Chris Wakelin wrote:
dovecot-20070117.tar.gz seems to have fixed the reproducible crash, but I did get a couple of extra compiler warnings (gcc 3.3.2):-
mail-index.c: In function
mail_index_parse_extensions': mail-index.c:342: warning: comparison between signed and unsigned mail-index.c: In function
mail_index_map_clone': mail-index.c:1242: warning: comparison between signed and unsigned
Hi Timo,
I've got three reproducible rc17 crashes, all fixed in dovecot-20070117.tar.gz, and I've managed to get the same crashes in Solaris 10 on Sparc. However, Solaris 10 has walkcontext() so I've been able to use versions with the memdebug-* patches. The memdebug-delayed.diff version doesn't crash or log anything interesting, but the memdebug-bof.diff version does:
#0 0xff154dd8 in t_splay () from /lib/libc.so.1 #1 0xff154c68 in t_delete () from /lib/libc.so.1 #2 0xff15487c in realfree () from /lib/libc.so.1 #3 0xff155104 in cleanfree () from /lib/libc.so.1 #4 0xff15425c in _malloc_unlocked () from /lib/libc.so.1 #5 0xff15414c in malloc () from /lib/libc.so.1 #6 0xff140f10 in calloc () from /lib/libc.so.1 #7 0x00080644 in pool_system_malloc (pool=0xacd8c, size=28) at mempool-system.c:67 #8 0x0007dafc in timeout_add (msecs=1000, callback=0x5086c
, context=0x0) at ioloop.c:146 #9 0x00050924 in index_storage_unref (index=0xacc00) at index-storage.c:192 #10 0x00050bb4 in index_storage_mailbox_free (box=0xbee08) at index-storage.c:395 #11 0x000368f0 in mbox_storage_close (box=0xbee08) at mbox-storage.c:1086 #12 0x0006a14c in mailbox_close (_box=0xb8e78) at mail-storage.c:373 #13 0x00020760 in cmd_logout (cmd=0xb8ea4) at cmd-logout.c:18 #14 0x000229d8 in client_handle_input (cmd=0xb8ea4) at client.c:331 #15 0x00022950 in client_handle_input (cmd=0xb8ea4) at client.c:388 #16 0x00022b30 in _client_input (context=0xb8e60) at client.c:428 #17 0x0007e5d8 in io_loop_handler_run (ioloop=0xb5f38) at ioloop-poll.c:199 #18 0x0007deb8 in io_loop_run (ioloop=0xb5f38) at ioloop.c:281 #19 0x0002ae64 in main (argc=-4196408, argv=0xac000, envp=0xacc00) at main.c:280
for two of them and:
#0 0xff154dd8 in t_splay () from /lib/libc.so.1 #1 0xff154c68 in t_delete () from /lib/libc.so.1 #2 0xff1548a8 in realfree () from /lib/libc.so.1 #3 0xff155078 in _free_unlocked () from /lib/libc.so.1 #4 0xff154fb4 in free () from /lib/libc.so.1 #5 0x00077320 in _buffer_free (_buf=0xacfd0) at buffer.c:123 #6 0x00069860 in mail_storage_deinit () at array.h:80 #7 0x0002ae9c in main (argc=0, argv=0xac000, envp=0xacc00) at main.c:247
for the other.
Is this what you expected? Each case was LOGIN, SELECT, UID FETCH * BODY[], LOGOUT.
Best Wishes, Chris
-- --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+- Christopher Wakelin, c.d.wakelin@reading.ac.uk IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439 Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094