Bug 2128857

Summary: If mailbox opening fails, the backend mailbox is leaked and process crashes when client disconnects
Product: Red Hat Enterprise Linux 8 Reporter: jcalhoun
Component: dovecotAssignee: Michal Hlavinka <mhlavink>
Status: MODIFIED --- QA Contact: Evgeny Fedin <efedin>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 8.7CC: efedin, mhlavink
Target Milestone: rcKeywords: Patch, Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: dovecot-2.3.16-4.el8 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 2231408 (view as bug list) Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2231408    

Description jcalhoun 2022-09-21 17:19:43 UTC 
Description of problem:

A customer is hitting an issue with the dovecot lmtp process when sieve rules fail. For example, when a user sets an invalid forward address (in forward sieve rule), the message gets rejected when forwarded (as expected) - but the rejection causes the dovecot lmtp process to crash. After some time, probably when multiple such lmtp crashes occur, the whole lmtp process stops working temporarily.

Version-Release number of selected component (if applicable):

  Red Hat Enterprise Linux release 8.6 (Ootpa)

  dovecot-2.3.16-2.el8.x86_64
  dovecot-mysql-2.3.16-2.el8.x86_64
  dovecot-pigeonhole-2.3.16-2.el8.x86_64

How reproducible:

Always. This cycle repeats multiple times a day.

Steps to Reproduce:
1. Set invalid forward address on a message to be processed by sieve rule.
2. Repeat until dovecot lmtp process fails with a panic.

Actual results:

Aug 31 12:40:40 server dovecot[932770]: lmtp(987026): Panic: file mail-user.c: line 229 (mail_user_deinit): assertion failed: ((*user)->refcount == 1)
Aug 31 12:40:40 server dovecot[932770]: lmtp(987026): Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(backtrace_append+0x41) [0x7f2438ea2e11] -> /usr/lib64/dovecot/libdovecot.so.0(backtrace_get+0x22) [0x7f2438ea2f32] -> /usr/lib64/dovecot/libdovecot.so.0(+0x10914b) [0x7f2438eb014b] -> /usr/lib64/dovecot/libdovecot.so.0(+0x1091e7) [0x7f2438eb01e7] -> /usr/lib64/dovecot/libdovecot.so.0(+0x5c146) [0x7f2438e03146] -> /usr/lib64/dovecot/libdovecot-storage.so.0(+0x475dd) [0x7f24391bf5dd] -> dovecot/lmtp [193.2.0.184 DATA](lmtp_local_data+0x3ed) [0x5623bac2aa2d] -> dovecot/lmtp [193.2.0.184 DATA](client_default_cmd_data+0x190) [0x5623bac29560] -> dovecot/lmtp [193.2.0.184 DATA](cmd_data_continue+0x1f5) [0x5623bac29335] -> /usr/lib64/dovecot/libdovecot.so.0(+0x7b0d4) [0x7f2438e220d4] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x6d) [0x7f2438ec699d] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x135) [0x7f2438ec8025] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x50) [0x7f2438ec6a40] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x40) [0x7f2438ec6bc0] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x17) [0x7f2438e38387] -> dovecot/lmtp [193.2.0.184 DATA](main+0x230) [0x5623bac27ef0] -> /lib64/libc.so.6(__libc_start_main+0xf3) [0x7f2438a1ccf3] -> dovecot/lmtp [193.2.0.184 DATA](_start+0x2e) [0x5623bac27ffe]

Expected results:

The lmtp process does not crash from expected sieve rule failures or other mailbox opening failures.

Additional info:

Issue is similar to that discussed on the following upstream mailing list. Each manifests in different ways, but the end result of the lmtp process crashing is the same:

  Panic/Fatal error in lmtp when quota is full
  https://www.mail-archive.com/dovecot@dovecot.org/msg84543.html

This has been fixed in upstream dovecot v2.3.18:

- virtual: If mailbox opening fails, the backend mailbox is leaked and
	  process crashes when client disconnects. Fixes
	  Panic: file mail-user.c: line 232 (mail_user_deinit):
	  assertion failed: ((*user)->refcount == 1)

  https://dovecot.org/doc/NEWS

The system has had the following updated upstream packages installed and the issue is no longer present:

  dovecot-2.3.19.1-2.x86_64
  dovecot-mysql-2.3.19.1-2.x86_64
  dovecot-pigeonhole-2.3.19.1-2.x86_64