Bug#992123: exim4: core dump: handle_smtp_call smtp_setup_msg acl_check acl_check_condition acl_verify verify_address do_callout

Simon Josefsson simon at josefsson.org
Thu Aug 12 08:26:05 BST 2021 

Package: exim4-daemon-heavy
Version: 4.92-8+deb10u6

Hi!  Exim crashed after an incoming connection, from an IP address that
has never talked to my server before.  Similar IP adresses have been
trying to send spam in the last few days though, triggering sender
verify failures.

Is there a good way to make exim log complete sessions?  Tcpdump or
similar is not that useful if TLS is used (which don't appear to be the
case here though).

/Simon

2021-08-12 02:25:52.379 [5519] SMTP connection from [112.255.137.213]:1915 I=[178.174.241.107]:25 (TCP/IP connection count = 1)
2021-08-12 02:25:52.385 [9590] no host name found for IP address 112.255.137.213

Aug 12 02:27:28 uggla kernel: [1419962.206702] traps: exim4[9590] general protection ip:56058da25505 sp:7ffff48b3c60 error:0 in exim4[56058d9b3000+bf000]
Aug 12 02:27:28 uggla systemd[1]: Created slice system-systemd\x2dcoredump.slice.
Aug 12 02:27:28 uggla systemd[1]: Started Process Core Dump (PID 9610/UID 0).
Aug 12 02:27:28 uggla systemd-coredump[9611]: Process 9590 (exim4) of user 107 dumped core.#012#012Stack trace of thread 9590:#012#0  0x000056058da25505 n/a (exim4)#012#1  0x000056058da2586d n/a (exim4)#012#2  0x000056058da39808 n/a (exim4)#012#3  0x000056058da3b314 n/a (exim4)#012#4  0x000056058d9be70e n/a (exim4)#012#5  0x000056058d9bf81b n/a (exim4)#012#6  0x000056058d9c25c0 n/a (exim4)#012#7  0x000056058da2156f n/a (exim4)#012#8  0x000056058d9c5c22 n/a (exim4)#012#9  0x000056058d9b8f52 n/a (exim4)#012#10 0x00007f232405709b __libc_start_main (libc.so.6)#012#11 0x000056058d9bc29a _start (exim4)
Aug 12 02:27:28 uggla systemd[1]: systemd-coredump at 0-9610-0.service: Succeeded.

root at uggla:~# coredumpctl gdb -1
           PID: 9590 (exim4)
           UID: 107 (Debian-exim)
           GID: 113 (Debian-exim)
        Signal: 11 (SEGV)
     Timestamp: Thu 2021-08-12 02:27:28 UTC (4h 48min ago)
  Command Line: /usr/sbin/exim4 -bd -q30m
    Executable: /usr/sbin/exim4
 Control Group: /system.slice/exim4.service
          Unit: exim4.service
         Slice: system.slice
       Boot ID: 621de42992dc46cfb7bfad54b5dbb056
    Machine ID: 91d76afe2fc543e49fa0c766b415c23c
      Hostname: uggla
       Storage: /var/lib/systemd/coredump/core.exim4.107.621de42992dc46cfb7bfad54b5dbb056.9590.1628735248000000.lz4
       Message: Process 9590 (exim4) of user 107 dumped core.
                
                Stack trace of thread 9590:
                #0  0x000056058da25505 n/a (exim4)
                #1  0x000056058da2586d n/a (exim4)
                #2  0x000056058da39808 n/a (exim4)
                #3  0x000056058da3b314 n/a (exim4)
                #4  0x000056058d9be70e n/a (exim4)
                #5  0x000056058d9bf81b n/a (exim4)
                #6  0x000056058d9c25c0 n/a (exim4)
                #7  0x000056058da2156f n/a (exim4)
                #8  0x000056058d9c5c22 n/a (exim4)
                #9  0x000056058d9b8f52 n/a (exim4)
                #10 0x00007f232405709b __libc_start_main (libc.so.6)
                #11 0x000056058d9bc29a _start (exim4)

GNU gdb (Debian 8.2.1-2+b3) 8.2.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/sbin/exim4...Reading symbols from /usr/lib/debug/.build-id/63/46165145c764b379a38bd05ec49b6a4bef7b1c.debug...done.
done.
[New LWP 9590]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/exim4 -bd -q30m'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x000056058da25505 in flush_buffer (outblock=outblock at entry=0x7ffff48b3f50, mode=mode at entry=0) at smtp_out.c:446
446	smtp_out.c: No such file or directory.
(gdb) bt
#0  0x000056058da25505 in flush_buffer (outblock=outblock at entry=0x7ffff48b3f50, mode=mode at entry=0) at smtp_out.c:446
#1  0x000056058da2586d in smtp_write_command (sx=sx at entry=0x7ffff48b3ea0, mode=mode at entry=0, format=format at entry=0x56058da97915 "QUIT\r\n") at smtp_out.c:568
#2  0x000056058da39808 in do_callout (addr=addr at entry=0x56058e170ac0, host_list=<optimized out>, tf=tf at entry=0x7ffff48b70a0, callout=callout at entry=120, callout_overall=<optimized out>, callout_overall at entry=-1, 
    callout_connect=<optimized out>, callout_connect at entry=-1, options=<optimized out>, se_mailfrom=<optimized out>, pm_mailfrom=<optimized out>) at verify.c:1118
#3  0x000056058da3b314 in verify_address (vaddr=vaddr at entry=0x56058e170ac0, fp=fp at entry=0x0, options=0, callout=callout at entry=120, callout_overall=callout_overall at entry=-1, callout_connect=callout_connect at entry=-1, se_mailfrom=0x0, 
    pm_mailfrom=0x0, routed=0x7ffff48b7208) at verify.c:1946
#4  0x000056058d9be70e in acl_verify (where=where at entry=0, addr=addr at entry=0x7ffff48b7710, arg=<optimized out>, user_msgptr=user_msgptr at entry=0x7ffff48b7958, log_msgptr=log_msgptr at entry=0x7ffff48b7950, 
    basic_errno=basic_errno at entry=0x7ffff48b75a4) at acl.c:1999
#5  0x000056058d9bf81b in acl_check_condition (level=<optimized out>, basic_errno=0x7ffff48b75a4, log_msgptr=0x7ffff48b7950, user_msgptr=0x7ffff48b7958, epp=<synthetic pointer>, addr=0x7ffff48b7710, where=0, cb=0x56058e0af878, 
    verb=4) at acl.c:3711
#6  acl_check_internal (where=where at entry=0, addr=addr at entry=0x7ffff48b7710, s=s at entry=0x56058e0ab4d0 "acl_check_rcpt", user_msgptr=user_msgptr at entry=0x7ffff48b7958, log_msgptr=0x7ffff48b7950) at acl.c:4084
#7  0x000056058d9c25c0 in acl_check (where=where at entry=0, recipient=<optimized out>, s=0x56058e0ab4d0 "acl_check_rcpt", user_msgptr=user_msgptr at entry=0x7ffff48b7958, log_msgptr=log_msgptr at entry=0x7ffff48b7950) at acl.c:4394
#8  0x000056058da2156f in smtp_setup_msg () at smtp_in.c:5237
#9  0x000056058d9c5c22 in handle_smtp_call (accepted=0x7ffff48b7b80, accept_socket=<optimized out>, listen_socket_count=4, listen_sockets=<optimized out>) at daemon.c:504
#10 daemon_go () at daemon.c:2218
#11 0x000056058d9b8f52 in main (argc=3, cargv=0x7ffff48f82b8) at exim.c:4669
(gdb) 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 255 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-exim4-maintainers/attachments/20210812/a854b813/attachment.sig>

More information about the Pkg-exim4-maintainers mailing list