Brandon Davidson
2009-Oct-15 00:14 UTC
[Dovecot] Dovecot 1.2.6 segfault in imap_fetch_begin
We recently upgraded from Dovecot 1.2.4 to 1.2.6 (with the sieve patches of course). Everything has been running quite well since the upgrade. The occasional issue with assert-crashing when expunging has gone away. However, one of our users seems to have triggered a new issue. She's been the only one to see it, but whenever she logs in, her imap process segfaults immediately. It appears that the crash is a null pointer deref in the array library, but I'm not sure what code is at fault for calling in without checking array validity... or even if I'm on the right track. Backtraces and some further information are available here. Cores available on request. http://uoregon.edu/~brandond/dovecot-1.2.6/bt.txt Thanks, -Brad
On Wed, 2009-10-14 at 17:14 -0700, Brandon Davidson wrote:> Backtraces and some further information are available here. Cores > available on request. > http://uoregon.edu/~brandond/dovecot-1.2.6/bt.txt-O2 compiling has dropped one stage from the backtrace, but I think this will fix the crash: http://hg.dovecot.org/dovecot-1.2/rev/352eab3d6ade There are also a few other bugs in QRESYNC handling that get fixed by these: http://hg.dovecot.org/dovecot-1.2/rev/f7f0bff8438a http://hg.dovecot.org/dovecot-1.2/rev/51329696ecf5 http://hg.dovecot.org/dovecot-1.2/rev/73c4a7d325fe I guess it would be time for 1.2.7 somewhat soon.. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20091014/efce3ed6/attachment-0002.bin>
Brandon Davidson
2009-Oct-15 00:51 UTC
[Dovecot] Dovecot 1.2.6 segfault in imap_fetch_begin
Timo,> -----Original Message----- > -O2 compiling has dropped one stage from the backtrace, but I thinkthis> will fix the crash: > <snip> > I guess it would be time for 1.2.7 somewhat soon..Thanks! As always, you're one step ahead of us with the bug fixes! I've got one more for you that just popped up. I'm guessing that it's also due to expunging causing sequence numbers to mixed up, and one of the existing patches will fix it? The error from the logs is: Panic: file mail-transaction-log-view.c: line 108 (mail_transaction_log_view_set): assertion failed: (min_file_seq <max_file_seq) Raw backtrace: imap [0x49e4a0] -> imap [0x49e503] -> imap [0x49db66] -> imap(mail_transaction_log_view_set+0x4ac) [0x48651c] -> imap(mail_index_view_sync_begin+0xe5) [0x480055] -> imap(index_mailbox_sync_init+0x7f) [0x45e84f] -> imap(maildir_storage_sync_init+0x100) [0x43cd30] -> imap(imap_sync_init+0x67) [0x428257] -> imap(cmd_sync_delayed+0x174) [0x4284a4] -> imap(client_handle_input+0x19e) [0x420aee] -> imap(client_input+0x5f) [0x4214df] -> imap(io_loop_handler_run+0xf8) [0x4a61f8] -> imap(io_loop_run+0x1d) [0x4a530d] -> imap(main+0x620) [0x428da0] -> /lib64/libc.so.6(__libc_start_main+0xf4) [0x31d5a1d994] -> imap [0x419a89] dovecot: child 11758 (imap) killed with signal 6 (core dumped) Backtrace and such here: http://uoregon.edu/~brandond/dovecot-1.2.6/bt2.txt Thanks again, -Brad