Segmentation fault in `lua_textpart_get_fuzzy_hashes`
Raemi opened this issue · comments
Disclaimer
I apologize in advance for this possibly invalid bug report. The segfault happens in rspamd and I reported the bug there (RSpamd Issue 3426), but didn't get any response yet. And since the bug is machine-dependent and lua is on the stack trace, I'm hopeful that you may be able to help. I will try to get all the information that you need.
Description
Segmentation fault in luaopen_trie or lua_textpart_get_fuzzy_hashes
Steps to reproduce
- Install rspamd from https://rspamd.com/apt-stable on Ubuntu 20.04.1
- Follow the steps outlined here: RSpamd Issue 3426
Debug Info
Here is the full stack trace of the corefile produced by a crash, but more information may also be found in RSpamd Issue 3426 .
(gdb) bt full
#0 0x00007f5bad47b664 in lua_textpart_get_fuzzy_hashes (L=0x7f5ba8e1c380) at ./src/lua/lua_mimepart.c:1235
part = 0x7f5ba531c940
pool = 0x7f5ba5284800
key = "\357C\256\200̍\303Lo\033\326\030\033\256\207t\f\312\367\216_.T2\366y\271'&\226 \222p\a\205\353\203\367\211\340\327\062*\322\032dA\357I\377ÌT\371gt0\036p.\267\022\t\376"
digest = " \352\265\302\376\177\000\000\002", '\000' <repeats 15 times>, "\004\037b\255[\177\000\000 ", '\000' <repeats 15 times>, "\340\303\341\250[\177\000\000\200\303\341\250[\177\000"
hexdigest = "\022Of\255[\177\000\000\n\000\000\000\000\000\000\000\022Of\255[\177\000\000?\000\000\000\000\000\000\000\063\022f\255[\177\000\000\017", '\000' <repeats 15 times>, "-\026b\255[\177\000\000\200\303\341\250[\177\000\000\200\303\341\250[\177\000\000\377\377\377\377\000\000\000\000\207\236`\255[\177\000\000Ɉ`\255[\177\000\000\212\275I\255[\177\000\000\000\000\000\000\000\000\000\000\063\022f\255[\177\000\000?"
numbuf = "`\000\000\000\000\000\000\000'\030b\255\000\000\000\000\t", '\000' <repeats 15 times>, "\210\035\036\246[\177\000\000\t\000\000\000\000\000\000\000\270Mߧ[\177\000\000\002\000\000\000\000\000\000"
sgl = <optimized out>
i = 0
sd = <optimized out>
st = {
opaque = "H\211\275\362g\346\tj;\247ʄ\205\256g\273+\370\224\376r\363n<\361\066\035_:\365O\245т\346\255\177R\016Q\037l>+\214h\005\233k\275A\373\253ك\037y!~\023\031\315\340[", '\000' <repeats 32 times>, "\357C\256\200̍\303Lo\033\326\030\033\256\207t\f\312\367\216_.T2\366y\271'&\226 \222p\a\205\353\203\367\211\340\327\062*\322\032dA\357I\377ÌT\371gt0\036p.\267\022\t\376", '\000' <repeats 192 times>...}
word = <optimized out>
#1 0x00007f5bad61c875 in lj_BC_FUNCC () from /usr/lib/rspamd/librspamd-server.so
No symbol table info available.
#2 0x00007f5bad60a9ff in lua_pcall () from /usr/lib/rspamd/librspamd-server.so
No symbol table info available.
#3 0x00007f5bad48fdf7 in lua_metric_symbol_callback (task=0x7f5ba52848a0, item=<optimized out>, ud=0x7f5ba63b5ed8)
at ./src/lua/lua_config.c:1220
cd = 0x7f5ba63b5ed8
ptask = 0x7f5ba61e1cb8
level = 1
nresults = <optimized out>
err_idx = 1
ret = <optimized out>
L = 0x7f5ba8e1c380
s = <optimized out>
__func__ = "lua_metric_symbol_callback"
#4 0x00007f5bad4f84d2 in rspamd_symcache_check_symbol.isra.0.lto_priv.0 (task=task@entry=0x7f5ba52848a0,
item=0x7f5ba746ad48, checkpoint=checkpoint@entry=0x7f5ba531c020, cache=<optimized out>, cache=<optimized out>)
at ./src/libserver/rspamd_symcache.c:1774
ptask = <optimized out>
L = <optimized out>
check = <optimized out>
dyn_item = <optimized out>
__func__ = <optimized out>
#5 0x00007f5bad4fa99d in rspamd_symcache_process_symbols (task=0x7f5ba52848a0, cache=0x7f5ba985e180,
stage=<optimized out>) at ./src/libserver/rspamd_symcache.c:2281
item = <optimized out>
--Type <RET> for more, q to quit, c to continue without paging--
dyn_item = <optimized out>
checkpoint = 0x7f5ba531c020
i = 0
all_done = 1
saved_priority = 10
start_events_pending = 0
__func__ = "rspamd_symcache_process_symbols"
#6 0x00007f5bad3c7917 in rspamd_task_process (task=0x7f5ba52848a0, stages=262143) at ./src/libserver/task.c:818
st = <optimized out>
ret = 1
all_done = 1
stat_error = 0x0
__func__ = "rspamd_task_process"
#7 0x00007f5bad3c7c16 in rspamd_task_process (task=0x7f5ba52848a0, stages=262143) at ./src/libserver/task.c:864
st = <optimized out>
ret = <optimized out>
all_done = <optimized out>
stat_error = 0x0
__func__ = "rspamd_task_process"
#8 0x00007f5bad3c7c16 in rspamd_task_process (task=0x7f5ba52848a0, stages=262143) at ./src/libserver/task.c:864
st = <optimized out>
ret = <optimized out>
all_done = <optimized out>
stat_error = 0x0
__func__ = "rspamd_task_process"
#9 0x00007f5bad3c7c16 in rspamd_task_process (task=0x7f5ba52848a0, stages=262143) at ./src/libserver/task.c:864
st = <optimized out>
ret = <optimized out>
all_done = <optimized out>
stat_error = 0x0
__func__ = "rspamd_task_process"
#10 0x00007f5bad3c7c16 in rspamd_task_process (task=0x7f5ba52848a0, stages=262143) at ./src/libserver/task.c:864
st = <optimized out>
ret = <optimized out>
all_done = <optimized out>
stat_error = 0x0
__func__ = "rspamd_task_process"
#11 0x00007f5bad3c7c16 in rspamd_task_process (task=0x7f5ba52848a0, stages=262143) at ./src/libserver/task.c:864
st = <optimized out>
ret = <optimized out>
all_done = <optimized out>
stat_error = 0x0
__func__ = "rspamd_task_process"
#12 0x00007f5bad3c7c16 in rspamd_task_process (task=0x7f5ba52848a0, stages=262143) at ./src/libserver/task.c:864
st = <optimized out>
ret = <optimized out>
all_done = <optimized out>
stat_error = 0x0
--Type <RET> for more, q to quit, c to continue without paging--
__func__ = "rspamd_task_process"
#13 0x00007f5bad3c7c16 in rspamd_task_process (task=0x7f5ba52848a0, stages=262143) at ./src/libserver/task.c:864
st = <optimized out>
ret = <optimized out>
all_done = <optimized out>
stat_error = 0x0
__func__ = "rspamd_task_process"
#14 0x00007f5bad3c7c16 in rspamd_task_process (task=0x7f5ba52848a0, stages=262143) at ./src/libserver/task.c:864
st = <optimized out>
ret = <optimized out>
all_done = <optimized out>
stat_error = 0x0
__func__ = "rspamd_task_process"
#15 0x00007f5bad3c7c16 in rspamd_task_process (task=0x7f5ba52848a0, stages=262143) at ./src/libserver/task.c:864
st = <optimized out>
ret = <optimized out>
all_done = <optimized out>
stat_error = 0x0
__func__ = "rspamd_task_process"
#16 0x00007f5bad3c7c16 in rspamd_task_process (task=0x7f5ba52848a0, stages=262143) at ./src/libserver/task.c:864
st = <optimized out>
ret = <optimized out>
all_done = <optimized out>
stat_error = 0x0
__func__ = "rspamd_task_process"
#17 0x00007f5bad3c7c16 in rspamd_task_process (task=0x7f5ba52848a0, stages=262143) at ./src/libserver/task.c:864
st = <optimized out>
ret = <optimized out>
all_done = <optimized out>
stat_error = 0x0
__func__ = "rspamd_task_process"
#18 0x00007f5bad3c7c16 in rspamd_task_process (task=0x7f5ba52848a0, stages=262143) at ./src/libserver/task.c:864
st = <optimized out>
ret = <optimized out>
all_done = <optimized out>
stat_error = 0x0
__func__ = "rspamd_task_process"
#19 0x00007f5bad3c7c16 in rspamd_task_process (task=0x7f5ba52848a0, stages=262143) at ./src/libserver/task.c:864
st = <optimized out>
ret = <optimized out>
all_done = <optimized out>
stat_error = 0x0
__func__ = "rspamd_task_process"
#20 0x00007f5bad3c7c16 in rspamd_task_process (task=0x7f5ba52848a0, stages=262143) at ./src/libserver/task.c:864
st = <optimized out>
ret = <optimized out>
all_done = <optimized out>
stat_error = 0x0
--Type <RET> for more, q to quit, c to continue without paging--
__func__ = "rspamd_task_process"
#21 0x00007f5bad3c7c16 in rspamd_task_process (task=0x7f5ba52848a0, stages=262143) at ./src/libserver/task.c:864
st = <optimized out>
ret = <optimized out>
all_done = <optimized out>
stat_error = 0x0
__func__ = "rspamd_task_process"
#22 0x00007f5bad3c7c16 in rspamd_task_process (task=0x7f5ba52848a0, stages=262143) at ./src/libserver/task.c:864
st = <optimized out>
ret = <optimized out>
all_done = <optimized out>
stat_error = 0x0
__func__ = "rspamd_task_process"
#23 0x00007f5bad3c7c16 in rspamd_task_process (task=0x7f5ba52848a0, stages=262143) at ./src/libserver/task.c:864
st = <optimized out>
ret = <optimized out>
all_done = <optimized out>
stat_error = 0x0
__func__ = "rspamd_task_process"
#24 0x00007f5bad3c7c16 in rspamd_task_process (task=0x7f5ba52848a0, stages=262143) at ./src/libserver/task.c:864
st = <optimized out>
ret = <optimized out>
all_done = <optimized out>
stat_error = 0x0
__func__ = "rspamd_task_process"
#25 0x00007f5bad3c7c16 in rspamd_task_process (task=task@entry=0x7f5ba52848a0, stages=stages@entry=262143)
at ./src/libserver/task.c:864
st = <optimized out>
ret = <optimized out>
all_done = <optimized out>
stat_error = 0x0
__func__ = "rspamd_task_process"
#26 0x00005620c11ac246 in rspamd_controller_handle_scan (conn_ent=conn_ent@entry=0x7f5ba7489390,
msg=msg@entry=0x7f5ba47febc0) at ./src/controller.c:2120
session = 0x7f5ba77cb570
ctx = 0x7f5ba80099b8
task = 0x7f5ba52848a0
__func__ = "rspamd_controller_handle_scan"
#27 0x00007f5bad4dce13 in rspamd_http_router_finish_handler (conn=<optimized out>, msg=0x7f5ba47febc0)
at ./src/libserver/http/http_router.c:334
entry = 0x7f5ba7489390
handler = 0x5620c11ac120 <rspamd_controller_handle_scan>
found = <optimized out>
err = <optimized out>
lookup = {len = 8, begin = 0x7f5ba99d57f0 "/checkv2"}
encoding = <optimized out>
u = {field_set = 8, port = 0, field_data = {{off = 32603, len = 0}, {off = 8, len = 0}, {off = 0,
len = 0}, {off = 0, len = 8}, {off = 0, len = 0}, {off = 0, len = 0}, {off = 0, len = 0}}}
--Type <RET> for more, q to quit, c to continue without paging--c
i = <optimized out>
re = <optimized out>
router = 0x7f5ba539f8c0
__func__ = "rspamd_http_router_finish_handler"
#28 0x00007f5bad4dff40 in rspamd_http_on_message_complete (parser=<optimized out>) at ./src/libserver/http/http_connection.c:697
conn = 0x7f5ba99a53c0
priv = 0x7f5ba98d1d80
ret = <optimized out>
mode = <optimized out>
__func__ = "rspamd_http_on_message_complete"
_g_boolean_var_ = <optimized out>
#29 0x00007f5bad445d34 in http_parser_execute (len=<optimized out>, data=0x7f5ba5315010 "POST /checkv2 HTTP/1.1\r\nHost: localhost:11334\r\nUser-Agent: curl/7.68.0\r\nAccept: */*\r\nContent-Type: message/rfc822\r\nContent-Length: 41\r\n\r\nContent-Type: text/plainMIME-Version: 1.0", settings=<optimized out>, parser=0x7f5ba98d1db8) at ./contrib/http-parser/http_parser.c:1773
unhex_val = <optimized out>
p = <optimized out>
header_value_mark = <optimized out>
url_mark = <optimized out>
header_field_mark = <optimized out>
c = <optimized out>
ch = 67 'C'
body_mark = <optimized out>
status_mark = <optimized out>
c = <optimized out>
ch = <optimized out>
unhex_val = <optimized out>
p = <optimized out>
header_field_mark = <optimized out>
header_value_mark = <optimized out>
url_mark = <optimized out>
body_mark = <optimized out>
status_mark = <optimized out>
__PRETTY_FUNCTION__ = <optimized out>
matcher = <optimized out>
t = <optimized out>
to_read = <optimized out>
t = <optimized out>
to_read = <optimized out>
#30 http_parser_execute (parser=0x7f5ba98d1db8, settings=<optimized out>, data=0x7f5ba5315010 "POST /checkv2 HTTP/1.1\r\nHost: localhost:11334\r\nUser-Agent: curl/7.68.0\r\nAccept: */*\r\nContent-Type: message/rfc822\r\nContent-Length: 41\r\n\r\nContent-Type: text/plainMIME-Version: 1.0", len=<optimized out>) at ./contrib/http-parser/http_parser.c:572
c = <optimized out>
ch = <optimized out>
unhex_val = <optimized out>
p = 0x7f5ba5315010 "POST /checkv2 HTTP/1.1\r\nHost: localhost:11334\r\nUser-Agent: curl/7.68.0\r\nAccept: */*\r\nContent-Type: message/rfc822\r\nContent-Length: 41\r\n\r\nContent-Type: text/plainMIME-Version: 1.0"
__PRETTY_FUNCTION__ = "http_parser_execute"
matcher = <optimized out>
t = <optimized out>
to_read = <optimized out>
t = <optimized out>
to_read = <optimized out>
#31 0x00007f5bad4dfbe4 in rspamd_http_event_handler (fd=<optimized out>, what=<optimized out>, ud=0x7f5ba99a53c0) at ./src/libserver/http/http_connection.c:953
conn = 0x7f5ba99a53c0
priv = 0x7f5ba98d1d80
pbuf = 0x7f5ba74891b0
d = 0x7f5ba5315010 "POST /checkv2 HTTP/1.1\r\nHost: localhost:11334\r\nUser-Agent: curl/7.68.0\r\nAccept: */*\r\nContent-Type: message/rfc822\r\nContent-Length: 41\r\n\r\nContent-Type: text/plainMIME-Version: 1.0"
r = 178
err = <optimized out>
__func__ = "rspamd_http_event_handler"
#32 0x00007f5bacef1646 in ev_invoke_pending (loop=0x7f5ba9847c00) at ./contrib/libev/ev.c:3807
p = <optimized out>
#33 0x00007f5bacef66ad in ev_run (flags=0, loop=0x7f5ba9847c00) at ./contrib/libev/ev.c:4227
__PRETTY_FUNCTION__ = <optimized out>
#34 ev_run (loop=0x7f5ba9847c00, flags=flags@entry=0) at ./contrib/libev/ev.c:4058
__PRETTY_FUNCTION__ = "ev_run"
waittime = <optimized out>
sleeptime = <optimized out>
prev_mn_now = <optimized out>
to = <optimized out>
to = <optimized out>
#35 0x00005620c11a8803 in ev_loop (flags=0, loop=<optimized out>) at ./contrib/libev/ev.h:830
No locals.
#36 start_controller_worker (worker=0x7f5ba98798c0) at ./src/controller.c:3667
ctx = 0x7f5ba80099b8
mctx = <optimized out>
iter = {dummy1 = 0x7f5ba9963ea0, dummy2 = 0x7ffec2b5f6c0, dummy3 = 0x7ffec2b5f680, dummy4 = 8, dummy5 = -247561067, dummy6 = 0x7f5b00000003}
key = 0x7f5bad65ff29
value = 0x7f5ba99978c0
i = <optimized out>
m = <optimized out>
__func__ = "start_controller_worker"
#37 0x00007f5bad4e80eb in rspamd_fork_worker (rspamd_main=0x7f5ba9862000, cf=0x7f5ba98f1500, index=0, ev_base=<optimized out>, term_handler=<optimized out>) at ./src/libserver/worker_util.c:1059
wrk = 0x7f5ba98798c0
rc = <optimized out>
rlim = {rlim_cur = 104857600, rlim_max = 104857600}
__func__ = "rspamd_fork_worker"
#38 0x00005620c11a21d9 in rspamd_fork_delayed_cb (loop=<optimized out>, w=<optimized out>, revents=<optimized out>) at ./src/rspamd.c:373
waiting_worker = 0x7f5ba52894e0
#39 0x00007f5bacef1646 in ev_invoke_pending (loop=0x7f5bacefc280 <default_loop_struct>) at ./contrib/libev/ev.c:3807
p = <optimized out>
#40 0x00007f5bacef66ad in ev_run (flags=0, loop=0x7f5bacefc280 <default_loop_struct>) at ./contrib/libev/ev.c:4227
__PRETTY_FUNCTION__ = <optimized out>
#41 ev_run (loop=0x7f5bacefc280 <default_loop_struct>, flags=0) at ./contrib/libev/ev.c:4058
__PRETTY_FUNCTION__ = "ev_run"
waittime = <optimized out>
sleeptime = <optimized out>
prev_mn_now = <optimized out>
to = <optimized out>
to = <optimized out>
#42 0x00005620c119b636 in ev_loop (flags=0, loop=0x7f5bacefc280 <default_loop_struct>) at ./contrib/libev/ev.h:830
No locals.
#43 main (argc=<optimized out>, argv=<optimized out>, env=<optimized out>) at ./src/rspamd.c:1525
i = <optimized out>
signals = {__sigaction_handler = {sa_handler = 0x0, sa_sigaction = 0x0}, sa_mask = {__val = {0 <repeats 16 times>}}, sa_flags = 0, sa_restorer = 0x0}
sigpipe_act = {__sigaction_handler = {sa_handler = 0x1, sa_sigaction = 0x1}, sa_mask = {__val = {4096, 0 <repeats 15 times>}}, sa_flags = 0, sa_restorer = 0x2b9b5cc9}
pworker = <optimized out>
type = <optimized out>
control_addr = 0x7f5ba748bdf0
event_loop = 0x7f5bacefc280 <default_loop_struct>
rspamd_main = 0x7f5ba9862000
skip_pid = 1
__func__ = "main"
stat_update_time = <optimized out>