We uograded our dovecot from version 2.1.10 -> 2.10.12, but within
the first hour of use, dovecot-lda would segfault during delivery.
This left a lock file lying around causing the user's mail readers to
hang; much hilarity ensues. All further deliveries to the same user
will result in a crash.
The only thing that fixes this condition is to blow away the user's
INBOX cache index. Reindexing with "doveadm index" does not fix
anything.
I've installed a test version with one user's problematic INBOX
cache indices and ran
gdb dovecot-lda
(gdb) run -t testuser </dev/null
and it crashes with the following backtrace
Program received signal SIGSEGV, Segmentation fault.
0xff2a0440 in mail_cache_header_fields_read (cache=0x5c120) at
mail-cache-fields.c:323
323 if (field_hdr->size < sizeof(*field_hdr) +
(gdb) bt
#0 0xff2a0440 in mail_cache_header_fields_read (cache=0x5c120) at
mail-cache-fields.c:323
#1 0xff29e8bc in mail_cache_compress_locked (cache=0x5c120,
trans=0x63ce8, unlock=0xffbfeeef)
at mail-cache-compress.c:361
#2 0xff29efd0 in mail_cache_compress (cache=0x5c120, trans=0x63ce8) at
mail-cache-compress.c:489
#3 0xff2a3df4 in mail_cache_transaction_compress (ctx=0x5dac0) at
mail-cache-transaction.c:180
#4 0xff2a4084 in mail_cache_transaction_open_if_needed (ctx=0x5dac0)
at mail-cache-transaction.c:241
#5 0xff2a6e60 in mail_cache_field_want_add (ctx=0x5dac0, seq=1,
field_idx=12)
at mail-cache-transaction.c:1048
#6 0xff27e8e8 in index_mail_parse_header_register_all_wanted
(mail=0x5e6b0)
at index-mail-headers.c:175
#7 0xff27ec90 in index_mail_parse_header_init (mail=0x5e6b0,
headers=0x0)
at index-mail-headers.c:230
#8 0xff27f5c8 in index_mail_cache_parse_init (_mail=0x5e6b0,
input=0x63760)
at index-mail-headers.c:376
#9 0xff2299cc in mbox_save_get_input_stream (ctx=0x5dde8,
input=0x62ed0) at mbox-save.c:411
#10 0xff22a084 in mbox_save_begin (_ctx=0x5dde8, input=0x62ed0) at
mbox-save.c:520
#11 0xff24e9c0 in mailbox_save_begin (ctx=0xffbff514, input=0x62ed0) at
mail-storage.c:1652
#12 0xff23f138 in mail_storage_try_copy (_ctx=0xffbff514, mail=0x54cd8)
at mail-copy.c:68
#13 0xff23f23c in mail_storage_copy (ctx=0x5dde8, mail=0x54cd8) at
mail-copy.c:93
#14 0xff24ec28 in mailbox_copy (_ctx=0xffbff670, mail=0x54cd8) at
mail-storage.c:1721
#15 0xff24ec98 in mailbox_save_using_mail (ctx=0xffbff670,
mail=0x54cd8) at mail-storage.c:1730
#16 0xff388070 in mail_deliver_save (ctx=0xffbff8a8, mailbox=0x13fe8
"INBOX", flags=0,
keywords=0x0, storage_r=0xffbff83c) at mail-deliver.c:317
#17 0xff38869c in mail_deliver (ctx=0xffbff8a8, storage_r=0xffbff83c)
at mail-deliver.c:403
#18 0x00012d08 in main (argc=3, argv=0xffbff964) at main.c:434
I dumped the value of field_hdr, and it has some bogus value
(gdb) p field_hdr
$1 = (const struct mail_cache_header_fields *) 0x20
Other observations
- blowing away the indices does not fix it permanantly. The
the LDA will eventually start crashing again.
- the problematic indices do not cause problems with 2.1.10.
Reverting to 2.1.10 restores proper mail delivery.
Is this enough debug info to work your magic, Timo? I can supply the cache data
if you neded it. It's compiled on a Solaris10.
Joseph Tam <jtam.h...@gmail.com>
