[Dovecot] Lazyexpunge and Segmentation fault

mailing at securitylabs.it mailing at securitylabs.it
Thu Dec 10 12:55:02 EET 2009 

On 09/12/2009 21:03, Timo Sirainen wrote:
> You still happen to have the core file? I'd like to know a few more
> things:
>
>    
>> #0  lazy_expunge_mail_expunge (_mail=0x9907ae8) at lazy-expunge-plugin.c:116
>> 116                     lt->expunge_box =
>>      
> p *lt
> p *deststorage
> p *_mail
> p *_mail.box
>
> Anyway there's something weird going on there. It shouldn't crash on
> that line. So either gcc optimizations confused gdb and it's actually
> crashing elsewhere (recompiling+reinstalling the plugin without -O2
> parameter would help with this),
>    
Hello, I've recompiled dovecot with -O0 and here a new backtrace:

GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...

warning: Can't read pathname for load map: Input/output error.
Reading symbols from /lib/i686/nosegneg/libdl.so.2...done.
Loaded symbols for /lib/i686/nosegneg/libdl.so.2
Reading symbols from /lib/i686/nosegneg/librt.so.1...done.
Loaded symbols for /lib/i686/nosegneg/librt.so.1
Reading symbols from /lib/i686/nosegneg/libc.so.6...done.
Loaded symbols for /lib/i686/nosegneg/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/i686/nosegneg/libpthread.so.0...done.
Loaded symbols for /lib/i686/nosegneg/libpthread.so.0
Reading symbols from 
/usr/local/lib/dovecot/imap/lib02_lazy_expunge_plugin.so...done.
Loaded symbols for /usr/local/lib/dovecot/imap/lib02_lazy_expunge_plugin.so
Reading symbols from 
/usr/local/lib/dovecot/imap/lib10_quota_plugin.so...done.
Loaded symbols for /usr/local/lib/dovecot/imap/lib10_quota_plugin.so
Reading symbols from 
/usr/local/lib/dovecot/imap/lib11_imap_quota_plugin.so...done.
Loaded symbols for /usr/local/lib/dovecot/imap/lib11_imap_quota_plugin.so
Reading symbols from 
/usr/local/lib/dovecot/imap/lib20_mail_log_plugin.so...done.
Loaded symbols for /usr/local/lib/dovecot/imap/lib20_mail_log_plugin.so
Core was generated by `imap'.
Program terminated with signal 11, Segmentation fault.
[New process 14769]
#0  0xb7fb45c9 in lazy_expunge_mail_expunge (_mail=0x844df58) at 
lazy-expunge-plugin.c:115
115                     deststorage = 
luser->lazy_ns[LAZY_NAMESPACE_EXPUNGE]->storage;
(gdb) bt full
#0  0xb7fb45c9 in lazy_expunge_mail_expunge (_mail=0x844df58) at 
lazy-expunge-plugin.c:115
         luser = (struct lazy_expunge_mail_user *) 0x841c060
         lt = (struct lazy_expunge_transaction *) 0x844de28
         deststorage = (struct mail_storage *) 0x844de40
#1  0x080c658f in mail_expunge (mail=0x844df58) at mail.c:207
         p = (struct mail_private *) 0x844df58
#2  0x0806c294 in imap_expunge (box=0x8423538, next_search_arg=0x0) at 
imap-expunge.c:35
         ctx = (struct mail_search_context *) 0x844de40
         t = (struct mailbox_transaction_context *) 0x844ca58
         mail = (struct mail *) 0x844df58
         search_args = (struct mail_search_args *) 0x0
         expunges = false
#3  0x0806267e in cmd_expunge_finish (cmd=0x841e4d0, search_args=0x0) at 
cmd-expunge.c:27
         client = (struct client *) 0x841e250
#4  0x0806283f in cmd_expunge (cmd=0x841e4d0) at cmd-expunge.c:78
No locals.
#5  0x0806a3c7 in client_command_input (cmd=0x841e4d0) at client.c:612
         client = (struct client *) 0x841e250
         command = (struct command *) 0x2
         __PRETTY_FUNCTION__ = "client_command_input"
#6  0x0806a5f3 in client_command_input (cmd=0x841e4d0) at client.c:661
         client = (struct client *) 0x841e250
         command = (struct command *) 0x841a6a0
         __PRETTY_FUNCTION__ = "client_command_input"
#7  0x0806a6fe in client_handle_next_command (client=0x841e250, 
remove_io_r=0xbfb94035) at client.c:702
         size = 11
#8  0x0806a783 in client_handle_input (client=0x841e250) at client.c:714
         _data_stack_cur_id = 3
         ret = 65
         remove_io = false
         handled_commands = false
         __PRETTY_FUNCTION__ = "client_handle_input"
#9  0x0806a8e1 in client_input (client=0x841e250) at client.c:753
         cmd = (struct client_command_context *) 0xb7f2af78
         output = (struct ostream *) 0x841e404
         bytes = 11
         __PRETTY_FUNCTION__ = "client_input"
#10 0x08124721 in io_loop_handler_run (ioloop=0x84199b0) at 
ioloop-epoll.c:208
         ctx = (struct ioloop_handler_context *) 0x8419ab8
         events = (struct epoll_event *) 0x8419af8
         event = (const struct epoll_event *) 0x8419af8
         list = (struct io_list *) 0x841c228
         io = (struct io_file *) 0x841e460
         tv = {tv_sec = 1799, tv_usec = 999144}
         events_count = 3
         t_id = 2
         msecs = 1800000
         ret = 1
         i = 0
         j = 0
         call = true
#11 0x081239d8 in io_loop_run (ioloop=0x84199b0) at ioloop.c:335
No locals.
#12 0x08075b16 in main (argc=1, argv=0xbfb94194, envp=0xbfb9419c) at 
main.c:327
No locals.

>or there is some memory corruption
>which is probably going to be tricky to find without valgrind.

That's a virtual machine inside Xen, may be a problem?

Thanks for your support, Igor

More information about the dovecot mailing list