freebsd stable - Oct 2007 - Mimedefang crashes on FreeBSD 6 STABLE, amd64

Hi everybody,

I'm trying to get mimedefang running on amd64. But unfortunatly the threaded
milter part ('mimedefang') does segfault after some time, normally 1-2
minutes.

pid 2331 (mimedefang), uid 1001: exited on signal 11 (core dumped)

gdb /idms/bin/mimedefang mimedefang-2331.core
#0  0x000000080066389c in pthread_testcancel () from /lib/libpthread.so.2
[New Thread 0x560000 (runnable)]
[New Thread 0x599800 (runnable)]
[New Thread 0x546c00 (runnable)]
[New Thread 0x5ad400 (runnable)]
[New Thread 0x5ad000 (runnable)]
[New Thread 0x599c00 (runnable)]
[New Thread 0x560800 (runnable)]
[New Thread 0x55e800 (runnable)]
[New Thread 0x55ec00 (runnable)]
[New Thread 0x55e400 (runnable)]
[New Thread 0x560c00 (runnable)]
[New Thread 0x58fc00 (runnable)]
[New Thread 0x57fc00 (runnable)]
[New Thread 0x599000 (runnable)]
[New Thread 0x52ac00 (runnable)]
[New Thread 0x57f800 (runnable)]
[New Thread 0x58f000 (runnable)]
[New Thread 0x57f400 (runnable)]
[New Thread 0x58f800 (runnable)]
[New Thread 0x52a800 (runnable)]
[New Thread 0x57f000 (runnable)]
[New Thread 0x546800 (runnable)]
[New Thread 0x52a400 (sleeping)]
[New Thread 0x52a000 (LWP 100058)]
[New Thread 0x524000 (runnable)]
[New LWP 100266]

Unfortunaltly the stack trace doesn't seem to be very usable:

(gdb) where
#0  0x000000080066c3fc in kse_thr_interrupt () at kse_thr_interrupt.S:2
#1  0x000000080065390a in sig_daemon (arg=0x0) at
/usr/src/lib/libpthread/thread/thr_sig.c:214
#2  0x0000000800661e2e in kse_sched_single (kmbx=0x521318) at
/usr/src/lib/libpthread/thread/thr_kern.c:886
#3  0x0000000000000000 in ?? ()
Cannot access memory at address 0x7fffffbff000

(gdb) frame 2
#2  0x0000000800661e2e in kse_sched_single (kmbx=0x521318) at 
/usr/src/lib/libpthread/thread/thr_kern.c:886
886                    
pthread_exit(curthread->start_routine(curthread->arg));
(gdb) p kmbx

$1 = (struct kse_mailbox *) 0x521318

(gdb) p *kmbx
$2 = {km_version = 0, km_curthread = 0x0, km_completed = 0x0, km_sigscaught = 
{__bits = {0, 0, 0, 0}}, km_flags = 19,
   km_func = 0x800661560 <kse_sched_single>, km_stack = {ss_sp =
0x7fffff9ff000
<Address 0x7fffff9ff000 out of bounds>,
     ss_size = 2097152, ss_flags = 0}, km_udata = 0x51c600, km_timeofday = 
{tv_sec = 0, tv_nsec = 0}, km_quantum = 0, km_lwp = 100058,
   __spare2__ = {0, 0, 0, 0, 0, 0, 0}}

I've tried to replace libpthread.so.2 with libc_r.6 or libthr.2, but
this doesn't help at all, I get smiliar segfaults. libc_r.6 is a userland
threading library, so it's definitly not the kernel which has a problem.

Are there known bugs with mimedefang on 64bit architectures ?

--
Martin

Martin Blapp, <mb@imp.ch> <mbr@FreeBSD.org>
------------------------------------------------------------------
ImproWare AG, UNIXSP & ISP, Zurlindenstrasse 29, 4133 Pratteln, CH
Phone: +41 61 826 93 00 Fax: +41 61 826 93 01
PGP: <finger -l mbr@freebsd.org>
PGP Fingerprint: B434 53FC C87C FE7B 0A18 B84C 8686 EF22 D300 551E
------------------------------------------------------------------

A kdump output shows always the same output. The file descriptor
'108/0x6c'
doesn't look very valid ....

------------------------------------------------------------------------------------------------------

  36626 mimedefang RET   kse_release 0
  36626 mimedefang RET   kse_release 0
  36626 mimedefang RET   fork 0
  36626 mimedefang CALL  kse_release(0x537f70)
  36626 mimedefang RET   kse_release 0
  36626 mimedefang RET   kse_release 0
  36626 mimedefang CALL  kse_release(0x521f70)
  36626 mimedefang CALL  gettimeofday(0x7fffff5f8eb0,0)
  36626 mimedefang CALL  kse_release(0x53ff70)
  36626 mimedefang CALL  kse_release(0x53bf70)
  36626 mimedefang RET   kse_release 0
  36626 mimedefang RET   kse_release 0
  36626 mimedefang CALL  kse_release(0x521f70)
  36626 mimedefang CALL  getpid
  36626 mimedefang RET   getpid 36626/0x8f12
  36626 mimedefang CALL  sendto(0x3,0x7fffff5f93b0,0x6c,0,0,0)
  36626 mimedefang GIO   fd 3 wrote 108 bytes
        "<20>Oct 19 11:55:57 mimedefang[36626]: 5422080 ->
0x540c00:
mimedefang.c(1924): EXIT cleanup: SMFIS_CONTINUE"
  36626 mimedefang RET   sendto 108/0x6c
  36626 mimedefang CALL  gettimeofday(0x7fffff5f8f10,0)
  36626 mimedefang RET   gettimeofday 0
  36626 mimedefang CALL  getpid
  36626 mimedefang RET   getpid 36626/0x8f12
  36626 mimedefang CALL  sendto(0x3,0x7fffff5f9410,0x6c,0,0,0)
  36626 mimedefang GIO   fd 3 wrote 108 bytes
        "<20>Oct 19 11:55:57 mimedefang[36626]: 5422080 ->
0x540c00:
mimedefang.c(1888): EXIT mfclose: SMFIS_CONTINUE"
  36626 mimedefang RET   sendto 108/0x6c
  36626 mimedefang PSIG  SIGSEGV SIG_DFL
  36626 mimedefang CALL  kse_thr_interrupt(0,0x4,0xb)
  36626 mimedefang NAMI  "/var/core/mimedefang-36626.core"


------------------------------------------------------------------------------------------------------

        "<20>Oct 19 11:53:03 mimedefang[33960]: 5422080 ->
0x51de00: mimedefang.c(1922): ENTER cleanup"
  33960 mimedefang RET   sendto 93/0x5d
  33960 mimedefang CALL  gettimeofday(0x7fffff5f8eb0,0)
  33960 mimedefang RET   gettimeofday 0
  33960 mimedefang CALL  getpid
  33960 mimedefang RET   getpid 33960/0x84a8
  33960 mimedefang CALL  sendto(0x3,0x7fffff5f93b0,0x6c,0,0,0)
  33960 mimedefang GIO   fd 3 wrote 108 bytes
        "<20>Oct 19 11:53:03 mimedefang[33960]: 5422080 ->
0x51de00: mimedefang.c(1924): EXIT cleanup: SMFIS_CONTINUE"
  33960 mimedefang RET   sendto 108/0x6c
  33960 mimedefang CALL  gettimeofday(0x7fffff5f8f10,0)
  33960 mimedefang RET   gettimeofday 0
  33960 mimedefang CALL  getpid
  33960 mimedefang RET   getpid 33960/0x84a8
  33960 mimedefang CALL  sendto(0x3,0x7fffff5f9410,0x6c,0,0,0)
  33960 mimedefang GIO   fd 3 wrote 108 bytes
        "<20>Oct 19 11:53:03 mimedefang[33960]: 5422080 ->
0x51de00: mimedefang.c(1888): EXIT mfclose: SMFIS_CONTINUE"
  33960 mimedefang RET   sendto 108/0x6c
  33960 mimedefang PSIG  SIGSEGV SIG_DFL
  33960 mimedefang CALL  kse_thr_interrupt(0,0x4,0xb)
  33960 mimedefang NAMI  "/var/core/mimedefang-33960.core"

------------------------------------------------------------------------------------------------------

Martin Blapp, <mb@imp.ch> <mbr@FreeBSD.org>
------------------------------------------------------------------
ImproWare AG, UNIXSP & ISP, Zurlindenstrasse 29, 4133 Pratteln, CH
Phone: +41 61 826 93 00 Fax: +41 61 826 93 01
PGP: <finger -l mbr@freebsd.org>
PGP Fingerprint: B434 53FC C87C FE7B 0A18 B84C 8686 EF22 D300 551E
------------------------------------------------------------------