[Dovecot] segfault in RC15

Cor Bosman cor at xs4all.nl
Sun Dec 10 14:07:05 UTC 2006


Hi all, ive seen a few segfaults in RC15. It's hard for me to reproduce
but I was able to get a core when it happened with one of our customers.

RC15
FreeBSD 4.10
X86
NFS/NetApp
It's squirrelmail/webmail client. 
Can't reproduce it, cant turn on dovecot.rawlog because I dont know in
advance which customer will hit this. See it about 5 times per hour,
with thousands of logins per hour. 


Here's the backtrace..

Cor


------



Core was generated by `imap'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libc.so.4...done.
Reading symbols from /usr/local/lib/dovecot/imap/lib01_quota_plugin.so...done.
Reading symbols from /usr/lib/librpcsvc.so.2...done.
Reading symbols from /usr/local/lib/dovecot/imap/lib02_imap_quota_plugin.so...done.
Reading symbols from /usr/libexec/ld-elf.so.1...done.
#0  maildir_save_file_get_path (_t=0x80d72c0, seq=37) at maildir-save.c:242
242             i_assert(seq >= ctx->first_seq);
(gdb) bt full
#0  maildir_save_file_get_path (_t=0x80d72c0, seq=37) at maildir-save.c:242
        _t = (struct mailbox_transaction_context *) 0x80d72c0
        seq = 37
        ctx = (struct maildir_save_context *) 0x0
        mf = (struct maildir_filename *) 0x80d72c0
#1  0x80682ca in maildir_mail_get_virtual_size (_mail=0x80e9440) at maildir-mail.c:145
        mail = (struct index_mail *) 0x80e9440
        mbox = (struct maildir_mailbox *) 0x80d8c40
        data = (struct index_mail_data *) 0x80e94a4
        path = 0x80e94a4 ""
        fname = 0x80d72c0 "@\214\r\bà¶\f\b\004"
        virtual_size = 580366801855675066
        flags = 19
#2  0x8097b22 in mail_get_virtual_size (mail=0x80e9440) at mail.c:68
        mail = (struct mail *) 0x80d72c0
#3  0x805cf4d in fetch_rfc822_size (ctx=0x80de088, mail=0x80e9440, context=0x0) at imap-fetch-body.c:839
        ctx = (struct imap_fetch_context *) 0x80d72c0
        size = 135099072
#4  0x805b395 in imap_fetch (ctx=0x80de088) at imap-fetch.c:265
        ctx = (struct imap_fetch_context *) 0x80de088
        handlers = (struct imap_fetch_context_handler *) 0x80de1a8
        ret = 1
#5  0x8056e0b in cmd_fetch (cmd=0x80db044) at cmd-fetch.c:171
        cmd = (struct client_command_context *) 0x80db044
        client = (struct client *) 0x80db000
        ctx = (struct imap_fetch_context *) 0x80de088
        args = (struct imap_arg *) 0x80dc048
        search_arg = (struct mail_search_arg *) 0x80de050
        messageset = 0x25 <Address 0x25 out of bounds>
        ret = 135099072
#6  0x805955a in cmd_uid (cmd=0x80db044) at cmd-uid.c:19
        cmd = (struct client_command_context *) 0x80db044
        cmd_name = 0x80dc0f8 "FETCH"
#7  0x8059f45 in client_handle_input (cmd=0x80db044) at client.c:382
        cmd = (struct client_command_context *) 0x80db044
        client = (struct client *) 0x80db000
#8  0x805a01e in _client_input (context=0x80db000) at client.c:433
        client = (struct client *) 0x80db000
        cmd = (struct client_command_context *) 0x80db044
        ret = 2
#9  0x80a9608 in io_loop_handler_run (ioloop=0x80d7000) at ioloop-poll.c:199
        ctx = (struct ioloop_handler_context *) 0x80cb0a0
        pollfd = (struct pollfd *) 0x2
        tv = {tv_sec = 0, tv_usec = 888475}
        io = (struct io *) 0x80cb4a0
        t_id = 2
        msecs = 135099072
        ret = 0
        call = 135099072
#10 0x80a901d in io_loop_run (ioloop=0x80d7000) at ioloop.c:281
        ioloop = (struct ioloop *) 0x80d7000
#11 0x8060f1d in main (argc=1, argv=0xbfbff624, envp=0xbfbff62c) at main.c:280
No locals.




More information about the dovecot mailing list