Opened 13 years ago

Closed 13 years ago

Last modified 13 years ago

#54 closed defect (fixed)

SEGFAULT in 1.0.9

Reported by: www.google.com/accounts/o8/id?id=AItOawlrkCvTFNQql78chIYueQX_3DBjOlJsesQ Owned by: somebody
Priority: major Milestone:
Component: nginx-core Version: 1.0.x
Keywords: worker coredump, signal 11, segfault in ssl Cc:
uname -a: FreeBSD hst000.vps 8.2-RELEASE-p3 FreeBSD 8.2-RELEASE-p3 #0: Tue Sep 27 18:45:57 UTC 2011 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
nginx -V: nginx: nginx version: nginx/1.0.10
nginx: TLS SNI support enabled
nginx: configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/httpd/nginx-error.log --user=www --group=www --with-debug --with-file-aio --with-ipv6 --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/httpd/nginx-access.log --with-http_addition_module --add-module=/var/ports/basejail/usr/ports/www/nginx/work/ngx_http_auth_pam_module-1.2 --add-module=/var/ports/basejail/usr/ports/www/nginx/work/ngx_cache_purge-1.4 --add-module=/var/ports/basejail/usr/ports/www/nginx/work/agentzh-echo-nginx-module-13dd12f --add-module=/var/ports/basejail/usr/ports/www/nginx/work/agentzh-headers-more-nginx-module-137855d --add-module=/var/ports/basejail/usr/ports/www/nginx/work/ngx-fancyindex-0.3.1 --with-http_flv_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --add-module=/var/ports/basejail/usr/ports/www/nginx/work/ngx_http_subs_filter_module-0.5.2.r45 --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_xslt_module --add-module=/var/ports/basejail/usr/ports/www/nginx/work/agentzh-chunkin-nginx-module-b0a3ee3 --with-pcre

Description

Segmentation faults in worker processes since 1.0.9 version.
nginx configuration is the same as in 1.0.8.
1.0.10 version same behavior as 1.0.9

In debug log and backtraces looks like SSL issue. (see in attachment)

openssl version
OpenSSL 0.9.8q 2 Dec 2010 (FreeBSD 8.2-RELEASE bundled)

nginx made from ports.
Compiller options:
CPUTYPE?=native
CFLAGS= -O2 -fno-strict-aliasing -pipe

Snip from error log:
2011/11/17 10:20:05 [notice] 41539#0: signal 23 (SIGIO) received
2011/11/17 10:20:05 [notice] 41539#0: signal 23 (SIGIO) received
2011/11/17 10:20:50 [notice] 41539#0: signal 20 (SIGCHLD) received
2011/11/17 10:20:50 [alert] 41539#0: worker process 41543 exited on signal 11 (core dumped)
2011/11/17 10:20:50 [notice] 41539#0: start worker process 41565
2011/11/17 10:20:50 [notice] 41539#0: signal 23 (SIGIO) received
2011/11/17 10:20:50 [notice] 41539#0: signal 23 (SIGIO) received
2011/11/17 10:20:50 [notice] 41539#0: signal 23 (SIGIO) received
2011/11/17 10:20:51 [notice] 41539#0: signal 20 (SIGCHLD) received
2011/11/17 10:20:51 [alert] 41539#0: worker process 41541 exited on signal 11 (core dumped)
2011/11/17 10:20:51 [notice] 41539#0: start worker process 41566
2011/11/17 10:20:51 [notice] 41539#0: signal 23 (SIGIO) received
2011/11/17 10:20:51 [notice] 41539#0: signal 23 (SIGIO) received
2011/11/17 10:20:51 [notice] 41539#0: signal 23 (SIGIO) received

Attachments (6)

bt.txt (1.8 KB ) - added by www.google.com/accounts/o8/id?id=AItOawlrkCvTFNQql78chIYueQX_3DBjOlJsesQ 13 years ago.
backtrace
backtrace_full.txt (5.5 KB ) - added by www.google.com/accounts/o8/id?id=AItOawlrkCvTFNQql78chIYueQX_3DBjOlJsesQ 13 years ago.
Full backtrace
debug.log (31.4 KB ) - added by www.google.com/accounts/o8/id?id=AItOawlrkCvTFNQql78chIYueQX_3DBjOlJsesQ 13 years ago.
Debug log
nginx.conf (4.1 KB ) - added by www.google.com/accounts/o8/id?id=AItOawlrkCvTFNQql78chIYueQX_3DBjOlJsesQ 13 years ago.
main config
website.conf (9.4 KB ) - added by www.google.com/accounts/o8/id?id=AItOawlrkCvTFNQql78chIYueQX_3DBjOlJsesQ 13 years ago.
and another one from include dir
patch-nginx-ssl.txt (2.0 KB ) - added by Maxim Dounin 13 years ago.

Download all attachments as: .zip

Change History (13)

by www.google.com/accounts/o8/id?id=AItOawlrkCvTFNQql78chIYueQX_3DBjOlJsesQ, 13 years ago

Attachment: bt.txt added

backtrace

by www.google.com/accounts/o8/id?id=AItOawlrkCvTFNQql78chIYueQX_3DBjOlJsesQ, 13 years ago

Attachment: backtrace_full.txt added

Full backtrace

by www.google.com/accounts/o8/id?id=AItOawlrkCvTFNQql78chIYueQX_3DBjOlJsesQ, 13 years ago

Attachment: debug.log added

Debug log

comment:1 by Maxim Dounin, 13 years ago

Status: newaccepted

Could you please show nginx configuration?

by www.google.com/accounts/o8/id?id=AItOawlrkCvTFNQql78chIYueQX_3DBjOlJsesQ, 13 years ago

Attachment: nginx.conf added

main config

by www.google.com/accounts/o8/id?id=AItOawlrkCvTFNQql78chIYueQX_3DBjOlJsesQ, 13 years ago

Attachment: website.conf added

and another one from include dir

in reply to:  1 comment:2 by www.google.com/accounts/o8/id?id=AItOawlrkCvTFNQql78chIYueQX_3DBjOlJsesQ, 13 years ago

Replying to mdounin:

Could you please show nginx configuration?

Added 2 configs.

by Maxim Dounin, 13 years ago

Attachment: patch-nginx-ssl.txt added

comment:3 by Maxim Dounin, 13 years ago

Attached patch should fix this.

Workaround is to define ssl_certificate inside all servers listening on ssl sockets (website.com.ua causes problem in your case as it doesn't have ssl_certificate defined).

comment:4 by www.google.com/accounts/o8/id?id=AItOawlrkCvTFNQql78chIYueQX_3DBjOlJsesQ, 13 years ago

Problem solved by defining ssl_certificate for server with ssl context.
Patch will try later.

Thanks, Maxim.

Regards,
Bogdan Potishuk

comment:5 by Maxim Dounin, 13 years ago

In [4305/nginx]:

Fixed segfault on ssl servers without cert with SNI (ticket #54).

Non-default servers may not have ssl context created if there are no
certificate defined. Make sure to check if ssl context present before
using it.

comment:6 by Maxim Dounin, 13 years ago

Resolution: fixed
Status: acceptedclosed

Fix committed, thanks.

comment:7 by Maxim Dounin, 13 years ago

In [4365/nginx]:

Merge of r4305:

Fixed segfault on ssl servers without cert with SNI (ticket #54).

Non-default servers may not have ssl context created if there are no
certificate defined. Make sure to check if ssl context present before
using it.

Note: See TracTickets for help on using tickets.