php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #80081 Zend/zend_types.h:1164: zend_gc_delref: Assertion 'p->refcount > 0' fails
Submitted: 2020-09-09 10:30 UTC Modified: 2021-02-08 14:59 UTC
From: sjon@php.net Assigned: cmb (profile)
Status: Closed Package: Reproducible crash
PHP Version: 8.0.0beta4 OS: archLinux
Private report: No CVE-ID: None
View Developer Edit
 [2020-09-09 10:30 UTC] sjon@php.net 
Description:
------------
occurs in a huge unittest. Although I can get a useful backtrace with dump_bt - getting a small testcase proves difficult

Test script:
---------------
<?php

class l implements IteratorAggregate
{
    public function getIterator()
    {
        while (preg_match(self::$_regex[static::class][$this->_state], $this->_input, $matches, 0, $this->_offset))
        {
            $n = $v = end($matches);
            $action = self::$_mapping[static::class][$this->_state][key($matches)];
            $this->_offset += strlen($v);
            $p = $this->_offset;

            # apparently cause
            $token = array(static::$_tokens[$this->_state][$n], $v); 

            yield $p => $token;
        }
    }
}


Actual result:
--------------
#0  0x00007ffff764c615 in raise () from /usr/lib/libc.so.6
#1  0x00007ffff7635862 in abort () from /usr/lib/libc.so.6
#2  0x00007ffff7635747 in __assert_fail_base.cold () from /usr/lib/libc.so.6
#3  0x00007ffff7644bf6 in __assert_fail () from /usr/lib/libc.so.6
#4  0x0000555555c659ae in zend_gc_delref (p=0x7fffef0cbba0) 
    at Zend/zend_types.h:1164
#5  0x0000555555c66b6d in gc_mark_grey (ref=0x7fffef0cbba0, stack=0x7fffffff9800)
    at Zend/zend_gc.c:853
#6  0x0000555555c67025 in gc_mark_roots (stack=0x7fffffff9800)
    at Zend/zend_gc.c:979
#7  0x0000555555c681ea in zend_gc_collect_cycles ()
    at Zend/zend_gc.c:1464
#8  0x0000555555c661b8 in gc_possible_root_when_full (ref=0x7fffef0c79c0)
    at Zend/zend_gc.c:592
#9  0x0000555555c66339 in gc_possible_root (ref=0x7fffef0c79c0)
    at Zend/zend_gc.c:642
#10 0x0000555555bcfeda in zend_assign_to_variable (variable_ptr=0x7ffff015b3a0, value=0x7ffff015b5c0, value_type=2 '\002', strict=false)
    at Zend/zend_execute.h:147
#11 0x0000555555c447bb in ZEND_ASSIGN_SPEC_CV_TMP_RETVAL_UNUSED_HANDLER ()
    at Zend/zend_vm_execute.h:46509
#12 0x0000555555c541ed in execute_ex (ex=0x7ffff015b300)
    at Zend/zend_vm_execute.h:59473
#13 0x0000555555c72b8d in zend_generator_resume (orig_generator=0x7fffef0904c0)
    at Zend/zend_generators.c:779
#14 0x0000555555c73d35 in zend_generator_iterator_move_forward (iterator=0x7ffff216b480)
    at Zend/zend_generators.c:1100
#15 0x0000555555c0fe94 in ZEND_FE_FETCH_R_SPEC_VAR_HANDLER ()
    at Zend/zend_vm_execute.h:22266
#16 0x0000555555c524a6 in execute_ex (ex=0x7ffff5415020)
    at Zend/zend_vm_execute.h:57729
#17 0x0000555555c5492a in zend_execute (op_array=0x7ffff545e280, return_value=0x0)
    at Zend/zend_vm_execute.h:59932
#18 0x0000555555ba6b45 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at Zend/zend.c:1697
#19 0x0000555555b08c14 in php_execute_script (primary_file=0x7fffffffd430)
    at main/main.c:2500
#20 0x0000555555c93f17 in do_cli (argc=9, argv=0x55555698f690)
    at sapi/cli/php_cli.c:949
#21 0x0000555555c94f8e in main (argc=9, argv=0x55555698f690)
    at sapi/cli/php_cli.c:1336

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-10-01 09:44 UTC] sjon@php.net
-PHP Version: 8.0.0beta3 +PHP Version: 8.0.0beta4
 [2020-10-01 09:44 UTC] sjon@php.net 
still happens in b4
 [2021-02-08 14:27 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2021-02-08 14:27 UTC] cmb@php.net 
Is this still unresolved in PHP 8.0.2?
 [2021-02-08 14:59 UTC] sjon@php.net
-Status: Feedback +Status: Closed
 [2021-02-08 14:59 UTC] sjon@php.net 
this has been fixed, thanks for checking
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Oct 28 07:00:01 2025 UTC