JIT zend_fetch_ce_from_cache_slot segfault

[danog]

Description

Description

Got the following assertion when running multiple Psalm unit tests: https://github.com/danog/php-src/actions/runs/11871508040/job/33084124984#step:10:6100

AddressSanitizer:DEADLYSIGNAL
=================================================================
==251842==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x5566ff4b38da bp 0x7ffde8644550 sp 0x7ffde8644520 T0)
==251842==The signal is caused by a READ memory access.
==251842==Hint: address points to the zero page.
    #0 0x5566ff4b38da in zend_fetch_ce_from_cache_slot /home/runner/work/php-src/php-src/Zend/zend_execute.c:1110
    #1 0x5566ff4b49cf in zend_check_type_slow /home/runner/work/php-src/php-src/Zend/zend_execute.c:1193
    #2 0x5566ff4b5726 in zend_check_user_type_slow /home/runner/work/php-src/php-src/Zend/zend_execute.c:1251
    #3 0x7fdaa03f086b in zend_jit_verify_arg_slow ext/opcache/jit/zend_jit_helpers.c:1909
    #4 0x7fda5fbfe5ac  (/dev/zero (deleted)+0x1094c5ac)

Config is in #12406, reproducer command is:

php --repeat 2 -f .github/jit_check.php /tmp/psalm/vendor/bin/phpunit /tmp/psalm/tests/Config/ConfigTest.php

PHP Version

nightly

Operating System

No response

[nielsdos]

I wasn't able to reproduce this on my system. I used your jit_bugs repo, and to match the config in #12406 I only had to increase the JIT buffer size. Does this reliably reproduce on your system?

[danog]

This specific issue does not reproduce locally with jit_bugs, but I'd wait for all the other reproducible psalm issues to be closed first, so I can re-run psalm in the CI and see if it reproduces there

[danog]

Plus there's the very nasty issue #16831 which popped up in almost every psalm unit test in the CI, but I couldn't reproduce locally (may be caused by some extension built only in the CI...)