Segfault getting debug info from a Closure containing a static variable

[therealgaxbo]

Description

Calling var_dump/print_r on a Closure that holds a static variable segfaults:

<?php

function func(){
    static $i;
}

$x = func(...);

var_dump($x);

The backtrace:

Core was generated by `php81 test.php'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x000055c24b2666c5 in zend_closure_get_debug_info (object=0x7f6d42c7e000, is_temp=<optimized out>)
    at /usr/src/debug/php81-php-8.1.2-1.fc35.remi.x86_64/Zend/zend_closures.c:564
564                     ZEND_HASH_FOREACH_STR_KEY_VAL(static_variables, key, var) {
Missing separate debuginfos, use: dnf debuginfo-install postgresql14-libs-14.2-1PGDG.f35.x86_64
(gdb) bt
#0  0x000055c24b2666c5 in zend_closure_get_debug_info (object=0x7f6d42c7e000, is_temp=<optimized out>)
    at /usr/src/debug/php81-php-8.1.2-1.fc35.remi.x86_64/Zend/zend_closures.c:564
#1  0x000055c24b276fb1 in zend_std_get_properties_for (obj=<optimized out>, purpose=<optimized out>)
    at /usr/src/debug/php81-php-8.1.2-1.fc35.remi.x86_64/Zend/zend_object_handlers.c:1880
#2  0x000055c24b15e502 in php_var_dump (struc=0x7f6d42c140e0, level=1) at /usr/src/debug/php81-php-8.1.2-1.fc35.remi.x86_64/ext/standard/var.c:163
#3  0x000055c24b15ea11 in zif_var_dump (execute_data=<optimized out>, return_value=<optimized out>)
    at /usr/src/debug/php81-php-8.1.2-1.fc35.remi.x86_64/ext/standard/var.c:228
#4  0x000055c24b250317 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER () at /usr/src/debug/php81-php-8.1.2-1.fc35.remi.x86_64/Zend/zend_vm_execute.h:1235
#5  execute_ex (ex=0x55c24b454068) at /usr/src/debug/php81-php-8.1.2-1.fc35.remi.x86_64/Zend/zend_vm_execute.h:55310
#6  0x000055c24b257319 in zend_execute (op_array=0x7f6d42c85000, return_value=0x0) at /usr/src/debug/php81-php-8.1.2-1.fc35.remi.x86_64/Zend/zend_vm_execute.h:59673
#7  0x000055c24b1e7e10 in zend_execute_scripts (type=type@entry=8, retval=retval@entry=0x0, file_count=file_count@entry=3)
    at /usr/src/debug/php81-php-8.1.2-1.fc35.remi.x86_64/Zend/zend.c:1761
#8  0x000055c24b18344a in php_execute_script (primary_file=<optimized out>) at /usr/src/debug/php81-php-8.1.2-1.fc35.remi.x86_64/main/main.c:2535
#9  0x000055c24b2cfb0e in do_cli (argc=2, argv=0x55c24d1f85c0) at /usr/src/debug/php81-php-8.1.2-1.fc35.remi.x86_64/sapi/cli/php_cli.c:965
#10 0x000055c24b03ac1b in main (argc=2, argv=0x55c24d1f85c0) at /usr/src/debug/php81-php-8.1.2-1.fc35.remi.x86_64/sapi/cli/php_cli.c:1367

This appears to be an 8.1 regression as I can't replicate on 8.0.15.

PHP Version

PHP 8.1.2

Operating System

Fedora 35

[cmb69]

The regression has been triggered by 6b0f14f, but I'm not sure whether the actual issue is somewhere else; for some reason, the static_variables_ptr map pointer is not initialized here.