Dear Maintainer,
I tried to have a look at the kernel message and if I could
retrieve some more information with the help of the dbgsym
package, like described in [1].
And I came up with the following location:
at 0x55555557997c: file imap-notify.c, line 305.
0x0000555555579976 <imap_client_notify_more+166>: 41 bc ff ff ff ff
mov $0xffffffff,%r12d
***0x000055555557997c <imap_client_notify_more+172>: 48 8b 78 08
mov 0x8(%rax),%rdi
0x0000555555579980 <imap_client_notify_more+176>: e8 8b 77 ff ff callq
0x555555571110 <client_send_line>
This would match the "at 8" and the "ip ...97c" from the kernel output.
And would lead to this source location [2].
A "blame" from the github page shows this commit fixing
a crash [3], which might be what happened here too.
Kind regards,
Bernhard
[1] https://wiki.debian.org/InterpretingKernelOutputAtProcessCrash
[2]
https://sources.debian.org/src/dovecot/1:2.3.4.1-5+deb10u6/src/imap/imap-notify.c/#L305
(From the deb10u6 because deb10u5 is not there any more.)
[3]
https://github.com/dovecot/core/commit/49daa901338a7b4749a48f0b34e199e2f6644f67
https://wiki.debian.org/InterpretingKernelOutputAtProcessCrash
From submitter:
Jan 6 14:55:54 uggla kernel: [145284.855936] imap[18530]: segfault at 8 ip
000055c38b20f97c sp 00007ffe4baaaa40 error 4 in imap[55c38b1f7000+24000]
Jan 6 14:55:54 uggla kernel: [145284.855945] Code: 5d 41 5c 41 5d e9 2b ca fe
ff 0f 1f 40 00 45 89 ec 48 89 df 48 39 eb 75 bd 48 8b 45 00 48 8d 35 da f4 00
00 41 bc ff ff ff ff <48> 8b 78 08 e8 8b 77 ff ff 48 83 c4 08 44 89 e0 5b 5d 41
5c 41 5d
error 4 == 0b100
- 0: no page found
- 0: read access
- 1: user-mode access
# echo -n "find /b ..., ..., 0x" && \
> echo "5d 41 5c 41 5d e9 2b ca fe ff 0f 1f 40 00 45 89 ec 48 89 df 48 39 eb 75
> bd 48 8b 45 00 48 8d 35 da f4 00 00 41 bc ff ff ff ff <48> 8b 78 08 e8 8b 77
> ff ff 48 83 c4 08 44 89 e0 5b 5d 41 5c 41 5d" \
> | sed 's/[<>]//g' | sed 's/ /, 0x/g'
find /b ..., ..., 0x5d, 0x41, 0x5c, 0x41, 0x5d, 0xe9, 0x2b, 0xca, 0xfe, 0xff,
0x0f, 0x1f, 0x40, 0x00, 0x45, 0x89, 0xec, 0x48, 0x89, 0xdf, 0x48, 0x39, 0xeb,
0x75, 0xbd, 0x48, 0x8b, 0x45, 0x00, 0x48, 0x8d, 0x35, 0xda, 0xf4, 0x00, 0x00,
0x41, 0xbc, 0xff, 0xff, 0xff, 0xff, 0x48, 0x8b, 0x78, 0x08, 0xe8, 0x8b, 0x77,
0xff, 0xff, 0x48, 0x83, 0xc4, 0x08, 0x44, 0x89, 0xe0, 0x5b, 0x5d, 0x41, 0x5c,
0x41, 0x5d
# Buster/stable amd64 qemu VM 2021-03-04
apt update
apt dist-upgrade
apt install gdb dovecot-imapd-dbgsym
# dpkg -l | grep 2.3.4.1-5+deb10u
ii dovecot-core 1:2.3.4.1-5+deb10u6 amd64
secure POP3/IMAP server - core files
ii dovecot-imapd 1:2.3.4.1-5+deb10u6 amd64
secure POP3/IMAP server - IMAP daemon
ii dovecot-imapd-dbgsym 1:2.3.4.1-5+deb10u6 amd64
debug symbols for dovecot-imapd
wget
https://snapshot.debian.org/archive/debian-security/20210104T152436Z/pool/updates/main/d/dovecot/dovecot-core_2.3.4.1-5%2Bdeb10u5_amd64.deb
wget
https://snapshot.debian.org/archive/debian-security/20210104T152436Z/pool/updates/main/d/dovecot/dovecot-imapd_2.3.4.1-5%2Bdeb10u5_amd64.deb
wget
https://snapshot.debian.org/archive/debian-debug/20210110T023633Z/pool/main/d/dovecot/dovecot-imapd-dbgsym_2.3.4.1-5%2Bdeb10u5_amd64.deb
dpkg -i dovecot-core_2.3.4.1-5+deb10u5_amd64.deb
dovecot-imapd-dbgsym_2.3.4.1-5+deb10u5_amd64.deb
dovecot-imapd_2.3.4.1-5+deb10u5_amd64.deb
gdb -q
set width 0
set pagination off
file /usr/lib/dovecot/imap
tb main
run
...
info target
0x0000555555562c50 - 0x0000555555584251 is .text
find /b 0x0000555555562c50, 0x0000555555584251, 0x5d, 0x41, 0x5c, 0x41, 0x5d,
0xe9, 0x2b, 0xca, 0xfe, 0xff, 0x0f, 0x1f, 0x40, 0x00, 0x45, 0x89, 0xec, 0x48,
0x89, 0xdf, 0x48, 0x39, 0xeb, 0x75, 0xbd, 0x48, 0x8b, 0x45, 0x00, 0x48, 0x8d,
0x35, 0xda, 0xf4, 0x00, 0x00, 0x41, 0xbc, 0xff, 0xff, 0xff, 0xff, 0x48, 0x8b,
0x78, 0x08, 0xe8, 0x8b, 0x77, 0xff, 0xff, 0x48, 0x83, 0xc4, 0x08, 0x44, 0x89,
0xe0, 0x5b, 0x5d, 0x41, 0x5c, 0x41, 0x5d
0x555555579952 <imap_client_notify_more+130>
1 pattern found.
b * (0x555555579952 + 42)
Breakpoint 2 at 0x55555557997c: file imap-notify.c, line 305.
info b
Num Type Disp Enb Address What
2 breakpoint keep y 0x000055555557997c in imap_client_notify_more
at imap-notify.c:305
disassemble /r 0x555555579952, 0x555555579952 + 62
Dump of assembler code from 0x555555579952 to 0x555555579990:
0x0000555555579952 <imap_client_notify_more+130>: 5d
pop %rbp
0x0000555555579953 <imap_client_notify_more+131>: 41 5c
pop %r12
0x0000555555579955 <imap_client_notify_more+133>: 41 5d
pop %r13
0x0000555555579957 <imap_client_notify_more+135>: e9 2b ca fe ff
jmpq 0x555555566387 <__x86_return_thunk>
0x000055555557995c <imap_client_notify_more+140>: 0f 1f 40 00
nopl 0x0(%rax)
0x0000555555579960 <imap_client_notify_more+144>: 45 89 ec
mov %r13d,%r12d
0x0000555555579963 <imap_client_notify_more+147>: 48 89 df
mov %rbx,%rdi
0x0000555555579966 <imap_client_notify_more+150>: 48 39 eb
cmp %rbp,%rbx
0x0000555555579969 <imap_client_notify_more+153>: 75 bd
jne 0x555555579928 <imap_client_notify_more+88>
0x000055555557996b <imap_client_notify_more+155>: 48 8b 45 00
mov 0x0(%rbp),%rax
0x000055555557996f <imap_client_notify_more+159>: 48 8d 35 da f4 00 00
lea 0xf4da(%rip),%rsi # 0x555555588e50
0x0000555555579976 <imap_client_notify_more+166>: 41 bc ff ff ff ff
mov $0xffffffff,%r12d
***0x000055555557997c <imap_client_notify_more+172>: 48 8b 78 08
mov 0x8(%rax),%rdi
0x0000555555579980 <imap_client_notify_more+176>: e8 8b 77 ff ff
callq 0x555555571110 <client_send_line>
0x0000555555579985 <imap_client_notify_more+181>: 48 83 c4 08
add $0x8,%rsp
0x0000555555579989 <imap_client_notify_more+185>: 44 89 e0
mov %r12d,%eax
0x000055555557998c <imap_client_notify_more+188>: 5b
pop %rbx
0x000055555557998d <imap_client_notify_more+189>: 5d
pop %rbp
0x000055555557998e <imap_client_notify_more+190>: 41 5c
pop %r12
End of assembler dump.
https://sources.debian.org/src/dovecot/1:2.3.4.1-5+deb10u6/src/imap/imap-notify.c/#L305
https://github.com/dovecot/core/commit/49daa901338a7b4749a48f0b34e199e2f6644f67
