On 2016-02-26 08:57, Fabian Niepelt wrote: > Package: libc6 > Version: 2.13-38+deb7u10 > > Dear maintainer, > > since the latest update for glibc we keep observing occasional > segmentation faults in libresolv [1]. They are triggered (for us) by > php5-fpm which runs an Owncloud instance when logging in. After the > segfault happens, I can relogin successfuly for about 20 minutes at > which point the segfault happens again. Restarting php5-fpm or > rebooting also does not influence the occurence of it. > > We were using the 5.5 packages from the dotdeb repository, but the > segfaults persist in the 5.6 packages and the official wheezy 5.4 > packages. > > Attaching to the php5-fpm worker process with GDB yields [2] at > segfault time. (for debugging purposes I set the amount of pool workers > to 1 so I would not attach to the wrong process) Would it be possible to get a full backtrace to get an idea from where __libc_res_nsearch is called? You can get it running the command "bt full" in GDB. > Ubuntu seems to have a similar problem since the update: > https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1546459 I am not fully sure it's the same bug, it looks like more a mismatch between the nss libraries and the libc, at least for the ubuntu-installer issue. > I'll be gladly providing additional info if you require it. When you do such a test do you restart all the processes after upgrading the libc? It wonder if it could be that the process is started with the old libc and is later dlopening the new nss libraries. > [1] > [57348.111866] php5-fpm[20421]: segfault at 200000001 ip > 00007fd339eb74fa sp 00007fff9f055700 error 4 in libresolv- > 2.13.so[7fd339eaf000+13000] > [62889.617877] php5-fpm[20420]: segfault at 270752f65 ip > 00007fd339eb74fa sp 00007fff9f055700 error 4 in libresolv- > 2.13.so[7fd339eaf000+13000] > [64717.111099] php5-fpm[20753]: segfault at 270752f65 ip > 00007ff6819ef4fa sp 00007fff0d576a90 error 4 in libresolv- > 2.13.so[7ff6819e7000+13000] > [66684.547776] php5-fpm[21385]: segfault at 270752f65 ip > 00007fd55be4f4fa sp 00007fffe6a3dcd0 error 4 in libresolv- > 2.13.so[7fd55be47000+13000] > > [2] > [many symbols being loaded messages] > 82 ../sysdeps/unix/syscall-template.S: No such file or directory. > Traceback (most recent call last): > File "/usr/lib/debug/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.17- > gdb.py", line 62, in <module> > from libstdcxx.v6.printers import register_libstdcxx_printers > ImportError: No module named libstdcxx.v6.printers > (gdb) continue > Continuing. > warning: Could not load shared library symbols for > /lib/libnss_dns.so.2. > Do you need "set solib-search-path" or "set sysroot"? > > Program received signal SIGSEGV, Segmentation fault. > 0x00007f146545e4fa in *__GI___libc_res_nsearch (statp=0x7f14659f7300, > name=<optimized out>, class=<optimized out>, type=<optimized out>, > answer=0x7fff6d6c0df0 "2", anslen=<optimized out>, > answerp=0x7fff6d6c1660, > answerp2=0x7fff6d6c1658, nanswerp2=0x7fff6d6c167c, > resplen2=0x7fff6d6c1678, answerp2_malloced=0x200000032) at > res_query.c:393 > 393 res_query.c: No such file or directory. This clearly shows that the crash is due the answerp2_malloced pointing at a random location in the following code: if (answerp2 && *answerp2_malloced) Well not so random if you look at the kernel logs and the GDB entry. We have 0x200000001, 0x200000032 and 3 times 0x270752f65. Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurelien@aurel32.net http://www.aurel32.net
Attachment:
signature.asc
Description: PGP signature