php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #81206 Multiple PHP processes crash with JIT enabled
Submitted: 2021-06-28 20:05 UTC Modified: 2021-06-29 21:13 UTC
Votes:3
Avg. Score:4.3 ± 0.9
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: dktapps at pmmp dot io Assigned: cmb (profile)
Status: Closed Package: JIT
PHP Version: 8.0.7 OS: Windows
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: dktapps at pmmp dot io
New email:
PHP Version: OS:

 

 [2021-06-28 20:05 UTC] dktapps at pmmp dot io 
Description:
------------
Using the below script with JIT=1205, I'm able to trigger a segfault on require().
This does not happen if JIT is disabled.

This only happens on Windows.

Test script:
---------------
test.php:
<?php

declare(strict_types=1);

system(PHP_BINARY . " -v");
echo "Including script 'Test.php'\n";
require dirname(__DIR__) . '/helpers/Test.php';
echo "Done!\n";

helpers/Test.php:
<?php

class Test{

	public static function doSomething() : void{
		$time = time();
		while(time() < $time + 10){}
		echo "done\n";
	}
}

Expected result:
----------------
PHP 8.0.7 (cli) (built: Jun  2 2021 00:40:57) ( NTS Visual C++ 2019 x64 )
Copyright (c) The PHP Group
Zend Engine v4.0.7, Copyright (c) Zend Technologies
    with Zend OPcache v8.0.7, Copyright (c), by Zend Technologies
Including script 'Test.php'
Done!

Actual result:
--------------
As seen in the Windows, JIT=1205 run here: https://github.com/dktapps/php-8-jit-bugs/runs/2935629701?check_suite_focus=true

PHP 8.0.7 (cli) (built: Jun  2 2021 00:40:57) ( NTS Visual C++ 2019 x64 )
Copyright (c) The PHP Group
Zend Engine v4.0.7, Copyright (c) Zend Technologies
    with Zend OPcache v8.0.7, Copyright (c), by Zend Technologies
Including script 'Test.php'
FAILED: require-second-process.php (-1073741819)

Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-06-28 21:18 UTC] dktapps at pmmp dot io 
This problem appears to have been caused by https://github.com/php/php-src/pull/6268. Reverting this commit fixes the problem.
 [2021-06-28 21:30 UTC] dktapps at pmmp dot io 
To clarify on my previous comment:

It appears that this code: https://github.com/php/php-src/blob/0e932f7ceaab503d136a524bf7f9cefb32be29fa/ext/opcache/jit/zend_jit.c#L4911
is trashing the stubs in the shared dasm_buf (which have already been initialized by the parent process) because it assumes that the child process did not reattach to a preexisting SHM. This causes the parent process to explode.
 [2021-06-29 21:13 UTC] cmb@php.net
-Summary: JIT: Crash on require() when running two instances of the same PHP executable +Summary: Multiple PHP processes crash with JIT enabled -Status: Open +Status: Verified -Assigned To: +Assigned To: cmb
 [2021-06-29 21:14 UTC] cmb@php.net 
The following pull request has been associated:

Patch Name: Fix #81206: Multiple PHP processes crash with JIT enabled
On GitHub:  https://github.com/php/php-src/pull/7208
Patch:      https://github.com/php/php-src/pull/7208.patch
 [2021-07-19 21:58 UTC] git@php.net 
Automatic comment on behalf of cmb69
Revision: https://github.com/php/php-src/commit/ef77d3c89f3ca7750b78a7974ebb82d8b116506f
Log: Fix #81206: Multiple PHP processes crash with JIT enabled
 [2021-07-19 21:58 UTC] git@php.net
-Status: Verified +Status: Closed
 [2021-11-10 18:59 UTC] cmb@php.net 
Related To: Bug #79751
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jan 30 15:01:31 2025 UTC