Bug#1004740: exim4: SIGSEGV (maybe attempt to write to immutable memory) when sending a mail; message frozen
Gedalya
gedalya at gedalya.net
Wed May 11 16:09:14 BST 2022
On 5/10/22 21:30, Gedalya wrote:
> I forgot to mention: google seems to be closing the connection immediately after the deferral, causing the logged TLS error lines, and this seems to be a necessary component for this issue
No. That's incorrect.
I've reproduced this with plain Debian-built exim4-daemon-light 4.95-5 and 4.96~RC0-1, with the remote setup being my two MX servers running exim with a simple "defer" acl verb, not closing the connection. The behavior seems quite similar with both exim versions. See attachments.
I'm a little dazzled by the variety of crashes I've seen so far: smtp_setup_conn > tls_client_start > verify_certificate, and during ARC signing, but it could be just noise so I'll leave it alone for now.
-------------- next part --------------
exim4-daemon-light 4.96~RC0-1
# exim -q
2022-05-11 14:55:40 1nomXc-0000g4-OB SIGSEGV (fault address: 0x6e)
2022-05-11 14:55:40 1nomXc-0000g4-OB SEGV_MAPERR
2022-05-11 14:55:40 1nomXc-0000g4-OB SIGSEGV (null pointer indirection)
2022-05-11 14:55:40 1nomXc-0000g4-OB SIGSEGV ( 5488 delivering 1nomXc-0000g4-OB to mx2.gedalya.net [2604:a880:800:10::ea:b001] (gedalya at gedalya.net)
)
2022-05-11 14:55:40 1nomXc-0000g4-OB Delivery status for gedalya at gedalya.net: got 0 of 7 bytes (pipeheader) from transport process 5488 for transport smtp
-Mvl
2022-05-11 14:55:36 H=mail.gedalya.net [72.**.**.**]: SMTP error from remote mail server after pipelined end of data: 451 Temporary local problem - please try later
2022-05-11 14:55:40 H=mx2.gedalya.net [2604:a880:******]: SMTP error from remote mail server after pipelined end of data: 451 Temporary local problem - please try later
2022-05-11 14:55:40 gedalya at gedalya.net R=dnslookup T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x008b: terminated by signal 11
warning: core file may not match specified executable file.
[New LWP 5488]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `exim -q'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fddfb859bca in gnutls_x509_trust_list_deinit (list=0x55fc67e1ad50, all=1) at ../../../lib/x509/verify-high.c:229
229 ../../../lib/x509/verify-high.c: No such file or directory.
(gdb) set pagination off
(gdb) bt full
#0 0x00007fddfb859bca in gnutls_x509_trust_list_deinit (list=0x55fc67e1ad50, all=1) at ../../../lib/x509/verify-high.c:229
i = 0
j = <optimized out>
#1 0x00007fddfb7c80cb in gnutls_certificate_free_credentials (sc=0x55fc67e1abb0) at ../../lib/cert-cred.c:403
No locals.
#2 0x000055fc665e4797 in tls_close (ct_ctx=0x55fc67e26d10, do_shutdown=do_shutdown at entry=3) at ./b-exim4-daemon-light/build-Linux-x86_64/tls-gnu.c:3777
state = 0x55fc67e26d10
tlsp = 0x55fc66670100 <tls_out>
__FUNCTION__ = "tls_close"
#3 0x000055fc66609c03 in smtp_deliver (addrlist=addrlist at entry=0x55fc67e16670, host=host at entry=0x55fc67e16b70, host_af=host_af at entry=10, defport=<optimized out>, interface=<optimized out>, tblock=tblock at entry=0x55fc67e25de0, message_defer=<optimized out>, suppress_tls=<optimized out>) at ./b-exim4-daemon-light/build-Linux-x86_64/transports/smtp.c:4853
n = <optimized out>
ob = <optimized out>
yield = <optimized out>
save_errno = -46
rc = <optimized out>
message = 0x55fc68389b38 "SMTP error from remote mail server after pipelined end of data: 451 Temporary local problem - please try later"
new_message_id = "\000\000\000\000\001", '\000' <repeats 11 times>, "@"
sx = 0x55fc67e55c88
__FUNCTION__ = "smtp_deliver"
pass_message = 1
dane_held = <optimized out>
tcw_done = 0
tcw = 0
SEND_MESSAGE = <optimized out>
#4 0x000055fc6660b8d3 in smtp_transport_entry (tblock=<optimized out>, addrlist=<optimized out>) at ./b-exim4-daemon-light/build-Linux-x86_64/transports/smtp.c:5677
thost = <optimized out>
first_addr = 0x55fc67e16670
host_is_expired = 0
some_deferred = 0
interface = 0x0
rc = <optimized out>
host_af = 10
message_defer = 1
retry_host_key = 0x0
retry_message_key = 0x0
serialize_key = 0x0
nexthost = 0x55fc67e17080
unexpired_hosts_tried = 2
continue_host_tried = 0
cutoff_retry = <optimized out>
defport = 25
hosts_defer = 0
hosts_fail = 0
hosts_looked_up = <optimized out>
hosts_retry = 0
hosts_serial = 0
hosts_total = <optimized out>
total_hosts_tried = <optimized out>
expired = 0
expanded_hosts = <optimized out>
pistring = 0x55fc6662ad03 ""
tid = <optimized out>
__FUNCTION__ = "smtp_transport_entry"
ob = 0x55fc67e25f28
hostlist = 0x55fc67e170c0
host = 0x55fc67e16b70
#5 0x000055fc6657043f in do_remote_deliveries (fallback=fallback at entry=0) at ./b-exim4-daemon-light/build-Linux-x86_64/deliver.c:4735
fd = 9
h = <optimized out>
address_count_max = <optimized out>
use_initgroups = 0
tp = 0x55fc67e25de0
gid = 115
pfd = {8, 9}
anchor = <optimized out>
addr = <optimized out>
pid = 0
multi_domain = 1
pipe_done = 1
last = <optimized out>
panicmsg = <optimized out>
uid = 109
address_count = <optimized out>
next = <optimized out>
serialize_key = 0x0
delivery_count = 0
parmax = 2
poffset = <optimized out>
__FUNCTION__ = "do_remote_deliveries"
#6 0x000055fc66576254 in deliver_message (id=id at entry=0x55fc67e16339 "1nomXc-0000g4-OB", forced=forced at entry=0, give_up=give_up at entry=0) at ./b-exim4-daemon-light/build-Linux-x86_64/deliver.c:7249
i = <optimized out>
rc = <optimized out>
final_yield = 0
now = <optimized out>
addr_last = <optimized out>
filter_message = 0x0
process_recipients = <optimized out>
dbblock = {dbptr = 0x0, lockfd = 8}
dbm_file = <optimized out>
info = <optimized out>
__FUNCTION__ = "deliver_message"
RECIP_QUEUE_FAILED = <optimized out>
#7 0x000055fc665a8587 in queue_run (start_id=start_id at entry=0x0, stop_id=stop_id at entry=0x0, recurse=recurse at entry=0) at ./b-exim4-daemon-light/build-Linux-x86_64/queue.c:672
rc = <optimized out>
pid = 0
status = 0
statbuf = {st_dev = 2048, st_ino = 202, st_nlink = 1, st_mode = 33184, st_uid = 109, st_gid = 115, __pad0 = 0, st_rdev = 0, st_size = 678, st_blksize = 4096, st_blocks = 8, st_atim = {tv_sec = 1652280931, tv_nsec = 463919440}, st_mtim = {tv_sec = 1652280931, tv_nsec = 463919440}, st_ctim = {tv_sec = 1652280931, tv_nsec = 467919506}, __glibc_reserved = {0, 0, 0}}
buffer = "\000\000\000\000\000\000\000\000\250\245]f\374U\000\000\330?bf\374U\000\000\200\244&w\375\177\000\000`Ibf\374U\000\000\200\244&w\375\177\000\000\006\000\000\000\000\000\000\000\\\320Wf\374U\000\000~\001\000\000+\000\000\000\030S\341g\374U\000\000\b\000\000\000\060\000\000\000\220\245&w\375\177\000\000\260\244&w\375\177\000\000\000O\323,\204(\202j\370i\342g\374U\000\000\003\255bf\374U\000\000\001\000\000\000\000\000\000\000\347\261W\373\335\177\000\000\a\000\000\000\000\000\000\000\020\324\340g\374U\000\000\002\000\000\000\000\000\000\000\264\331P\373\335\177\000\000\065\212\341g\374U\000\000\000O\323,\204(\202jacl_chec"...
pfd = {3, 5}
fq = 0x55fc67e16330
reset_point1 = 0x55fc67e16328
i = 0
force_delivery = 0
selectstring_regex = 0x0
selectstring_regex_sender = 0x0
log_detail = 0x55fc67e16318 "pid=5485"
subcount = 0
subdirs = "\000i\342g\374U\000\000\355\000\000\000\374U\000\000 Dhf\374U\000\000\240\332ff\374U\000\000\210\000\000\000P\000\000\000\000O\323,\204(\202jclient_sW\231]f\374U\000"
qpid = {0, 0, 0, 0}
single_id = 0
__FUNCTION__ = "queue_run"
single_item_retry = <optimized out>
#8 0x000055fc66559ba5 in main (argc=2, cargv=0x7ffd772aaaa8) at ./b-exim4-daemon-light/build-Linux-x86_64/exim.c:4955
argv = 0x7ffd772aaaa8
arg_receive_timeout = -1
arg_smtp_receive_timeout = -1
arg_error_handling = 0
filter_sfd = -1
filter_ufd = -1
group_count = 1
i = <optimized out>
rv = <optimized out>
list_queue_option = <optimized out>
msg_action = 0
msg_action_arg = -1
namelen = <optimized out>
queue_only_reason = 0
recipients_arg = <optimized out>
sender_address_domain = 0
test_retry_arg = -1
test_rewrite_arg = -1
original_egid = <optimized out>
arg_queue_only = <optimized out>
bi_option = 0
checking = 0
count_queue = <optimized out>
expansion_test = <optimized out>
extract_recipients = <optimized out>
flag_G = <optimized out>
flag_n = <optimized out>
forced_delivery = 0
f_end_dot = <optimized out>
deliver_give_up = 0
list_queue = 0
list_options = <optimized out>
list_config = <optimized out>
local_queue_only = <optimized out>
one_msg_action = 0
opt_D_used = <optimized out>
queue_only_set = <optimized out>
receiving_message = <optimized out>
sender_ident_set = <optimized out>
session_local_queue_only = <optimized out>
unprivileged = 0
removed_privilege = <optimized out>
usage_wanted = <optimized out>
verify_address_mode = <optimized out>
verify_as_sender = <optimized out>
rcpt_verify_quota = <optimized out>
version_printed = <optimized out>
alias_arg = <optimized out>
called_as = 0x55fc6662ad03 ""
cmdline_syslog_name = <optimized out>
start_queue_run_id = <optimized out>
stop_queue_run_id = <optimized out>
expansion_test_message = <optimized out>
ftest_domain = <optimized out>
ftest_localpart = <optimized out>
ftest_prefix = <optimized out>
ftest_suffix = <optimized out>
log_oneline = <optimized out>
malware_test_file = <optimized out>
real_sender_address = <optimized out>
originator_home = 0x55fc6661e0c1 "/"
sz = <optimized out>
pw = 0x55fc666c5f60 <pwcopy>
statbuf = {st_dev = 22, st_ino = 3, st_nlink = 1, st_mode = 8576, st_uid = 0, st_gid = 5, __pad0 = 0, st_rdev = 34816, st_size = 0, st_blksize = 1024, st_blocks = 0, st_atim = {tv_sec = 1652280928, tv_nsec = 437394719}, st_mtim = {tv_sec = 1652280928, tv_nsec = 437394719}, st_ctim = {tv_sec = 1652276209, tv_nsec = 469395248}, __glibc_reserved = {0, 0, 0}}
passed_qr_pid = <optimized out>
passed_qr_pipe = <optimized out>
group_list = <error reading variable group_list (value requires 262144 bytes, which is more than max-value-size)>
info_flag = <optimized out>
info_stdout = <optimized out>
rsopts = {0x55fc66628a5d "f", 0x55fc6664f694 "ff", 0x55fc66644fb7 "r", 0x55fc66622da8 "rf", 0x55fc66622dab "rff"}
__FUNCTION__ = "main"
-------------- next part --------------
exim4-daemon-light 4.95-5
2022-05-11 13:42:07 H=mail.gedalya.net [72.**.**.**]: SMTP error from remote mail server after pipelined end of data: 451 Temporary local problem - please try later
2022-05-11 13:42:08 H=mx2.gedalya.net [2604:a880:******]: SMTP error from remote mail server after pipelined end of data: 451 Temporary local problem - please try later
2022-05-11 13:42:08 gedalya at gedalya.net R=dnslookup T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x008b: terminated by signal 11
#0 0x00007f281957bbca in gnutls_x509_trust_list_deinit (list=0x55da82a99b30, all=1) at ../../../lib/x509/verify-high.c:229
i = 0
j = <optimized out>
#1 0x00007f28194ea0cb in gnutls_certificate_free_credentials (sc=0x55da82a99990) at ../../lib/cert-cred.c:403
No locals.
#2 0x000055da81d9cf60 in tls_close (ct_ctx=0x55da82aa5858, do_shutdown=do_shutdown at entry=2) at ./b-exim4-daemon-light/build-Linux-x86_64/tls-gnu.c:3752
state = 0x55da82aa5858
tlsp = 0x55da81e290e0 <tls_out>
__FUNCTION__ = "tls_close"
#3 0x000055da81dc2a48 in smtp_deliver (addrlist=addrlist at entry=0x55da82a95570, host=host at entry=0x55da82a95a70, host_af=host_af at entry=10, defport=<optimized out>, interface=<optimized out>, tblock=tblock at entry=0x55da82aa4a70, message_defer=<optimized out>, suppress_tls=<optimized out>) at ./b-exim4-daemon-light/build-Linux-x86_64/transports/smtp.c:4819
n = <optimized out>
ob = <optimized out>
yield = <optimized out>
save_errno = -46
rc = <optimized out>
message = 0x55da83009d70 "SMTP error from remote mail server after pipelined end of data: 451 Temporary local problem - please try later"
new_message_id = "\000\000\000\000\001", '\000' <repeats 11 times>, "("
sx = 0x55da82ad4cc8
__FUNCTION__ = "smtp_deliver"
pass_message = 1
dane_held = <optimized out>
tcw_done = 0
tcw = 0
SEND_MESSAGE = <optimized out>
#4 0x000055da81dc46fd in smtp_transport_entry (tblock=<optimized out>, addrlist=<optimized out>) at ./b-exim4-daemon-light/build-Linux-x86_64/transports/smtp.c:5636
thost = <optimized out>
first_addr = 0x55da82a95570
host_is_expired = 0
some_deferred = 0
interface = 0x0
rc = <optimized out>
host_af = 10
message_defer = 1
retry_host_key = 0x0
retry_message_key = 0x0
serialize_key = 0x0
nexthost = 0x55da82a95f80
unexpired_hosts_tried = 2
continue_host_tried = 0
cutoff_retry = <optimized out>
defport = 25
hosts_defer = 0
hosts_fail = 0
hosts_looked_up = <optimized out>
hosts_retry = 0
hosts_serial = 0
hosts_total = <optimized out>
total_hosts_tried = <optimized out>
expired = 0
expanded_hosts = <optimized out>
pistring = 0x55da81de3b33 ""
tid = <optimized out>
__FUNCTION__ = "smtp_transport_entry"
ob = 0x55da82aa4ba8
hostlist = 0x55da82a95fc0
host = 0x55da82a95a70
#5 0x000055da81d29342 in do_remote_deliveries (fallback=fallback at entry=0) at ./b-exim4-daemon-light/build-Linux-x86_64/deliver.c:4736
fd = 9
h = <optimized out>
address_count_max = <optimized out>
use_initgroups = 0
tp = 0x55da82aa4a70
gid = 115
pfd = {8, 9}
anchor = <optimized out>
addr = <optimized out>
pid = 0
multi_domain = 1
pipe_done = 1
last = <optimized out>
panicmsg = <optimized out>
uid = 109
address_count = <optimized out>
next = <optimized out>
serialize_key = 0x0
delivery_count = 0
parmax = 2
poffset = <optimized out>
__FUNCTION__ = "do_remote_deliveries"
#6 0x000055da81d2f1da in deliver_message (id=id at entry=0x55da82a95239 "1nomXc-0000g4-OB", forced=forced at entry=0, give_up=give_up at entry=0) at ./b-exim4-daemon-light/build-Linux-x86_64/deliver.c:7255
i = <optimized out>
rc = <optimized out>
final_yield = 0
now = <optimized out>
addr_last = <optimized out>
filter_message = 0x0
process_recipients = <optimized out>
dbblock = {dbptr = 0x0, lockfd = 8}
dbm_file = <optimized out>
info = <optimized out>
__FUNCTION__ = "deliver_message"
RECIP_QUEUE_FAILED = <optimized out>
#7 0x000055da81d61b37 in queue_run (start_id=start_id at entry=0x0, stop_id=stop_id at entry=0x0, recurse=recurse at entry=0) at ./b-exim4-daemon-light/build-Linux-x86_64/queue.c:675
rc = <optimized out>
pid = 0
status = 0
statbuf = {st_dev = 2048, st_ino = 414, st_nlink = 1, st_mode = 33184, st_uid = 109, st_gid = 115, __pad0 = 0, st_rdev = 0, st_size = 678, st_blksize = 4096, st_blocks = 8, st_atim = {tv_sec = 1652276520, tv_nsec = 246774074}, st_mtim = {tv_sec = 1652276520, tv_nsec = 246774074}, st_ctim = {tv_sec = 1652276520, tv_nsec = 246774074}, __glibc_reserved = {0, 0, 0}}
buffer = "\000\224B\215\376\177\000\000\240\327݁\332U\000\000 \316݁\332U\000\000\000\224B\215\376\177\000\000\240\327݁\332U\000\000\000\224B\215\376\177\000\000\006\000\000\000\000\000\000\000\254^Ӂ\332U\000\000~\001\000\000+\000\000\000\030B\251\202\332U\000\000\b\000\000\000\060\000\000\000\020\225B\215\376\177\000\000\060\224B\215\376\177\000\000\000\024\217դb\263\t+\256\340\201\332U\000\000\063;ށ\332U\000\000\001\000\000\000\000\000\000\000\347\061,\031(\177\000\000\a\000\000\000\000\000\000\000\020è\202\332U\000\000\002\000\000\000\000\000\000\000\264Y%\031(\177\000\000\065z\251\202\332U\000\000\000\024\217դb\263\tacl_checp\377\377\377\377\377\377\377"...
pfd = {3, 5}
fq = 0x55da82a95230
reset_point1 = 0x55da82a95228
i = 0
force_delivery = 0
selectstring_regex = 0x0
selectstring_regex_sender = 0x0
log_detail = 0x55da82a95218 "pid=3138"
subcount = 0
subdirs = "\000\000\000\000\000\000\000\000\277\000\000\000\332U\000\000\000\324\343\201\332U\000\000\200j\342\201\332U\000\000x\000\000\000P\000\000\000\000\024\217դb\263\tclient_s\375Oف\332U\000"
qpid = {0, 0, 0, 0}
single_id = 0
__FUNCTION__ = "queue_run"
single_item_retry = <optimized out>
#8 0x000055da81d120ad in main (argc=2, cargv=0x7ffe8d469a28) at ./b-exim4-daemon-light/build-Linux-x86_64/exim.c:4797
argv = 0x7ffe8d469a28
arg_receive_timeout = -1
arg_smtp_receive_timeout = -1
arg_error_handling = 0
filter_sfd = -1
filter_ufd = -1
group_count = 1
i = <optimized out>
rv = <optimized out>
list_queue_option = <optimized out>
msg_action = 0
msg_action_arg = -1
namelen = <optimized out>
queue_only_reason = 0
recipients_arg = <optimized out>
sender_address_domain = 0
test_retry_arg = -1
test_rewrite_arg = -1
original_egid = <optimized out>
arg_queue_only = <optimized out>
bi_option = 0
checking = 0
count_queue = <optimized out>
expansion_test = <optimized out>
extract_recipients = <optimized out>
flag_G = <optimized out>
flag_n = <optimized out>
forced_delivery = 0
f_end_dot = <optimized out>
deliver_give_up = 0
list_queue = 0
list_options = <optimized out>
list_config = <optimized out>
local_queue_only = <optimized out>
more = 1
one_msg_action = 0
opt_D_used = <optimized out>
queue_only_set = <optimized out>
receiving_message = <optimized out>
sender_ident_set = <optimized out>
session_local_queue_only = <optimized out>
unprivileged = 0
removed_privilege = <optimized out>
usage_wanted = <optimized out>
verify_address_mode = <optimized out>
verify_as_sender = <optimized out>
rcpt_verify_quota = <optimized out>
version_printed = <optimized out>
alias_arg = <optimized out>
called_as = 0x55da81de3b33 ""
cmdline_syslog_name = <optimized out>
start_queue_run_id = <optimized out>
stop_queue_run_id = <optimized out>
expansion_test_message = <optimized out>
ftest_domain = <optimized out>
ftest_localpart = <optimized out>
ftest_prefix = <optimized out>
ftest_suffix = <optimized out>
log_oneline = <optimized out>
malware_test_file = <optimized out>
real_sender_address = <optimized out>
originator_home = 0x55da81dd6f20 "/"
sz = <optimized out>
pw = 0x55da81e7ef20 <pwcopy>
statbuf = {st_dev = 22, st_ino = 3, st_nlink = 1, st_mode = 8576, st_uid = 0, st_gid = 5, __pad0 = 0, st_rdev = 34816, st_size = 0, st_blksize = 1024, st_blocks = 0, st_atim = {tv_sec = 1652276520, tv_nsec = 437394719}, st_mtim = {tv_sec = 1652276520, tv_nsec = 437394719}, st_ctim = {tv_sec = 1652276209, tv_nsec = 469395248}, __glibc_reserved = {0, 0, 0}}
passed_qr_pid = <optimized out>
passed_qr_pipe = <optimized out>
group_list = <error reading variable group_list (value requires 262144 bytes, which is more than max-value-size)>
info_flag = <optimized out>
info_stdout = <optimized out>
rsopts = {0x55da81de187d "f", 0x55da81e07bc4 "ff", 0x55da81dfd5f4 "r", 0x55da81ddbc10 "rf", 0x55da81ddbc13 "rff"}
__FUNCTION__ = "main"
More information about the Pkg-exim4-maintainers
mailing list