Hi Aki, first thanks for the quick fix. Unfortunately, it only resolves the issue partially. For the ?To: undisclosed-recipients:;?, it works now. For ?To: ? it still crashes (i. e. what I did with my manual lmtp dialog). Michael> On 13. Dec 2019, at 11:54, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > Hi! > > We have released v2.3.9.1 fixing this issue. > > Thank you for your effort! > > Aki > > On 13.12.2019 12.27, Michael Stilkerich wrote: >> Hallo Aki, >> >> the affected code location seems to be concerned with parsing to ?To:? header. I checked all the mails causing the crash, the To: header is either empty (but present) or contains ?undisclosed-recipients:;?. >> >> I checked this manually and sure enough lmtp crashes: >> >> nc -C -U dovecot-lmtp >> 220 keira.mike2k.de Dovecot ready. >> LHLO keira.mike2k.de >> 250-keira.mike2k.de >> 250-8BITMIME >> 250-CHUNKING >> 250-ENHANCEDSTATUSCODES >> 250-PIPELINING >> 250 STARTTLS >> MAIL FROM:<ms at mike2k.de> >> 250 2.1.0 OK >> RCPT TO:<mikey at localhost.mike2k.de> >> 250 2.1.5 OK >> DATA >> 354 OK >> To: >> >> bla >> >> . >> >> >> (and thats it, connection closed because of the segfault). >> >> Michael >> >>> On 11. Dec 2019, at 08:07, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: >>> >>> Hi! >>> >>> Can you provide a mail sample and doveconf -n please? >>> >>> Aki >>> >>>> On 11/12/2019 08:57 Michael Stilkerich via dovecot <dovecot at dovecot.org> wrote: >>>> >>>> >>>> Hello, >>>> >>>> since the upgrade from 2.3.8 to 2.3.9 (using the Ubuntu 18.04 packages from dovecot.org), lmtp crashes for me for some mails. Currently I have three pending mails in my postfix deferred queue since the upgrade a couple of days ago. I did not observe these issues with 2.3.8. >>>> >>>> The backtrace from one of the coredumps: >>>> >>>> Reading symbols from /usr/lib/dovecot/lmtp...Reading symbols from /usr/lib/debug/.build-id/f3/3a5089463b1234cbcf90bf10033d1dd5613821.debug...done. >>>> done. >>>> [New LWP 1554] >>>> [Thread debugging using libthread_db enabled] >>>> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". >>>> Core was generated by `dovecot/lmtp'. >>>> Program terminated with signal SIGSEGV, Segmentation fault. >>>> #0 decode_address_header (pool=pool at entry=0x560631ad6d10, hdr=0x560631add4c8 "", address_r=address_r at entry=0x560631ad7090, name_r=name_r at entry=0x560631ad7098) >>>> at push-notification-event-message-common.c:20 >>>> 20 push-notification-event-message-common.c: No such file or directory. >>>> (gdb) bt >>>> #0 decode_address_header (pool=pool at entry=0x560631ad6d10, hdr=0x560631add4c8 "", address_r=address_r at entry=0x560631ad7090, name_r=name_r at entry=0x560631ad7098) >>>> at push-notification-event-message-common.c:20 >>>> #1 0x00007f3f37955fbb in decode_address_header (name_r=0x560631ad7098, address_r=0x560631ad7090, hdr=<optimized out>, pool=0x560631ad6d10) at push-notification-event-message-common.c:62 >>>> #2 push_notification_message_fill (mail=mail at entry=0x560631adc088, pool=0x560631ad6d10, >>>> event_flags=(PUSH_NOTIFICATION_MESSAGE_HDR_FROM | PUSH_NOTIFICATION_MESSAGE_HDR_TO | PUSH_NOTIFICATION_MESSAGE_HDR_SUBJECT | PUSH_NOTIFICATION_MESSAGE_HDR_DATE | PUSH_NOTIFICATION_MESSAGE_BODY_SNIPPE$), from=<optimized out>, to=<optimized out>, subject=<optimized out>, date=0x560631ad7050, date_tz=0x560631ad7058, message_id=0x560631ad7078, flags=0x560631ad706c, flags_set=0x560631ad7068, >>>> keywords=0x560631ad7070, snippet=0x560631ad7060, ext=0x560631ad7080) at push-notification-event-message-common.c:62 >>>> #3 0x00007f3f37955a41 in push_notification_event_messagenew_event (ptxn=0x560631ad6d38, ec=0x560631ad6fe0, msg=0x560631ad7010, mail=0x560631adc088) at push-notification-event-messagenew.c:83 >>>> #4 0x00007f3f379571bd in push_notification_trigger_msg_save_new (txn=0x560631ad6d38, mail=0x560631adc088, msg=0x560631ad7010) at push-notification-triggers.c:138 >>>> #5 0x00007f3f383f52f3 in notify_contexts_mail_save (mail=0x560631adc088) at notify-plugin.c:62 >>>> #6 0x00007f3f383f65b8 in notify_copy (ctx=0x560631ad7890, mail=0x560631a98b18) at notify-storage.c:104 >>>> #7 0x00007f3f3860873d in quota_copy (ctx=0x560631ad7890, mail=0x560631a98b18) at quota-storage.c:302 >>>> #8 0x00007f3f39f91e32 in mailbox_copy_int (_ctx=<optimized out>, mail=0x560631a98b18) at mail-storage.c:2759 >>>> #9 0x00007f3f3641907f in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 >>>> #10 0x00007f3f3640e64c in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 >>>> #11 0x00007f3f3640f11b in sieve_result_implicit_keep () from /usr/lib/dovecot/libdovecot-sieve.so.0 >>>> #12 0x00007f3f364226e1 in sieve_multiscript_finish () from /usr/lib/dovecot/libdovecot-sieve.so.0 >>>> #13 0x00007f3f3668e488 in ?? () from /usr/lib/dovecot/modules/lib90_sieve_plugin.so >>>> #14 0x00007f3f3a2a260d in mail_do_deliver (storage_r=0x7ffedf944b40, ctx=0x7ffedf944c30) at mail-deliver.c:542 >>>> #15 mail_deliver (ctx=ctx at entry=0x7ffedf944c30, storage_r=storage_r at entry=0x7ffedf944b40) at mail-deliver.c:592 >>>> #16 0x000056063169c0e1 in lmtp_local_default_deliver (client=0x560631a5e898, lrcpt=<optimized out>, cmd=<optimized out>, trans=<optimized out>, lldctx=0x7ffedf944e70) at lmtp-local.c:593 >>>> #17 0x000056063169c8cf in lmtp_local_deliver (local=0x560631a849b0, local=0x560631a849b0, session=0x560631a9d748, src_mail=0x560631a98b18, llrcpt=0x560631a7f600, trans=0x560631a7fab8, cmd=0x560631a7f088) >>>> at lmtp-local.c:530 >>>> #18 lmtp_local_deliver_to_rcpts (session=0x560631a9d748, trans=0x560631a7fab8, cmd=0x560631a7f088, local=0x560631a849b0) at lmtp-local.c:654 >>>> #19 lmtp_local_data (client=client at entry=0x560631a5e898, cmd=cmd at entry=0x560631a7f088, trans=trans at entry=0x560631a7fab8, input=<optimized out>) at lmtp-local.c:730 >>>> #20 0x000056063169b0cf in client_default_cmd_data (client=0x560631a5e898, cmd=0x560631a7f088, trans=0x560631a7fab8, data_input=0x560631a83c00, data_size=<optimized out>) at lmtp-commands.c:275 >>>> #21 0x000056063169ae6f in cmd_data_finish (trans=0x560631a7fab8, cmd=0x560631a7f088, client=0x560631a5e898) at lmtp-commands.c:165 >>>> #22 cmd_data_continue (conn_ctx=0x560631a5e898, cmd=0x560631a7f088, trans=0x560631a7fab8) at lmtp-commands.c:213 >>>> #23 0x00007f3f39bfa2c7 in cmd_data_do_handle_input (cmd=0x560631a7f088) at smtp-server-cmd-data.c:285 >>>> #24 cmd_data_handle_input (cmd=0x560631a7f088) at smtp-server-cmd-data.c:333 >>>> #25 0x00007f3f39ca42af in io_loop_call_io (io=0x560631a7d8e0) at ioloop.c:718 >>>> #26 0x00007f3f39ca5c8c in io_loop_handler_run_internal (ioloop=ioloop at entry=0x560631a23fd0) at ioloop-epoll.c:222 >>>> #27 0x00007f3f39ca43c0 in io_loop_handler_run (ioloop=<optimized out>) at ioloop.c:770 >>>> #28 0x00007f3f39ca45e8 in io_loop_run (ioloop=0x560631a23fd0) at ioloop.c:743 >>>> #29 0x00007f3f39c124b3 in master_service_run (service=0x560631a23e60, callback=<optimized out>) at master-service.c:809 >>>> #30 0x0000560631699b45 in main (argc=<optimized out>, argv=<optimized out>) at main.c:169 >>>> >>>> I can provide one of the mails causing the crash if helpful (they are all spam). >>>> >>>> Best regards, >>>> Michael
HI, and the backtrace (essentially same as before except for the line numbers moved by the code changes): Core was generated by `dovecot/lmtp'. [50/749] Program terminated with signal SIGSEGV, Segmentation fault. #0 decode_address_header (pool=pool at entry=0x5569a8e10550, hdr=0x5569a8e15cd8 "", address_r=address_r at entry=0x5569a8e108d0, name_r=name_r at entry=0x5569a8e108d8) at push-notification-event-message-common.c:22 22 push-notification-event-message-common.c: No such file or directory. (gdb) bt #0 decode_address_header (pool=pool at entry=0x5569a8e10550, hdr=0x5569a8e15cd8 "", address_r=address_r at entry=0x5569a8e108d0, name_r=name_r at entry=0x5569a8e108d8) at push-notification-event-message-common.c:22 #1 0x00007fece33adfdb in decode_address_header (name_r=0x5569a8e108d8, address_r=0x5569a8e108d0, hdr=<optimized out>, pool=0x5569a8e10550) at push-notification-event-message-common.c:67 #2 push_notification_message_fill (mail=mail at entry=0x5569a8e14898, pool=0x5569a8e10550, event_flags=(PUSH_NOTIFICATION_MESSAGE_HDR_FROM | PUSH_NOTIFICATION_MESSAGE_HDR_TO | PUSH_NOTIFICATION_MESSAGE_HDR_SUBJECT | PUSH_NOTIFICATION_MESSAGE_HDR _DATE | PUSH_NOTIFICATION_MESSAGE_BODY_SNIPPET), from=<optimized out>, to=<optimized out>, subject=<optimized out>, date=0x5569a8e10890, date_tz=0x5569a8e10898, message_id=0x5569a8e108b8, flags=0x5569a8e108ac, flags_set=0x5569a8e108a8, keywords=0x5569a8e108b0, snippet=0x5569a8e108a0, ext=0x5569a8e108c0) at push-notification-event-message-common.c:67 #3 0x00007fece33ada41 in push_notification_event_messagenew_event (ptxn=0x5569a8e10578, ec=0x5569a8e10820, msg=0x5569a8e10850, mail=0x5569a8e14898) at push-notification-event-messagenew.c:83 #4 0x00007fece33af1dd in push_notification_trigger_msg_save_new (txn=0x5569a8e10578, mail=0x5569a8e14898, msg=0x5569a8e10850) at push-notification-triggers.c:138 #5 0x00007fece3e4d2f3 in notify_contexts_mail_save (mail=0x5569a8e14898) at notify-plugin.c:62 #6 0x00007fece3e4e5b8 in notify_copy (ctx=0x5569a8e110f0, mail=0x5569a8dd1b18) at notify-storage.c:104 #7 0x00007fece406073d in quota_copy (ctx=0x5569a8e110f0, mail=0x5569a8dd1b18) at quota-storage.c:302 #8 0x00007fece59e9e32 in mailbox_copy_int (_ctx=<optimized out>, mail=0x5569a8dd1b18) at mail-storage.c:2759 #9 0x00007fece1e7107f in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 #10 0x00007fece1e6664c in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 #11 0x00007fece1e6711b in sieve_result_implicit_keep () from /usr/lib/dovecot/libdovecot-sieve.so.0 #12 0x00007fece1e7a6e1 in sieve_multiscript_finish () from /usr/lib/dovecot/libdovecot-sieve.so.0 #13 0x00007fece20e6488 in ?? () from /usr/lib/dovecot/modules/lib90_sieve_plugin.so #14 0x00007fece5cfa60d in mail_do_deliver (storage_r=0x7ffc0dcb6d00, ctx=0x7ffc0dcb6df0) at mail-deliver.c:542 #15 mail_deliver (ctx=ctx at entry=0x7ffc0dcb6df0, storage_r=storage_r at entry=0x7ffc0dcb6d00) at mail-deliver.c:592 #16 0x00005569a7b930e1 in lmtp_local_default_deliver (client=0x5569a8d97898, lrcpt=<optimized out>, cmd=<optimized out>, trans=<optimized out>, lldctx=0x7ffc0dcb7030) at lmtp-local.c:593 #17 0x00005569a7b938cf in lmtp_local_deliver (local=0x5569a8dbd9b0, local=0x5569a8dbd9b0, session=0x5569a8dd6748, src_mail=0x5569a8dd1b18, llrcpt=0x5569a8db8600, trans=0x5569a8db8ab8, cmd=0x5569a8db8088) at lmtp-local.c:530 #18 lmtp_local_deliver_to_rcpts (session=0x5569a8dd6748, trans=0x5569a8db8ab8, cmd=0x5569a8db8088, local=0x5569a8dbd9b0) at lmtp-local.c:654 #19 lmtp_local_data (client=client at entry=0x5569a8d97898, cmd=cmd at entry=0x5569a8db8088, trans=trans at entry=0x5569a8db8ab8, input=<optimized out>) at lmtp-local.c:730 #20 0x00005569a7b920cf in client_default_cmd_data (client=0x5569a8d97898, cmd=0x5569a8db8088, trans=0x5569a8db8ab8, data_input=0x5569a8dbcc00, data_size=<optimized out>) at lmtp-commands.c:275 #21 0x00005569a7b91e6f in cmd_data_finish (trans=0x5569a8db8ab8, cmd=0x5569a8db8088, client=0x5569a8d97898) at lmtp-commands.c:165 #22 cmd_data_continue (conn_ctx=0x5569a8d97898, cmd=0x5569a8db8088, trans=0x5569a8db8ab8) at lmtp-commands.c:213 #23 0x00007fece56522c7 in cmd_data_do_handle_input (cmd=0x5569a8db8088) at smtp-server-cmd-data.c:285 #24 cmd_data_handle_input (cmd=0x5569a8db8088) at smtp-server-cmd-data.c:333 #25 0x00007fece56fc2af in io_loop_call_io (io=0x5569a8db68e0) at ioloop.c:718 #26 0x00007fece56fdc8c in io_loop_handler_run_internal (ioloop=ioloop at entry=0x5569a8d5cfd0) at ioloop-epoll.c:222 #27 0x00007fece56fc3c0 in io_loop_handler_run (ioloop=<optimized out>) at ioloop.c:770 #28 0x00007fece56fc5e8 in io_loop_run (ioloop=0x5569a8d5cfd0) at ioloop.c:743 #29 0x00007fece566a4b3 in master_service_run (service=0x5569a8d5ce60, callback=<optimized out>) at master-service.c:809 #30 0x00005569a7b90b45 in main (argc=<optimized out>, argv=<optimized out>) at main.c:169 Michael> On 13. Dec 2019, at 12:10, Michael Stilkerich <ms at mike2k.de> wrote: > > Hi Aki, > > first thanks for the quick fix. > > Unfortunately, it only resolves the issue partially. For the ?To: undisclosed-recipients:;?, it works now. For ?To: ? it still crashes (i. e. what I did with my manual lmtp dialog). > > Michael > >> On 13. Dec 2019, at 11:54, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: >> >> Hi! >> >> We have released v2.3.9.1 fixing this issue. >> >> Thank you for your effort! >> >> Aki >> >> On 13.12.2019 12.27, Michael Stilkerich wrote: >>> Hallo Aki, >>> >>> the affected code location seems to be concerned with parsing to ?To:? header. I checked all the mails causing the crash, the To: header is either empty (but present) or contains ?undisclosed-recipients:;?. >>> >>> I checked this manually and sure enough lmtp crashes: >>> >>> nc -C -U dovecot-lmtp >>> 220 keira.mike2k.de Dovecot ready. >>> LHLO keira.mike2k.de >>> 250-keira.mike2k.de >>> 250-8BITMIME >>> 250-CHUNKING >>> 250-ENHANCEDSTATUSCODES >>> 250-PIPELINING >>> 250 STARTTLS >>> MAIL FROM:<ms at mike2k.de> >>> 250 2.1.0 OK >>> RCPT TO:<mikey at localhost.mike2k.de> >>> 250 2.1.5 OK >>> DATA >>> 354 OK >>> To: >>> >>> bla >>> >>> . >>> >>> >>> (and thats it, connection closed because of the segfault). >>> >>> Michael >>> >>>> On 11. Dec 2019, at 08:07, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: >>>> >>>> Hi! >>>> >>>> Can you provide a mail sample and doveconf -n please? >>>> >>>> Aki >>>> >>>>> On 11/12/2019 08:57 Michael Stilkerich via dovecot <dovecot at dovecot.org> wrote: >>>>> >>>>> >>>>> Hello, >>>>> >>>>> since the upgrade from 2.3.8 to 2.3.9 (using the Ubuntu 18.04 packages from dovecot.org), lmtp crashes for me for some mails. Currently I have three pending mails in my postfix deferred queue since the upgrade a couple of days ago. I did not observe these issues with 2.3.8. >>>>> >>>>> The backtrace from one of the coredumps: >>>>> >>>>> Reading symbols from /usr/lib/dovecot/lmtp...Reading symbols from /usr/lib/debug/.build-id/f3/3a5089463b1234cbcf90bf10033d1dd5613821.debug...done. >>>>> done. >>>>> [New LWP 1554] >>>>> [Thread debugging using libthread_db enabled] >>>>> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". >>>>> Core was generated by `dovecot/lmtp'. >>>>> Program terminated with signal SIGSEGV, Segmentation fault. >>>>> #0 decode_address_header (pool=pool at entry=0x560631ad6d10, hdr=0x560631add4c8 "", address_r=address_r at entry=0x560631ad7090, name_r=name_r at entry=0x560631ad7098) >>>>> at push-notification-event-message-common.c:20 >>>>> 20 push-notification-event-message-common.c: No such file or directory. >>>>> (gdb) bt >>>>> #0 decode_address_header (pool=pool at entry=0x560631ad6d10, hdr=0x560631add4c8 "", address_r=address_r at entry=0x560631ad7090, name_r=name_r at entry=0x560631ad7098) >>>>> at push-notification-event-message-common.c:20 >>>>> #1 0x00007f3f37955fbb in decode_address_header (name_r=0x560631ad7098, address_r=0x560631ad7090, hdr=<optimized out>, pool=0x560631ad6d10) at push-notification-event-message-common.c:62 >>>>> #2 push_notification_message_fill (mail=mail at entry=0x560631adc088, pool=0x560631ad6d10, >>>>> event_flags=(PUSH_NOTIFICATION_MESSAGE_HDR_FROM | PUSH_NOTIFICATION_MESSAGE_HDR_TO | PUSH_NOTIFICATION_MESSAGE_HDR_SUBJECT | PUSH_NOTIFICATION_MESSAGE_HDR_DATE | PUSH_NOTIFICATION_MESSAGE_BODY_SNIPPE$), from=<optimized out>, to=<optimized out>, subject=<optimized out>, date=0x560631ad7050, date_tz=0x560631ad7058, message_id=0x560631ad7078, flags=0x560631ad706c, flags_set=0x560631ad7068, >>>>> keywords=0x560631ad7070, snippet=0x560631ad7060, ext=0x560631ad7080) at push-notification-event-message-common.c:62 >>>>> #3 0x00007f3f37955a41 in push_notification_event_messagenew_event (ptxn=0x560631ad6d38, ec=0x560631ad6fe0, msg=0x560631ad7010, mail=0x560631adc088) at push-notification-event-messagenew.c:83 >>>>> #4 0x00007f3f379571bd in push_notification_trigger_msg_save_new (txn=0x560631ad6d38, mail=0x560631adc088, msg=0x560631ad7010) at push-notification-triggers.c:138 >>>>> #5 0x00007f3f383f52f3 in notify_contexts_mail_save (mail=0x560631adc088) at notify-plugin.c:62 >>>>> #6 0x00007f3f383f65b8 in notify_copy (ctx=0x560631ad7890, mail=0x560631a98b18) at notify-storage.c:104 >>>>> #7 0x00007f3f3860873d in quota_copy (ctx=0x560631ad7890, mail=0x560631a98b18) at quota-storage.c:302 >>>>> #8 0x00007f3f39f91e32 in mailbox_copy_int (_ctx=<optimized out>, mail=0x560631a98b18) at mail-storage.c:2759 >>>>> #9 0x00007f3f3641907f in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 >>>>> #10 0x00007f3f3640e64c in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 >>>>> #11 0x00007f3f3640f11b in sieve_result_implicit_keep () from /usr/lib/dovecot/libdovecot-sieve.so.0 >>>>> #12 0x00007f3f364226e1 in sieve_multiscript_finish () from /usr/lib/dovecot/libdovecot-sieve.so.0 >>>>> #13 0x00007f3f3668e488 in ?? () from /usr/lib/dovecot/modules/lib90_sieve_plugin.so >>>>> #14 0x00007f3f3a2a260d in mail_do_deliver (storage_r=0x7ffedf944b40, ctx=0x7ffedf944c30) at mail-deliver.c:542 >>>>> #15 mail_deliver (ctx=ctx at entry=0x7ffedf944c30, storage_r=storage_r at entry=0x7ffedf944b40) at mail-deliver.c:592 >>>>> #16 0x000056063169c0e1 in lmtp_local_default_deliver (client=0x560631a5e898, lrcpt=<optimized out>, cmd=<optimized out>, trans=<optimized out>, lldctx=0x7ffedf944e70) at lmtp-local.c:593 >>>>> #17 0x000056063169c8cf in lmtp_local_deliver (local=0x560631a849b0, local=0x560631a849b0, session=0x560631a9d748, src_mail=0x560631a98b18, llrcpt=0x560631a7f600, trans=0x560631a7fab8, cmd=0x560631a7f088) >>>>> at lmtp-local.c:530 >>>>> #18 lmtp_local_deliver_to_rcpts (session=0x560631a9d748, trans=0x560631a7fab8, cmd=0x560631a7f088, local=0x560631a849b0) at lmtp-local.c:654 >>>>> #19 lmtp_local_data (client=client at entry=0x560631a5e898, cmd=cmd at entry=0x560631a7f088, trans=trans at entry=0x560631a7fab8, input=<optimized out>) at lmtp-local.c:730 >>>>> #20 0x000056063169b0cf in client_default_cmd_data (client=0x560631a5e898, cmd=0x560631a7f088, trans=0x560631a7fab8, data_input=0x560631a83c00, data_size=<optimized out>) at lmtp-commands.c:275 >>>>> #21 0x000056063169ae6f in cmd_data_finish (trans=0x560631a7fab8, cmd=0x560631a7f088, client=0x560631a5e898) at lmtp-commands.c:165 >>>>> #22 cmd_data_continue (conn_ctx=0x560631a5e898, cmd=0x560631a7f088, trans=0x560631a7fab8) at lmtp-commands.c:213 >>>>> #23 0x00007f3f39bfa2c7 in cmd_data_do_handle_input (cmd=0x560631a7f088) at smtp-server-cmd-data.c:285 >>>>> #24 cmd_data_handle_input (cmd=0x560631a7f088) at smtp-server-cmd-data.c:333 >>>>> #25 0x00007f3f39ca42af in io_loop_call_io (io=0x560631a7d8e0) at ioloop.c:718 >>>>> #26 0x00007f3f39ca5c8c in io_loop_handler_run_internal (ioloop=ioloop at entry=0x560631a23fd0) at ioloop-epoll.c:222 >>>>> #27 0x00007f3f39ca43c0 in io_loop_handler_run (ioloop=<optimized out>) at ioloop.c:770 >>>>> #28 0x00007f3f39ca45e8 in io_loop_run (ioloop=0x560631a23fd0) at ioloop.c:743 >>>>> #29 0x00007f3f39c124b3 in master_service_run (service=0x560631a23e60, callback=<optimized out>) at master-service.c:809 >>>>> #30 0x0000560631699b45 in main (argc=<optimized out>, argv=<optimized out>) at main.c:169 >>>>> >>>>> I can provide one of the mails causing the crash if helpful (they are all spam). >>>>> >>>>> Best regards, >>>>> Michael >
Can you provide p *addr? Aki On 13.12.2019 13.15, Michael Stilkerich wrote:> HI, > > and the backtrace (essentially same as before except for the line numbers moved by the code changes): > > Core was generated by `dovecot/lmtp'. [50/749] > Program terminated with signal SIGSEGV, Segmentation fault. > #0 decode_address_header (pool=pool at entry=0x5569a8e10550, hdr=0x5569a8e15cd8 "", address_r=address_r at entry=0x5569a8e108d0, > name_r=name_r at entry=0x5569a8e108d8) at push-notification-event-message-common.c:22 > 22 push-notification-event-message-common.c: No such file or directory. > (gdb) bt > #0 decode_address_header (pool=pool at entry=0x5569a8e10550, hdr=0x5569a8e15cd8 "", address_r=address_r at entry=0x5569a8e108d0, > name_r=name_r at entry=0x5569a8e108d8) at push-notification-event-message-common.c:22 > #1 0x00007fece33adfdb in decode_address_header (name_r=0x5569a8e108d8, address_r=0x5569a8e108d0, hdr=<optimized out>, pool=0x5569a8e10550) > at push-notification-event-message-common.c:67 > #2 push_notification_message_fill (mail=mail at entry=0x5569a8e14898, pool=0x5569a8e10550, > event_flags=(PUSH_NOTIFICATION_MESSAGE_HDR_FROM | PUSH_NOTIFICATION_MESSAGE_HDR_TO | PUSH_NOTIFICATION_MESSAGE_HDR_SUBJECT | PUSH_NOTIFICATION_MESSAGE_HDR > _DATE | PUSH_NOTIFICATION_MESSAGE_BODY_SNIPPET), from=<optimized out>, to=<optimized out>, subject=<optimized out>, date=0x5569a8e10890, > date_tz=0x5569a8e10898, message_id=0x5569a8e108b8, flags=0x5569a8e108ac, flags_set=0x5569a8e108a8, keywords=0x5569a8e108b0, snippet=0x5569a8e108a0, > ext=0x5569a8e108c0) at push-notification-event-message-common.c:67 > #3 0x00007fece33ada41 in push_notification_event_messagenew_event (ptxn=0x5569a8e10578, ec=0x5569a8e10820, msg=0x5569a8e10850, mail=0x5569a8e14898) > at push-notification-event-messagenew.c:83 > #4 0x00007fece33af1dd in push_notification_trigger_msg_save_new (txn=0x5569a8e10578, mail=0x5569a8e14898, msg=0x5569a8e10850) > at push-notification-triggers.c:138 > #5 0x00007fece3e4d2f3 in notify_contexts_mail_save (mail=0x5569a8e14898) at notify-plugin.c:62 > #6 0x00007fece3e4e5b8 in notify_copy (ctx=0x5569a8e110f0, mail=0x5569a8dd1b18) at notify-storage.c:104 > #7 0x00007fece406073d in quota_copy (ctx=0x5569a8e110f0, mail=0x5569a8dd1b18) at quota-storage.c:302 > #8 0x00007fece59e9e32 in mailbox_copy_int (_ctx=<optimized out>, mail=0x5569a8dd1b18) at mail-storage.c:2759 > #9 0x00007fece1e7107f in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 > #10 0x00007fece1e6664c in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 > #11 0x00007fece1e6711b in sieve_result_implicit_keep () from /usr/lib/dovecot/libdovecot-sieve.so.0 > #12 0x00007fece1e7a6e1 in sieve_multiscript_finish () from /usr/lib/dovecot/libdovecot-sieve.so.0 > #13 0x00007fece20e6488 in ?? () from /usr/lib/dovecot/modules/lib90_sieve_plugin.so > #14 0x00007fece5cfa60d in mail_do_deliver (storage_r=0x7ffc0dcb6d00, ctx=0x7ffc0dcb6df0) at mail-deliver.c:542 > #15 mail_deliver (ctx=ctx at entry=0x7ffc0dcb6df0, storage_r=storage_r at entry=0x7ffc0dcb6d00) at mail-deliver.c:592 > #16 0x00005569a7b930e1 in lmtp_local_default_deliver (client=0x5569a8d97898, lrcpt=<optimized out>, cmd=<optimized out>, trans=<optimized out>, > lldctx=0x7ffc0dcb7030) at lmtp-local.c:593 > #17 0x00005569a7b938cf in lmtp_local_deliver (local=0x5569a8dbd9b0, local=0x5569a8dbd9b0, session=0x5569a8dd6748, src_mail=0x5569a8dd1b18, > llrcpt=0x5569a8db8600, trans=0x5569a8db8ab8, cmd=0x5569a8db8088) at lmtp-local.c:530 > #18 lmtp_local_deliver_to_rcpts (session=0x5569a8dd6748, trans=0x5569a8db8ab8, cmd=0x5569a8db8088, local=0x5569a8dbd9b0) at lmtp-local.c:654 > #19 lmtp_local_data (client=client at entry=0x5569a8d97898, cmd=cmd at entry=0x5569a8db8088, trans=trans at entry=0x5569a8db8ab8, input=<optimized out>) > at lmtp-local.c:730 > #20 0x00005569a7b920cf in client_default_cmd_data (client=0x5569a8d97898, cmd=0x5569a8db8088, trans=0x5569a8db8ab8, data_input=0x5569a8dbcc00, > data_size=<optimized out>) at lmtp-commands.c:275 > #21 0x00005569a7b91e6f in cmd_data_finish (trans=0x5569a8db8ab8, cmd=0x5569a8db8088, client=0x5569a8d97898) at lmtp-commands.c:165 > #22 cmd_data_continue (conn_ctx=0x5569a8d97898, cmd=0x5569a8db8088, trans=0x5569a8db8ab8) at lmtp-commands.c:213 > #23 0x00007fece56522c7 in cmd_data_do_handle_input (cmd=0x5569a8db8088) at smtp-server-cmd-data.c:285 > #24 cmd_data_handle_input (cmd=0x5569a8db8088) at smtp-server-cmd-data.c:333 > #25 0x00007fece56fc2af in io_loop_call_io (io=0x5569a8db68e0) at ioloop.c:718 > #26 0x00007fece56fdc8c in io_loop_handler_run_internal (ioloop=ioloop at entry=0x5569a8d5cfd0) at ioloop-epoll.c:222 > #27 0x00007fece56fc3c0 in io_loop_handler_run (ioloop=<optimized out>) at ioloop.c:770 > #28 0x00007fece56fc5e8 in io_loop_run (ioloop=0x5569a8d5cfd0) at ioloop.c:743 > #29 0x00007fece566a4b3 in master_service_run (service=0x5569a8d5ce60, callback=<optimized out>) at master-service.c:809 > #30 0x00005569a7b90b45 in main (argc=<optimized out>, argv=<optimized out>) at main.c:169 > > Michael > > >> On 13. Dec 2019, at 12:10, Michael Stilkerich <ms at mike2k.de> wrote: >> >> Hi Aki, >> >> first thanks for the quick fix. >> >> Unfortunately, it only resolves the issue partially. For the ?To: undisclosed-recipients:;?, it works now. For ?To: ? it still crashes (i. e. what I did with my manual lmtp dialog). >> >> Michael >> >>> On 13. Dec 2019, at 11:54, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: >>> >>> Hi! >>> >>> We have released v2.3.9.1 fixing this issue. >>> >>> Thank you for your effort! >>> >>> Aki >>> >>> On 13.12.2019 12.27, Michael Stilkerich wrote: >>>> Hallo Aki, >>>> >>>> the affected code location seems to be concerned with parsing to ?To:? header. I checked all the mails causing the crash, the To: header is either empty (but present) or contains ?undisclosed-recipients:;?. >>>> >>>> I checked this manually and sure enough lmtp crashes: >>>> >>>> nc -C -U dovecot-lmtp >>>> 220 keira.mike2k.de Dovecot ready. >>>> LHLO keira.mike2k.de >>>> 250-keira.mike2k.de >>>> 250-8BITMIME >>>> 250-CHUNKING >>>> 250-ENHANCEDSTATUSCODES >>>> 250-PIPELINING >>>> 250 STARTTLS >>>> MAIL FROM:<ms at mike2k.de> >>>> 250 2.1.0 OK >>>> RCPT TO:<mikey at localhost.mike2k.de> >>>> 250 2.1.5 OK >>>> DATA >>>> 354 OK >>>> To: >>>> >>>> bla >>>> >>>> . >>>> >>>> >>>> (and thats it, connection closed because of the segfault). >>>> >>>> Michael >>>> >>>>> On 11. Dec 2019, at 08:07, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: >>>>> >>>>> Hi! >>>>> >>>>> Can you provide a mail sample and doveconf -n please? >>>>> >>>>> Aki >>>>> >>>>>> On 11/12/2019 08:57 Michael Stilkerich via dovecot <dovecot at dovecot.org> wrote: >>>>>> >>>>>> >>>>>> Hello, >>>>>> >>>>>> since the upgrade from 2.3.8 to 2.3.9 (using the Ubuntu 18.04 packages from dovecot.org), lmtp crashes for me for some mails. Currently I have three pending mails in my postfix deferred queue since the upgrade a couple of days ago. I did not observe these issues with 2.3.8. >>>>>> >>>>>> The backtrace from one of the coredumps: >>>>>> >>>>>> Reading symbols from /usr/lib/dovecot/lmtp...Reading symbols from /usr/lib/debug/.build-id/f3/3a5089463b1234cbcf90bf10033d1dd5613821.debug...done. >>>>>> done. >>>>>> [New LWP 1554] >>>>>> [Thread debugging using libthread_db enabled] >>>>>> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". >>>>>> Core was generated by `dovecot/lmtp'. >>>>>> Program terminated with signal SIGSEGV, Segmentation fault. >>>>>> #0 decode_address_header (pool=pool at entry=0x560631ad6d10, hdr=0x560631add4c8 "", address_r=address_r at entry=0x560631ad7090, name_r=name_r at entry=0x560631ad7098) >>>>>> at push-notification-event-message-common.c:20 >>>>>> 20 push-notification-event-message-common.c: No such file or directory. >>>>>> (gdb) bt >>>>>> #0 decode_address_header (pool=pool at entry=0x560631ad6d10, hdr=0x560631add4c8 "", address_r=address_r at entry=0x560631ad7090, name_r=name_r at entry=0x560631ad7098) >>>>>> at push-notification-event-message-common.c:20 >>>>>> #1 0x00007f3f37955fbb in decode_address_header (name_r=0x560631ad7098, address_r=0x560631ad7090, hdr=<optimized out>, pool=0x560631ad6d10) at push-notification-event-message-common.c:62 >>>>>> #2 push_notification_message_fill (mail=mail at entry=0x560631adc088, pool=0x560631ad6d10, >>>>>> event_flags=(PUSH_NOTIFICATION_MESSAGE_HDR_FROM | PUSH_NOTIFICATION_MESSAGE_HDR_TO | PUSH_NOTIFICATION_MESSAGE_HDR_SUBJECT | PUSH_NOTIFICATION_MESSAGE_HDR_DATE | PUSH_NOTIFICATION_MESSAGE_BODY_SNIPPE$), from=<optimized out>, to=<optimized out>, subject=<optimized out>, date=0x560631ad7050, date_tz=0x560631ad7058, message_id=0x560631ad7078, flags=0x560631ad706c, flags_set=0x560631ad7068, >>>>>> keywords=0x560631ad7070, snippet=0x560631ad7060, ext=0x560631ad7080) at push-notification-event-message-common.c:62 >>>>>> #3 0x00007f3f37955a41 in push_notification_event_messagenew_event (ptxn=0x560631ad6d38, ec=0x560631ad6fe0, msg=0x560631ad7010, mail=0x560631adc088) at push-notification-event-messagenew.c:83 >>>>>> #4 0x00007f3f379571bd in push_notification_trigger_msg_save_new (txn=0x560631ad6d38, mail=0x560631adc088, msg=0x560631ad7010) at push-notification-triggers.c:138 >>>>>> #5 0x00007f3f383f52f3 in notify_contexts_mail_save (mail=0x560631adc088) at notify-plugin.c:62 >>>>>> #6 0x00007f3f383f65b8 in notify_copy (ctx=0x560631ad7890, mail=0x560631a98b18) at notify-storage.c:104 >>>>>> #7 0x00007f3f3860873d in quota_copy (ctx=0x560631ad7890, mail=0x560631a98b18) at quota-storage.c:302 >>>>>> #8 0x00007f3f39f91e32 in mailbox_copy_int (_ctx=<optimized out>, mail=0x560631a98b18) at mail-storage.c:2759 >>>>>> #9 0x00007f3f3641907f in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 >>>>>> #10 0x00007f3f3640e64c in ?? () from /usr/lib/dovecot/libdovecot-sieve.so.0 >>>>>> #11 0x00007f3f3640f11b in sieve_result_implicit_keep () from /usr/lib/dovecot/libdovecot-sieve.so.0 >>>>>> #12 0x00007f3f364226e1 in sieve_multiscript_finish () from /usr/lib/dovecot/libdovecot-sieve.so.0 >>>>>> #13 0x00007f3f3668e488 in ?? () from /usr/lib/dovecot/modules/lib90_sieve_plugin.so >>>>>> #14 0x00007f3f3a2a260d in mail_do_deliver (storage_r=0x7ffedf944b40, ctx=0x7ffedf944c30) at mail-deliver.c:542 >>>>>> #15 mail_deliver (ctx=ctx at entry=0x7ffedf944c30, storage_r=storage_r at entry=0x7ffedf944b40) at mail-deliver.c:592 >>>>>> #16 0x000056063169c0e1 in lmtp_local_default_deliver (client=0x560631a5e898, lrcpt=<optimized out>, cmd=<optimized out>, trans=<optimized out>, lldctx=0x7ffedf944e70) at lmtp-local.c:593 >>>>>> #17 0x000056063169c8cf in lmtp_local_deliver (local=0x560631a849b0, local=0x560631a849b0, session=0x560631a9d748, src_mail=0x560631a98b18, llrcpt=0x560631a7f600, trans=0x560631a7fab8, cmd=0x560631a7f088) >>>>>> at lmtp-local.c:530 >>>>>> #18 lmtp_local_deliver_to_rcpts (session=0x560631a9d748, trans=0x560631a7fab8, cmd=0x560631a7f088, local=0x560631a849b0) at lmtp-local.c:654 >>>>>> #19 lmtp_local_data (client=client at entry=0x560631a5e898, cmd=cmd at entry=0x560631a7f088, trans=trans at entry=0x560631a7fab8, input=<optimized out>) at lmtp-local.c:730 >>>>>> #20 0x000056063169b0cf in client_default_cmd_data (client=0x560631a5e898, cmd=0x560631a7f088, trans=0x560631a7fab8, data_input=0x560631a83c00, data_size=<optimized out>) at lmtp-commands.c:275 >>>>>> #21 0x000056063169ae6f in cmd_data_finish (trans=0x560631a7fab8, cmd=0x560631a7f088, client=0x560631a5e898) at lmtp-commands.c:165 >>>>>> #22 cmd_data_continue (conn_ctx=0x560631a5e898, cmd=0x560631a7f088, trans=0x560631a7fab8) at lmtp-commands.c:213 >>>>>> #23 0x00007f3f39bfa2c7 in cmd_data_do_handle_input (cmd=0x560631a7f088) at smtp-server-cmd-data.c:285 >>>>>> #24 cmd_data_handle_input (cmd=0x560631a7f088) at smtp-server-cmd-data.c:333 >>>>>> #25 0x00007f3f39ca42af in io_loop_call_io (io=0x560631a7d8e0) at ioloop.c:718 >>>>>> #26 0x00007f3f39ca5c8c in io_loop_handler_run_internal (ioloop=ioloop at entry=0x560631a23fd0) at ioloop-epoll.c:222 >>>>>> #27 0x00007f3f39ca43c0 in io_loop_handler_run (ioloop=<optimized out>) at ioloop.c:770 >>>>>> #28 0x00007f3f39ca45e8 in io_loop_run (ioloop=0x560631a23fd0) at ioloop.c:743 >>>>>> #29 0x00007f3f39c124b3 in master_service_run (service=0x560631a23e60, callback=<optimized out>) at master-service.c:809 >>>>>> #30 0x0000560631699b45 in main (argc=<optimized out>, argv=<optimized out>) at main.c:169 >>>>>> >>>>>> I can provide one of the mails causing the crash if helpful (they are all spam). >>>>>> >>>>>> Best regards, >>>>>> Michael