Pierangelo Masarati ando@sys-net.it writes:
dieter@dkluenter.de wrote:
(gdb) bt #0 0xb7a67139 in free () from /lib/libc.so.6 #1 0xb7ec128a in ber_memfree_x (p=0x2001, ctx=0x0) at memory.c:152 #2 0x0808f556 in ch_free () #3 0xb76f458c in ppolicy_restrict (op=0xa0a50d54, rs=0xa0a51148) at ppolicy.c:1245
I suspect this free occurs an internal operation initiated with connection_fake_init(); can you check, from the core, if the value of op->o_conn->c_conn_idx is -1?
OK, now again frome the beginning:
,----[ backtrace ] | (gdb) bt | #0 0xb7ac6139 in free () from /lib/libc.so.6 | #1 0xb7f2028a in ber_memfree_x (p=0x2001, ctx=0x0) at memory.c:152 | #2 0x0809b1f2 in ch_free (ptr=0x2009) at ch_malloc.c:139 | #3 0xb775358c in ppolicy_restrict (op=0xa2253d54, rs=0xa2254148) | at ppolicy.c:1245 | #4 0x080f0c5a in overlay_op_walk (op=0xa2253d54, rs=0xa2254148, | which=op_search, oi=0x829d5d8, on=0x82a1190) at backover.c:642 | #5 0x080f0e91 in over_op_func (op=0xa2253d54, rs=0xa2254148, which=op_search) | at backover.c:704 | #6 0x080f0f15 in over_op_search (op=0xa2253d54, rs=0xa2254148) | at backover.c:726 | #7 0xb773f893 in dds_expire (ctx=0xa2254238, di=0x82a4898) at dds.c:181 | #8 0xb773fe4f in dds_expire_fn (ctx=0xa2254238, arg=0x829cc48) at dds.c:260 | #9 0xb7f334d2 in ldap_int_thread_pool_wrapper (xpool=0x82507b0) at tpool.c:625 | #10 0xb7d4f192 in start_thread () from /lib/libpthread.so.0 | #11 0xb7b2102e in clone () from /lib/libc.so.6 `----
,----[ frame ] | (gdb) frame 3 | #3 0xb775358c in ppolicy_restrict (op=0xa2253d54, rs=0xa2254148) | at ppolicy.c:1245 | 1245 ch_free( pwcons[op->o_conn->c_conn_idx].dn.bv_val ); | (gdb) `----
This shows three memory regions
,----[ memory values ] | (gdb) x/c 0xb775358c | 0xb775358c <ppolicy_restrict+108>: -117 '\213' | (gdb) | | (gdb) x/c 0xa2253d54 | 0xa2253d54: 40 '(' | (gdb) | | (gdb) x/c 0xa2254148 | 0xa2254148: 0 '\0' | (gdb) `----
I hope this is more informative.
-Dieter