tonio at starbridge.org
2013-Mar-16 12:51 UTC
[Dovecot] crash with dovecot 2.2: Panic: Buffer full
Hi Timo,
I've got a crash with dovecot 2.2
dovecot --version
2.2.rc2 (69c26a9e3be5)
It's occured when accessing with imap on a large mailbox (around 50k
messages)
imap(clean-quarantine at spamguard.fr): Panic: Buffer full (4254 > 4248,
pool <none>)
Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0x6089a)
[0x7f9d1bcde89a] -> /usr/lib/dovecot/libdovecot.so.0(+0x608de)
[0x7f9d1bcde8de] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0)
[0x7f9d1bca039b] -> /usr/lib/dovecot/libdovecot.so.0(+0x5d148)
[0x7f9d1bcdb148] -> /usr/lib/dovecot/libdovecot.so.0(+0x56ba8)
[0x7f9d1bcd4ba8] -> /usr/lib/dovecot/libdovecot.so.0(+0x4fa77)
[0x7f9d1bccda77] -> /usr/lib/dovecot/libdovecot.so.0(+0x4faf2)
[0x7f9d1bccdaf2] -> /usr/lib/dovecot/libdovecot.so.0(i_stream_read+0x69)
[0x7f9d1bce6de9] -> /usr/lib/dovecot/libdovecot.so.0(+0x6dcac)
[0x7f9d1bcebcac] -> /usr/lib/dovecot/libdovecot.so.0(+0x6de59)
[0x7f9d1bcebe59] -> /usr/lib/dovecot/libdovecot.so.0(+0x6df4b)
[0x7f9d1bcebf4b] -> /usr/lib/dovecot/libdovecot.so.0(i_stream_read+0x69)
[0x7f9d1bce6de9] ->
/usr/lib/dovecot/libdovecot.so.0(i_stream_read_data+0x3d)
[0x7f9d1bce765d] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0x9af84)
[0x7f9d1bfd4f84] ->
/usr/lib/dovecot/libdovecot-storage.so.0(index_mail_get_binary_stream+0x77)
[0x7f9d1bfd5417] ->
/usr/lib/dovecot/libdovecot-storage.so.0(mail_get_binary_stream+0x60)
[0x7f9d1bfae5c0] ->
/usr/lib/dovecot/libdovecot-storage.so.0(imap_msgpart_open+0x9f)
[0x7f9d1c00a3df] -> dovecot/imap() [0x418f55] -> dovecot/imap()
[0x4175fd] -> dovecot/imap(imap_fetch_more+0x34) [0x418554] ->
dovecot/imap(cmd_fetch+0x309) [0x40e2c9] ->
dovecot/imap(command_exec+0x3c) [0x41623c] -> dovecot/imap() [0x4152a0]
-> dovecot/imap() [0x41535a] -> dovecot/imap(client_handle_input+0x115)
[0x415615] -> dovecot/imap(client_input+0x72) [0x4159c2] ->
/usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x7f9d1bcee086]
-> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xd7)
[0x7f9d1bceeed7]
Mar 16 13:37:19 mx2 dovecot: imap(clean-quarantine at spamguard.fr): Fatal:
master: service(imap): child 9983 killed with signal 6 (core dumped)
backtrace:
#0 0x00007f9d1b926475 in raise () from
/lib/x86_64-linux-gnu/libc.so.6
No symbol table info
available.
#1 0x00007f9d1b9296f0 in abort () from
/lib/x86_64-linux-gnu/libc.so.6
No symbol table info
available.
#2 0x00007f9d1bcde8a8 in default_fatal_finish (type=<optimized out>,
status=status at entry=0) at
failures.c:191
backtrace = 0x62d5f0 "/usr/lib/dovecot/libdovecot.so.0(+0x6089a)
[0x7f9d1bcde89a] -> /usr/lib/dovecot/libdovecot.so.0(+0x608de)
[0x7f9d1bcde8de] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0)
[0x7f9d1bca039b] -> /usr/lib/d"...
#3 0x00007f9d1bcde8de in i_internal_fatal_handler (ctx=0x7fff68422000,
format=<optimized out>, args=<optimized out>) at
failures.c:652
status 0
#4 0x00007f9d1bca039b in i_panic (format=format at entry=0x7f9d1bd0d510
"Buffer full (%lu > %lu, pool %s)") at
failures.c:263
ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp 0x0}
args = {{gp_offset = 32, fp_offset = 48, overflow_arg_area
0x7fff684220f0, reg_save_area 0x7fff68422030}}
#5 0x00007f9d1bcdb148 in buffer_check_limits (data_size=75, pos=4179,
buf=<optimized out>) at
buffer.c:65
extra = <optimized
out>
new_size 4254
#6 buffer_write (_buf=0x7fff684221b0, pos=4179, data=0x679010,
data_size=75) at
buffer.c:178
buf = <optimized
out>
#7 0x00007f9d1bcd4ba8 in quoted_printable_decode_full
(
src=src at entry=0x677eb0 "enter\" bgcolor=3D\"#ffffff\"
width=3D\"560\">\n <table cellspacing=3D\"0\"
border=3D\"0\"
align=3D\"center\" style=3D\"margin: 0=\n auto;\"
cellpadding=3D\"0\"
width=3D\"520\"><tr>\n<td align=3D\"left\"
width=3D\"520\">\n
"...,
src_size=5570, src_pos_r=src_pos_r at entry=0x7fff684221a8,
dest=dest at entry=0x7fff684221b0, eof=eof at entry=false) at
quoted-printable.c:60
hexbuf "3D"
src_pos = <optimized
out>
pos = <optimized
out>
next = <optimized
out>
errors = <optimized
out>
#8 0x00007f9d1bcd4d38 in quoted_printable_decode
(
src=src at entry=0x677eb0 "enter\" bgcolor=3D\"#ffffff\"
width=3D\"560\">\n <table cellspacing=3D\"0\"
border=3D\"0\"
align=3D\"center\" style=3D\"margin: 0=\n auto;\"
cellpadding=3D\"0\"
width=3D\"520\"><tr>\n<td align=3D\"left\"
width=3D\"520\">\n
"...,
src_size=<optimized out>, src_pos_r=src_pos_r at entry=0x7fff684221a8,
dest=dest at entry=0x7fff684221b0) at
quoted-printable.c:108
No
locals.
#9 0x00007f9d1bccda77 in i_stream_qp_try_decode_block
(bstream=bstream at entry=0x66dd50, eof=eof at entry=false) at
istream-qp-decoder.c:63
stream 0x66dd50
data = 0x677eb0 "enter\" bgcolor=3D\"#ffffff\"
width=3D\"560\">\n <table cellspacing=3D\"0\"
border=3D\"0\"
align=3D\"center\" style=3D\"margin: 0=\n auto;\"
cellpadding=3D\"0\"
width=3D\"520\"><tr>\n<td align=3D\"left\"
width=3D\"520\">\n
"...
size 6
avail 4248
buffer_avail = <optimized
out>
pos = <optimized out>
buf = {data = 0x682e38, used = 4179, priv = {0x682e38, 0x0,
0x1098, 0x0, 0x0}}
ret = <optimized out>
#10 0x00007f9d1bccdaf2 in i_stream_qp_decoder_read (stream=0x66dd50) at
istream-qp-decoder.c:103
bstream = 0x66dd50
pre_count = 0
post_count = <optimized out>
ret = <optimized out>
prev_size = 5570
__FUNCTION__ = "i_stream_qp_decoder_read"
#11 0x00007f9d1bce6de9 in i_stream_read (stream=0x66ddb0) at istream.c:135
_stream = 0x66dd50
old_size = 0
ret = <optimized out>
__FUNCTION__ = "i_stream_read"
#12 0x00007f9d1bcebcac in read_more (sstream=0x66df30) at
istream-seekable.c:140
size = <optimized out>
ret = <optimized out>
#13 0x00007f9d1bcebe59 in read_from_buffer
(sstream=sstream at entry=0x66df30, ret_r=ret_r at entry=0x7fff684222c8) at
istream-seekable.c:182
stream = 0x66df30
data = <optimized out>
size = 0
pos = <optimized out>
offset = <optimized out>
__FUNCTION__ = "read_from_buffer"
#14 0x00007f9d1bcebf4b in i_stream_seekable_read (stream=0x66df30) at
istream-seekable.c:240
sstream = 0x66df30
data = <optimized out>
size = <optimized out>
pos = <optimized out>
ret = <optimized out>
__FUNCTION__ = "i_stream_seekable_read"
#15 0x00007f9d1bce6de9 in i_stream_read (stream=stream at entry=0x66df90)
at istream.c:135
_stream = 0x66df30
old_size = 0
ret = <optimized out>
__FUNCTION__ = "i_stream_read"
#16 0x00007f9d1bce765d in i_stream_read_data
(stream=stream at entry=0x66df90, data_r=data_r at entry=0x7fff684223b0,
size_r=size_r at entry=0x7fff684223b8, threshold=threshold at entry=0) at
istream.c:464
ret = <optimized out>
read_more = false
__FUNCTION__ = "i_stream_read_data"
#17 0x00007f9d1bfd4f84 in blocks_count_lines (full_input=0x66df90,
ctx=0x7fff684223c0) at index-mail-binary.c:319
block_idx = 0
p = <optimized out>
size = 0
data = 0x0
ret = <optimized out>
cur_block = 0x62d410
block_count = 1
cur_offset = 3944
skip = <optimized out>
#18 index_mail_read_binary_to_cache (_mail=_mail at entry=0x66fc00,
part=part at entry=0x671ed0, include_hdr=include_hdr at entry=false,
binary_r=binary_r at entry=0x7fff68422476,
converted_r=converted_r at entry=0x7fff68422477) at index-mail-binary.c:393
mail = 0x66fc00
cache = 0x657a20
ctx = {mail = 0x66fc00, input = 0x66d900, has_nuls = false,
converted = true, blocks = {arr = {buffer = 0x62d3d8, element_size 24}, v =
0x62d3d8, v_modifiable = 0x62d3d8}, copy_start_offset = 13762}
__FUNCTION__ = "index_mail_read_binary_to_cache"
#19 0x00007f9d1bfd5417 in index_mail_get_binary_stream (_mail=0x66fc00,
part=0x671ed0, include_hdr=false, size_r=0x7fff68422538,
lines_r=<optimized out>, binary_r=0x7fff6842252e,
stream_r=0x7fff68422600) at index-mail-binary.c:556
mail = 0x66fc00
cache = 0x657a20
input = <optimized out>
binary = <optimized out>
converted = <optimized out>
__FUNCTION__ = "index_mail_get_binary_stream"
#20 0x00007f9d1bfae5c0 in mail_get_binary_stream
(mail=mail at entry=0x66fc00, part=part at entry=0x671ed0,
include_hdr=include_hdr at entry=false, size_r=size_r at entry=0x7fff68422538,
binary_r=binary_r at entry=0x7fff6842252e,
stream_r=stream_r at entry=0x7fff68422600) at mail.c:243
_data_stack_cur_id = 5
p = 0x66fc00
ret = <optimized out>
#21 0x00007f9d1c00a3df in imap_msgpart_open (mail=mail at entry=0x66fc00,
msgpart=0x669920, result_r=result_r at entry=0x7fff68422600) at
imap-msgpart.c:644
part = 0x671ed0
part_size = {physical_size = 6681664, virtual_size = 0, lines 6684952}
size = <optimized out>
include_hdr = false
binary = <optimized out>
use_partial_cache = <optimized out>
ret = 0
#22 0x0000000000418f55 in fetch_body_msgpart (ctx=0x660118,
mail=0x66fc00, body=0x660748) at imap-fetch-body.c:164
result = {input = 0x0, size = 0, size_field = 0,
binary_decoded_input_has_nuls = false}
str = <optimized out>
#23 0x00000000004175fd in imap_fetch_more_int (ctx=ctx at entry=0x660118,
cancel=false) at imap-fetch.c:504
h = <optimized out>
_data_stack_cur_id = 4
state = 0x660168
client = 0x65f440
handlers = 0x660448
count = 2
ret = <optimized out>
__FUNCTION__ = "imap_fetch_more_int"
#24 0x0000000000418554 in imap_fetch_more (ctx=0x660118,
cmd=cmd at entry=0x660000) at imap-fetch.c:556
ret = <optimized out>
__FUNCTION__ = "imap_fetch_more"
#25 0x000000000040e2c9 in cmd_fetch (cmd=0x660000) at cmd-fetch.c:279
client = 0x65f440
ctx = 0x660118
args = 0x6388f8
next_arg = <optimized out>
list_arg = 0x1bc79e60
search_args = 0x0
qresync_args = {qresync_sample_seqset = 0x638a58,
qresync_sample_uidset = 0x0}
messageset = 0x638a60 "1186590"
send_vanished = <optimized out>
ret = <optimized out>
#26 0x000000000041623c in command_exec (cmd=cmd at entry=0x660000) at
imap-commands.c:156
hook = 0x636d50
ret = <optimized out>
#27 0x00000000004152a0 in client_command_input (cmd=0x660000) at
imap-client.c:775
client = 0x65f440
command = <optimized out>
__FUNCTION__ = "client_command_input"
#28 0x000000000041535a in client_command_input (cmd=0x660000) at
imap-client.c:836
client = 0x65f440
command = <optimized out>
__FUNCTION__ = "client_command_input"
#29 0x0000000000415615 in client_handle_next_command
(remove_io_r=<synthetic pointer>, client=0x65f440) at imap-client.c:874
No locals.
#30 client_handle_input (client=client at entry=0x65f440) at imap-client.c:886
_data_stack_cur_id = 3
ret = 240
remove_io = false
handled_commands = false
__FUNCTION__ = "client_handle_input"
#31 0x00000000004159c2 in client_input (client=0x65f440) at
imap-client.c:928
cmd = <optimized out>
output = 0x65fe38
bytes = 37
__FUNCTION__ = "client_input"
#32 0x00007f9d1bcee086 in io_loop_call_io (io=0x65ff00) at ioloop.c:387
ioloop = 0x6356f0
t_id = 2
#33 0x00007f9d1bceeed7 in io_loop_handler_run
(ioloop=ioloop at entry=0x6356f0) at ioloop-epoll.c:215
ctx = 0x635a60
events = 0x0
event = 0x635ad0
list = 0x65ff50
io = <optimized out>
tv = {tv_sec = 59, tv_usec = 738409}
events_count = <optimized out>
msecs = <optimized out>
ret = 1
i = <optimized out>
call = <optimized out>
__FUNCTION__ = "io_loop_handler_run"
#34 0x00007f9d1bcedbc8 in io_loop_run (ioloop=0x6356f0) at ioloop.c:406
No locals.
#35 0x00007f9d1bca54e3 in master_service_run (service=0x635590,
callback=callback at entry=0x41e790 <client_connected>) at
master-service.c:550
No locals.
#36 0x000000000040b940 in main (argc=1, argv=0x635390) at main.c:400
set_roots = {0x425ac0, 0x0}
login_set = {auth_socket_path = 0x62d040 "\001",
postlogin_socket_path = 0x0, postlogin_timeout_secs = 60, callback 0x41e600
<login_client_connected>, failure_callback = 0x41e730
<login_client_failed>, request_auth_token = 1}
service_flags = <optimized out>
storage_service_flags = <optimized out>
username = 0x0
c = <optimized out>
Thanks for your help
Tonio
On 16.3.2013, at 13.51, tonio at starbridge.org wrote:> It's occured when accessing with imap on a large mailbox (around 50k > messages) > > imap(clean-quarantine at spamguard.fr): Panic: Buffer full (4254 > 4248, > pool <none>)..> #7 0x00007f9d1bcd4ba8 in quoted_printable_decode_full > ( > > src=src at entry=0x677eb0 "enter\" bgcolor=3D\"#ffffff\" > width=3D\"560\">\n <table cellspacing=3D\"0\" border=3D\"0\" > align=3D\"center\" style=3D\"margin: 0=\n auto;\" cellpadding=3D\"0\" > width=3D\"520\"><tr>\n<td align=3D\"left\" width=3D\"520\">\n > "..., > src_size=5570, src_pos_r=src_pos_r at entry=0x7fff684221a8, > dest=dest at entry=0x7fff684221b0, eof=eof at entry=false) at > quoted-printable.c:60The problem is with a specific mail and trying to decode its quoted-printable data. I can maybe figure out the bug with this info already, but it would be helpful if you could send the specific mail that causes the crash. You can probably cause the crash easiest by doing: telnet localhost 143 a login user pass b select inbox c search text testing
On Sat, 2013-03-16 at 13:51 +0100, tonio at starbridge.org wrote:> Hi Timo, > I've got a crash with dovecot 2.2 > > dovecot --version > 2.2.rc2 (69c26a9e3be5) > > It's occured when accessing with imap on a large mailbox (around 50k > messages) > > imap(clean-quarantine at spamguard.fr): Panic: Buffer full (4254 > 4248, > pool <none>)These should fix it: http://hg.dovecot.org/dovecot-2.2/rev/689dbeadf168 http://hg.dovecot.org/dovecot-2.2/rev/ee7352f46d1e
Le 9 avr. 2013 ? 22:56, Timo Sirainen <tss at iki.fi> a ?crit :> On 8.4.2013, at 23.26, tonio at starbridge.org wrote: > >> imap(clean-quarantine at spamguard.fr): Panic: file istream.c: line 153 >> (i_stream_read): assertion failed: (_stream->skip != _stream->pos) > > http://hg.dovecot.org/dovecot-2.2/rev/fbef40826602 should fix this. >Thanks Timo Its ok now Regards Tonio