Opened 8 months ago

Closed 8 months ago

#2636 closed defect (invalid)

SIGSEGV on https access

Reported by: di386@… Owned by:
Priority: major Milestone:
Component: nginx-core Version: 1.24.x
Keywords: SIGSEGV Cc:
uname -a: nginx version: nginx/1.24.0
Linux TREI 5.10.140 #330 PREEMPT Fri Apr 26 15:43:38 UTC 2024 armv5tejl GNU/Linux
nginx -V: nginx version: nginx/1.24.0
configure arguments: --prefix=/opt/cross --with-http_ssl_module --with-cc-opt='-I/opt/cross/include -L/opt/cross/lib' --with-ld-opt=-L/opt/cross/lib

Description (last modified by di386@…)

Hi all, a have a big trouble. After crosscompiling nginx for arm with openssl3.0.13 shared, it works great, but not for SSL access. I has already tried versions 1.24 and 1.26 with no luck.

# nginx -V
nginx version: nginx/1.24.0
configure arguments: --prefix=/opt/cross --with-http_ssl_module --with-cc-opt='-I/opt/cross/include -L/opt/cross/lib' --with-ld-opt=-L/opt/cross/lib
# uname -a
Linux TREI 5.10.140 #330 PREEMPT Fri Apr 26 15:43:38 UTC 2024 armv5tejl GNU/Linux

my config

user root;
worker_processes 1;
events{
    worker_connections 10;
}
 
http
{
include mime.types;
error_log /var/tmp/nginx_error.log warn;
server {
    listen 80;
    include fastcgi.conf;
    location / {
    ssi on;
    root     /www;
    index index.shtml;
    }
    location /cgi-bin {
    ssi on;
    root /www;
    fastcgi_pass unix:/tmp/fastcgi.socket;
    include /etc/nginx/fastcgi_params;
    fastcgi_param SCRIPT_FILENAME /www$fastcgi_script_name;
    }
}
server {
    listen 443 ssl;
    ssl_certificate     /var/tmp/server_cert.pem;
    ssl_certificate_key /etc/ssl/dim/server_key.pem;
    include /etc/nginx/fastcgi.conf;
    location / {
    ssi on;
    root     /www;
    index index.shtml;
    }
    location /cgi-bin {
    ssi on;
    root /www;
    fastcgi_pass unix:/tmp/fastcgi.socket;
    include /etc/nginx/fastcgi_params;
    fastcgi_param SCRIPT_FILENAME /www$fastcgi_script_name;
    }
}
}

Any access on https://IP (http is all good) results SIGSEGV records in log

2024/04/05 00:24:07 [alert] 1252#0: worker process 1316 exited on signal 11
2024/04/05 00:24:09 [alert] 1252#0: worker process 1327 exited on signal 11
2024/04/05 00:24:11 [alert] 1252#0: worker process 1328 exited on signal 11
2024/04/05 00:24:13 [alert] 1252#0: worker process 1329 exited on signal 11

Firefox browser 98.0 x64

debugging "worker process" in gdb

Reading /sbin/nginx from remote target... Reading symbols from target:/sbin/nginx...

Reading /usr/lib/libpcre2-8.so.0 from remote target... Reading /usr/lib/libssl.so.3 from remote target... Reading /usr/lib/libcrypto.so.3 from remote target... Reading /usr/lib/libz.so.1 from remote target... Reading /lib/libc.so.0 from remote target... Reading /lib/libatomic.so.1 from remote target... Reading /lib/ld-uClibc.so.0 from remote target... Reading symbols from target:/usr/lib/libpcre2-8.so.0...

(No debugging symbols found in target:/usr/lib/libpcre2-8.so.0) Reading symbols from target:/usr/lib/libssl.so.3...

(No debugging symbols found in target:/usr/lib/libssl.so.3) Reading symbols from target:/usr/lib/libcrypto.so.3...

(No debugging symbols found in target:/usr/lib/libcrypto.so.3) Reading symbols from target:/usr/lib/libz.so.1...

(No debugging symbols found in target:/usr/lib/libz.so.1) Reading symbols from target:/lib/libc.so.0...

(No debugging symbols found in target:/lib/libc.so.0) Reading symbols from target:/lib/libatomic.so.1...

(No debugging symbols found in target:/lib/libatomic.so.1) Reading symbols from target:/lib/ld-uclibc.so.0...

(No debugging symbols found in target:/lib/ld-uClibc.so.0) Reading /lib/ld-uClibc.so.0 from remote target...

0xb6ad30b0 in epoll_wait () from target:/lib/libc.so.0 (gdb) c

Continuing.

Program received signal SIGSEGV, Segmentation fault. 0x0003c4b0 in ngx_shmtx_lock ()

(gdb) back

#0 0x0003c4b0 in ngx_shmtx_lock ()

#1 0x000715ac in ngx_ssl_rotate_ticket_keys ()

#2 0x0007111c in ngx_ssl_ticket_key_callback ()

#3 0xb6f36ac0 in ?? () from target:/usr/lib/libssl.so.3

Backtrace stopped: previous frame identical to this frame (corrupt stack?) (gdb)
Dump of assembler code for function ngx_shmtx_lock:

0x0003c49c <+0>: push{r11, lr}
0x0003c4a0 <+4>: add r11, sp, #4
0x0003c4a4 <+8>: sub sp, sp, #24
0x0003c4a8 <+12>: str r0, [r11, #-24]; Oxffffffe8
0x0003c4ac <+16>: ldr r3, [r11, #-24]; Oxffffffe8
=> 0x0003c4b0 <+20>: ldr r3, [r3]
0x0003c4b4 <+24>:ldr r3, [r3]
(gdb) info reg
r0 0x37 55
r1 0х0 0
r2 0x1 1
r3 0×37 55
r4 0x13a4a88 20597384
r5 0x710c4 463044
r6 0x13f8850 20940880
r7 0x13e61c8 20865480
r8 0x13e6130 20865328
r9 Oxbec5a908 3200624904
r10 Oxbec5a8f8 3200624888
r11 Oxbec5a7cc 3200624588
r12 0xb6f5c43c 3069559868
sp Oxbec5a7b0 Oxbec5a7b0
lr 0x715ac  464300
pc 0×3c4b0 0x3c4b0 <ngx_shmtx_lock+20> 2147483664
cpsr 0x80000010

previous frame

(gdb) frame 1
#1 0x000715ac in ngx_ssl_rotate_ticket_keys ()
0x00071598 <+244>: str r3, [r11, #-32]; Oxffffffe0 
0x0007159c <+248>: ldr r3, [r11, #-32]; Oxffffffe0 
0x000715a0 <+252>: add r3, r3, #52;0x34
0x000715a4 <+256>: mov r0, r3

0x000715a8 <+260>: bl 0x3c49c <ngx_shmtx_lock> 
=> 0x000715ac <+264>:ldr r3, [r11, #-28]; Oxffffffe4

PS
Only this works for me now

server {
   ssl_session_tickets off;

but how about such usefull thing as tickets....I want to use it

Attachments (2)

server_cert.pem (2.0 KB ) - added by di386@… 8 months ago.
Example of server cert
server_key.pem (3.2 KB ) - added by di386@… 8 months ago.
Example of generated server key for IP 192.9.203.77

Download all attachments as: .zip

Change History (5)

by di386@…, 8 months ago

Attachment: server_cert.pem added

Example of server cert

by di386@…, 8 months ago

Attachment: server_key.pem added

Example of generated server key for IP 192.9.203.77

comment:1 by di386@…, 8 months ago

Description: modified (diff)

comment:2 by Roman Arutyunyan, 8 months ago

nginx does not officially support cross-compilation (except for Windows) due to inability to run feature tests. Detecting wrong features, type sizes and endianness may result in crashes like this.

comment:3 by Roman Arutyunyan, 8 months ago

Resolution: invalid
Status: newclosed
Note: See TracTickets for help on using tickets.