[Dovecot] [bug] dovecot 1.1.15: segfault after message move
Hello,
found the following in my error log:
May 20 13:27:48 ser dovecot: imap-login: Login: user=<juergen>, method=PLAIN, rip=192.168.0.17, lip=192.168.0.90, TLS May 20 13:28:10 ser dovecot: Panic: IMAP(juergen): file imap-sync.c: line 439 (cmd_sync_delayed): assertion failed: (client->mailbox != NULL) May 20 13:28:10 ser dovecot: IMAP(juergen): Raw backtrace: imap [0x80cc01e] -> imap [0x80cc08a] -> imap [0x80cba78] -> imap [0x806642f] -> imap [0x80602c1] May 20 13:28:10 ser dovecot: child 23536 (imap) killed with signal 6 (core dumps disabled)
it's almost always reproducible using the Heirloom mailx [1] mail client, with mutt I get a 'connection closed' message but no segfault:
- login to the dovecot server via imap/imaps
- move a message from INBOX to a another large mbox-file
- quit
Seems to be a new issue introduced with 1.1.15 because I don't see that with 1.1.14 or older versions.
Greetings Juergen
[1] http://heirloom.sourceforge.net/mailx.html
#:> dovecot -n
# 1.1.15: /etc/dovecot.conf
# OS: Linux 2.6.27.23 i686
base_dir: /var/run/dovecot/
protocols: imap imaps pop3 pop3s
ssl_cert_file: /etc/ssl/certs/dovecot.crt
ssl_key_file: /etc/ssl/keys/dovecot.key
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
login_process_per_connection: no
login_processes_count: 1
first_valid_gid: 100
mail_location: mbox:~/Mail:INBOX=/var/spool/mail/%u
mbox_min_index_size: 100
mbox_very_dirty_syncs: yes
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
auth default:
passdb:
driver: shadow
userdb:
driver: passwd
--
Juergen Daubert | mailto:jue@jue.li
Korb, Germany | http://jue.li/crux
On Wed, May 20, 2009 at 01:47:42PM +0200, Juergen Daubert wrote:
Hello,
found the following in my error log:
May 20 13:27:48 ser dovecot: imap-login: Login: user=<juergen>, method=PLAIN, rip=192.168.0.17, lip=192.168.0.90, TLS May 20 13:28:10 ser dovecot: Panic: IMAP(juergen): file imap-sync.c: line 439 (cmd_sync_delayed): assertion failed: (client->mailbox != NULL) May 20 13:28:10 ser dovecot: IMAP(juergen): Raw backtrace: imap [0x80cc01e] -> imap [0x80cc08a] -> imap [0x80cba78] -> imap [0x806642f] -> imap [0x80602c1] May 20 13:28:10 ser dovecot: child 23536 (imap) killed with signal 6 (core dumps disabled)
it's almost always reproducible using the Heirloom mailx [1] mail client, with mutt I get a 'connection closed' message but no segfault:
- login to the dovecot server via imap/imaps
- move a message from INBOX to a another large mbox-file
- quit
Seems to be a new issue introduced with 1.1.15 because I don't see that with 1.1.14 or older versions.
I've done some more tests on that issue and found that I can fix it if I revert commit http://hg.dovecot.org/dovecot-1.1/rev/78ab57f321c8.
At all it looks like a timing problem to me, because:
- it happens only if large mbox-files are involved
- the box dovecot is running on is very ancient, a 220MHz Cyrix i586
Below is a backtrace of the crash, hope this helps.
Regards Juergen
#:> gdb /usr/lib/dovecot/imap 27893
GNU gdb 6.8 Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i686-pc-linux-gnu"... Attaching to program: /usr/lib/dovecot/imap, process 27893 ptrace: No such process.
warning: Can't read pathname for load map: Input/output error. Reading symbols from /lib/libdl.so.2...done. Loaded symbols for /lib/libdl.so.2 Reading symbols from /lib/libc.so.6...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /lib/libnss_files.so.2...done. Loaded symbols for /lib/libnss_files.so.2 Reading symbols from /usr/lib/libgcc_s.so.1...done. Loaded symbols for /usr/lib/libgcc_s.so.1 Core was generated by `imap'. Program terminated with signal 6, Aborted. [New process 27893] #0 0xb7e8d450 in raise () from /lib/libc.so.6 (gdb) bt full #0 0xb7e8d450 in raise () from /lib/libc.so.6 No symbol table info available. #1 0xb7e8ea2a in abort () from /lib/libc.so.6 No symbol table info available. #2 0x080cc02e in default_fatal_finish () No locals. #3 0x080cc08a in i_internal_fatal_handler () No locals. #4 0x080cba78 in i_panic () No locals. #5 0x0806642f in cmd_sync_delayed () No locals. #6 0x080602c1 in client_handle_input () No locals. #7 0x08060565 in client_input () No locals. #8 0x080d370b in io_loop_handler_run () No locals. #9 0x080d2c51 in io_loop_run () No locals. #10 0x08067bf0 in main () No locals. (gdb)
--
Juergen Daubert | mailto:jue@jue.li
Korb, Germany | http://jue.li/crux
On Friday, May 22 at 01:49 PM, quoth Juergen Daubert:
On Wed, May 20, 2009 at 01:47:42PM +0200, Juergen Daubert wrote:
found the following in my error log:
May 20 13:27:48 ser dovecot: imap-login: Login: user=<juergen>, method=PLAIN, rip=192.168.0.17, lip=192.168.0.90, TLS May 20 13:28:10 ser dovecot: Panic: IMAP(juergen): file imap-sync.c: line 439 (cmd_sync_delayed): assertion failed: (client->mailbox != NULL) May 20 13:28:10 ser dovecot: IMAP(juergen): Raw backtrace: imap [0x80cc01e] -> imap [0x80cc08a] -> imap [0x80cba78] -> imap [0x806642f] -> imap [0x80602c1] May 20 13:28:10 ser dovecot: child 23536 (imap) killed with signal 6 (core dumps disabled)
it's almost always reproducible using the Heirloom mailx [1] mail client, with mutt I get a 'connection closed' message but no segfault:
- login to the dovecot server via imap/imaps
- move a message from INBOX to a another large mbox-file
- quit
Seems to be a new issue introduced with 1.1.15 because I don't see that with 1.1.14 or older versions.
Interesting. I recently upgraded, and I get the same thing - but I use Maildir. Here's my error:
2009-05-22 17:42:35.797527500 imap-memoryhole.net: dovecot: Panic: IMAP(kyle@memoryhole.net): file imap-sync.c: line 439 (cmd_sync_delayed): assertion failed: (client->mailbox != NULL) 2009-05-22 17:42:35.797844500 imap-memoryhole.net: dovecot: Error: IMAP(kyle@memoryhole.net): Raw backtrace: imap [0x80d3e80] -> imap [0x80d3eda] -> imap [0x80d378a] -> imap(cmd_sync_delayed+0x292) [0x8066d62] -> imap [0x80609a7] -> imap(client_continue_pending_input+0x86) [0x8060626] -> imap [0x805c097] -> imap(io_loop_handler_run+0x110) [0x80dc0d0] -> imap(io_loop_run+0x28) [0x80daf18] -> imap(main+0x4b1) [0x8068671] -> /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xc8) [0xb7e9bea8] -> imap [0x805a271] 2009-05-22 17:42:35.817635500 imap-memoryhole.net: dovecot: Error: child 28270 (imap) killed with signal 6 (core dumped)
I've done some more tests on that issue and found that I can fix it if I revert commit http://hg.dovecot.org/dovecot-1.1/rev/78ab57f321c8.
Cool!
~Kyle
The whole art of government consists in the art of being honest. -- Thomas Jefferson: Rights of British America, 1774
On Monday, May 25 at 10:27 AM, quoth Pascal Volk:
On 05/23/2009 06:03 AM Kyle Wheeler wrote:
Interesting. I recently upgraded, and I get the same thing - but I use Maildir.
Just a question: How big is the Maildir in MB and messages?
It seems to happen on all sizes. It's happened on my INBOX (<30 messages, 164K) and on larger mailboxes (>540 messages, 508K).
~Kyle
If an elderly respected expert in a given field tells you that something can be done he is almost certainly right. If an elderly respected expert in a given field tells you that something is impossible, he is almost certainly wrong. -- Robert A. Heinlein
On Wed, 2009-05-20 at 13:47 +0200, Juergen Daubert wrote:
May 20 13:28:10 ser dovecot: Panic: IMAP(juergen): file imap-sync.c: line 439 (cmd_sync_delayed): assertion failed: (client->mailbox != NULL)
Does this help? http://hg.dovecot.org/dovecot-1.1/rev/68a7068c7675
On Sun, May 24, 2009 at 06:10:50PM -0400, Timo Sirainen wrote:
On Wed, 2009-05-20 at 13:47 +0200, Juergen Daubert wrote:
May 20 13:28:10 ser dovecot: Panic: IMAP(juergen): file imap-sync.c: line 439 (cmd_sync_delayed): assertion failed: (client->mailbox != NULL)
Does this help? http://hg.dovecot.org/dovecot-1.1/rev/68a7068c7675
Sorry, no. Now it hangs forever:
#:>gdb -p 25509 GNU gdb 6.8 Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i686-pc-linux-gnu". Attaching to process 25509 Reading symbols from /usr/lib/dovecot/imap...done. Reading symbols from /lib/libdl.so.2...done. Loaded symbols for /lib/libdl.so.2 Reading symbols from /lib/libc.so.6...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /lib/libnss_files.so.2...done. Loaded symbols for /lib/libnss_files.so.2 0xb7ff9be3 in epoll_wait () from /lib/libc.so.6 (gdb) bt full #0 0xb7ff9be3 in epoll_wait () from /lib/libc.so.6 No symbol table info available. #1 0x080d36a3 in io_loop_handler_run () No locals. #2 0x080d2c61 in io_loop_run () No locals. #3 0x08067c00 in main () No locals. (gdb)
--
Juergen Daubert | mailto:jue@jue.li
Korb, Germany | http://jue.li/crux
On Mon, 2009-05-25 at 10:24 +0200, Juergen Daubert wrote:
On Sun, May 24, 2009 at 06:10:50PM -0400, Timo Sirainen wrote:
On Wed, 2009-05-20 at 13:47 +0200, Juergen Daubert wrote:
May 20 13:28:10 ser dovecot: Panic: IMAP(juergen): file imap-sync.c: line 439 (cmd_sync_delayed): assertion failed: (client->mailbox != NULL)
Does this help? http://hg.dovecot.org/dovecot-1.1/rev/68a7068c7675
Sorry, no. Now it hangs forever:
OK, this too: http://hg.dovecot.org/dovecot-1.1/rev/5039adc82996
On Mon, May 25, 2009 at 07:31:10PM -0400, Timo Sirainen wrote:
On Mon, 2009-05-25 at 10:24 +0200, Juergen Daubert wrote:
On Sun, May 24, 2009 at 06:10:50PM -0400, Timo Sirainen wrote:
On Wed, 2009-05-20 at 13:47 +0200, Juergen Daubert wrote:
May 20 13:28:10 ser dovecot: Panic: IMAP(juergen): file imap-sync.c: line 439 (cmd_sync_delayed): assertion failed: (client->mailbox != NULL)
Does this help? http://hg.dovecot.org/dovecot-1.1/rev/68a7068c7675
Sorry, no. Now it hangs forever:
OK, this too: http://hg.dovecot.org/dovecot-1.1/rev/5039adc82996
I got different behaviours with different clients now:
Steps:
- start client
- move message
- quit client
Result:
- mutt: works if I pull other message bodys before quit
- mailx: hangs always
- alpine: works
Greetings Juergen
--
Juergen Daubert | mailto:jue@jue.li
Korb, Germany | http://jue.li/crux
On Tue, 2009-05-26 at 09:17 +0200, Juergen Daubert wrote:
On Mon, May 25, 2009 at 07:31:10PM -0400, Timo Sirainen wrote:
On Mon, 2009-05-25 at 10:24 +0200, Juergen Daubert wrote:
On Sun, May 24, 2009 at 06:10:50PM -0400, Timo Sirainen wrote:
On Wed, 2009-05-20 at 13:47 +0200, Juergen Daubert wrote:
May 20 13:28:10 ser dovecot: Panic: IMAP(juergen): file imap-sync.c: line 439 (cmd_sync_delayed): assertion failed: (client->mailbox != NULL)
Does this help? http://hg.dovecot.org/dovecot-1.1/rev/68a7068c7675
Sorry, no. Now it hangs forever:
OK, this too: http://hg.dovecot.org/dovecot-1.1/rev/5039adc82996
I got different behaviours with different clients now:
Steps:
- start client
- move message
- quit client
Result:
- mutt: works if I pull other message bodys before quit
How do you move a message with mutt? I can see only C=copy.
- mailx: hangs always
Ubuntu mailx doesn't seem to support IMAP. This is some BSD mailx?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2009-05-26 15:31, Timo Sirainen wrote: |> - mailx: hangs always | | Ubuntu mailx doesn't seem to support IMAP. This is some BSD mailx?
He probably refers to http://packages.ubuntu.com/jaunty/heirloom-mailx
Patrick.
STAR Software (Shanghai) Co., Ltd. http://www.star-group.net/ Phone: +86 (21) 3462 7688 x 826 Fax: +86 (21) 3462 7779
PGP key: E883A005 https://stshacom1.star-china.net/keys/patrick_nagel.asc Fingerprint: E09A D65E 855F B334 E5C3 5386 EF23 20FC E883 A005 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkobm/IACgkQ7yMg/OiDoAVjNgCfSnVDUOvwwvHOSBp+Kw8fz5A5 JXkAnjTZCk0EhZ76BKR/C+q9PBv2TW+L =itqW -----END PGP SIGNATURE-----
On Tue, 2009-05-26 at 15:36 +0800, Patrick Nagel wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2009-05-26 15:31, Timo Sirainen wrote: |> - mailx: hangs always | | Ubuntu mailx doesn't seem to support IMAP. This is some BSD mailx?
He probably refers to http://packages.ubuntu.com/jaunty/heirloom-mailx
Oh. I think I managed to get it hang. But time to sleep for a while.
On Tue, May 26, 2009 at 03:31:41AM -0400, Timo Sirainen wrote:
On Tue, 2009-05-26 at 09:17 +0200, Juergen Daubert wrote:
On Mon, May 25, 2009 at 07:31:10PM -0400, Timo Sirainen wrote:
On Mon, 2009-05-25 at 10:24 +0200, Juergen Daubert wrote:
On Sun, May 24, 2009 at 06:10:50PM -0400, Timo Sirainen wrote:
On Wed, 2009-05-20 at 13:47 +0200, Juergen Daubert wrote:
May 20 13:28:10 ser dovecot: Panic: IMAP(juergen): file imap-sync.c: line 439 (cmd_sync_delayed): assertion failed: (client->mailbox != NULL)
Does this help? http://hg.dovecot.org/dovecot-1.1/rev/68a7068c7675
Sorry, no. Now it hangs forever:
OK, this too: http://hg.dovecot.org/dovecot-1.1/rev/5039adc82996
I got different behaviours with different clients now:
Steps:
- start client
- move message
- quit client
Result:
- mutt: works if I pull other message bodys before quit
How do you move a message with mutt? I can see only C=copy.
It's 'save to mailbox' (key s)
- mailx: hangs always
Ubuntu mailx doesn't seem to support IMAP. This is some BSD mailx?
As I wrote in my first mail, I'm refering to Heirloom mailx. See http://heirloom.sourceforge.net/mailx.htm
--
Juergen Daubert | mailto:jue@jue.li
Korb, Germany | http://jue.li/crux
On Tue, 2009-05-26 at 09:17 +0200, Juergen Daubert wrote:
On Mon, May 25, 2009 at 07:31:10PM -0400, Timo Sirainen wrote:
On Mon, 2009-05-25 at 10:24 +0200, Juergen Daubert wrote:
On Sun, May 24, 2009 at 06:10:50PM -0400, Timo Sirainen wrote:
On Wed, 2009-05-20 at 13:47 +0200, Juergen Daubert wrote:
May 20 13:28:10 ser dovecot: Panic: IMAP(juergen): file imap-sync.c: line 439 (cmd_sync_delayed): assertion failed: (client->mailbox != NULL)
Does this help? http://hg.dovecot.org/dovecot-1.1/rev/68a7068c7675
Sorry, no. Now it hangs forever:
OK, this too: http://hg.dovecot.org/dovecot-1.1/rev/5039adc82996
I got different behaviours with different clients now:
Once more, I changed the behavior so that I actually understand how it works now :) http://hg.dovecot.org/dovecot-1.1/rev/c3612800cb90
On Tue, May 26, 2009 at 02:24:45PM -0400, Timo Sirainen wrote:
On Tue, 2009-05-26 at 09:17 +0200, Juergen Daubert wrote:
On Mon, May 25, 2009 at 07:31:10PM -0400, Timo Sirainen wrote:
On Mon, 2009-05-25 at 10:24 +0200, Juergen Daubert wrote:
On Sun, May 24, 2009 at 06:10:50PM -0400, Timo Sirainen wrote:
On Wed, 2009-05-20 at 13:47 +0200, Juergen Daubert wrote:
May 20 13:28:10 ser dovecot: Panic: IMAP(juergen): file imap-sync.c: line 439 (cmd_sync_delayed): assertion failed: (client->mailbox != NULL)
Does this help? http://hg.dovecot.org/dovecot-1.1/rev/68a7068c7675
Sorry, no. Now it hangs forever:
OK, this too: http://hg.dovecot.org/dovecot-1.1/rev/5039adc82996
I got different behaviours with different clients now:
Once more, I changed the behavior so that I actually understand how it works now :) http://hg.dovecot.org/dovecot-1.1/rev/c3612800cb90
Yeah, here we go :) Many thanks Timo!
best regards Juergen
--
Juergen Daubert | mailto:jue@jue.li
Korb, Germany | http://jue.li/crux
Once more, I changed the behavior so that I actually understand how it works now :) http://hg.dovecot.org/dovecot-1.1/rev/c3612800cb90
Does it affects 1.2 version?
On May 27, 2009, at 12:53 AM, Max Ivanov wrote:
Once more, I changed the behavior so that I actually understand how
it works now :) http://hg.dovecot.org/dovecot-1.1/rev/c3612800cb90Does it affects 1.2 version?
Yes. It has the same fixes.
participants (6)
-
Juergen Daubert
-
Kyle Wheeler
-
Max Ivanov
-
Pascal Volk
-
Patrick Nagel
-
Timo Sirainen