From owner-freebsd-current@FreeBSD.ORG Mon Jan 16 16:43:18 2006 Return-Path: X-Original-To: freebsd-current@FreeBSD.org Delivered-To: freebsd-current@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D988916A41F for ; Mon, 16 Jan 2006 16:43:18 +0000 (GMT) (envelope-from jasone@freebsd.org) Received: from lh.synack.net (lh.synack.net [204.152.188.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id 142C543D49 for ; Mon, 16 Jan 2006 16:43:18 +0000 (GMT) (envelope-from jasone@freebsd.org) Received: by lh.synack.net (Postfix, from userid 100) id C93625E48DA; Mon, 16 Jan 2006 08:43:17 -0800 (PST) Received: from [192.168.168.203] (moscow-cuda-gen2-68-64-60-20.losaca.adelphia.net [68.64.60.20]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by lh.synack.net (Postfix) with ESMTP id 0D9325E48DA; Mon, 16 Jan 2006 08:43:15 -0800 (PST) In-Reply-To: <200601161150.k0GBoamk010563@locutus.newmillennium.net.au> References: <200601161150.k0GBoamk010563@locutus.newmillennium.net.au> Mime-Version: 1.0 (Apple Message framework v746.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <91B40C65-A11B-427E-B352-8B6EF8A55864@freebsd.org> Content-Transfer-Encoding: 7bit From: Jason Evans Date: Mon, 16 Jan 2006 08:43:13 -0800 To: X-Mailer: Apple Mail (2.746.2) X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on lh.synack.net X-Spam-Level: * X-Spam-Status: No, score=1.8 required=5.0 tests=RCVD_IN_NJABL_DUL, RCVD_IN_SORBS_DUL autolearn=no version=3.0.4 Cc: freebsd-current@FreeBSD.org Subject: Re: Malloc bugs exhibited in ports/mail/dovecot X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jan 2006 16:43:19 -0000 On Jan 16, 2006, at 3:50 AM, wrote: > I get core dumps in Dovecot under a recent -CURRENT, Using revision > 1.95 of > malloc.c: > > (gdb) bt > #0 0x0a250642 in arena_new (arena=0xa2d5140, malloced=false, > recursive=true) at /usr/src/lib/libc/stdlib/malloc.c:3520 > #1 0x0a2520a5 in malloc_init_hard () at > /usr/src/lib/libc/stdlib/malloc.c:4444 > #2 0x0a251b0e in malloc_init () at /usr/src/lib/libc/stdlib/ > malloc.c:4233 > #3 0x0a252222 in malloc (size=32784) at > /usr/src/lib/libc/stdlib/malloc.c:4528 > #4 0x0805352a in mem_block_alloc (min_size=32768) at data-stack.c:190 > #5 0x080538f5 in data_stack_init () at data-stack.c:360 > #6 0x080575cf in lib_init () at lib.c:24 > #7 0x0804d8f2 in main (argc=1, argv=0xbfbfecd4, envp=0x0) at > main.c:281 Are you sure that you were using revision 1.95 of malloc.c? The stacktrace looks more like it is from revsion 1.93. Can you try again with revision 1.95, please? Revisions 1.93 and 1.94 had a bug, in that they didn't check whether an allocation was successful in arena_new() before using memset() on the result. I wouldn't have expected the allocation to ever fail, but the stacktrace above indicates that dovecot probably crashed as a result of the bug. If you still have problems with revision 1.95, can you please provide details on how to reproduce the crash? Thanks, Jason