Crash with PHP 8.3 nightly

[dunglas]

Description

For a few days, the FrankenPHP test suite crashes when using libphp 8.3 ZTS provided by shivammathur/setup-php.

Here is a backtrace:

[New Thread 0x7fff67ffd640 (LWP 8036)]
free(): invalid pointer
free(): invalid pointer
free(): invalid pointer
free(): invalid pointer

Thread 9 "thpool-0" received signal SIGABRT, Aborted.
[Switching to Thread 0x7fff89163640 (LWP 8033)]
__pthread_kill_implementation (no_tid=0, signo=6, threadid=140735493322304) at ./nptl/pthread_kill.c:44
44      ./nptl/pthread_kill.c: No such file or directory.
(gdb) bt
#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=140735493322304) at ./nptl/pthread_kill.c:44
#1  __pthread_kill_internal (signo=6, threadid=140735493322304) at ./nptl/pthread_kill.c:78
#2  __GI___pthread_kill (threadid=140735493322304, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3  0x00007ffff7642476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4  0x00007ffff76287f3 in __GI_abort () at ./stdlib/abort.c:79
#5  0x00007ffff7689676 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff77dbb8c "%s\n") at ../sysdeps/posix/libc_fatal.c:155
#6  0x00007ffff76a0cfc in malloc_printerr (str=str@entry=0x7ffff77d9764 "free(): invalid pointer") at ./malloc/malloc.c:5664
#7  0x00007ffff76a2a44 in _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at ./malloc/malloc.c:4439
#8  0x00007ffff76a5453 in __GI___libc_free (mem=<optimized out>) at ./malloc/malloc.c:3391
#9  0x00007ffff7c6cc3e in ?? () from /lib/libphp.so
#10 0x00007ffff7c279cf in ?? () from /lib/libphp.so
#11 0x00007ffff7d13315 in zend_deactivate_modules () from /lib/libphp.so
#12 0x00007ffff7c9b5cd in php_request_shutdown () from /lib/libphp.so
#13 0x000000000071df40 in frankenphp_request_shutdown ()
#14 0x000000000071c1ea in _cgo_3aaccee9b53c_Cfunc_frankenphp_request_shutdown ()
#15 0x000000000047a168 in runtime.asmcgocall.abi0 ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

https://github.com/dunglas/frankenphp/actions/runs/6879551912/job/18711722654?pr=304

Tests are still green with PHP 8.2. They were green with 9717e9f but fail now.

PHP Version

PHP 8.3 nightly

Operating System

Ubuntu 22.04.3 LTS

[iluuu1994]

I don't see any interesting changes. Can you try with debug symbols, and potentially ASAN? ASAN should catch the invalid free.

[dunglas]

@iluuu1994 debug symbols were enabled for this stack trace. Do you have an idea of how to enable ASAN for shivammathur/setup-php?

[iluuu1994]

@dunglas I'm not familiar with shivammathur/setup-php, so unfortunately I cannot help there. Essentially what you need is --enable-address-sanitizer, and CFLAGS="-DZEND_TRACK_ARENA_ALLOC" if you can. The application should then be run using the USE_ZEND_ALLOC=0 env variable.

[iluuu1994]

debug symbols were enabled for this stack trace

Where/how did you obtain libphp.so? From your distribution? Edit: Ah probably shivammathur/setup-php then I guess. So you're enabling the debug: true option? ?? () from /lib/libphp.so does not look like the symbols are available.

[dunglas]

Yes, the .so is coming from shivammathur/setup-php, and debug is set to true.

I created a test pipeline if you want to reproduce:

dunglas/frankenphp#306

1. Connect to the GHA container by copying the ssh line printed in the tests (8.3) check
2. Run go test -c -ldflags=-w
3. You can use GDB on the generated binary: gdb --args ./frankenphp.test

Edit: indeed, debug symbols aren't included while they should: shivammathur/setup-php#784

[nielsdos]

I have a feeling this could be #12501 (comment) which was fixed in #12663

[dunglas]

Good catch @nielsdos! Tests are now green with the latest nightly, so this was likely this problem.

Thank you!