nginx 1.16.1 segfault with post_action on CentOS

Dubec, Tomáš tomas.dubec at avast.com
Mon Feb 3 12:25:55 UTC 2020


Hi guys,
since I cannot login into trac (no OAuth handler found), I'll try reporting
it here. We are experiencing segmentation faults on nginx 1.16.1 with
post_action.

CentOS:
# cat /etc/centos-release
CentOS Linux release 7.6.1810 (Core)

Nginx:
# nginx -V
nginx version: nginx/1.16.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx
--modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid
--lock-path=/var/run/nginx.lock
--http-client-body-temp-path=/var/cache/nginx/client_temp
--http-proxy-temp-path=/var/cache/nginx/proxy_temp
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
--http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx
--with-compat --with-file-aio --with-threads --with-http_addition_module
--with-http_auth_request_module --with-http_dav_module
--with-http_flv_module --with-http_gunzip_module
--with-http_gzip_static_module --with-http_mp4_module
--with-http_random_index_module --with-http_realip_module
--with-http_secure_link_module --with-http_slice_module
--with-http_ssl_module --with-http_stub_status_module
--with-http_sub_module --with-http_v2_module --with-mail
--with-mail_ssl_module --with-stream --with-stream_realip_module
--with-stream_ssl_module --with-stream_ssl_preread_module
--with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches
-m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'

Backtrace:
(gdb) bt
#0  ngx_pnalloc (pool=0x0, size=210) at src/core/ngx_palloc.c:139
#1  0x00005623ad760f7b in ngx_http_log_handler (r=0x5623adee67e0) at
src/http/modules/ngx_http_log_module.c:362
#2  0x00005623ad757470 in ngx_http_log_request (r=r at entry=0x5623adee67e0)
at src/http/ngx_http_request.c:3674
#3  0x00005623ad758d2c in ngx_http_free_request (r=r at entry=0x5623adee67e0,
rc=rc at entry=0)
    at src/http/ngx_http_request.c:3620
#4  0x00005623ad759931 in ngx_http_set_keepalive (r=0x5623adee67e0) at
src/http/ngx_http_request.c:3069
#5  ngx_http_finalize_connection (r=<optimized out>) at
src/http/ngx_http_request.c:2720
#6  0x00005623ad758fc6 in ngx_http_request_handler (ev=<optimized out>) at
src/http/ngx_http_request.c:2349
#7  0x00005623ad742c97 in ngx_epoll_process_events (cycle=<optimized out>,
timer=<optimized out>,
    flags=<optimized out>) at src/event/modules/ngx_epoll_module.c:902
#8  0x00005623ad73927a in ngx_process_events_and_timers (cycle=cycle at entry
=0x5623add5cbc0)
    at src/event/ngx_event.c:242
#9  0x00005623ad740f41 in ngx_worker_process_cycle
(cycle=cycle at entry=0x5623add5cbc0,
data=data at entry=0x2)
    at src/os/unix/ngx_process_cycle.c:750
#10 0x00005623ad73f3eb in ngx_spawn_process (cycle=cycle at entry=0x5623add5cbc0,

    proc=proc at entry=0x5623ad740ec0 <ngx_worker_process_cycle>,
data=data at entry=0x2,
    name=name at entry=0x5623ad7e16e3 "worker process", respawn=respawn at entry=-3)
at src/os/unix/ngx_process.c:199
#11 0x00005623ad7405f0 in ngx_start_worker_processes
(cycle=cycle at entry=0x5623add5cbc0,
n=4, type=type at entry=-3)
    at src/os/unix/ngx_process_cycle.c:359
#12 0x00005623ad741903 in ngx_master_process_cycle (cycle=cycle at entry
=0x5623add5cbc0)
    at src/os/unix/ngx_process_cycle.c:131
#13 0x00005623ad718d0f in main (argc=<optimized out>, argv=<optimized out>)
at src/core/nginx.c:382

error log:
2020/02/03 05:03:51 [error] 2916923#2916923: *15968395 limiting requests,
excess: 20.170 by zone "one", client: x.x.x.x, server: xxxx, request: "POST
/xxxx/xxxx HTTP/1.1", host: "xxxx"
2020/02/03 05:03:51 [alert] 2389939#2389939: worker process 2916923 exited
on signal 11 (core dumped)

nginx server configuration:
server {
  listen       *:443 ssl;
  server_name  xxxx;
  ssl on;
  ssl_certificate           /etc/nginx/xxx.crt;
  ssl_certificate_key       /etc/nginx/xxx.key;
  ssl_certificate           /etc/nginx/xxx_ecc.crt;
  ssl_certificate_key       /etc/nginx/xxx_ecc.key;
  ssl_session_cache         shared:SSL:10m;
  ssl_session_timeout       5m;
  ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers
ECDSA:HIGH:MEDIUM:!LOW:!SEED:!IDEA:!RC4:!MD5:!DH:!eNULL:!aNULL;
  ssl_prefer_server_ciphers on;
  index  index.html index.htm index.php;
  access_log            /var/log/nginx/access.log ;
  error_log             /var/log/nginx/error.log;
  limit_req zone=one burst=20 nodelay;
  limit_req_status 429;
  location / {
    client_body_buffer_size         2m;
    client_max_body_size         2m;
    post_action         @forward_anchor
    proxy_http_version         1.1;
    proxy_next_upstream         error timeout invalid_header http_500;
    proxy_set_header    Connection         "";
    proxy_set_header    Content-Type         "application/octet-stream";
    proxy_set_header    X-Forwarded-For         $proxy_add_x_forwarded_for;
    proxy_pass          http://xxxx;
    proxy_read_timeout  90;
  }
  location @forward_anchor {
    client_body_buffer_size         2m;
    client_max_body_size         2m;
    proxy_connect_timeout         5;
    proxy_http_version         1.1;
    proxy_next_upstream         error timeout invalid_header http_500;
    proxy_send_timeout         5;
    proxy_set_header    Connection         "";
    proxy_set_header    Content-Type         "application/octet-stream";
    proxy_set_header    X-Forwarded-For         $proxy_add_x_forwarded_for;
    proxy_pass          http://xxxx;
    proxy_read_timeout  90;
    proxy_set_header Host $http_host;
  }
}

We are running a server with the same configuration, apart from the
"post_action", which is missing. This configuration does not experience any
issues.
Can someone with access to trac please create a bug report?

Regards
Tomas Dubec
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20200203/16966b6b/attachment.htm>


More information about the nginx mailing list