My script has now crashed three nights running. Backtraces for all three are shown below. I have a full test environment set up and waiting for anyone who wants to look into this. All you need to do is log in and run the program.

This is a nightly batch script executed via cron using a standalone PHP binary.

do-conf: ./configure --with-gd=no --with-mysql=/usr/local/mysql --with-config-file-path=/usr/local/apache/etc --enable-track-vars=yes

uname -a: BSD/OS x.y.z 3.0 BSDI BSD/OS 3.0 

The only error output I get is via crond: "Segmentation fault - core dumped"

I don't know for sure where in my script PHP died, but I'm
guessing it was within a routine that builds an array of 
45,000 items and then loops through it, doing database
cleanup along the way. These nested loops generate as many
as 47,000 database (MySQL) transactions -- 45k SELECTs and
anywhere from a few dozen to perhaps 2000 DELETEs. 

This was a 3.0.4 crash:

Program terminated with signal 11, Segmentation fault.
#0  0x209ab in _php3_hash_find (ht=0xa7fa4, arKey=0x0, nKeyLength=18, pData=0xefbfd000) at php3_hash.c:834
834             HANDLE_NUMERIC(arKey, nKeyLength, _php3_hash_index_find(ht,idx,pData));
(gdb) bt
#0  0x209ab in _php3_hash_find (ht=0xa7fa4, arKey=0x0, nKeyLength=18, pData=0xefbfd000) at php3_hash.c:834
#1  0xe1ea in phpparse () at control_structures_inline.h:848
#2  0x1f01a in php3_parse (yyin=0xa5d24) at main.c:1461
#3  0x1faa5 in main (argc=3, argv=0xefbfdefc) at main.c:1769

This was a 3.0.5 crash:

Program terminated with signal 11, Segmentation fault.
#0  0x20aeb in _php3_hash_find (ht=0xa9008, arKey=0x0,
nKeyLength=18, pData=0xefbfd000) at php3_hash.c:834
834             HANDLE_NUMERIC(arKey, nKeyLength, _php3_hash_index_find(ht,idx,pData));
(gdb) bt
#0  0x20aeb in _php3_hash_find (ht=0xa9008, arKey=0x0, nKeyLength=18, pData=0xefbfd000) at php3_hash.c:834
#1  0xe28e in phpparse () at control_structures_inline.h:856
#2  0x1f15a in php3_parse (yyin=0xa6d54) at main.c:1465
#3  0x1fbe5 in main (argc=3, argv=0xefbfdefc) at main.c:1773

Another 3.0.5 crash:

Program terminated with signal 11, Segmentation fault.
#0  0x20aeb in _php3_hash_find (ht=0xa9008, arKey=0x0, nKeyLength=18, pData=0xefbfd000) at php3_hash.c:834
834             HANDLE_NUMERIC(arKey, nKeyLength, _php3_hash_index_find(ht,idx,pData));
(gdb) bt
#0  0x20aeb in _php3_hash_find (ht=0xa9008, arKey=0x0, nKeyLength=18, pData=0xefbfd000) at php3_hash.c:834
#1  0xe28e in phpparse () at control_structures_inline.h:856
#2  0x1f15a in php3_parse (yyin=0xa6d54) at main.c:1465
#3  0x1fbe5 in main (argc=3, argv=0xefbfdefc) at main.c:1773

As I've said above, I have a full test environment running on a spare server -- a snapshot of the db, the code, etc. Anyone who wants to test/debug this is invited to send me their ssh public keys so I can set up a login account.

--
update - 10/10
Last night's backtrace was nearly identical to the one above. Tonight's has a few more lines; maybe they're helpful.

Program terminated with signal 11, Segmentation fault.
#0  0x20aeb in _php3_hash_find (ht=0xa1474, arKey=0x0, nKeyLength=12, pData=0xefbfceb8) at php3_hash.c:834
834             HANDLE_NUMERIC(arKey, nKeyLength, _php3_hash_index_find(ht,idx,pData));
(gdb) bt
#0  0x20aeb in _php3_hash_find (ht=0xa1474, arKey=0x0, nKeyLength=12, pData=0xefbfceb8) at php3_hash.c:834
#1  0x2aad0 in php3_get_constant (name=0x13c3c4 "mysql_query", name_len=11, result=0xefbfcee8)
    at constants.c:195
#2  0x1bd12 in lex_scan (phplval=0xefbfd04c) at language-scanner.lex:862
#3  0x242f9 in read_next_token (tcm=0xa870c, token=0xefbfcf40, phplval=0xefbfd04c) at token_cache.c:139
#4  0x1d54f in phplex (phplval=0xefbfd04c) at main.c:435
#5  0x94fe in phpparse () at /usr/lib/bison.simple:387
#6  0x1f15a in php3_parse (yyin=0xa6d54) at main.c:1465
#7  0x1fbe5 in main (argc=3, argv=0xefbfdefc) at main.c:1773

This script dies nearly every night now so I'm pretty
confident when I say I can reproduce this crash at will.

All-new crash tonight. Same script, different death.

Program terminated with signal 11, Segmentation fault.
#0  pval_destructor (pvalue=0x0) at variables.c:76
76              if (pvalue->type == IS_STRING) {
(gdb) bt
#0  pval_destructor (pvalue=0x0) at variables.c:76
#1  0x2480e in tc_destroy (tc=0x152f54) at token_cache.c:314
#2  0x2484e in tcm_destroy (tcm=0xa870c) at token_cache.c:328
#3  0x1dc66 in php3_request_shutdown (dummy=0x0) at main.c:728
#4  0x1fc35 in main (argc=3, argv=0xefbfdefc) at main.c:1790

To be perfectly honest, I think this is a different crash.
Maybe that's obvious from the stack trace. All I know is
that the code is dying in a different place than previously.

Core was generated by `cardbot.php3'.
Program terminated with signal 11, Segmentation fault.
#0  pval_destructor (pvalue=0x0) at variables.c:76
76              if (pvalue->type == IS_STRING) {
(gdb) bt
#0  pval_destructor (pvalue=0x0) at variables.c:76
#1  0x2480e in tc_destroy (tc=0x100d15c) at token_cache.c:314
#2  0x2484e in tcm_destroy (tcm=0xa870c) at token_cache.c:328
#3  0x1dc66 in php3_request_shutdown (dummy=0x0) at main.c:728
#4  0x1fc35 in main (argc=3, argv=0xefbfdefc) at main.c:1790

I keep paring my script back, removing and rewriting
functionality. At most this buys me one night's run.
Here's tonight's backtrace:

Program terminated with signal 11, Segmentation fault.
#0  0x84b73 in memcpy ()
(gdb) bt
#0  0x84b73 in memcpy ()
#1  0xefbfd29c in ?? ()
#2  0x10cd9 in phpparse () at language-parser.y:708
#3  0x1f15a in php3_parse (yyin=0xa6d54) at main.c:1465
#4  0x1fbe5 in main (argc=3, argv=0xefbfdefc) at main.c:1773