Segfault in nginx-1.9.2 with ssl and spdy module
nginx -V
nginx version: nginx/1.9.2
built by gcc 4.4.6 20110731 (Red Hat 4.4.6-3) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --user=nginx --group=nginx
–prefix=/usr/local/nginx
–sbin-path=/usr/local/nginx/sbin/nginx
–conf-path=/usr/local/nginx/conf/nginx.conf --with-http_ssl_module
–with-http_gzip_static_module --with-http_stub_status_module
–with-http_realip_module --with-debug --with-ipv6
–with-http_spdy_module
–add-module=/home/buildbot/rpm//BUILD/lua-nginx-module-0.9.16
–add-module=/home/buildbot/rpm//BUILD/ngx_devel_kit-0.2.14
gdb nginx nginx.core
GNU gdb (GDB) Red Hat Enterprise Linux (7.2-60.el6_4.1)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type “show
copying”
and “show warranty” for details.
This GDB was configured as “x86_64-redhat-linux-gnu”.
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/…
Reading symbols from /usr/local/nginx/sbin/nginx…done.
[New Thread 24331]
…
#0 ngx_http_spdy_close_stream_handler (ev=0x754eb58) at
src/http/ngx_http_spdy.c:3353
3353 src/http/ngx_http_spdy.c: No such file or directory.
in src/http/ngx_http_spdy.c
Missing separate debuginfos, use: debuginfo-install
nginx-rb-1.9.52-1.x86_64
(gdb) directory nginx-1.9.2
Source directories searched: nginx-1.9.2:$cdir:$cwd
(gdb) bt
#0 ngx_http_spdy_close_stream_handler (ev=0x754eb58) at
src/http/ngx_http_spdy.c:3353
#1 0x0000000000482562 in ngx_http_spdy_write_handler (wev=) at src/http/ngx_http_spdy.c:649
#2 0x0000000000435f26 in ngx_event_process_posted (cycle=0xcc6a20,
posted=0x76fcd0) at src/event/ngx_event_posted.c:33
#3 0x000000000043ce85 in ngx_worker_process_cycle (cycle=0xcc6a20,
data=) at src/os/unix/ngx_process_cycle.c:769
#4 0x000000000043b234 in ngx_spawn_process (cycle=0xcc6a20,
proc=0x43cdb0
<ngx_worker_process_cycle>, data=0x10, name=0x4f98b3 “worker process”,
respawn=-4) at src/os/unix/ngx_process.c:198
#5 0x000000000043c1cc in ngx_start_worker_processes (cycle=0xcc6a20,
n=23,
type=-4) at src/os/unix/ngx_process_cycle.c:358
#6 0x000000000043dbd8 in ngx_master_process_cycle (cycle=0xcc6a20) at
src/os/unix/ngx_process_cycle.c:243
#7 0x000000000041b856 in main (argc=, argv=) at src/core/nginx.c:415
(gdb) list
3348 ngx_http_request_t *r;
3349
3350 fc = ev->data;
3351 r = fc->data;
3352
3353 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
3354 “spdy close stream handler”);
3355
3356 ngx_http_spdy_close_stream(r->spdy_stream, 0);
3357 }
(gdb) p r
$1 = (ngx_http_request_t *) 0x0
(gdb) p fc
$2 = (ngx_connection_t *) 0x754ea20
(gdb) p *fc
$3 = {data = 0x0, read = 0x754eaf8, write = 0x754eb58, fd = 1041, recv =
0x4424e0 <ngx_ssl_recv>, send = 0x441e90 <ngx_ssl_write>, recv_chain =
0x442990 <ngx_ssl_recv_chain>, send_chain = 0x484830
<ngx_http_spdy_send_chain>, listening = 0xcc6f00, sent = 16770,
log = 0x754ebb8, pool = 0x1edb9a0, sockaddr = 0x1edb9f0, socklen = 16,
addr_text = {len = 11, data = 0x1edba50 “83.149.9.264”},
proxy_protocol_addr
= {len = 0, data = 0x0}, ssl = 0x53307b8, local_sockaddr = 0xe773e0,
local_socklen = 16, buffer = 0x0, queue = {
prev = 0x0, next = 0x0}, number = 68976568, requests = 7, buffered =
2,
log_error = 2, unexpected_eof = 0, timedout = 0, error = 1, destroyed =
1,
idle = 0, reusable = 0, close = 0, sendfile = 1, sndlowat = 1,
tcp_nodelay =
2, tcp_nopush = 0, need_last_buf = 1}
(gdb) p ev
$4 = (ngx_event_t *) 0x754eb58
(gdb) p *ev
$5 = {data = 0x754ea20, write = 1, accept = 0, instance = 0, active = 0,
disabled = 0, ready = 1, oneshot = 0, complete = 0, eof = 0, error = 0,
timedout = 0, timer_set = 0, delayed = 0, deferred_accept = 0,
pending_eof =
0, posted = 0, closed = 0, channel = 0,
resolver = 0, cancelable = 0, available = 0, handler = 0x47ed90
<ngx_http_spdy_close_stream_handler>, index = 0, log = 0x754ebb8, timer
{key = 0, left = 0x0, right = 0x0, parent = 0x0, color = 0 ‘\000’, data
= 0
‘\000’}, queue = {prev = 0x0, next = 0x0}}
(gdb) f 1
#1 0x0000000000482562 in ngx_http_spdy_write_handler (wev=) at src/http/ngx_http_spdy.c:649
649 wev->handler(wev);
(gdb) list
644
645 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
646 “run spdy stream %ui”, stream->id);
647
648 wev = stream->request->connection->write;
649 wev->handler(wev);
650 }
651
652 sc->blocked = 0;
653
(gdb) p wev
$6 =
(gdb) p stream
$7 = (ngx_http_spdy_stream_t *) 0x66a7150
(gdb) p *stream
$8 = {id = 13, request = 0x66a64c0, connection = 0x39861e0, index = 0x0,
header_buffers = 0, queued = 0, send_window = 40500, recv_window =
2147483647, free_frames = 0x10ec518, free_data_headers = 0x10ec558,
free_bufs = 0x10ec4b8, queue = {prev = 0x0, next = 0x0},
priority = 4, handled = 0, blocked = 0, exhausted = 0, in_closed = 1,
out_closed = 1, skip_data = 1}
(gdb) p stream->request
$9 = (ngx_http_request_t *) 0x66a64c0
(gdb) p *stream->request
$10 = {signature = 1347703880, connection = 0x754ea20, ctx = 0x66a6df8,
main_conf = 0xcc76e0, srv_conf = 0xd2a178, loc_conf = 0xd3a0c0,
read_event_handler = 0x454ee0 <ngx_http_test_reading>,
write_event_handler =
0x4521f0 <ngx_http_terminate_handler>, cache = 0x0,
upstream = 0x0, upstream_states = 0x0, pool = 0x0, header_in =
0x66a7100,
headers_in = {headers = {last = 0x66a6530, part = {elts = 0x10ebb50,
nelts =
5, next = 0x0}, size = 48, nalloc = 20, pool = 0x66a6470}, host =
0x10ebb50,
connection = 0x0,
if_modified_since = 0x0, if_unmodified_since = 0x0, if_match = 0x0,
if_none_match = 0x0, user_agent = 0x10ebc10, referer = 0x0,
content_length =
0x0, content_type = 0x0, range = 0x0, if_range = 0x0, transfer_encoding
0x0, expect = 0x0, upgrade = 0x0,
accept_encoding = 0x10ebbb0, via = 0x0, authorization = 0x0,
keep_alive
= 0x0, x_forwarded_for = {elts = 0x0, nelts = 0, size = 0, nalloc = 0,
pool
= 0x0}, x_real_ip = 0x0, user = {len = 0, data = 0x0}, passwd = {len =
0,
data = 0x0}, cookies = {elts = 0x66a71c0,
nelts = 0, size = 8, nalloc = 2, pool = 0x66a6470}, server = {len
11, data = 0x10eb761 “r.mradx.net”}, content_length_n = -1, keep_alive_n
-1, connection_type = 1, chunked = 0, msie = 0, msie6 = 0, opera = 0,
gecko
= 0, chrome = 0, safari = 0, konqueror = 0},
headers_out = {headers = {last = 0x66a66a0, part = {elts = 0x66a6a38,
nelts = 4, next = 0x0}, size = 48, nalloc = 20, pool = 0x66a6470},
status =
200, status_line = {len = 0, data = 0x0}, server = 0x0, date = 0x0,
content_length = 0x0, content_encoding = 0x0,
location = 0x0, refresh = 0x0, last_modified = 0x0, content_range =
0x0,
accept_ranges = 0x66a6ac8, www_authenticate = 0x0, expires = 0x66a6a68,
etag
= 0x66a6a38, override_charset = 0x0, content_type_len = 10, content_type
{len = 10,
data = 0xd84f60 “image/jpeg”}, charset = {len = 0, data = 0x0},
content_type_lowcase = 0x0, content_type_hash = 0, cache_control = {elts
0x66a7468, nelts = 1, size = 8, nalloc = 1, pool = 0x66a6470},
content_length_n = 25036, date_time = 0,
last_modified_time = 1434536173}, request_body = 0x0, lingering_time
0, start_sec = 1435303301, start_msec = 143, method = 2, http_version =
1001, request_line = {len = 0, data = 0x66a71d0 “GET /img/BA/1F3F84.jpg
HTTP/1.1”}, uri = {len = 18,
data = 0x10eb78b “/img/BA/1F3F84.jpg”}, args = {len = 0, data =
0x0},
exten = {len = 3, data = 0x10eb79a “jpg”}, unparsed_uri = {len = 18,
data =
0x10eb78b “/img/BA/1F3F84.jpg”}, method_name = {len = 3, data =
0x66a71d0
“GET /img/BA/1F3F84.jpg HTTP/1.1”},
http_protocol = {len = 8, data = 0x10eb7c1 “HTTP/1.1”}, out = 0x0,
main =
0x66a64c0, parent = 0x0, postponed = 0x0, post_subrequest = 0x0,
posted_requests = 0x0, phase_handler = 18, content_handler = 0,
access_code
= 0, variables = 0x66a6fa0, ncaptures = 0,
captures = 0x66a71f0, captures_data = 0x0, limit_rate = 0,
limit_rate_after = 0, header_size = 386, request_length = 301,
err_status =
0, http_connection = 0x5330770, spdy_stream = 0x66a7150, log_handler =
0x452510 <ngx_http_log_error_handler>, cleanup = 0x0,
subrequests = 201, count = 0, blocked = 0, aio = 0, http_state = 6,
complex_uri = 0, quoted_uri = 0, plus_in_uri = 0, space_in_uri = 0,
invalid_header = 0, add_uri_to_alias = 0, valid_location = 1,
valid_unparsed_uri = 1, uri_changed = 0, uri_changes = 11,
request_body_in_single_buf = 0, request_body_in_file_only = 0,
request_body_in_persistent_file = 0, request_body_in_clean_file = 0,
request_body_file_group_access = 0, request_body_file_log_level = 5,
request_body_no_buffering = 0, subrequest_in_memory = 0,
waited = 0, cached = 0, gzip_tested = 0, gzip_ok = 0, gzip_vary = 0,
proxy
= 0, bypass_cache = 0, no_cache = 0, limit_conn_set = 0, limit_req_set =
0,
pipeline = 0, chunked = 0, header_only = 0, keepalive = 0,
lingering_close =
0, discard_body = 0, reading_body = 0,
internal = 0, error_page = 0, filter_finalize = 0, post_action = 0,
request_complete = 0, request_output = 1, header_sent = 1, expect_tested
0, root_tested = 1, done = 0, logged = 0, buffered = 0,
main_filter_need_in_memory = 1, filter_need_in_memory = 0,
filter_need_temporary = 0, allow_ranges = 1, single_range = 0,
disable_not_modified = 0, stat_reading = 0, stat_writing = 1, state = 0,
header_hash = 3194399592611459, lowcase_index = 18446744073709551615,
lowcase_header = ‘\000’ <repeats 31 times>,
header_name_start = 0x10eb81b “user-agent”, header_name_end =
0x10eb825
“”, header_start = 0x10eb829 “CFNetwork/711.3.18 Darwin/14.0.0”,
header_end
= 0x10eb861 “”, uri_start = 0x66a64c0 “HTTP”, uri_end = 0x0, uri_ext =
0x10eb79a “jpg”,
args_start = 0x0, request_start = 0x0, request_end = 0x0, method_end =
0x0, schema_start = 0x10eb7ac “https”, schema_end = 0x10eb7b1 “”,
host_start
= 0x0, host_end = 0x0, port_start = 0x0, port_end = 0x0, http_minor = 1,
http_major = 1, content_start_sec = 0,
content_start_msec = 0, content_end_sec = 0, content_end_msec = 0,
gzip_process = 0, gzip_start_sec = 0, gzip_start_msec = 0, gzip_end_sec
= 0,
gzip_end_msec = 0}
(gdb) p stream->request->connection
$11 = (ngx_connection_t *) 0x754ea20
(gdb) p *stream->request->connection
$12 = {data = 0x0, read = 0x754eaf8, write = 0x754eb58, fd = 1041, recv
0x4424e0 <ngx_ssl_recv>, send = 0x441e90 <ngx_ssl_write>, recv_chain =
0x442990 <ngx_ssl_recv_chain>, send_chain = 0x484830
<ngx_http_spdy_send_chain>, listening = 0xcc6f00, sent = 16770,
log = 0x754ebb8, pool = 0x1edb9a0, sockaddr = 0x1edb9f0, socklen = 16,
addr_text = {len = 11, data = 0x1edba50 “83.149.9.264”},
proxy_protocol_addr
= {len = 0, data = 0x0}, ssl = 0x53307b8, local_sockaddr = 0xe773e0,
local_socklen = 16, buffer = 0x0, queue = {
prev = 0x0, next = 0x0}, number = 68976568, requests = 7, buffered =
2,
log_error = 2, unexpected_eof = 0, timedout = 0, error = 1, destroyed =
1,
idle = 0, reusable = 0, close = 0, sendfile = 1, sndlowat = 1,
tcp_nodelay =
2, tcp_nopush = 0, need_last_buf = 1}
(gdb) p stream->request->connection->write
$13 = (ngx_event_t *) 0x754eb58
(gdb) p *stream->request->connection->write
$14 = {data = 0x754ea20, write = 1, accept = 0, instance = 0, active =
0,
disabled = 0, ready = 1, oneshot = 0, complete = 0, eof = 0, error = 0,
timedout = 0, timer_set = 0, delayed = 0, deferred_accept = 0,
pending_eof =
0, posted = 0, closed = 0, channel = 0,
resolver = 0, cancelable = 0, available = 0, handler = 0x47ed90
<ngx_http_spdy_close_stream_handler>, index = 0, log = 0x754ebb8, timer
{key = 0, left = 0x0, right = 0x0, parent = 0x0, color = 0 ‘\000’, data
= 0
‘\000’}, queue = {prev = 0x0, next = 0x0}}
(gdb)
Posted at Nginx Forum: