Coredump on googlebot while using resolver

[cuper6]

senginx 1.6.2
Using resolver causes crash.

Config lines:
...
resolver 127.0.0.1 valid=48h;
resolver_timeout 5s;

# searchengines hostnames detected by reversed DNS lookup
whitelist_ua $ua_searchengines
{
      "google" ".*\.google\.com";
      "googlebot" ".*\.googlebot\.com";
}

...

coredump info:

GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/...
Reading symbols from /usr/local/senginx/sbin/senginx...done.
[New LWP 13063]

warning: Can't read pathname for load map: Input/output error.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `nginx: worker process '.
Program terminated with signal 11, Segmentation fault.
#0 ngx_palloc (pool=0x0, size=size@entry=88) at src/core/ngx_palloc.c:125

125 if (size <= pool->max) {
(gdb) bt
#0 ngx_palloc (pool=0x0, size=size@entry=88) at src/core/ngx_palloc.c:125
#1 0x000000000040a0d7 in ngx_pcalloc (pool=, size=size@entry=88) at src/core/ngx_palloc.c:304
#2 0x0000000000470044 in ngx_http_rewrite_handler (r=0xdb8af0) at src/http/modules/ngx_http_rewrite_module.c:187
#3 0x0000000000437f2f in ngx_http_core_rewrite_phase (r=0xdb8af0, ph=0xdcfc70) at src/http/ngx_http_core_module.c:967
#4 0x0000000000433da3 in ngx_http_core_run_phases (r=r@entry=0xdb8af0) at src/http/ngx_http_core_module.c:913
#5 0x00000000004b5dc1 in ngx_http_wl_resolve_addr_handler (ctx=0xda00d0) at /usr/local/src/senginx-1.6.2/neusoft/ngx_http_whitelist/ngx_http_whitelist.c:464
#6 0x000000000041c2ec in ngx_resolver_process_ptr (nan=, code=0, ident=, n=26, buf=0x7fff788bad20 "cā\200", r=0xc73580)

at src/core/ngx_resolver.c:2243

#7 ngx_resolver_process_response (n=26, buf=0x7fff788bad20 "cā\200", r=0xc73580) at src/core/ngx_resolver.c:1377
#8 ngx_resolver_read_response (rev=0xdd5870) at src/core/ngx_resolver.c:1240
#9 0x0000000000429933 in ngx_epoll_process_events (cycle=0xc551b0, timer=, flags=) at src/event/modules/ngx_epoll_module.c:691
#10 0x000000000042046a in ngx_process_events_and_timers (cycle=cycle@entry=0xc551b0) at src/event/ngx_event.c:248
#11 0x00000000004279dd in ngx_worker_process_cycle (cycle=cycle@entry=0xc551b0, data=data@entry=0x1) at src/os/unix/ngx_process_cycle.c:851
#12 0x0000000000425f4b in ngx_spawn_process (cycle=cycle@entry=0xc551b0, proc=proc@entry=0x4278ee <ngx_worker_process_cycle>, data=data@entry=0x1,

name=name@entry=0x4c706b "worker process", respawn=respawn@entry=-3) at src/os/unix/ngx_process.c:198

#13 0x0000000000426ca5 in ngx_start_worker_processes (cycle=cycle@entry=0xc551b0, n=4, type=type@entry=-3) at src/os/unix/ngx_process_cycle.c:398
#14 0x0000000000428806 in ngx_master_process_cycle (cycle=cycle@entry=0xc551b0) at src/os/unix/ngx_process_cycle.c:160
#15 0x0000000000408a3f in main (argc=, argv=) at src/core/nginx.c:407

(gdb) backtrace full
#0 ngx_palloc (pool=0x0, size=size@entry=88) at src/core/ngx_palloc.c:125

    m = <optimized out>
    p = <optimized out>

#1 0x000000000040a0d7 in ngx_pcalloc (pool=, size=size@entry=88) at src/core/ngx_palloc.c:304

    p = <optimized out>

#2 0x0000000000470044 in ngx_http_rewrite_handler (r=0xdb8af0) at src/http/modules/ngx_http_rewrite_module.c:187

    index = <optimized out>
    code = <optimized out>
    e = <optimized out>
    cscf = <optimized out>
    cmcf = <optimized out>
    rlcf = 0xc7fa18

#3 0x0000000000437f2f in ngx_http_core_rewrite_phase (r=0xdb8af0, ph=0xdcfc70) at src/http/ngx_http_core_module.c:967

    rc = <optimized out>

#4 0x0000000000433da3 in ngx_http_core_run_phases (r=r@entry=0xdb8af0) at src/http/ngx_http_core_module.c:913

    rc = <optimized out>
    ph = 0xdcfbe0
    cmcf = <optimized out>

#5 0x00000000004b5dc1 in ngx_http_wl_resolve_addr_handler (ctx=0xda00d0) at /usr/local/src/senginx-1.6.2/neusoft/ngx_http_whitelist/ngx_http_whitelist.c:464

    r = 0xdb8af0
    node = <optimized out>
    hash = 3742699198

#6 0x000000000041c2ec in ngx_resolver_process_ptr (nan=, code=0, ident=, n=26, buf=0x7fff788bad20 "cā\200", r=0xc73580)

at src/core/ngx_resolver.c:2243
    err = <optimized out>
    addr = 2822830402
    an = 0x7fff788bad4e
    next = 0x0
    tree = 0xc73610
    text = "66.249.64.168\177\000\000\000\000\000\000\000\000\000\000|\255\213x\377\177\000\000\020\066\307\000\000\000\000\000\200\066\307\000\000\000\000\000Д\305\000\000\000\000\000\000\000\000\000\005\377\316\301!\000\000\000\000\000\000\000\020\035\332\000\000\000\000\000\065.255.206.193\177\000\000\000\000\000\000\000\000\000\000g\236@\000\000\000\000", <incomplete sequence \360>
    ttl = 83550
    octet = <optimized out>
    name = {len = 33, data = 0xc5c560 "crawl-66-249-64-168.googlebot.com"}
    i = 56
    mask = <optimized out>
    qident = <optimized out>
    ctx = <optimized out>
    len = <optimized out>
    class = <optimized out>
    expire_queue = 0xc73680
    rn = 0xdafe80

#7 ngx_resolver_process_response (n=26, buf=0x7fff788bad20 "cā\200", r=0xc73580) at src/core/ngx_resolver.c:1377

    q = <optimized out>
    err = <optimized out>
    times = <optimized out>
    nqs = <optimized out>
    qtype = <optimized out>
    qs = <optimized out>
    i = <optimized out>
    ident = <optimized out>
    qident = <optimized out>
    flags = 0
    code = 0
    response = 0x7fff788bad20
    nan = 140735215808010
    qclass = 13055504
    rn = <optimized out>

#8 ngx_resolver_read_response (rev=0xdd5870) at src/core/ngx_resolver.c:1240

    n = 26
    c = 0x7f4fd9bd6880
    buf = "cā\200\000\001\000\001\000\004\000\004\003\061\066\070\002\066\064\003\062\064\071\002\066\066\ain-addr\004arpa\000\000\f\000\001\300\f\000\f\000\001\000\001F^\000#\023crawl-66-249-64-168\tgooglebot\003com\000\300\020\000\002\000\001\000\001D\367\000\r\003ns3\006google\300V\300\020\000\002\000\001\000\001D\367\000\006\003ns1\300k\300\020\000\002\000\001\000\001D\367\000\006\003ns4\300k\300\020\000\002\000\001\000\001D\367\000\006\003ns2\300k\300\200\000\001\000\001\000\005\071w\000\004\330\357 \n\300\244\000\001\000\001\000\005\071w\000\004\330\357\"\n\300g\000\001\000\001\000\005\071w\000\004\330\357$\n\300\222\000\001\000\001\000\005\071w"...

#9 0x0000000000429933 in ngx_epoll_process_events (cycle=0xc551b0, timer=, flags=) at src/event/modules/ngx_epoll_module.c:691

    events = 1
    revents = 1
    instance = <optimized out>
    i = <optimized out>
    level = <optimized out>
    err = <optimized out>
    rev = 0xdd5870
    wev = <optimized out>
    queue = <optimized out>
    c = 0x7f4fd9bd6880

#10 0x000000000042046a in ngx_process_events_and_timers (cycle=cycle@entry=0xc551b0) at src/event/ngx_event.c:248

    flags = 1
    timer = 57
    delta = 1465305138955

#11 0x00000000004279dd in ngx_worker_process_cycle (cycle=cycle@entry=0xc551b0, data=data@entry=0x1) at src/os/unix/ngx_process_cycle.c:851

    worker = 1
    i = <optimized out>
    c = <optimized out>

#12 0x0000000000425f4b in ngx_spawn_process (cycle=cycle@entry=0xc551b0, proc=proc@entry=0x4278ee <ngx_worker_process_cycle>, data=data@entry=0x1,

---Type to continue, or q to quit---
name=name@entry=0x4c706b "worker process", respawn=respawn@entry=-3) at src/os/unix/ngx_process.c:198
on = 1
pid = 0
s = 1
#13 0x0000000000426ca5 in ngx_start_worker_processes (cycle=cycle@entry=0xc551b0, n=4, type=type@entry=-3) at src/os/unix/ngx_process_cycle.c:398

    i = <optimized out>
    ch = {command = 1, pid = 13062, slot = 0, fd = 3}

#14 0x0000000000428806 in ngx_master_process_cycle (cycle=cycle@entry=0xc551b0) at src/os/unix/ngx_process_cycle.c:160

    title = 0xdd23ec "master process /usr/local/senginx/sbin/senginx -c /usr/local/senginx/conf/nginx.conf"
    p = <optimized out>
    size = <optimized out>
    i = <optimized out>
    n = <optimized out>
    sigio = <optimized out>
    set = {__val = {0 <repeats 16 times>}}
    itv = {it_interval = {tv_sec = 12936662, tv_usec = 0}, it_value = {tv_sec = 0, tv_usec = 0}}
    live = <optimized out>
    delay = <optimized out>
    ls = <optimized out>
    ccf = 0xc562f0

#15 0x0000000000408a3f in main (argc=, argv=) at src/core/nginx.c:407

    i = <optimized out>
    log = 0x730440
    cycle = 0xc551b0
    init_cycle = {conf_ctx = 0x0, pool = 0xc54c20, log = 0x730440, new_log = {log_level = 0, file = 0x0, connection = 0, handler = 0, data = 0x0, writer = 0,
        wdata = 0x0, action = 0x0, next = 0x0}, log_use_stderr = 0, files = 0x0, free_connections = 0x0, free_connection_n = 0, reusable_connections_queue = {
        prev = 0x0, next = 0x0}, listening = {elts = 0x0, nelts = 0, size = 0, nalloc = 0, pool = 0x0}, paths = {elts = 0x0, nelts = 0, size = 0, nalloc = 0,
        pool = 0x0}, open_files = {last = 0x0, part = {elts = 0x0, nelts = 0, next = 0x0}, size = 0, nalloc = 0, pool = 0x0}, shared_memory = {last = 0x0, part = {
          elts = 0x0, nelts = 0, next = 0x0}, size = 0, nalloc = 0, pool = 0x0}, connection_n = 0, files_n = 0, connections = 0x0, read_events = 0x0,
      write_events = 0x0, old_cycle = 0x0, conf_file = {len = 34, data = 0x7fff788bcf49 ""}, conf_param = {len = 0, data = 0x0}, conf_prefix = {len = 24,
        data = 0x7fff788bcf49 ""}, prefix = {len = 19, data = 0x4c2493 "/usr/local/senginx/"}, lock_file = {len = 0, data = 0x0}, hostname = {len = 0,
        data = 0x0}, session_callback = 0, ip_blacklist_callback = 0, session_enabled = 0 '\000', ip_blacklist_enabled = 0 '\000'}
    ccf = <optimized out>

(gdb)

[InfoHunter]

try this: https://github.com/NeusoftSecurity/SEnginx/archive/v1.7.0-se.tar.gz

[cuper6]

The problem still exists with 1.7.0:

(gdb) bt
#0 ngx_palloc (pool=0x0, size=size@entry=24) at src/core/ngx_palloc.c:126
#1 0x0000000000488bd6 in ngx_http_cleanup_add (r=r@entry=0x1a07c40,
size=size@entry=0) at src/http/ngx_http_core_module.c:2733
#2 0x00000000004fd906 in ngx_http_wl_handler (r=0x1a07c40)
at /usr/local/src/SEnginx-1.7.0-se/neusoft/ngx_http_whitelist/ngx_http_whitelist.c:634
#3 0x00000000004e52d8 in ngx_http_neteye_security_request_handler (
r=0x1a07c40)
at /usr/local/src/SEnginx-1.7.0-se/neusoft/ngx_http_neteye_security/ngx_http_neteye_security.c:260
#4 0x00000000004868ec in ngx_http_core_generic_phase (r=0x1a07c40,
ph=0x15df670) at src/http/ngx_http_core_module.c:894
#5 0x0000000000482633 in ngx_http_core_run_phases (r=r@entry=0x1a07c40)
at src/http/ngx_http_core_module.c:872
#6 0x00000000004fe085 in ngx_http_wl_resolve_addr_handler (ctx=0x182ea80)
at /usr/local/src/SEnginx-1.7.0-se/neusoft/ngx_http_whitelist/ngx_http_whitelist.c:464
#7 0x000000000046a4d2 in ngx_resolver_process_ptr (nan=1, code=127,
ident=19939184, n=89, buf=0x7ffc96e84d20 "\321\066\201\200", r=0x1303e10)
at src/core/ngx_resolver.c:3367
#8 ngx_resolver_process_response (r=0x1303e10,
buf=buf@entry=0x7ffc96e84d20 "\321\066\201\200", n=89, tcp=tcp@entry=0)
at src/core/ngx_resolver.c:1853
---Type to continue, or q to quit---
#9 0x000000000046a80d in ngx_resolver_udp_read (rev=0x15e4510)
at src/core/ngx_resolver.c:1580
#10 0x0000000000478466 in ngx_epoll_process_events (cycle=0x12d8690,
timer=, flags=)
at src/event/modules/ngx_epoll_module.c:822
#11 0x000000000046e691 in ngx_process_events_and_timers (
cycle=cycle@entry=0x12d8690) at src/event/ngx_event.c:242
#12 0x0000000000475ef4 in ngx_worker_process_cycle (
cycle=cycle@entry=0x12d8690, data=data@entry=0x7)
at src/os/unix/ngx_process_cycle.c:783
#13 0x00000000004744ae in ngx_spawn_process (cycle=cycle@entry=0x12d8690,
proc=proc@entry=0x475e51 <ngx_worker_process_cycle>, data=data@entry=0x7,
name=name@entry=0x684413 "worker process", respawn=respawn@entry=-3)
at src/os/unix/ngx_process.c:198
#14 0x0000000000475246 in ngx_start_worker_processes (
cycle=cycle@entry=0x12d8690, n=8, type=type@entry=-3)
at src/os/unix/ngx_process_cycle.c:388
#15 0x0000000000476d0f in ngx_master_process_cycle (
cycle=cycle@entry=0x12d8690) at src/os/unix/ngx_process_cycle.c:150
#16 0x00000000004528f7 in main (argc=, argv=)
at src/core/nginx.c:367
(gdb)

(gdb) backtrace full
#0 ngx_palloc (pool=0x0, size=size@entry=24) at src/core/ngx_palloc.c:126
No locals.
#1 0x0000000000488bd6 in ngx_http_cleanup_add (r=r@entry=0x1a07c40,
size=size@entry=0) at src/http/ngx_http_core_module.c:2733
cln =
#2 0x00000000004fd906 in ngx_http_wl_handler (r=0x1a07c40)
at /usr/local/src/SEnginx-1.7.0-se/neusoft/ngx_http_whitelist/ngx_http_whitelist.c:634
list =
wmcf = 0x12f3738
i =
cln =
vv =
#3 0x00000000004e52d8 in ngx_http_neteye_security_request_handler (
r=0x1a07c40)
at /usr/local/src/SEnginx-1.7.0-se/neusoft/ngx_http_neteye_security/ngx_http_neteye_security.c:260
i = 1
ret =
handler =
module = 0x997c20
nlcf =
#4 0x00000000004868ec in ngx_http_core_generic_phase (r=0x1a07c40,
---Type to continue, or q to quit---
ph=0x15df670) at src/http/ngx_http_core_module.c:894
rc =
#5 0x0000000000482633 in ngx_http_core_run_phases (r=r@entry=0x1a07c40)
at src/http/ngx_http_core_module.c:872
rc =
ph = 0x15df628
cmcf =
#6 0x00000000004fe085 in ngx_http_wl_resolve_addr_handler (ctx=0x182ea80)
at /usr/local/src/SEnginx-1.7.0-se/neusoft/ngx_http_whitelist/ngx_http_whitelist.c:464
r = 0x1a07c40
node =
hash = 1279959887
#7 0x000000000046a4d2 in ngx_resolver_process_ptr (nan=1, code=127,
ident=19939184, n=89, buf=0x7ffc96e84d20 "\321\066\201\200", r=0x1303e10)
at src/core/ngx_resolver.c:3367
err =
octet =
a = 0
ctx =
ttl = 86399
qident =
len =
---Type to continue, or q to quit---
i = 55
class =
an = 0x7ffc96e84d4d
mask =
type =
tree = 0x1303e51
rn = 0x1759410
addr = 19938897
name = {len = 32, data = 0x18df000 "crawl-66-249-76-83.googlebot.com0"}
expire_queue = 0x1303f70
next = 0x0
#8 ngx_resolver_process_response (r=0x1303e10,
buf=buf@entry=0x7ffc96e84d20 "\321\066\201\200", n=89, tcp=tcp@entry=0)
at src/core/ngx_resolver.c:1853
err =
i = 2
times =
ident = 19939184
qident =
flags = 1
code = 127
nqs =
nan = 1
---Type to continue, or q to quit---
trunc = 0
qtype =
qclass = 140722840292729
q =
qs = 0x7ffc96e84d22
response = 0x7ffc96e84d20
rn =
#9 0x000000000046a80d in ngx_resolver_udp_read (rev=0x15e4510)
at src/core/ngx_resolver.c:1580
n =
c = 0x7fb2d38d58d0
rec = 0x1301668
buf = "\321\066\201\200\000\001\000\001\000\000\000\000\002\070\063\002\067\066\003\062\064\071\002\066\066\ain-addr\004arpa\000\000\f\000\001\300\f\000\f\000\001\000\001Q\177\000"\022crawl-66-249-76-83\tgooglebot\003com\000\065\ain-addr\004arpa\000\000\f\000\001\300\f\000\005\000\001\000\000\061[\000\n\002\061\063\004\060/25\300\017\300\070\000\f\000\001\000\000\000$\000!\r95-108-181-13\006spider\006yandex\003com\000\300;\000\002\000\001\000\000\060\264\000\017\003ns3\006yandex\002ru\000\300;\000\002\000\001\000\000"...
#10 0x0000000000478466 in ngx_epoll_process_events (cycle=0x12d8690,
timer=, flags=)
at src/event/modules/ngx_epoll_module.c:822
events = 1
---Type to continue, or q to quit---
revents = 1
instance =
i =
level =
err =
rev = 0x15e4510
wev =
queue =
c = 0x7fb2d38d58d0
#11 0x000000000046e691 in ngx_process_events_and_timers (
cycle=cycle@entry=0x12d8690) at src/event/ngx_event.c:242
flags = 1
timer = 500
delta = 1495900224450
#12 0x0000000000475ef4 in ngx_worker_process_cycle (
cycle=cycle@entry=0x12d8690, data=data@entry=0x7)
at src/os/unix/ngx_process_cycle.c:783
worker = 7
#13 0x00000000004744ae in ngx_spawn_process (cycle=cycle@entry=0x12d8690,
proc=proc@entry=0x475e51 <ngx_worker_process_cycle>, data=data@entry=0x7,
name=name@entry=0x684413 "worker process", respawn=respawn@entry=-3)
at src/os/unix/ngx_process.c:198
on = 1
---Type to continue, or q to quit---
pid = 0
s = 7
#14 0x0000000000475246 in ngx_start_worker_processes (
cycle=cycle@entry=0x12d8690, n=8, type=type@entry=-3)
at src/os/unix/ngx_process_cycle.c:388
i =
ch = {command = 1, pid = 4927, slot = 6, fd = 24}
#15 0x0000000000476d0f in ngx_master_process_cycle (
cycle=cycle@entry=0x12d8690) at src/os/unix/ngx_process_cycle.c:150
title = 0x15e193c "master process /usr/local/senginx/sbin/senginx -c /usr/local/senginx/conf/nginx.conf"
p =
size =
i =
n =
sigio =
set = {__val = {0 <repeats 16 times>}}
itv = {it_interval = {tv_sec = 19768944, tv_usec = 0}, it_value = {
tv_sec = 0, tv_usec = 0}}
live =
delay =
ls =
ccf = 0x12da308
---Type to continue, or q to quit---
#16 0x00000000004528f7 in main (argc=, argv=)
at src/core/nginx.c:367
b =
log = 0x9af4a0
i =
cycle = 0x12d8690
init_cycle = {conf_ctx = 0x0, pool = 0x12d8100, log = 0x9af4a0,
new_log = {log_level = 0, file = 0x0, connection = 0,
disk_full_time = 0, handler = 0, data = 0x0, writer = 0,
wdata = 0x0, action = 0x0, next = 0x0}, log_use_stderr = 0,
files = 0x0, free_connections = 0x0, free_connection_n = 0,
modules = 0x0, modules_n = 0, modules_used = 0,
reusable_connections_queue = {prev = 0x0, next = 0x0}, listening = {
elts = 0x0, nelts = 0, size = 0, nalloc = 0, pool = 0x0}, paths = {
elts = 0x0, nelts = 0, size = 0, nalloc = 0, pool = 0x0},
config_dump = {elts = 0x0, nelts = 0, size = 0, nalloc = 0,
pool = 0x0}, open_files = {last = 0x0, part = {elts = 0x0,
nelts = 0, next = 0x0}, size = 0, nalloc = 0, pool = 0x0},
shared_memory = {last = 0x0, part = {elts = 0x0, nelts = 0,
next = 0x0}, size = 0, nalloc = 0, pool = 0x0},
connection_n = 0, files_n = 0, connections = 0x0, read_events = 0x0,
write_events = 0x0, old_cycle = 0x0, conf_file = {len = 34,
data = 0x7ffc96e87f49 ""}, conf_param = {len = 0, data = 0x0},
---Type to continue, or q to quit---
conf_prefix = {len = 24, data = 0x7ffc96e87f49 ""}, prefix = {
len = 19, data = 0x67f1e6 "/usr/local/senginx/"}, lock_file = {
len = 0, data = 0x0}, hostname = {len = 0, data = 0x0},
session_callback = 0, ip_blacklist_callback = 0,
session_enabled = 0 '\000', ip_blacklist_enabled = 0 '\000'}
cd =
ccf =
(gdb)

[cuper6]

better later then never...
I fixed this bug in senginx 1.8.3
https://github.com/cuper6/SEnginx