* Phil Pennock: > It really is dead on the first line of main(), since the > initialisations of the function automatic-scope variables in main() > don't happen and they're random garbage. (Unless there's a reason > for arg_smtp_receive_timeout to be set to 4812437 via the -os option > to Exim). > > So the segfault is happening during library loading.
We've got plenty of such core files, too. This seems to be a kernel bug. Apparently, address space randomization sometimes puts the stack right into the middle of a DSO mapping (or vice versa). "info target" over an example I just picked gives me (among other things): 0x00007fff80a66970 - 0x00007fff80a70a6c is .eh_frame in /usr/lib/libgnutls.so.26 0x00007fff80c71000 - 0x00007fff80c71010 is .ctors in /usr/lib/libgnutls.so.26 0x00007fff80c71010 - 0x00007fff80c71020 is .dtors in /usr/lib/libgnutls.so.26 0x00007fff80c71010 - 0x00007fff80c71020 is .dtors in /usr/lib/libgnutls.so.26 0x00007fff80c71020 - 0x00007fff80c71028 is .jcr in /usr/lib/libgnutls.so.26 0x00007fff80c71040 - 0x00007fff80c79da8 is .data.rel.ro in /usr/lib/libgnutls.so.26 0x00007fff80c79da8 - 0x00007fff80c79fa8 is .dynamic in /usr/lib/libgnutls.so.26 0x00007fff80c79fa8 - 0x00007fff80c7a0b8 is .got in /usr/lib/libgnutls.so.26 0x00007fff80c7a0b8 - 0x00007fff80c7b6a8 is .got.plt in /usr/lib/libgnutls.so.26 0x00007fff80c7b6c0 - 0x00007fff80c7ba90 is .data in /usr/lib/libgnutls.so.26 0x00007fff80c7baa0 - 0x00007fff80c7bb60 is .bss in /usr/lib/libgnutls.so.26 "print $rsp" tells me that the crash happens when %rsp has the value 0x00007fff80c4f640. That's outside that range, but then 0x40408 has already been substracted. This means that %rsp was initially around 0x00007fff80c8fa48. If you pipe this message through sort, you'll see that %rsp has travelled from above the libgnutls.so.26 mappings to an (unused) space in the middle of it. This is clearly broken. (I looked at a second example in our zoo, and it looks pretty similar.) After a bit more looking around, I think this is very likely Debian bug #559035. On the system I'm looking at, the crashes have ceased after booting 2.6.26-22lenny1. -- Florian Weimer <[email protected]> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
