[Dovecot] panic with search

Kazuo Moriwaka moriwaka at valinux.co.jp
Mon Dec 20 13:23:59 EET 2004 

Hello,

My imap daemon get SIGABRT with following message.
"pool_data_stack_realloc(): stack frame changed"

This is caused with cvs head sources.(and or not with my last 2 patches.)

This causes while doing search command.
This is IMAP command log:
---------------------------------------------------------------------------
* PREAUTH [CAPABILITY IMAP4rev1 SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS] Logged in as mailtest
* select inbox
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
* 135 EXISTS
* 0 RECENT
* OK [UNSEEN 1] First unseen.
* OK [UIDVALIDITY 1102574212] UIDs valid
* OK [UIDNEXT 139] Predicted next UID
* OK [READ-WRITE] Select completed.
* search body "hoge"
imap(mailtest): Panic: pool_data_stack_realloc(): stack frame changed
Aborted
---------------------------------------------------------------------------
I'll attach backtrace just before print panic messages.
If maildir and messages are need for debug, please request to me.

thanks,
-- 
Kazuo Moriwaka 
moriwaka at valinux.co.jp
-------------- next part --------------
(gdb) bt
#0  printf_string_upper_bound (format_p=0xbffff848, args=0xbffff884 "`$B}?(x??(Bq\n\b$B8y(B\f\b\210w\f\b$B8x(B?\017e\n\b\210w\f\b$BPw(B\f\b")
    at printf-upper-bound.c:78
#1  0x080a7640 in default_handler (prefix=0x80c226a "Panic: ", f=0x41149fe0, 
    format=0x80c3300 "pool_data_stack_realloc(): stack frame changed", 
    args=0xbffff884 "`$B}?(x??(Bq\n\b$B8y(B\f\b\210w\f\b$B8x(B?\017e\n\b\210w\f\b$BPw(B\f\b") at failures.c:99
#2  0x080a76b8 in default_panic_handler (format=0x80c3300 "pool_data_stack_realloc(): stack frame changed", 
    args=0xbffff884 "`$B}?(x??(Bq\n\b$B8y(B\f\b\210w\f\b$B8x(B?\017e\n\b\210w\f\b$BPw(B\f\b") at failures.c:115
#3  0x080a786a in i_panic (format=0x80c3300 "pool_data_stack_realloc(): stack frame changed") at failures.c:173
#4  0x080afd33 in pool_data_stack_realloc (pool=0x80c7788, mem=0x80c77d0, old_size=256, new_size=8192) at mempool-datastack.c:110
#5  0x080a650f in buffer_alloc (buf=0x80c77b0, size=8192) at buffer.c:32
#6  0x080a6c74 in buffer_check_limits (buf=0x80c77b0, pos=1, data_size=4096) at buffer.c:57
#7  0x080a6a49 in buffer_copy (_dest=0x80c77b0, dest_pos=1, _src=0x80c7950, src_pos=0, copy_size=4096) at buffer.c:227
#8  0x080a6acd in buffer_append_buf (dest=0x80c77b0, src=0x80c7950, src_pos=0, copy_size=4096) at buffer.c:240
#9  0x080a0a71 in message_search_body_block (ctx=0xbffffa00, block=0x80c7950) at message-body-search.c:229
#10 0x080a0e4e in message_search_body (ctx=0xbffffa00, input=0x80de170, part=0x80dede0) at message-body-search.c:336
#11 0x080a1135 in message_body_search_ctx (ctx=0xbffffa60, input=0x80ddf08, part=0x80dede0) at message-body-search.c:408
#12 0x080a11ff in message_body_search (key=0x80d4f60 "hoge", charset=0x0, unknown_charset=0xbffffabc, input=0x80ddf08, part=0x80dede0, 
    search_header=0) at message-body-search.c:433
#13 0x0807f58a in search_body (arg=0x80d4f38, context=0xbffffb40) at index-search.c:467
#14 0x08098278 in search_arg_foreach (arg=0x80d4f38, callback=0x807f4f0 <search_body>, context=0xbffffb40) at mail-search.c:81
#15 0x080982a8 in mail_search_args_foreach (args=0x80d4f38, callback=0x807f4f0 <search_body>, context=0xbffffb40) at mail-search.c:93
#16 0x0807f82b in search_arg_match_text (args=0x80d4f38, ctx=0x80dec88) at index-search.c:545
#17 0x08080011 in search_match_next (ctx=0x80dec88) at index-search.c:813
#18 0x080800bf in index_storage_search_next (_ctx=0x80dec88) at index-search.c:837
#19 0x08098e38 in mailbox_search_next (ctx=0x80dec88) at mail-storage.c:397
#20 0x0805787c in imap_search (client=0x80d0cf8, charset=0x0, sargs=0x80d4f38) at cmd-search.c:32
#21 0x08057baf in cmd_search (client=0x80d0cf8) at cmd-search.c:97
#22 0x08059c2e in client_handle_input (client=0x80d0cf8) at client.c:324
#23 0x08059d2e in _client_input (context=0x80d0cf8) at client.c:368
#24 0x080ae2f8 in io_loop_handler_run (ioloop=0x80cfa58) at ioloop-poll.c:184
#25 0x080ad4c1 in io_loop_run (ioloop=0x80cfa58) at ioloop.c:218
#26 0x080637d0 in main (argc=1, argv=0xbffffdd4, envp=0xbffffddc) at main.c:224
(gdb) up
#1  0x080a7640 in default_handler (prefix=0x80c226a "Panic: ", f=0x41149fe0, 
    format=0x80c3300 "pool_data_stack_realloc(): stack frame changed", 
    args=0xbffff884 "`$B}?(x??(Bq\n\b$B8y(B\f\b\210w\f\b$B8x(B?\017e\n\b\210w\f\b$BPw(B\f\b") at failures.c:99
99	                (void)printf_string_upper_bound(&format, args);
(gdb) up
#2  0x080a76b8 in default_panic_handler (format=0x80c3300 "pool_data_stack_realloc(): stack frame changed", 
    args=0xbffff884 "`$B}?(x??(Bq\n\b$B8y(B\f\b\210w\f\b$B8x(B?\017e\n\b\210w\f\b$BPw(B\f\b") at failures.c:115
115		(void)default_handler("Panic: ", log_fd, format, args);
(gdb) up
#3  0x080a786a in i_panic (format=0x80c3300 "pool_data_stack_realloc(): stack frame changed") at failures.c:173
173		panic_handler(format, args);
(gdb) up
#4  0x080afd33 in pool_data_stack_realloc (pool=0x80c7788, mem=0x80c77d0, old_size=256, new_size=8192) at mempool-datastack.c:110
110			i_panic("pool_data_stack_realloc(): stack frame changed");
(gdb) list
105		/* @UNSAFE */
106		if (new_size == 0 || new_size > SSIZE_T_MAX)
107			i_panic("Trying to allocate %"PRIuSIZE_T" bytes", new_size);
108	
109		if (dpool->data_stack_frame != data_stack_frame)
110			i_panic("pool_data_stack_realloc(): stack frame changed");
111	
112		if (mem == NULL)
113			return pool_data_stack_malloc(pool, new_size);
114	
(gdb) p dpool 
$18 = (struct datastack_pool *) 0x80c7788
(gdb) p *dpool
$19 = {pool = {get_name = 0x80afbd5 <pool_data_stack_get_name>, ref = 0x80afbdf <pool_data_stack_ref>, 
    unref = 0x80afc0d <pool_data_stack_unref>, malloc = 0x80afc70 <pool_data_stack_malloc>, free = 0x80afcc4 <pool_data_stack_free>, 
    realloc = 0x80afcec <pool_data_stack_realloc>, clear = 0x80afdd0 <pool_data_stack_clear>, alloconly_pool = 1, datastack_pool = 1}, 
  refcount = 1, data_stack_frame = 5}
(gdb) p *dpool->data_stack_frame
Cannot access memory at address 0x5
(gdb) p dpool->data_stack_frame
$20 = 5
(gdb) p data_stack_frame 
$21 = 7

More information about the dovecot mailing list