diff --git a/NEWS b/NEWS
index 57e947cf59f..def6114b30f 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,7 @@ PHP                                                                        NEWS
 - Core:
   . Fixed bug GH-10200 (zif_get_object_vars:
     Assertion `!(((__ht)->u.flags & (1<<2)) != 0)' failed). (nielsdos)
+  . Fix GH-10251 (Assertion `(flag & (1<<3)) == 0' failed). (nielsdos)
 
 - FPM:
   . Fixed bug #77106 (Missing separator in FPM FastCGI errors). (Jakub Zelenka)
@@ -26,6 +27,7 @@ PHP                                                                        NEWS
 - PHPDBG:
   . Fix undefined behaviour in phpdbg_load_module_or_extension(). (nielsdos)
   . Fix NULL pointer dereference in phpdbg_create_conditional_breal(). (nielsdos)
+  . Fix GH-9710: phpdbg memory leaks by option "-h" (nielsdos)
 
 - Posix:
   . Fix memory leak in posix_ttyname() (girgias)
diff --git a/Zend/tests/gh10251.phpt b/Zend/tests/gh10251.phpt
new file mode 100644
index 00000000000..eb942824802
--- /dev/null
+++ b/Zend/tests/gh10251.phpt
@@ -0,0 +1,24 @@
+--TEST--
+GH-10251 (Assertion `(flag & (1<<3)) == 0' failed.)
+--FILE--
+<?php
+class A
+{
+    function __set($o, $l)
+    {
+        $this->$p = $v;
+    }
+}
+$a = new A();
+$pp = "";
+$op = $pp & "";
+// Bitwise operators on strings don't compute the hash.
+// The code below previously assumed a hash was actually computed, leading to a crash.
+$a->$op = 0;
+echo "Done\n";
+?>
+--EXPECTF--
+Warning: Undefined variable $v in %s on line %d
+
+Warning: Undefined variable $p in %s on line %d
+Done
diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c
index d0677f0fe4e..e44a3822dd2 100644
--- a/Zend/zend_object_handlers.c
+++ b/Zend/zend_object_handlers.c
@@ -553,9 +553,8 @@ ZEND_API uint32_t *zend_get_property_guard(zend_object *zobj, zend_string *membe
 	if (EXPECTED(Z_TYPE_P(zv) == IS_STRING)) {
 		zend_string *str = Z_STR_P(zv);
 		if (EXPECTED(str == member) ||
-		     /* "str" always has a pre-calculated hash value here */
-		    (EXPECTED(ZSTR_H(str) == zend_string_hash_val(member)) &&
-		     EXPECTED(zend_string_equal_content(str, member)))) {
+		    /* str and member don't necessarily have a pre-calculated hash value here */
+		    EXPECTED(zend_string_equal_content(str, member))) {
 			return &Z_PROPERTY_GUARD_P(zv);
 		} else if (EXPECTED(Z_PROPERTY_GUARD_P(zv) == 0)) {
 			zval_ptr_dtor_str(zv);
diff --git a/sapi/phpdbg/phpdbg.c b/sapi/phpdbg/phpdbg.c
index 0540676e0f5..d4ffcdf473d 100644
--- a/sapi/phpdbg/phpdbg.c
+++ b/sapi/phpdbg/phpdbg.c
@@ -1378,6 +1378,8 @@ phpdbg_main:
 					get_zend_version()
 				);
 			}
+			PHPDBG_G(flags) |= PHPDBG_IS_QUITTING;
+			php_module_shutdown();
 			sapi_deactivate();
 			sapi_shutdown();
 			php_ini_builder_deinit(&ini_builder);