工程运行过程中出现了一个 signal SIGSEGV, Segmentation fault.问题

[peze]

系统： Linux version 3.12.21-gentoo-r1 (gcc version 4.7.3 (Gentoo 4.7.3-r1 p1.4, pie-0.5.5) )
php: PHP 5.5.18-pl0-gentoo (cli)
swoole: swoole-src-1.8.7-stable

下面是通过gdb解析core文件打出的日志：

#0 swoole_set_object (object=, ptr=ptr@entry=0x0) at /data/pkg/swoole-src-1.8.7-stable/swoole.c:421
#1 0x00007f09f4536112 in swoole_http_context_free (ctx=0x7f09f80ec7e0) at /data/pkg/swoole-src-1.8.7-stable/swoole_http_server.c:1147
#2 0x00007f09f4536709 in http_onClose (serv=0x1231720, info=0x7fff97a6f870) at /data/pkg/swoole-src-1.8.7-stable/swoole_http_server.c:846
#3 0x00007f09f4549c03 in swFactoryProcess_end (factory=0x1231b50, fd=)
at /data/pkg/swoole-src-1.8.7-stable/src/factory/FactoryProcess.c:294
#4 0x00007f09f455a396 in swWorker_onTask (factory=factory@entry=0x1231b50, task=task@entry=0x7fff97a6f910)
at /data/pkg/swoole-src-1.8.7-stable/src/network/Worker.c:254
#5 0x00007f09f455a629 in swWorker_onPipeReceive (reactor=, event=0x7fff97a71970)
at /data/pkg/swoole-src-1.8.7-stable/src/network/Worker.c:549
#6 0x00007f09f454c23b in swReactorEpoll_wait (reactor=0x12648f0, timeo=)
at /data/pkg/swoole-src-1.8.7-stable/src/reactor/ReactorEpoll.c:258
#7 0x00007f09f455b253 in swWorker_loop (factory=factory@entry=0x1231b50, worker_id=worker_id@entry=11)
at /data/pkg/swoole-src-1.8.7-stable/src/network/Worker.c:496
#8 0x00007f09f4558605 in swManager_spawn_worker (factory=0x1231b50, worker_id=11) at /data/pkg/swoole-src-1.8.7-stable/src/network/Manager.c:679
#9 0x00007f09f4558a3f in swManager_start (factory=factory@entry=0x1231b50) at /data/pkg/swoole-src-1.8.7-stable/src/network/Manager.c:143
#10 0x00007f09f45490b2 in swFactoryProcess_start (factory=0x1231b50) at /data/pkg/swoole-src-1.8.7-stable/src/factory/FactoryProcess.c:86
#11 0x00007f09f454faa9 in swServer_start (serv=serv@entry=0x1231720) at /data/pkg/swoole-src-1.8.7-stable/src/network/Server.c:645
#12 0x00007f09f4532c4c in zim_swoole_http_server_start (this_ptr=0x7f09f82b9520, return_value=0x7f09f82b9580, ht=,
return_value_ptr=, return_value_used=) at /data/pkg/swoole-src-1.8.7-stable/swoole_http_server.c:1379
#13 zim_swoole_http_server_start (ht=, return_value=0x7f09f82b9580, return_value_ptr=, this_ptr=0x7f09f82b9520,
return_value_used=) at /data/pkg/swoole-src-1.8.7-stable/swoole_http_server.c:1282
#14 0x00000000007c7987 in ?? ()
#15 0x0000000000787ac8 in execute_ex ()
#16 0x000000000071a0d9 in zend_execute_scripts ()
#17 0x00000000006b91bf in php_execute_script ()
#18 0x00000000007caf19 in ?? ()
#19 0x000000000046ca7f in main ()
(gdb)
Operation timed out

还望能够解答。谢谢

[peze]

大概知道问题在哪儿了

(gdb) f
#0 swoole_set_object (object=, ptr=ptr@entry=0x0) at /data/pkg/swoole-src-1.8.7-stable/swoole.c:421
421 swoole_objects.array[handle] = ptr;
(gdb) info f
Stack level 0, frame at 0x7fffcfca0880:
rip = 0x7f568db2605a in swoole_set_object (/data/pkg/swoole-src-1.8.7-stable/swoole.c:421); saved rip = 0x7f568db3d112
called by frame at 0x7fffcfca0890
source language c.
Arglist at 0x7fffcfca0838, args: object=, ptr=ptr@entry=0x0
Locals at 0x7fffcfca0838, Previous frame's sp is 0x7fffcfca0880
Saved registers:
rbx at 0x7fffcfca0848, rbp at 0x7fffcfca0850, r12 at 0x7fffcfca0858, r13 at 0x7fffcfca0860, r14 at 0x7fffcfca0868, r15 at 0x7fffcfca0870,
rip at 0x7fffcfca0878
(gdb) info locals
handle = 2327694184

这里handle的值已经到23亿了

代码中这段大概有点问题

void swoole_set_object(zval *object, void *ptr)
{
#if PHP_MAJOR_VERSION < 7
    zend_object_handle handle = Z_OBJ_HANDLE_P(object);
#else
    int handle = (int) Z_OBJ_HANDLE(*object);
#endif
    assert(handle < SWOOLE_OBJECT_MAX);
    if (handle >= swoole_objects.size)
    {
        uint32_t old_size = swoole_objects.size;
        uint32_t new_size = old_size * 2;
        void *old_ptr = swoole_objects.array;
        void *new_ptr = NULL;
        if (new_size > SWOOLE_OBJECT_MAX)
        {
            new_size = SWOOLE_OBJECT_MAX;
        }
        new_ptr = realloc(old_ptr, sizeof(void*) * new_size);
        if (!new_ptr)
        {
            return;
        }
        bzero(new_ptr + (old_size * sizeof(void*)), (new_size - old_size) * sizeof(void*));
        swoole_objects.array = new_ptr;
        swoole_objects.size = new_size;
    }
    swoole_objects.array[handle] = ptr;
}

[matyhtf]

请升级至最新版本

[peze]

但是 为何这个handle会变成23亿这么大的数字呢？

[matyhtf]

对象已被销毁导致的

[peze]

哦 是我们程序自动销毁导致 还是 swoole内部机制导致的呢？

[matyhtf]

无法得到更多信息，无法重现，待再次重现后继续跟踪