JIT: Fixed incorrect guard

Fixes oss-fuzz #46704

Author: dstogov

ext/opcache/jit/zend_jit_trace.c

@@ -2027,7 +2027,9 @@ static zend_ssa *zend_jit_trace_build_tssa(zend_jit_trace_rec *trace_buffer, uin
 					 || Z_STRVAL_P(RT_CONSTANT(opline, opline->op2))[0] == '\0') {
 						break;
 					}
-					ADD_OP1_TRACE_GUARD();
+					if (opline->op1_type != IS_UNUSED && op1_type == IS_OBJECT) {
+						ADD_OP1_TRACE_GUARD();
+					}
 					break;
 				case ZEND_INIT_METHOD_CALL:
 					if (opline->op2_type != IS_CONST

ext/opcache/tests/jit/fetch_obj_010.phpt

@@ -0,0 +1,19 @@
+--TEST--
+JIT: FETCH_OBJ 010
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.file_update_protection=0
+opcache.jit_buffer_size=1M
+--FILE--
+<?php
+function foo() {
+    for($cnt=0;$cnt<3;$cnt++) {
+        $obj->ary["bas"] ??= $obj = new stdClass;
+    }
+}
+foo();
+?>
+DONE
+--EXPECT--
+DONE