[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6074) SEGV in pthread_mutex_lock()



Similar outcome, possibly the same issue, except now I'm looking with 
libumem, so this should Actually Be A Bad Free (in theory). The default 
transaction history buffer wasn't big enough to have the block history, 
unfortunately. I'll play with it some more, and also see if I can 
reproduce in tests/, over the next week or two...


current thread: t@19
   [1] __lwp_kill(0x0, 0x6, 0xffffffffffffffe6, 0xffffffff7f212590, 0x2f, 0xffffffff7f3241d0), at 0xffffffff7eea8b8c
   [2] raise(0x6, 0x0, 0x0, 0xffffffff42e7e158, 0x0, 0xffffffff42e7e7f8), at 0xffffffff7ee58cd0
   [3] umem_do_abort(0xb, 0xffffffff7f21f384, 0x25730a00, 0x7efefeff, 0x81010100, 0xff00), at 0xffffffff7f212590
   [4] umem_err_recoverable(0xffffffff7f21f378, 0xffffffff7f32a6f8, 0x12179c850, 0xffffffff7f21f358, 0x3a10c000, 0x0), at 0xffffffff7f212834
   [5] process_free(0x12179c850, 0x1, 0x0, 0x0, 0x2, 0x0), at 0xffffffff7f2120d4 
=>[6] ber_memfree_x(p = 0x12179c850, ctx = (nil)), line 152 in "memory.c"
   [7] ch_free(ptr = 0x12179c850), line 139 in "ch_malloc.c"
   [8] hdb_entry_return(e = 0x107e8a888), line 218 in "id2entry.c"
   [9] hdb_cache_lru_purge(bdb = 0x1009c13d0), line 756 in "cache.c"
   [10] hdb_cache_find_id(op = 0x1281699d0, tid = 0x12675fe90, id = 12840U, eip = 0xffffffff42e7e848, flag = 0, lock = 0xffffffff42e7e7f8), line 1053 in "cache.c"
   [11] hdb_search(op = 0x1281699d0, rs = 0xffffffff42fff998), line 706 in "search.c"
   [12] glue_sub_search(op = 0x1281699d0, rs = 0xffffffff42fff998, b0 = 0xffffffff42ffeda8, on = 0x100700dd0), line 342 in "backglue.c"
   [13] glue_op_search(op = 0x1281699d0, rs = 0xffffffff42fff998), line 465 in "backglue.c"
   [14] overlay_op_walk(op = 0x1281699d0, rs = 0xffffffff42fff998, which = op_search, oi = 0x100701010, on = 0x100700dd0), line 659 in "backover.c"
   [15] over_op_func(op = 0x1281699d0, rs = 0xffffffff42fff998, which = op_search), line 721 in "backover.c"
   [16] over_op_search(op = 0x1281699d0, rs = 0xffffffff42fff998), line 743 in "backover.c"
   [17] fe_op_search(op = 0x1281699d0, rs = 0xffffffff42fff998), line 366 in "search.c"
   [18] overlay_op_walk(op = 0x1281699d0, rs = 0xffffffff42fff998, which = op_search, oi = 0x1007016d0, on = (nil)), line 669 in "backover.c"
   [19] over_op_func(op = 0x1281699d0, rs = 0xffffffff42fff998, which = op_search), line 721 in "backover.c"
   [20] over_op_search(op = 0x1281699d0, rs = 0xffffffff42fff998), line 743 in "backover.c"
   [21] do_search(op = 0x1281699d0, rs = 0xffffffff42fff998), line 217 in "search.c"
   [22] connection_operation(ctx = 0xffffffff42fffc20, arg_v = 0x1281699d0), line 1097 in "connection.c"
   [23] connection_read_thread(ctx = 0xffffffff42fffc20, argv = 0xbd), line 1223 in "connection.c"
   [24] ldap_int_thread_pool_wrapper(xpool = 0x10064b6a0), line 663 in "tpool.c"