<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
Can you provide steps on how to reproduce this? Tracked as DOP-899
</div>
<blockquote type="cite">
<div>
On 03 February 2019 at 16:50 Aki Tuomi <
<a
href="mailto:aki.tuomi@open-xchange.com">aki.tuomi@open-xchange.com</a>>
wrote:
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
Right it was already in 2.3.4. Looking more closely this looks like use
after free. We'll look into this.
</div>
<div>
<br>
</div>
<div>
Aki
</div>
<div>
<br>
</div>
<blockquote type="cite">
<div>
On 03 February 2019 at 16:44 Marcel Menzel <
<a href="mailto:mail@mcl.gg">mail@mcl.gg</a>>
wrote:
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
Hello Aki,
</div>
<div>
<br>
</div>
<div>
unfortunately, this patch is already in my source files, as patch
</div>
<div>
refuses to apply it:
</div>
<div>
<br>
</div>
<div>
-> Applying patch fix-sqlite.patch
</div>
<div>
patching file src/lib-sql/driver-sqlite.c
</div>
<div>
Reversed (or previously applied) patch detected! Skipping patch.
</div>
<div>
2 out of 2 hunks ignored -- saving rejects to file
</div>
<div>
src/lib-sql/driver-sqlite.c.rej
</div>
<div>
<br>
</div>
<div>
I verified it by looking in the source code and indeed, this patch is
</div>
<div>
already applied.
</div>
<div>
<br>
</div>
<div>
- Marcel
</div>
<div>
<br>
</div>
<div>
Am 03.02.2019 um 15:25 schrieb Aki Tuomi:
</div>
<div>
<br>
</div>
<div>
> > Can you try if applying
</div>
<blockquote type="cite">
<div>
>
</div>
</blockquote>
<div>
> >
<a
href="https://github.com/dovecot/core/commit/b291ff1fd61b47639a2db99bd858c9511945f4ab.patch"
rel="noopener"
target="_blank">https://github.com/dovecot/core/commit/b291ff1fd61b47639a2db99bd858c9511945f4ab.patch</a>
</div>
<blockquote type="cite">
<div>
> >
</div>
</blockquote>
<div>
> > helps?
</div>
<blockquote type="cite">
<div>
>
</div>
</blockquote>
<div>
> > Aki
</div>
<blockquote type="cite">
<div>
> > > On 03 February 2019 at 16:20 Marcel Menzel <
<a href="mailto:mail@mcl.gg">mail@mcl.gg</a>
</div>
<blockquote type="cite">
<div>
<mailto:
<a
href="mailto:mail@mcl.gg">mail@mcl.gg</a>>> wrote:
</div>
<div>
<br>
</div>
<div>
> >
</div>
</blockquote>
<div>
> >>
</div>
</blockquote>
<div>
>> Hello Aki,
</div>
<div>
>>
</div>
<div>
>> Arch Linux doesn't have install-able debug symbols for
Dovecot. That's
</div>
<div>
>> why I just compiled the package for myself with enabled debug
symbols
</div>
<div>
>> (by editing the makepkg.conf).
</div>
<div>
>>
</div>
<div>
>> I've attached the output from gdb's bt full.
</div>
<div>
>>
</div>
<div>
>> - Marcel
</div>
<div>
>>
</div>
<div>
>> Am 03.02.2019 um 14:45 schrieb Aki Tuomi:
</div>
<div>
>>> You need to install debug symbols. Not sure how this is done
in arch
</div>
<div>
>>> linux though.
</div>
<div>
>>> Aki
</div>
<div>
>>>> On 03 February 2019 at 15:02 Marcel Menzel <
<a href="mailto:mail@mcl.gg">mail@mcl.gg</a>
</div>
<div>
>>>> <mailto:
<a href="mailto:mail@mcl.gg">mail@mcl.gg</a>>
</div>
<div>
>>>> <mailto:
<a href="mailto:mail@mcl.gg">mail@mcl.gg</a>
<mailto:
<a
href="mailto:mail@mcl.gg">mail@mcl.gg</a>>>> wrote:
</div>
<div>
>> >>
</div>
<div>
>> >> Hello John,
</div>
<div>
>> >>
</div>
<div>
>> >> I tried (until now) to get a valuable backtrace, but it
seems that
</div>
<div>
>> GDB
</div>
<div>
>> >> can't resolve all symbols.
</div>
<div>
>> >> This is what systemd-coredump is giving me:
</div>
<div>
>> >>
</div>
<div>
>> >> Stack trace of thread 22359:
</div>
<div>
>> >> #0 0x0000638167eaf062 event_unref (libdovecot.so.0)
</div>
<div>
>> >> #1 0x000004a58a212151 n/a (dict)
</div>
<div>
>> >> #2 0x000004a58a211333 n/a (dict)
</div>
<div>
>> >> #3 0x000004a58a20514d n/a (dict)
</div>
<div>
>> >> #4 0x0000638167e556f2 dict_transaction_begin
(libdovecot.so.0)
</div>
<div>
>> >> #5 0x000004a58a203b06 n/a (dict)
</div>
<div>
>> >> #6 0x000004a58a2045ff dict_command_input (dict)
</div>
<div>
>> >> #7 0x000004a58a202a31 n/a (dict)
</div>
<div>
>> >> #8 0x000004a58a202b35 n/a (dict)
</div>
<div>
>> >> #9 0x0000638167eaacfd io_loop_call_io (libdovecot.so.0)
</div>
<div>
>> >> #10 0x0000638167eac635 io_loop_handler_run_internal
(libdovecot.so.0)
</div>
<div>
>> >> #11 0x0000638167eaadc7 io_loop_handler_run
(libdovecot.so.0)
</div>
<div>
>> >> #12 0x0000638167eaaf68 io_loop_run (libdovecot.so.0)
</div>
<div>
>> >> #13 0x0000638167e1b36a master_service_run
(libdovecot.so.0)
</div>
<div>
>> >> #14 0x000004a58a202300 main (dict)
</div>
<div>
>> >> #15 0x0000638167a17223 __libc_start_main (libc.so.6)
</div>
<div>
>> >> #16 0x000004a58a2023fe _start (dict)
</div>
<div>
>> >>
</div>
<div>
>> >> GDB's "bt full" won't give anything
more here, I might compile
</div>
<div>
>> Dovecot
</div>
<div>
>> >> with debug symbols enabled as soon as I have a little
more time:
</div>
<div>
>> >>
</div>
<div>
>> >> (gdb) bt full
</div>
<div>
>> >> #0 0x0000638167eaf062 in event_unref () from
</div>
<div>
>> >> /usr/lib/dovecot/libdovecot.so.0
</div>
<div>
>> >> No symbol table info available.
</div>
<div>
>> >> #1 0x000004a58a212151 in ?? ()
</div>
<div>
>> >> No symbol table info available.
</div>
<div>
>> >> #2 0x000004a58a211333 in ?? ()
</div>
<div>
>> >> No symbol table info available.
</div>
<div>
>> >> #3 0x000004a58a20514d in ?? ()
</div>
<div>
>> >> No symbol table info available.
</div>
<div>
>> >> #4 0x0000638167e556f2 in dict_transaction_begin () from
</div>
<div>
>> >> /usr/lib/dovecot/libdovecot.so.0
</div>
<div>
>> >> No symbol table info available.
</div>
<div>
>> >> #5 0x000004a58a203b06 in ?? ()
</div>
<div>
>> >> No symbol table info available.
</div>
<div>
>> >> #6 0x000004a58a2045ff in dict_command_input ()
</div>
<div>
>> >> No symbol table info available.
</div>
<div>
>> >> #7 0x000004a58a202a31 in ?? ()
</div>
<div>
>> >> No symbol table info available.
</div>
<div>
>> >> #8 0x000004a58a202b35 in ?? ()
</div>
<div>
>> >> No symbol table info available.
</div>
<div>
>> >> #9 0x0000638167eaacfd in io_loop_call_io () from
</div>
<div>
>> >> /usr/lib/dovecot/libdovecot.so.0
</div>
<div>
>> >> No symbol table info available.
</div>
<div>
>> >> #10 0x0000638167eac635 in io_loop_handler_run_internal ()
from
</div>
<div>
>> >> /usr/lib/dovecot/libdovecot.so.0
</div>
<div>
>> >> No symbol table info available.
</div>
<div>
>> >> #11 0x0000638167eaadc7 in io_loop_handler_run () from
</div>
<div>
>> >> /usr/lib/dovecot/libdovecot.so.0
</div>
<div>
>> >> No symbol table info available.
</div>
<div>
>> >> #12 0x0000638167eaaf68 in io_loop_run () from
</div>
<div>
>> >> /usr/lib/dovecot/libdovecot.so.0
</div>
<div>
>> >> No symbol table info available.
</div>
<div>
>> >> #13 0x0000638167e1b36a in master_service_run () from
</div>
<div>
>> >> /usr/lib/dovecot/libdovecot.so.0
</div>
<div>
>> >> No symbol table info available.
</div>
<div>
>> >> #14 0x000004a58a202300 in main ()
</div>
<div>
>> >> No symbol table info available.
</div>
<div>
>> >>
</div>
<div>
>> >> - Marcel
</div>
<div>
>> >>
</div>
<div>
>> >> Am 03.02.2019 um 09:08 schrieb John Fawcett:
</div>
<div>
>> >>> On 01/02/2019 20:40, Marcel Menzel wrote:
</div>
<div>
>> >>>> Hello,
</div>
<div>
>> >> >>
</div>
<div>
>> >> >> After I configured a SQLite backed dict quota
backend, the dict
</div>
<div>
>> >> process
</div>
<div>
>> >> >> crashes every time a quota operation is
happening.
</div>
<div>
>> >> >>
</div>
<div>
>> >> >> SQLite: 3.26.0
</div>
<div>
>> >> >>
</div>
<div>
>> >> >> Dovecot: 2.3.4 (0ecbaf23d)
</div>
<div>
>> >> >>
</div>
<div>
>> >> >> Linux: 4.20.4.a-1-hardened #1 SMP PREEMPT Fri
Jan 25 01:24:51 CET
</div>
<div>
>> >> 2019
</div>
<div>
>> >> >> x86_64 GNU/Linux (Arch Linux)
</div>
<div>
>> >> >>
</div>
<div>
>> >> >> Filesystem: BTRFS
</div>
<div>
>> >> >>
</div>
<div>
>> >> >>
</div>
<div>
>> >> >> I can't get any debug output from Dovecot,
even after setting
</div>
<div>
>> >> log_debug
</div>
<div>
>> >> >> = cat:* event:* source:* field:*=*
</div>
<div>
>> >> >>
</div>
<div>
>> >> >> dovecot[6457]: dict(6687): Debug: sqlite:
Finished query 'BEGIN
</div>
<div>
>> >> >> TRANSACTION' in 0 msecs
</div>
<div>
>> >> >> dovecot[6457]: dict(6687): Fatal: master:
service(dict): child
</div>
<div>
>> 6687
</div>
<div>
>> >> >> killed with signal 11 (core dumped)
</div>
<div>
>> >> >>
</div>
<div>
>> >> >>
</div>
<div>
>> >> >> I've attached the output of dovecot -n and
the coredump file from
</div>
<div>
>> >> >> systemd-coredump.
</div>
<div>
>> >> >>
</div>
<div>
>> >> >>
</div>
<div>
>> >> >> Kind regards,
</div>
<div>
>> >> >>
</div>
<div>
>> >> >> Marcel Menzel
</div>
<div>
>> >> >>
</div>
<div>
>> >>> Any chance of posting a backtrace?
</div>
<div>
>> >>> John
</div>
<div>
>> >
</div>
<div>
>>> ---
</div>
<div>
>>> Aki Tuomi
</div>
<div>
>
</div>
<div>
<br>
</div>
<div>
> > ---
</div>
<blockquote type="cite">
<div>
Aki Tuomi
</div>
<div>
<br>
</div>
<div>
>
</div>
</blockquote>
</blockquote>
<div>
---
</div>
<div>
Aki Tuomi
</div>
</blockquote>
<div>
<br>
</div>
<div class="io-ox-signature">
---
<br>Aki Tuomi
</div>
</body>
</html>
All I did was
??? - create a sqlite database with: # sqlite3 /tmp/storage.db (/run
only to test for perm issues in other folders)
??? - change it's owner to mail (that's the user owning the mail files):
# chown mail:mail /tmp/storage.db
??? - point dovecot to the file in "dovecot-dict-sql.conf.ext" with
"connect = /tmp/storage.db"
??? - enable quota in "90-quota.conf" with "quota = dict:User
quota::proxy::quota" in the plugin section (sample config file taken
from sources)
??? - changing the dict section in dovecot.conf to:
dict {
? quota = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
? expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
}
After this, a simple "doveadm quota recalc -u mail at mcl.gg" is
enough to
cause a dict crash.
While tinkering with the config (and making a small mistake where i
moved the file and dovecot complaining about
doveadm: Error: dict quota: Quota update failed: dict-server returned
failure: sql dict: commit failed: out of memory (reply took 0.041 secs
(0.001 in dict wait, 0.000 in other ioloops, 0.001 in locks, async-id
reply 0.000 secs ago, started on dict-server 0.041 secs ago, took 0.000
secs)) - Quota is now desynced
And reloading it afterwards, my log got filled with like 200 lines
containing
dovecot[6213]: dict(6301): Warning: Event 0x67a90293830 leaked
(parent=0x67a9027c890): driver-sqlite.c:173
- Marcel
Am 03.02.2019 um 15:57 schrieb Aki Tuomi:> Can you provide steps on how to reproduce this? Tracked as DOP-899
>> On 03 February 2019 at 16:50 Aki Tuomi < aki.tuomi at
open-xchange.com
>> <mailto:aki.tuomi at open-xchange.com>> wrote:
>>
>>
>> Right it was already in 2.3.4. Looking more closely this looks like
>> use after free. We'll look into this.
>>
>> Aki
>>
>>> On 03 February 2019 at 16:44 Marcel Menzel < mail at mcl.gg
>>> <mailto:mail at mcl.gg>> wrote:
>>>
>>>
>>> Hello Aki,
>>>
>>> unfortunately, this patch is already in my source files, as patch
>>> refuses to apply it:
>>>
>>> -> Applying patch fix-sqlite.patch
>>> patching file src/lib-sql/driver-sqlite.c
>>> Reversed (or previously applied) patch detected! Skipping patch.
>>> 2 out of 2 hunks ignored -- saving rejects to file
>>> src/lib-sql/driver-sqlite.c.rej
>>>
>>> I verified it by looking in the source code and indeed, this patch
is
>>> already applied.
>>>
>>> - Marcel
>>>
>>> Am 03.02.2019 um 15:25 schrieb Aki Tuomi:
>>>
>>> > > Can you try if applying
>>>> >
>>> > >
>>>
https://github.com/dovecot/core/commit/b291ff1fd61b47639a2db99bd858c9511945f4ab.patch
>>>
>>>> > >
>>> > > helps?
>>>> >
>>> > > Aki
>>>> > > > On 03 February 2019 at 16:20 Marcel Menzel <
mail at mcl.gg
>>>> <mailto:mail at mcl.gg>
>>>>> <mailto: mail at mcl.gg <mailto:mail at
mcl.gg>>> wrote:
>>>>>
>>>>> > >
>>>> > >>
>>> >> Hello Aki,
>>> >>
>>> >> Arch Linux doesn't have install-able debug symbols for
Dovecot.
>>> That's
>>> >> why I just compiled the package for myself with enabled
debug
>>> symbols
>>> >> (by editing the makepkg.conf).
>>> >>
>>> >> I've attached the output from gdb's bt full.
>>> >>
>>> >> - Marcel
>>> >>
>>> >> Am 03.02.2019 um 14:45 schrieb Aki Tuomi:
>>> >>> You need to install debug symbols. Not sure how this
is done in
>>> arch
>>> >>> linux though.
>>> >>> Aki
>>> >>>> On 03 February 2019 at 15:02 Marcel Menzel <
mail at mcl.gg
>>> <mailto:mail at mcl.gg>
>>> >>>> <mailto: mail at mcl.gg <mailto:mail at
mcl.gg>>
>>> >>>> <mailto: mail at mcl.gg <mailto:mail at
mcl.gg> <mailto: mail at mcl.gg
>>> <mailto:mail at mcl.gg>>>> wrote:
>>> >> >>
>>> >> >> Hello John,
>>> >> >>
>>> >> >> I tried (until now) to get a valuable backtrace,
but it seems
>>> that
>>> >> GDB
>>> >> >> can't resolve all symbols.
>>> >> >> This is what systemd-coredump is giving me:
>>> >> >>
>>> >> >> Stack trace of thread 22359:
>>> >> >> #0 0x0000638167eaf062 event_unref
(libdovecot.so.0)
>>> >> >> #1 0x000004a58a212151 n/a (dict)
>>> >> >> #2 0x000004a58a211333 n/a (dict)
>>> >> >> #3 0x000004a58a20514d n/a (dict)
>>> >> >> #4 0x0000638167e556f2 dict_transaction_begin
(libdovecot.so.0)
>>> >> >> #5 0x000004a58a203b06 n/a (dict)
>>> >> >> #6 0x000004a58a2045ff dict_command_input (dict)
>>> >> >> #7 0x000004a58a202a31 n/a (dict)
>>> >> >> #8 0x000004a58a202b35 n/a (dict)
>>> >> >> #9 0x0000638167eaacfd io_loop_call_io
(libdovecot.so.0)
>>> >> >> #10 0x0000638167eac635
io_loop_handler_run_internal
>>> (libdovecot.so.0)
>>> >> >> #11 0x0000638167eaadc7 io_loop_handler_run
(libdovecot.so.0)
>>> >> >> #12 0x0000638167eaaf68 io_loop_run
(libdovecot.so.0)
>>> >> >> #13 0x0000638167e1b36a master_service_run
(libdovecot.so.0)
>>> >> >> #14 0x000004a58a202300 main (dict)
>>> >> >> #15 0x0000638167a17223 __libc_start_main
(libc.so.6)
>>> >> >> #16 0x000004a58a2023fe _start (dict)
>>> >> >>
>>> >> >> GDB's "bt full" won't give
anything more here, I might compile
>>> >> Dovecot
>>> >> >> with debug symbols enabled as soon as I have a
little more time:
>>> >> >>
>>> >> >> (gdb) bt full
>>> >> >> #0 0x0000638167eaf062 in event_unref () from
>>> >> >> /usr/lib/dovecot/libdovecot.so.0
>>> >> >> No symbol table info available.
>>> >> >> #1 0x000004a58a212151 in ?? ()
>>> >> >> No symbol table info available.
>>> >> >> #2 0x000004a58a211333 in ?? ()
>>> >> >> No symbol table info available.
>>> >> >> #3 0x000004a58a20514d in ?? ()
>>> >> >> No symbol table info available.
>>> >> >> #4 0x0000638167e556f2 in dict_transaction_begin
() from
>>> >> >> /usr/lib/dovecot/libdovecot.so.0
>>> >> >> No symbol table info available.
>>> >> >> #5 0x000004a58a203b06 in ?? ()
>>> >> >> No symbol table info available.
>>> >> >> #6 0x000004a58a2045ff in dict_command_input ()
>>> >> >> No symbol table info available.
>>> >> >> #7 0x000004a58a202a31 in ?? ()
>>> >> >> No symbol table info available.
>>> >> >> #8 0x000004a58a202b35 in ?? ()
>>> >> >> No symbol table info available.
>>> >> >> #9 0x0000638167eaacfd in io_loop_call_io () from
>>> >> >> /usr/lib/dovecot/libdovecot.so.0
>>> >> >> No symbol table info available.
>>> >> >> #10 0x0000638167eac635 in
io_loop_handler_run_internal () from
>>> >> >> /usr/lib/dovecot/libdovecot.so.0
>>> >> >> No symbol table info available.
>>> >> >> #11 0x0000638167eaadc7 in io_loop_handler_run ()
from
>>> >> >> /usr/lib/dovecot/libdovecot.so.0
>>> >> >> No symbol table info available.
>>> >> >> #12 0x0000638167eaaf68 in io_loop_run () from
>>> >> >> /usr/lib/dovecot/libdovecot.so.0
>>> >> >> No symbol table info available.
>>> >> >> #13 0x0000638167e1b36a in master_service_run ()
from
>>> >> >> /usr/lib/dovecot/libdovecot.so.0
>>> >> >> No symbol table info available.
>>> >> >> #14 0x000004a58a202300 in main ()
>>> >> >> No symbol table info available.
>>> >> >>
>>> >> >> - Marcel
>>> >> >>
>>> >> >> Am 03.02.2019 um 09:08 schrieb John Fawcett:
>>> >> >>> On 01/02/2019 20:40, Marcel Menzel wrote:
>>> >> >>>> Hello,
>>> >> >> >>
>>> >> >> >> After I configured a SQLite backed dict
quota backend, the
>>> dict
>>> >> >> process
>>> >> >> >> crashes every time a quota operation is
happening.
>>> >> >> >>
>>> >> >> >> SQLite: 3.26.0
>>> >> >> >>
>>> >> >> >> Dovecot: 2.3.4 (0ecbaf23d)
>>> >> >> >>
>>> >> >> >> Linux: 4.20.4.a-1-hardened #1 SMP
PREEMPT Fri Jan 25
>>> 01:24:51 CET
>>> >> >> 2019
>>> >> >> >> x86_64 GNU/Linux (Arch Linux)
>>> >> >> >>
>>> >> >> >> Filesystem: BTRFS
>>> >> >> >>
>>> >> >> >>
>>> >> >> >> I can't get any debug output from
Dovecot, even after setting
>>> >> >> log_debug
>>> >> >> >> = cat:* event:* source:* field:*=*
>>> >> >> >>
>>> >> >> >> dovecot[6457]: dict(6687): Debug:
sqlite: Finished query
>>> 'BEGIN
>>> >> >> >> TRANSACTION' in 0 msecs
>>> >> >> >> dovecot[6457]: dict(6687): Fatal:
master: service(dict): child
>>> >> 6687
>>> >> >> >> killed with signal 11 (core dumped)
>>> >> >> >>
>>> >> >> >>
>>> >> >> >> I've attached the output of dovecot
-n and the coredump
>>> file from
>>> >> >> >> systemd-coredump.
>>> >> >> >>
>>> >> >> >>
>>> >> >> >> Kind regards,
>>> >> >> >>
>>> >> >> >> Marcel Menzel
>>> >> >> >>
>>> >> >>> Any chance of posting a backtrace?
>>> >> >>> John
>>> >> >
>>> >>> ---
>>> >>> Aki Tuomi
>>> >
>>>
>>> > > ---
>>>> Aki Tuomi
>>>>
>>>> >
>> ---
>> Aki Tuomi
>
> ---
> Aki Tuomi
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20190203/8f814509/attachment.html>
Can you try out the attached patch? Aki> On 03 February 2019 at 17:17 Marcel Menzel <mail at mcl.gg> wrote: > > > All I did was > > ??? - create a sqlite database with: # sqlite3 /tmp/storage.db (/run > only to test for perm issues in other folders) > > ??? - change it's owner to mail (that's the user owning the mail files): > # chown mail:mail /tmp/storage.db > > ??? - point dovecot to the file in "dovecot-dict-sql.conf.ext" with > "connect = /tmp/storage.db" > > ??? - enable quota in "90-quota.conf" with "quota = dict:User > quota::proxy::quota" in the plugin section (sample config file taken > from sources) > > ??? - changing the dict section in dovecot.conf to: > > dict { > ? quota = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext > ? expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext > } > > After this, a simple "doveadm quota recalc -u mail at mcl.gg" is enough to > cause a dict crash. > > > While tinkering with the config (and making a small mistake where i > moved the file and dovecot complaining about > > doveadm: Error: dict quota: Quota update failed: dict-server returned > failure: sql dict: commit failed: out of memory (reply took 0.041 secs > (0.001 in dict wait, 0.000 in other ioloops, 0.001 in locks, async-id > reply 0.000 secs ago, started on dict-server 0.041 secs ago, took 0.000 > secs)) - Quota is now desynced > > And reloading it afterwards, my log got filled with like 200 lines > containing > > dovecot[6213]: dict(6301): Warning: Event 0x67a90293830 leaked > (parent=0x67a9027c890): driver-sqlite.c:173 > > - Marcel > > Am 03.02.2019 um 15:57 schrieb Aki Tuomi: > > Can you provide steps on how to reproduce this? Tracked as DOP-899 > >> On 03 February 2019 at 16:50 Aki Tuomi < aki.tuomi at open-xchange.com > >> <mailto:aki.tuomi at open-xchange.com>> wrote: > >> > >> > >> Right it was already in 2.3.4. Looking more closely this looks like > >> use after free. We'll look into this. > >> > >> Aki > >> > >>> On 03 February 2019 at 16:44 Marcel Menzel < mail at mcl.gg > >>> <mailto:mail at mcl.gg>> wrote: > >>> > >>> > >>> Hello Aki, > >>> > >>> unfortunately, this patch is already in my source files, as patch > >>> refuses to apply it: > >>> > >>> -> Applying patch fix-sqlite.patch > >>> patching file src/lib-sql/driver-sqlite.c > >>> Reversed (or previously applied) patch detected! Skipping patch. > >>> 2 out of 2 hunks ignored -- saving rejects to file > >>> src/lib-sql/driver-sqlite.c.rej > >>> > >>> I verified it by looking in the source code and indeed, this patch is > >>> already applied. > >>> > >>> - Marcel > >>> > >>> Am 03.02.2019 um 15:25 schrieb Aki Tuomi: > >>> > >>> > > Can you try if applying > >>>> > > >>> > > > >>> https://github.com/dovecot/core/commit/b291ff1fd61b47639a2db99bd858c9511945f4ab.patch > >>> > >>>> > > > >>> > > helps? > >>>> > > >>> > > Aki > >>>> > > > On 03 February 2019 at 16:20 Marcel Menzel < mail at mcl.gg > >>>> <mailto:mail at mcl.gg> > >>>>> <mailto: mail at mcl.gg <mailto:mail at mcl.gg>>> wrote: > >>>>> > >>>>> > > > >>>> > >> > >>> >> Hello Aki, > >>> >> > >>> >> Arch Linux doesn't have install-able debug symbols for Dovecot. > >>> That's > >>> >> why I just compiled the package for myself with enabled debug > >>> symbols > >>> >> (by editing the makepkg.conf). > >>> >> > >>> >> I've attached the output from gdb's bt full. > >>> >> > >>> >> - Marcel > >>> >> > >>> >> Am 03.02.2019 um 14:45 schrieb Aki Tuomi: > >>> >>> You need to install debug symbols. Not sure how this is done in > >>> arch > >>> >>> linux though. > >>> >>> Aki > >>> >>>> On 03 February 2019 at 15:02 Marcel Menzel < mail at mcl.gg > >>> <mailto:mail at mcl.gg> > >>> >>>> <mailto: mail at mcl.gg <mailto:mail at mcl.gg>> > >>> >>>> <mailto: mail at mcl.gg <mailto:mail at mcl.gg> <mailto: mail at mcl.gg > >>> <mailto:mail at mcl.gg>>>> wrote: > >>> >> >> > >>> >> >> Hello John, > >>> >> >> > >>> >> >> I tried (until now) to get a valuable backtrace, but it seems > >>> that > >>> >> GDB > >>> >> >> can't resolve all symbols. > >>> >> >> This is what systemd-coredump is giving me: > >>> >> >> > >>> >> >> Stack trace of thread 22359: > >>> >> >> #0 0x0000638167eaf062 event_unref (libdovecot.so.0) > >>> >> >> #1 0x000004a58a212151 n/a (dict) > >>> >> >> #2 0x000004a58a211333 n/a (dict) > >>> >> >> #3 0x000004a58a20514d n/a (dict) > >>> >> >> #4 0x0000638167e556f2 dict_transaction_begin (libdovecot.so.0) > >>> >> >> #5 0x000004a58a203b06 n/a (dict) > >>> >> >> #6 0x000004a58a2045ff dict_command_input (dict) > >>> >> >> #7 0x000004a58a202a31 n/a (dict) > >>> >> >> #8 0x000004a58a202b35 n/a (dict) > >>> >> >> #9 0x0000638167eaacfd io_loop_call_io (libdovecot.so.0) > >>> >> >> #10 0x0000638167eac635 io_loop_handler_run_internal > >>> (libdovecot.so.0) > >>> >> >> #11 0x0000638167eaadc7 io_loop_handler_run (libdovecot.so.0) > >>> >> >> #12 0x0000638167eaaf68 io_loop_run (libdovecot.so.0) > >>> >> >> #13 0x0000638167e1b36a master_service_run (libdovecot.so.0) > >>> >> >> #14 0x000004a58a202300 main (dict) > >>> >> >> #15 0x0000638167a17223 __libc_start_main (libc.so.6) > >>> >> >> #16 0x000004a58a2023fe _start (dict) > >>> >> >> > >>> >> >> GDB's "bt full" won't give anything more here, I might compile > >>> >> Dovecot > >>> >> >> with debug symbols enabled as soon as I have a little more time: > >>> >> >> > >>> >> >> (gdb) bt full > >>> >> >> #0 0x0000638167eaf062 in event_unref () from > >>> >> >> /usr/lib/dovecot/libdovecot.so.0 > >>> >> >> No symbol table info available. > >>> >> >> #1 0x000004a58a212151 in ?? () > >>> >> >> No symbol table info available. > >>> >> >> #2 0x000004a58a211333 in ?? () > >>> >> >> No symbol table info available. > >>> >> >> #3 0x000004a58a20514d in ?? () > >>> >> >> No symbol table info available. > >>> >> >> #4 0x0000638167e556f2 in dict_transaction_begin () from > >>> >> >> /usr/lib/dovecot/libdovecot.so.0 > >>> >> >> No symbol table info available. > >>> >> >> #5 0x000004a58a203b06 in ?? () > >>> >> >> No symbol table info available. > >>> >> >> #6 0x000004a58a2045ff in dict_command_input () > >>> >> >> No symbol table info available. > >>> >> >> #7 0x000004a58a202a31 in ?? () > >>> >> >> No symbol table info available. > >>> >> >> #8 0x000004a58a202b35 in ?? () > >>> >> >> No symbol table info available. > >>> >> >> #9 0x0000638167eaacfd in io_loop_call_io () from > >>> >> >> /usr/lib/dovecot/libdovecot.so.0 > >>> >> >> No symbol table info available. > >>> >> >> #10 0x0000638167eac635 in io_loop_handler_run_internal () from > >>> >> >> /usr/lib/dovecot/libdovecot.so.0 > >>> >> >> No symbol table info available. > >>> >> >> #11 0x0000638167eaadc7 in io_loop_handler_run () from > >>> >> >> /usr/lib/dovecot/libdovecot.so.0 > >>> >> >> No symbol table info available. > >>> >> >> #12 0x0000638167eaaf68 in io_loop_run () from > >>> >> >> /usr/lib/dovecot/libdovecot.so.0 > >>> >> >> No symbol table info available. > >>> >> >> #13 0x0000638167e1b36a in master_service_run () from > >>> >> >> /usr/lib/dovecot/libdovecot.so.0 > >>> >> >> No symbol table info available. > >>> >> >> #14 0x000004a58a202300 in main () > >>> >> >> No symbol table info available. > >>> >> >> > >>> >> >> - Marcel > >>> >> >> > >>> >> >> Am 03.02.2019 um 09:08 schrieb John Fawcett: > >>> >> >>> On 01/02/2019 20:40, Marcel Menzel wrote: > >>> >> >>>> Hello, > >>> >> >> >> > >>> >> >> >> After I configured a SQLite backed dict quota backend, the > >>> dict > >>> >> >> process > >>> >> >> >> crashes every time a quota operation is happening. > >>> >> >> >> > >>> >> >> >> SQLite: 3.26.0 > >>> >> >> >> > >>> >> >> >> Dovecot: 2.3.4 (0ecbaf23d) > >>> >> >> >> > >>> >> >> >> Linux: 4.20.4.a-1-hardened #1 SMP PREEMPT Fri Jan 25 > >>> 01:24:51 CET > >>> >> >> 2019 > >>> >> >> >> x86_64 GNU/Linux (Arch Linux) > >>> >> >> >> > >>> >> >> >> Filesystem: BTRFS > >>> >> >> >> > >>> >> >> >> > >>> >> >> >> I can't get any debug output from Dovecot, even after setting > >>> >> >> log_debug > >>> >> >> >> = cat:* event:* source:* field:*=* > >>> >> >> >> > >>> >> >> >> dovecot[6457]: dict(6687): Debug: sqlite: Finished query > >>> 'BEGIN > >>> >> >> >> TRANSACTION' in 0 msecs > >>> >> >> >> dovecot[6457]: dict(6687): Fatal: master: service(dict): child > >>> >> 6687 > >>> >> >> >> killed with signal 11 (core dumped) > >>> >> >> >> > >>> >> >> >> > >>> >> >> >> I've attached the output of dovecot -n and the coredump > >>> file from > >>> >> >> >> systemd-coredump. > >>> >> >> >> > >>> >> >> >> > >>> >> >> >> Kind regards, > >>> >> >> >> > >>> >> >> >> Marcel Menzel > >>> >> >> >> > >>> >> >>> Any chance of posting a backtrace? > >>> >> >>> John > >>> >> > > >>> >>> --- > >>> >>> Aki Tuomi > >>> > > >>> > >>> > > --- > >>>> Aki Tuomi > >>>> > >>>> > > >> --- > >> Aki Tuomi > > > > --- > > Aki Tuomi-------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-lib-sql-driver-sqlite-Fix-crash-caused-by-wrong-vari.patch Type: text/x-patch Size: 1165 bytes Desc: not available URL: <https://dovecot.org/pipermail/dovecot/attachments/20190203/bd3ba8fb/attachment.bin>