Segmentation fault in PHP 8.1 (another case)

[oleg-st]

Description

The issue is similar to #8461

Steps to reproduce:

Run this test with --repeat 2:
bug.zip

Added a second test with a trait instead of an interface:
bug-trait.zip

Backtrace:

#0  0x0000000000854212 in zend_fetch_static_property_address_ex (retval=0x7fffffffa670, prop_info=0x7fffffffa640, cache_slot=8, 
    fetch_type=0) at /home/Oleg.Stepanischev/php-src/Zend/zend_execute.c:3310
#1  0x0000000000854597 in zend_fetch_static_property_address (retval=0x7fffffffa670, prop_info=0x0, cache_slot=8, fetch_type=0, 
    flags=0) at /home/Oleg.Stepanischev/php-src/Zend/zend_execute.c:3374
#2  0x0000000000859bb4 in zend_fetch_static_prop_helper_SPEC (type=0) at /home/Oleg.Stepanischev/php-src/Zend/zend_vm_execute.h:849
#3  0x0000000000859cfb in ZEND_FETCH_STATIC_PROP_R_SPEC_HANDLER () at /home/Oleg.Stepanischev/php-src/Zend/zend_vm_execute.h:865
#4  0x0000000048000c04 in ?? ()
#5  0x00007ffff5c62fa0 in ?? ()
#6  0x00007ffff5c14020 in ?? ()
#7  0x0000000040231c10 in ?? ()
#8  0x00007ffff5c595a0 in ?? ()
#9  0x0000000000000000 in ?? ()

Possible related to #7817

PHP Version

PHP 8.1

Operating System

AlmaLinux release 8.5 (Arctic Sphynx)

[cmb69]

Very good bug report, thank you!

[oleg-st]

Same behavior with a trait instead of an interface.
Here is the test:
bug-trait.zip

And the same behavior with parent class instead of interface.

[arnaud-lb]

Thank you for the high qualify bug report!

This is indeed similar to #8461: We do not add guards in method calls when the method is non-polymorphic (e.g. private/final), with the assumption that it would not change. This assumption does not hold true across requests.

Possible fix: #8600. I added you as co-author.

[arnaud-lb]

Fixed in #8600