imapd crashes with SIGSEGV in mboxlist.c:221

Dmitry Katsubo dma_k at mail.ru
Sun Aug 7 23:52:54 EDT 2011 

Dear Cyrus developers,

I have reported earlier the problem to Debain bugtracker ([1]), but the
problem seems to have left without attention.

In my setup imapd causes SEGFAULT with this symptoms:

> 13:10:57 cyrus/imap[17999]: login: tanja.home [192.168.1.11] dmitry plain+TLS User logged in
> 13:10:57 kernel: [60608.311267] imapd[17999]: segfault at 0 ip b723049a sp bfe0fefc error 6 in libc-2.13.so[b71bc000+153000]
> 13:10:57 cyrus/master[2365]: process 17999 exited, signaled to death by 11
> 13:10:57 cyrus/master[2365]: service imap pid 17999 in BUSY state: terminated abnormally

and then due to the crash the recovery procedure takes place:

> 13:10:57 cyrus/master[18000]: about to exec /usr/lib/cyrus/bin/imapd
> 13:10:57 cyrus/imap[18000]: DBERROR db5: /var/lib/cyrus/db/__db.001: No such file or directory
> 13:10:57 cyrus/imap[18000]: DBERROR: dbenv->open '/var/lib/cyrus/db' failed: No such file or directory
> 13:10:58 cyrus/imap[18000]: DBERROR: init() on berkeley
> 13:10:58 cyrus/imap[18000]: DBERROR: reading /var/lib/cyrus/db/skipstamp, assuming the worst: No such file or directory
> 13:10:58 cyrus/imap[18000]: executed
> 13:10:58 cyrus/imap[18000]: skiplist: recovered /var/lib/cyrus/mailboxes.db (66 records, 5412 bytes) in 1 second
> 13:10:58 cyrus/imap[18000]: skiplist: recovered /var/lib/cyrus/annotations.db (0 records, 144 bytes) in 0 seconds
> 13:10:58 cyrus/imap[18000]: accepted connection

Here goes the stack trace and code pointer:

> (gdb) bt
> #0  0xb711549a in ?? () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
> #1  0x08076278 in mboxlist_mylookup (name=<value optimized out>, typep=<value optimized out>, pathp=0x0,
>     partp=0xbf88e398, aclp=0xbf88e39c, tid=0x0, wrlock=0) at mboxlist.c:221
> #2  0x08051272 in mlookup (tag=0x89afcb8 "5", ext_name=0x8ab3130 "INBOX.Sent", name=0xbf88e6e5 "user.dmitry.Sent",
>     flags=0x0, pathp=0x0, partp=0x0, aclp=0x0, tid=0x0) at imapd.c:412
> #3  0x08053022 in cmd_select (tag=0x89afcb8 "5", cmd=0x89afd28 "Select", name=0x8ab3130 "INBOX.Sent")
>     at imapd.c:2619
> #4  0x08060c96 in cmdloop () at imapd.c:1462
> #5  0x080620c2 in service_main (argc=1, argv=0x89a7008, envp=0xbf891004) at imapd.c:691
> #6  0x0804dc3b in main (argc=3, argv=0xbf890ff4, envp=0xbf891004) at service.c:537
> (gdb) f 1
> #1  0x08076278 in mboxlist_mylookup (name=<value optimized out>, typep=<value optimized out>, pathp=0x0,
>     partp=0xbf88e398, aclp=0xbf88e39c, tid=0x0, wrlock=0) at mboxlist.c:221
> 221                 memcpy(aclresult, p, acllen);
> (gdb) p aclresult
> $1 = 0x0
> (gdb) p p
> $2 = 0xb4bc516a "default\tdmitry\tlrswipcda\t"
> (gdb) p acllen
> $3 = 0
> (gdb) s
> Cannot find bounds of current function
> (gdb) l
> 206                     r = mboxlist_getpath(part, name, pathp);
> 207                     if(r) return r;
> 208                 } else {
> 209                     r = mboxlist_getpath(partition, name, pathp);
> 210                     if(r) return r;
> 211                 }
> 212             }
> 213
> 214             /* the rest is ACL; return it if requested */
> 215             if (aclp) {
> 216                 acllen = datalen - (p - data);
> 217                 if (acllen >= aclresultalloced) {
> 218                     aclresultalloced = acllen + 100;
> 219                     aclresult = xrealloc(aclresult, aclresultalloced);
> 220                 }
> 221 (!)             memcpy(aclresult, p, acllen);
> 222                 aclresult[acllen] = '\0';
> 223
> 224                 *aclp = aclresult;
> 225             }
> 226             break;
> 227
> 228         case CYRUSDB_AGAIN:
> 229             return IMAP_AGAIN;
> 230             break;
> 231
> 232         case CYRUSDB_NOTFOUND:
> 233             return IMAP_MAILBOX_NONEXISTENT;
> 234             break;
> 235

The solution is mentioned in [1] as well as attached to this letter.

I wonder is it some corrupted data in my DB that causes the crash? At
the moment I need to patch Cyrus each time the version is updated in
Debian repository which is really annoying.

Also the latest Debian releases (2.2.13p1-15) do not SIGSEGV with patch
applied, but fail with the following message:

> cyrus/lmtpunix[30775]: verify_user(user.dmitry) failed: Unknown/invalid partition

I hope that somebody can help on this maillist.

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604468

-- 
With best regards,
Dmitry
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 299-cyrus-imapd_mbox-format.patch
Url: http://lists.andrew.cmu.edu/pipermail/cyrus-devel/attachments/20110808/d3b5b3f1/attachment.ksh

More information about the Cyrus-devel mailing list