JIT 1211-1215 assert fail in ZTS when multiple threads are running #19889
Description
Description
This assert seems to trip quite easily when multiple threads are running in JIT 1211-1215. I haven't been able to determine the exact cause, and it's hard to isolate because it's occurring in a program that's using pmmpthread threading extension in CLI.
It seems to trip when multiple threads are running similar code (e.g. generator tasks in PocketMine-MP), so I suspect perhaps there's something strange going on with compiling functions that are already compiled by other threads?
It took at least 3 threads running the affected code to trip the assert, but there may be a simpler test case I haven't been able to find.
I do also note that the last frame in zbacktrace appears to have a suspicious (uninit) line number. I've seen it crash in a few different places, and the strange line numbers seem to be a theme. (e.g. ThreadLocalGeneratorContext.php:1188840680)
Feel free to ask if there's any further experiments I can do to narrow this down.
Error:
/home/user/php-build-scripts/install_data/subdir/php/Zend/zend_vm_execute.h:68140: zend_get_opcode_handler_func: Assertion `zv != ((void *)0)' failed.
Thread 6 "php" received signal SIGABRT, Aborted.
Sample backtrace:
(gdb) zbacktrace
[0x7fffe6c15180] pocketmine\world\generator\executor\ThreadLocalGeneratorContext->fetch(3)
/mnt/c/Users/dylan-work/Documents/projects/pocketmine-mp/major-next/src/world/generator/executor/ThreadLocalGeneratorContext.php:1188840680
[0x7fffe6c150a0] pocketmine\world\generator\PopulationTask->onRun() /mnt/c/Users/dylan-work/Documents/projects/pocketmine-mp/major-next/src/world/generator/PopulationTask.php:75
[0x7fffe6c15020] pocketmine\scheduler\AsyncTask->run() /mnt/c/Users/dylan-work/Documents/projects/pocketmine-mp/major-next/src/scheduler/AsyncTask.php:80
[0x7fffee9fe9b0] (main) [internal function]
(gdb) bt
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:44
#1 __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
#2 __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3 0x00007ffff704527e in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4 0x00007ffff70288ff in __GI_abort () at ./stdlib/abort.c:79
#5 0x00007ffff702881b in __assert_fail_base (fmt=0x7ffff71d01e8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x555556eaf950 "zv != ((void *)0)",
file=file@entry=0x555556eaf3d8 "/home/user/php-build-scripts/install_data/subdir/php/Zend/zend_vm_execute.h", line=line@entry=68140,
function=function@entry=0x555556eb7d40 <__PRETTY_FUNCTION__.1> "zend_get_opcode_handler_func") at ./assert/assert.c:96
#6 0x00007ffff703b517 in __assert_fail (assertion=0x555556eaf950 "zv != ((void *)0)",
file=0x555556eaf3d8 "/home/user/php-build-scripts/install_data/subdir/php/Zend/zend_vm_execute.h", line=68140,
function=0x555556eb7d40 <__PRETTY_FUNCTION__.1> "zend_get_opcode_handler_func") at ./assert/assert.c:105
#7 0x0000555555efafb6 in zend_get_opcode_handler_func (op=0x555546e90020) at /home/user/php-build-scripts/install_data/subdir/php/Zend/zend_vm_execute.h:68140
#8 0x00007ffff6b41d9c in zend_jit_handler (jit=0x7fffee9fdf50, opline=0x555546e90020, may_throw=1) at ext/opcache/jit/zend_jit_ir.c:4219
#9 0x00007ffff6b85366 in zend_jit (op_array=0x555546e8fee0, ssa=0x7fffee9fe3f0, rt_opline=0x0)
at /home/user/php-build-scripts/install_data/subdir/php/ext/opcache/jit/zend_jit.c:2744
#10 0x00007ffff6b85f05 in zend_real_jit_func (op_array=0x555546e8fee0, script=0x0, rt_opline=0x0, trigger=1 '\001')
at /home/user/php-build-scripts/install_data/subdir/php/ext/opcache/jit/zend_jit.c:2922
#11 0x00007ffff6b86228 in zend_runtime_jit () at /home/user/php-build-scripts/install_data/subdir/php/ext/opcache/jit/zend_jit.c:2965
#12 0x000055554d4002e0 in ?? ()
#13 0x000000b000000000 in ?? ()
#14 0x00007fffe6c15020 in ?? ()
#15 0x0000000000000050 in ?? ()
#16 0x00007fff00200308 in ?? ()
#17 0x0000010656ed4848 in ?? ()
#18 0x0000030800000030 in ?? ()
#19 0x00007fffe44170a0 in ?? ()
#20 0x00007fffe44170d0 in ?? ()
#21 0x00007fffee9fe5e0 in ?? ()
#22 0x0000555555ddf9d4 in _emalloc (size=18446744073709551144, __zend_filename=0x7fffee9ff6c0 "\300\366\237\356\377\177", __zend_lineno=32767,
__zend_orig_filename=0x555546b28ca8 "\002", __zend_orig_lineno=4003462364) at /home/user/php-build-scripts/install_data/subdir/php/Zend/zend_alloc.c:2743
#23 0x0000555555e5142f in zend_call_function (fci=0x7fffee9fea00, fci_cache=0x7fffee9fea40) at /home/user/php-build-scripts/install_data/subdir/php/Zend/zend_execute_API.c:1000
#24 0x0000555555a7b3a2 in pmmpthread_routine_run_function (connection=0x7fffe4424b00) at /home/user/php-build-scripts/install_data/subdir/php/ext/pmmpthread/src/routine.c:72
#25 0x0000555555a7b7c4 in pmmpthread_routine (routine=0x7fffffffaf60) at /home/user/php-build-scripts/install_data/subdir/php/ext/pmmpthread/src/routine.c:127
#26 0x00007ffff709caa4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:447
#27 0x00007ffff7129c3c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
PHP Version
PHP 8.4.12 (cli) (built: Sep 19 2025 03:09:38) (ZTS DEBUG)
Copyright (c) The PHP Group
Zend Engine v4.4.12, Copyright (c) Zend Technologies
with Zend OPcache v8.4.12, Copyright (c), by Zend Technologies
Operating System
Ubuntu 24.04 (WSL), Windows 11