On Tue, Apr 27, 2010 at 09:06:46PM +0200, Jens Elkner wrote:
> t...@150 (l...@150) terminated by signal SEGV (no mapping at the fault 
> address)
> 0xff2570a8: t_splay+0x0010:     ld       [%o2 + 8], %o1
> Current function is dec_argv
>  1764           s = (char **)malloc((nelem + 1) * (sizeof *s));
> (dbx) where                                                                  
> current thread: t...@150
>   [1] t_splay(0x85a04, 0x0, 0x1fffff, 0x85808, 0x0, 0xff337480), at 
> 0xff2570a8 
>   [2] t_delete(0x85a04, 0x1fc, 0x1fffff, 0xff256f30, 0xff3303a8, 0x0), at 
> 0xff256f30 
>   [3] realfree(0x85800, 0x1ff, 0xd98dc, 0x8b7a0, 0x0, 0x8a768), at 0xff256b44 
>   [4] cleanfree(0x0, 0xe, 0xd902c, 0x0, 0xff3303a8, 0xff3392a4), at 
> 0xff2573cc 
>   [5] _malloc_unlocked(0x28, 0x0, 0x0, 0x0, 0xfffffffc, 0x0), at 0xff256524 
>   [6] malloc(0x24, 0x1, 0xd9fd8, 0x0, 0xff3303a8, 0xff33a518), at 0xff256414 
> =>[7] dec_argv(buf = 0x88459 "i", len = 68U), line 1764 in "engine.c"
>   [8] st_macros(g = 0xfd6fbe90), line 1481 in "engine.c"
>   [9] mi_engine(ctx = 0x81630), line 405 in "engine.c"
>   [10] mi_handle_session(ctx = 0x81630), line 45 in "handler.c"
>   [11] mi_thread_handle_wrapper(arg = 0x81630), line 579 in "listener.c"
<...>
> Is anybody able to spot, what's going wrong here? 

This looks like a classic case of heap corruption.  You've died in
t_splay while trying to coalese free blocks before performing an
allocation.  Sometimes this happens when an object is double-free'd,
when you free an object that wasn't allocated by the allocator, or other
similar mistakes.

Can you run this application under libumem?  It has a bunch of debugging
features that might help you out here.

This is what I typically use when trying to debug heap corruption.  What 
follows is for a 32-bit application.  Omit the _32 if you're 64-bit.

LD_PRELOAD_32=libumem.so
UMEM_DEBUG='audit=50,guards,contents'
UMEM_LOGGING='transaction,fail,contents'

export LD_PRELOAD_32 UMEM_DEBUG UMEM_LOGGING

HTH,

-j
_______________________________________________
opensolaris-code mailing list
opensolaris-code@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/opensolaris-code

Reply via email to