Bug#722057: libdspam7-drv-hash: dspam segfaults [libhash_drv on _hash_drv_seek()]
Le samedi 7 septembre 2013 23:46:14 Thomas Preud'homme a écrit : By the way, could you send me that css file so that I can run some test on it? It's better to not send it to the bug log as it might contain some private information. I don't know exactly what is stored in those files so better be safe than sorry. Alright, I managed to reproduce the issue with the file you sent me. From what I could gather quickly in gdb the file is corrupted. Cssclean assume the file respect some constraint but since they are not respected it reads too far in memory which causes the segfault. The bug didn't happened for me when I was running as simple user because it could not read the configuration. I'll forward the problem upstream but given how silent is the development since one year (not a single commit, almost no message on mailing list), I doubt they will fix it. This means I'll probably do the fix myself but I don't have much time right now. Best regards, Thomas signature.asc Description: This is a digitally signed message part.
Bug#722057: libdspam7-drv-hash: dspam segfaults [libhash_drv on _hash_drv_seek()]
On Sat, Sep 07, 2013 at 08:33:21PM +0200, Thomas Preud'homme wrote: Le samedi 7 septembre 2013 09:51:28 Raphael Droz a écrit : Symbols for libdspam7-drv-hash are found in libdspam7-dbg. Could you install it and give me stacktrace you get with it? cannot reproduce the segfault with gdb attached [seems caught], see dmesg: # before [1789927.243664] cssclean[19441]: segfault at 7f9a9235a000 ip 00403b5b sp 7fff03c76f50 error 7 in cssclean[40+c000] [1790149.375722] cssclean[20088]: segfault at 7f47faf76000 ip 00403b5b sp 7fffe4ca6aa0 error 7 in cssclean[40+c000] [1790258.467683] dspam[20448]: segfault at 7f3dbee971c0 ip 7f3dbbfdc69a sp 7f3dbbfd2048 error 4 in libhash_drv.so.7.0.0[7f3dbbfd8000+6000] [1790317.292935] dspam[20639]: segfault at 7fc7239e3c88 ip 7fc7249e969a sp 7fc7249df048 error 4 in libhash_drv.so.7.0.0[7fc7249e5000+6000] [1790436.865577] cssclean[21207]: segfault at 7f115c85b000 ip 00403af6 sp 7fffbad55270 error 4 in cssclean[40+c000] [1790683.690902] dspam[21369]: segfault at 7f818dc5db20 ip 7f818acfe69a sp 7f818a2b2048 error 4 in libhash_drv.so.7.0.0[7f818acfa000+6000] [1790726.958260] cssclean[21906]: segfault at 7f2943d15000 ip 00403af6 sp 7fff4de21140 error 4 in cssclean[40+c000] [1861882.986382] cssclean[29031]: segfault at 7f5961562000 ip 00403af6 sp 7fff8ee5a630 error 4 in cssclean[40+c000] # since gdb is attached: [1866157.050310] dspam[19015] trap int3 ip:7f796e791c21 sp:7fff8ace3708 error:0 [1873018.143174] cssclean[13762]: segfault at 7f5e84d35000 ip 00403af6 sp 7fff606566c0 error 4 in cssclean[40+c000] [1873320.510550] cssstat[14430]: segfault at 7f3a35434010 ip 0040373d sp 7fff2cbfcac0 error 4 in cssstat[40+c000] [1873509.922881] cssstat[14900]: segfault at 7fb25cd23010 ip 0040373d sp 7fffcab5bc00 error 4 in cssstat[40+c000] [1873528.544267] cssstat[14984]: segfault at 7fcde4ed2010 ip 0040373d sp 7a51a510 error 4 in cssstat[40+c000] [1948279.518065] cssclean[25403]: segfault at 7f89cc849000 ip 00403af6 sp 7fff016eb060 error 4 in cssclean[40+c000] [1953904.527031] dspam[13449] trap int3 ip:7ffa2a143c21 sp:7fff4001f358 error:0 how would I trace these ? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#722057: libdspam7-drv-hash: dspam segfaults [libhash_drv on _hash_drv_seek()]
Package: libdspam7-drv-hash Version: 3.10.1+dfsg-11 Severity: grave Justification: causes non-serious data loss Sample of dmesg: [1701173.909095] dspam[15582]: segfault at 7f8c2197acf8 ip 7f8c1ea8f69a sp 7f8c1cbe9048 error 4 in libhash_drv.so.7.0.0[7f8c1ea8b000+6000] [1775508.341567] cssclean[25298]: segfault at 7f9b7086a000 ip 00403b5b sp 7fff7d456130 error 7 in cssclean[40+c000] [1785820.256253] dspam[8177]: segfault at 7ff586ffe2f8 ip 7ff58dd4169a sp 7ff58cd35048 error 4 in libhash_drv.so.7.0.0[7ff58dd3d000+6000] [1785862.479249] dspam[8243]: segfault at 7fa456fa62f8 ip 7fa457fac69a sp 7fa4577a1048 error 4 in libhash_drv.so.7.0.0[7fa457fa8000+6000] [1785888.517082] dspam[8281]: segfault at 7fef8160c2f8 ip 7fef8261269a sp 7fef81e07048 error 4 in libhash_drv.so.7.0.0[7fef8260e000+6000] [1786011.902307] dspam[8760]: segfault at 7f8a051752f8 ip 7f8a0617b69a sp 7f8a06171048 error 4 in libhash_drv.so.7.0.0[7f8a06177000+6000] I happened to be in a situation where I can't even fully flush the postfix queue without having Dspam to segfault. I end up installing dspam-dbg and gdb and attach to the process [I wasn't able to run the process without the init-script]. Here is a stack trace, but sadly libdspam7-drv-hash does not provide debug symbols. (gdb) bt #0 0x7ff5afdc369a in _hash_drv_seek () from /usr/lib/x86_64-linux-gnu/dspam/libhash_drv.so #1 0x7ff5afdc3a19 in _hash_drv_get_spamrecord () from /usr/lib/x86_64-linux-gnu/dspam/libhash_drv.so #2 0x7ff5afdc3a90 in _ds_get_spamrecord () from /usr/lib/x86_64-linux-gnu/dspam/libhash_drv.so #3 0x7ff5afdc3cfd in _ds_getall_spamrecords () from /usr/lib/x86_64-linux-gnu/dspam/libhash_drv.so #4 0x7ff5b28422f6 in _ds_operate () from /usr/lib/x86_64-linux-gnu/libdspam.so.7 #5 0x7ff5b2842e90 in dspam_process () from /usr/lib/x86_64-linux-gnu/libdspam.so.7 #6 0x0040bad7 in process_message (ATX=ATX@entry=0xd58e90, message=message@entry=0xd5aa10, username=username@entry=0xd584e0 testabcd...@orange.fr, result_string=result_string@entry=0x7ff5afdbc348) at dspam.c:540 #7 0x0040ce4d in process_users (ATX=ATX@entry=0xd58e90, message=message@entry=0xd5af10) at dspam.c:1882 #8 0x0040faa0 in process_connection (ptr=0xd56f80) at daemon.c:738 #9 0x7ff5b2621b50 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0 #10 0x7ff5b236ba7d in clone () from /lib/x86_64-linux-gnu/libc.so.6 #11 0x in ?? () (gdb) bt full #0 0x7ff5afdc369a in _hash_drv_seek () from /usr/lib/x86_64-linux-gnu/dspam/libhash_drv.so No symbol table info available. #1 0x7ff5afdc3a19 in _hash_drv_get_spamrecord () from /usr/lib/x86_64-linux-gnu/dspam/libhash_drv.so No symbol table info available. #2 0x7ff5afdc3a90 in _ds_get_spamrecord () from /usr/lib/x86_64-linux-gnu/dspam/libhash_drv.so No symbol table info available. #3 0x7ff5afdc3cfd in _ds_getall_spamrecords () from /usr/lib/x86_64-linux-gnu/dspam/libhash_drv.so No symbol table info available. #4 0x7ff5b28422f6 in _ds_operate () from /usr/lib/x86_64-linux-gnu/libdspam.so.7 No symbol table info available. #5 0x7ff5b2842e90 in dspam_process () from /usr/lib/x86_64-linux-gnu/libdspam.so.7 No symbol table info available. #6 0x0040bad7 in process_message (ATX=ATX@entry=0xd58e90, message=message@entry=0xd5aa10, username=username@entry=0xd584e0 testabcd...@orange.fr, result_string=result_string@entry=0x7ff5afdbc348) at dspam.c:540 CTX = 0xd96700 components = optimized out copyback = optimized out have_signature = optimized out result = optimized out i = optimized out internally_canned = 0 -- System Information: Debian Release: 7.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libdspam7-drv-hash depends on: ii libc6 2.13-38 ii libdspam7 3.10.1+dfsg-11 libdspam7-drv-hash recommends no packages. libdspam7-drv-hash suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#722057: libdspam7-drv-hash: dspam segfaults [libhash_drv on _hash_drv_seek()]
I found that a Dspam CSS file was always corrupted and I think it may be
related.
# find /var/spool/dspam/data -name *.css -print -exec cssclean {} \;
[...]
/var/spool/dspam/data/orange.fr/bernard/bernard.css
/var/spool/dspam/data/orange.fr/testabcdefg/.dspam25298.css
/var/spool/dspam/data/orange.fr/testabcdefg/.dspam19441.css
/var/spool/dspam/data/orange.fr/testabcdefg/testabcdefg.css
find: cssclean terminate on signal 11
/var/spool/dspam/data/orange.fr/testabcdefg/.dspam20088.css
/var/spool/dspam/data/orange.fr/rene/rene.css
[...]
* I removed testabcdefg.css but after a postqueue -f it was then
recreated corrupted again
* I removed the whole directory of this user (including .dspam* files) but
after a postqueue -f, the file was then recreated corrupted again.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#722057: libdspam7-drv-hash: dspam segfaults [libhash_drv on _hash_drv_seek()]
Le samedi 7 septembre 2013 09:51:28 Raphael Droz a écrit : I happened to be in a situation where I can't even fully flush the postfix queue without having Dspam to segfault. I end up installing dspam-dbg and gdb and attach to the process [I wasn't able to run the process without the init-script]. Symbols for libdspam7-drv-hash are found in libdspam7-dbg. Could you install it and give me stacktrace you get with it? Thanks a lot signature.asc Description: This is a digitally signed message part.
Bug#722057: libdspam7-drv-hash: dspam segfaults [libhash_drv on _hash_drv_seek()]
On Sat, Sep 07, 2013 at 08:33:21PM +0200, Thomas Preud'homme wrote: Le samedi 7 septembre 2013 09:51:28 Raphael Droz a écrit : I happened to be in a situation where I can't even fully flush the postfix queue without having Dspam to segfault. I end up installing dspam-dbg and gdb and attach to the process [I wasn't able to run the process without the init-script]. Symbols for libdspam7-drv-hash are found in libdspam7-dbg. Could you install it and give me stacktrace you get with it? thanks! sadly for now I've postsuper'ed -r ALL emails for now. But I installed libdspam7-dbg, relink postfix to dspam and I will need to wait for another email to come to mailman in order reproduce it. But could you offer me another reliable way to make Dspam dumps its core somewhere automatically instead of this situation where I'm waiting for hours through ssh with $ gdb pid-of-dspam ? thx -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#722057: libdspam7-drv-hash: dspam segfaults [libhash_drv on _hash_drv_seek()]
Le samedi 7 septembre 2013 21:13:24 vous avez écrit : On Sat, Sep 07, 2013 at 08:33:21PM +0200, Thomas Preud'homme wrote: Le samedi 7 septembre 2013 09:51:28 Raphael Droz a écrit : I happened to be in a situation where I can't even fully flush the postfix queue without having Dspam to segfault. I end up installing dspam-dbg and gdb and attach to the process [I wasn't able to run the process without the init-script]. Symbols for libdspam7-drv-hash are found in libdspam7-dbg. Could you install it and give me stacktrace you get with it? thanks! sadly for now I've postsuper'ed -r ALL emails for now. But I installed libdspam7-dbg, relink postfix to dspam and I will need to wait for another email to come to mailman in order reproduce it. But could you offer me another reliable way to make Dspam dumps its core somewhere automatically instead of this situation where I'm waiting for hours through ssh with $ gdb pid-of-dspam ? Unfortunetely, dspam being setgid, it can't produce coredump on segfault even if coredump are enabled. It seems a call to prctl with option PR_SET_DUMPABLE can remediate this but it means dspam would need to be recompiled. thx Thanks for the bug report and for helping to resolve it. I'll take a look at the CSS problem later. Best regards, Thomas signature.asc Description: This is a digitally signed message part.
