JIT zend_fetch_ce_from_cache_slot segfault

[danog]

Description

Description

Got the following assertion when running multiple Psalm unit tests: https://github.com/danog/php-src/actions/runs/11871508040/job/33084124984#step:10:6100

AddressSanitizer:DEADLYSIGNAL
=================================================================
==251842==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x5566ff4b38da bp 0x7ffde8644550 sp 0x7ffde8644520 T0)
==251842==The signal is caused by a READ memory access.
==251842==Hint: address points to the zero page.
    #0 0x5566ff4b38da in zend_fetch_ce_from_cache_slot /home/runner/work/php-src/php-src/Zend/zend_execute.c:1110
    #1 0x5566ff4b49cf in zend_check_type_slow /home/runner/work/php-src/php-src/Zend/zend_execute.c:1193
    #2 0x5566ff4b5726 in zend_check_user_type_slow /home/runner/work/php-src/php-src/Zend/zend_execute.c:1251
    #3 0x7fdaa03f086b in zend_jit_verify_arg_slow ext/opcache/jit/zend_jit_helpers.c:1909
    #4 0x7fda5fbfe5ac  (/dev/zero (deleted)+0x1094c5ac)

Config is in #12406, reproducer command is:

php --repeat 2 -f .github/jit_check.php /tmp/psalm/vendor/bin/phpunit /tmp/psalm/tests/Config/ConfigTest.php

PHP Version

nightly

Operating System

No response

[nielsdos]

I wasn't able to reproduce this on my system. I used your jit_bugs repo, and to match the config in #12406 I only had to increase the JIT buffer size. Does this reliably reproduce on your system?

[danog]

This specific issue does not reproduce locally with jit_bugs, but I'd wait for all the other reproducible psalm issues to be closed first, so I can re-run psalm in the CI and see if it reproduces there

[danog]

Plus there's the very nasty issue #16831 which popped up in almost every psalm unit test in the CI, but I couldn't reproduce locally (may be caused by some extension built only in the CI...)

[nielsdos]

déjà vu: #11614
Likely same root cause. Have you seen this since then?

[github-actions]

No feedback was provided. The issue is being suspended because we assume that you are no longer experiencing the problem. If this is not the case and you are able to provide the information that was requested earlier, please do so. Thank you.