Opened 7 months ago

Last modified 7 months ago

#2554 new defect

Some of the requests getting stuck after reload.

Reported by: lathanderjk@… Owned by:
Priority: major Milestone:
Component: http/3 Version: 1.25.x
Keywords: Cc:
uname -a: 5.15.0-
nginx -V: nginx version: nginx/1.25.3
built by gcc 8.5.0 20210514 (Red Hat 8.5.0-18.0.2) (GCC)
built with OpenSSL 3.0.10+quic 1 Aug 2023
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/ --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_gunzip_module --with-http_gzip_static_module --with-http_realip_module --with-http_ssl_module --with-http_stub_status_module --with-http_v2_module --with-http_v3_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-openssl=/root/rpmbuild/SOURCES/openssl-openssl-3.0.10-quic1 --add-module=/root/rpmbuild/SOURCES/ngx_brotli --add-module=/root/rpmbuild/SOURCES/ngx_http_geoip2_module --with-cc-opt='-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'


I suspected there are routed to shutting down workers but it happening even hours after last old workes is gone, only restart can fix it.

Oracle Linux 8.8, tested on 4.18.0-477.27.1.el8_8.x86_64 and 5.15.0- with quic_bpf on; (bpf rules are created verified with bpftool prog) without any difference also offical build of nginx from repositories.

Packet are correctly received according to tcpdump but there is no entry in nginx error log even on debug verbosity.

I tried to remove everything not necessary from configuration and play with http/3 module options but no success.

Change History (1)

comment:1 by lathanderjk@…, 7 months ago

I also tested running nginx as root or setting kernel.unprivileged_bpf_disabled=0 with quic_bpf on; and with quic_bpf off; not much help.

But from bpftool prog show looks like the rules are not changing during/after reload.(same ID and loaded_at)

Note: See TracTickets for help on using tickets.