Segfault (null pointer dereference) in mail_index_unset_fscked
Dovecot 2.3.21.1 (d492236fa0)
Reduced sources:
int mdbox_storage_rebuild(struct mdbox_storage *storage) { struct mdbox_map_atomic_context *atomic; atomic = mdbox_map_atomic_begin(storage->map); mdbox_map_atomic_unset_fscked(atomic); <---- atomic here is NULL according to gdb bt }
struct mdbox_map_atomic_context *mdbox_map_atomic_begin(struct mdbox_map *map) { struct mdbox_map_atomic_context *atomic; atomic = i_new(struct mdbox_map_atomic_context, 1); atomic->map = map; <------- would fall here if atomic was NULL. but it does not. return atomic; }
Seems memory corruption happens somewhere.
Happy to help if you say how.
Some tracebacks:
#0 mail_index_unset_fscked (t=0x0) at ../lib-index/mail-index-transaction-update.c:1331 #1 0x00007fb99b0b1eb0 in mdbox_storage_rebuild (storage=<optimized out>) at index/dbox-multi/mdbox-storage-rebuild.c:1001 #2 0x00007fb99b0b2925 in mdbox_mailbox_close (box=0x56448dda4158) at index/dbox-multi/mdbox-storage.c:201 #3 0x00007fb99b08f3ba in mailbox_close (box=0x56448dda4158) at /usr/src/debug/dovecot-2.3.21.1-1.fc41.x86_64/src/lib-storage/mail-storage.c:1642 #4 mailbox_close (box=box@entry=0x56448dda4158) at /usr/src/debug/dovecot-2.3.21.1-1.fc41.x86_64/src/lib-storage/mail-storage.c:1633 #5 0x00007fb99b0946ef in mailbox_free (_box=_box@entry=0x7ffe965912a0) at /usr/src/debug/dovecot-2.3.21.1-1.fc41.x86_64/src/lib-storage/mail-storage.c:1662 #6 0x0000564463d53a63 in imap_client_close_mailbox (client=client@entry=0x56448dd91ce8)
#0 mail_index_unset_fscked (t=0x0) at ../lib-index/mail-index-transaction-update.c:1331 #1 0x00007fed23455eb0 in mdbox_storage_rebuild (storage=<optimized out>) at index/dbox-multi/mdbox-storage-rebuild.c:1001 #2 0x00007fed23456925 in mdbox_mailbox_close (box=0x558f04a98ed8) at index/dbox-multi/mdbox-storage.c:201 #3 0x00007fed234333ba in mailbox_close (box=0x558f04a98ed8) at /usr/src/debug/dovecot-2.3.21.1-1.fc41.x86_64/src/lib-storage/mail-storage.c:1642 #4 mailbox_close (box=box@entry=0x558f04a98ed8) at /usr/src/debug/dovecot-2.3.21.1-1.fc41.x86_64/src/lib-storage/mail-storage.c:1633 #5 0x00007fed234386ef in mailbox_free (_box=_box@entry=0x7ffc98e15758) at /usr/src/debug/dovecot-2.3.21.1-1.fc41.x86_64/src/lib-storage/mail-storage.c:1662 #6 0x00007fed22a4b2fc in quota_count_mailbox (root=0x558f04a73700, ns=0x558f04a4c7d0, vname=0x7fed23523807 "INBOX", bytes=<optimized out>,
#0 mail_index_unset_fscked (t=0x0) at ../lib-index/mail-index-transaction-update.c:1331 #1 0x00007f8b661a2eb0 in mdbox_storage_rebuild (storage=<optimized out>) at index/dbox-multi/mdbox-storage-rebuild.c:1001 #2 0x00007f8b661a3925 in mdbox_mailbox_close (box=0x55690db6dec8) at index/dbox-multi/mdbox-storage.c:201 #3 0x00007f8b661803ba in mailbox_close (box=0x55690db6dec8) at /usr/src/debug/dovecot-2.3.21.1-1.fc41.x86_64/src/lib-storage/mail-storage.c:1642 #4 mailbox_close (box=box@entry=0x55690db6dec8) at /usr/src/debug/dovecot-2.3.21.1-1.fc41.x86_64/src/lib-storage/mail-storage.c:1633 #5 0x00007f8b661856ef in mailbox_free (_box=<optimized out>) at /usr/src/debug/dovecot-2.3.21.1-1.fc41.x86_64/src/lib-storage/mail-storage.c:1662 #6 0x00007f8b657a72fc in _Unwind_SetGRValue (context=<optimized out>, index=229799824, val=161) at ../../../libgcc/unwind-dw2.c:329
-- Segmentation fault
Hi,
- Unfortunately, I can't test. I can in the future, but not right now.
- I can't "try" even in newer version, because I don't know how to trigger. It triggers rarely. My FS is BTRFS and load average approaches 75 because of that. Seems in this extremal conditions, some races happen.
- I can work on core dumps or even give you access to gdb on this machine. Please tell me how to help.
пт, 31 окт. 2025 г. в 12:13, Aki Tuomi <aki.tuomi@open-xchange.com>:
On 31/10/2025 09:00 EET Марк Коренберг via dovecot <dovecot@dovecot.org> wrote:
Dovecot 2.3.21.1 (d492236fa0)
Reduced sources:
-- Segmentation fault
Hi!
2.3 is in maintenance mode, can you see try if this happens with 2.4?
Aki
-- Segmentation fault
If you have logs, you can send those, along with doveconf -n. But this bug will not be fixed for 2.3. I can check if it's in 2.4 maybe if there is enough information how to reproduce this.
Aki
On 31/10/2025 09:22 EET Марк Коренберг via dovecot <dovecot@dovecot.org> wrote:
Hi,
- Unfortunately, I can't test. I can in the future, but not right now.
- I can't "try" even in newer version, because I don't know how to trigger. It triggers rarely. My FS is BTRFS and load average approaches 75 because of that. Seems in this extremal conditions, some races happen.
- I can work on core dumps or even give you access to gdb on this machine. Please tell me how to help.
пт, 31 окт. 2025 г. в 12:13, Aki Tuomi <aki.tuomi@open-xchange.com>:
On 31/10/2025 09:00 EET Марк Коренберг via dovecot <dovecot@dovecot.org> wrote:
Dovecot 2.3.21.1 (d492236fa0)
Reduced sources:
-- Segmentation fault
Hi!
2.3 is in maintenance mode, can you see try if this happens with 2.4?
Aki
-- Segmentation fault
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
Hi!
This is already fixed in https://github.com/dovecot/core/commit/b3fcfa013a5d9a6eb28ff701ef5ddf45ba6d5... - so upgrading to 2.4 should fix it.
Aki
On 31/10/2025 09:36 EET Aki Tuomi via dovecot <dovecot@dovecot.org> wrote:
If you have logs, you can send those, along with doveconf -n. But this bug will not be fixed for 2.3. I can check if it's in 2.4 maybe if there is enough information how to reproduce this.
Aki
On 31/10/2025 09:22 EET Марк Коренберг via dovecot <dovecot@dovecot.org> wrote:
Hi,
- Unfortunately, I can't test. I can in the future, but not right now.
- I can't "try" even in newer version, because I don't know how to trigger. It triggers rarely. My FS is BTRFS and load average approaches 75 because of that. Seems in this extremal conditions, some races happen.
- I can work on core dumps or even give you access to gdb on this machine. Please tell me how to help.
пт, 31 окт. 2025 г. в 12:13, Aki Tuomi <aki.tuomi@open-xchange.com>:
On 31/10/2025 09:00 EET Марк Коренберг via dovecot <dovecot@dovecot.org> wrote:
Dovecot 2.3.21.1 (d492236fa0)
Reduced sources:
-- Segmentation fault
Hi!
2.3 is in maintenance mode, can you see try if this happens with 2.4?
Aki
-- Segmentation fault
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
I appreciate fast reply. Thank you! will upgrade ASAP
пт, 31 окт. 2025 г. в 15:40, Aki Tuomi <aki.tuomi@open-xchange.com>:
Hi!
This is already fixed in https://github.com/dovecot/core/commit/b3fcfa013a5d9a6eb28ff701ef5ddf45ba6d5... - so upgrading to 2.4 should fix it.
Aki
On 31/10/2025 09:36 EET Aki Tuomi via dovecot <dovecot@dovecot.org> wrote:
If you have logs, you can send those, along with doveconf -n. But this bug will not be fixed for 2.3. I can check if it's in 2.4 maybe if there is enough information how to reproduce this.
Aki
On 31/10/2025 09:22 EET Марк Коренберг via dovecot <dovecot@dovecot.org> wrote:
Hi,
- Unfortunately, I can't test. I can in the future, but not right now.
- I can't "try" even in newer version, because I don't know how to trigger. It triggers rarely. My FS is BTRFS and load average approaches 75 because of that. Seems in this extremal conditions, some races happen.
- I can work on core dumps or even give you access to gdb on this machine. Please tell me how to help.
пт, 31 окт. 2025 г. в 12:13, Aki Tuomi <aki.tuomi@open-xchange.com>:
On 31/10/2025 09:00 EET Марк Коренберг via dovecot <dovecot@dovecot.org> wrote:
Dovecot 2.3.21.1 (d492236fa0)
Reduced sources:
-- Segmentation fault
Hi!
2.3 is in maintenance mode, can you see try if this happens with 2.4?
Aki
-- Segmentation fault
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
-- Segmentation fault
If you have logs, you can send those, along with doveconf -n. But this bug will not be fixed for 2.3. I can check if it's in 2.4 maybe if there is enough information how to reproduce this. ... This is already fixed in https://github.com/dovecot/core/commit/b3fcfa013a5d9a6eb28ff701ef5ddf45ba6d5... - so upgrading to 2.4 should fix it.
it's already fixed in the 2.3 branch,
https://github.com/dovecot/core/commits/release-2.3/
2.3 is in maintenance mode, can you see try if this happens with 2.4?
if it's still in maintenance, would it be possible to make a release rolling up the various post-2.3.21.1 fixes please? this would be easier to work with for stable OS distributions still using 2.3 than cherry- picking patches.
On 31/10/2025 12:07, Stuart Henderson via dovecot wrote:
If you have logs, you can send those, along with doveconf -n. But this bug will not be fixed for 2.3. I can check if it's in 2.4 maybe if there is enough information how to reproduce this. ... This is already fixed inhttps://github.com/dovecot/core/commit/b3fcfa013a5d9a6eb28ff701ef5ddf45ba6d5... - so upgrading to 2.4 should fix it. it's already fixed in the 2.3 branch,
https://github.com/dovecot/core/commits/release-2.3/
2.3 is in maintenance mode, can you see try if this happens with 2.4? if it's still in maintenance, would it be possible to make a release rolling up the various post-2.3.21.1 fixes please? this would be easier to work with for stable OS distributions still using 2.3 than cherry- picking patches.
I think you'd need to raise the issue with Debian so their maintainer can update their packages.
On 31/10/2025 12:07, Stuart Henderson via dovecot wrote:
If you have logs, you can send those, along with doveconf -n. But this bug will not be fixed for 2.3. I can check if it's in 2.4 maybe if there is enough information how to reproduce this.
...
This is already fixed in [1]https://github.com/dovecot/core/commit/b3fcfa013a5d9a6eb28ff701ef5ddf45ba6d5... - so upgrading to 2.4 should fix it.
it's already fixed in the 2.3 branch,
[2]https://github.com/dovecot/core/commits/release-2.3/
2.3 is in maintenance mode, can you see try if this happens with 2.4?
if it's still in maintenance, would it be possible to make a release rolling up the various post-2.3.21.1 fixes please? this would be easier to work with for stable OS distributions still using 2.3 than cherry- picking patches.
I think you'd need to raise the issue with Debian so their maintainer can update their packages.
References
Visible links
On 2025-10-31, Nick Howitt via dovecot <dovecot@dovecot.org> wrote:
2.3 is in maintenance mode, can you see try if this happens with 2.4? if it's still in maintenance, would it be possible to make a release rolling up the various post-2.3.21.1 fixes please? this would be easier to work with for stable OS distributions still using 2.3 than cherry- picking patches.
I think you'd need to raise the issue with Debian so their maintainer can update their packages.
Debian can't make a Dovecot release.
They could add cherry-picked patches, as can other OS/distributions, but this is a lot easier if there's an actual release - not least because it's more obvious that crashes have been fixed if there,'s a release rather than commits on a maintenance branch.
On 10/31/2025 7:13 AM MDT Stuart Henderson via dovecot <dovecot@dovecot.org> wrote:
On 2025-10-31, Nick Howitt via dovecot <dovecot@dovecot.org> wrote:
> 2.3 is in maintenance mode, can you see try if this happens with 2.4? if it's still in maintenance, would it be possible to make a release rolling up the various post-2.3.21.1 fixes please? this would be easier to work with for stable OS distributions still using 2.3 than cherry- picking patches.
I think you'd need to raise the issue with Debian so their maintainer can update their packages.
Debian can't make a Dovecot release.
They could add cherry-picked patches, as can other OS/distributions, but this is a lot easier if there's an actual release - not least because it's more obvious that crashes have been fixed if there,'s a release rather than commits on a maintenance branch.
There will be no further CE 2.3 release absent a security issue.
This was announced in May. https://dovecot.org/mailman3/archives/list/dovecot@dovecot.org/message/3P45L...
michael
On 2025/10/31 07:40, Michael Slusarz wrote:
On 10/31/2025 7:13 AM MDT Stuart Henderson via dovecot <dovecot@dovecot.org> wrote:
On 2025-10-31, Nick Howitt via dovecot <dovecot@dovecot.org> wrote:
>> 2.3 is in maintenance mode, can you see try if this happens with 2.4? if it's still in maintenance, would it be possible to make a release rolling up the various post-2.3.21.1 fixes please? this would be easier to work with for stable OS distributions still using 2.3 than cherry- picking patches.
I think you'd need to raise the issue with Debian so their maintainer can update their packages.
Debian can't make a Dovecot release.
They could add cherry-picked patches, as can other OS/distributions, but this is a lot easier if there's an actual release - not least because it's more obvious that crashes have been fixed if there,'s a release rather than commits on a maintenance branch.
There will be no further CE 2.3 release absent a security issue.
This was announced in May. https://dovecot.org/mailman3/archives/list/dovecot@dovecot.org/message/3P45L...
Thanks Michael. That is what I thought the situation was, but "maintenance" implied something more to me so I wondered if anything had changed.
participants (5)
-
Aki Tuomi
-
Michael Slusarz
-
Nick Howitt
-
Stuart Henderson
-
Марк Коренберг