Stas, Why is this specific to shutdown? Hashtables are freed all the time, > what specific shutdown is doing different from all others so that this > bug only happens on shutdown? >
Honestly, I am not sure. Every report that I've seen has it happening at shutdown. Could very well be a coincidence. As far as what's happening, figure out more. Basically, zend_deactivate() (which gets fired long after destructors) tries to destroy the object store: http://lxr.php.net/xref/PHP_TRUNK/Zend/zend_execute_API.c#293 This iterates through the objects and tries to free them. Well, during this process, any properties which are still alive are dtor'ed. However, at a certain point, the garbage collector is fired. That's when things get funky. With the latest dump, what appears to be happening is that *something* between the zend_deactivate call, and the GC being fired, is overwriting one of the object zval's with *some* data. Here's a sample dump of the zval: (gdb) print (zval_gc_info) *pz $1 = {z = {value = {lval = 31337624, dval = 1.5482843440690148e-316, str = {val = 0x1de2c98 "0", len = 20823032}, ht = 0x1de2c98, obj = { handle = 31337624, handlers = 0x13dbbf8}}, refcount__gc = 4294967295, type = 5 '\005', is_ref__gc = 0 '\000'}, u = { buffered = 0x2, next = 0x2}} As you can see, nasty. (Here's the full BT: https://gist.github.com/odoucet/5796378#comment-848723 ) Well, when the GC hits that zval, it tries to access the object handle, and throws a segfault (as it's WAY beyond the end of allocated memory). I have a patch which prevents the segfault: https://github.com/ircmaxell/php-src/compare/invalidate_object_on_dtor However, that's not really fixing the situation either, as the zval is still getting nuked (but only partially). I am still trying to replicate the issue locally, and if I can, then I can try to setup watches to check for what's overwriting the zval. But for now, this is the current progress... And no, I'm withdrawing the original concept of disabling the GC during shutdown. The current patch I have works, but it's still just a bandaid on a gunshot wound, and I'm going to try to figure out what's actually overwriting the zval.. Anthony
