I have also seen similar panic messages, when a user was searching for some plain text in their inbox, e.g.:
Sep 21 13:48:12 hostname dovecot: imap-login: Login: user=<username>, method=LOGIN, rip=12.34.56.78, lip=23.45.67.89, mpid=29488, TLS, session=<zs7bbNGvzOI0fYtc> Sep 21 14:04:00 hostname dovecot: imap(username)<29488><zs7bbNGvzOI0fYtc>: Panic: file message-parser.c: line 174 (message_part_finish): assertion failed: (ctx->nested_parts_count > 0) Sep 21 14:04:00 hostname dovecot: imap(username)<29488><zs7bbNGvzOI0fYtc>: Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(+0xdb62b) [0x7fa8e060262b] -> /usr/lib/dovecot/libdovecot.so.0(+0xdb6c1) [0x7fa8e06026c1] -> /usr/lib/dovecot/libdovecot.so.0(+0x4a149) [0x7fa8e0571149] -> /usr/lib/dovecot/libdovecot.so.0(+0x474ac) [0x7fa8e056e4ac] -> /usr/lib/dovecot/libdovecot.so.0(message_parser_parse_next_block+0x104) [0x7fa8e05ea844] -> /usr/lib/dovecot/libdovecot.so.0(message_search_msg+0xa8) [0x7fa8e05ecdf8] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0xcf89e) [0x7fa8e078589e] -> /usr/lib/dovecot/libdovecot-storage.so.0(mail_search_args_foreach+0x45) [0x7fa8e0707445] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0xd0774) [0x7fa8e0786774] -> /usr/lib/dovecot/libdovecot-storage.so.0(+0xd1a68) [0x7fa8e0787a68] -> /usr/lib/dovecot/libdovecot-storage.so.0(index_storage_search_next_nonblock+0x10d) [0x7fa8e078818d] -> /usr/lib/dovecot/libdovecot-storage.so.0(mailbox_search_next_nonblock+0x28) [0x7fa8e0710e58] -> dovecot/imap [username 12.34.56.78 UID SEARCH](+0x2691f) [0x55e4a815691f] -> dovecot/imap [username 12.34.56.78 UID SEARCH](command_exec+0x70) [0x55e4a814fd80] -> dovecot/imap [username 12.34.56.78 UID SEARCH](+0x25ed2) [0x55e4a8155ed2] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handle_timeouts+0x111) [0x7fa8e06188f1] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xd0) [0x7fa8e061a070] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x4c) [0x7fa8e0618b7c] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x40) [0x7fa8e0618ce0] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7fa8e05990d3] -> dovecot/imap [username 12.34.56.78 UID SEARCH](main+0x325) [0x55e4a8140bf5] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xeb) [0x7fa8e037909b] -> dovecot/imap [username 12.34.56.78 UID SEARCH](_start+0x2a) [0x55e4a8140d8a] Sep 21 14:04:00 hostname dovecot: imap(username)<29488><zs7bbNGvzOI0fYtc>: Fatal: master: service(imap): child 29488 killed with signal 6 (core dumped) Backtrace of one particular crash: #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007ffa11aac535 in __GI_abort () at abort.c:79 #2 0x00007ffa11ca6481 in default_fatal_finish (status=0, type=LOG_TYPE_PANIC) at failures.c:460 #3 fatal_handler_real (ctx=<optimized out>, format=<optimized out>, args=<optimized out>) at failures.c:472 #4 0x00007ffa11d376c1 in i_internal_fatal_handler ( ctx=<optimized out>, format=<optimized out>, args=<optimized out>) at failures.c:849 #5 0x00007ffa11ca6149 in i_panic ( format=format@entry=0x7ffa11d710d8 "file %s: line %d (%s): assertion failed: (%s)") at failures.c:524 #6 0x00007ffa11ca34ac in message_part_finish (ctx=<optimized out>) at message-parser.c:174 #7 0x00007ffa11d1f844 in message_parser_parse_next_block ( ctx=0x563a3b04c000, block_r=block_r@entry=0x7fffa0bb7420) at message-parser.c:836 #8 0x00007ffa11d21df8 in message_search_msg_real ( error_r=0x7fffa0bb7480, parts=<optimized out>, input=0x563a3b0557c0, ctx=0x563a3b055e20) at message-search.c:219 #9 message_search_msg (ctx=ctx@entry=0x563a3b055e20, input=0x563a3b0557c0, parts=<optimized out>, error_r=error_r@entry=0x7fffa0bb7480) at message-search.c:244 #10 0x00007ffa11eba89e in search_body (arg=0x563a3b07edd0, ctx=0x7fffa0bb7510) at index-search.c:697 #11 0x00007ffa11e3c445 in mail_search_args_foreach ( args=args@entry=0x563a3b07edd0, callback=callback@entry=0x7ffa11eba810 <search_body>, context=context@entry=0x7fffa0bb7510) at mail-search.c:448 #12 0x00007ffa11ebb774 in search_arg_match_text (ctx=0x563a3b050f80, args=0x563a3b07edd0) at index-search.c:847 #13 search_match_once (ctx=0x563a3b050f80) at index-search.c:1400 #14 0x00007ffa11ebca68 in search_match_next (ctx=0x563a3b050f80) at index-search.c:1507 #15 search_more_with_mail (mail=<optimized out>, ctx=0x563a3b050f80) at index-search.c:1624 #16 search_more_with_prefetching (mail_r=<optimized out>, ctx=<optimized out>) at index-search.c:1706 #17 search_more (ctx=0x563a3b050f80, mail_r=0x7fffa0bb7670) at index-search.c:1780 #18 0x00007ffa11ebd18d in index_storage_search_next_nonblock ( _ctx=0x563a3b050f80, mail_r=0x7fffa0bb7700, tryagain_r=0x7fffa0bb76ff) at index-search.c:1808 #19 0x00007ffa11e45e58 in mailbox_search_next_nonblock ( ctx=0x563a3b050f80, mail_r=mail_r@entry=0x7fffa0bb7700, tryagain_r=tryagain_r@entry=0x7fffa0bb76ff) at mail-storage.c:2140 #20 0x0000563a3abf991f in cmd_search_more (cmd=0x563a3b0013f8) at imap-search.c:440 #21 0x0000563a3abf2d80 in command_exec (cmd=0x563a3b0013f8) at imap-commands.c:201 #22 0x0000563a3abf8ed2 in cmd_search_more_callback ( cmd=<optimized out>) at imap-search.c:518 #23 0x00007ffa11d4d8f1 in io_loop_handle_timeouts_real ( ioloop=0x563a3afdef40) at ioloop.c:665 #24 io_loop_handle_timeouts (ioloop=ioloop@entry=0x563a3afdef40) at ioloop.c:679 #25 0x00007ffa11d4f070 in io_loop_handler_run_internal ( ioloop=ioloop@entry=0x563a3afdef40) at ioloop-epoll.c:194 #26 0x00007ffa11d4db7c in io_loop_handler_run (ioloop=0x563a3afdef40) at ioloop.c:750 #27 0x00007ffa11d4dce0 in io_loop_run (ioloop=0x563a3afdef40) at ioloop.c:723 #28 0x00007ffa11cce0d3 in master_service_run (service=0x563a3afdedd0, callback=callback@entry=0x563a3abfe8b0 <client_connected>) at master-service.c:781 #29 0x0000563a3abe3bf5 in main (argc=<optimized out>, argv=<optimized out>) at main.c:520 I managed to track down at least three mails that seem to cause this panic, which appears to be caused by bad MIME headers. (Spammers are rather fond of these. :) Note, I cannot attach these mails to this message, as otherwise the Debian bug system refuses them, since they appear to contain malware, which was probably the spammer's intent. So I uploaded them here: https://www.andric.com/debian/bug970386-1.eml.xz https://www.andric.com/debian/bug970386-2.eml.xz https://www.andric.com/debian/bug970386-3.eml.xz Please take care when unpacking and handling these; the only interesting parts about them are the bad MIME headers! For instance, bad-mail-1.eml has an "X-Amavis-Alert: BAD HEADER SECTION, MIME error: error: part did not end with expected boundary" warning, bad-mail-2.eml has an "X-Amavis-Alert: BAD HEADER SECTION, MIME error: error: unexpected end of header" warning, and bad-mail-3.eml even has multiple of these warnings. I also tried downgrading to 2.3.4.1-5+deb10u2 packages, and that made the panic messages go away. It now seems obvious that they are caused by the fixes for CVE-2020-12100 ("Receiving mail with deeply nested MIME parts leads to resource exhaustion as Dovecot attempts to parse it"): https://tracker.debian.org/news/1168771/accepted-dovecot-12341-5deb10u3-source-into-proposed-updates-stable-new-proposed-updates/ -Dimitry
