[Dovecot] panic with search
Hello,
My imap daemon get SIGABRT with following message. "pool_data_stack_realloc(): stack frame changed"
This is caused with cvs head sources.(and or not with my last 2 patches.)
This causes while doing search command. This is IMAP command log:
- PREAUTH [CAPABILITY IMAP4rev1 SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS] Logged in as mailtest
- select inbox
- FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
- OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
- 135 EXISTS
- 0 RECENT
- OK [UNSEEN 1] First unseen.
- OK [UIDVALIDITY 1102574212] UIDs valid
- OK [UIDNEXT 139] Predicted next UID
- OK [READ-WRITE] Select completed.
- search body "hoge" imap(mailtest): Panic: pool_data_stack_realloc(): stack frame changed Aborted
I'll attach backtrace just before print panic messages. If maildir and messages are need for debug, please request to me.
thanks,
Kazuo Moriwaka moriwaka@valinux.co.jp
(gdb) bt
#0 printf_string_upper_bound (format_p=0xbffff848, args=0xbffff884 "$B}?(x??(Bq\n\b$B8y(B\f\b\210w\f\b$B8x(B?\017e\n\b\210w\f\b$BPw(B\f\b") at printf-upper-bound.c:78 #1 0x080a7640 in default_handler (prefix=0x80c226a "Panic: ", f=0x41149fe0, format=0x80c3300 "pool_data_stack_realloc(): stack frame changed", args=0xbffff884 "
$B}?(x??(Bq\n\b$B8y(B\f\b\210w\f\b$B8x(B?\017e\n\b\210w\f\b$BPw(B\f\b") at failures.c:99
#2 0x080a76b8 in default_panic_handler (format=0x80c3300 "pool_data_stack_realloc(): stack frame changed",
args=0xbffff884 "$B}?(x??(Bq\n\b$B8y(B\f\b\210w\f\b$B8x(B?\017e\n\b\210w\f\b$BPw(B\f\b") at failures.c:115 #3 0x080a786a in i_panic (format=0x80c3300 "pool_data_stack_realloc(): stack frame changed") at failures.c:173 #4 0x080afd33 in pool_data_stack_realloc (pool=0x80c7788, mem=0x80c77d0, old_size=256, new_size=8192) at mempool-datastack.c:110 #5 0x080a650f in buffer_alloc (buf=0x80c77b0, size=8192) at buffer.c:32 #6 0x080a6c74 in buffer_check_limits (buf=0x80c77b0, pos=1, data_size=4096) at buffer.c:57 #7 0x080a6a49 in buffer_copy (_dest=0x80c77b0, dest_pos=1, _src=0x80c7950, src_pos=0, copy_size=4096) at buffer.c:227 #8 0x080a6acd in buffer_append_buf (dest=0x80c77b0, src=0x80c7950, src_pos=0, copy_size=4096) at buffer.c:240 #9 0x080a0a71 in message_search_body_block (ctx=0xbffffa00, block=0x80c7950) at message-body-search.c:229 #10 0x080a0e4e in message_search_body (ctx=0xbffffa00, input=0x80de170, part=0x80dede0) at message-body-search.c:336 #11 0x080a1135 in message_body_search_ctx (ctx=0xbffffa60, input=0x80ddf08, part=0x80dede0) at message-body-search.c:408 #12 0x080a11ff in message_body_search (key=0x80d4f60 "hoge", charset=0x0, unknown_charset=0xbffffabc, input=0x80ddf08, part=0x80dede0, search_header=0) at message-body-search.c:433 #13 0x0807f58a in search_body (arg=0x80d4f38, context=0xbffffb40) at index-search.c:467 #14 0x08098278 in search_arg_foreach (arg=0x80d4f38, callback=0x807f4f0 <search_body>, context=0xbffffb40) at mail-search.c:81 #15 0x080982a8 in mail_search_args_foreach (args=0x80d4f38, callback=0x807f4f0 <search_body>, context=0xbffffb40) at mail-search.c:93 #16 0x0807f82b in search_arg_match_text (args=0x80d4f38, ctx=0x80dec88) at index-search.c:545 #17 0x08080011 in search_match_next (ctx=0x80dec88) at index-search.c:813 #18 0x080800bf in index_storage_search_next (_ctx=0x80dec88) at index-search.c:837 #19 0x08098e38 in mailbox_search_next (ctx=0x80dec88) at mail-storage.c:397 #20 0x0805787c in imap_search (client=0x80d0cf8, charset=0x0, sargs=0x80d4f38) at cmd-search.c:32 #21 0x08057baf in cmd_search (client=0x80d0cf8) at cmd-search.c:97 #22 0x08059c2e in client_handle_input (client=0x80d0cf8) at client.c:324 #23 0x08059d2e in _client_input (context=0x80d0cf8) at client.c:368 #24 0x080ae2f8 in io_loop_handler_run (ioloop=0x80cfa58) at ioloop-poll.c:184 #25 0x080ad4c1 in io_loop_run (ioloop=0x80cfa58) at ioloop.c:218 #26 0x080637d0 in main (argc=1, argv=0xbffffdd4, envp=0xbffffddc) at main.c:224 (gdb) up #1 0x080a7640 in default_handler (prefix=0x80c226a "Panic: ", f=0x41149fe0, format=0x80c3300 "pool_data_stack_realloc(): stack frame changed", args=0xbffff884 "
$B}?(x??(Bq\n\b$B8y(B\f\b\210w\f\b$B8x(B?\017e\n\b\210w\f\b$BPw(B\f\b") at failures.c:99
99 (void)printf_string_upper_bound(&format, args);
(gdb) up
#2 0x080a76b8 in default_panic_handler (format=0x80c3300 "pool_data_stack_realloc(): stack frame changed",
args=0xbffff884 "`$B}?(x??(Bq\n\b$B8y(B\f\b\210w\f\b$B8x(B?\017e\n\b\210w\f\b$BPw(B\f\b") at failures.c:115
115 (void)default_handler("Panic: ", log_fd, format, args);
(gdb) up
#3 0x080a786a in i_panic (format=0x80c3300 "pool_data_stack_realloc(): stack frame changed") at failures.c:173
173 panic_handler(format, args);
(gdb) up
#4 0x080afd33 in pool_data_stack_realloc (pool=0x80c7788, mem=0x80c77d0, old_size=256, new_size=8192) at mempool-datastack.c:110
110 i_panic("pool_data_stack_realloc(): stack frame changed");
(gdb) list
105 /* @UNSAFE */
106 if (new_size == 0 || new_size > SSIZE_T_MAX)
107 i_panic("Trying to allocate %"PRIuSIZE_T" bytes", new_size);
108
109 if (dpool->data_stack_frame != data_stack_frame)
110 i_panic("pool_data_stack_realloc(): stack frame changed");
111
112 if (mem == NULL)
113 return pool_data_stack_malloc(pool, new_size);
114
(gdb) p dpool
$18 = (struct datastack_pool *) 0x80c7788
(gdb) p *dpool
$19 = {pool = {get_name = 0x80afbd5
On Mon, 2004-12-20 at 20:23 +0900, Kazuo Moriwaka wrote:
My imap daemon get SIGABRT with following message. "pool_data_stack_realloc(): stack frame changed"
Message searching code is a bit bad (and mostly unchanged for 2 years), probably could use a rewrite.. Fixed this in CVS and committed your other patches.
participants (2)
-
Kazuo Moriwaka
-
Timo Sirainen