Bug#1053447: exim4: "bad internal_store_malloc request" when using regex conditions

Michel Meyers debian at tcnnet.com
Wed Oct 4 09:57:17 BST 2023 

Package: exim4
Version: 4.97~RC0-3
Severity: normal

Dear Maintainer,

Several days ago I noticed exim4 outputting multiple panic messages and
randomly failing to accept mail:

2023-10-01 02:04:23 1qmjwb-0000000123T-3uld bad internal_store_malloc
request (2147483632 bytes) from function_store_get 66
2023-10-01 02:04:25 1qmjwe-000000013IO-174I bad internal_store_malloc
request (2147483632 bytes) from function_store_get 66
2023-10-01 03:10:53 1qmkyx-000000089yj-36bC bad internal_store_malloc
request (2147483632 bytes) from function_store_get 66
2023-10-01 03:14:22 1qml2L-00000008ASV-3rpY bad internal_store_malloc
request (2147483632 bytes) from function_store_get 66
2023-10-01 03:14:24 1qml2N-00000008ASd-4At3 bad internal_store_malloc
request (2147483632 bytes) from function_store_get 66
2023-10-01 04:06:28 1qmlql-00000008N3V-05Ff bad internal_store_malloc
request (2147483632 bytes) from function_store_get 66
2023-10-01 04:08:55 1qmlt8-00000008NOR-1vrq bad internal_store_malloc
request (2147483632 bytes) from function_store_get 66
2023-10-01 04:24:29 1qmm8C-00000008Qoa-1ePW bad internal_store_malloc
request (2147483632 bytes) from function_store_get 66
2023-10-01 04:24:32 1qmm8E-00000008Qom-3LBW bad internal_store_malloc
request (2147483632 bytes) from function_store_get 66

Some mail would pass, some would not, and there were no other entries for the
referenced message IDs in the exim mainlog.

After several hours of debugging, I found exim to be stopping in the
middle of this section in my config file when issuing the above error:

    deny
      message = "You are not welcome here. Bypass this and get reported!"
      regex = ^Subject:: .*sent you a WINK.*

    deny
      message = "You are not welcome here. Bypass this and get reported!"
      regex = ^Subject:: Smoking blends and mixes

    [...]

    deny
      message = "You are not welcome here. Bypass this and get reported!"
      regex = ^Subject:: .*Sunglasses Clearance.*

I had about 15-30 of the above entries (unfortunately didn't keep the
original file to count them) with various spam subjects to block
persistent spam operations. After reducing it to the above 3, the
randomly occurring paniclog messages and message acceptance failures
went away.

Correlating the paniclog to the dpkg log, the issue appears to have
started after upgrading exim from 4.97~RC0-2 to 4.97~RC0-3.
Not sure if these are relevant but the system also updated libc6 from 
2.37-8 to 2.37-10 and libglib2.0-0 from 2.78.0-1 to 2.78.0-2.

- Michel

-- Package-specific info:
Exim version 4.97-RC0 #2 built 19-Sep-2023 16:04:22
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2022
Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS TLS_resume move_frozen_messages Content_Scanning DANE DKIM DNSSEC Event I18N OCSP PIPECONNECT PRDR PROXY Queue_Ramp SOCKS SPF SRS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot external plaintext spa tls
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file search path is /etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated
Configuration file is /var/lib/exim4/config.autogenerated
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'

dc_eximconfig_configtype='internet'
dc_other_hostnames=''
dc_local_interfaces='::0 ; 0.0.0.0.25 ; 0.0.0.0.587 ; 127.0.0.1.10025'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''

CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
mailname:tcnnet.com
# /etc/default/exim4
EX4DEF_VERSION=''

# 'combined' -	 one daemon running queue and listening on SMTP port
# 'no'       -	 no daemon running the queue
# 'separate' -	 two separate daemons
# setting this to 'no' will also disable queueruns from /etc/ppp/ip-up.d/exim4
QUEUERUNNER='combined'
# how often should we run the queue
QUEUEINTERVAL='30m'
# options common to quez-runner and listening daemon
COMMONOPTIONS=''
# more options for the daemon/process running the queue (applies to the one
# started in /etc/ppp/ip-up.d/exim4, too.
QUEUERUNNEROPTIONS=''
# special flags given to exim directly after the -q. See exim(8)
QFLAGS=''
# options for daemon listening on port 25
SMTPLISTENEROPTIONS=''

-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (650, 'testing'), (600, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.4.0-4-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages exim4 depends on:
ii  debconf [debconf-2.0]  1.5.82
ii  exim4-base             4.97~RC0-3
ii  exim4-daemon-heavy     4.97~RC0-3

exim4 recommends no packages.

exim4 suggests no packages.

-- debconf information:
  exim4/drec:

More information about the Pkg-exim4-maintainers mailing list