* Phil Pennock:
> It really is dead on the first line of main(), since the
> initialisations of the function automatic-scope variables in main()
> don't happen and they're random garbage. (Unless there's a reason
> for arg_smtp_receive_timeout to be set to 4812437 via the -os option
> to Exim).
>
> So the segfault is happening during library loading.
We've got plenty of such core files, too. This seems to be a kernel
bug. Apparently, address space randomization sometimes puts the stack
right into the middle of a DSO mapping (or vice versa).
"info target" over an example I just picked gives me (among other
things):
0x00007fff80a66970 - 0x00007fff80a70a6c is .eh_frame in /usr/lib/libgnutls.so.26
0x00007fff80c71000 - 0x00007fff80c71010 is .ctors in /usr/lib/libgnutls.so.26
0x00007fff80c71010 - 0x00007fff80c71020 is .dtors in /usr/lib/libgnutls.so.26
0x00007fff80c71010 - 0x00007fff80c71020 is .dtors in /usr/lib/libgnutls.so.26
0x00007fff80c71020 - 0x00007fff80c71028 is .jcr in /usr/lib/libgnutls.so.26
0x00007fff80c71040 - 0x00007fff80c79da8 is .data.rel.ro in /usr/lib/libgnutls.so.26
0x00007fff80c79da8 - 0x00007fff80c79fa8 is .dynamic in /usr/lib/libgnutls.so.26
0x00007fff80c79fa8 - 0x00007fff80c7a0b8 is .got in /usr/lib/libgnutls.so.26
0x00007fff80c7a0b8 - 0x00007fff80c7b6a8 is .got.plt in /usr/lib/libgnutls.so.26
0x00007fff80c7b6c0 - 0x00007fff80c7ba90 is .data in /usr/lib/libgnutls.so.26
0x00007fff80c7baa0 - 0x00007fff80c7bb60 is .bss in /usr/lib/libgnutls.so.26
"print $rsp" tells me that the crash happens when %rsp has the value
0x00007fff80c4f640. That's outside that range, but then 0x40408 has
already been substracted. This means that %rsp was initially around
0x00007fff80c8fa48. If you pipe this message through sort, you'll
see that %rsp has travelled from above the libgnutls.so.26 mappings
to an (unused) space in the middle of it. This is clearly broken.
(I looked at a second example in our zoo, and it looks pretty
similar.)
After a bit more looking around, I think this is very likely Debian
bug #559035. On the system I'm looking at, the crashes have ceased
after booting 2.6.26-22lenny1.
--
Florian Weimer <fweimer@???>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
