coredump in 1.10.3

Thomas Ward teward at dark-net.net
Mon Mar 13 13:30:29 UTC 2017


Eww, that looks like a backport exploded.

Do me a favor and file a bug in Ubuntu for this with `ubuntu-bug nginx` so the retraced can trace the core dump.


Thomas



*Sent from my iPhone.  Please excuse any typos, as they are likely to happen by accident.*

> On Mar 13, 2017, at 09:24, George . <george at ucdn.com> wrote:
> 
> 
> Hi Valentin, 
> 
> Sorry, I've sent the mail incidentally before I complete it ;)  
> 
> ssl_proxy_cores # ./nginx -V 
> nginx version: nginx/1.10.3
> built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.4) 
> built with OpenSSL 1.0.2g  1 Mar 2016 (running with OpenSSL 1.0.2g-fips  1 Mar 2016)
> TLS SNI support enabled
> configure arguments: --prefix=/cdn/nginx_ssl_proxy --with-cc-opt='-O0 -g -ggdb -march=core2' --with-debug --with-http_geoip_module --with-http_realip_module --with-http_ssl_module --without-http_charset_module --without-http_ssi_module --without-http_userid_module --without-http_autoindex_module --without-http_scgi_module --without-http_uwsgi_module --without-http_fastcgi_module --without-http_limit_conn_module --without-http_split_clients_module --without-http_limit_req_module --with-http_stub_status_module --with-http_v2_module
> 
> 
> and some variables values :
> 
> 
> (gdb) p q 
> $1 = (ngx_queue_t *) 0x3fb0ab0
> (gdb) p * q 
> $2 = {prev = 0xd3210507e0f72630, next = 0x5f5ded63e9edd904}
> (gdb) p h2c->waiting
> $3 = {prev = 0x3ac6ea0, next = 0x3fb0ab0}
> 
> 
> and here is the config 
> 
> nginx.conf:
> 
> # SSL Proxy config for **************
> 
> user cdnuser cdnuser;
> worker_processes auto;
> pid /cdn/tmp/nginx_ssl_proxy.pid;
> 
> #error_log logs/error.nginx.log debug;
> error_log /dev/null error;
> 
> worker_rlimit_nofile 73728;
> worker_rlimit_core 10240M;
> working_directory /cdn/tmp/ssl_proxy_cores/;
> 
> events {
>     worker_connections 24576;
>     use epoll;
> }
> 
> http {
> 
>     include                         mime.types;
>     default_type                    application/octet-stream;
>     reset_timedout_connection       on;
>     client_header_timeout           60s;
>     client_body_timeout             60s;
>     send_timeout                    60s;
>     client_header_buffer_size       16k;
>     large_client_header_buffers     4 16k;
>     client_body_buffer_size         1k;
>     client_max_body_size            1k;
>     connection_pool_size            512;
>     server_names_hash_bucket_size   4096;
>     server_names_hash_max_size      4096;
>     request_pool_size               8k;
>     output_buffers                  1 256k;
>     postpone_output                 1460;
>     proxy_buffers                   8 8k;
> 
>     sendfile on;
>     tcp_nopush off;
>     tcp_nodelay on;
>     keepalive_timeout 60 20;
>     keepalive_requests 256;
>     ignore_invalid_headers on;
>     recursive_error_pages on;
>     resolver **********;
>     resolver_timeout 5s;
>     
>     #------------------------
>     # SSL
>     #------------------------
>     
>     ssl_ciphers '*************************************';
>     ssl_prefer_server_ciphers on;
>     ssl_session_timeout 15m;
>     ssl_session_cache shared:SSL:50m;
>     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
>     ssl_session_tickets on;
>     ssl_stapling on;
>     ssl_dhparam /cdn/ssl_certs/common/dhparam2048.pem;
>     ssl_buffer_size  16k;
> 
>     #------------------------
>     # GeoIP
>     #------------------------
> 
>     geoip_country /usr/share/GeoIP/GeoIP.dat;
>     set_real_ip_from 127.0.0.1;
>     real_ip_header X-Forwarded-For;
> 
>     #------------------------
>     # Dynamic config stuff
>     #------------------------
>     
>     variables_hash_max_size 2048;
>     variables_hash_bucket_size 256;
> 
>     #------------------------
>     # Log Formats
>     #------------------------
> 
>     log_format cdn_ssl_log '``$connection``$connection_requests``$remote_addr``$geoip_city_country_code``$http_host``$request``$status``$request_method``$http_range``$bytes_sent``$body_bytes_sent``$request_time``$http_user_agent``$http_referer``$https``$http2``$sent_http_content_type``$sent_http_content_length``$sent_http_location``$sent_http_connection``$sent_http_keep_alive``$sent_http_transfer_encoding``$sent_http_cache_control``$sent_http_content_range``$sent_http_expires``$tcpinfo_rtt``$tcpinfo_rttvar``$tcpinfo_snd_cwnd``$tcpinfo_rcv_space``$upstream_addr``$upstream_connect_time``$upstream_cache_status``$upstream_status``$upstream_response_time``$upstream_response_length``$server_protocol``$ssl_cipher``$ssl_protocol``$ssl_server_name``$ssl_session_reused`';
> 
>     access_log syslog:server=**********,tag=rp_ssl_log cdn_ssl_log;
>     
>     #------------------------
>     # Default and Main Server
>     #------------------------
>     
>     upstream local_rp {
>         server unix:/cdn/tmp/nginx.sock;
>         keepalive 16;
>     }
> 
>     
>     #------------------------
>     # *.ssl.ucdn.com server block
>     #------------------------
> 
>     server {
>         listen *:443 ssl http2;
>         server_name *.ssl.ucdn.com;
> 
>         ssl_certificate       /cdn/ssl_certs/shared/ssl.ucdn.com.crt;
>         ssl_certificate_key   /cdn/ssl_certs/shared/ssl.ucdn.com.key;
>         
>         proxy_http_version "1.1";
>         proxy_set_header Connection "";
>         proxy_intercept_errors on;
>         proxy_max_temp_file_size 0;
>         
>         proxy_connect_timeout 10s;
>         proxy_read_timeout 60s;
>         proxy_send_timeout 10s;
> 
>         proxy_set_header Host $http_host;
>         proxy_set_header X-Forwarded-For $remote_addr;
>         proxy_set_header X-CDN-Force-SSL "True";
>         proxy_set_header X-CDN-HTTP2 "$http2";
>         proxy_set_header X-CDN-HTTPS "$https";
>                         
>         location / {
>             proxy_pass http://local_rp;
>             error_page 301 302 307 = @redir;
>         }
> 
>         location @redir {
>             internal;
>             set $cdn_upstream_http_location $upstream_http_location;
>             proxy_pass $cdn_upstream_http_location;
>         }
> 
>     }
>     
>     # other equivalent server blocks 
>     # .
>     # .
>     # .
>     # .
> }
> 
> 
>> On Mon, Mar 13, 2017 at 3:17 PM, Valentin V. Bartenev <vbart at nginx.com> wrote:
>> On Monday 13 March 2017 15:06:17 George . wrote:
>> > Hi all,
>> >
>> > We've found two different coredumps in production machines running 1.10.3
>> > handing ssl and http v2 traffic.
>> >
>> > Here is the backtrace of version compiles with -O0 -g -ggdb
>> >
>> [..]
>> 
>> Do you use any 3rd-party modules or patches?  Could you show
>> nginx -V output?
>> 
>>   wbr, Valentin V. Bartenev
>> 
>> _______________________________________________
>> nginx-devel mailing list
>> nginx-devel at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
> 
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20170313/34634141/attachment.html>


More information about the nginx-devel mailing list