imap segfault in libc.so with CLucene FTS backend enabled
Alexander Miroshnichenko
alex at millerson.name
Fri Mar 8 16:00:26 EET 2019
Steps to reproduce:
- Enable CLucene FTS in Dovecot;
- Open mailbox with MUA;
- Search for message with any text;
- IMAP session crash.
OS: Gentoo Base System release 2.6
Version:
FTS: dev-cpp/clucene-2.3.3.4-r6
IMAP: net-mail/dovecot-2.3.2.1
LIBC: sys-libs/musl-1.1.21
Dovecot FTS config:
plugin {
fts = lucene
fts_lucene = whitespace_chars=@. normalize no_snowball
fts_autoindex=yes
fts_autoindex_max_recent_msgs=80
fts_index_timeout=90
}
dmesg:
[260150.192294] imap[18221]: segfault at 6578772cca98 ip 000063e7f1b10397
sp 00007945d5822970 error 6 in libc.so[63e7f1ae8000+a4000]
[260150.192316] Code: 0f 84 44 02 00 00 48 39 ca 0f 84 62 02 00 00 48 8b 43
08 48 89 4a 10 48 89 51 18 48 89 c2 48 83 e0 fe 48 83 ca 01 48 89 53 08
<48> 83 0c 03 01 41 8b 07 48 8d 6b 10 85 c0 0f 84 68 ff ff ff 31 c0
bt full:
Core was generated by `dovecot/imap'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 unbin (i=0, c=0x1908553de10) at src/malloc/malloc.c:195
195 src/malloc/malloc.c: No such file or directory.
(gdb) bt full
#0 unbin (i=0, c=0x1908553de10) at src/malloc/malloc.c:195
No locals.
#1 malloc (n=<optimized out>, n at entry=4) at src/malloc/malloc.c:320
mask = <optimized out>
c = 0x1908553de10
i = 0
j = 0
#2 0x000063e7f1b4984f in wcsdup (s=0x63e7ed7d0c58 L"") at
src/string/wcsdup.c:7
l = 0
d = <optimized out>
#3 0x000063e7eda98308 in lucene::index::Term::Term (this=0x1908553df80) at
/var/tmp/portage/dev-cpp/clucene-2.3.3.4-r6/work/clucene-core-2.3.3.4/src/core/CLucene/index/Term.cpp:26
No locals.
#4 0x000063e7edad5f25 in
lucene::index::SegmentTermEnum::readTerm(lucene::index::Term*) () at
/var/tmp/portage/dev-cpp/clucene-2.3.3.4-r6/work/clucene-core-2.3.3.4/src/core/CLucene/index/SegmentTermEnum.cpp:351
start = 1
length = 4
totalLength = 5
field = <optimized out>
fieldname = 0x1908553d180 L"\142\157\144\171"
#5 0x000063e7edad5f7c in lucene::index::SegmentTermEnum::next
(this=0x19085524460) at
/var/tmp/portage/dev-cpp/clucene-2.3.3.4-r6/work/clucene-core-2.3.3.4/src/core/CLucene/index/SegmentTermEnum.cpp:180
tmp = <optimized out>
this = 0x19085524460
tmp = <optimized out>
tmp = <optimized out>
#6 0x000063e7edad5be9 in lucene::index::SegmentTermEnum::scanTo
(this=this at entry=0x19085524460, term=term at entry=0x7945d5822dc0)
at
/var/tmp/portage/dev-cpp/clucene-2.3.3.4-r6/work/clucene-core-2.3.3.4/src/core/CLucene/index/SegmentTermEnum.cpp:218
No locals.
#7 0x000063e7edad959c in lucene::index::TermInfosReader::scanEnum
(this=<optimized out>, term=term at entry=0x7945d5822dc0)
at
/var/tmp/portage/dev-cpp/clucene-2.3.3.4-r6/work/clucene-core-2.3.3.4/src/core/CLucene/index/TermInfosReader.cpp:422
enumerator = 0x19085524460
#8 0x000063e7edad96a4 in lucene::index::TermInfosReader::get
(this=<optimized out>, term=term at entry=0x7945d5822dc0) at
/var/tmp/portage/dev-cpp/clucene-2.3.3.4-r6/work/clucene-core-2.3.3.4/src/core/CLucene/index/TermInfosReader.cpp:246
enumerator = <optimized out>
#9 0x000063e7edab9071 in lucene::index::SegmentReader::docFreq
(this=0x19085500ae0, t=0x7945d5822dc0) at
/var/tmp/portage/dev-cpp/clucene-2.3.3.4-r6/work/clucene-core-2.3.3.4/src/core/CLucene/index/SegmentReader.cpp:518
ti = <optimized out>
#10 0x000063e7edae2620 in lucene::search::Similarity::idf
(this=0x19085526e60, term=0x7945d5822dc0, searcher=0x190855007a0)
at
/var/tmp/portage/dev-cpp/clucene-2.3.3.4-r6/work/clucene-core-2.3.3.4/src/core/CLucene/search/Similarity.cpp:184
No locals.
#11 0x000063e7edaeda51 in
lucene::search::TermWeight::TermWeight(lucene::search::Searcher*,
lucene::search::TermQuery*, lucene::index::Term*) ()
at
/var/tmp/portage/dev-cpp/clucene-2.3.3.4-r6/work/clucene-core-2.3.3.4/src/core/CLucene/search/TermQuery.cpp:117
No locals.
#12 0x000063e7edaeda99 in
lucene::search::TermQuery::_createWeight(lucene::search::Searcher*) () at
/var/tmp/portage/dev-cpp/clucene-2.3.3.4-r6/work/clucene-core-2.3.3.4/src/core/CLucene/search/TermQuery.cpp:240
No locals.
#13 0x000063e7edafa2dc in
lucene::search::BooleanWeight::BooleanWeight(lucene::search::Searcher*,
lucene::util::CLVector<lucene::search::BooleanClause*,
lucene::util::Deletor::Object<lucene::search::BooleanClause> >*,
lucene::search::BooleanQuery*) () at
/usr/lib/gcc/x86_64-gentoo-linux-musl/8.2.0/include/g++-v8/bits/stl_vector.h:930
i = 1
i = <optimized out>
#14 0x000063e7edafa351 in
lucene::search::BooleanQuery::_createWeight(lucene::search::Searcher*) ()
at
/var/tmp/portage/dev-cpp/clucene-2.3.3.4-r6/work/clucene-core-2.3.3.4/src/core/CLucene/search/BooleanQuery.cpp:66
No locals.
#15 0x000063e7edaef926 in lucene::search::Query::weight
(this=this at entry=0x7945d5822da0, searcher=searcher at entry=0x190855007a0)
at
/var/tmp/portage/dev-cpp/clucene-2.3.3.4-r6/work/clucene-core-2.3.3.4/src/core/CLucene/search/SearchHeader.cpp:121
query = <optimized out>
weight = <optimized out>
sum = <optimized out>
norm = <optimized out>
#16 0x000063e7edaf0cd7 in
lucene::search::IndexSearcher::_search(lucene::search::Query*,
lucene::search::Filter*, int) ()
at
/var/tmp/portage/dev-cpp/clucene-2.3.3.4-r6/work/clucene-core-2.3.3.4/src/core/CLucene/search/IndexSearcher.cpp:222
weight = <optimized out>
scorer = <optimized out>
bits = <optimized out>
hq = <optimized out>
totalHits = <optimized out>
hitCol = {<lucene::search::HitCollector> =
{<lucene::debug::LuceneVoidBase> = {_vptr.LuceneVoidBase = 0x2}, <No data
fields>}, minScore = -1.75304399e+30, bits = 0x30, hq = 0xffffffffffffffff,
nDocs = 40,
totalHits = 0x63e7eda6f2cc
<lucene::util::Compare::WChar::operator()(wchar_t const*, wchar_t const*)
const+20>}
scoreDocsLength = <optimized out>
scoreDocs = <optimized out>
totalHitsInt = <optimized out>
wq = <optimized out>
#17 0x000063e7edaf4344 in lucene::search::Hits::getMoreDocs(unsigned long)
() at
/var/tmp/portage/dev-cpp/clucene-2.3.3.4-r6/work/clucene-core-2.3.3.4/src/core/CLucene/search/Hits.cpp:120
_min = <optimized out>
n = <optimized out>
topDocs = 0x0
scoreDocs = <optimized out>
scoreDocsLength = <optimized out>
scoreNorm = <optimized out>
---Type <return> to continue, or q <return> to quit---
#18 0x000063e7edaf443e in lucene::search::Hits::Hits (this=0x1908553a1a0,
s=0x190855007a0, q=<optimized out>, f=<optimized out>, _sort=<optimized
out>)
at
/var/tmp/portage/dev-cpp/clucene-2.3.3.4-r6/work/clucene-core-2.3.3.4/src/core/CLucene/search/Hits.cpp:60
No locals.
#19 0x000063e7edaef7fc in
lucene::search::Searcher::search(lucene::search::Query*,
lucene::search::Filter*) () at
/var/tmp/portage/dev-cpp/clucene-2.3.3.4-r6/work/clucene-core-2.3.3.4/src/core/CLucene/search/SearchHeader.cpp:188
No locals.
#20 0x000063e7edd7edf0 in lucene_index_search(lucene_index*,
array__lucene_query&, fts_result*, array__seq_range*) () at
lucene-wrapper.cc:1361
hits = <optimized out>
last_uid = <optimized out>
score = <optimized out>
ret = 0
query = {<lucene::search::Query> = {<lucene::util::NamedObject> =
{_vptr.NamedObject = 0x63e7edd6e970 <vtable for
lucene::search::BooleanQuery+16>}, boost = 1}, clauses = 0x190855007e0,
static maxClauseCount = 1024,
static allowDocsOutOfOrder = false, disableCoord = false,
minNrShouldMatch = 0}
mailbox_term = {<lucene::debug::LuceneBase> = {_vptr.LuceneBase =
0x63e7edd68e80 <vtable for lucene::index::Term+16>, __cl_refcount = 2},
cachedHashCode = 0, _field = 0x190854bd7c0 L"\142\157\170",
_text = 0x1908553a0a0
L"\142\146\064\141\067\066\061\060\146\062\070\143\063\142\065\143\066\145\060\062\060\060\060\060\065\143\146\143\061\141\061\064",
textLenBuf = 32, textLen = 32, internF = true}
mailbox_query = {<lucene::search::Query> =
{<lucene::util::NamedObject> = {_vptr.NamedObject = 0x63e7edd6d918 <vtable
for lucene::search::TermQuery+16>}, boost = 1}, term = 0x7945d5822dc0}
#21 0x000063e7edd7ff54 in lucene_index_lookup (index=0x190854ee8e0,
args=args at entry=0x1908553b468, flags=flags at entry=(unknown: 0),
result=result at entry=0x7945d5823000) at lucene-wrapper.cc:1421
uids_arr = <optimized out>
arg = 0x0
def_queries = {arr = {buffer = 0x190854b2438, element_size = 16}, v
= 0x190854b2438, v_modifiable = 0x190854b2438}
have_definites = true
maybe_queries = {arr = {buffer = 0xc, element_size =
18446744073709551612}, v = 0xc, v_modifiable = 0xc}
have_maybies = <optimized out>
#22 0x000063e7edd7c0d4 in fts_backend_lucene_lookup () at
fts-backend-lucene.c:489
_data_stack_cur_id = 5
backend = 0x190854ee780
ret = <optimized out>
#23 0x000063e7f09a85dd in fts_backend_lookup (backend=0x190854ee780,
box=0x190854fc148, args=args at entry=0x1908553b468,
flags=flags at entry=(unknown: 0), result=result at entry=0x7945d5823000) at
fts-api.c:353
No locals.
#24 0x000063e7f09acd92 in fts_search_lookup_level_single
(and_args=<optimized out>, args=0x1908553b468, fctx=0x190854f5520) at
fts-search.c:50
flags = (unknown: 0)
level = <optimized out>
result = {box = 0x0, definite_uids = {arr = {buffer =
0x19085528378, element_size = 8}, v = 0x19085528378, v_modifiable =
0x19085528378}, maybe_uids = {arr = {buffer = 0x190855284b8, element_size =
8}, v = 0x190855284b8,
v_modifiable = 0x190855284b8}, scores = {arr = {buffer =
0x190855285f8, element_size = 8}, v = 0x190855285f8, v_modifiable =
0x190855285f8}, scores_sorted = false}
flags = <optimized out>
level = <optimized out>
result = <optimized out>
#25 fts_search_lookup_level () at fts-search.c:210
_data_stack_cur_id = 4
ret = <optimized out>
#26 0x000063e7f09ad32c in fts_search_lookup_level () at fts-search.c:220
ret = 0
#27 0x000063e7f09ad48e in fts_search_lookup () at fts-search.c:360
last_uid = 622
seq1 = 544
seq2 = 807
__func__ = "fts_search_lookup"
#28 0x000063e7f09af460 in fts_mailbox_search_init () at fts-storage.c:250
ft = 0x19085511e60
fbox = <optimized out>
flist = <optimized out>
ctx = 0x190854f5240
fctx = 0x190854f5520
#29 0x000001905d983992 in imap_search_start () at imap-search.c:586
cmd = 0x190854e9628
__func__ = "imap_search_start"
#30 0x000001905d9753e5 in cmd_search (cmd=<optimized out>) at
cmd-search.c:48
ctx = 0x190854e9830
sargs = 0x1908553b308
args = 0x19085527620
charset = 0x190854f3860 "utf-8"
ret = 1
#31 0x000001905d97cad4 in command_exec () at imap-commands.c:201
hook = 0x1905db9cda0
finished = <optimized out>
__func__ = "command_exec"
#32 0x000001905d97b262 in client_command_input () at imap-client.c:1152
client = 0x190854e89c8
command = <optimized out>
__func__ = "client_command_input"
#33 0x000001905d97b305 in client_command_input () at imap-client.c:1215
client = 0x190854e89c8
command = <optimized out>
__func__ = "client_command_input"
---Type <return> to continue, or q <return> to quit---
#34 0x000001905d97b6cd in client_handle_next_command
(remove_io_r=<synthetic pointer>, client=0x190854e89c8) at
imap-client.c:1257
No locals.
#35 client_handle_input () at imap-client.c:1271
_data_stack_cur_id = 3
ret = <optimized out>
remove_io = false
handled_commands = false
ret = <optimized out>
remove_io = <optimized out>
__func__ = "client_handle_input"
client = 0x190854e89c8
handled_commands = <optimized out>
_data_stack_cur_id = <optimized out>
ret = <optimized out>
remove_io = <optimized out>
__func__ = "client_handle_input"
_data_stack_cur_id = <optimized out>
#36 0x000001905d97bb9e in client_input () at imap-client.c:1317
cmd = 0x190854cfba0
output = 0x190854e9440
bytes = 80
__func__ = "client_input"
#37 0x000063e7f14f8c58 in io_loop_call_io () at ioloop.c:674
ioloop = 0x63e7f1ae7f20
t_id = 2
__func__ = "io_loop_call_io"
#38 0x000063e7f14fa116 in io_loop_handler_run_internal () at
ioloop-epoll.c:222
ctx = 0x1905db9cfc0
events = <optimized out>
event = 0x190854bc360
list = 0x190854bd1a0
io = <optimized out>
tv = {tv_sec = 1799, tv_usec = 999332}
events_count = <optimized out>
msecs = <optimized out>
ret = <optimized out>
i = 0
j = <optimized out>
call = <optimized out>
__func__ = "io_loop_handler_run_internal"
#39 0x000063e7f14f8cfa in io_loop_handler_run () at ioloop.c:726
__func__ = "io_loop_handler_run"
#40 0x000063e7f14f8e68 in io_loop_run () at ioloop.c:699
__func__ = "io_loop_run"
#41 0x000063e7f1480dbb in master_service_run (service=0x63e7f1ae7de0,
callback=callback at entry=0x1905d987e60 <client_connected>) at
master-service.c:767
No locals.
#42 0x000001905d96dfc4 in main () at main.c:521
set_roots = {0x1905db9aa20 <smtp_submit_setting_parser_info>,
0x1905db9a740 <imap_setting_parser_info>, 0x0}
login_set = {auth_socket_path = 0x190854b2060 "\003",
postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, callback =
0x1905d9886b0 <login_client_connected>, failure_callback = 0x1905d987f28
<login_client_failed>,
request_auth_token = true}
service_flags = <optimized out>
storage_service_flags = MAIL_STORAGE_SERVICE_FLAG_NO_NAMESPACES
username = 0x0
auth_socket_path = <optimized out>
c = <optimized out>
error = 0x4cd0 <error: Cannot access memory at address 0x4cd0>
#43 0x000063e7f1b0506b in libc_start_main_stage2 (main=0x1905d96dc80
<main>, argc=1, argv=0x7945d5823688) at src/env/__libc_start_main.c:94
envp = 0x7945d5823698
#44 0x000001905d96e168 in _start_c () at imap-client.c:1433
No symbol table info available.
#45 0x0000000000000000 in ?? ()
No symbol table info available.
(gdb)
--
Alexander Miroshnichenko
More information about the dovecot
mailing list