Bug#553503: Random segfaults with 2.6.26 on amd64
Andreas Metzler
ametzler at downhill.at.eu.org
Wed Dec 30 08:52:37 UTC 2009
notforwarded 553503
reassign 553503 linux-2.6
found 553503 2.6.26-19lenny2
found 553503 2.6.30-2
close 553503 2.6.32-3
tags 553503 lenny
thanks
On 2009-12-29 Valentin Vidic <Valentin.Vidic at CARNet.hr> wrote:
> Further investigation showed that process address space randomization
> in 2.6.26-2-xen-amd64 and 2.6.26-2-amd64 is causing random segfaults
> in exim4 and python. Problem can be reproduced by starting exim4 in
> a loop:
> # ulimit -c unlimited
> # for ((i = 0; i <= 100000; i++)); do exim4 -bV || break; done > /dev/null; echo $i
> Segmentation fault
> 12652
> The segfaults stop if address space randomization is disabled or stack
> size increased:
> # echo 0 > /proc/sys/kernel/randomize_va_space
> # for ((i = 0; i <= 100000; i++)); do exim4 -bV || break; done > /dev/null; echo $i
> 100001
> # echo 2 > /proc/sys/kernel/randomize_va_space
> # ulimit -s unlimited
> # for ((i = 0; i <= 100000; i++)); do exim4 -bV || break; done > /dev/null; echo $i
> 100001
> Core file generated during segfault shows that the stack segment got
> allocated in-between code segments and the application fails when it
> tries to grow the stack, but instead accesses a read-only segment:
> # gdb /usr/sbin/exim4 core
> (gdb) p $rsp
> $10 = (void *) 0x7fff249dd160
> (gdb) maintenance info sections
> Exec file:
> `/usr/sbin/exim4', file type elf64-x86-64.
> 0x0000000000400200->0x000000000040021c at 0x00000200: .interp ALLOC LOAD READONLY DATA HAS_CONTENTS
> 0x000000000040021c->0x000000000040023c at 0x0000021c: .note.ABI-tag ALLOC LOAD READONLY DATA HAS_CONTENTS
> 0x0000000000400240->0x0000000000400b2c at 0x00000240: .hash ALLOC LOAD READONLY DATA HAS_CONTENTS
> 0x0000000000400b30->0x0000000000400dc0 at 0x00000b30: .gnu.hash ALLOC LOAD READONLY DATA HAS_CONTENTS
> 0x0000000000400dc0->0x0000000000402a70 at 0x00000dc0: .dynsym ALLOC LOAD READONLY DATA HAS_CONTENTS
> 0x0000000000402a70->0x00000000004038e3 at 0x00002a70: .dynstr ALLOC LOAD READONLY DATA HAS_CONTENTS
> 0x00000000004038e4->0x0000000000403b48 at 0x000038e4: .gnu.version ALLOC LOAD READONLY DATA HAS_CONTENTS
> 0x0000000000403b48->0x0000000000403c58 at 0x00003b48: .gnu.version_r ALLOC LOAD READONLY DATA HAS_CONTENTS
> 0x0000000000403c58->0x0000000000403d18 at 0x00003c58: .rela.dyn ALLOC LOAD READONLY DATA HAS_CONTENTS
> 0x0000000000403d18->0x0000000000405248 at 0x00003d18: .rela.plt ALLOC LOAD READONLY DATA HAS_CONTENTS
> 0x0000000000405248->0x0000000000405260 at 0x00005248: .init ALLOC LOAD READONLY CODE HAS_CONTENTS
> 0x0000000000405260->0x0000000000406090 at 0x00005260: .plt ALLOC LOAD READONLY CODE HAS_CONTENTS
> 0x0000000000406090->0x0000000000482cc8 at 0x00006090: .text ALLOC LOAD READONLY CODE HAS_CONTENTS
> 0x0000000000482cc8->0x0000000000482cd6 at 0x00082cc8: .fini ALLOC LOAD READONLY CODE HAS_CONTENTS
> 0x0000000000482ce0->0x00000000004a5fd8 at 0x00082ce0: .rodata ALLOC LOAD READONLY DATA HAS_CONTENTS
> 0x00000000004a5fd8->0x00000000004a7244 at 0x000a5fd8: .eh_frame_hdr ALLOC LOAD READONLY DATA HAS_CONTENTS
> 0x00000000004a7248->0x00000000004acc94 at 0x000a7248: .eh_frame ALLOC LOAD READONLY DATA HAS_CONTENTS
> 0x00000000006ad000->0x00000000006ad010 at 0x000ad000: .ctors ALLOC LOAD DATA HAS_CONTENTS
> 0x00000000006ad010->0x00000000006ad020 at 0x000ad010: .dtors ALLOC LOAD DATA HAS_CONTENTS
> 0x00000000006ad020->0x00000000006ad028 at 0x000ad020: .jcr ALLOC LOAD DATA HAS_CONTENTS
> 0x00000000006ad028->0x00000000006ad248 at 0x000ad028: .dynamic ALLOC LOAD DATA HAS_CONTENTS
> 0x00000000006ad248->0x00000000006ad250 at 0x000ad248: .got ALLOC LOAD DATA HAS_CONTENTS
> 0x00000000006ad250->0x00000000006ad978 at 0x000ad250: .got.plt ALLOC LOAD DATA HAS_CONTENTS
> 0x00000000006ad980->0x00000000006b388c at 0x000ad980: .data ALLOC LOAD DATA HAS_CONTENTS
> 0x00000000006b38a0->0x00000000006b6f08 at 0x000b388c: .bss ALLOC
> 0x0000000000000000->0x000000000000000c at 0x000b388c: .gnu_debuglink READONLY HAS_CONTENTS
> Core file:
> `/root/core', file type elf64-x86-64.
> 0x0000000000000000->0x0000000000000324 at 0x00000dd0: note0 READONLY HAS_CONTENTS
> 0x0000000000000000->0x00000000000000d8 at 0x00000e54: .reg/19565 HAS_CONTENTS
> 0x0000000000000000->0x00000000000000d8 at 0x00000e54: .reg HAS_CONTENTS
> 0x0000000000000000->0x0000000000000110 at 0x00000fe4: .auxv HAS_CONTENTS
> 0x0000000000400000->0x00000000004ad000 at 0x00002000: load1 ALLOC LOAD READONLY CODE HAS_CONTENTS
> 0x00000000006ad000->0x00000000006b4000 at 0x000af000: load2 ALLOC LOAD HAS_CONTENTS
> 0x00000000006b4000->0x00000000006b7000 at 0x000b6000: load3 ALLOC LOAD HAS_CONTENTS
> 0x0000000000a46000->0x0000000000a67000 at 0x000b9000: load4 ALLOC LOAD HAS_CONTENTS
> 0x00007fff23a2c000->0x00007fff23a91000 at 0x000da000: load5 ALLOC LOAD READONLY CODE HAS_CONTENTS
> 0x00007fff23a91000->0x00007fff23c90000 at 0x0013f000: load6 ALLOC LOAD READONLY HAS_CONTENTS
> 0x00007fff23c90000->0x00007fff23c93000 at 0x0033e000: load7 ALLOC LOAD HAS_CONTENTS
> 0x00007fff23c93000->0x00007fff23ca9000 at 0x00341000: load8 ALLOC LOAD READONLY CODE HAS_CONTENTS
> 0x00007fff23ca9000->0x00007fff23ea9000 at 0x00357000: load9 ALLOC LOAD READONLY HAS_CONTENTS
> 0x00007fff23ea9000->0x00007fff23eaa000 at 0x00557000: load10 ALLOC LOAD HAS_CONTENTS
> 0x00007fff23eaa000->0x00007fff23eb9000 at 0x00558000: load11 ALLOC LOAD READONLY CODE HAS_CONTENTS
> 0x00007fff23eb9000->0x00007fff240b9000 at 0x00567000: load12 ALLOC LOAD READONLY HAS_CONTENTS
> 0x00007fff240b9000->0x00007fff240ba000 at 0x00767000: load13 ALLOC LOAD HAS_CONTENTS
> 0x00007fff240ba000->0x00007fff24204000 at 0x00768000: load14 ALLOC LOAD READONLY CODE HAS_CONTENTS
> 0x00007fff24204000->0x00007fff24403000 at 0x008b2000: load15 ALLOC LOAD READONLY HAS_CONTENTS
> 0x00007fff24403000->0x00007fff24406000 at 0x00ab1000: load16 ALLOC LOAD READONLY HAS_CONTENTS
> 0x00007fff24406000->0x00007fff24408000 at 0x00ab4000: load17 ALLOC LOAD HAS_CONTENTS
> 0x00007fff24408000->0x00007fff2440d000 at 0x00ab6000: load18 ALLOC LOAD HAS_CONTENTS
> 0x00007fff2440d000->0x00007fff244b4000 at 0x00abb000: load19 ALLOC LOAD READONLY CODE HAS_CONTENTS
> 0x00007fff244b4000->0x00007fff246b4000 at 0x00b62000: load20 ALLOC LOAD READONLY HAS_CONTENTS
> 0x00007fff246b4000->0x00007fff246bf000 at 0x00d62000: load21 ALLOC LOAD HAS_CONTENTS
> 0x00007fff246bf000->0x00007fff24803000 at 0x00d6d000: load22 ALLOC LOAD READONLY CODE HAS_CONTENTS
> 0x00007fff24803000->0x00007fff24a03000 at 0x00eb1000: load23 ALLOC LOAD READONLY HAS_CONTENTS
> 0x00007fff24a03000->0x00007fff24a08000 at 0x010b1000: load24 ALLOC LOAD HAS_CONTENTS
> 0x00007fff24a08000->0x00007fff24a08000 at 0x010b6000: load25 ALLOC
> s-> 0x00007fff24a09000->0x00007fff24a1e000 at 0x010b6000: load26 ALLOC LOAD HAS_CONTENTS
> 0x00007fff24ab1000->0x00007fff24ab2000 at 0x010cb000: load27 ALLOC LOAD READONLY CODE HAS_CONTENTS
> 0x00007fff24b34000->0x00007fff24b4a000 at 0x010cc000: load28 ALLOC LOAD READONLY CODE HAS_CONTENTS
> 0x00007fff24b4a000->0x00007fff24d4a000 at 0x010e2000: load29 ALLOC LOAD READONLY HAS_CONTENTS
> 0x00007fff24d4a000->0x00007fff24d4c000 at 0x012e2000: load30 ALLOC LOAD HAS_CONTENTS
> 0x00007fff24d4c000->0x00007fff24d50000 at 0x012e4000: load31 ALLOC LOAD HAS_CONTENTS
> 0x00007fff24d50000->0x00007fff24d52000 at 0x012e8000: load32 ALLOC LOAD READONLY CODE HAS_CONTENTS
> 0x00007fff24d52000->0x00007fff24f52000 at 0x012ea000: load33 ALLOC LOAD READONLY HAS_CONTENTS
> 0x00007fff24f52000->0x00007fff24f54000 at 0x014ea000: load34 ALLOC LOAD HAS_CONTENTS
> 0x00007fff24f54000->0x00007fff24fd6000 at 0x014ec000: load35 ALLOC LOAD READONLY CODE HAS_CONTENTS
> 0x00007fff24fd6000->0x00007fff251d5000 at 0x0156e000: load36 ALLOC LOAD READONLY HAS_CONTENTS
> 0x00007fff251d5000->0x00007fff251d7000 at 0x0176d000: load37 ALLOC LOAD HAS_CONTENTS
> 0x00007fff251d7000->0x00007fff251df000 at 0x0176f000: load38 ALLOC LOAD READONLY CODE HAS_CONTENTS
> 0x00007fff251df000->0x00007fff253df000 at 0x01777000: load39 ALLOC LOAD READONLY HAS_CONTENTS
> 0x00007fff253df000->0x00007fff253e1000 at 0x01977000: load40 ALLOC LOAD HAS_CONTENTS
> 0x00007fff253e1000->0x00007fff253e1000 at 0x01979000: load41 ALLOC
> 0x00007fff2540f000->0x00007fff25424000 at 0x01979000: load42 ALLOC LOAD READONLY CODE HAS_CONTENTS
> 0x00007fff25424000->0x00007fff25623000 at 0x0198e000: load43 ALLOC LOAD READONLY HAS_CONTENTS
> 0x00007fff25623000->0x00007fff25625000 at 0x01b8d000: load44 ALLOC LOAD HAS_CONTENTS
> 0x00007fff25625000->0x00007fff25625000 at 0x01b8f000: load45 ALLOC
> 0x00007fff25627000->0x00007fff25637000 at 0x01b8f000: load46 ALLOC LOAD READONLY CODE HAS_CONTENTS
> 0x00007fff25637000->0x00007fff25837000 at 0x01b9f000: load47 ALLOC LOAD READONLY HAS_CONTENTS
> 0x00007fff25837000->0x00007fff25839000 at 0x01d9f000: load48 ALLOC LOAD HAS_CONTENTS
> 0x00007fff25839000->0x00007fff25839000 at 0x01da1000: load49 ALLOC
> 0x00007fff2583b000->0x00007fff25863000 at 0x01da1000: load50 ALLOC LOAD READONLY CODE HAS_CONTENTS
> 0x00007fff25863000->0x00007fff25a62000 at 0x01dc9000: load51 ALLOC LOAD READONLY HAS_CONTENTS
> 0x00007fff25a62000->0x00007fff25a63000 at 0x01fc8000: load52 ALLOC LOAD HAS_CONTENTS
> 0x00007fff25a63000->0x00007fff25a7f000 at 0x01fc9000: load53 ALLOC LOAD READONLY CODE HAS_CONTENTS
> 0x00007fff25b68000->0x00007fff25b6b000 at 0x01fe5000: load54 ALLOC LOAD HAS_CONTENTS
> 0x00007fff25b6b000->0x00007fff25b6e000 at 0x01fe8000: load55 ALLOC LOAD READONLY CODE HAS_CONTENTS
> 0x00007fff25b6e000->0x00007fff25c6d000 at 0x01feb000: load56 ALLOC LOAD READONLY HAS_CONTENTS
> 0x00007fff25c6d000->0x00007fff25c6e000 at 0x020ea000: load57 ALLOC LOAD HAS_CONTENTS
> 0x00007fff25c6e000->0x00007fff25c72000 at 0x020eb000: load58 ALLOC LOAD HAS_CONTENTS
> 0x00007fff25c7b000->0x00007fff25c7e000 at 0x020ef000: load59 ALLOC LOAD HAS_CONTENTS
> 0x00007fff25c7e000->0x00007fff25c80000 at 0x020f2000: load60 ALLOC LOAD HAS_CONTENTS
> 0xffffffffff600000->0xffffffffff600000 at 0x020f4000: load61 ALLOC READONLY CODE
> Segfault can't be reproduced on 2.6.31-1-amd64 from unstable and in fact
> it was fixed in the mainline kernel few months ago:
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=80938332d8cf652f6b16e0788cf0ca136befe0b5
> After applying this patch to 2.6.26-2-xen-amd64 the segfaults don't
> happen any more, so please include it in Debian kernel packages.
Hello,
exim4 triggers a Linux kernel bug on amd64. Exim randomly crashes very
early at library inititialization, therefore no data loss is suspected.
See above and the bug log for details. (Thanks to Valentin)
This seems to apply to lenny and testing, sid is already fixed. I have
tried to reflect this when reassigning the bug.
It would be nice if this could be queued for a stable update.
thanks, cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-exim4-maintainers/attachments/20091230/9c353959/attachment-0001.pgp>
More information about the Pkg-exim4-maintainers
mailing list