[Dovecot] Segfault in imap_bodystructure_write when searching

Sat May 31 22:36:38 EEST 2008

Whenever I try to search on my dovecot test install, dovecot dies. It 
immediately spawns a new process, which the client tries to connect to, and 
send search commands to, causing that to die, and so forth. This loop means I 
have to kill either the server or the client.

Running Dovecot 1.0.13 from/on Debian testing, rebuilt with vpopmail support 
and no other source changes. Vpopmail version is 5.4.25, latest stable.
Client is Mulberry 4.0.8, and the crash seems to occur whenever any type of 
search is performed, be it subject, sender, body etc. Otherwise the server 
behaves fine.

dovecot -n output:

# 1.0.13: /etc/dovecot/dovecot.conf
log_timestamp: %Y-%m-%d %H:%M:%S
listen: *:9000
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable: /usr/lib/dovecot/imap-login
login_greeting_capability: yes
login_max_processes_count: 256
first_valid_uid: 89
mail_location: maildir:~/Maildir
mail_debug: yes
dotlock_use_excl: yes
maildir_copy_with_hardlinks: yes
maildir_copy_preserve_filename: yes
mail_drop_priv_before_exec: yes
mail_plugins: quota imap_quota
imap_client_workarounds: outlook-idle delay-newmail
auth default:
  user: vpopmail
  verbose: yes
  passdb:
    driver: vpopmail
  userdb:
    driver: vpopmail
plugin:
  quota: maildir

Anonymized log excerpt:

May 31 21:01:24 betty dovecot: imap-login: Login: user=<foo at bar.com>, 
method=PLAIN, rip=1.2.3.4, lip=4.3.2.1
May 31 21:01:24 betty dovecot: child 21748 (imap) killed with signal 11
May 31 21:01:24 betty dovecot: imap-login: Login: user=<foo at bar.com>, 
method=PLAIN, rip=1.2.3.4, lip=4.3.2.1
May 31 21:01:24 betty dovecot: child 21752 (imap) killed with signal 11
May 31 21:01:24 betty dovecot: imap-login: Login: user=<foo at bar.com>, 
method=PLAIN, rip=1.2.3.4, lip=4.3.2.1
May 31 21:01:25 betty dovecot: child 21753 (imap) killed with signal 11
May 31 21:01:25 betty dovecot: imap-login: Login: user=<foo at bar.com>, 
method=PLAIN, rip=1.2.3.4, lip=4.3.2.1
May 31 21:01:25 betty dovecot: child 21759 (imap) killed with signal 11
May 31 21:01:25 betty dovecot: imap-login: Login: user=<foo at bar.com>, 
method=PLAIN, rip=1.2.3.4, lip=4.3.2.1
May 31 21:01:25 betty dovecot: child 21774 (imap) killed with signal 11
May 31 21:01:25 betty dovecot: imap-login: Login: user=<foo at bar.com>, 
method=PLAIN, rip=1.2.3.4, lip=4.3.2.1
May 31 21:01:25 betty dovecot: child 21775 (imap) killed with signal 11
May 31 21:01:25 betty dovecot: imap-login: Login: user=<foo at bar.com>, 
method=PLAIN, rip=1.2.3.4, lip=4.3.2.1
May 31 21:01:25 betty dovecot: child 21776 (imap) killed with signal 11
...

Backtrace:

betty - ~vpopmail/domains/bar.com/foo # gdb /usr/lib/dovecot/imap core
GNU gdb 6.7.1-debian
Copyright (C) 2007 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
(no debugging symbols found)
Using host libthread_db library "/lib/i686/cmov/libthread_db.so.1".
warning: Can't read pathname for load map: Input/output error.
Reading symbols from /lib/i686/cmov/libdl.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /lib/i686/cmov/libdl.so.2
Reading symbols from /lib/i686/cmov/libc.so.6...(no debugging symbols 
found)...done.
Loaded symbols for /lib/i686/cmov/libc.so.6
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from 
/usr/lib/dovecot/modules/imap/lib10_quota_plugin.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib/dovecot/modules/imap/lib10_quota_plugin.so
Reading symbols from 
/usr/lib/dovecot/modules/imap/lib11_imap_quota_plugin.so...
(no debugging symbols found)...done.
Loaded symbols for /usr/lib/dovecot/modules/imap/lib11_imap_quota_plugin.so
Reading symbols from /usr/lib/gconv/ISO8859-1.so...(no debugging symbols 
found)...done.
Loaded symbols for /usr/lib/gconv/ISO8859-1.so
(no debugging symbols found)
Core was generated by `imap'.
Program terminated with signal 11, Segmentation fault.
#0  0x080a539d in imap_bodystructure_write ()
(gdb) bt full
#0  0x080a539d in imap_bodystructure_write ()
No symbol table info available.
#1  0x08083b5c in ?? ()
No symbol table info available.
#2  0x080fa698 in ?? ()
No symbol table info available.
#3  0x080fae60 in ?? ()
No symbol table info available.
#4  0x00000001 in ?? ()
No symbol table info available.
#5  0x080fa660 in ?? ()
No symbol table info available.
#6  0x080fae40 in ?? ()
No symbol table info available.
#7  0x080fae40 in ?? ()
No symbol table info available.
#8  0xbfc90328 in ?? ()
No symbol table info available.
#9  0x080b0520 in _buffer_free ()
No symbol table info available.
#10 0x08083f64 in index_mail_get_special ()
No symbol table info available.
#11 0x080703f4 in ?? ()
No symbol table info available.
#12 0x080f8c08 in ?? ()
No symbol table info available.
#13 0x00002000 in ?? ()
No symbol table info available.
#14 0x00000001 in ?? ()
No symbol table info available.
#15 0x080bc105 in o_stream_send_str ()
No symbol table info available.
#16 0x0805f26e in ?? ()
No symbol table info available.
#17 0x080f8c08 in ?? ()
No symbol table info available.
#18 0x00002000 in ?? ()
No symbol table info available.
#19 0x00000001 in ?? ()
No symbol table info available.
#20 0x00000000 in ?? ()

Any help would be greatly appreciated.

-- 
  -==-                  -=-                  -==-
   Christer Mjellem Strand               yitzhaq
   System administrator             ICQ: 9557698
   GSM +47 922 000 12     JID: yitzhaq at jabber.no
  -==-                  -=-                  -==-