messenger-1   |   Component\Messenger\EventListener".
messenger-1   |
messenger-1   |
messenger-1   | Exception trace:
messenger-1   |   at /srv/app/vendor/symfony/messenger/EventListener/DispatchPcntlSignalListener.php:24
messenger-1   |  Symfony\Component\Messenger\EventListener\DispatchPcntlSignalListener->onWorkerRunning() at /srv/app/vendor/symfony/event-dispatcher/Debug/WrappedListener.php:116
messenger-1   |  Symfony\Component\EventDispatcher\Debug\WrappedListener->__invoke() at /srv/app/vendor/symfony/event-dispatcher/EventDispatcher.php:206
messenger-1   |  Symfony\Component\EventDispatcher\EventDispatcher->callListeners() at /srv/app/vendor/symfony/event-dispatcher/EventDispatcher.php:56
messenger-1   |  Symfony\Component\EventDispatcher\EventDispatcher->dispatch() at /srv/app/vendor/symfony/event-dispatcher/Debug/TraceableEventDispatcher.php:127
messenger-1   |  Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->dispatch() at /srv/app/vendor/symfony/messenger/Worker.php:132
messenger-1   |  Symfony\Component\Messenger\Worker->run() at /srv/app/vendor/symfony/messenger/Command/ConsumeMessagesCommand.php:235
messenger-1   |  Symfony\Component\Messenger\Command\ConsumeMessagesCommand->execute() at /srv/app/vendor/symfony/console/Command/Command.php:279
messenger-1   |  Symfony\Component\Console\Command\Command->run() at /srv/app/vendor/symfony/console/Application.php:1049
messenger-1   |  Symfony\Component\Console\Application->doRunCommand() at /srv/app/vendor/symfony/framework-bundle/Console/Application.php:125
messenger-1   |  Symfony\Bundle\FrameworkBundle\Console\Application->doRunCommand() at /srv/app/vendor/symfony/console/Application.php:318
messenger-1   |  Symfony\Component\Console\Application->doRun() at /srv/app/vendor/symfony/framework-bundle/Console/Application.php:79
messenger-1   |  Symfony\Bundle\FrameworkBundle\Console\Application->doRun() at /srv/app/vendor/symfony/console/Application.php:169
messenger-1   |  Symfony\Component\Console\Application->run() at /srv/app/vendor/symfony/runtime/Runner/Symfony/ConsoleApplicationRunner.php:49
messenger-1   |  Symfony\Component\Runtime\Runner\Symfony\ConsoleApplicationRunner->run() at /srv/app/vendor/autoload_runtime.php:29
messenger-1   |  require_once() at /srv/app/bin/console:15
messenger-1   |
messenger-1   | messenger:consume [-l|--limit LIMIT] [-f|--failure-limit FAILURE-LIMIT] [-m|--memory-limit MEMORY-LIMIT] [-t|--time-limit TIME-LIMIT] [--sleep SLEEP] [-b|--bus BUS] [--queues QUEUES] [--no-reset] [--] [<receivers>...]
dunglas commented 5 months ago

@lermontex it's the same situation for Symfony Messenger. pcntl is only needed to run the consumer command (CLI), FrankenPHP (with the notable exception of the php-cli subcommand) runs the web server.

You could run the commands with the standard PHP CLI SAPI, (the php binary) with pcntl installed, and the web server (the FrankenPHP SAPI) without pcntl.

That being said, this is just a workaround. The real solution is to fix the thread safety issue in pcntl.

dunglas commented 5 months ago

Could you please report this bug to PHP directly, as this doesn't look specific to FrankenPHP (and there is nothing we can do about that in this code base).

lermontex commented 5 months ago

@dunglas, The fact is that, as far as I understand, using dunglas/symfony-docker I will have to add an additional image for Messenger

I'm currently using one image to run the webserver and handler. A similar solution is described here https://github.com/dunglas/symfony-docker/issues/539

I think it should be mentioned that this may cause errors since the pcntl extension will be installed in any mode: https://github.com/dunglas/symfony-docker/blob/bfdd75e73ffcdce57f0f9f883029b57629549195/Dockerfile#L28

RUN set -eux; \
    install-php-extensions \
        @composer \
        apcu \
        intl \
        opcache \
        zip \
        pcntl \
    ;
root@api:/srv/app# php -m
[PHP Modules]
amqp
apcu
Core
ctype
curl
date
dom
fileinfo
filter
hash
iconv
intl
json
libxml
mbstring
mysqlnd
openssl
pcntl
pcre
PDO
pdo_pgsql
pdo_sqlite
Phar
posix
random
readline
Reflection
session
SimpleXML
sodium
SPL
sqlite3
standard
tokenizer
xml
xmlreader
xmlwriter
Zend OPcache
zip
zlib

[Zend Modules]
Zend OPcache

Anyway, it seems we need to add information about incompatibility (if this is indeed the case) to the documentation

dunglas commented 5 months ago

@lermontex we can document it in the "known issues" page! PR welcome.

Thanks to the reproducer, this bug shouldn't be too hard to fix.

I have a very busy week (and the next will be busy too), but I'll try to take a look after that if someone didn't had time to work on this.

lermontex commented 5 months ago

@dunglas, Unfortunately, I will not be able to provide more specific information, since I was never able to find out why the errors occurred in my case. I just mentioned that incompatibility with pcntl can also affect the operation of Symfony Messenger. Hope this can prevent unexpected errors and improve comppatiblity in the future

Anyway, thanks for your work!

withinboredom commented 5 months ago

You could run the commands with the standard PHP CLI SAPI, (the php binary) with pcntl installed, and the web server (the FrankenPHP SAPI) without pcntl.

You can do this by using different php.ini files instead of different containers. Basically have a web.php.ini and a worker.php.ini. In theory, you should already be doing this because workers generally need more memory than web requests, different error reporting, potentially different extensions enabled, different opcache/jit config, etc.

AlliBalliBaba commented 5 months ago

I've noticed that triggering gc_collect_cycles() at the end of the worker script also seems to mitigate crashes, at least with a Laravel project I'm working on. I created an according PR for Laravel Octane. It would be nice if this also fixes crashes other people have been having.

The main problem with these types of crashes is how hard they are to reproduce

dunglas commented 5 months ago

Thanks for the reproducer. I can reproduce the bug on Mac using the latest version. I'm on it.

dunglas commented 5 months ago

https://github.com/dunglas/frankenphp/pull/857 fixes the problem on my side. I don't think that it's related to pcntl.

Could you try this patch to see if it fixes the issue for you too @AlliBalliBaba?

AlliBalliBaba commented 5 months ago

I suspect it will fix the issue. I'll try installing from source if I have time or with a new release once it's out

AlliBalliBaba commented 4 months ago

I can confirm that v1.2.1 does indeed fix the bug.