Opened 8 years ago
Closed 8 years ago
#1177 closed defect (worksforme)
Segfault - Invalid pointer in ngx_ssl_shutdown > SSL_free > CRYPTO_free
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-core | Version: | 1.10.x |
Keywords: | segfault openssl | Cc: | |
uname -a: | Linux host 4.8.4 #1 SMP Tue Oct 25 07:46:33 UTC 2016 x86_64 GNU/Linux | ||
nginx -V: |
nginx version: nginx/1.10.2
built with OpenSSL 1.0.2j 26 Sep 2016 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --sbin-path=/usr/bin/nginx --pid-path=/run/nginx.pid --lock-path=/run/lock/nginx.lock --user=http --group=http --http-log-path=/var/log/nginx/access.log --error-log-path=stderr --http-client-body-temp-path=/var/lib/nginx/client-body --http-proxy-temp-path=/var/lib/nginx/proxy --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-ipv6 --with-pcre-jit --with-file-aio --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_degradation_module --with-http_flv_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_ssl_module --with-threads |
Description
This is not reproducable in any way that I know of; but after months of stability our nginx server (built with only official modules) suddenly exploded. Hopefully this report is of any use to you
*** Error in `nginx: worker process': free(): invalid pointer: 0x000056340993f680 *** ======= Backtrace: ========= /usr/lib/libc.so.6(+0x70c4b)[0x7f528b003c4b] /usr/lib/libc.so.6(+0x76fe6)[0x7f528b009fe6] /usr/lib/libc.so.6(+0x777de)[0x7f528b00a7de] /usr/lib/libcrypto.so.1.0.0(CRYPTO_free+0x1d)[0x7f528b7e1a6d] /usr/lib/libcrypto.so.1.0.0(ASN1_item_free+0x115)[0x7f528b8e3215] /usr/lib/libcrypto.so.1.0.0(sk_pop_free+0x31)[0x7f528b8b5081] /usr/lib/libssl.so.1.0.0(SSL_free+0x1a7)[0x7f528bc37f47] nginx: worker process(ngx_ssl_shutdown+0xbe)[0x563406d95dbe] nginx: worker process(ngx_http_close_connection+0x27)[0x563406da5487] nginx: worker process(+0x4bdf4)[0x563406d90df4] nginx: worker process(ngx_process_events_and_timers+0x62)[0x563406d87df2] nginx: worker process(+0x49c77)[0x563406d8ec77] nginx: worker process(ngx_spawn_process+0x17b)[0x563406d8d53b] nginx: worker process(+0x49e78)[0x563406d8ee78] nginx: worker process(ngx_master_process_cycle+0x2d3)[0x563406d8fb23] nginx: worker process(main+0xab4)[0x563406d6a1c4] /usr/lib/libc.so.6(__libc_start_main+0xf1)[0x7f528afb3291] nginx: worker process(_start+0x2a)[0x563406d6a35a] ======= Memory map: ======== 563406d45000-563406e43000 r-xp 00000000 fd:00 1068013 /usr/bin/nginx 563407043000-563407045000 r--p 000fe000 fd:00 1068013 /usr/bin/nginx 563407045000-563407063000 rw-p 00100000 fd:00 1068013 /usr/bin/nginx 563407063000-563407082000 rw-p 00000000 00:00 0 563408b51000-56340a242000 rw-p 00000000 00:00 0 [heap] 56340a242000-56340bb6b000 rw-p 00000000 00:00 0 [heap] 7f5284000000-7f5284021000 rw-p 00000000 00:00 0 7f5284021000-7f5288000000 ---p 00000000 00:00 0 7f528894d000-7f5288963000 r-xp 00000000 fd:00 1084026 /usr/lib/libgcc_s.so.1 7f5288963000-7f5288b62000 ---p 00016000 fd:00 1084026 /usr/lib/libgcc_s.so.1 7f5288b62000-7f5288b63000 r--p 00015000 fd:00 1084026 /usr/lib/libgcc_s.so.1 7f5288b63000-7f5288b64000 rw-p 00016000 fd:00 1084026 /usr/lib/libgcc_s.so.1 7f5288b64000-7f5289564000 rw-s 00000000 00:05 59729624 /dev/zero (deleted) 7f5289564000-7f5289f64000 rw-s 00000000 00:05 59729623 /dev/zero (deleted) 7f5289f64000-7f528a964000 rw-s 00000000 00:05 59729622 /dev/zero (deleted) 7f528a964000-7f528a978000 r-xp 00000000 fd:00 1084198 /usr/lib/libresolv-2.24.so 7f528a978000-7f528ab77000 ---p 00014000 fd:00 1084198 /usr/lib/libresolv-2.24.so 7f528ab77000-7f528ab78000 r--p 00013000 fd:00 1084198 /usr/lib/libresolv-2.24.so 7f528ab78000-7f528ab79000 rw-p 00014000 fd:00 1084198 /usr/lib/libresolv-2.24.so 7f528ab79000-7f528ab7b000 rw-p 00000000 00:00 0 7f528ab7b000-7f528ab80000 r-xp 00000000 fd:00 1084156 /usr/lib/libnss_dns-2.24.so 7f528ab80000-7f528ad7f000 ---p 00005000 fd:00 1084156 /usr/lib/libnss_dns-2.24.so 7f528ad7f000-7f528ad80000 r--p 00004000 fd:00 1084156 /usr/lib/libnss_dns-2.24.so 7f528ad80000-7f528ad81000 rw-p 00005000 fd:00 1084156 /usr/lib/libnss_dns-2.24.so 7f528ad81000-7f528ad8b000 r-xp 00000000 fd:00 1084157 /usr/lib/libnss_files-2.24.so 7f528ad8b000-7f528af8b000 ---p 0000a000 fd:00 1084157 /usr/lib/libnss_files-2.24.so 7f528af8b000-7f528af8c000 r--p 0000a000 fd:00 1084157 /usr/lib/libnss_files-2.24.so 7f528af8c000-7f528af8d000 rw-p 0000b000 fd:00 1084157 /usr/lib/libnss_files-2.24.so 7f528af8d000-7f528af93000 rw-p 00000000 00:00 0 7f528af93000-7f528b128000 r-xp 00000000 fd:00 1083975 /usr/lib/libc-2.24.so 7f528b128000-7f528b327000 ---p 00195000 fd:00 1083975 /usr/lib/libc-2.24.so 7f528b327000-7f528b32b000 r--p 00194000 fd:00 1083975 /usr/lib/libc-2.24.so 7f528b32b000-7f528b32d000 rw-p 00198000 fd:00 1083975 /usr/lib/libc-2.24.so 7f528b32d000-7f528b331000 rw-p 00000000 00:00 0 7f528b331000-7f528b361000 r-xp 00000000 fd:00 1083907 /usr/lib/libGeoIP.so.1.6.9 7f528b361000-7f528b560000 ---p 00030000 fd:00 1083907 /usr/lib/libGeoIP.so.1.6.9 7f528b560000-7f528b561000 r--p 0002f000 fd:00 1083907 /usr/lib/libGeoIP.so.1.6.9 7f528b561000-7f528b563000 rw-p 00030000 fd:00 1083907 /usr/lib/libGeoIP.so.1.6.9 7f528b563000-7f528b578000 r-xp 00000000 fd:00 1081462 /usr/lib/libz.so.1.2.8 7f528b578000-7f528b777000 ---p 00015000 fd:00 1081462 /usr/lib/libz.so.1.2.8 7f528b777000-7f528b778000 r--p 00014000 fd:00 1081462 /usr/lib/libz.so.1.2.8 7f528b778000-7f528b779000 rw-p 00015000 fd:00 1081462 /usr/lib/libz.so.1.2.8
Note:
See TracTickets
for help on using tickets.
Unfortunately, the trace provided is mostly useless: it just states that something went wrong while closing a connection, but doesn't explain why. It might be helpful to see configuration details as well as debugging log.