Opened 9 years ago
Closed 7 years ago
#788 closed defect (fixed)
Segfault with dynamic upstream and many SSI includes
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | nginx-core | Version: | 1.8.x |
| Keywords: | ssi proxy_pass resolver segfault | Cc: | jmueller@… |
| uname -a: | Linux ip-10-0-154-103 3.14.48-33.39.amzn1.x86_64 #1 SMP Tue Jul 14 23:43:07 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.8.0
built by gcc 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC) built with OpenSSL 1.0.1k-fips 8 Jan 2015 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --add-module=ngx_pagespeed-1.9.32.4-beta --add-module=srcache-nginx-module-0.30 --with-file-aio --with-ipv6 --with-http_spdy_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' |
||
Description
Hello,
we are using nginx to combine fragments from some upstream services. We have defined multiple locations which are doing proxy_pass to multiple upstream services. These services can return an html document with lots of SSI includes, which then refer to different other locations also configured in nginx, which again do proxy_pass to some other upstreams (example configuration attached). As we are hosting on AWS and are using elastic loadbalancers as upstreams we need to make use of the resolver (because of changing IP addresses).
Currently we experience issues when parsing a document with ~800 SSI includes (all referencing the same location and therefore the same upstream). The worker segfaults with a long stacktrace in ngx_http_finalize_connection (r=0x242b1d0) at src/http/ngx_http_request.c:2545 (stacktrace attached).
This doesn't happen when configuring the upstream without a variable.
In the debug log we see lots of resolver messages. I assume nginx is starting a resolver action for each of the includes, instead of relying on the cached response (TTL is 60s).
We tested with nginx 1.6.x (vanilla Amazon Linux), 1.8.0 (self-compiled with ngx_pagespeed), 1.9.4 (self-compiled with ngx_pagespeed)
Regards
Johannes Müller
Attachments (5)
Change History (11)
by , 9 years ago
| Attachment: | nginx_config.txt added |
|---|
comment:1 by , 9 years ago
please reproduce the issue without 3rd-party modules and attach full configuration (i.e. include SSI files).
comment:2 by , 9 years ago
| Status: | new → accepted |
|---|
comment:3 by , 9 years ago
I was able to reproduce the issue. I'm attaching here the patch which fixes it. Please try it and report the result.
by , 9 years ago
| Attachment: | posting-flag.patch added |
|---|
by , 7 years ago
| Attachment: | use-after-free.log added |
|---|
use-after-free -- ngx_http_run_posted_requests from ngx_http_upstream_resolve_handler
comment:6 by , 7 years ago
| Resolution: | → fixed |
|---|---|
| Status: | accepted → closed |
example configuration with two upstreams