php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #81206 Multiple PHP processes crash with JIT enabled
Submitted: 2021-06-28 20:05 UTC Modified: 2021-06-29 21:13 UTC
Votes:3
Avg. Score:4.3 ± 0.9
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: dktapps at pmmp dot io Assigned: cmb (profile)
Status: Closed Package: JIT
PHP Version: 8.0.7 OS: Windows
Private report: No CVE-ID: None
 [2021-06-28 20:05 UTC] dktapps at pmmp dot io
Description:
------------
Using the below script with JIT=1205, I'm able to trigger a segfault on require().
This does not happen if JIT is disabled.

This only happens on Windows.

Test script:
---------------
test.php:
<?php

declare(strict_types=1);

system(PHP_BINARY . " -v");
echo "Including script 'Test.php'\n";
require dirname(__DIR__) . '/helpers/Test.php';
echo "Done!\n";

helpers/Test.php:
<?php

class Test{

	public static function doSomething() : void{
		$time = time();
		while(time() < $time + 10){}
		echo "done\n";
	}
}

Expected result:
----------------
PHP 8.0.7 (cli) (built: Jun  2 2021 00:40:57) ( NTS Visual C++ 2019 x64 )
Copyright (c) The PHP Group
Zend Engine v4.0.7, Copyright (c) Zend Technologies
    with Zend OPcache v8.0.7, Copyright (c), by Zend Technologies
Including script 'Test.php'
Done!

Actual result:
--------------
As seen in the Windows, JIT=1205 run here: https://github.com/dktapps/php-8-jit-bugs/runs/2935629701?check_suite_focus=true

PHP 8.0.7 (cli) (built: Jun  2 2021 00:40:57) ( NTS Visual C++ 2019 x64 )
Copyright (c) The PHP Group
Zend Engine v4.0.7, Copyright (c) Zend Technologies
    with Zend OPcache v8.0.7, Copyright (c), by Zend Technologies
Including script 'Test.php'
FAILED: require-second-process.php (-1073741819)

Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-06-28 21:18 UTC] dktapps at pmmp dot io
This problem appears to have been caused by https://github.com/php/php-src/pull/6268. Reverting this commit fixes the problem.
 [2021-06-28 21:30 UTC] dktapps at pmmp dot io
To clarify on my previous comment:

It appears that this code: https://github.com/php/php-src/blob/0e932f7ceaab503d136a524bf7f9cefb32be29fa/ext/opcache/jit/zend_jit.c#L4911
is trashing the stubs in the shared dasm_buf (which have already been initialized by the parent process) because it assumes that the child process did not reattach to a preexisting SHM. This causes the parent process to explode.
 [2021-06-29 21:13 UTC] cmb@php.net
-Summary: JIT: Crash on require() when running two instances of the same PHP executable +Summary: Multiple PHP processes crash with JIT enabled -Status: Open +Status: Verified -Assigned To: +Assigned To: cmb
 [2021-06-29 21:14 UTC] cmb@php.net
The following pull request has been associated:

Patch Name: Fix #81206: Multiple PHP processes crash with JIT enabled
On GitHub:  https://github.com/php/php-src/pull/7208
Patch:      https://github.com/php/php-src/pull/7208.patch
 [2021-07-19 21:58 UTC] git@php.net
Automatic comment on behalf of cmb69
Revision: https://github.com/php/php-src/commit/ef77d3c89f3ca7750b78a7974ebb82d8b116506f
Log: Fix #81206: Multiple PHP processes crash with JIT enabled
 [2021-07-19 21:58 UTC] git@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 12:01:29 2024 UTC