=================================================================
==3191893==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffd1dc92e88 at pc 0x72c8aab38879 bp 0x7ffd1dc92e50 sp 0x7ffd1dc92e48
READ of size 8 at 0x7ffd1dc92e88 thread T0
    #0 0x72c8aab38878 in ir_bitset_incl /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/opcache/jit/ir/ir_private.h:331:26
    #1 0x72c8aab38878 in ir_sccp_remove_unfeasible_merge_inputs /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/opcache/jit/ir/ir_sccp.c:940:4
    #2 0x72c8aaaa3a57 in ir_sccp_transform /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/opcache/jit/ir/ir_sccp.c:1103:3
    #3 0x72c8aaa8341a in ir_sccp /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/opcache/jit/ir/ir_sccp.c:3642:2
    #4 0x72c8ab1cdee9 in zend_jit_ir_compile /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/opcache/jit/zend_jit_ir.c:2801:2
    #5 0x72c8ab073fe4 in zend_jit_finish /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/opcache/jit/zend_jit_ir.c:16764:10
    #6 0x72c8aad281ef in zend_jit /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/opcache/jit/zend_jit.c:2938:12
    #7 0x72c8aacbf90a in zend_jit_script /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/opcache/jit/zend_jit.c:3418:9
    #8 0x72c8aa561326 in zend_accel_script_persist /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/opcache/zend_persist.c:1439:4
    #9 0x72c8aa5cdf22 in cache_script_in_shared_memory /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/opcache/ZendAccelerator.c:1646:26
    #10 0x72c8aa5b9cf4 in persistent_compile_file /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/opcache/ZendAccelerator.c:2182:24
    #11 0x57a7970 in zend_execute_script /home/phpfuzz/WorkSpace/flowfusion/php-src/Zend/zend.c:1936:28
    #12 0x3f9909a in php_execute_script_ex /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:2584:13
    #13 0x3f9a1d8 in php_execute_script /home/phpfuzz/WorkSpace/flowfusion/php-src/main/main.c:2624:9
    #14 0x57bca9a in do_cli /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:952:5
    #15 0x57b6e7f in main /home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php_cli.c:1355:18
    #16 0x72c8b21cad8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #17 0x72c8b21cae3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #18 0x606174 in _start (/home/phpfuzz/WorkSpace/flowfusion/php-src/sapi/cli/php+0x606174)

Address 0x7ffd1dc92e88 is located in stack of thread T0 at offset 40 in frame
    #0 0x72c8aab37b1f in ir_sccp_remove_unfeasible_merge_inputs /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/opcache/jit/ir/ir_sccp.c:921

  This frame has 1 object(s):
    [32, 40) 'holder' (line 925) <== Memory access at offset 40 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /home/phpfuzz/WorkSpace/flowfusion/php-src/ext/opcache/jit/ir/ir_private.h:331:26 in ir_bitset_incl
Shadow bytes around the buggy address:
  0x100023b8a580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100023b8a590: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100023b8a5a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100023b8a5b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100023b8a5c0: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
=>0x100023b8a5d0: 00[f3]f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
  0x100023b8a5e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100023b8a5f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100023b8a600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100023b8a610: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100023b8a620: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==3191893==ABORTING

./php-src/sapi/cli/php  -d "zend_extension=/home/phpfuzz/WorkSpace/flowfusion/php-src/modules/opcache.so" -d "opcache.enable_cli=1" -d "opcache.jit=1205" ./test.php

aa9d140a2abb5b2d795d688b6c6afe0a886640d6

CC="clang-12" CXX="clang++-12" CFLAGS="-DZEND_VERIFY_TYPE_INFERENCE" CXXFLAGS="-DZEND_VERIFY_TYPE_INFERENCE" ./configure --enable-debug --enable-address-sanitizer --enable-undefined-sanitizer --enable-re2c-cgoto --enable-fpm --enable-litespeed --enable-phpdbg-debug --enable-zts --enable-bcmath --enable-calendar --enable-dba --enable-dl-test --enable-exif --enable-ftp --enable-gd --enable-gd-jis-conv --enable-mbstring --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvmsg --enable-zend-test --with-zlib --with-bz2 --with-curl --with-enchant --with-gettext --with-gmp --with-mhash --with-ldap --with-libedit --with-readline --with-snmp --with-sodium --with-xsl --with-zip --with-mysqli --with-pdo-mysql --with-pdo-pgsql --with-pgsql --with-sqlite3 --with-pdo-sqlite --with-webp --with-jpeg --with-freetype --enable-sigchild --with-readline --with-pcre-jit --with-iconv

Ubuntu 20.04 Host, Docker 0599jiangyc/flowfusion:latest