[Dovecot] Segfault in dovecot-lda when resolver is unavailable
Marcin Mirosław
marcin at mejor.pl
Mon May 5 13:49:11 UTC 2014
W dniu 05.05.2014 15:14, Timo Sirainen pisze:
Hi Timo, hi all!
> On 24.4.2014, at 0.15, Marcin Mirosław <marcin at mejor.pl> wrote:
>
>> Recently I noticed that dovecot-lda throws segfault when resolver is
>> unavailable and with imapc configured.
>
> I can't easily reproduce this.
>
>> #0 0x000002b612afaf72 in _int_free (av=0x2b612e215c0 <main_arena>,
>> p=0x1b23bfabe0, have_lock=0) at malloc.c:3903
>> #1 0x000002b612e96a4e in buffer_free (_buf=_buf at entry=0x1b23bfa948) at
>> buffer.c:144
>> #2 0x000002b612ebeca8 in array_free_i (array=0x1b23bfa948) at array.h:108
>> #3 priorityq_deinit (_pq=_pq at entry=0x1b23bfabb0) at priorityq.c:38
>> #4 0x000002b612eafa57 in io_loop_destroy
>> (_ioloop=_ioloop at entry=0x395a4da91d0) at ioloop.c:495
>
> This also looks like some kind of memory corruption, which isn't good. Can you try this with valgrind?
>
> valgrind /usr/libexec/dovecot/deliver -d marcin at mejor.pl
# valgrind /usr/libexec/dovecot/deliver -d marcin at mejor.pl </dev/null
(output is attached to email)
gcc version 4.7.3 (Gentoo Hardened 4.7.3-r1 p1.4, pie-0.5.5)
Thanks,
Marcin
-------------- next part --------------
==29900== Memcheck, a memory error detector
==29900== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==29900== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info
==29900== Command: /usr/libexec/dovecot/deliver -d marcin at mejor.pl
==29900==
==29900== Invalid read of size 8
==29900== at 0x4A8FE89: dns_client_disconnect (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4A901DC: dns_client_input (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AACB15: io_loop_call_io (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AADD9E: io_loop_handler_run (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AAC4C7: io_loop_run (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x409B1C8: imapc_client_run (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4093157: imapc_list_try_get_root_sep (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x40931AD: imapc_list_get_hierarchy_sep (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4091D9E: imapc_list_get_fs_name (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4092030: imapc_list_get_path (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x40B5784: mailbox_list_get_root_path (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4163EB4: quota_add_user_namespace (in /usr/lib64/dovecot/lib10_quota_plugin.so)
==29900== Address 0x516e4c0 is 48 bytes inside a block of size 72 free'd
==29900== at 0x402A40C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==29900== by 0x4A8FD67: dns_lookup_free (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4A8FE88: dns_client_disconnect (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4A901DC: dns_client_input (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AACB15: io_loop_call_io (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AADD9E: io_loop_handler_run (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AAC4C7: io_loop_run (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x409B1C8: imapc_client_run (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4093157: imapc_list_try_get_root_sep (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x40931AD: imapc_list_get_hierarchy_sep (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4091D9E: imapc_list_get_fs_name (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4092030: imapc_list_get_path (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900==
==29900== Invalid read of size 8
==29900== at 0x4A8FE92: dns_client_disconnect (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4A901DC: dns_client_input (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AACB15: io_loop_call_io (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AADD9E: io_loop_handler_run (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AAC4C7: io_loop_run (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x409B1C8: imapc_client_run (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4093157: imapc_list_try_get_root_sep (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x40931AD: imapc_list_get_hierarchy_sep (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4091D9E: imapc_list_get_fs_name (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4092030: imapc_list_get_path (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x40B5784: mailbox_list_get_root_path (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4163EB4: quota_add_user_namespace (in /usr/lib64/dovecot/lib10_quota_plugin.so)
==29900== Address 0x516e4b8 is 40 bytes inside a block of size 72 free'd
==29900== at 0x402A40C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==29900== by 0x4A8FD67: dns_lookup_free (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4A8FE88: dns_client_disconnect (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4A901DC: dns_client_input (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AACB15: io_loop_call_io (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AADD9E: io_loop_handler_run (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AAC4C7: io_loop_run (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x409B1C8: imapc_client_run (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4093157: imapc_list_try_get_root_sep (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x40931AD: imapc_list_get_hierarchy_sep (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4091D9E: imapc_list_get_fs_name (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4092030: imapc_list_get_path (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900==
==29900== Invalid read of size 8
==29900== at 0x4A8FEA2: dns_client_disconnect (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4A901DC: dns_client_input (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AACB15: io_loop_call_io (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AADD9E: io_loop_handler_run (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AAC4C7: io_loop_run (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x409B1C8: imapc_client_run (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4093157: imapc_list_try_get_root_sep (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x40931AD: imapc_list_get_hierarchy_sep (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4091D9E: imapc_list_get_fs_name (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4092030: imapc_list_get_path (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x40B5784: mailbox_list_get_root_path (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4163EB4: quota_add_user_namespace (in /usr/lib64/dovecot/lib10_quota_plugin.so)
==29900== Address 0x516e4b0 is 32 bytes inside a block of size 72 free'd
==29900== at 0x402A40C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==29900== by 0x4A8FD67: dns_lookup_free (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4A8FE88: dns_client_disconnect (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4A901DC: dns_client_input (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AACB15: io_loop_call_io (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AADD9E: io_loop_handler_run (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AAC4C7: io_loop_run (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x409B1C8: imapc_client_run (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4093157: imapc_list_try_get_root_sep (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x40931AD: imapc_list_get_hierarchy_sep (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4091D9E: imapc_list_get_fs_name (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4092030: imapc_list_get_path (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900==
==29900== Invalid read of size 8
==29900== at 0x4A8FEB2: dns_client_disconnect (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4A901DC: dns_client_input (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AACB15: io_loop_call_io (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AADD9E: io_loop_handler_run (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AAC4C7: io_loop_run (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x409B1C8: imapc_client_run (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4093157: imapc_list_try_get_root_sep (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x40931AD: imapc_list_get_hierarchy_sep (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4091D9E: imapc_list_get_fs_name (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4092030: imapc_list_get_path (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x40B5784: mailbox_list_get_root_path (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4163EB4: quota_add_user_namespace (in /usr/lib64/dovecot/lib10_quota_plugin.so)
==29900== Address 0x516e4a8 is 24 bytes inside a block of size 72 free'd
==29900== at 0x402A40C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==29900== by 0x4A8FD67: dns_lookup_free (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4A8FE88: dns_client_disconnect (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4A901DC: dns_client_input (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AACB15: io_loop_call_io (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AADD9E: io_loop_handler_run (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AAC4C7: io_loop_run (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x409B1C8: imapc_client_run (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4093157: imapc_list_try_get_root_sep (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x40931AD: imapc_list_get_hierarchy_sep (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4091D9E: imapc_list_get_fs_name (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4092030: imapc_list_get_path (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900==
==29900== Invalid read of size 4
==29900== at 0x4A8FEC2: dns_client_disconnect (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4A901DC: dns_client_input (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AACB15: io_loop_call_io (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AADD9E: io_loop_handler_run (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AAC4C7: io_loop_run (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x409B1C8: imapc_client_run (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4093157: imapc_list_try_get_root_sep (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x40931AD: imapc_list_get_hierarchy_sep (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4091D9E: imapc_list_get_fs_name (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4092030: imapc_list_get_path (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x40B5784: mailbox_list_get_root_path (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4163EB4: quota_add_user_namespace (in /usr/lib64/dovecot/lib10_quota_plugin.so)
==29900== Address 0x516e490 is 0 bytes inside a block of size 72 free'd
==29900== at 0x402A40C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==29900== by 0x4A8FD67: dns_lookup_free (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4A8FE88: dns_client_disconnect (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4A901DC: dns_client_input (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AACB15: io_loop_call_io (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AADD9E: io_loop_handler_run (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x4AAC4C7: io_loop_run (in /usr/lib64/dovecot/libdovecot.so.0.0.0)
==29900== by 0x409B1C8: imapc_client_run (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4093157: imapc_list_try_get_root_sep (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x40931AD: imapc_list_get_hierarchy_sep (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4091D9E: imapc_list_get_fs_name (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900== by 0x4092030: imapc_list_get_path (in /usr/lib64/dovecot/libdovecot-storage.so.0.0.0)
==29900==
==29900==
==29900== HEAP SUMMARY:
==29900== in use at exit: 190,825 bytes in 3,282 blocks
==29900== total heap usage: 4,009 allocs, 727 frees, 600,871 bytes allocated
==29900==
==29900== LEAK SUMMARY:
==29900== definitely lost: 0 bytes in 0 blocks
==29900== indirectly lost: 0 bytes in 0 blocks
==29900== possibly lost: 30,992 bytes in 11 blocks
==29900== still reachable: 159,833 bytes in 3,271 blocks
==29900== suppressed: 0 bytes in 0 blocks
==29900== Rerun with --leak-check=full to see details of leaked memory
==29900==
==29900== For counts of detected and suppressed errors, rerun with: -v
==29900== ERROR SUMMARY: 25 errors from 5 contexts (suppressed: 2 from 2)
==29900== could not unlink /tmp/vgdb-pipe-from-vgdb-to-29900-by-root-on-???
==29900== could not unlink /tmp/vgdb-pipe-to-vgdb-from-29900-by-root-on-???
==29900== could not unlink /tmp/vgdb-pipe-shared-mem-vgdb-29900-by-root-on-???
More information about the dovecot
mailing list