Opened 10 years ago

Closed 10 years ago

#613 closed defect (duplicate)

nginx+ssl crashes very often on low memory environment — at Version 1

Reported by: Michael Blue Owned by:
Priority: major Milestone:
Component: nginx-core Version: 1.6.x
Keywords: Cc:
uname -a: Linux nxsrv 3.14-1-686-pae #1 SMP Debian 3.14.12-1 (2014-07-11) i686 GNU/Linux
nginx -V: Compile parameters:
nginx version: nginx/1.6.1
built by gcc 4.9.1 (Debian 4.9.1-4)
TLS SNI support enabled
configure arguments: --user=www --group=www --prefix=/usr/local/nginx-1.6.1-nopagespeed --error-log-path=/var/log/httpd/nginx_error.log --http-log-path=/var/log/httpd/nginx_access.log --pid-path=/usr/local/nginx/logs/nginx.pid --with-file-aio --with-http_spdy_module --with-http_ssl_module --with-http_realip_module --with-http_gzip_static_module --with-ipv6 --with-pcre --with-cpu-opt=amd64 --with-http_ssl_module --with-http_geoip_module --with-http_gzip_static_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --without-mail_smtp_module --without-http_uwsgi_module --without-http_scgi_module --add-module=../headers-more-nginx-module-master --with-debug

Description (last modified by Maxim Dounin)

Hello,

I'm using nginx version 1.6.1 stable branch and I'm experiencing few hundred crashes/day. First I thought that the problem was caused by ngx_pagespeed, so, I stopped using that. Seems like the bug appeared after I began using ssl certificates, especially in low memory/stress conditions.

openssl  version
OpenSSL 1.0.1i 6 Aug 2014
pcre-config --version
8.35
free -m
             total       used       free     shared    buffers     cached
Mem:          1011        937         73        296         11        463
-/+ buffers/cache:        462        548
Swap:         1375        392        983

Traces:

GNU gdb (Debian 7.7.1+dfsg-3) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i586-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/local/nginx-1.6.1-nopagespeed/sbin/nginx...done.
[New LWP 19233]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1".
Core was generated by `nginx: worker process      '.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  ngx_ssl_new_session (ssl_conn=0x8fbf3d8, sess=0x8fbb4f8) at src/event/ngx_event_openssl.c:1890
1890	    cache = shm_zone->data;
(gdb) bt full
#0  ngx_ssl_new_session (ssl_conn=0x8fbf3d8, sess=0x8fbb4f8) at src/event/ngx_event_openssl.c:1890
        len = 140
        p = 0xbf939c98 "\001"
        id = <optimized out>
        cached_sess = <optimized out>
        ssl_ctx = 0x8d4ed00
        shm_zone = 0x0
        c = 0xb051d628
        shpool = <optimized out>
        sess_id = <optimized out>
        cache = <optimized out>
        buf = "0\201\211\002\001\001\002\002\003\001\004\002\000\071\004 \211\016\070\031\201\061\253\031M\373\233Wj\303Z\217\b\341\b\n&*)\273\222\267\063\225\313B\217E\004\060\204\365ن\254`\bt\302\305%z\376\230\211\023\256k~\306\362E}g\rG\226@\250*\355\334\377\331*\336\305\362\231\313\360\022]a3\230C\372\241\006\002\004S\373\021U\242\004\002\002\002X\244\006\004\004HTTP\246\022\004\020egcdn.gazduit.ro\001\000\000\000\004", '\000' <repeats 11 times>, "\363\235\223\277\000\000\000 \000\000\000\000 $s\267X\237\223\277\065\211*\267\375\235\223\277@?\374\b@?\374\b\300?\374\b\270\271\373\b\215\237\031_"...
#1  0xb7637c7c in ?? () from /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0
No symbol table info available.
#2  0xb760f684 in ?? () from /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0
No symbol table info available.
#3  0xb763871d in SSL_do_handshake () from /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0
No symbol table info available.
#4  0x0806ef0e in ngx_ssl_handshake (c=0xb051d628) at src/event/ngx_event_openssl.c:785
        n = <optimized out>
        sslerr = <optimized out>
        err = <optimized out>
#5  0x0806f27c in ngx_ssl_handshake_handler (ev=0x8e758b8) at src/event/ngx_event_openssl.c:933
        c = 0xb051d628
#6  0x080642a2 in ngx_event_process_posted (cycle=0x8d413b8, posted=0x810694c <ngx_posted_events>) at src/event/ngx_event_posted.c:40
        ev = 0x8e758b8
#7  0x08063e83 in ngx_process_events_and_timers (cycle=0x8d413b8) at src/event/ngx_event.c:275
        flags = 3
        timer = <optimized out>
        delta = 443
#8  0x0806a558 in ngx_worker_process_cycle (cycle=0x8d413b8, data=0x1) at src/os/unix/ngx_process_cycle.c:816
        worker = <optimized out>
        i = <optimized out>
        c = <optimized out>
#9  0x08068fa0 in ngx_spawn_process (cycle=0x8d413b8, proc=0x806a493 <ngx_worker_process_cycle>, data=0x1, name=0x80c444a "worker process", respawn=1) at src/os/unix/ngx_process.c:198
        on = 1
        pid = 0
        s = 1
#10 0x0806b06c in ngx_reap_children (cycle=0x8d413b8) at src/os/unix/ngx_process_cycle.c:627
        i = <optimized out>
        live = 1
        n = <optimized out>
        ch = {command = 2, pid = 19219, slot = 1, fd = -1}
        ccf = <optimized out>
#11 ngx_master_process_cycle (cycle=<optimized out>) at src/os/unix/ngx_process_cycle.c:180
        title = <optimized out>
        p = <optimized out>
        size = <optimized out>
        i = <optimized out>
        n = <optimized out>
        sigio = 0
        set = {__val = {0 <repeats 32 times>}}
        itv = {it_interval = {tv_sec = 842261476, tv_usec = 170998070}, it_value = {tv_sec = -1217107664, tv_usec = 1}}
        live = <optimized out>
        delay = 0
        ls = <optimized out>
---Type <return> to continue, or q <return> to quit---
        ccf = 0x8d41c84
#12 0x0804de3e in main (argc=1, argv=0xbf93b174) at src/core/nginx.c:407
        i = <optimized out>
        log = <optimized out>
        cycle = 0x8d413b8
        init_cycle = {conf_ctx = 0x0, pool = 0x8d40cd0, log = 0x8104660 <ngx_log>, new_log = {log_level = 0, file = 0x0, connection = 0, handler = 0x0, data = 0x0, action = 0x0, next = 0x0}, log_use_stderr = 0, files = 0x0, 
          free_connections = 0x0, free_connection_n = 0, reusable_connections_queue = {prev = 0x0, next = 0x0}, listening = {elts = 0x0, nelts = 0, size = 0, nalloc = 0, pool = 0x0}, paths = {elts = 0x0, nelts = 0, size = 0, nalloc = 0, 
            pool = 0x0}, open_files = {last = 0x0, part = {elts = 0x0, nelts = 0, next = 0x0}, size = 0, nalloc = 0, pool = 0x0}, shared_memory = {last = 0x0, part = {elts = 0x0, nelts = 0, next = 0x0}, size = 0, nalloc = 0, 
            pool = 0x0}, connection_n = 0, files_n = 0, connections = 0x0, read_events = 0x0, write_events = 0x0, old_cycle = 0x0, conf_file = {len = 50, data = 0x8d40cf8 "\002"}, conf_param = {len = 0, data = 0x0}, conf_prefix = {
            len = 40, data = 0x8d40cf8 "\002"}, prefix = {len = 35, data = 0x80c0a58 "/usr/local/nginx-1.6.1-nopagespeed/"}, lock_file = {len = 0, data = 0x0}, hostname = {len = 0, data = 0x0}}
        ccf = <optimized out>

Another one:

Using host libthread_db library "/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1".
Core was generated by `nginx: worker process      '.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  ngx_ssl_new_session (ssl_conn=0x8d48c28, sess=0x8d49160) at src/event/ngx_event_openssl.c:1890
1890	    cache = shm_zone->data;
(gdb) bt full
#0  ngx_ssl_new_session (ssl_conn=0x8d48c28, sess=0x8d49160) at src/event/ngx_event_openssl.c:1890
        len = <error reading variable len (Cannot access memory at address 0xbf939be0)>
        p = 0xbf939c98 <error: Cannot access memory at address 0xbf939c98>
        id = <optimized out>
        cached_sess = <optimized out>
        ssl_ctx = <error reading variable ssl_ctx (Cannot access memory at address 0xbf939bf8)>
        shm_zone = 0x0
        c = <error reading variable c (Cannot access memory at address 0xbf939bf0)>
        shpool = <optimized out>
        sess_id = <optimized out>
        cache = <optimized out>
        buf = <error reading variable buf (Cannot access memory at address 0xbf939c0c)>
#1  0xb7637c7c in ?? () from /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0
No symbol table info available.
Cannot access memory at address 0xbf93ac6c

If there's anything else that I can help you tracking the problem, please let me know.

Thank you in advance,
Mike.

Change History (1)

comment:1 by Maxim Dounin, 10 years ago

Description: modified (diff)
Resolution: duplicate
Status: newclosed

From the backtrace it looks like duplicate of #235. Please try the workaround outlined there - i.e., configure the same ssl_session_cache for all SNI virtual hosts.

Note: See TracTickets for help on using tickets.