php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #80081 Zend/zend_types.h:1164: zend_gc_delref: Assertion 'p->refcount > 0' fails
Submitted: 2020-09-09 10:30 UTC Modified: 2021-02-08 14:59 UTC
From: sjon@php.net Assigned: cmb (profile)
Status: Closed Package: Reproducible crash
PHP Version: 8.0.0beta4 OS: archLinux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: sjon@php.net
New email:
PHP Version: OS:

 

 [2020-09-09 10:30 UTC] sjon@php.net 
Description:
------------
occurs in a huge unittest. Although I can get a useful backtrace with dump_bt - getting a small testcase proves difficult

Test script:
---------------
<?php

class l implements IteratorAggregate
{
    public function getIterator()
    {
        while (preg_match(self::$_regex[static::class][$this->_state], $this->_input, $matches, 0, $this->_offset))
        {
            $n = $v = end($matches);
            $action = self::$_mapping[static::class][$this->_state][key($matches)];
            $this->_offset += strlen($v);
            $p = $this->_offset;

            # apparently cause
            $token = array(static::$_tokens[$this->_state][$n], $v); 

            yield $p => $token;
        }
    }
}


Actual result:
--------------
#0  0x00007ffff764c615 in raise () from /usr/lib/libc.so.6
#1  0x00007ffff7635862 in abort () from /usr/lib/libc.so.6
#2  0x00007ffff7635747 in __assert_fail_base.cold () from /usr/lib/libc.so.6
#3  0x00007ffff7644bf6 in __assert_fail () from /usr/lib/libc.so.6
#4  0x0000555555c659ae in zend_gc_delref (p=0x7fffef0cbba0) 
    at Zend/zend_types.h:1164
#5  0x0000555555c66b6d in gc_mark_grey (ref=0x7fffef0cbba0, stack=0x7fffffff9800)
    at Zend/zend_gc.c:853
#6  0x0000555555c67025 in gc_mark_roots (stack=0x7fffffff9800)
    at Zend/zend_gc.c:979
#7  0x0000555555c681ea in zend_gc_collect_cycles ()
    at Zend/zend_gc.c:1464
#8  0x0000555555c661b8 in gc_possible_root_when_full (ref=0x7fffef0c79c0)
    at Zend/zend_gc.c:592
#9  0x0000555555c66339 in gc_possible_root (ref=0x7fffef0c79c0)
    at Zend/zend_gc.c:642
#10 0x0000555555bcfeda in zend_assign_to_variable (variable_ptr=0x7ffff015b3a0, value=0x7ffff015b5c0, value_type=2 '\002', strict=false)
    at Zend/zend_execute.h:147
#11 0x0000555555c447bb in ZEND_ASSIGN_SPEC_CV_TMP_RETVAL_UNUSED_HANDLER ()
    at Zend/zend_vm_execute.h:46509
#12 0x0000555555c541ed in execute_ex (ex=0x7ffff015b300)
    at Zend/zend_vm_execute.h:59473
#13 0x0000555555c72b8d in zend_generator_resume (orig_generator=0x7fffef0904c0)
    at Zend/zend_generators.c:779
#14 0x0000555555c73d35 in zend_generator_iterator_move_forward (iterator=0x7ffff216b480)
    at Zend/zend_generators.c:1100
#15 0x0000555555c0fe94 in ZEND_FE_FETCH_R_SPEC_VAR_HANDLER ()
    at Zend/zend_vm_execute.h:22266
#16 0x0000555555c524a6 in execute_ex (ex=0x7ffff5415020)
    at Zend/zend_vm_execute.h:57729
#17 0x0000555555c5492a in zend_execute (op_array=0x7ffff545e280, return_value=0x0)
    at Zend/zend_vm_execute.h:59932
#18 0x0000555555ba6b45 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at Zend/zend.c:1697
#19 0x0000555555b08c14 in php_execute_script (primary_file=0x7fffffffd430)
    at main/main.c:2500
#20 0x0000555555c93f17 in do_cli (argc=9, argv=0x55555698f690)
    at sapi/cli/php_cli.c:949
#21 0x0000555555c94f8e in main (argc=9, argv=0x55555698f690)
    at sapi/cli/php_cli.c:1336

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-10-01 09:44 UTC] sjon@php.net
-PHP Version: 8.0.0beta3 +PHP Version: 8.0.0beta4
 [2020-10-01 09:44 UTC] sjon@php.net 
still happens in b4
 [2021-02-08 14:27 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2021-02-08 14:27 UTC] cmb@php.net 
Is this still unresolved in PHP 8.0.2?
 [2021-02-08 14:59 UTC] sjon@php.net
-Status: Feedback +Status: Closed
 [2021-02-08 14:59 UTC] sjon@php.net 
this has been fixed, thanks for checking
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jul 03 15:01:34 2025 UTC