>Need your valuable inputs once we start into debugging the core.
The first thing to do is find the address of the memory being freed. This should be in $r32 in frames 3, 2 and 1. Make sure you check to make sure they match. It is possible that the register was reused in one of the frames.
Once you do get the memory address, you should look at the contents to see if it matches what is being freed and to see if the previous memory region overwrote it:
(gdb) x /80wx address - 8*8
(gdb) x /20s address - 8*8
Before each region is a header. The header contains a pointer to the previous block and a length of the current block. The low order bits are flags. If this pointer or length is overwritten, then you have these aborts.
Also, dumping the registers and disassembling the instructions around the abort would help:
(gdb) bt
(gdb) info reg
(gdb) disas $pc-16*12 $pc+16*4
You might also want to try a small test program and corrupt the heap and see what you get.
