diff --git a/NEWS b/NEWS
index 55ebbc01e7d..0b66ccd0a91 100644
--- a/NEWS
+++ b/NEWS
@@ -48,6 +48,7 @@ PHP                                                                        NEWS
 - Opcache:
   . Fixed bug GH-19669 (assertion failure in zend_jit_trace_type_to_info_ex).
     (Arnaud)
+  . Fixed bug GH-19831 (function JIT may not deref property value). (Arnaud)
 
 - MBstring:
   . Updated Unicode data tables to Unicode 17.0. (Yuya Hamada)
diff --git a/ext/opcache/jit/zend_jit_helpers.c b/ext/opcache/jit/zend_jit_helpers.c
index d49d5ee3007..8e13daf99bc 100644
--- a/ext/opcache/jit/zend_jit_helpers.c
+++ b/ext/opcache/jit/zend_jit_helpers.c
@@ -2119,8 +2119,13 @@ static zval* ZEND_FASTCALL zend_jit_fetch_obj_r_slow_ex(zend_object *zobj)
 	void **cache_slot = CACHE_ADDR(opline->extended_value & ~ZEND_FETCH_OBJ_FLAGS);
 
 	retval = zobj->handlers->read_property(zobj, name, BP_VAR_R, cache_slot, result);
-	if (retval == result && UNEXPECTED(Z_ISREF_P(retval))) {
-		zend_unwrap_reference(retval);
+	if (UNEXPECTED(Z_ISREF_P(retval))) {
+		if (retval == result) {
+			zend_unwrap_reference(retval);
+		} else {
+			retval = Z_REFVAL_P(retval);
+		}
+		ZEND_ASSERT(!Z_REFCOUNTED_P(retval));
 	}
 	return retval;
 }
diff --git a/ext/opcache/tests/jit/gh19831_001.phpt b/ext/opcache/tests/jit/gh19831_001.phpt
new file mode 100644
index 00000000000..c83ca6daa50
--- /dev/null
+++ b/ext/opcache/tests/jit/gh19831_001.phpt
@@ -0,0 +1,33 @@
+--TEST--
+GH-19831 001: fetch obj slow R REG + reference
+--CREDITS--
+dktapps
+--ENV--
+RT_COND=1
+--INI--
+opcache.jit=1203
+--FILE--
+<?php
+
+if (getenv('RT_COND')) {
+    class Base {
+    }
+}
+
+// Class is not linked
+class Test extends Base {
+	public int $layers = 1;
+
+	public function getLayers(): int {
+        // Prop info is not known, but res_addr is REG
+		return $this->layers;
+	}
+}
+
+$t = new Test();
+$a = &$t->layers;
+var_dump($t->getLayers());
+
+?>
+--EXPECT--
+int(1)
diff --git a/ext/opcache/tests/jit/gh19831_002.phpt b/ext/opcache/tests/jit/gh19831_002.phpt
new file mode 100644
index 00000000000..25b596a3dec
--- /dev/null
+++ b/ext/opcache/tests/jit/gh19831_002.phpt
@@ -0,0 +1,39 @@
+--TEST--
+GH-19831 002: fetch obj slow R REG + __get + reference
+--CREDITS--
+dktapps
+--ENV--
+RT_COND=1
+--INI--
+opcache.jit=1203
+--FILE--
+<?php
+
+if (getenv('RT_COND')) {
+    class Base {
+    }
+}
+
+// Class is not linked
+class Test extends Base {
+	public int $layers = 1;
+
+    public function &__get($name) {
+        global $a;
+        $a = 1;
+        return $a;
+    }
+
+	public function getLayers(): int {
+        // Prop info is not known, but res_addr is REG
+		return $this->layers;
+	}
+}
+
+$t = new Test();
+unset($t->layers);
+var_dump($t->getLayers());
+
+?>
+--EXPECT--
+int(1)