139 docker runtime_error ai_generated partial

Container exited with code 139 (segfault)

ID: docker/container-exited-139-segfault

Also available as: JSON · Markdown · 中文
72%Fix Rate
83%Confidence
1Evidence
2023-08-05First Seen

Version Compatibility

VersionStatusIntroducedDeprecatedNotes
Docker 24.0.5 active
Linux 5.10.0 active
glibc 2.35 active

Root Cause

The application inside the container crashed due to a segmentation fault, often caused by memory access violations, stack overflow, or incompatible shared libraries.

generic

中文

容器内应用程序因段错误崩溃,通常由内存访问违规、栈溢出或不兼容的共享库引起。

Official Documentation

https://docs.docker.com/engine/reference/commandline/run/#exit-status

Workarounds

  1. 80% success Enable core dumps inside the container: add '--ulimit core=-1' and mount a volume for core files: 'docker run --ulimit core=-1 -v /tmp/cores:/cores myapp'. Then analyze with gdb: 'gdb /path/to/binary /cores/core'. 
    Enable core dumps inside the container: add '--ulimit core=-1' and mount a volume for core files: 'docker run --ulimit core=-1 -v /tmp/cores:/cores myapp'. Then analyze with gdb: 'gdb /path/to/binary /cores/core'.
  2. 75% success Check for incompatible shared libraries: run 'ldd /usr/bin/myapp' inside the container. If any library is 'not found', rebuild the image with correct library versions. 
    Check for incompatible shared libraries: run 'ldd /usr/bin/myapp' inside the container. If any library is 'not found', rebuild the image with correct library versions.

中文步骤

  1. 在容器内启用核心转储:添加 '--ulimit core=-1' 并挂载卷以存储核心文件:'docker run --ulimit core=-1 -v /tmp/cores:/cores myapp'。然后使用 gdb 分析:'gdb /path/to/binary /cores/core'。
  2. 检查不兼容的共享库:在容器内运行 'ldd /usr/bin/myapp'。如果任何库显示 'not found',使用正确的库版本重建镜像。

Dead Ends

Common approaches that don't work:

  1. Increase container memory limit with --memory 60% fail

    Segfault is often not due to memory limit; increasing memory may mask the issue but not fix the root cause.

  2. Rebuild the image with --no-cache 70% fail

    Cache invalidation does not fix application logic errors or library incompatibilities.

  3. Run container with --security-opt seccomp=unconfined 55% fail

    Unconfined seccomp may allow more syscalls but does not prevent segfaults from application bugs.