Opened 8 months ago
Closed 8 months ago
#2636 closed defect (invalid)
SIGSEGV on https access
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | major | Milestone: | |
Component: | nginx-core | Version: | 1.24.x |
Keywords: | SIGSEGV | Cc: | |
uname -a: |
nginx version: nginx/1.24.0
Linux TREI 5.10.140 #330 PREEMPT Fri Apr 26 15:43:38 UTC 2024 armv5tejl GNU/Linux |
||
nginx -V: |
nginx version: nginx/1.24.0
configure arguments: --prefix=/opt/cross --with-http_ssl_module --with-cc-opt='-I/opt/cross/include -L/opt/cross/lib' --with-ld-opt=-L/opt/cross/lib |
Description (last modified by )
Hi all, a have a big trouble. After crosscompiling nginx for arm with openssl3.0.13 shared, it works great, but not for SSL access. I has already tried versions 1.24 and 1.26 with no luck.
# nginx -V nginx version: nginx/1.24.0 configure arguments: --prefix=/opt/cross --with-http_ssl_module --with-cc-opt='-I/opt/cross/include -L/opt/cross/lib' --with-ld-opt=-L/opt/cross/lib # uname -a Linux TREI 5.10.140 #330 PREEMPT Fri Apr 26 15:43:38 UTC 2024 armv5tejl GNU/Linux
my config
user root; worker_processes 1; events{ worker_connections 10; } http { include mime.types; error_log /var/tmp/nginx_error.log warn; server { listen 80; include fastcgi.conf; location / { ssi on; root /www; index index.shtml; } location /cgi-bin { ssi on; root /www; fastcgi_pass unix:/tmp/fastcgi.socket; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME /www$fastcgi_script_name; } } server { listen 443 ssl; ssl_certificate /var/tmp/server_cert.pem; ssl_certificate_key /etc/ssl/dim/server_key.pem; include /etc/nginx/fastcgi.conf; location / { ssi on; root /www; index index.shtml; } location /cgi-bin { ssi on; root /www; fastcgi_pass unix:/tmp/fastcgi.socket; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME /www$fastcgi_script_name; } } }
Any access on https://IP (http is all good) results SIGSEGV records in log
2024/04/05 00:24:07 [alert] 1252#0: worker process 1316 exited on signal 11 2024/04/05 00:24:09 [alert] 1252#0: worker process 1327 exited on signal 11 2024/04/05 00:24:11 [alert] 1252#0: worker process 1328 exited on signal 11 2024/04/05 00:24:13 [alert] 1252#0: worker process 1329 exited on signal 11
Firefox browser 98.0 x64
debugging "worker process" in gdb
Reading /sbin/nginx from remote target... Reading symbols from target:/sbin/nginx... Reading /usr/lib/libpcre2-8.so.0 from remote target... Reading /usr/lib/libssl.so.3 from remote target... Reading /usr/lib/libcrypto.so.3 from remote target... Reading /usr/lib/libz.so.1 from remote target... Reading /lib/libc.so.0 from remote target... Reading /lib/libatomic.so.1 from remote target... Reading /lib/ld-uClibc.so.0 from remote target... Reading symbols from target:/usr/lib/libpcre2-8.so.0... (No debugging symbols found in target:/usr/lib/libpcre2-8.so.0) Reading symbols from target:/usr/lib/libssl.so.3... (No debugging symbols found in target:/usr/lib/libssl.so.3) Reading symbols from target:/usr/lib/libcrypto.so.3... (No debugging symbols found in target:/usr/lib/libcrypto.so.3) Reading symbols from target:/usr/lib/libz.so.1... (No debugging symbols found in target:/usr/lib/libz.so.1) Reading symbols from target:/lib/libc.so.0... (No debugging symbols found in target:/lib/libc.so.0) Reading symbols from target:/lib/libatomic.so.1... (No debugging symbols found in target:/lib/libatomic.so.1) Reading symbols from target:/lib/ld-uclibc.so.0... (No debugging symbols found in target:/lib/ld-uClibc.so.0) Reading /lib/ld-uClibc.so.0 from remote target... 0xb6ad30b0 in epoll_wait () from target:/lib/libc.so.0 (gdb) c Continuing. Program received signal SIGSEGV, Segmentation fault. 0x0003c4b0 in ngx_shmtx_lock () (gdb) back #0 0x0003c4b0 in ngx_shmtx_lock () #1 0x000715ac in ngx_ssl_rotate_ticket_keys () #2 0x0007111c in ngx_ssl_ticket_key_callback () #3 0xb6f36ac0 in ?? () from target:/usr/lib/libssl.so.3 Backtrace stopped: previous frame identical to this frame (corrupt stack?) (gdb)
Dump of assembler code for function ngx_shmtx_lock: 0x0003c49c <+0>: push{r11, lr} 0x0003c4a0 <+4>: add r11, sp, #4 0x0003c4a4 <+8>: sub sp, sp, #24 0x0003c4a8 <+12>: str r0, [r11, #-24]; Oxffffffe8 0x0003c4ac <+16>: ldr r3, [r11, #-24]; Oxffffffe8 => 0x0003c4b0 <+20>: ldr r3, [r3] 0x0003c4b4 <+24>:ldr r3, [r3]
(gdb) info reg r0 0x37 55 r1 0х0 0 r2 0x1 1 r3 0×37 55 r4 0x13a4a88 20597384 r5 0x710c4 463044 r6 0x13f8850 20940880 r7 0x13e61c8 20865480 r8 0x13e6130 20865328 r9 Oxbec5a908 3200624904 r10 Oxbec5a8f8 3200624888 r11 Oxbec5a7cc 3200624588 r12 0xb6f5c43c 3069559868 sp Oxbec5a7b0 Oxbec5a7b0 lr 0x715ac 464300 pc 0×3c4b0 0x3c4b0 <ngx_shmtx_lock+20> 2147483664 cpsr 0x80000010
previous frame
(gdb) frame 1 #1 0x000715ac in ngx_ssl_rotate_ticket_keys ()
0x00071598 <+244>: str r3, [r11, #-32]; Oxffffffe0 0x0007159c <+248>: ldr r3, [r11, #-32]; Oxffffffe0 0x000715a0 <+252>: add r3, r3, #52;0x34 0x000715a4 <+256>: mov r0, r3 0x000715a8 <+260>: bl 0x3c49c <ngx_shmtx_lock> => 0x000715ac <+264>:ldr r3, [r11, #-28]; Oxffffffe4
PS
Only this works for me now
server { ssl_session_tickets off;
but how about such usefull thing as tickets....I want to use it
Attachments (2)
Change History (5)
by , 8 months ago
Attachment: | server_cert.pem added |
---|
by , 8 months ago
Attachment: | server_key.pem added |
---|
Example of generated server key for IP 192.9.203.77
comment:1 by , 8 months ago
Description: | modified (diff) |
---|
comment:2 by , 8 months ago
nginx does not officially support cross-compilation (except for Windows) due to inability to run feature tests. Detecting wrong features, type sizes and endianness may result in crashes like this.
comment:3 by , 8 months ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
Example of server cert