segfault in IMAP APPEND with compressed maildir

Aki Tuomi aki.tuomi at dovecot.fi
Tue Jun 7 08:54:07 UTC 2016 


On 07.06.2016 11:52, Aki Tuomi wrote:
>
> On 07.06.2016 11:20, Roland Rosenfeld wrote:
>> Hi!
>>
>> After upgrading from Debian wheezy with (self compiled) dovecot 2.2.15
>> to Debian jessie with (self compiled) 2.2.24, I observe the following
>> segmentation fault in the logs:
>>
>> Jun  7 09:23:09 imap dovecot: imap(user at example.com): Error: read(<imap client>) failed: read(size=8003) failed: Connection reset by peer (uid=0, box=trash)
>> Jun  7 09:23:09 imap dovecot: imap(user at example.com): Error: zlib.read(/srv/mailstore/user at example.com/mail/.trash/tmp/1465283884.M336492P22902.imap): unexpected EOF at 88001
>> Jun  7 09:23:09 imap dovecot: imap(user at example.com): Error: read(zlib(/srv/mailstore/user at example.com/mail/.trash/tmp/1465283884.M336492P22902.imap)) failed: read(/srv/mailstore/user at example.com/mail/.trash/tmp/1465283884.M336492P22902.imap) failed: zlib.read(/srv/mailstore/user at example.com/mail/.trash/tmp/1465283884.M336492P22902.imap): unexpected EOF at 88001 (uid=0, box=trash)
>> Jun  7 09:23:09 imap dovecot: imap(user at example.com): Fatal: master: service(imap): child 22902 killed with signal 11 (core dumped)
>>
>> We also observed the same (rare) error in the past on the old system.
>> But on the old system, there were only the first 3 lines without the
>> segmentation fault, so we ignored the issue until now.
>>
>> The problem always happens on IMAP folders where the client writes to,
>> like "trash", "drafts", "sent" and the like.
>>
>> I wasn't able to actively reproduce this issue, but can only observe
>> in the logs that some customers run into this issue from time to time.
>>
>>
>> So all I have is a core dump with the following backtrace:
>>
>> Core was generated by `dovecot/imap'.
>> Program terminated with signal SIGSEGV, Segmentation fault.
>> (gdb) bt full
>> #0  0x00007f57e276f29f in i_stream_default_get_size (stream=0x1fd2790, exact=<optimized out>, size_r=0x7ffed3839718) at istream.c:807
>> No locals.
>> #1  0x00007f57e17024e4 in zlib_mail_close (_mail=0x1fd4de0) at zlib-plugin.c:170
>>         mail = 0x1fd4de0
>>         zmail = 0x1fd5398
>>         zuser = 0x1fbd040
>>         cache = 0x1fbd050
>>         size = 33201320
>> #2  0x00007f57e2a2a8b9 in mailbox_save_cancel (_ctx=_ctx at entry=0x1fc4d48) at mail-storage.c:2117
>>         ctx = 0x1fd3dd0
>>         keywords = 0x0
>>         mail = <optimized out>
>>         __FUNCTION__ = "mailbox_save_cancel"
>> #3  0x000000000040c759 in cmd_append_finish (ctx=0x1fc4cf0) at cmd-append.c:149
>>         __FUNCTION__ = "cmd_append_finish"
>> #4  0x000000000040c835 in client_input_append (cmd=0x1fc4bc0) at cmd-append.c:89
>>         ctx = <optimized out>
>>         client = 0x1fc3fc0
>>         reason = 0x1f9e0b8 "Disconnected in APPEND (1 msgs, 306 secs, 188416/1122858 bytes)"
>>         finished = <optimized out>
>>         lit_offset = <optimized out>
>>         __FUNCTION__ = "client_input_append"
>> #5  0x00007f57e2778dcc in io_loop_call_io (io=0x1fc4ad0) at ioloop.c:564
>>         ioloop = 0x1fa6750
>>         t_id = 2
>>         __FUNCTION__ = "io_loop_call_io"
>> #6  0x00007f57e277a0f1 in io_loop_handler_run_internal (ioloop=ioloop at entry=0x1fa6750) at ioloop-epoll.c:220
>>         ctx = 0x1fa8260
>>         io = <optimized out>
>>         tv = {tv_sec = 1799, tv_usec = 997118}
>>         events_count = <optimized out>
>>         msecs = <optimized out>
>>         ret = 1
>>         i = 0
>>         j = <optimized out>
>>         call = <optimized out>
>>         __FUNCTION__ = "io_loop_handler_run_internal"
>> #7  0x00007f57e2778e55 in io_loop_handler_run (ioloop=ioloop at entry=0x1fa6750) at ioloop.c:612
>> No locals.
>> #8  0x00007f57e2778ff8 in io_loop_run (ioloop=0x1fa6750) at ioloop.c:588
>>         __FUNCTION__ = "io_loop_run"
>> #9  0x00007f57e2713713 in master_service_run (service=0x1fa65f0, callback=callback at entry=0x423a20 <client_connected>) at master-service.c:640
>> No locals.
>> #10 0x000000000040c427 in main (argc=1, argv=0x1fa6390) at main.c:460
>>         set_roots = {0x42c480 <imap_setting_parser_info>, 0x635440 <lda_setting_parser_info>, 0x0}
>>         login_set = {auth_socket_path = 0x1f9e048 "ailed: Connection reset by peer", postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, 
>>           callback = 0x424170 <login_client_connected>, failure_callback = 0x423b30 <login_client_failed>, request_auth_token = 1}
>>         service_flags = <optimized out>
>>         storage_service_flags = <optimized out>
>>         username = 0x0
>>         auth_socket_path = 0x42d42e "auth-master"
>>         c = <optimized out>
>>
>>
>> This is on a server, which uses compressed maildir on a NFS storage.
>>
>> Here's dovecot -n output:
>>
>> # 2.2.24 (a82c823): /etc/dovecot/dovecot.conf
>> # Pigeonhole version 0.4.14 (099a97c)
>> # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.4 
>> auth_cache_negative_ttl = 5 mins
>> auth_cache_size = 100 M
>> auth_cache_ttl = 15 mins
>> auth_default_realm = example.com
>> auth_master_user_separator = *
>> auth_mechanisms = plain login
>> auth_verbose = yes
>> dict {
>>   acl = mysql:/etc/dovecot/dovecot-dict-sql.conf
>> }
>> disable_plaintext_auth = no
>> listen = *
>> log_timestamp = "%Y-%m-%d %H:%M:%S "
>> mail_fsync = always
>> mail_gid = 999
>> mail_location = maildir:~/mail
>> mail_plugins = acl quota zlib
>> mail_uid = 999
>> managesieve_notify_capability = mailto
>> managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags
>> mmap_disable = yes
>> namespace {
>>   list = children
>>   location = maildir:%%h/mail:INDEX=~/mail/shared/%%u
>>   prefix = shared/%%u/
>>   separator = /
>>   subscriptions = no
>>   type = shared
>> }
>> namespace inbox {
>>   inbox = yes
>>   location = 
>>   prefix = 
>>   separator = /
>>   type = private
>> }
>> passdb {
>>   args = /etc/dovecot/dovecot-sql.conf
>>   driver = sql
>> }
>> plugin {
>>   acl = vfile
>>   acl_shared_dict = proxy::acl
>>   quota = maildir
>>   sieve = ~/.dovecot.sieve
>>   sieve_dir = ~/mail/sieve
>>   sieve_extensions = +imapflags
>>   zlib_save = gz
>> }
>> pop3_no_flag_updates = yes
>> pop3_uidl_format = %v.%u
>> protocols = imap pop3 sieve
>> service auth {
>>   unix_listener auth-master {
>>     group = vmail
>>     mode = 0600
>>     user = vmail
>>   }
>> }
>> service dict {
>>   unix_listener dict {
>>     group = vmail
>>     mode = 0600
>>     user = vmail
>>   }
>> }
>> service imap {
>>   process_limit = 4000
>> }
>> service managesieve-login {
>>   inet_listener sieve {
>>     port = 4190
>>   }
>> }
>> service managesieve {
>>   process_limit = 100
>> }
>> service pop3 {
>>   process_limit = 1000
>> }
>> shutdown_clients = no
>> ssl = no
>> syslog_facility = local2
>> userdb {
>>   args = /etc/dovecot/dovecot-sql.conf
>>   driver = sql
>> }
>> verbose_proctitle = yes
>> protocol imap {
>>   mail_max_userip_connections = 10
>>   mail_plugins = acl quota zlib imap_quota imap_acl
>> }
>> protocol pop3 {
>>   mail_plugins = acl quota zlib
>> }
>>
>>
>> I hope, that this is all required information to find and solve this issue.
>>
>> Greetings
>> Roland
> Hi!
>
> This would appear to be fixed in
> https://github.com/dovecot/core/commit/5df8396a7cbad0b38b83a86667fb3d4c223f6f7c
>
> ---
> Aki Tuomi
> Dovecot Oy

Sorry I mean
https://github.com/dovecot/core/commit/6bc001ee9dc03cb3107239861867cd674fd321d7

Aki

More information about the dovecot mailing list