Christer Mjellem Strand
2008-May-31 19:36 UTC
[Dovecot] Segfault in imap_bodystructure_write when searching
Whenever I try to search on my dovecot test install, dovecot dies. It
immediately spawns a new process, which the client tries to connect to, and
send search commands to, causing that to die, and so forth. This loop means I
have to kill either the server or the client.
Running Dovecot 1.0.13 from/on Debian testing, rebuilt with vpopmail support
and no other source changes. Vpopmail version is 5.4.25, latest stable.
Client is Mulberry 4.0.8, and the crash seems to occur whenever any type of
search is performed, be it subject, sender, body etc. Otherwise the server
behaves fine.
dovecot -n output:
# 1.0.13: /etc/dovecot/dovecot.conf
log_timestamp: %Y-%m-%d %H:%M:%S
listen: *:9000
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable: /usr/lib/dovecot/imap-login
login_greeting_capability: yes
login_max_processes_count: 256
first_valid_uid: 89
mail_location: maildir:~/Maildir
mail_debug: yes
dotlock_use_excl: yes
maildir_copy_with_hardlinks: yes
maildir_copy_preserve_filename: yes
mail_drop_priv_before_exec: yes
mail_plugins: quota imap_quota
imap_client_workarounds: outlook-idle delay-newmail
auth default:
user: vpopmail
verbose: yes
passdb:
driver: vpopmail
userdb:
driver: vpopmail
plugin:
quota: maildir
Anonymized log excerpt:
May 31 21:01:24 betty dovecot: imap-login: Login: user=<foo at bar.com>,
method=PLAIN, rip=1.2.3.4, lip=4.3.2.1
May 31 21:01:24 betty dovecot: child 21748 (imap) killed with signal 11
May 31 21:01:24 betty dovecot: imap-login: Login: user=<foo at bar.com>,
method=PLAIN, rip=1.2.3.4, lip=4.3.2.1
May 31 21:01:24 betty dovecot: child 21752 (imap) killed with signal 11
May 31 21:01:24 betty dovecot: imap-login: Login: user=<foo at bar.com>,
method=PLAIN, rip=1.2.3.4, lip=4.3.2.1
May 31 21:01:25 betty dovecot: child 21753 (imap) killed with signal 11
May 31 21:01:25 betty dovecot: imap-login: Login: user=<foo at bar.com>,
method=PLAIN, rip=1.2.3.4, lip=4.3.2.1
May 31 21:01:25 betty dovecot: child 21759 (imap) killed with signal 11
May 31 21:01:25 betty dovecot: imap-login: Login: user=<foo at bar.com>,
method=PLAIN, rip=1.2.3.4, lip=4.3.2.1
May 31 21:01:25 betty dovecot: child 21774 (imap) killed with signal 11
May 31 21:01:25 betty dovecot: imap-login: Login: user=<foo at bar.com>,
method=PLAIN, rip=1.2.3.4, lip=4.3.2.1
May 31 21:01:25 betty dovecot: child 21775 (imap) killed with signal 11
May 31 21:01:25 betty dovecot: imap-login: Login: user=<foo at bar.com>,
method=PLAIN, rip=1.2.3.4, lip=4.3.2.1
May 31 21:01:25 betty dovecot: child 21776 (imap) killed with signal 11
...
Backtrace:
betty - ~vpopmail/domains/bar.com/foo # gdb /usr/lib/dovecot/imap core
GNU gdb 6.7.1-debian
Copyright (C) 2007 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show
copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
(no debugging symbols found)
Using host libthread_db library "/lib/i686/cmov/libthread_db.so.1".
warning: Can't read pathname for load map: Input/output error.
Reading symbols from /lib/i686/cmov/libdl.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib/i686/cmov/libdl.so.2
Reading symbols from /lib/i686/cmov/libc.so.6...(no debugging symbols
found)...done.
Loaded symbols for /lib/i686/cmov/libc.so.6
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from
/usr/lib/dovecot/modules/imap/lib10_quota_plugin.so...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/dovecot/modules/imap/lib10_quota_plugin.so
Reading symbols from
/usr/lib/dovecot/modules/imap/lib11_imap_quota_plugin.so...
(no debugging symbols found)...done.
Loaded symbols for /usr/lib/dovecot/modules/imap/lib11_imap_quota_plugin.so
Reading symbols from /usr/lib/gconv/ISO8859-1.so...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/gconv/ISO8859-1.so
(no debugging symbols found)
Core was generated by `imap'.
Program terminated with signal 11, Segmentation fault.
#0 0x080a539d in imap_bodystructure_write ()
(gdb) bt full
#0 0x080a539d in imap_bodystructure_write ()
No symbol table info available.
#1 0x08083b5c in ?? ()
No symbol table info available.
#2 0x080fa698 in ?? ()
No symbol table info available.
#3 0x080fae60 in ?? ()
No symbol table info available.
#4 0x00000001 in ?? ()
No symbol table info available.
#5 0x080fa660 in ?? ()
No symbol table info available.
#6 0x080fae40 in ?? ()
No symbol table info available.
#7 0x080fae40 in ?? ()
No symbol table info available.
#8 0xbfc90328 in ?? ()
No symbol table info available.
#9 0x080b0520 in _buffer_free ()
No symbol table info available.
#10 0x08083f64 in index_mail_get_special ()
No symbol table info available.
#11 0x080703f4 in ?? ()
No symbol table info available.
#12 0x080f8c08 in ?? ()
No symbol table info available.
#13 0x00002000 in ?? ()
No symbol table info available.
#14 0x00000001 in ?? ()
No symbol table info available.
#15 0x080bc105 in o_stream_send_str ()
No symbol table info available.
#16 0x0805f26e in ?? ()
No symbol table info available.
#17 0x080f8c08 in ?? ()
No symbol table info available.
#18 0x00002000 in ?? ()
No symbol table info available.
#19 0x00000001 in ?? ()
No symbol table info available.
#20 0x00000000 in ?? ()
Any help would be greatly appreciated.
--
-==- -=- -==-
Christer Mjellem Strand yitzhaq
System administrator ICQ: 9557698
GSM +47 922 000 12 JID: yitzhaq at jabber.no
-==- -=- -==-
Timo Sirainen
2008-Jun-01 11:48 UTC
[Dovecot] Segfault in imap_bodystructure_write when searching
On Sat, 2008-05-31 at 21:36 +0200, Christer Mjellem Strand wrote:> Whenever I try to search on my dovecot test install, dovecot dies. It > immediately spawns a new process, which the client tries to connect to, and > send search commands to, causing that to die, and so forth. This loop means I > have to kill either the server or the client.Your dovecot.index.cache file is probably broken somehow. Try moving dovecot.index* files elsewhere and see if it works then? If it does and dovecot.index.cache doesn't contain anything too sensitive (subjects/from/to addresses), could you send me the dovecot.index* files? If it crashes even without dovecot.index* files then the mails themselves contain a broken message. It would help if I could get that message.> betty - ~vpopmail/domains/bar.com/foo # gdb /usr/lib/dovecot/imap core..> (no debugging symbols found) > Core was generated by `imap'. > Program terminated with signal 11, Segmentation fault. > #0 0x080a539d in imap_bodystructure_write () > (gdb) bt full > #0 0x080a539d in imap_bodystructure_write () > No symbol table info available. > #1 0x08083b5c in ?? ()Unfortunately this backtrace is almost completely broken and it doesn't really help.. You also could try compiling Dovecot itself with debug symbols and getting backtrace from it. That'd probably work. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20080601/bf8efee1/attachment-0002.bin>
Christer Mjellem Strand
2008-Jun-01 14:47 UTC
[Dovecot] Segfault in imap_bodystructure_write when searching
>> Whenever I try to search on my dovecot test install, dovecot dies. It >> immediately spawns a new process, which the client tries to connect to, >> and send search commands to, causing that to die, and so forth. This loop >> means I have to kill either the server or the client. > > Your dovecot.index.cache file is probably broken somehow. Try moving > dovecot.index* files elsewhere and see if it works then? If it does and > dovecot.index.cache doesn't contain anything too sensitive > (subjects/from/to addresses), could you send me the dovecot.index* > files? > > If it crashes even without dovecot.index* files then the mails > themselves contain a broken message. It would help if I could get that > message.Bullseye. Why did I fail to mention that I was trying to use uiddb from Courier? :P Using your conversion script fixed it, but simply copying the Courier file crashed Dovecot. According to http://wiki.dovecot.org/Migration/Courier this is supposed to work though, so either that page is wrong, or Dovecot has a bug.>> betty - ~vpopmail/domains/bar.com/foo # gdb /usr/lib/dovecot/imap core > .. >> (no debugging symbols found) >> Core was generated by `imap'. >> Program terminated with signal 11, Segmentation fault. >> #0 0x080a539d in imap_bodystructure_write () >> (gdb) bt full >> #0 0x080a539d in imap_bodystructure_write () >> No symbol table info available. >> #1 0x08083b5c in ?? () > > Unfortunately this backtrace is almost completely broken and it doesn't > really help.. You also could try compiling Dovecot itself with debug > symbols and getting backtrace from it. That'd probably work.I tried reproducing now, but it seems it's started working even when moving all dovecot files and copying courierimapuiddb to dovecot-uidlist. If I see it again I'll send you a copy of the file offlist. Thanks. -- -==- -=- -==- Christer Mjellem Strand yitzhaq System administrator ICQ: 9557698 GSM +47 922 000 12 JID: yitzhaq at jabber.no -==- -=- -==-