segfault in IMAP APPEND with compressed maildir

Aki Tuomi aki.tuomi at dovecot.fi
Tue Jun 7 08:52:34 UTC 2016 


On 07.06.2016 11:20, Roland Rosenfeld wrote:
> Hi!
>
> After upgrading from Debian wheezy with (self compiled) dovecot 2.2.15
> to Debian jessie with (self compiled) 2.2.24, I observe the following
> segmentation fault in the logs:
>
> Jun  7 09:23:09 imap dovecot: imap(user at example.com): Error: read(<imap client>) failed: read(size=8003) failed: Connection reset by peer (uid=0, box=trash)
> Jun  7 09:23:09 imap dovecot: imap(user at example.com): Error: zlib.read(/srv/mailstore/user at example.com/mail/.trash/tmp/1465283884.M336492P22902.imap): unexpected EOF at 88001
> Jun  7 09:23:09 imap dovecot: imap(user at example.com): Error: read(zlib(/srv/mailstore/user at example.com/mail/.trash/tmp/1465283884.M336492P22902.imap)) failed: read(/srv/mailstore/user at example.com/mail/.trash/tmp/1465283884.M336492P22902.imap) failed: zlib.read(/srv/mailstore/user at example.com/mail/.trash/tmp/1465283884.M336492P22902.imap): unexpected EOF at 88001 (uid=0, box=trash)
> Jun  7 09:23:09 imap dovecot: imap(user at example.com): Fatal: master: service(imap): child 22902 killed with signal 11 (core dumped)
>
> We also observed the same (rare) error in the past on the old system.
> But on the old system, there were only the first 3 lines without the
> segmentation fault, so we ignored the issue until now.
>
> The problem always happens on IMAP folders where the client writes to,
> like "trash", "drafts", "sent" and the like.
>
> I wasn't able to actively reproduce this issue, but can only observe
> in the logs that some customers run into this issue from time to time.
>
>
> So all I have is a core dump with the following backtrace:
>
> Core was generated by `dovecot/imap'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> (gdb) bt full
> #0  0x00007f57e276f29f in i_stream_default_get_size (stream=0x1fd2790, exact=<optimized out>, size_r=0x7ffed3839718) at istream.c:807
> No locals.
> #1  0x00007f57e17024e4 in zlib_mail_close (_mail=0x1fd4de0) at zlib-plugin.c:170
>         mail = 0x1fd4de0
>         zmail = 0x1fd5398
>         zuser = 0x1fbd040
>         cache = 0x1fbd050
>         size = 33201320
> #2  0x00007f57e2a2a8b9 in mailbox_save_cancel (_ctx=_ctx at entry=0x1fc4d48) at mail-storage.c:2117
>         ctx = 0x1fd3dd0
>         keywords = 0x0
>         mail = <optimized out>
>         __FUNCTION__ = "mailbox_save_cancel"
> #3  0x000000000040c759 in cmd_append_finish (ctx=0x1fc4cf0) at cmd-append.c:149
>         __FUNCTION__ = "cmd_append_finish"
> #4  0x000000000040c835 in client_input_append (cmd=0x1fc4bc0) at cmd-append.c:89
>         ctx = <optimized out>
>         client = 0x1fc3fc0
>         reason = 0x1f9e0b8 "Disconnected in APPEND (1 msgs, 306 secs, 188416/1122858 bytes)"
>         finished = <optimized out>
>         lit_offset = <optimized out>
>         __FUNCTION__ = "client_input_append"
> #5  0x00007f57e2778dcc in io_loop_call_io (io=0x1fc4ad0) at ioloop.c:564
>         ioloop = 0x1fa6750
>         t_id = 2
>         __FUNCTION__ = "io_loop_call_io"
> #6  0x00007f57e277a0f1 in io_loop_handler_run_internal (ioloop=ioloop at entry=0x1fa6750) at ioloop-epoll.c:220
>         ctx = 0x1fa8260
>         io = <optimized out>
>         tv = {tv_sec = 1799, tv_usec = 997118}
>         events_count = <optimized out>
>         msecs = <optimized out>
>         ret = 1
>         i = 0
>         j = <optimized out>
>         call = <optimized out>
>         __FUNCTION__ = "io_loop_handler_run_internal"
> #7  0x00007f57e2778e55 in io_loop_handler_run (ioloop=ioloop at entry=0x1fa6750) at ioloop.c:612
> No locals.
> #8  0x00007f57e2778ff8 in io_loop_run (ioloop=0x1fa6750) at ioloop.c:588
>         __FUNCTION__ = "io_loop_run"
> #9  0x00007f57e2713713 in master_service_run (service=0x1fa65f0, callback=callback at entry=0x423a20 <client_connected>) at master-service.c:640
> No locals.
> #10 0x000000000040c427 in main (argc=1, argv=0x1fa6390) at main.c:460
>         set_roots = {0x42c480 <imap_setting_parser_info>, 0x635440 <lda_setting_parser_info>, 0x0}
>         login_set = {auth_socket_path = 0x1f9e048 "ailed: Connection reset by peer", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, 
>           callback = 0x424170 <login_client_connected>, failure_callback = 0x423b30 <login_client_failed>, request_auth_token = 1}
>         service_flags = <optimized out>
>         storage_service_flags = <optimized out>
>         username = 0x0
>         auth_socket_path = 0x42d42e "auth-master"
>         c = <optimized out>
>
>
> This is on a server, which uses compressed maildir on a NFS storage.
>
> Here's dovecot -n output:
>
> # 2.2.24 (a82c823): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.14 (099a97c)
> # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.4 
> auth_cache_negative_ttl = 5 mins
> auth_cache_size = 100 M
> auth_cache_ttl = 15 mins
> auth_default_realm = example.com
> auth_master_user_separator = *
> auth_mechanisms = plain login
> auth_verbose = yes
> dict {
>   acl = mysql:/etc/dovecot/dovecot-dict-sql.conf
> }
> disable_plaintext_auth = no
> listen = *
> log_timestamp = "%Y-%m-%d %H:%M:%S "
> mail_fsync = always
> mail_gid = 999
> mail_location = maildir:~/mail
> mail_plugins = acl quota zlib
> mail_uid = 999
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags
> mmap_disable = yes
> namespace {
>   list = children
>   location = maildir:%%h/mail:INDEX=~/mail/shared/%%u
>   prefix = shared/%%u/
>   separator = /
>   subscriptions = no
>   type = shared
> }
> namespace inbox {
>   inbox = yes
>   location = 
>   prefix = 
>   separator = /
>   type = private
> }
> passdb {
>   args = /etc/dovecot/dovecot-sql.conf
>   driver = sql
> }
> plugin {
>   acl = vfile
>   acl_shared_dict = proxy::acl
>   quota = maildir
>   sieve = ~/.dovecot.sieve
>   sieve_dir = ~/mail/sieve
>   sieve_extensions = +imapflags
>   zlib_save = gz
> }
> pop3_no_flag_updates = yes
> pop3_uidl_format = %v.%u
> protocols = imap pop3 sieve
> service auth {
>   unix_listener auth-master {
>     group = vmail
>     mode = 0600
>     user = vmail
>   }
> }
> service dict {
>   unix_listener dict {
>     group = vmail
>     mode = 0600
>     user = vmail
>   }
> }
> service imap {
>   process_limit = 4000
> }
> service managesieve-login {
>   inet_listener sieve {
>     port = 4190
>   }
> }
> service managesieve {
>   process_limit = 100
> }
> service pop3 {
>   process_limit = 1000
> }
> shutdown_clients = no
> ssl = no
> syslog_facility = local2
> userdb {
>   args = /etc/dovecot/dovecot-sql.conf
>   driver = sql
> }
> verbose_proctitle = yes
> protocol imap {
>   mail_max_userip_connections = 10
>   mail_plugins = acl quota zlib imap_quota imap_acl
> }
> protocol pop3 {
>   mail_plugins = acl quota zlib
> }
>
>
> I hope, that this is all required information to find and solve this issue.
>
> Greetings
> Roland

Hi!

This would appear to be fixed in
https://github.com/dovecot/core/commit/5df8396a7cbad0b38b83a86667fb3d4c223f6f7c

---
Aki Tuomi
Dovecot Oy

More information about the dovecot mailing list