Segmentation fault in Zend/zend_execute.h:164 in JIT

[YuanchengJiang]

Description

The following code:

<?php
namespace Foo;
preg_replace('/foo/', '', '');
$b = 3;
$a = new SplFixedArray($b);
foreach ($a as $x) {}
$x1=1;
$x2=$x;
var_dump('xml_parser_get_option');
$callret=xml_parser_get_option($x1,$x2);
?>

Resulted in this output (JIT 1211):

Zend/zend_execute.h:164:7: runtime error: member access within misaligned address 0x7fbc8440501f for type 'zval' (aka 'struct _zval_struct'), which requires 8 byte alignment
0x7fbc8440501f: note: pointer points here
 00 00 00 00 00  f0 88 6d ab 06 56 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  40 01 47

PHP Version

nightly

Operating System

ubuntu 22.04

[devnexen]

Reproduced and getting this with asan

sapi/cli/php -d "zend_extension=$PWD/modules/opcache.so" -d "opcache.enable=1" -d "opcache.enable_cli=1" -d "opcache.jit=1211" ~/a.php
php(30784,0x1ef7eb240) malloc: nano zone abandoned due to inability to reserve vm space.
AddressSanitizer:DEADLYSIGNAL
=================================================================
==30784==ERROR: AddressSanitizer: SEGV on unknown address 0xffff80700023a6c4 (pc 0x0001057a0688 bp 0x00016bc30ec0 sp 0x00016bc30b30 T0)
==30784==The signal is caused by a READ memory access.
    #0 0x1057a0688 in ZEND_NEW_SPEC_CONST_UNUSED_HANDLER zend_vm_execute.h:10903
    #1 0x11512d0b8  (<unknown module>)
    #2 0x105684410 in execute_ex zend_vm_execute.h:58565
    #3 0x105684e40 in zend_execute zend_vm_execute.h:64217
    #4 0x105b6a190 in zend_execute_script zend.c:1932
    #5 0x105212aec in php_execute_script_ex main.c:2574
    #6 0x105213008 in php_execute_script main.c:2614
    #7 0x105b72c74 in do_cli php_cli.c:935
    #8 0x105b6f9e0 in main php_cli.c:1310
    #9 0x18ad28270  (<unknown module>)

==30784==Register values:
 x[0] = 0x0000000109a06020   x[1] = 0x000000010da046a0   x[2] = 0x0000000000000001   x[3] = 0x0000000000000000  
 x[4] = 0x0000000066666f6f   x[5] = 0x0000616000011480   x[6] = 0x0000608000009520   x[7] = 0x0000000000000001  
 x[8] = 0x00c000700023a6c4   x[9] = 0x06000000010d3624  x[10] = 0x0000000109a0601f  x[11] = 0x000000702d7a6150  
x[12] = 0x000000702d7a6154  x[13] = 0x000000016bc2f8e0  x[14] = 0xfafa00000000fafa  x[15] = 0x00007fffffffffff  
x[16] = 0x000000018b0dfdb0  x[17] = 0x00000001057a05a4  x[18] = 0x0000000000000000  x[19] = 0x00000001ef554050  
x[20] = 0x00000001ef5540a0  x[21] = 0x00000001ef554050  x[22] = 0x000000016bc32f68  x[23] = 0x000000016bc32f68  
x[24] = 0x000000018ad22000  x[25] = 0x0000000000000000  x[26] = 0x0000000000000000  x[27] = 0x0000000109a06020  
x[28] = 0x0000000000000000     fp = 0x000000016bc30ec0     lr = 0x000000011512d0bc     sp = 0x000000016bc30b30  
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV zend_vm_execute.h:10903 in ZEND_NEW_SPEC_CONST_UNUSED_HANDLER
==30784==ABORTING
zsh: abort      sapi/cli/php -d "zend_extension=$PWD/modules/opcache.so" -d "opcache.enable=1
dcarlier@Davids-MacBook-Pro php-src % sapi/cli/php -d "zend_extension=$PWD/modules/opcache.so" -d "opcache.enable=1" -d "opcache.enable_cli=1" -d "opcache.jit=1211" ~/a.php

[nielsdos]

Also a duplicate of your other report #15981