[Dovecot] Dovecot 2.0, 2.1 and 2.2.5 core dump when Quota Plugin (FS) is enabled
Harald Strack
strack at hm.edu
Tue Sep 10 13:25:59 EEST 2013
Hi,
we are actually deploying a new IMAP-Server, targeting dovecot 2.1.17.
Unfortunately, our tests with imaptest did not succeed, were ending in
core dumps. We did this test:
./imaptest host=example.com port=143 user=strack pass=secret disconnect_quit no_pipelining mbox=dovecot-crlf
That's what we get in dovecot's log:
Sep 10 11:17:04 imap-login: Info: Login: user=<strack>, method=PLAIN, rip=10.10.10.31, lip=10.10.10.21, mpid=22810, session=<EurP9wPmVgCBu/Qf>
Sep 10 11:17:04 imap-login: Info: Login: user=<strack>, method=PLAIN, rip=10.10.10.31, lip=10.10.10.21, mpid=22811, session=<mSXT9wPmWgCBu/Qf>
Sep 10 11:17:04 imap-login: Info: Login: user=<strack>, method=PLAIN, rip=10.10.10.31, lip=10.10.10.21, mpid=22812, session=<1GbR9wPmWACBu/Qf>
Sep 10 11:17:04 imap-login: Info: Login: user=<strack>, method=PLAIN, rip=10.10.10.31, lip=10.10.10.21, mpid=22813, session=<JKbQ9wPmVwCBu/Qf>
Sep 10 11:17:04 imap-login: Info: Login: user=<strack>, method=PLAIN, rip=10.10.10.31, lip=10.10.10.21, mpid=22814, session=<USLS9wPmWQCBu/Qf>
Sep 10 11:17:04 imap(strack): Panic: file mbox-storage.c: line 712 (mbox_transaction_unlock): assertion failed: (mbox->box.transaction_count > 0 || mbox->mbox_lock_type == F_UNLCK)
Sep 10 11:17:04 imap(strack): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0() [0x3c7824660a] -> /usr/lib64/dovecot/libdovecot.so.0() [0x3c78246656] -> /usr/lib64/dovecot/libdovecot.so.0() [0x3c78219eaa] -> /usr/lib64/dovecot/libdovecot-storage.so.0() [0x3c786600c0] -> /usr/lib/dovecot/lib10_quota_plugin.so(+0xb7e7) [0x7f113b5427e7] -> /usr/lib/dovecot/lib10_quota_plugin.so(+0xb218) [0x7f113b542218] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mbox_sync+0x88) [0x3c7865fea8] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mbox_transaction_save_commit_post+0x27) [0x3c78657c07] -> /usr/lib64/dovecot/libdovecot-storage.so.0() [0x3c786a5313] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mail_index_transaction_commit_full+0x9f) [0x3c786b3cdf] -> /usr/lib64/dovecot/libdovecot-storage.so.0(index_transaction_commit+0x8a) [0x3c786a4f5a] -> /usr/lib64/dovecot/libdovecot-storage.so.0() [0x3c78660121] -> /usr/lib/dovecot/lib10_quota_plugin.so(+0xb8af) [0x7f113b5428af] -> /usr/lib64/dovecot/libdovecot-storage.so.0(mailbox_transaction_commit_get_changes+0x3e) [0x3c7867aa9e] -> dovecot/imap() [0x408b3a] -> dovecot/imap() [0x4088e4] -> dovecot/imap() [0x408d3c] -> dovecot/imap(cmd_append+0x139) [0x408f99] -> dovecot/imap(command_exec+0x3d) [0x41155d] -> dovecot/imap() [0x41046e] -> dovecot/imap() [0x41055a] -> dovecot/imap(client_handle_input+0x135) [0x410785] -> dovecot/imap(client_input+0x5f) [0x4110af] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x3c78252c16] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x9f) [0x3c78253c9f] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x28) [0x3c78252bb8] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x3c7823e083] -> dovecot/imap(main+0x29d) [0x4195bd]
Sep 10 11:17:04 imap-login: Info: Login: user=<strack>, method=PLAIN, rip=10.10.10.31, lip=10.10.10.21, mpid=22826, session=<KyHU9wPmWwCBu/Qf>
Sep 10 11:17:04 imap-login: Info: Login: user=<strack>, method=PLAIN, rip=10.10.10.31, lip=10.10.10.21, mpid=22827, session=<kxTY9wPmXACBu/Qf>
Sep 10 11:17:04 imap-login: Info: Login: user=<strack>, method=PLAIN, rip=10.10.10.31, lip=10.10.10.21, mpid=22828, session=<CXXg9wPmXQCBu/Qf>
Sep 10 11:17:05 imap(strack): Fatal: master: service(imap): child 22806 killed with signal 6 (core dumped)
Sep 10 11:17:05 imap(strack): Info: Connection closed in=49 out=3832
Sep 10 11:17:05 imap(strack): Info: Connection closed in=49 out=3832
That's the backtrace of the coredump:
Loaded symbols for /lib64/libnss_files.so.2
Reading symbols from /lib64/libnss_sss.so.2...Reading symbols from /usr/lib/debug/lib64/libnss_sss.so.2.debug...done.
done.
Loaded symbols for /lib64/libnss_sss.so.2
Reading symbols from /lib64/libgcc_s.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libgcc_s.so.1
Core was generated by `dovecot/imap'.
Program terminated with signal 6, Aborted.
#0 0x0000003bc02328a5 in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.107.el6_4.2.x86_64 keyutils-libs-1.4-4.el6.x86_64 krb5-libs-1.10.3-10.el6_4.4.x86_64 libcom_err-1.41.12-14.el6_4.2.x86_64 libgcc-4.4.7-3.el6.x86_64 libselinux-2.0.94-5.3.el6_4.1.x86_64 openssl-1.0.0-27.el6_4.2.x86_64 zlib-1.2.3-29.el6.x86_64
(gdb) bt
#0 0x0000003bc02328a5 in raise () from /lib64/libc.so.6
#1 0x0000003bc0234085 in abort () from /lib64/libc.so.6
#2 0x0000003c78246618 in default_fatal_finish (type=<value optimized out>, status=0) at failures.c:191
#3 0x0000003c78246656 in i_internal_fatal_handler (ctx=0x7fff1c87efa0, format=<value optimized out>, args=<value optimized out>) at failures.c:649
#4 0x0000003c78219eaa in i_panic (format=0x2c1e <Address 0x2c1e out of bounds>) at failures.c:263
#5 0x0000003c786600c0 in mbox_transaction_unlock (box=0x1a51270, lock_id=<value optimized out>) at mbox-storage.c:711
#6 0x00007f95c08c77e7 in quota_mailbox_transaction_rollback (ctx=0x1a589e0) at quota-storage.c:142
#7 0x00007f95c08c7218 in quota_mailbox_sync_notify (box=0x1a51270, uid=0, sync_type=0) at quota-storage.c:301
#8 0x0000003c7865fea8 in mbox_sync (mbox=0x1a51270, flags=<value optimized out>) at mbox-sync.c:2006
#9 0x0000003c78657c07 in mbox_transaction_save_commit_post (_ctx=0x1a53e20, result=<value optimized out>) at mbox-save.c:807
#10 0x0000003c786a5313 in index_transaction_index_commit (index_trans=0x1a5a530, result_r=0x7fff1c87f190) at index-transaction.c:50
#11 0x0000003c786b3cdf in mail_index_transaction_commit_full (_t=0x7fff1c87f1b8, result_r=0x7fff1c87f190) at mail-index-transaction.c:251
#12 0x0000003c786a4f5a in index_transaction_commit (t=<value optimized out>, changes_r=<value optimized out>) at index-transaction.c:132
#13 0x0000003c78660121 in mbox_transaction_commit (t=<value optimized out>, changes_r=<value optimized out>) at mbox-storage.c:729
#14 0x00007f95c08c78af in quota_mailbox_transaction_commit (ctx=0x1a5a390, changes_r=0x7fff1c87f260) at quota-storage.c:124
#15 0x0000003c7867aa9e in mailbox_transaction_commit_get_changes (_t=<value optimized out>, changes_r=0x7fff1c87f260) at mail-storage.c:1515
#16 0x0000000000408b3a in cmd_append_continue_parsing (cmd=0x1a4ea50) at cmd-append.c:284
#17 0x00000000004088e4 in cmd_append_continue_message (cmd=0x1a4ea50) at cmd-append.c:466
#18 0x0000000000408d3c in cmd_append_continue_parsing (cmd=0x1a4ea50) at cmd-append.c:399
#19 0x0000000000408f99 in cmd_append (cmd=0x1a4ea50) at cmd-append.c:519
#20 0x000000000041155d in command_exec (cmd=0x1a4ea50) at imap-commands.c:148
#21 0x000000000041046e in client_command_input (cmd=0x1a4ea50) at imap-client.c:684
#22 0x000000000041055a in client_command_input (cmd=0x1a4ea50) at imap-client.c:735
#23 0x0000000000410785 in client_handle_next_command (client=0x1a4e240) at imap-client.c:776
#24 client_handle_input (client=0x1a4e240) at imap-client.c:788
#25 0x00000000004110af in client_input (client=0x1a4e240) at imap-client.c:827
#26 0x0000003c78252c16 in io_loop_call_io (io=0x1a4cb70) at ioloop.c:379
#27 0x0000003c78253c9f in io_loop_handler_run (ioloop=<value optimized out>) at ioloop-epoll.c:213
#28 0x0000003c78252bb8 in io_loop_run (ioloop=0x1a35670) at ioloop.c:398
#29 0x0000003c7823e083 in master_service_run (service=0x1a35520, callback=<value optimized out>) at master-service.c:544
#30 0x00000000004195bd in main (argc=1, argv=0x1a35370) at main.c:389
That's the full backtrace of the coredump:
#0 0x0000003bc02328a5 in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install
glibc-2.12-1.107.el6_4.2.x86_64 keyutils-libs-1.4-4.el6.x86_64
krb5-libs-1.10.3-10.el6_4.4.x86_64 libcom_err-1.41.12-14.el6_4.2.x86_64
libgcc-4.4.7-3.el6.x86_64 libselinux-2.0.94-5.3.el6_4.1.x86_64
openssl-1.0.0-27.el6_4.2.x86_64 zlib-1.2.3-29.el6.x86_64
(gdb) bt full
#0 0x0000003bc02328a5 in raise () from /lib64/libc.so.6
No symbol table info available.
#1 0x0000003bc0234085 in abort () from /lib64/libc.so.6
No symbol table info available.
#2 0x0000003c78246618 in default_fatal_finish (type=<value optimized
out>, status=0) at failures.c:191
backtrace = 0x1a2d3a8 "/usr/lib64/dovecot/libdovecot.so.0()
[0x3c7824660a] -> /usr/lib64/dovecot/libdovecot.so.0() [0x3c78246656]
-> /usr/lib64/dovecot/libdovecot.so.0() [0x3c78219eaa]
-> /usr/lib64/dovecot/libdovecot-stora"...
#3 0x0000003c78246656 in i_internal_fatal_handler (ctx=0x7fff1c87efa0,
format=<value optimized out>,
args=<value optimized out>) at failures.c:649
status = 0
#4 0x0000003c78219eaa in i_panic (format=0x2c1e <Address 0x2c1e out of
bounds>) at failures.c:263
ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0}
args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
0x7fff1c87f070, reg_save_area = 0x7fff1c87efb0}}
#5 0x0000003c786600c0 in mbox_transaction_unlock (box=0x1a51270,
lock_id=<value optimized out>)
at mbox-storage.c:711
mbox = 0x1a51270
__FUNCTION__ = "mbox_transaction_unlock"
#6 0x00007f95c08c77e7 in quota_mailbox_transaction_rollback
(ctx=0x1a589e0) at quota-storage.c:142
qbox = 0x1a51858
qt = 0x1a66a90
#7 0x00007f95c08c7218 in quota_mailbox_sync_notify (box=0x1a51270,
uid=0, sync_type=0) at quota-storage.c:301
qbox = 0x1a51858
uids = <value optimized out>
sizep = <value optimized out>
i = <value optimized out>
count = <value optimized out>
size = <value optimized out>
#8 0x0000003c7865fea8 in mbox_sync (mbox=0x1a51270, flags=<value
optimized out>) at mbox-sync.c:2006
lock_id = 11
---Type <return> to continue, or q <return> to quit---
ret = 0
__FUNCTION__ = "mbox_sync"
#9 0x0000003c78657c07 in mbox_transaction_save_commit_post
(_ctx=0x1a53e20, result=<value optimized out>)
at mbox-save.c:807
ctx = 0x1a53e20
__FUNCTION__ = "mbox_transaction_save_commit_post"
#10 0x0000003c786a5313 in index_transaction_index_commit
(index_trans=0x1a5a530, result_r=0x7fff1c87f190)
at index-transaction.c:50
t = 0x1a5a390
ret = 0
__FUNCTION__ = "index_transaction_index_commit"
#11 0x0000003c786b3cdf in mail_index_transaction_commit_full
(_t=0x7fff1c87f1b8, result_r=0x7fff1c87f190)
at mail-index-transaction.c:251
t = 0x1a5a530
index = 0x1a4ccc0
index_undeleted = <value optimized out>
#12 0x0000003c786a4f5a in index_transaction_commit (t=<value optimized
out>, changes_r=<value optimized out>)
at index-transaction.c:132
box = 0x1a51270
itrans = 0x0
result = {log_file_seq = 17, log_file_offset = 6032, commit_size
= 196, ignored_modseq_changes = 0}
ret = <value optimized out>
#13 0x0000003c78660121 in mbox_transaction_commit (t=<value optimized
out>, changes_r=<value optimized out>)
at mbox-storage.c:729
mt = <value optimized out>
box = 0x1a51270
lock_id = 11
ret = <value optimized out>
#14 0x00007f95c08c78af in quota_mailbox_transaction_commit
(ctx=0x1a5a390, changes_r=0x7fff1c87f260)
---Type <return> to continue, or q <return> to quit---
at quota-storage.c:124
qbox = 0x1a51858
qt = 0x1a5a1e0
#15 0x0000003c7867aa9e in mailbox_transaction_commit_get_changes
(_t=<value optimized out>, changes_r=0x7fff1c87f260)
at mail-storage.c:1515
_data_stack_cur_id = 4
t = 0x1a5a390
ret = <value optimized out>
#16 0x0000000000408b3a in cmd_append_continue_parsing (cmd=0x1a4ea50) at
cmd-append.c:284
sync_flags = <value optimized out>
imap_flags = <value optimized out>
changes = {pool = 0x1a61fe0, uid_validity = 1268835246,
saved_uids = {arr = {buffer = 0x1a62000,
element_size = 8}, v = 0x1a62000, v_modifiable =
0x1a62000}, ignored_modseq_changes = 0,
changed = true, no_read_perm = false}
msg = <value optimized out>
client = 0x1a4e240
ctx = 0x1a4eb48
args = 0x1a59a98
flags_list = <value optimized out>
flags = <value optimized out>
keywords_list = <value optimized out>
keywords = <value optimized out>
internal_date_str = <value optimized out>
msg = <value optimized out>
internal_date = <value optimized out>
ret = <value optimized out>
timezone_offset = <value optimized out>
save_count = <value optimized out>
nonsync = <value optimized out>
---Type <return> to continue, or q <return> to quit---
fatal = <value optimized out>
__FUNCTION__ = "cmd_append_continue_parsing"
#17 0x00000000004088e4 in cmd_append_continue_message (cmd=0x1a4ea50) at
cmd-append.c:466
all_written = true
client = 0x1a4e240
ctx = 0x1a4eb48
size = 0
ret = <value optimized out>
#18 0x0000000000408d3c in cmd_append_continue_parsing (cmd=0x1a4ea50) at
cmd-append.c:399
client = 0x1a4e240
ctx = 0x1a4eb48
args = 0x1a59a98
flags_list = 0x0
flags = 0
keywords_list = 0x3c782426aa
keywords = 0x0
internal_date_str = <value optimized out>
msg = <value optimized out>
internal_date = -1
ret = 0
timezone_offset = 0
save_count = <value optimized out>
nonsync = true
fatal = <value optimized out>
__FUNCTION__ = "cmd_append_continue_parsing"
#19 0x0000000000408f99 in cmd_append (cmd=0x1a4ea50) at cmd-append.c:519
client = 0x1a4e240
ctx = 0x1a4eb48
mailbox = 0x1a38910 "INBOX"
---Type <return> to continue, or q <return> to quit---
#20 0x000000000041155d in command_exec (cmd=0x1a4ea50) at
imap-commands.c:148
hook = 0x1a36cd0
ret = <value optimized out>
#21 0x000000000041046e in client_command_input (cmd=0x1a4ea50) at
imap-client.c:684
client = 0x1a4e240
command = <value optimized out>
__FUNCTION__ = "client_command_input"
#22 0x000000000041055a in client_command_input (cmd=0x1a4ea50) at
imap-client.c:735
client = 0x1a4e240
command = <value optimized out>
__FUNCTION__ = "client_command_input"
#23 0x0000000000410785 in client_handle_next_command (client=0x1a4e240)
at imap-client.c:776
size = 1320
#24 client_handle_input (client=0x1a4e240) at imap-client.c:788
_data_stack_cur_id = 3
ret = false
remove_io = false
handled_commands = false
__FUNCTION__ = "client_handle_input"
#25 0x00000000004110af in client_input (client=0x1a4e240) at
imap-client.c:827
cmd = <value optimized out>
output = 0x1a4ca88
bytes = 1320
__FUNCTION__ = "client_input"
#26 0x0000003c78252c16 in io_loop_call_io (io=0x1a4cb70) at ioloop.c:379
ioloop = 0x1a35670
t_id = 2
#27 0x0000003c78253c9f in io_loop_handler_run (ioloop=<value optimized
out>) at ioloop-epoll.c:213
ctx = 0x1a359e0
---Type <return> to continue, or q <return> to quit---
events = <value optimized out>
event = 0x1a35a50
list = 0x1a4cbc0
io = <value optimized out>
tv = {tv_sec = 1799, tv_usec = 999319}
msecs = <value optimized out>
ret = 1
i = <value optimized out>
call = <value optimized out>
#28 0x0000003c78252bb8 in io_loop_run (ioloop=0x1a35670) at ioloop.c:398
No locals.
#29 0x0000003c7823e083 in master_service_run (service=0x1a35520,
callback=<value optimized out>)
at master-service.c:544
No locals.
#30 0x00000000004195bd in main (argc=1, argv=0x1a35370) at main.c:389
set_roots = {0x41c460, 0x0}
login_set = {auth_socket_path = 0x1a2d078
"/var/run/dovecot/auth-master", postlogin_socket_path = 0x0,
postlogin_timeout_secs = 60, callback = 0x419710
<login_client_connected>,
failure_callback = 0x418f30 <login_client_failed>}
service_flags = <value optimized out>
storage_service_flags = <value optimized out>
username = <value optimized out>
c = <value optimized out>
That's our configuration:
# 2.1.17: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-358.18.1.el6.x86_64 x86_64 Red Hat Enterprise Linux
Server release 6.4 (Santiago) xfs
auth_debug = yes
auth_verbose = yes
debug_log_path = /var/log/dovecot/dovecot-debug.log
default_client_limit = 3000
default_process_limit = 8192
disable_plaintext_auth = no
log_path = /var/log/dovecot/dovecot.log
login_greeting = Server ready.
mail_debug = yes
mail_location = mbox:/var/spool/fhmrz_imap/%
u/dovecot-home:LAYOUT=maildir++:INBOX=/var/spool/mail/%
u:INDEX=/var/opt/index/%u/dovecot-indexes:CONTROL=/var/opt/index/%
u/dovecot-control
mail_plugin_dir = /usr/lib/dovecot
mail_plugins = listescape quota
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
separator = /
type = private
}
passdb {
driver = pam
}
plugin {
mail_log_events = delete undelete expunge copy mailbox_delete
mailbox_rename
mail_log_fields = uid box msgid size flags
quota = fs:User quota:user:noenforcing
quota_exceeded_message = Quota exceeded, please go to
http://www.timbuktu.edu/over_quota_help for instructions on how to fix
this.
}
protocols = imap pop3
service anvil {
client_limit = 16744
}
service auth {
client_limit = 16800
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
process_limit = 8192
process_min_avail = 8
}
service imap {
process_limit = 16084
}
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
service pop3 {
process_limit = 16084
}
ssl_cert = </etc/pki/tls/certs/example.pem
ssl_key = </etc/pki/tls/private/example-key.pem
userdb {
driver = passwd
}
protocol imap {
mail_max_userip_connections = 30
mail_plugins = listescape quota imap_quota
}
protocol pop3 {
mail_max_userip_connections = 10
pop3_uidl_format = %08Xu%08Xv
}
The problem occurs with dovecot-2.0.9 and dovecot-2.1.17 and also
dovecot-2.2.5!
From the stacktrace I could see that the problem origins from the quota
plugin. Thus, when I disabled the quota plugin the problem went away.
The problem did only occur on a high concurrency level on one
mbox/folder, running imaptest with only one user and 10 clients. When we
run imaptest in a more real-world fashion with several thousand of users
and clients=100, the error did not occur. Because of this I am not sure
how problematic this bug will be in a production environment? What do
you think?
Any help is greatly appreciated!
br
Harald Strack
--
Harald Strack, Dipl.Inf.(FH)
IT Development
ssystems
c/o berliner gazette
Danziger Str. 31
10435 Berlin
Tel: +49 30 2023 6071 - 1
http://www.ssystems.de
More information about the dovecot
mailing list