Please be aware of the following bug in RHEL and CentOS 6.8 when using Xen as your Hypervisor. We experienced this issue on a couple of servers after updating CentOS after which some websites were starting to serve “503 Service Unavailable” or “404 Page not found” errors. The website related logfiles didn’t show any issues, only “dmesg” contains one or more of the following errors:
php-fpm70 trap invalid opcode ip:7f3a78704d60 sp:7fff6426b838 error:0 in libfreeblpriv3.so[7f3a786b2000+72000]
Also cURL could not connect to URLs behind https, this exited with error: Illegal Instruction
We solved this issue by downgrading the NSS packages:
yum downgrade ./*.rpm
Then restart your services.
CentOS related page: https://bugs.centos.org/view.php?id=10930
RHEL related page: https://access.redhat.com/solutions/2313911
- Red Hat Enterprise Linux (RHEL) and CentOS 6.8
- XEN Hypervisor
Segfaults in libfreeblpriv3.so after upgrading to RHEL 6.8. This is affecting some components that utilize nss libraries. Currently these include:
- Apache child processes are crashing when they are using SSL
- Calls to curl libraries that access web sites secured via https are segfaulting
A resolution has not yet been identified. Red Hat engineers are treating this as a high-severity issue which is being actively worked on.
Although RHEL 6.8 does not fully support AVX extensions some packages are still aware of the availability of AVX extensions. The
nss-softokenpackage attempts to use AVX extensions to accelerate AES encryption operations, and this accelerated encryption operation fails.
Note: This issue has been reported on RHEL 6 guests running on a XEN hypervisor with processors that have AVX extensions.
- One known reproducer is as simple as having curl installed and running ”’/usr/bin/curl https://google.com”’:Shell
12 [root@rhdebug ~]# /usr/bin/curl https://google.comIllegal instruction