Hi, A commit has just been fixed (ramqueue.c, rev 1.19; runner.c, rev.118; smtpd.h, rev 1.239)
Thanks for reporting ! Gilles On Wed, Aug 31, 2011 at 01:24:14PM -0700, [email protected] wrote: > >Synopsis: intermittent double free in smtpd > >Category: system > >Environment: > System : OpenBSD 5.0 > Details : OpenBSD 5.0-current (GENERIC) #6: Tue Aug 23 09:39:23 PDT > 2011 > > [email protected]:/usr/src/sys/arch/i386/compile/GENERIC > > Architecture: OpenBSD.i386 > Machine : i386 > >Description: > I run smtpd -vd and occasionally get the following error, upon which smtpd > halts: > smtpd in realloc(): error: chunk is already free 0x81c24200 > > An example output from smtpd -vd is below: > smtp_new: incoming client on listener: 0x8928f800 > session_pickup: greeting client > command: EHLO args: shear.ucar.edu > command: MAIL From args: <[email protected]> SIZE=3182 > session_rfc5321_mail_handler: sending notification to mfa > smtp: got imsg_mfa_mail/rcpt > smtp: imsg_queue_create_message returned > command: RCPT To args: <[email protected]> > aliases_exist: 'aiden' exists with 1 expansion nodes > aliases_get: returned 1 aliases > lka_resolve_node: node is local username: irene > smtp: got imsg_queue_commit_envelopes > command: DATA args: (null) > smtp: imsg_queue_message_file returned > smtpd in realloc(): error: chunk is already free 0x81c24200 > smtp: got imsg_queue_commit_message > control process exiting > lost child: runner terminated; signal 6 > mail delivery agent exiting > queue handler exiting > cb7a2f95: from=<[email protected]>, size=3382, nrcpts=1, > proto=ESMTP, relay=lists.openbsd.org [192.43.244.163] > mail filter exiting > lookup agent exiting > mail transfer agent exiting > smtp server exiting > parent terminating > > >How-To-Repeat: > This error is intermittent -- this does not happen on every email > processed. > >Fix: > not known > > > dmesg: > OpenBSD 5.0-current (GENERIC) #6: Tue Aug 23 09:39:23 PDT 2011 > [email protected]:/usr/src/sys/arch/i386/compile/GENERIC > cpu0: Intel(R) Pentium(R) 4 CPU 2.26GHz ("GenuineIntel" 686-class) 2.28 GHz > cpu0: > FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR > real mem = 2138570752 (2039MB) > avail mem = 2093527040 (1996MB) > mainbus0 at root > bios0 at mainbus0: AT/286+ BIOS, date 08/06/04, BIOS32 rev. 0 @ 0xfa170, > SMBIOS rev. 2.3 @ 0xf0100 (33 entries) > bios0: vendor Award Software International, Inc. version "F5" date 08/06/2004 > bios0: Gigabyte Technology Co., Ltd. 8I845GVMRZ > acpi0 at bios0: rev 0 > acpi0: sleep states S0 S1 S4 S5 > acpi0: tables DSDT FACP APIC > acpi0: wakeup devices SLPB(S5) HUB0(S4) USB0(S1) USB1(S1) USB2(S1) USBE(S1) > PCI0(S4) > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: apic clock running at 133MHz > ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 24 pins > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus 1 (HUB0) > acpicpu0 at acpi0 > acpibtn0 at acpi0: PWRB > acpibtn1 at acpi0: SLPB > bios0: ROM list: 0xc0000/0xb200! 0xcc000/0x1000 > pci0 at mainbus0 bus 0: configuration mode 1 (bios) > pchb0 at pci0 dev 0 function 0 "Intel 82845G Host" rev 0x03 > vga1 at pci0 dev 2 function 0 "Intel 82845G Video" rev 0x03 > wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) > wsdisplay0: screen 1-5 added (80x25, vt100 emulation) > intagp0 at vga1 > agp0 at intagp0: aperture at 0xe0000000, size 0x8000000 > inteldrm0 at vga1: apic 2 int 16 > drm0 at inteldrm0 > ppb0 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x82 > pci1 at ppb0 bus 1 > em0 at pci1 dev 1 function 0 "Intel PRO/1000GT (82541GI)" rev 0x05: apic 2 > int 21, address 00:1b:21:88:f6:1b > ichpcib0 at pci0 dev 31 function 0 "Intel 82801DB LPC" rev 0x02 > pciide0 at pci0 dev 31 function 1 "Intel 82801DB IDE" rev 0x02: DMA, channel > 0 configured to compatibility, channel 1 configured to compatibility > wd0 at pciide0 channel 0 drive 0: <ST3160021A> > wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors > wd1 at pciide0 channel 0 drive 1: <ST3750640A> > wd1: 16-sector PIO, LBA48, 715404MB, 1465149168 sectors > wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 > wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 5 > pciide0: channel 1 disabled (no drives) > ichiic0 at pci0 dev 31 function 3 "Intel 82801DB SMBus" rev 0x02: apic 2 int > 17 > iic0 at ichiic0 > spdmem0 at iic0 addr 0x50: 1GB DDR SDRAM non-parity PC3200CL3.0 > spdmem1 at iic0 addr 0x51: 1GB DDR SDRAM non-parity PC3200CL3.0 > isa0 at ichpcib0 > isadma0 at isa0 > pckbc0 at isa0 port 0x60/5 > pckbd0 at pckbc0 (kbd slot) > pckbc0: using irq 1 for kbd slot > wskbd0 at pckbd0: console keyboard, using wsdisplay0 > pcppi0 at isa0 port 0x61 > spkr0 at pcppi0 > it0 at isa0 port 0x2e/2: IT8712F rev 5, EC port 0x290 > npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 > mtrr: Pentium Pro MTRR support > vscsi0 at root > scsibus0 at vscsi0: 256 targets > softraid0 at root > scsibus1 at softraid0: 256 targets > root on wd0a swap on wd0b dump on wd0b > > usbdevs: > usbdevs: no USB controllers found > > smtpd.conf: > listen on lo0 > listen on em0 > map "aliases" { source db "/etc/mail/aliases.db" } > accept from all for domain "purplesmoke.org" alias aliases deliver to mda > "procmail -f -" > accept from all for domain "sullivan.in" alias aliases deliver to mda > "procmail -f -" > accept from all for local alias aliases deliver to mda "procmail -f -" > accept from local for all relay > -- Gilles Chehade http://www.poolp.org/ http://u.poolp.org/~gilles/
