cyr_expire SIGSEGV

Wolfgang Breyha wbreyha at gmx.net
Tue Jan 23 07:44:47 EST 2007 

Hi again!

I compiled a cyr_expire with debug symbols... the backtrace looks like:
#0  process_records (mailbox=0xbfb1786c, newindex=0x9558f68,
    index_base=0xb66f9000 <Address 0xb66f9000 out of bounds>, exists=65,
    deleted=0x9559158, numdeleted=0xbfb14794, quotadeleted=0xbfb14768,
    numansweredflag=0xbfb14790, numdeletedflag=0xbfb1478c,
    numflaggedflag=0xbfb14788, newcache=0x9558e00,
    new_cache_total_size=0xbfb14780, expunge_fd=-1, last_offset=0,
    decideproc=0x804cc10 <expire_cb>, deciderock=0xbfb184e4, expunge_flags=2)
    at mailbox.c:1932
1932                    cacheitem = CACHE_ITEM_NEXT(cacheitem);
#1  0x080532d3 in mailbox_expunge (mailbox=0xbfb1786c, decideproc=0x804cc10
    <expire_cb>, deciderock=0xbfb184e4, flags=Variable "flags" is not
    available.) at mailbox.c:2308
#2  0x0804cb50 in expire (name=0xbfb17d9d "user.mxxxxxxxxxx.Trash",
    matchlen=22, maycreate=1, rock=0xbfb184e4) at cyr_expire.c:224
#3  0x0805aa15 in find_cb (rockp=0xbfb18070, key=0xb69881b4 <Address
    0xb69881b4 out of bounds>, keylen=22, data=0xb69881d0 <Address 0xb69881d0
    out of bounds>, datalen=34) at mboxlist.c:2035
#4  0x0808efce in myforeach (db=0x9558240, prefix=0xbfb180b2 "*", prefixlen=0,
    goodp=0x805b480 <find_p>, cb=0x805a880 <find_cb>, rock=0xbfb18070,
    tid=0x0) at cyrusdb_skiplist.c:989
#5  0x08058082 in mboxlist_findall (namespace=0x0, pattern=0xbfb18510 "*",
    isadmin=1, userid=0x0, auth_state=0x0, proc=0x804c7d0 <expire>,
    rock=0xbfb184e4) at mboxlist.c:2227
#6  0x0804cfa7 in main (argc=6, argv=Cannot access memory at address 0x4

It seems that cyr_expire only crashes on folders that where "touched" by
ipurge before.

I've
  purgetrash    cmd="ipurge -fX -d 31 user.*.Trash" at=0200
  purgejunk     cmd="ipurge -fX -d 60 user.*.Junk" at=0300
running before cyr_expire (at=0400)

Every time I look into a folder which causes cyr_expire to coredump I find eg ...
-rw------- 1 cyrus mail    4 Jan 23 02:00 cyrus.cache
-rw------- 1 cyrus mail  124 Jan 23 13:31 cyrus.cache.NEW
... a cyrus.cache.NEW file that is larger then the old one.

Putting a debug printf in the loop
            for (cache_ent = 0; cache_ent < NUM_CACHE_FIELDS; cache_ent++) {
                cacheitem = CACHE_ITEM_NEXT(cacheitem);
            }
... shows that cache_ent always is 0 if the crash occures, so it seems that
            cacheitembegin = cacheitem = mailbox->cache_base + cache_offset;
is invalid at that moment.

Regards, Wolfgang Breyha
-- 
Wolfgang Breyha <wbreyha at gmx.net> | http://www.blafasel.at/
Vienna University Computer Center | Austria

More information about the Info-cyrus mailing list