<div dir="ltr">it our build from nginx repository <div>it a vanilla source </div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Mar 13, 2017 at 3:30 PM, Thomas Ward <span dir="ltr"><<a href="mailto:teward@dark-net.net" target="_blank">teward@dark-net.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div>Eww, that looks like a backport exploded.</div><div id="m_-2805859420702733175AppleMailSignature"><br></div><div id="m_-2805859420702733175AppleMailSignature">Do me a favor and file a bug in Ubuntu for this with `ubuntu-bug nginx` so the retraced can trace the core dump.</div><div id="m_-2805859420702733175AppleMailSignature"><br></div><div id="m_-2805859420702733175AppleMailSignature"><br></div><div id="m_-2805859420702733175AppleMailSignature">Thomas<br><br><div><br></div><div><br></div><div>*Sent from my iPhone. Please excuse any typos, as they are likely to happen by accident.*</div></div><div><div class="h5"><div><br>On Mar 13, 2017, at 09:24, George . <<a href="mailto:george@ucdn.com" target="_blank">george@ucdn.com</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr"><br class="m_-2805859420702733175gmail-Apple-interchange-newline"><table cellpadding="0" class="m_-2805859420702733175gmail-cf m_-2805859420702733175gmail-gJ" style="font-size:12.8px"><tbody><tr class="m_-2805859420702733175gmail-acZ"><td class="m_-2805859420702733175gmail-gF m_-2805859420702733175gmail-gK" style="width:1133px"><table cellpadding="0" class="m_-2805859420702733175gmail-cf m_-2805859420702733175gmail-ix" style="width:1133px"><tbody><tr><td><h3 class="m_-2805859420702733175gmail-iw"><span name="Valentin V. Bartenev" class="m_-2805859420702733175gmail-gD" style="font-size:12.8px">Hi Valentin, </span></h3></td></tr></tbody></table></td></tr></tbody></table>Sorry, I've sent the mail incidentally before I complete it ;) <div><br></div><div><div>ssl_proxy_cores # ./nginx -V </div><div>nginx version: nginx/1.10.3</div><div>built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.4) </div><div>built with OpenSSL 1.0.2g 1 Mar 2016 (running with OpenSSL 1.0.2g-fips 1 Mar 2016)</div><div>TLS SNI support enabled</div><div>configure arguments: --prefix=/cdn/nginx_ssl_proxy --with-cc-opt='-O0 -g -ggdb -march=core2' --with-debug --with-http_geoip_module --with-http_realip_module --with-http_ssl_module --without-http_charset_module --without-http_ssi_module --without-http_userid_module --without-http_autoindex_<wbr>module --without-http_scgi_module --without-http_uwsgi_module --without-http_fastcgi_module --without-http_limit_conn_<wbr>module --without-http_split_clients_<wbr>module --without-http_limit_req_<wbr>module --with-http_stub_status_module --with-http_v2_module</div></div><div><br></div><div><br></div><div>and some variables values :</div><div><br></div><div><div><br class="m_-2805859420702733175gmail-Apple-interchange-newline">(gdb) p q </div><div>$1 = (ngx_queue_t *) 0x3fb0ab0</div><div>(gdb) p * q </div><div>$2 = {prev = 0xd3210507e0f72630, next = 0x5f5ded63e9edd904}</div><div>(gdb) p h2c->waiting</div><div>$3 = {prev = 0x3ac6ea0, next = 0x3fb0ab0}</div></div><div><br></div><div><br></div><div>and here is the config </div><div><br></div><div><div>nginx.conf:<br></div><div><br></div><div><div># SSL Proxy config for **************</div><div><br></div><div>user cdnuser cdnuser;</div><div>worker_processes auto;</div><div>pid /cdn/tmp/nginx_ssl_proxy.pid;</div><div><br></div><div>#error_log logs/error.nginx.log debug;</div><div>error_log /dev/null error;</div><div><br></div><div>worker_rlimit_nofile 73728;</div><div>worker_rlimit_core 10240M;</div><div>working_directory /cdn/tmp/ssl_proxy_cores/;</div><div><br></div><div>events {</div><div> worker_connections 24576;</div><div> use epoll;</div><div>}</div><div><br></div><div>http {</div><div><br></div><div> include mime.types;</div><div> default_type application/octet-stream;</div><div> reset_timedout_connection on;</div><div> client_header_timeout 60s;</div><div> client_body_timeout 60s;</div><div> send_timeout 60s;</div><div> client_header_buffer_size 16k;</div><div> large_client_header_buffers 4 16k;</div><div> client_body_buffer_size 1k;</div><div> client_max_body_size 1k;</div><div> connection_pool_size 512;</div><div> server_names_hash_bucket_size 4096;</div><div> server_names_hash_max_size 4096;</div><div> request_pool_size 8k;</div><div> output_buffers 1 256k;</div><div> postpone_output 1460;</div><div> proxy_buffers 8 8k;</div><div><br></div><div> sendfile on;</div><div> tcp_nopush off;</div><div> tcp_nodelay on;</div><div> keepalive_timeout 60 20;</div><div> keepalive_requests 256;</div><div> ignore_invalid_headers on;</div><div> recursive_error_pages on;</div><div> resolver **********;</div><div> resolver_timeout 5s;</div><div> </div><div> #------------------------</div><div> # SSL</div><div> #------------------------</div><div> </div><div> ssl_ciphers '*****************************<wbr>********';</div><div> ssl_prefer_server_ciphers on;</div><div> ssl_session_timeout 15m;</div><div> ssl_session_cache shared:SSL:50m;</div><div> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;</div><div> ssl_session_tickets on;</div><div> ssl_stapling on;</div><div> ssl_dhparam /cdn/ssl_certs/common/<wbr>dhparam2048.pem;</div><div> ssl_buffer_size 16k;</div><div><br></div><div> #------------------------</div><div> # GeoIP</div><div> #------------------------</div><div><br></div><div> geoip_country /usr/share/GeoIP/GeoIP.dat;</div><div> set_real_ip_from 127.0.0.1;</div><div> real_ip_header X-Forwarded-For;</div><div><br></div><div> #------------------------</div><div> # Dynamic config stuff</div><div> #------------------------</div><div> </div><div> variables_hash_max_size 2048;</div><div> variables_hash_bucket_size 256;</div><div><br></div><div> #------------------------</div><div> # Log Formats</div><div> #------------------------</div><div><br></div><div> log_format cdn_ssl_log '``$connection``$connection_<wbr>requests``$remote_addr``$<wbr>geoip_city_country_code``$<wbr>http_host``$request``$status``<wbr>$request_method``$http_range``<wbr>$bytes_sent``$body_bytes_sent`<wbr>`$request_time``$http_user_<wbr>agent``$http_referer``$https``<wbr>$http2``$sent_http_content_<wbr>type``$sent_http_content_<wbr>length``$sent_http_location``$<wbr>sent_http_connection``$sent_<wbr>http_keep_alive``$sent_http_<wbr>transfer_encoding``$sent_http_<wbr>cache_control``$sent_http_<wbr>content_range``$sent_http_<wbr>expires``$tcpinfo_rtt``$<wbr>tcpinfo_rttvar``$tcpinfo_snd_<wbr>cwnd``$tcpinfo_rcv_space``$<wbr>upstream_addr``$upstream_<wbr>connect_time``$upstream_cache_<wbr>status``$upstream_status``$<wbr>upstream_response_time``$<wbr>upstream_response_length``$<wbr>server_protocol``$ssl_cipher``<wbr>$ssl_protocol``$ssl_server_<wbr>name``$ssl_session_reused`';</div><div><br></div><div> access_log syslog:server=**********,tag=<wbr>rp_ssl_log cdn_ssl_log;</div><div> </div><div> #------------------------</div><div> # Default and Main Server</div><div> #------------------------</div><div> </div><div> upstream local_rp {</div><div> server unix:/cdn/tmp/nginx.sock;</div><div> keepalive 16;</div><div> }</div><div><br></div><div> </div><div> #------------------------</div><div> # *.<a href="http://ssl.ucdn.com" target="_blank">ssl.ucdn.com</a> server block</div><div> #------------------------</div><div><br></div><div> server {</div><div> listen *:443 ssl http2;</div><div> server_name *.<a href="http://ssl.ucdn.com" target="_blank">ssl.ucdn.com</a>;</div><div><br></div><div> ssl_certificate /cdn/ssl_certs/shared/ssl.<wbr>ucdn.com.crt;</div><div> ssl_certificate_key /cdn/ssl_certs/shared/ssl.<wbr>ucdn.com.key;</div><div> </div><div> proxy_http_version "1.1";</div><div> proxy_set_header Connection "";</div><div> proxy_intercept_errors on;</div><div> proxy_max_temp_file_size 0;</div><div> </div><div> proxy_connect_timeout 10s;</div><div> proxy_read_timeout 60s;</div><div> proxy_send_timeout 10s;</div><div><br></div><div> proxy_set_header Host $http_host;</div><div> proxy_set_header X-Forwarded-For $remote_addr;</div><div> proxy_set_header X-CDN-Force-SSL "True";</div><div> proxy_set_header X-CDN-HTTP2 "$http2";</div><div> proxy_set_header X-CDN-HTTPS "$https";</div><div> </div><div> location / {</div><div> proxy_pass <a href="http://local_rp" target="_blank">http://local_rp</a>;</div><div> error_page 301 302 307 = @redir;</div><div> }</div><div><br></div><div> location @redir {</div><div> internal;</div><div> set $cdn_upstream_http_location $upstream_http_location;</div><div> proxy_pass $cdn_upstream_http_location;</div><div> }</div><div><br></div><div> }</div><div> </div><div> # other equivalent server blocks </div><div> # .</div><div> # .</div><div> # .</div><div> # .</div><div>}</div></div></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Mar 13, 2017 at 3:17 PM, Valentin V. Bartenev <span dir="ltr"><<a href="mailto:vbart@nginx.com" target="_blank">vbart@nginx.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On Monday 13 March 2017 15:06:17 George . wrote:<br>
> Hi all,<br>
><br>
> We've found two different coredumps in production machines running 1.10.3<br>
> handing ssl and http v2 traffic.<br>
><br>
> Here is the backtrace of version compiles with -O0 -g -ggdb<br>
><br>
</span>[..]<br>
<br>
Do you use any 3rd-party modules or patches? Could you show<br>
nginx -V output?<br>
<br>
wbr, Valentin V. Bartenev<br>
<br>
______________________________<wbr>_________________<br>
nginx-devel mailing list<br>
<a href="mailto:nginx-devel@nginx.org" target="_blank">nginx-devel@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailm<wbr>an/listinfo/nginx-devel</a><br>
</blockquote></div><br></div>
</div></blockquote><blockquote type="cite"><div><span>______________________________<wbr>_________________</span><br><span>nginx-devel mailing list</span><br><span><a href="mailto:nginx-devel@nginx.org" target="_blank">nginx-devel@nginx.org</a></span><br><span><a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" target="_blank">http://mailman.nginx.org/<wbr>mailman/listinfo/nginx-devel</a></span></div></blockquote></div></div></div><br>______________________________<wbr>_________________<br>
nginx-devel mailing list<br>
<a href="mailto:nginx-devel@nginx.org">nginx-devel@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" rel="noreferrer" target="_blank">http://mailman.nginx.org/<wbr>mailman/listinfo/nginx-devel</a><br></blockquote></div><br></div>