Skip to main content.
home | support | download

Back to List Archive

Memory free error! At mem.c line 653

From: J Robinson <jrobinson852(at)not-real.yahoo.com>
Date: Fri Nov 14 2003 - 14:30:13 GMT
Hello All;

About 6 days ago, I started seeing lines like this in
my mod_perl error log:

[Fri Nov 14 14:02:14 2003] [notice] child pid 29669
exit signal Segmentation fault (11)

Which I tracked down to SWISH::API.  I found that when
searching my (rather large) index with SWISH::API,
some searches would usually (but not always) cause
segfaults and dump core. 

My intuition tells me this has something to do with
using large swishdescription fields-- indices with
larger swishdescription fields seem to exhibit the
problem more -- but this is anecdotal and
non-scientific.  I haven't yet been able to correlate
the beginning of the segfaults occuring to any
particular changes I made.

I have been able to reproduce the segfault from the
command line using my SWISH::API client. Examining the
resulting core dump file always leads to a call to
'chunk_free()' -- here's a typical stack trace:

(gdb) where
#0  0x400d81e9 in chunk_free (ar_ptr=0x40189c80,
p=0x8aad548) at malloc.c:3242
#1  0x400d7fc0 in __libc_free (mem=0x8aad550) at
malloc.c:3154
#2  0x080bb401 in Perl_rxres_free ()
#3  0x080bb156 in Perl_pp_substcont ()
#4  0x0809a068 in Perl_runops_standard ()
#5  0x0805c57a in S_run_body ()
#6  0x0805c2db in perl_run ()
#7  0x08059f21 in main ()
#8  0x40077336 in __libc_start_main (main=0x8059eb0
<main>, argc=3, ubp_av=0xbffffab4, init=0x80590b4
<_init>, 
    fini=0x80e3810 <_fini>, rtld_fini=0x4000d2fc
<_dl_fini>, stack_end=0xbffffaac)
    at ../sysdeps/generic/libc-start.c:129
(gdb)  

The five stack traces I examined were all different,
but all went through 'Perl_runops_standard ()' and
ended with chunk_free().

Poking around in the archives, I discovered that
swish-e had a --enable-memdebug option that looked
like it might help debug this problem. Using it
yielded:

..(searching) ...
Memory free error! At mem.c line 653
Already free: 08A9B8A8

Memory free error! At mem.c line 653
Head Guard 1 overwritten: 08A9B898

Memory free error! At mem.c line 653
Head Guard 2 overwritten: 08A9B8A4

Memory free error! At mem.c line 653
Tail Guard overwritten: 08A9B8A7

Memory free error! At metanames.c line 403
Address FFFFFFFF not longword aligned
Segmentation fault (core dumped)

Perhaps this will help the developers spot a bug (if
one indeed exists).

I'm in the process of trying to reproduce the crash on
a second machine and create a reproducable bug report.
Will report back when I have some more substantial to
tell.  

In the meantime, has anyone else seen anything like
this? Any suggestions for fixes/workarounds?

Best,
  jrobinson

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree
Received on Fri Nov 14 14:30:19 2003