Opened 8 years ago

Closed 8 years ago

#1177 closed defect (worksforme)

Segfault - Invalid pointer in ngx_ssl_shutdown > SSL_free > CRYPTO_free

Reported by: SjonHortensius@… Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.10.x
Keywords: segfault openssl Cc:
uname -a: Linux host 4.8.4 #1 SMP Tue Oct 25 07:46:33 UTC 2016 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.10.2
built with OpenSSL 1.0.2j 26 Sep 2016
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --sbin-path=/usr/bin/nginx --pid-path=/run/nginx.pid --lock-path=/run/lock/nginx.lock --user=http --group=http --http-log-path=/var/log/nginx/access.log --error-log-path=stderr --http-client-body-temp-path=/var/lib/nginx/client-body --http-proxy-temp-path=/var/lib/nginx/proxy --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-ipv6 --with-pcre-jit --with-file-aio --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_degradation_module --with-http_flv_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_ssl_module --with-threads

Description

This is not reproducable in any way that I know of; but after months of stability our nginx server (built with only official modules) suddenly exploded. Hopefully this report is of any use to you

*** Error in `nginx: worker process': free(): invalid pointer: 0x000056340993f680 ***
======= Backtrace: =========
/usr/lib/libc.so.6(+0x70c4b)[0x7f528b003c4b]
/usr/lib/libc.so.6(+0x76fe6)[0x7f528b009fe6]
/usr/lib/libc.so.6(+0x777de)[0x7f528b00a7de]
/usr/lib/libcrypto.so.1.0.0(CRYPTO_free+0x1d)[0x7f528b7e1a6d]
/usr/lib/libcrypto.so.1.0.0(ASN1_item_free+0x115)[0x7f528b8e3215]
/usr/lib/libcrypto.so.1.0.0(sk_pop_free+0x31)[0x7f528b8b5081]
/usr/lib/libssl.so.1.0.0(SSL_free+0x1a7)[0x7f528bc37f47]
nginx: worker process(ngx_ssl_shutdown+0xbe)[0x563406d95dbe]
nginx: worker process(ngx_http_close_connection+0x27)[0x563406da5487]
nginx: worker process(+0x4bdf4)[0x563406d90df4]
nginx: worker process(ngx_process_events_and_timers+0x62)[0x563406d87df2]
nginx: worker process(+0x49c77)[0x563406d8ec77]
nginx: worker process(ngx_spawn_process+0x17b)[0x563406d8d53b]
nginx: worker process(+0x49e78)[0x563406d8ee78]
nginx: worker process(ngx_master_process_cycle+0x2d3)[0x563406d8fb23]
nginx: worker process(main+0xab4)[0x563406d6a1c4]
/usr/lib/libc.so.6(__libc_start_main+0xf1)[0x7f528afb3291]
nginx: worker process(_start+0x2a)[0x563406d6a35a]
======= Memory map: ========
563406d45000-563406e43000 r-xp 00000000 fd:00 1068013                    /usr/bin/nginx
563407043000-563407045000 r--p 000fe000 fd:00 1068013                    /usr/bin/nginx
563407045000-563407063000 rw-p 00100000 fd:00 1068013                    /usr/bin/nginx
563407063000-563407082000 rw-p 00000000 00:00 0
563408b51000-56340a242000 rw-p 00000000 00:00 0                          [heap]
56340a242000-56340bb6b000 rw-p 00000000 00:00 0                          [heap]
7f5284000000-7f5284021000 rw-p 00000000 00:00 0
7f5284021000-7f5288000000 ---p 00000000 00:00 0
7f528894d000-7f5288963000 r-xp 00000000 fd:00 1084026                    /usr/lib/libgcc_s.so.1
7f5288963000-7f5288b62000 ---p 00016000 fd:00 1084026                    /usr/lib/libgcc_s.so.1
7f5288b62000-7f5288b63000 r--p 00015000 fd:00 1084026                    /usr/lib/libgcc_s.so.1
7f5288b63000-7f5288b64000 rw-p 00016000 fd:00 1084026                    /usr/lib/libgcc_s.so.1
7f5288b64000-7f5289564000 rw-s 00000000 00:05 59729624                   /dev/zero (deleted)
7f5289564000-7f5289f64000 rw-s 00000000 00:05 59729623                   /dev/zero (deleted)
7f5289f64000-7f528a964000 rw-s 00000000 00:05 59729622                   /dev/zero (deleted)
7f528a964000-7f528a978000 r-xp 00000000 fd:00 1084198                    /usr/lib/libresolv-2.24.so
7f528a978000-7f528ab77000 ---p 00014000 fd:00 1084198                    /usr/lib/libresolv-2.24.so
7f528ab77000-7f528ab78000 r--p 00013000 fd:00 1084198                    /usr/lib/libresolv-2.24.so
7f528ab78000-7f528ab79000 rw-p 00014000 fd:00 1084198                    /usr/lib/libresolv-2.24.so
7f528ab79000-7f528ab7b000 rw-p 00000000 00:00 0
7f528ab7b000-7f528ab80000 r-xp 00000000 fd:00 1084156                    /usr/lib/libnss_dns-2.24.so
7f528ab80000-7f528ad7f000 ---p 00005000 fd:00 1084156                    /usr/lib/libnss_dns-2.24.so
7f528ad7f000-7f528ad80000 r--p 00004000 fd:00 1084156                    /usr/lib/libnss_dns-2.24.so
7f528ad80000-7f528ad81000 rw-p 00005000 fd:00 1084156                    /usr/lib/libnss_dns-2.24.so
7f528ad81000-7f528ad8b000 r-xp 00000000 fd:00 1084157                    /usr/lib/libnss_files-2.24.so
7f528ad8b000-7f528af8b000 ---p 0000a000 fd:00 1084157                    /usr/lib/libnss_files-2.24.so
7f528af8b000-7f528af8c000 r--p 0000a000 fd:00 1084157                    /usr/lib/libnss_files-2.24.so
7f528af8c000-7f528af8d000 rw-p 0000b000 fd:00 1084157                    /usr/lib/libnss_files-2.24.so
7f528af8d000-7f528af93000 rw-p 00000000 00:00 0
7f528af93000-7f528b128000 r-xp 00000000 fd:00 1083975                    /usr/lib/libc-2.24.so
7f528b128000-7f528b327000 ---p 00195000 fd:00 1083975                    /usr/lib/libc-2.24.so
7f528b327000-7f528b32b000 r--p 00194000 fd:00 1083975                    /usr/lib/libc-2.24.so
7f528b32b000-7f528b32d000 rw-p 00198000 fd:00 1083975                    /usr/lib/libc-2.24.so
7f528b32d000-7f528b331000 rw-p 00000000 00:00 0
7f528b331000-7f528b361000 r-xp 00000000 fd:00 1083907                    /usr/lib/libGeoIP.so.1.6.9
7f528b361000-7f528b560000 ---p 00030000 fd:00 1083907                    /usr/lib/libGeoIP.so.1.6.9
7f528b560000-7f528b561000 r--p 0002f000 fd:00 1083907                    /usr/lib/libGeoIP.so.1.6.9
7f528b561000-7f528b563000 rw-p 00030000 fd:00 1083907                    /usr/lib/libGeoIP.so.1.6.9
7f528b563000-7f528b578000 r-xp 00000000 fd:00 1081462                    /usr/lib/libz.so.1.2.8
7f528b578000-7f528b777000 ---p 00015000 fd:00 1081462                    /usr/lib/libz.so.1.2.8
7f528b777000-7f528b778000 r--p 00014000 fd:00 1081462                    /usr/lib/libz.so.1.2.8
7f528b778000-7f528b779000 rw-p 00015000 fd:00 1081462                    /usr/lib/libz.so.1.2.8

Change History (2)

comment:1 by Maxim Dounin, 8 years ago

Unfortunately, the trace provided is mostly useless: it just states that something went wrong while closing a connection, but doesn't explain why. It might be helpful to see configuration details as well as debugging log.

comment:2 by Maxim Dounin, 8 years ago

Resolution: worksforme
Status: newclosed

Feedback timeout.

Note: See TracTickets for help on using tickets.