JIT 1205 segfault on large file compiled in subprocess (no small reproducer) #19875
Description
Description
Running phpstan on pmmp/NBT with a very large resultCache.php file results in a segfault under JIT=1205.
Unfortunately, I haven't been able to isolate the test case, so if someone wants to reproduce this:
- Clone
https://github.com/pmmp/NBT - Install composer deps
- Put this file in
$TMP/phpstan/resultCache.php: resultCache-segfault.php - Set
opcache.jit=1205inphp.ini - Run
vendor/bin/phpstan
I did, however, manage to get it to crash under a debugger. I noted that at the time of the crash, D->sections[1] which the code attempted to access, appears not to be fully initialized:
Exception thrown at 0x00007FFE5BB16342 (php_opcache.dll) in php.exe: 0xC0000005: Access violation reading location 0x0000000000000128.
php_opcache.dll!dasm_put(dasm_State * * Dst, int start, ...) Line 252
at C:\Users\dylan-work\Documents\projects\php-dev\php-src\ext\opcache\jit\ir\dynasm\dasm_x86.h(252)
php_opcache.dll!ir_emit_code(_ir_ctx * ctx, unsigned __int64 * size_ptr) Line 10818
at C:\Users\dylan-work\Documents\projects\php-dev\php-src\ext\opcache\jit\ir\ir_x86.dasc(10818)
php_opcache.dll!zend_jit_ir_compile(_ir_ctx * ctx, unsigned __int64 * size, const char * name) Line 2900
at C:\Users\dylan-work\Documents\projects\php-dev\php-src\ext\opcache\jit\zend_jit_ir.c(2900)
php_opcache.dll!zend_jit_finish(_zend_jit_ctx * jit) Line 16460
at C:\Users\dylan-work\Documents\projects\php-dev\php-src\ext\opcache\jit\zend_jit_ir.c(16460)
php_opcache.dll!zend_jit(const _zend_op_array * op_array, _zend_ssa * ssa, const _zend_op * rt_opline) Line 2801
at C:\Users\dylan-work\Documents\projects\php-dev\php-src\ext\opcache\jit\zend_jit.c(2801)
php_opcache.dll!zend_jit_script(_zend_script * script) Line 3295
at C:\Users\dylan-work\Documents\projects\php-dev\php-src\ext\opcache\jit\zend_jit.c(3295)
php_opcache.dll!zend_accel_script_persist(_zend_persistent_script * script, int for_shm) Line 1467
at C:\Users\dylan-work\Documents\projects\php-dev\php-src\ext\opcache\zend_persist.c(1467)
php_opcache.dll!cache_script_in_shared_memory(_zend_persistent_script * new_persistent_script, _zend_string * key, bool * from_shared_memory) Line 1641
at C:\Users\dylan-work\Documents\projects\php-dev\php-src\ext\opcache\ZendAccelerator.c(1641)
php_opcache.dll!persistent_compile_file(_zend_file_handle * file_handle, int type) Line 2178
at C:\Users\dylan-work\Documents\projects\php-dev\php-src\ext\opcache\ZendAccelerator.c(2178)
php8ts.dll!compile_filename(int type, _zend_string * filename) Line 705
at C:\pocketmine-php\php-8.4.12-release\Zend\zend_language_scanner.l(705)
php8ts.dll!zend_include_or_eval(_zval_struct * inc_filename_zv, int type) Line 5141
at C:\pocketmine-php\php-8.4.12-release\Zend\zend_execute.c(5141)
php8ts.dll!ZEND_INCLUDE_OR_EVAL_SPEC_CV_HANDLER(_zend_execute_data * execute_data) Line 41125
at C:\pocketmine-php\php-8.4.12-release\Zend\zend_vm_execute.h(41125)
php8ts.dll!execute_ex_real(_zend_execute_data * ex) Line 58666
at C:\pocketmine-php\php-8.4.12-release\Zend\zend_vm_execute.h(58666)
php8ts.dll!execute_ex()
php8ts.dll!zend_execute(_zend_op_array * op_array, _zval_struct * return_value) Line 64320
at C:\pocketmine-php\php-8.4.12-release\Zend\zend_vm_execute.h(64320)
php8ts.dll!zend_execute_script(int type, _zval_struct * retval, _zend_file_handle * file_handle) Line 1935
at C:\pocketmine-php\php-8.4.12-release\Zend\zend.c(1935)
php8ts.dll!php_execute_script_ex(_zend_file_handle * primary_file, _zval_struct * retval) Line 2575
at C:\pocketmine-php\php-8.4.12-release\main\main.c(2575)
php.exe!do_cli(int argc, char * * argv) Line 937
at C:\pocketmine-php\php-8.4.12-release\sapi\cli\php_cli.c(937)
php.exe!main(int argc, char * * argv) Line 1310
at C:\pocketmine-php\php-8.4.12-release\sapi\cli\php_cli.c(1310)
PHP Version
PHP 8.4.12 (cli) (built: Sep 7 2025 21:40:54) (ZTS Visual C++ 2022 x64)
Copyright (c) The PHP Group
Zend Engine v4.4.12, Copyright (c) Zend Technologies
with Zend OPcache v8.4.14-dev, Copyright (c), by Zend Technologies
Operating System
Windows 11