segfault in IMAP APPEND with compressed maildir

Roland Rosenfeld rrosenfeld at netcologne.de
Tue Jun 7 08:20:51 UTC 2016 

Hi!

After upgrading from Debian wheezy with (self compiled) dovecot 2.2.15
to Debian jessie with (self compiled) 2.2.24, I observe the following
segmentation fault in the logs:

Jun  7 09:23:09 imap dovecot: imap(user at example.com): Error: read(<imap client>) failed: read(size=8003) failed: Connection reset by peer (uid=0, box=trash)
Jun  7 09:23:09 imap dovecot: imap(user at example.com): Error: zlib.read(/srv/mailstore/user at example.com/mail/.trash/tmp/1465283884.M336492P22902.imap): unexpected EOF at 88001
Jun  7 09:23:09 imap dovecot: imap(user at example.com): Error: read(zlib(/srv/mailstore/user at example.com/mail/.trash/tmp/1465283884.M336492P22902.imap)) failed: read(/srv/mailstore/user at example.com/mail/.trash/tmp/1465283884.M336492P22902.imap) failed: zlib.read(/srv/mailstore/user at example.com/mail/.trash/tmp/1465283884.M336492P22902.imap): unexpected EOF at 88001 (uid=0, box=trash)
Jun  7 09:23:09 imap dovecot: imap(user at example.com): Fatal: master: service(imap): child 22902 killed with signal 11 (core dumped)

We also observed the same (rare) error in the past on the old system.
But on the old system, there were only the first 3 lines without the
segmentation fault, so we ignored the issue until now.

The problem always happens on IMAP folders where the client writes to,
like "trash", "drafts", "sent" and the like.

I wasn't able to actively reproduce this issue, but can only observe
in the logs that some customers run into this issue from time to time.


So all I have is a core dump with the following backtrace:

Core was generated by `dovecot/imap'.
Program terminated with signal SIGSEGV, Segmentation fault.
(gdb) bt full
#0  0x00007f57e276f29f in i_stream_default_get_size (stream=0x1fd2790, exact=<optimized out>, size_r=0x7ffed3839718) at istream.c:807
No locals.
#1  0x00007f57e17024e4 in zlib_mail_close (_mail=0x1fd4de0) at zlib-plugin.c:170
        mail = 0x1fd4de0
        zmail = 0x1fd5398
        zuser = 0x1fbd040
        cache = 0x1fbd050
        size = 33201320
#2  0x00007f57e2a2a8b9 in mailbox_save_cancel (_ctx=_ctx at entry=0x1fc4d48) at mail-storage.c:2117
        ctx = 0x1fd3dd0
        keywords = 0x0
        mail = <optimized out>
        __FUNCTION__ = "mailbox_save_cancel"
#3  0x000000000040c759 in cmd_append_finish (ctx=0x1fc4cf0) at cmd-append.c:149
        __FUNCTION__ = "cmd_append_finish"
#4  0x000000000040c835 in client_input_append (cmd=0x1fc4bc0) at cmd-append.c:89
        ctx = <optimized out>
        client = 0x1fc3fc0
        reason = 0x1f9e0b8 "Disconnected in APPEND (1 msgs, 306 secs, 188416/1122858 bytes)"
        finished = <optimized out>
        lit_offset = <optimized out>
        __FUNCTION__ = "client_input_append"
#5  0x00007f57e2778dcc in io_loop_call_io (io=0x1fc4ad0) at ioloop.c:564
        ioloop = 0x1fa6750
        t_id = 2
        __FUNCTION__ = "io_loop_call_io"
#6  0x00007f57e277a0f1 in io_loop_handler_run_internal (ioloop=ioloop at entry=0x1fa6750) at ioloop-epoll.c:220
        ctx = 0x1fa8260
        io = <optimized out>
        tv = {tv_sec = 1799, tv_usec = 997118}
        events_count = <optimized out>
        msecs = <optimized out>
        ret = 1
        i = 0
        j = <optimized out>
        call = <optimized out>
        __FUNCTION__ = "io_loop_handler_run_internal"
#7  0x00007f57e2778e55 in io_loop_handler_run (ioloop=ioloop at entry=0x1fa6750) at ioloop.c:612
No locals.
#8  0x00007f57e2778ff8 in io_loop_run (ioloop=0x1fa6750) at ioloop.c:588
        __FUNCTION__ = "io_loop_run"
#9  0x00007f57e2713713 in master_service_run (service=0x1fa65f0, callback=callback at entry=0x423a20 <client_connected>) at master-service.c:640
No locals.
#10 0x000000000040c427 in main (argc=1, argv=0x1fa6390) at main.c:460
        set_roots = {0x42c480 <imap_setting_parser_info>, 0x635440 <lda_setting_parser_info>, 0x0}
        login_set = {auth_socket_path = 0x1f9e048 "ailed: Connection reset by peer", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, 
          callback = 0x424170 <login_client_connected>, failure_callback = 0x423b30 <login_client_failed>, request_auth_token = 1}
        service_flags = <optimized out>
        storage_service_flags = <optimized out>
        username = 0x0
        auth_socket_path = 0x42d42e "auth-master"
        c = <optimized out>


This is on a server, which uses compressed maildir on a NFS storage.

Here's dovecot -n output:

# 2.2.24 (a82c823): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.14 (099a97c)
# OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.4 
auth_cache_negative_ttl = 5 mins
auth_cache_size = 100 M
auth_cache_ttl = 15 mins
auth_default_realm = example.com
auth_master_user_separator = *
auth_mechanisms = plain login
auth_verbose = yes
dict {
  acl = mysql:/etc/dovecot/dovecot-dict-sql.conf
}
disable_plaintext_auth = no
listen = *
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_fsync = always
mail_gid = 999
mail_location = maildir:~/mail
mail_plugins = acl quota zlib
mail_uid = 999
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags
mmap_disable = yes
namespace {
  list = children
  location = maildir:%%h/mail:INDEX=~/mail/shared/%%u
  prefix = shared/%%u/
  separator = /
  subscriptions = no
  type = shared
}
namespace inbox {
  inbox = yes
  location = 
  prefix = 
  separator = /
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
plugin {
  acl = vfile
  acl_shared_dict = proxy::acl
  quota = maildir
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/mail/sieve
  sieve_extensions = +imapflags
  zlib_save = gz
}
pop3_no_flag_updates = yes
pop3_uidl_format = %v.%u
protocols = imap pop3 sieve
service auth {
  unix_listener auth-master {
    group = vmail
    mode = 0600
    user = vmail
  }
}
service dict {
  unix_listener dict {
    group = vmail
    mode = 0600
    user = vmail
  }
}
service imap {
  process_limit = 4000
}
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
}
service managesieve {
  process_limit = 100
}
service pop3 {
  process_limit = 1000
}
shutdown_clients = no
ssl = no
syslog_facility = local2
userdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
verbose_proctitle = yes
protocol imap {
  mail_max_userip_connections = 10
  mail_plugins = acl quota zlib imap_quota imap_acl
}
protocol pop3 {
  mail_plugins = acl quota zlib
}


I hope, that this is all required information to find and solve this issue.

Greetings
Roland

More information about the dovecot mailing list