thr3ads.net - dovecot - [Dovecot] core dump in mail_cache_header_fields

If this information is useful, please help other people find it:
Share via:

Wesley Huang

2014-Apr-23 18:43 UTC

[Dovecot] core dump in mail_cache_header_fields_read()

We're seeing a core dump for a user connecting from IPHONE. The user 
mail are in NFS mount.

# dovecot --version
2.2.12

# doveconf -n
# 2.2.12: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.4
auth_cache_negative_ttl = 0
auth_cache_size = 20 M
auth_verbose = yes
default_client_limit = 4000
default_process_limit = 1000
default_vsz_limit = 2 G
director_mail_servers = <server_ip_address>
disable_plaintext_auth = no
first_valid_uid = 100
imap_client_workarounds = tb-extra-mailbox-sep delay-newmail tb-lsub-flags
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_fsync = always
mail_nfs_index = yes
mail_nfs_storage = yes
mail_plugins = " quota"
mbox_dotlock_change_timeout = 1 mins
mbox_lock_timeout = 1 mins
mmap_disable = yes
namespace inbox {
   hidden = no
   inbox = yes
   location    mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix    separator = /
   type = private
}
passdb {
   args = /etc/dovecot/dovecot-ldap.conf.ext
   driver = ldap
}
plugin {
   quota = fs:Disk quota
}
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
protocols = " imap pop3"
service auth-worker {
   user = root
}
service auth {
   user = $default_internal_user
}
service imap-login {
   client_limit = 2000
   process_min_avail = 4
   service_count = 1
}
service imap-postlogin {
   executable = script-login /usr/local/dovecot-scripts/imap.sh
   user = root
}
service imap {
   executable = imap imap-postlogin
   process_limit = 4096
}
service pop3-login {
   client_limit = 2000
   service_count = 1
}
service pop3-postlogin {
   executable = script-login /usr/local/dovecot-scripts/ipop3.sh
   user = root
}
service pop3 {
   executable = pop3 pop3-postlogin
   process_limit = 2048
}
ssl_ca = </etc/dovecot/mailhost-ca.crt
ssl_cert = </etc/dovecot/mailhost.crt
ssl_key = </etc/dovecot/mailhost.key
userdb {
   args = /etc/dovecot/dovecot-ldap.conf.ext
   driver = ldap
}
verbose_ssl = yes
protocol imap {
   mail_max_userip_connections = 1000
   mail_plugins = " quota imap_quota"
}
protocol pop3 {
   mail_max_userip_connections = 1000
}

--------------------------------------------------------------------------------------
# gdb /usr/lib/dovecot/imap ./5040
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show
copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/lib/dovecot/imap...Reading symbols from 
/usr/lib/debug/usr/lib/dovecot/imap...done.
done.
[New LWP 5040]

warning: Can't read pathname for load map: Input/output error.
[Thread debugging using libthread_db enabled]
Using host libthread_db library
"/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `dovecot/imap imap-postlogin'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007fca22f0ca85 in mail_cache_header_fields_read 
(cache=cache at entry=0x7fca24a04f70) at mail-cache-fields.c:369
369                     for (p = names; p != end && *p != '\0';
p++) ;
(gdb) bt full
#0  0x00007fca22f0ca85 in mail_cache_header_fields_read 
(cache=cache at entry=0x7fca24a04f70) at mail-cache-fields.c:369
         field_hdr = 0x7fca21d37010
         field = {name = 0x0, idx = 0, type = 
MAIL_CACHE_FIELD_FIXED_SIZE, field_size = 0, decision = 
MAIL_CACHE_DECISION_NO,
           last_used = 0}
         last_used = 0x7fca21d3701c
         sizes = 0x7fca79d3701c
         types = 0x7fcad1d3701c <Address 0x7fcad1d3701c out of bounds>
         decisions = 0x7fcae7d3701c <Address 0x7fcae7d3701c out of bounds>
         p = 0x7fcafdd3701c <Address 0x7fcafdd3701c out of bounds>
         names = 0x7fcafdd3701c <Address 0x7fcafdd3701c out of bounds>
         end = 0x7fcb1dd47010 <Address 0x7fcb1dd47010 out of bounds>
         orig_key = 0x48800 <Address 0x48800 out of bounds>
         orig_value = 0x8000
         fidx = <optimized out>
         new_fields_count = <optimized out>
         dec = <optimized out>
         max_drop_time = 0
         offset = 23204
         i = <optimized out>
#1  0x00007fca22f0a4d6 in mail_cache_open_and_verify 
(cache=0x7fca24a04f70) at mail-cache.c:497
         ret = <optimized out>
#2  0x00007fca22f0c905 in mail_cache_register_get_list 
(cache=0x7fca24a04f70, pool=0x7fca249d7480,
     count_r=count_r at entry=0x7fff0c4c7aec) at mail-cache-fields.c:194
         list = <optimized out>
         i = <optimized out>
#3  0x00007fca22ef93b3 in index_mail_parse_header_register_all_wanted 
(mail=0x7fca24a14ce0) at index-mail-headers.c:169
         _mail = 0x7fca24a14ce0
         all_cache_fields = <optimized out>
         i = <optimized out>
         count = <optimized out>
#4  index_mail_parse_header_init (mail=mail at entry=0x7fca24a14ce0, 
headers=headers at entry=0x0) at index-mail-headers.c:230
         _data_stack_cur_id = 4
         data = 0x7fca24a14e50
         match = 0x7fca24a05e00 
"\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377a"
         i = <optimized out>
         field_idx = <optimized out>
         match_count = <optimized out>
         __FUNCTION__ = "index_mail_parse_header_init"
#5  0x00007fca22ef9d08 in index_mail_cache_parse_init 
(_mail=0x7fca24a14ce0, input=0x7fca24a1b178,
     input at entry=0x7fca24a1b738) at index-mail-headers.c:376
         mail = 0x7fca24a14ce0
         input2 = 0x7fca24a24ef8
         __FUNCTION__ = "index_mail_cache_parse_init"
#6  0x00007fca22eb4202 in mbox_save_get_input_stream 
(input=0x7fca24a1ab88, ctx=0x7fca24a14930) at mbox-save.c:421
         filter = 0x0
---Type <return> to continue, or q <return> to quit---

Timo Sirainen

2014-May-02 09:13 UTC

head link

[Dovecot] core dump in mail_cache_header_fields_read()

On 23.4.2014, at 21.43, Wesley Huang <huang at utsc.utoronto.ca> wrote:
> We're seeing a core dump for a user connecting from IPHONE. The user
mail are in NFS mount.
> 
> Program terminated with signal 11, Segmentation fault.
> #0  0x00007fca22f0ca85 in mail_cache_header_fields_read (cache=cache at
entry=0x7fca24a04f70) at mail-cache-fields.c:369
> 369                     for (p = names; p != end && *p !=
'\0'; p++) ;
Looks like a corrupted dovecot.index.cache file. This should replace the crash
with just an error message and cache recreation:

http://hg.dovecot.org/dovecot-2.2/rev/1f2c83d6dd2e

Seemingly Similar Threads

Search for more maybe matching threads

dovecot - Apr 2014 - core dump in mail_cache_header_fields_read()

[Dovecot] core dump in mail_cache_header_fields_read()

[Dovecot] core dump in mail_cache_header_fields_read()

Seemingly Similar Threads