While running spamassassin (the one in OpenBSD 4.0) my Perl (also OBSD 4.0)
happened to segfault when learning what is spam. There is no suspicion on bad
hardware, and this situation already happened in the past several times
ocassionally.
There were 9153 spam messages in the folder. I'll try if I can isolate a single
one that triggers it. It's actually segfaulting in libc in some hash
manipulation routine but it's clear to me this can be a delayed memory
corruption
bug caused by some Perl binding or Perl itself.
#0 0x00639d71 in memmove () from /usr/lib/libc.so.39.3
No symbol table info available.
#1 0x0062fcb4 in __delpair (hashp=0x7d5a5200, bufp=0x870d8040, ndx=1707) at
/usr/src/lib/libc/db/hash/hash_page.c:140
i = 2127618048
src = 0x7ed0e000
"\232\b{?v?q?l?g?b?]?X?S\b{?v?q?l?g?b?]?X?S?N?I?D???:?5?0?+?&?!?\234?\227?\222?\215?\210?\203?~?y?t?o?j?e?`?[?V?Q?L?G?B?=?8?3?.?)?$?\037?\032?\025?\020?\v?\006?\001?|>w>r>m>h>c>^>Y>T>O>J>E>@>;>6>1>,>'>">\235>\230>\223>\216>\211>\204>\177>z>u>p>k>f>a>\\>W>R>M>H>C>>>"...
dst = 0xffffec1b <Address 0xffffec1b out of bounds>
bp = (u_int16_t *) 0x7d5a5200
newoff = 4107
pairlen = 18
n = 2202
#2 0x0062b812 in hash_access (hashp=0x7d5a5200, action=HASH_PUT,
key=0xcf7e2190, val=0xcf7e2188) at /usr/src/lib/libc/db/hash/hash.c:670
rbufp = (BUFHEAD *) 0x870d8040
bufp = (BUFHEAD *) 0x267a2a96
save_bufp = (BUFHEAD *) 0x870d8040
bp = (u_int16_t *) 0xffffec1b
n = 2202
ndx = 1707
off = -1953344059
size = 5
kp = 0x8b9255c0 "\020\237^5u"
pageno = 4107
#3 0x0557f083 in XS_DB_File_STORE () from
/usr/libdata/perl5/i386-openbsd/5.8.8/auto/DB_File/DB_File.so
No symbol table info available.
#4 0x067ddd08 in Perl_pp_entersub () at /usr/src/gnu/usr.bin/perl/pp_hot.c:2877
av = (AV * const) 0x267a81b0
items = 645610516
markix = 0
sp = (SV **) 0x859c428c
sv = (SV *) 0x876f43e4
gv = (GV *) 0x5
stash = (HV *) 0x0
cv = (CV *) 0x876f43e4
cx = (PERL_CONTEXT *) 0x267a81b0
gimme = 0
#5 0x068085b9 in Perl_runops_standard () at /usr/src/gnu/usr.bin/perl/run.c:37
No locals.
#6 0x067ef008 in S_call_body (myop=0xcf7e22f0, is_eval=27 '\033') at
/usr/src/gnu/usr.bin/perl/perl.c:2733
No locals.
#7 0x067eef2e in Perl_call_sv (sv=0x85062030, flags=66) at
/usr/src/gnu/usr.bin/perl/perl.c:2609
sp = (SV **) 0x859c428c
myop = {op_next = 0x0, op_sibling = 0x0, op_ppaddr = 0x67dda50
<Perl_pp_entersub>, op_targ = 0, op_type = 0, op_seq = 0, op_flags = 66 'B',
op_private = 0 '\0',
op_first = 0x0, op_other = 0x0}
method_op = {op_next = 0xcf7e22f0, op_sibling = 0x0, op_ppaddr =
0x67de738 <Perl_pp_method>, op_targ = 0, op_type = 0, op_seq = 0, op_flags = 0
'\0',
op_private = 0 '\0', op_first = 0x0}
oldmark = 0
retval = 0
oldscope = 23
oldcatch = 0 '\0'
oldop = (OP *) 0x7c774380
cur_env = {je_prev = 0x8b9255e0, je_buf = {-2063196112, -813817160,
108820867, -2063196112, 0, 116, 0, 0, 0, 0, 645598328}, je_ret = -2063196112,
je_mustcatch = 120 'x'}
#8 0x067ee93c in Perl_call_method (methname=0x26796ab5 "STORE", flags=2) at
/usr/src/gnu/usr.bin/perl/perl.c:2542
No locals.
#9 0x067cc38c in S_magic_methcall (sv=0x876a4d98, mg=0x870d8420,
meth=0x26796ab5 "STORE", flags=2, n=3, val=0x7ed1100b) at
/usr/src/gnu/usr.bin/perl/mg.c:1492
sp = (SV **) 0x859c428c
#10 0x067cc6e0 in Perl_magic_setpack (sv=0x876a4d98, mg=0x870d8420) at
/usr/src/gnu/usr.bin/perl/mg.c:1529
next = (PERL_SI *) 0x3ffff402
sp = (SV **) 0x267b3578
#11 0x067ca62d in Perl_mg_set (sv=0x876a4d98) at
/usr/src/gnu/usr.bin/perl/mg.c:236
vtbl = (const MGVTBL *) 0x3ffff402
mgs_ix = 792
mg = (MAGIC *) 0xffffec1b
nextmg = (MAGIC *) 0x0
#12 0x067d7535 in Perl_pp_sassign () at /usr/src/gnu/usr.bin/perl/pp_hot.c:125
sp = (SV **) 0x816e6004
right = (SV *) 0x876a4d98
left = (SV *) 0x8506212c
#13 0x068085b9 in Perl_runops_standard () at /usr/src/gnu/usr.bin/perl/run.c:37
No locals.
#14 0x067ee5df in S_run_body (oldscope=1) at
/usr/src/gnu/usr.bin/perl/perl.c:2368
No locals.
#15 0x067ee533 in perl_run (my_perl=0x7dcc3030) at
/usr/src/gnu/usr.bin/perl/perl.c:2285
oldscope = 1
ret = 1073738754
cur_env = {je_prev = 0x267b3740, je_buf = {108978918, 645598328,
-813816740, -813816616, -813816484, -813816560, -813816568, 0, -2025615324,
160, -813826009},
je_ret = 3, je_mustcatch = 1 '\001'}
#16 0x1c0012a6 in main ()
No symbol table info available.
CL<
