[Dovecot] panic with search

20 Dec 2004

      Hello,
My imap daemon get SIGABRT with following message.
"pool_data_stack_realloc(): stack frame changed"
This is caused with cvs head sources.(and or not with my last 2 patches.)
This causes while doing search command.
This is IMAP command log:

PREAUTH [CAPABILITY IMAP4rev1 SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS] Logged in as mailtest
select inbox
FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
135 EXISTS
0 RECENT
OK [UNSEEN 1] First unseen.
OK [UIDVALIDITY 1102574212] UIDs valid
OK [UIDNEXT 139] Predicted next UID
OK [READ-WRITE] Select completed.
search body "hoge"
imap(mailtest): Panic: pool_data_stack_realloc(): stack frame changed
Aborted

I'll attach backtrace just before print panic messages.
If maildir and messages are need for debug, please request to me.
thanks,
Kazuo Moriwaka
moriwaka@valinux.co.jp
(gdb) bt
#0  printf_string_upper_bound (format_p=0xbffff848, args=0xbffff884 "$B}?(x??(Bq\n\b$B8y(B\f\b\210w\f\b$B8x(B?\017e\n\b\210w\f\b$BPw(B\f\b")     at printf-upper-bound.c:78 #1  0x080a7640 in default_handler (prefix=0x80c226a "Panic: ", f=0x41149fe0,      format=0x80c3300 "pool_data_stack_realloc(): stack frame changed",      args=0xbffff884 "$B}?(x??(Bq\n\b$B8y(B\f\b\210w\f\b$B8x(B?\017e\n\b\210w\f\b$BPw(B\f\b") at failures.c:99
#2  0x080a76b8 in default_panic_handler (format=0x80c3300 "pool_data_stack_realloc(): stack frame changed",
args=0xbffff884 "$B}?(x??(Bq\n\b$B8y(B\f\b\210w\f\b$B8x(B?\017e\n\b\210w\f\b$BPw(B\f\b") at failures.c:115 #3  0x080a786a in i_panic (format=0x80c3300 "pool_data_stack_realloc(): stack frame changed") at failures.c:173 #4  0x080afd33 in pool_data_stack_realloc (pool=0x80c7788, mem=0x80c77d0, old_size=256, new_size=8192) at mempool-datastack.c:110 #5  0x080a650f in buffer_alloc (buf=0x80c77b0, size=8192) at buffer.c:32 #6  0x080a6c74 in buffer_check_limits (buf=0x80c77b0, pos=1, data_size=4096) at buffer.c:57 #7  0x080a6a49 in buffer_copy (_dest=0x80c77b0, dest_pos=1, _src=0x80c7950, src_pos=0, copy_size=4096) at buffer.c:227 #8  0x080a6acd in buffer_append_buf (dest=0x80c77b0, src=0x80c7950, src_pos=0, copy_size=4096) at buffer.c:240 #9  0x080a0a71 in message_search_body_block (ctx=0xbffffa00, block=0x80c7950) at message-body-search.c:229 #10 0x080a0e4e in message_search_body (ctx=0xbffffa00, input=0x80de170, part=0x80dede0) at message-body-search.c:336 #11 0x080a1135 in message_body_search_ctx (ctx=0xbffffa60, input=0x80ddf08, part=0x80dede0) at message-body-search.c:408 #12 0x080a11ff in message_body_search (key=0x80d4f60 "hoge", charset=0x0, unknown_charset=0xbffffabc, input=0x80ddf08, part=0x80dede0,      search_header=0) at message-body-search.c:433 #13 0x0807f58a in search_body (arg=0x80d4f38, context=0xbffffb40) at index-search.c:467 #14 0x08098278 in search_arg_foreach (arg=0x80d4f38, callback=0x807f4f0 <search_body>, context=0xbffffb40) at mail-search.c:81 #15 0x080982a8 in mail_search_args_foreach (args=0x80d4f38, callback=0x807f4f0 <search_body>, context=0xbffffb40) at mail-search.c:93 #16 0x0807f82b in search_arg_match_text (args=0x80d4f38, ctx=0x80dec88) at index-search.c:545 #17 0x08080011 in search_match_next (ctx=0x80dec88) at index-search.c:813 #18 0x080800bf in index_storage_search_next (_ctx=0x80dec88) at index-search.c:837 #19 0x08098e38 in mailbox_search_next (ctx=0x80dec88) at mail-storage.c:397 #20 0x0805787c in imap_search (client=0x80d0cf8, charset=0x0, sargs=0x80d4f38) at cmd-search.c:32 #21 0x08057baf in cmd_search (client=0x80d0cf8) at cmd-search.c:97 #22 0x08059c2e in client_handle_input (client=0x80d0cf8) at client.c:324 #23 0x08059d2e in _client_input (context=0x80d0cf8) at client.c:368 #24 0x080ae2f8 in io_loop_handler_run (ioloop=0x80cfa58) at ioloop-poll.c:184 #25 0x080ad4c1 in io_loop_run (ioloop=0x80cfa58) at ioloop.c:218 #26 0x080637d0 in main (argc=1, argv=0xbffffdd4, envp=0xbffffddc) at main.c:224 (gdb) up #1  0x080a7640 in default_handler (prefix=0x80c226a "Panic: ", f=0x41149fe0,      format=0x80c3300 "pool_data_stack_realloc(): stack frame changed",      args=0xbffff884 "$B}?(x??(Bq\n\b$B8y(B\f\b\210w\f\b$B8x(B?\017e\n\b\210w\f\b$BPw(B\f\b") at failures.c:99
99	                (void)printf_string_upper_bound(&format, args);
(gdb) up
#2  0x080a76b8 in default_panic_handler (format=0x80c3300 "pool_data_stack_realloc(): stack frame changed",
args=0xbffff884 "`$B}?(x??(Bq\n\b$B8y(B\f\b\210w\f\b$B8x(B?\017e\n\b\210w\f\b$BPw(B\f\b") at failures.c:115
115		(void)default_handler("Panic: ", log_fd, format, args);
(gdb) up
#3  0x080a786a in i_panic (format=0x80c3300 "pool_data_stack_realloc(): stack frame changed") at failures.c:173
173		panic_handler(format, args);
(gdb) up
#4  0x080afd33 in pool_data_stack_realloc (pool=0x80c7788, mem=0x80c77d0, old_size=256, new_size=8192) at mempool-datastack.c:110
110			i_panic("pool_data_stack_realloc(): stack frame changed");
(gdb) list
105		/* @UNSAFE */
106		if (new_size == 0 || new_size > SSIZE_T_MAX)
107			i_panic("Trying to allocate %"PRIuSIZE_T" bytes", new_size);
108	
109		if (dpool->data_stack_frame != data_stack_frame)
110			i_panic("pool_data_stack_realloc(): stack frame changed");
111	
112		if (mem == NULL)
113			return pool_data_stack_malloc(pool, new_size);
114	
(gdb) p dpool
$18 = (struct datastack_pool *) 0x80c7788
(gdb) p *dpool
$19 = {pool = {get_name = 0x80afbd5 , ref = 0x80afbdf ,
unref = 0x80afc0d , malloc = 0x80afc70 , free = 0x80afcc4 ,
realloc = 0x80afcec , clear = 0x80afdd0 , alloconly_pool = 1, datastack_pool = 1},
refcount = 1, data_stack_frame = 5}
(gdb) p *dpool->data_stack_frame
Cannot access memory at address 0x5
(gdb) p dpool->data_stack_frame
$20 = 5
(gdb) p data_stack_frame
$21 = 7

Kazuo Moriwaka

This causes while doing search command. This is IMAP command log:

thanks,

Timo Sirainen

tags

participants (2)