coredump in 1.10.3
Thomas Ward
teward at dark-net.net
Mon Mar 13 13:30:29 UTC 2017
Eww, that looks like a backport exploded.
Do me a favor and file a bug in Ubuntu for this with `ubuntu-bug nginx` so the retraced can trace the core dump.
Thomas
*Sent from my iPhone. Please excuse any typos, as they are likely to happen by accident.*
> On Mar 13, 2017, at 09:24, George . <george at ucdn.com> wrote:
>
>
> Hi Valentin,
>
> Sorry, I've sent the mail incidentally before I complete it ;)
>
> ssl_proxy_cores # ./nginx -V
> nginx version: nginx/1.10.3
> built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.4)
> built with OpenSSL 1.0.2g 1 Mar 2016 (running with OpenSSL 1.0.2g-fips 1 Mar 2016)
> TLS SNI support enabled
> configure arguments: --prefix=/cdn/nginx_ssl_proxy --with-cc-opt='-O0 -g -ggdb -march=core2' --with-debug --with-http_geoip_module --with-http_realip_module --with-http_ssl_module --without-http_charset_module --without-http_ssi_module --without-http_userid_module --without-http_autoindex_module --without-http_scgi_module --without-http_uwsgi_module --without-http_fastcgi_module --without-http_limit_conn_module --without-http_split_clients_module --without-http_limit_req_module --with-http_stub_status_module --with-http_v2_module
>
>
> and some variables values :
>
>
> (gdb) p q
> $1 = (ngx_queue_t *) 0x3fb0ab0
> (gdb) p * q
> $2 = {prev = 0xd3210507e0f72630, next = 0x5f5ded63e9edd904}
> (gdb) p h2c->waiting
> $3 = {prev = 0x3ac6ea0, next = 0x3fb0ab0}
>
>
> and here is the config
>
> nginx.conf:
>
> # SSL Proxy config for **************
>
> user cdnuser cdnuser;
> worker_processes auto;
> pid /cdn/tmp/nginx_ssl_proxy.pid;
>
> #error_log logs/error.nginx.log debug;
> error_log /dev/null error;
>
> worker_rlimit_nofile 73728;
> worker_rlimit_core 10240M;
> working_directory /cdn/tmp/ssl_proxy_cores/;
>
> events {
> worker_connections 24576;
> use epoll;
> }
>
> http {
>
> include mime.types;
> default_type application/octet-stream;
> reset_timedout_connection on;
> client_header_timeout 60s;
> client_body_timeout 60s;
> send_timeout 60s;
> client_header_buffer_size 16k;
> large_client_header_buffers 4 16k;
> client_body_buffer_size 1k;
> client_max_body_size 1k;
> connection_pool_size 512;
> server_names_hash_bucket_size 4096;
> server_names_hash_max_size 4096;
> request_pool_size 8k;
> output_buffers 1 256k;
> postpone_output 1460;
> proxy_buffers 8 8k;
>
> sendfile on;
> tcp_nopush off;
> tcp_nodelay on;
> keepalive_timeout 60 20;
> keepalive_requests 256;
> ignore_invalid_headers on;
> recursive_error_pages on;
> resolver **********;
> resolver_timeout 5s;
>
> #------------------------
> # SSL
> #------------------------
>
> ssl_ciphers '*************************************';
> ssl_prefer_server_ciphers on;
> ssl_session_timeout 15m;
> ssl_session_cache shared:SSL:50m;
> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
> ssl_session_tickets on;
> ssl_stapling on;
> ssl_dhparam /cdn/ssl_certs/common/dhparam2048.pem;
> ssl_buffer_size 16k;
>
> #------------------------
> # GeoIP
> #------------------------
>
> geoip_country /usr/share/GeoIP/GeoIP.dat;
> set_real_ip_from 127.0.0.1;
> real_ip_header X-Forwarded-For;
>
> #------------------------
> # Dynamic config stuff
> #------------------------
>
> variables_hash_max_size 2048;
> variables_hash_bucket_size 256;
>
> #------------------------
> # Log Formats
> #------------------------
>
> log_format cdn_ssl_log '``$connection``$connection_requests``$remote_addr``$geoip_city_country_code``$http_host``$request``$status``$request_method``$http_range``$bytes_sent``$body_bytes_sent``$request_time``$http_user_agent``$http_referer``$https``$http2``$sent_http_content_type``$sent_http_content_length``$sent_http_location``$sent_http_connection``$sent_http_keep_alive``$sent_http_transfer_encoding``$sent_http_cache_control``$sent_http_content_range``$sent_http_expires``$tcpinfo_rtt``$tcpinfo_rttvar``$tcpinfo_snd_cwnd``$tcpinfo_rcv_space``$upstream_addr``$upstream_connect_time``$upstream_cache_status``$upstream_status``$upstream_response_time``$upstream_response_length``$server_protocol``$ssl_cipher``$ssl_protocol``$ssl_server_name``$ssl_session_reused`';
>
> access_log syslog:server=**********,tag=rp_ssl_log cdn_ssl_log;
>
> #------------------------
> # Default and Main Server
> #------------------------
>
> upstream local_rp {
> server unix:/cdn/tmp/nginx.sock;
> keepalive 16;
> }
>
>
> #------------------------
> # *.ssl.ucdn.com server block
> #------------------------
>
> server {
> listen *:443 ssl http2;
> server_name *.ssl.ucdn.com;
>
> ssl_certificate /cdn/ssl_certs/shared/ssl.ucdn.com.crt;
> ssl_certificate_key /cdn/ssl_certs/shared/ssl.ucdn.com.key;
>
> proxy_http_version "1.1";
> proxy_set_header Connection "";
> proxy_intercept_errors on;
> proxy_max_temp_file_size 0;
>
> proxy_connect_timeout 10s;
> proxy_read_timeout 60s;
> proxy_send_timeout 10s;
>
> proxy_set_header Host $http_host;
> proxy_set_header X-Forwarded-For $remote_addr;
> proxy_set_header X-CDN-Force-SSL "True";
> proxy_set_header X-CDN-HTTP2 "$http2";
> proxy_set_header X-CDN-HTTPS "$https";
>
> location / {
> proxy_pass http://local_rp;
> error_page 301 302 307 = @redir;
> }
>
> location @redir {
> internal;
> set $cdn_upstream_http_location $upstream_http_location;
> proxy_pass $cdn_upstream_http_location;
> }
>
> }
>
> # other equivalent server blocks
> # .
> # .
> # .
> # .
> }
>
>
>> On Mon, Mar 13, 2017 at 3:17 PM, Valentin V. Bartenev <vbart at nginx.com> wrote:
>> On Monday 13 March 2017 15:06:17 George . wrote:
>> > Hi all,
>> >
>> > We've found two different coredumps in production machines running 1.10.3
>> > handing ssl and http v2 traffic.
>> >
>> > Here is the backtrace of version compiles with -O0 -g -ggdb
>> >
>> [..]
>>
>> Do you use any 3rd-party modules or patches? Could you show
>> nginx -V output?
>>
>> wbr, Valentin V. Bartenev
>>
>> _______________________________________________
>> nginx-devel mailing list
>> nginx-devel at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20170313/34634141/attachment.html>
More information about the nginx-devel
mailing list