Hi Lukas, On Fri, May 13, 2016 at 06:36:38PM +0200, Lukas Tribus wrote: > Not sure if that's what you meant by the other issue, but if there are still > buffer issues it may also caused the reported crash in zlib (since 1.6.4 but > also affects 1.6.5), that would be thread "Crash with kernel error", where > we are waiting for the OP to provide a stack trace.
You're absolutely right. I analysed this one (when the crash moved to glibc) and found in another RHEL6's libc that the instruction pointer was suspiciously close to memcpy(), and there are indeed memcpy() calls in the compression path. So assuming we get a negative length somewhere, all of this could be tied to a single bug having various effects depending on the version, config and environment. Now the question is : what could cause this ? We have Sasha's dump which will help figure in what state his sessions are and see in the code 1) if it's normal to end up in this state, and 2) if/why there is no way to leave this state. Willy
