On Sun, Sep 05, 2021 at 11:13:45PM +0300, Evgeniy Berdnikov via Exim-users wrote:
> I built unstripped binary, let's wait for segfaults.
Several happened last night, 1st coredump is below.
2021-09-06 06:13:18.702 [116601] SIGSEGV (maybe attempt to write to immutable memory)
# echo bt full | gdb -c core.116601 -f /usr/sbin/exim4
------------------------------------------------------------------------
GNU gdb (Debian 10.1-2) 10.1.90.20210103-git
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "i686-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/sbin/exim4...
[New LWP 116601]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/exim4 -bd -q1m'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0xf71d5b0d in ?? () from /usr/lib/i386-linux-gnu/libgnutls.so.30
(gdb) #0 0xf71d5b0d in ?? () from /usr/lib/i386-linux-gnu/libgnutls.so.30
No symbol table info available.
#1 0xf71d5be6 in gnutls_x509_trust_list_get_issuer ()
from /usr/lib/i386-linux-gnu/libgnutls.so.30
No symbol table info available.
#2 0xf71d6613 in gnutls_x509_trust_list_verify_crt2 ()
from /usr/lib/i386-linux-gnu/libgnutls.so.30
No symbol table info available.
#3 0xf7161647 in ?? () from /usr/lib/i386-linux-gnu/libgnutls.so.30
No symbol table info available.
#4 0xf7161f3f in gnutls_certificate_verify_peers ()
from /usr/lib/i386-linux-gnu/libgnutls.so.30
No symbol table info available.
#5 0xf7161fd0 in gnutls_certificate_verify_peers2 ()
from /usr/lib/i386-linux-gnu/libgnutls.so.30
No symbol table info available.
#6 0x5663599b in verify_certificate (state=<optimized out>, errstr=0xffe872d0)
at tls-gnu.c:2518
rc = <optimized out>
verify = 1460649816
__FUNCTION__ = "verify_certificate"
#7 0x56637c2b in tls_client_start (cctx=0x57ccb5a8, conn_args=0x57cbb54c,
cookie=0x57ca1ff4, tlsp=0x56714ee0 <tls_out>, errstr=0xffe872d0)
at tls-gnu.c:3591
host = 0x57ca32bc
tb = <optimized out>
ob = 0x570fbe6c
rc = 0
state = 0x570fcfb4
cipher_list = <optimized out>
require_ocsp = 0
request_ocsp = 1
__FUNCTION__ = "tls_client_start"
#8 0x566696c6 in smtp_setup_conn (sx=<optimized out>,
suppress_tls=<optimized out>) at smtp.c:2673
buffer2 = "220 2.7.0 Ready to start TLS\000t\350\377;\200\070\367<s\350\377.\347hV@t\350\377\006\000\000\000<s\350\377`1\312W\027\000\000\000`1\312W\002ru\000\214&qV.\347hV`1\312Wl-\312W\025\020cV\000\000\000\000\001\200\255\373`1\312W`1\312W`1\312W`1\312Wl1\312Ww1\312W`1\312Ww1\312W", '\000' <repeats 20 times>, "\324IqV\000\000\000\000\330IqV\000\000\000\377\000\000\000\000HClV\001\000CM\204/\312W\377\377\377\377", '\000' <repeats 12 times>...
ob = <optimized out>
pass_message = 0
message = 0x0
yield = 0
tls_errstr = 0x0
__FUNCTION__ = "smtp_setup_conn"
#9 0x56643e56 in do_callout (pm_mailfrom=<optimized out>,
se_mailfrom=<optimized out>, options=<optimized out>,
callout_connect=<optimized out>, callout_overall=<optimized out>,
callout=<optimized out>, tf=0xffe88630, host_list=<optimized out>,
addr=<optimized out>) at verify.c:677
host_af = <optimized out>
port = 25
interface = 0x0
host = <optimized out>
ob = <optimized out>
sx = 0x57cbb544
yield = 0
from_address = <optimized out>
random_local_part = 0x0
save_deliver_domain = <optimized out>
failure_ptr = <optimized out>
callout_start_time = <optimized out>
old_domain_cache_result = <optimized out>
done = 0
address_key = <optimized out>
new_domain_record = {time_stamp = -147406423, result = 0,
postmaster_result = 0, random_result = 0,
postmaster_stamp = 1472965820, random_stamp = 32}
new_address_record = {time_stamp = 0, result = 0}
yield = <optimized out>
old_domain_cache_result = <optimized out>
done = <optimized out>
address_key = <optimized out>
from_address = <optimized out>
random_local_part = <optimized out>
save_deliver_domain = <optimized out>
failure_ptr = <optimized out>
new_domain_record = {time_stamp = <optimized out>,
result = <optimized out>, postmaster_result = <optimized out>,
random_result = <optimized out>, postmaster_stamp = <optimized out>,
random_stamp = <optimized out>}
new_address_record = {time_stamp = <optimized out>,
result = <optimized out>}
callout_start_time = <optimized out>
__FUNCTION__ = "do_callout"
END_CALLOUT = <optimized out>
tls_retry_connection = <optimized out>
no_conn = <optimized out>
ob = <optimized out>
sx = <optimized out>
host = <optimized out>
host_af = <optimized out>
port = <optimized out>
interface = <optimized out>
main_address = <optimized out>
rcpt_domain = <optimized out>
errstr = <optimized out>
main_address = <optimized out>
s = <optimized out>
c = <optimized out>
oldpool = <optimized out>
caddr = <optimized out>
parent = <optimized out>
dullmsg = <optimized out>
#10 verify_address (vaddr=<optimized out>, fp=<optimized out>,
options=<optimized out>, callout=<optimized out>,
callout_overall=<optimized out>, callout_connect=<optimized out>,
se_mailfrom=<optimized out>, pm_mailfrom=<optimized out>,
routed=<optimized out>) at verify.c:1947
tp = <optimized out>
host_list = 0x57ca32bc
tf = {interface = 0x0, port = 0x5668ed4e "smtp",
protocol = 0x5668ed4e "smtp", hosts = 0x0,
helo_data = 0x566c0e96 "$primary_hostname", hosts_override = 0,
hosts_randomize = 0, gethostbyname = 0, qualify_single = 1,
search_parents = 0}
local_verify = <optimized out>
rc = <optimized out>
addr = <optimized out>
allok = <optimized out>
full_info = <optimized out>
expn = <optimized out>
success_on_redirect = <optimized out>
i = <optimized out>
yield = <optimized out>
verify_type = <optimized out>
addr_list = <optimized out>
addr_new = 0x0
addr_remote = 0x57ca1ff4
addr_local = 0x0
addr_succeed = 0x0
failure_ptr = <optimized out>
ko_prefix = <optimized out>
cr = <optimized out>
address = <optimized out>
save_sender = <optimized out>
null_sender = ""
#11 0x565a6642 in acl_verify (where=where@entry=2, addr=addr@entry=0x0,
arg=<optimized out>, user_msgptr=<optimized out>,
log_msgptr=<optimized out>, basic_errno=<optimized out>) at acl.c:2116
routed = 1
save_address_data = <optimized out>
sep = 47
callout = <optimized out>
callout_overall = <optimized out>
callout_connect = <optimized out>
verify_options = <optimized out>
rc = <optimized out>
verify_header_sender = <optimized out>
defer_ok = <optimized out>
callout_defer_ok = <optimized out>
no_details = <optimized out>
success_on_redirect = <optimized out>
quota = <optimized out>
quota_pos_cache = <optimized out>
quota_neg_cache = <optimized out>
sender_vaddr = 0x57ca1ff4
verify_sender_address = <optimized out>
pm_mailfrom = <optimized out>
se_mailfrom = <optimized out>
slash = <optimized out>
list = 0x570e8c5a ""
ss = <optimized out>
__FUNCTION__ = "acl_verify"
vp = <optimized out>
#12 0x565a868e in acl_check_condition (level=<optimized out>,
basic_errno=0xffe88e4c, log_msgptr=<optimized out>,
user_msgptr=<optimized out>, epp=<synthetic pointer>,
addr=<optimized out>, where=<optimized out>, cb=0x570e8c38,
verb=<optimized out>) at acl.c:3838
arg = 0x570e8c48 "sender/callout=90s"
control_type = <optimized out>
user_message = <optimized out>
log_message = 0x0
rc = 0
sep = -47
user_message = <optimized out>
log_message = <optimized out>
rc = <optimized out>
sep = <optimized out>
__FUNCTION__ = "acl_check_condition"
arg = <optimized out>
control_type = <optimized out>
lhswidth = <optimized out>
p = <optimized out>
fd = <optimized out>
af = <optimized out>
level = <optimized out>
optname = <optimized out>
value = <optimized out>
pp = <optimized out>
pp = <optimized out>
pp = <optimized out>
debug_tag = <optimized out>
debug_opts = <optimized out>
kill = <optimized out>
pp = <optimized out>
ignored = <optimized out>
pp = <optimized out>
delay = <optimized out>
p = {fd = <optimized out>, events = <optimized out>,
revents = <optimized out>}
n = <optimized out>
endcipher = <optimized out>
cipher = <optimized out>
logbits = <optimized out>
sep = <optimized out>
s = <optimized out>
ss = <optimized out>
logbits = <optimized out>
s = <optimized out>
list = <optimized out>
ss = <optimized out>
opt = <optimized out>
defer_ok = <optimized out>
timeout = <optimized out>
m = <optimized out>
sdomain = <optimized out>
old_pool = <optimized out>
list = <optimized out>
ss = <optimized out>
expmessage = <optimized out>
old_user_msgptr = <optimized out>
old_log_msgptr = <optimized out>
#13 acl_check_internal (where=<optimized out>, addr=<optimized out>,
s=<optimized out>, user_msgptr=<optimized out>, log_msgptr=<optimized out>)
at acl.c:4225
cond = <optimized out>
basic_errno = 0
endpass_seen = 0
acl_quit_check = <optimized out>
fd = <optimized out>
acl = <optimized out>
acl_name = <optimized out>
ss = <optimized out>
__FUNCTION__ = "acl_check_internal"
#14 0x565abcb1 in acl_check (where=2, recipient=0x0,
s=0x570e3198 "acl_custom_check_predata", user_msgptr=0xffe895c8,
log_msgptr=0xffe895c4) at acl.c:4539
rc = <optimized out>
adb = {next = 0x571ff0f3, parent = 0x5, first = 0x5736b3b0,
dupof = 0x0, start_router = 0x57a38284, router = 0x23001e,
transport = 0x571ff0f0, host_list = 0x6, host_used = 0xf04ad100,
fallback_hosts = 0x0, reply = 0x0,
retries = 0xf751459b <__libc_sigaction+11>,
address = 0xf751f000 "\250\356\001", unique = 0xffe88fe0 "0{\\V",
cc_local_part = 0x5 <error: Cannot access memory at address 0x5>,
lc_local_part = 0x5671268c "\354\304\030",
local_part = 0xf7514744 <sigaction+52> "\203\304\020\203\304\b[Ít&", prefix = 0xe <error: Cannot access memory at address 0xe>,
prefix_v = 0xffe88fe0 "0{\\V", suffix = 0x0,
suffix_v = 0x1000 <error: Cannot access memory at address 0x1000>,
domain = 0x0,
address_retry_key = 0xf7514716 <sigaction+6> "\201\303", <incomplete sequence \352\250>, domain_retry_key = 0x5671268c "\354\304\030",
current_dir = 0x565f1836 <os_non_restarting_signal+86> "\211\364\213\204$\214", home_dir = 0xe <error: Cannot access memory at address 0xe>,
message = 0xffe88fe0 "0{\\V", user_message = 0x0,
onetime_parent = 0xf7312f0c "\274-\"",
pipe_expandn = 0x565c7b30 <sigalrm_handler>, return_filename = 0x0,
self_hostname = 0x0, shadow_message = 0x0, tlsver = 0x0,
cipher = 0x0, ourcert = 0x0, peercert = 0x0, peerdn = 0x0, ocsp = 0,
authenticator = 0x0, auth_id = 0x0, auth_sndr = 0x0,
dsn_orcpt = 0x0, dsn_flags = 0, dsn_aware = 0, uid = 0, gid = 0,
flags = {af_allow_file = 0, af_allow_pipe = 0, af_allow_reply = 0,
af_dr_retry_exists = 0, af_expand_pipe = 0, af_file = 0,
af_gid_set = 0, af_home_expanded = 0, af_initgroups = 0,
af_local_host_removed = 0, af_lt_retry_exists = 0, af_pfr = 0,
af_retry_skipped = 0, af_retry_timedout = 0, af_uid_set = 0,
af_hide_child = 0, af_sverify_told = 0, af_verify_pmfail = 0,
af_verify_nsfail = 0, af_homonym = 0, af_verify_routed = 0,
af_verify_callout = 0, af_include_affixes = 0, af_new_conn = 0,
af_cont_conn = 0, af_cert_verified = 0, af_pass_message = 0,
af_bad_reply = 0, af_tcp_fastopen_conn = 0, af_tcp_fastopen = 0,
af_tcp_fastopen_data = 0, af_pipelining = 0, af_early_pipe = 0,
af_prdr_used = 0, af_chunking_used = 0, af_force_command = 0,
af_dane_verified = 0, af_utf8_downcvt = 0, af_tls_resume = 0},
domain_cache = {0, 0}, localpart_cache = {0, 0}, mode = 0,
basic_errno = 0, more_errno = 0, delivery_time = {tv_sec = 0,
tv_usec = 0}, child_count = 0, return_file = 0,
special_action = 17349, transport_return = -2252, prop = {
address_data = 0x5663055d <strncmpic+45> "\203\305\001\017\266\016\203\306\001\213\020\017\266E\377\213\004\202+\004\212u\006\071\376u\340\061\300\203\304\f[^_]Í\264&", domain_data = 0x0, localpart_data = 0x0,
errors_address = 0x56630539 <strncmpic+9> "\201\303S!\016",
extra_headers = 0x5671268c,
remove_headers = 0x5671268c "\354\304\030",
variables = 0x56716b40 <cmd_list+128>, ignore_error = 0,
utf8_msg = 0, utf8_downcvt = 0, utf8_downcvt_maybe = 0}}
addr = 0x0
#15 0x56623fd1 in smtp_setup_msg () at smtp_in.c:5435
acl = <optimized out>
mail_args = <optimized out>
sender_domain = 6
etrn_command = <optimized out>
log_msg = 0x0
smtp_code = 0x10 <error: Cannot access memory at address 0x10>
ss = 0xffe895e0 "\020"
recipient_domain = 16
g = <optimized out>
argv = 0x10
etrn_serialize_key = <optimized out>
s = 0x0
was_rej_mail = 0
oldsignal = <optimized out>
start = 1
c = <optimized out>
orcpt = 0x0
recipient = 0x0
was_rcpt = 0
pid = <optimized out>
rc = <optimized out>
errmess = 0x0
user_msg = 0x0
hello = 0x0
end = 25
dsn_flags = <optimized out>
done = <optimized out>
toomany = <optimized out>
discarded = <optimized out>
last_was_rej_mail = <optimized out>
last_was_rcpt = <optimized out>
reset_point = <optimized out>
__FUNCTION__ = "smtp_setup_msg"
__PRETTY_FUNCTION__ = "smtp_setup_msg"
#16 0x565afe00 in handle_smtp_call (accepted=0xffe89988,
accept_socket=<optimized out>, listen_socket_count=<optimized out>,
listen_sockets=<optimized out>) at daemon.c:551
rc = <optimized out>
queue_only_reason = 0
old_pool = <optimized out>
save_debug_selector = <optimized out>
local_queue_only = <optimized out>
session_local_queue_only = 0
act = {__sigaction_handler = {sa_handler = 0x1, sa_sigaction = 0x1},
sa_mask = {__val = {0 <repeats 32 times>}}, sa_flags = 2,
sa_restorer = 0x0}
pid = 0
ifsize = 16
interface_sockaddr = {v4 = {sin_family = 2, sin_port = 6400,
sin_addr = {s_addr = 218802368},
sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 2,
sin6_port = 6400, sin6_flowinfo = 218802368, sin6_addr = {
__in6_u = {
__u6_addr8 = '\000' <repeats 11 times>, "\n\000\000\000",
__u6_addr16 = {0, 0, 0, 0, 0, 2560, 0, 0}, __u6_addr32 = {0,
0, 167772160, 0}}}, sin6_scope_id = 0}, v0 = {sa_family = 2,
sa_data = "\000\031\300\250\n\r\000\000\000\000\000\000\000"}}
dup_accept_socket = <optimized out>
max_for_this_host = <optimized out>
save_log_selector = <optimized out>
whofrom = <optimized out>
reset_point = 0x57365574
pid = <optimized out>
interface_sockaddr = {v4 = {sin_family = <optimized out>,
sin_port = <optimized out>, sin_addr = {s_addr = <optimized out>},
sin_zero = {<optimized out>, <optimized out>, <optimized out>,
<optimized out>, <optimized out>, <optimized out>,
<optimized out>, <optimized out>}}, v6 = {
sin6_family = <optimized out>, sin6_port = <optimized out>,
sin6_flowinfo = <optimized out>, sin6_addr = {__in6_u = {
__u6_addr8 = {<optimized out> <repeats 16 times>},
__u6_addr16 = {<optimized out>, <optimized out>,
<optimized out>, <optimized out>, <optimized out>,
<optimized out>, <optimized out>, <optimized out>},
__u6_addr32 = {<optimized out>, <optimized out>,
<optimized out>, <optimized out>}}},
sin6_scope_id = <optimized out>}, v0 = {
sa_family = <optimized out>, sa_data = {
<optimized out> <repeats 14 times>}}}
ifsize = <optimized out>
dup_accept_socket = <optimized out>
max_for_this_host = <optimized out>
save_log_selector = <optimized out>
whofrom = <optimized out>
reset_point = <optimized out>
__FUNCTION__ = "handle_smtp_call"
ERROR_RETURN = <optimized out>
expanded = <optimized out>
s = <optimized out>
host_accept_count = <optimized out>
other_host_count = <optimized out>
i = <optimized out>
list = <optimized out>
queue_only_reason = <optimized out>
old_pool = <optimized out>
save_debug_selector = <optimized out>
local_queue_only = <optimized out>
session_local_queue_only = <optimized out>
act = {__sigaction_handler = {sa_handler = <optimized out>,
sa_sigaction = <optimized out>}, sa_mask = {__val = {
<optimized out> <repeats 32 times>}},
sa_flags = <optimized out>, sa_restorer = <optimized out>}
nah = <optimized out>
rc = <optimized out>
ok = <optimized out>
fd = <optimized out>
buf = {<optimized out> <repeats 128 times>}
i = <optimized out>
i = <optimized out>
r = <optimized out>
q = <optimized out>
dpid = <optimized out>
i = <optimized out>
#17 daemon_go () at daemon.c:2594
accept_socket = <optimized out>
accepted = {sin6_family = 2, sin6_port = 38059,
sin6_flowinfo = 1377758137, sin6_addr = {__in6_u = {
__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0,
0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}},
sin6_scope_id = 1460493328}
check_lsk = <optimized out>
lcount = <optimized out>
select_failed = <optimized out>
fds = {fds_bits = {16, 0 <repeats 31 times>}}
pid = <optimized out>
pw = <optimized out>
listen_sockets = <optimized out>
listen_socket_count = <optimized out>
listen_fd_max = 10
select_listen = {fds_bits = {632, 0 <repeats 31 times>}}
addresses = 0x570de0f4
last_connection_time = <optimized out>
local_queue_run_max = <optimized out>
__FUNCTION__ = "daemon_go"
__d = <optimized out>
#18 0x565a0116 in main (argc=<optimized out>, cargv=<optimized out>)
at exim.c:4947
argv = <optimized out>
arg_receive_timeout = -1
arg_smtp_receive_timeout = -1
arg_error_handling = <optimized out>
filter_sfd = -1
filter_ufd = -1
group_count = <optimized out>
i = <optimized out>
rv = <optimized out>
list_queue_option = <optimized out>
msg_action = 0
msg_action_arg = -1
namelen = <optimized out>
queue_only_reason = 0
perl_start_option = <optimized out>
recipients_arg = 3
sender_address_domain = 0
test_retry_arg = -1
test_rewrite_arg = -1
original_egid = <optimized out>
arg_queue_only = <optimized out>
bi_option = <optimized out>
checking = <optimized out>
count_queue = <optimized out>
expansion_test = <optimized out>
extract_recipients = <optimized out>
flag_G = <optimized out>
flag_n = <optimized out>
forced_delivery = 0
f_end_dot = <optimized out>
deliver_give_up = 0
list_queue = <optimized out>
list_options = <optimized out>
list_config = <optimized out>
local_queue_only = <optimized out>
more = 1
one_msg_action = 0
opt_D_used = <optimized out>
queue_only_set = <optimized out>
receiving_message = <optimized out>
sender_ident_set = <optimized out>
session_local_queue_only = <optimized out>
unprivileged = <optimized out>
removed_privilege = <optimized out>
usage_wanted = <optimized out>
verify_address_mode = <optimized out>
verify_as_sender = <optimized out>
rcpt_verify_quota = <optimized out>
version_printed = <optimized out>
alias_arg = <optimized out>
called_as = <optimized out>
cmdline_syslog_name = <optimized out>
start_queue_run_id = <optimized out>
stop_queue_run_id = <optimized out>
expansion_test_message = <optimized out>
ftest_domain = <optimized out>
ftest_localpart = <optimized out>
ftest_prefix = <optimized out>
ftest_suffix = <optimized out>
log_oneline = <optimized out>
malware_test_file = <optimized out>
real_sender_address = <optimized out>
originator_home = 0x570de064 "/root"
sz = <optimized out>
pw = 0xf74fe9e4
statbuf = {st_dev = 40, __pad1 = 0, __st_ino = 11, st_mode = 8592,
st_nlink = 1, st_uid = 0, st_gid = 5, st_rdev = 34824, __pad2 = 0,
st_size = 0, st_blksize = 1024, st_blocks = 0, st_atim = {
tv_sec = 1630842173, tv_nsec = 37236752}, st_mtim = {
tv_sec = 1630842177, tv_nsec = 37236752}, st_ctim = {
tv_sec = 1630839984, tv_nsec = 37236752}, st_ino = 11}
passed_qr_pid = <optimized out>
passed_qr_pipe = <optimized out>
group_list = <error reading variable group_list (value requires 262144 bytes, which is more than max-value-size)>
info_flag = <optimized out>
info_stdout = <optimized out>
rsopts = {0x56695535 "f", 0x566bd748 "ff", 0x566b0bec "r",
0x5668f945 "rf", 0x5668f948 "rff"}
__FUNCTION__ = "main"
(gdb) quit
------------------------------------------------------------------------
--
Eugene Berdnikov
