Bug#925961: segfault in libdovecot-storage at unknown circumstances
Dear Maintainer, tried to get some more information out of the kernel segfault line, until a backtrace or core gets delivered... For the lines with "ip .90e" I guess it could be related to these functions: array_append_array_i mailbox_uidset_change mail_search_arg_init It might be that we hit following line with dest_array or src_array containing a null pointer. array.h:193 i_assert(dest_array->element_size == src_array->element_size); Then we would get such a segfault instead of the assert message. But sure, the problem behind needs more context. Kind regards, Bernhard # Stretch amd64 qemu VM 2019-03-29 apt update apt dist-upgrade apt install devscripts dpkg-dev mc systemd-coredump dovecot-imapd=1:2.3.4.1-1~bpo9+1 gdb wget https://snapshot.debian.org/archive/debian-debug/20190222T150352Z/pool/main/d/dovecot/dovecot-imapd-dbgsym_2.3.4.1-1%7Ebpo9%2B1_amd64.deb wget https://snapshot.debian.org/archive/debian-debug/20190222T150352Z/pool/main/d/dovecot/dovecot-core-dbgsym_2.3.4.1-1%7Ebpo9%2B1_amd64.deb dpkg -i dovecot-imapd-dbgsym_2.3.4.1-1~bpo9+1_amd64.deb dovecot-core-dbgsym_2.3.4.1-1~bpo9+1_amd64.deb mkdir /home/benutzer/source/dovecot/orig -p cd/home/benutzer/source/dovecot/orig dget https://snapshot.debian.org/archive/debian-debug/20190222T150352Z/pool/main/d/dovecot/dovecot_2.3.4.1-1%7Ebpo9%2B1.dsc cd From submitter: kernel: [1691560.449117] imap[8380]: segfault at 8 ip 7fea0c1c890e sp 7ffdc7607150 error 4 in libdovecot-storage.so.0.0.0[7fea0c10d000+12c000] https://www.enodev.fr/posts/decode-segfault-errors-in-dmesg.html https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/arch/x86/mm/fault.c?h=linux-4.9.y#n31 /* * Page fault error code bits: * * bit 0 ==<-> 0: no page found<->1: protection fault * bit 1 ==<-> 0: read access><-->1: write access * bit 2 ==<-> 0: kernel-mode access<>1: user-mode access * bit 3 ==<-><--><--><-->1: use of reserved bit detected * bit 4 ==<-><--><--><-->1: fault was an instruction fetch * bit 5 ==<-><--><--><-->1: protection keys block access */ enum x86_pf_error_code { <-->PF_PROT><-->=<-><-->1 << 0, <-->PF_WRITE<-->=<-><-->1 << 1, <-->PF_USER><-->=<-><-->1 << 2, <-->PF_RSVD><-->=<-><-->1 << 3, <-->PF_INSTR<-->=<-><-->1 << 4, <-->PF_PK<-><-->=<-><-->1 << 5, }; "error 4" == 0b100 bit 0 ==<--> 0: no page found bit 1 ==<--> 0: read access bit 2 ==<--> 1: user-mode access # script -c "gdb -q -ex 'set width 0' -ex 'set pagination off' -ex 'b main' -ex 'run' --args /usr/lib/dovecot/imap" -a gdb_$(date +%Y-%m-%d_%H-%M-%S).log info share disassemble 0x77ac15c0,0x77b8599e kill q root@debian:~# grep "90e " gdb_2019-03-29_23-29-10.log | grep "0x8(" 0x77ac690e : mov0x8(%r12),%rax 0x77ae390e : mov%rsi,0x8(%rsp) 0x77b6890e :mov %esi,0x8(%rdi) --> Could be the first line - as the second and third are writes # gdb -q --args /usr/lib/dovecot/imap set width 0 set pagination off b main directory /home/benutzer/source/dovecot/orig/dovecot-2.3.4.1/src/imap directory /home/benutzer/source/dovecot/orig/dovecot-2.3.4.1/src/lib-storage directory /home/benutzer/source/dovecot/orig/dovecot-2.3.4.1/src/lib run root@debian:~# gdb -q --args /usr/lib/dovecot/imap Reading symbols from /usr/lib/dovecot/imap...Reading symbols from /usr/lib/debug/.build-id/18/305c1d9a040a3941346dc9a9a34a0839fc3bf0.debug...done. done. (gdb) set width 0 (gdb) set pagination off (gdb) b main Breakpoint 1 at 0xd510: file main.c, line 416. (gdb) directory /home/benutzer/source/dovecot/orig/dovecot-2.3.4.1/src/imap Source directories searched: /home/benutzer/source/dovecot/orig/dovecot-2.3.4.1/src/imap:$cdir:$cwd (gdb) directory /home/benutzer/source/dovecot/orig/dovecot-2.3.4.1/src/lib-storage Source directories searched: /home/benutzer/source/dovecot/orig/dovecot-2.3.4.1/src/lib-storage:/home/benutzer/source/dovecot/orig/dovecot-2.3.4.1/src/imap:$cdir:$cwd (gdb) directory /home/benutzer/source/dovecot/orig/dovecot-2.3.4.1/src/lib Source directories searched: /home/benutzer/source/dovecot/orig/dovecot-2.3.4.1/src/lib:/home/benutzer/source/dovecot/orig/dovecot-2.3.4.1/src/lib-storage:/home/benutzer/source/dovecot/orig/dovecot-2.3.4.1/src/imap:$cdir:$cwd (gdb) run Starting program: /usr/lib/dovecot/imap Breakpoint 1, main (argc=1, argv=0x7fffed18) at main.c:416 416 { (gdb) print mail_search_arg_init $1 = {void (struct mail_search_args *, struct mail_search_arg *, bool, const union array__seq_range *)} 0x77ac67e0 (gdb) b *$1+302 Breakpoint 2 at 0x77ac690e: file ../../src/lib/array.h, line 193. (gdb) info b Num Type Disp Enb AddressWhat 1 breakpoint keep y
Bug#925961: segfault in libdovecot-storage at unknown circumstances
Package: dovecot-core Version: 1:2.3.4.1-1~bpo9+1 Severity: normal Yes, I know this is not very informative. I've already set ALLOW_COREDUMPS to 1 in /etc/default/dovecot and waiting for the next fault. % grep segfa kern.log* kern.log.1: Mar 17 13:27:09 mail kernel: [118616.482998] imap[3]: segfault at 8 ip 7efbff924cbb sp 7fff0b333890 error 4 in libdovecot-storage.so.0.0.0[7efbff858000+145000] % zgrep segfa kern.log*gz kern.log.2.gz:Mar 15 01:51:07 mail kernel: [1691560.449110] imap[8329]: segfault at 8 ip 7ff38ae2390e sp 7ffcd3317640 error 4 kern.log.2.gz:Mar 15 01:51:07 mail kernel: [1691560.449117] imap[8380]: segfault at 8 ip 7fea0c1c890e sp 7ffdc7607150 error 4 in libdovecot-storage.so.0.0.0[7fea0c10d000+12c000] kern.log.2.gz:Mar 15 01:51:07 mail kernel: [1691560.449438] imap[8371]: segfault at 8 ip 7f4775b0490e sp 7ffce2814cc0 error 4 in libdovecot-storage.so.0.0.0[7f4775a49000+12c000] kern.log.2.gz:Mar 15 01:51:07 mail kernel: [1691560.461685] imap[2435]: segfault at 8 ip 7fa8cb0ab90e sp 7ffc4185e130 error 4 in libdovecot-storage.so.0.0.0[7fa8caff+12c000] kern.log.3.gz:Mar 13 02:35:33 mail kernel: [1521426.802606] imap[11824]: segfault at 8 ip 7fa1b95d290e sp 7ffd935de700 error 4 kern.log.3.gz:Mar 13 02:35:33 mail kernel: [1521426.802614] imap[11827]: segfault at 8 ip 7f1afe53490e sp 7fffbeb753d0 error 4 in libdovecot-storage.so.0.0.0[7f1afe479000+12c000] kern.log.3.gz:Mar 13 02:35:33 mail kernel: [1521426.802983] imap[11837]: segfault at 8 ip 7f70b5c9b90e sp 7ffd7f80bc80 error 4 in libdovecot-storage.so.0.0.0[7f70b5be+12c000] % grep 'signal 11' mail.err* mail.err.1: Mar 17 13:27:09 mail dovecot: imap(sergio)<3>: Fatal: master: service(imap): child 3 killed with signal 11 (core dumps disabled - https://dovecot.org/bugreport.html#coredumps) % zgrep 'signal 11' mail.err* mail.err.1:Mar 17 13:27:09 mail dovecot: imap(sergio)<3>: Fatal: master: service(imap): child 3 killed with signal 11 (core dumps disabled - https://dovecot.org/bugreport.html#coredumps) mail.err.2.gz:Mar 15 01:51:07 mail dovecot: imap(sergio): Fatal: master: service(imap): child 8371 killed with signal 11 (core dumps disabled) mail.err.2.gz:Mar 15 01:51:07 mail dovecot: imap(sergio): Fatal: master: service(imap): child 8380 killed with signal 11 (core dumps disabled) mail.err.2.gz:Mar 15 01:51:07 mail dovecot: imap(sergio): Fatal: master: service(imap): child 8329 killed with signal 11 (core dumps disabled) mail.err.2.gz:Mar 15 01:51:07 mail dovecot: imap(sergio): Fatal: master: service(imap): child 2435 killed with signal 11 (core dumps disabled) mail.err.3.gz:Mar 13 02:35:33 mail dovecot: imap(sergio): Fatal: master: service(imap): child 11827 killed with signal 11 (core dumps disabled) mail.err.3.gz:Mar 13 02:35:33 mail dovecot: imap(sergio): Fatal: master: service(imap): child 11837 killed with signal 11 (core dumps disabled) mail.err.3.gz:Mar 13 02:35:33 mail dovecot: imap(sergio): Fatal: master: service(imap): child 11824 killed with signal 11 (core dumps disabled) % s dovecot -n # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.4 () doveconf: Warning: service auth { client_limit=1000 } is lower than required under max. load (1324) doveconf: Warning: service anvil { client_limit=1000 } is lower than required under max. load (1227) # OS: Linux 4.9.0-8-amd64 x86_64 Debian 9.8 ext4 # Hostname: mail.outerface.net auth_verbose = yes lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lmtp_rcpt_check_quota = yes lmtp_save_to_detail_mailbox = yes mail_home = /var/mail/%u mail_location = sdbox:/var/mail/%u mail_plugins = quota fts virtual mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext spamtest spamtestplus namespace { location = virtual:~/mailboxes/virtual prefix = virtual/ separator = / } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Spam { special_use = \Junk } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { fts_autoindex = yes quota = count:User quota quota_grace = 10%% quota_rule = *:storage=2G quota_vsizes = yes sieve = file:~/sieve;active=~/.dovecot.sieve sieve_extensions = +spamtest +spamtestplus sieve_global = /etc/dovecot/sieve/ sieve_spamtest_max_value = 120 sieve_spamtest_status_header = X-Spam_score_int sieve_spamtest_status_type = score } protocols =