dovecot auth failure due to panic in libpam_fscrypt

To: debian-user@lists.debian.org
Subject: dovecot auth failure due to panic in libpam_fscrypt
From: Max Nikulin <manikulin@gmail.com>
Date: Mon, 4 Dec 2023 23:41:16 +0700
Message-id: <[🔎] ukkvfe$22g$1@ciao.gmane.io>

Does anybody have ideas concerning incompatibility of dovecot IMAPserver authentication and libpam_fscrypt? It seems Go runtime loadedinto authentication worker is unable to allocate memory.

To keep local mail archive I use a dovecot instance. This machine doesnot receive or send mail using SMTP, it is purely IMAP server.Installing of libpam-fscrypt caused authentication failures:

dovecot[72165]: auth-worker: Error: fatal error: failed to reserve pagesummary memory

dovecot[72165]: auth-worker: Error:
dovecot[72165]: auth-worker: Error: runtime stack:

dovecot[72165]: auth-worker: Error: runtime.throw({0x7f552c418194?,0x7f552c1feb10?})dovecot[72165]: auth-worker: Error: runtime/panic.go:1047 +0x5ffp=0x7f552c1feac0 sp=0x7f552c1fea90 pc=0x7f552c28a53fdovecot[72165]: auth-worker: Error:runtime.(*pageAlloc).sysInit(0x7f552c5f6fd0)dovecot[72165]: auth-worker: Error:runtime/mpagealloc_64bit.go:82 +0x195 fp=0x7f552c1feb48sp=0x7f552c1feac0 pc=0x7f552c280ef5dovecot[72165]: auth-worker: Error:runtime.(*pageAlloc).init(0x7f552c5f6fd0, 0x7f552c5f6fc0, 0x0?)dovecot[72165]: auth-worker: Error: runtime/mpagealloc.go:324+0x70 fp=0x7f552c1feb70 sp=0x7f552c1feb48 pc=0x7f552c27eb50

dovecot[72165]: auth-worker: Error: runtime.(*mheap).init(0x7f552c5f6fc0)

dovecot[72165]: auth-worker: Error: runtime/mheap.go:729 +0x13ffp=0x7f552c1feba8 sp=0x7f552c1feb70 pc=0x7f552c27bf5f

dovecot[72165]: auth-worker: Error: runtime.mallocinit()

dovecot[72165]: auth-worker: Error: runtime/malloc.go:407 +0xb2fp=0x7f552c1febd0 sp=0x7f552c1feba8 pc=0x7f552c260e72

dovecot[72165]: auth-worker: Error: runtime.schedinit()

dovecot[72165]: auth-worker: Error: runtime/proc.go:693 +0xabfp=0x7f552c1fec30 sp=0x7f552c1febd0 pc=0x7f552c28df0b

dovecot[72165]: auth-worker: Error: runtime.rt0_go()

dovecot[72165]: auth-worker: Error: runtime/asm_amd64.s:345+0x120 fp=0x7f552c1fec38 sp=0x7f552c1fec30 pc=0x7f552c2b7c20dovecot[72165]: auth: Error: auth-worker: Aborted PASSV request formailuser: Worker process died unexpectedlydovecot[72165]: auth-worker: Fatal: master: service(auth-worker): child72211 returned error 2


PID 72165 is dovecot/log.
10-auth.conf:auth_mechanisms = plain

A workaround is to use custom /etc/pam.d/dovecot that does not relies oncommon-auth, etc.

I am realizing that fscrypt with login protector is hardly compatiblewith mail server and home directory of this user is not encrypted.libpam-fscrypt is installed for another user that has encrypted homedirectory, but has no mail.

My expectation is that pam_fscrypt.so should be noop in such case andcertainly should not cause authentication failure. I can not figure outif it is pam_fscrypt or dovecot auth-worker failure, e.g. impropercompile or link options, perhaps some runtime protections intended toprevent memory leaks or some sort of attack.

Reply to:

Follow-Ups:
- [SOLVED] Re: dovecot auth failure due to panic in libpam_fscrypt
  - From: Max Nikulin <manikulin@gmail.com>

Prev by Date: Re: ntpsec as server questions
Next by Date: Re: Telnet
Previous by thread: Refund on Marketplace Charge
Next by thread: [SOLVED] Re: dovecot auth failure due to panic in libpam_fscrypt
Index(es):
- Date
- Thread