segfault in nginx 1.2.0 and 1.2.2 when serving 400 error pages via a reverse proxied host
|
Russell Howe
July 12, 2012 12:50PM
|
Earlier this year we noticed a large number of segfaulting nginx processes.
This turned out to be an instance of:
http://forum.nginx.org/read.php?2,213479
whereby we had a config snippet which looked like:
error_page 400 @fallback
Triggered (we think) by someone running an exploit for CVE-2009-3896
I can reproduce the segfault by running:
$ echo -e "GET $(perl -e 'print "o" x 4079;')/ HTTP/1.1\r\n\r\n"|openssl s_client -connect 256.256.256.256:443
(where 256.256.256.256 is the address of an nginx host configured with SSL)
Here's a gdb backtrace. Unfortunately, my debugging skills aren't quite up to dealing with this as so far as I can tell, the optimiser has had its wicked way and rearranged everything, making it difficult to match the disassembly with the code.
Is this helpful to anyone?
Also, I discovered that your nginx-debug RPM doesn't actually include debug symbols (!)
On CentOS 5 I fixed this by adding to the top of the spec file:
%define __os_install_post \
/usr/lib/rpm/brp-compress \
/usr/lib/rpm/brp-strip-static-archive \
/usr/lib/rpm/brp-strip-comment-note \
Which is redefining __os_install_post to be the same as usual, minus the call to /usr/lib/rpm/brp-strip
What was happening was that the nginx binary was built, complete with symbols, copied to nginx.debug, then the original binary was stripped.
Then, __os_install_post ran, which called brp-strip. brp-strip goes and strips all the executables it can find, including nginx.debug!
GNU gdb (GDB) CentOS (7.0.1-42.el5.centos)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/.
Attaching to process 6810
Reading symbols from /usr/sbin/nginx.debug...done.
Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done.
[Thread debugging using libthread_db enabled]
Loaded symbols for /lib64/libpthread.so.0
Reading symbols from /lib64/libcrypt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libcrypt.so.1
Reading symbols from /lib64/libpcre.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib64/libpcre.so.0
Reading symbols from /lib64/libssl.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libssl.so.6
Reading symbols from /lib64/libcrypto.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libcrypto.so.6
Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /lib64/libz.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libz.so.1
Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libc.so.6
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /usr/lib64/libgssapi_krb5.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libgssapi_krb5.so.2
Reading symbols from /usr/lib64/libkrb5.so.3...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libkrb5.so.3
Reading symbols from /lib64/libcom_err.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libcom_err.so.2
Reading symbols from /usr/lib64/libk5crypto.so.3...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libk5crypto.so.3
Reading symbols from /usr/lib64/libkrb5support.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libkrb5support.so.0
Reading symbols from /lib64/libkeyutils.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libkeyutils.so.1
Reading symbols from /lib64/libresolv.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libresolv.so.2
Reading symbols from /lib64/libselinux.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libselinux.so.1
Reading symbols from /lib64/libsepol.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libsepol.so.1
Reading symbols from /lib64/libnss_files.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libnss_files.so.2
warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7fffc613d000
0x000000321ced3603 in __epoll_wait_nocancel () from /lib64/libc.so.6
(gdb)
(gdb)
(gdb) cont
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0x000000321ce7ab6e in memcpy () from /lib64/libc.so.6
(gdb) bt
#0 0x000000321ce7ab6e in memcpy () from /lib64/libc.so.6
#1 0x000000000046a99f in ngx_http_proxy_create_request (r=0x12c3a110) at src/http/modules/ngx_http_proxy_module.c:1067
#2 0x000000000044a023 in ngx_http_upstream_init_request (r=0x12c3a110) at src/http/ngx_http_upstream.c:505
#3 0x000000000043ef26 in ngx_http_read_client_request_body (r=0x12c3a110, post_handler=0x44a690 <ngx_http_upstream_init>) at src/http/ngx_http_request_body.c:155
#4 0x0000000000468ecb in ngx_http_proxy_handler (r=0x12c3a110) at src/http/modules/ngx_http_proxy_module.c:702
#5 0x00000000004325bc in ngx_http_core_content_phase (r=0x12c3a110, ph=0x12c3df18) at src/http/ngx_http_core_module.c:1396
#6 0x000000000042d2ad in ngx_http_core_run_phases (r=0x12c3a110) at src/http/ngx_http_core_module.c:877
#7 0x00000000004312d0 in ngx_http_named_location (r=0x12c3a110, name=0x7fffc606fa20) at src/http/ngx_http_core_module.c:2603
#8 0x00000000004346a7 in ngx_http_send_error_page (r=0x12c3a110, error=<value optimized out>) at src/http/ngx_http_special_response.c:573
#9 ngx_http_special_response_handler (r=0x12c3a110, error=<value optimized out>) at src/http/ngx_http_special_response.c:415
#10 0x00000000004379d1 in ngx_http_finalize_request (r=0x12c3a110, rc=400) at src/http/ngx_http_request.c:2004
#11 0x00000000004392ab in ngx_http_process_request_line (rev=0x2b982deef148) at src/http/ngx_http_request.c:943
#12 0x000000000041d2e4 in ngx_event_process_posted (cycle=0x12c01640, posted=0x6bd4a8) at src/event/ngx_event_posted.c:40
#13 0x00000000004241c6 in ngx_worker_process_cycle (cycle=0x12c01640, data=<value optimized out>) at src/os/unix/ngx_process_cycle.c:808
#14 0x00000000004226dd in ngx_spawn_process (cycle=0x12c01640, proc=0x424100 <ngx_worker_process_cycle>, data=0x0, name=0x48d306 "worker process", respawn=-3) at src/os/unix/ngx_process.c:198
#15 0x00000000004236fc in ngx_start_worker_processes (cycle=0x12c01640, n=4, type=-3) at src/os/unix/ngx_process_cycle.c:365
#16 0x0000000000424994 in ngx_master_process_cycle (cycle=0x12c01640) at src/os/unix/ngx_process_cycle.c:137
#17 0x00000000004066e5 in main (argc=3, argv=<value optimized out>) at src/core/nginx.c:410
(gdb) disassemble 0x000000000046a99f
Dump of assembler code for function ngx_http_proxy_create_request:
0x000000000046a520 <ngx_http_proxy_create_request+0>: push %r15
0x000000000046a522 <ngx_http_proxy_create_request+2>: push %r14
0x000000000046a524 <ngx_http_proxy_create_request+4>: push %r13
0x000000000046a526 <ngx_http_proxy_create_request+6>: push %r12
0x000000000046a528 <ngx_http_proxy_create_request+8>: push %rbp
0x000000000046a529 <ngx_http_proxy_create_request+9>: push %rbx
0x000000000046a52a <ngx_http_proxy_create_request+10>: sub $0x128,%rsp
0x000000000046a531 <ngx_http_proxy_create_request+17>: mov 0x48(%rdi),%rax
0x000000000046a535 <ngx_http_proxy_create_request+21>: mov %rdi,0x10(%rsp)
0x000000000046a53a <ngx_http_proxy_create_request+26>: mov %rax,0x38(%rsp)
0x000000000046a53f <ngx_http_proxy_create_request+31>: mov 0x249b5a(%rip),%rax # 0x6b40a0 <ngx_http_proxy_module>
0x000000000046a546 <ngx_http_proxy_create_request+38>: mov 0x38(%rsp),%rcx
0x000000000046a54b <ngx_http_proxy_create_request+43>: lea 0x0(,%rax,8),%rdx
0x000000000046a553 <ngx_http_proxy_create_request+51>: mov 0x28(%rdi),%rax
0x000000000046a557 <ngx_http_proxy_create_request+55>: mov (%rax,%rdx,1),%rax
0x000000000046a55b <ngx_http_proxy_create_request+59>: mov %rax,0x48(%rsp)
0x000000000046a560 <ngx_http_proxy_create_request+64>: mov 0x320(%rcx),%rax
0x000000000046a567 <ngx_http_proxy_create_request+71>: test %rax,%rax
0x000000000046a56a <ngx_http_proxy_create_request+74>: je 0x46a830 <ngx_http_proxy_create_request+784>
0x000000000046a570 <ngx_http_proxy_create_request+80>: mov 0x328(%rcx),%rcx
0x000000000046a577 <ngx_http_proxy_create_request+87>: add $0x1,%rax
0x000000000046a57b <ngx_http_proxy_create_request+91>: mov %rax,0x58(%rsp)
0x000000000046a580 <ngx_http_proxy_create_request+96>: mov %rcx,0x50(%rsp)
0x000000000046a585 <ngx_http_proxy_create_request+101>: mov 0x10(%rsp),%rcx
0x000000000046a58a <ngx_http_proxy_create_request+106>: cmpq $0x5,0x58(%rsp)
0x000000000046a590 <ngx_http_proxy_create_request+112>: mov 0x10(%rcx),%rax
0x000000000046a594 <ngx_http_proxy_create_request+116>: mov (%rdx,%rax,1),%rdx
0x000000000046a598 <ngx_http_proxy_create_request+120>: mov %rdx,0x40(%rsp)
0x000000000046a59d <ngx_http_proxy_create_request+125>: je 0x46a93f <ngx_http_proxy_create_request+1055>
0x000000000046a5a3 <ngx_http_proxy_create_request+131>: mov 0x48(%rsp),%rdx
0x000000000046a5a8 <ngx_http_proxy_create_request+136>: cmpq $0x0,0x1b0(%rdx)
0x000000000046a5b0 <ngx_http_proxy_create_request+144>: je 0x46a74e <ngx_http_proxy_create_request+558>
0x000000000046a5b6 <ngx_http_proxy_create_request+150>: mov 0x40(%rsp),%rcx
0x000000000046a5bb <ngx_http_proxy_create_request+155>: xor %edx,%edx
0x000000000046a5bd <ngx_http_proxy_create_request+157>: mov 0x68(%rcx),%rax
0x000000000046a5c1 <ngx_http_proxy_create_request+161>: test %rax,%rax
0x000000000046a5c4 <ngx_http_proxy_create_request+164>: je 0x46a75c <ngx_http_proxy_create_request+572>
0x000000000046a5ca <ngx_http_proxy_create_request+170>: movq $0x0,0x18(%rsp)
0x000000000046a5d3 <ngx_http_proxy_create_request+179>: movq $0x0,0x20(%rsp)
0x000000000046a5dc <ngx_http_proxy_create_request+188>: movq $0x0,0x28(%rsp)
0x000000000046a5e5 <ngx_http_proxy_create_request+197>: mov 0x58(%rsp),%rcx
0x000000000046a5ea <ngx_http_proxy_create_request+202>: mov 0x10(%rsp),%rdi
0x000000000046a5ef <ngx_http_proxy_create_request+207>: lea 0xd(%rcx,%rax,1),%rbx
0x000000000046a5f4 <ngx_http_proxy_create_request+212>: mov 0x48(%rsp),%rax
0x000000000046a5f9 <ngx_http_proxy_create_request+217>: mov 0x170(%rax),%rsi
0x000000000046a600 <ngx_http_proxy_create_request+224>: callq 0x441c40 <ngx_http_script_flush_no_cacheable_variables>
0x000000000046a605 <ngx_http_proxy_create_request+229>: mov 0x48(%rsp),%rdx
0x000000000046a60a <ngx_http_proxy_create_request+234>: mov 0x178(%rdx),%rax
0x000000000046a611 <ngx_http_proxy_create_request+241>: test %rax,%rax
0x000000000046a614 <ngx_http_proxy_create_request+244>: je 0x46a65f <ngx_http_proxy_create_request+319>
0x000000000046a616 <ngx_http_proxy_create_request+246>: mov (%rax),%rax
0x000000000046a619 <ngx_http_proxy_create_request+249>: orb $0x1,0xa0(%rsp)
0x000000000046a621 <ngx_http_proxy_create_request+257>: xor %ebp,%ebp
0x000000000046a623 <ngx_http_proxy_create_request+259>: mov 0x10(%rsp),%rcx
0x000000000046a628 <ngx_http_proxy_create_request+264>: cmpq $0x0,(%rax)
0x000000000046a62c <ngx_http_proxy_create_request+268>: mov %rax,0x60(%rsp)
0x000000000046a631 <ngx_http_proxy_create_request+273>: mov %rcx,0xb0(%rsp)
0x000000000046a639 <ngx_http_proxy_create_request+281>: je 0x46a653 <ngx_http_proxy_create_request+307>
0x000000000046a63b <ngx_http_proxy_create_request+283>: lea 0x60(%rsp),%r12
0x000000000046a640 <ngx_http_proxy_create_request+288>: mov %r12,%rdi
0x000000000046a643 <ngx_http_proxy_create_request+291>: callq *(%rax)
0x000000000046a645 <ngx_http_proxy_create_request+293>: add %rax,%rbp
0x000000000046a648 <ngx_http_proxy_create_request+296>: mov 0x60(%rsp),%rax
0x000000000046a64d <ngx_http_proxy_create_request+301>: cmpq $0x0,(%rax)
0x000000000046a651 <ngx_http_proxy_create_request+305>: jne 0x46a640 <ngx_http_proxy_create_request+288>
0x000000000046a653 <ngx_http_proxy_create_request+307>: mov 0x40(%rsp),%rax
0x000000000046a658 <ngx_http_proxy_create_request+312>: add %rbp,%rbx
0x000000000046a65b <ngx_http_proxy_create_request+315>: mov %rbp,0x78(%rax)
0x000000000046a65f <ngx_http_proxy_create_request+319>: mov 0x48(%rsp),%rdx
0x000000000046a664 <ngx_http_proxy_create_request+324>: mov 0x10(%rsp),%rcx
0x000000000046a669 <ngx_http_proxy_create_request+329>: lea 0x60(%rsp),%r12
0x000000000046a66e <ngx_http_proxy_create_request+334>: mov 0x188(%rdx),%rax
0x000000000046a675 <ngx_http_proxy_create_request+341>: mov %rcx,0xb0(%rsp)
0x000000000046a67d <ngx_http_proxy_create_request+349>: mov (%rax),%rax
0x000000000046a680 <ngx_http_proxy_create_request+352>: orb $0x1,0xa0(%rsp)
0x000000000046a688 <ngx_http_proxy_create_request+360>: cmpq $0x0,(%rax)
0x000000000046a68c <ngx_http_proxy_create_request+364>: mov %rax,0x60(%rsp)
---Type <return> to continue, or q <return> to quit---
0x000000000046a691 <ngx_http_proxy_create_request+369>: je 0x46a6bb <ngx_http_proxy_create_request+411>
0x000000000046a693 <ngx_http_proxy_create_request+371>: mov 0x60(%rsp),%rdx
0x000000000046a698 <ngx_http_proxy_create_request+376>: mov %r12,%rdi
0x000000000046a69b <ngx_http_proxy_create_request+379>: callq *(%rdx)
0x000000000046a69d <ngx_http_proxy_create_request+381>: mov 0x60(%rsp),%rdx
0x000000000046a6a2 <ngx_http_proxy_create_request+386>: add %rax,%rbx
0x000000000046a6a5 <ngx_http_proxy_create_request+389>: cmpq $0x0,(%rdx)
0x000000000046a6a9 <ngx_http_proxy_create_request+393>: jne 0x46a698 <ngx_http_proxy_create_request+376>
0x000000000046a6ab <ngx_http_proxy_create_request+395>: cmpq $0x0,0x8(%rdx)
0x000000000046a6b0 <ngx_http_proxy_create_request+400>: lea 0x8(%rdx),%rax
0x000000000046a6b4 <ngx_http_proxy_create_request+404>: mov %rax,0x60(%rsp)
0x000000000046a6b9 <ngx_http_proxy_create_request+409>: jne 0x46a693 <ngx_http_proxy_create_request+371>
0x000000000046a6bb <ngx_http_proxy_create_request+411>: mov 0x48(%rsp),%rax
0x000000000046a6c0 <ngx_http_proxy_create_request+416>: cmpq $0x0,0x98(%rax)
0x000000000046a6c8 <ngx_http_proxy_create_request+424>: je 0x46a90d <ngx_http_proxy_create_request+1005>
0x000000000046a6ce <ngx_http_proxy_create_request+430>: mov 0x10(%rsp),%rdx
0x000000000046a6d3 <ngx_http_proxy_create_request+435>: mov 0x10(%rsp),%r12
0x000000000046a6d8 <ngx_http_proxy_create_request+440>: mov %rax,%r15
0x000000000046a6db <ngx_http_proxy_create_request+443>: xor %r13d,%r13d
0x000000000046a6de <ngx_http_proxy_create_request+446>: add $0x198,%r15
0x000000000046a6e5 <ngx_http_proxy_create_request+453>: mov 0x70(%rdx),%r14
0x000000000046a6e9 <ngx_http_proxy_create_request+457>: add $0x70,%r12
0x000000000046a6ed <ngx_http_proxy_create_request+461>: cmp 0x8(%r12),%r13
0x000000000046a6f2 <ngx_http_proxy_create_request+466>: jb 0x46a73f <ngx_http_proxy_create_request+543>
0x000000000046a6f4 <ngx_http_proxy_create_request+468>: mov 0x10(%r12),%r12
0x000000000046a6f9 <ngx_http_proxy_create_request+473>: test %r12,%r12
0x000000000046a6fc <ngx_http_proxy_create_request+476>: je 0x46a90d <ngx_http_proxy_create_request+1005>
0x000000000046a702 <ngx_http_proxy_create_request+482>: mov (%r12),%r14
0x000000000046a706 <ngx_http_proxy_create_request+486>: xor %eax,%eax
0x000000000046a708 <ngx_http_proxy_create_request+488>: mov $0x1,%r13d
0x000000000046a70e <ngx_http_proxy_create_request+494>: lea (%r14,%rax,1),%rbp
0x000000000046a712 <ngx_http_proxy_create_request+498>: mov %r15,%rdi
0x000000000046a715 <ngx_http_proxy_create_request+501>: mov 0x8(%rbp),%rcx
0x000000000046a719 <ngx_http_proxy_create_request+505>: mov 0x28(%rbp),%rdx
0x000000000046a71d <ngx_http_proxy_create_request+509>: mov 0x0(%rbp),%rsi
0x000000000046a721 <ngx_http_proxy_create_request+513>: callq 0x407a50 <ngx_hash_find>
0x000000000046a726 <ngx_http_proxy_create_request+518>: test %rax,%rax
0x000000000046a729 <ngx_http_proxy_create_request+521>: jne 0x46a6ed <ngx_http_proxy_create_request+461>
0x000000000046a72b <ngx_http_proxy_create_request+523>: mov 0x18(%rbp),%rax
0x000000000046a72f <ngx_http_proxy_create_request+527>: add 0x8(%rbp),%rax
0x000000000046a733 <ngx_http_proxy_create_request+531>: cmp 0x8(%r12),%r13
0x000000000046a738 <ngx_http_proxy_create_request+536>: lea 0x4(%rax,%rbx,1),%rbx
0x000000000046a73d <ngx_http_proxy_create_request+541>: jae 0x46a6f4 <ngx_http_proxy_create_request+468>
0x000000000046a73f <ngx_http_proxy_create_request+543>: lea 0x0(%r13,%r13,2),%rax
0x000000000046a744 <ngx_http_proxy_create_request+548>: add $0x1,%r13
0x000000000046a748 <ngx_http_proxy_create_request+552>: shl $0x4,%rax
0x000000000046a74c <ngx_http_proxy_create_request+556>: jmp 0x46a70e <ngx_http_proxy_create_request+494>
0x000000000046a74e <ngx_http_proxy_create_request+558>: mov 0x40(%rsp),%rax
0x000000000046a753 <ngx_http_proxy_create_request+563>: mov 0x68(%rax),%rdx
0x000000000046a757 <ngx_http_proxy_create_request+567>: test %rdx,%rdx
0x000000000046a75a <ngx_http_proxy_create_request+570>: jne 0x46a76e <ngx_http_proxy_create_request+590>
0x000000000046a75c <ngx_http_proxy_create_request+572>: mov 0x10(%rsp),%rcx
0x000000000046a761 <ngx_http_proxy_create_request+577>: testb $0x10,0x43c(%rcx)
0x000000000046a768 <ngx_http_proxy_create_request+584>: jne 0x46a890 <ngx_http_proxy_create_request+880>
0x000000000046a76e <ngx_http_proxy_create_request+590>: mov 0x10(%rsp),%rax
0x000000000046a773 <ngx_http_proxy_create_request+595>: testb $0x8,0x43c(%rax)
0x000000000046a77a <ngx_http_proxy_create_request+602>: jne 0x46a871 <ngx_http_proxy_create_request+849>
0x000000000046a780 <ngx_http_proxy_create_request+608>: movq $0x0,0x18(%rsp)
0x000000000046a789 <ngx_http_proxy_create_request+617>: mov 0x10(%rsp),%rcx
0x000000000046a78e <ngx_http_proxy_create_request+622>: mov $0x140000000,%rax
0x000000000046a798 <ngx_http_proxy_create_request+632>: test %rax,0x438(%rcx)
0x000000000046a79f <ngx_http_proxy_create_request+639>: jne 0x46a8da <ngx_http_proxy_create_request+954>
0x000000000046a7a5 <ngx_http_proxy_create_request+645>: movq $0x0,0x20(%rsp)
0x000000000046a7ae <ngx_http_proxy_create_request+654>: testb $0x10,0x440(%rcx)
0x000000000046a7b5 <ngx_http_proxy_create_request+661>: jne 0x46a8da <ngx_http_proxy_create_request+954>
0x000000000046a7bb <ngx_http_proxy_create_request+667>: mov 0x10(%rsp),%rdx
0x000000000046a7c0 <ngx_http_proxy_create_request+672>: mov 0x40(%rsp),%rcx
0x000000000046a7c5 <ngx_http_proxy_create_request+677>: movq $0x0,0x28(%rsp)
0x000000000046a7ce <ngx_http_proxy_create_request+686>: mov 0x330(%rdx),%rax
0x000000000046a7d5 <ngx_http_proxy_create_request+693>: add 0x68(%rcx),%rax
0x000000000046a7d9 <ngx_http_proxy_create_request+697>: add $0x1,%rax
0x000000000046a7dd <ngx_http_proxy_create_request+701>: add 0x340(%rdx),%rax
0x000000000046a7e4 <ngx_http_proxy_create_request+708>: sub 0x18(%rsp),%rax
0x000000000046a7e9 <ngx_http_proxy_create_request+713>: add 0x20(%rsp),%rax
0x000000000046a7ee <ngx_http_proxy_create_request+718>: test %rax,%rax
0x000000000046a7f1 <ngx_http_proxy_create_request+721>: jne 0x46a5e5 <ngx_http_proxy_create_request+197>
0x000000000046a7f7 <ngx_http_proxy_create_request+727>: mov 0x10(%rsp),%rdx
0x000000000046a7fc <ngx_http_proxy_create_request+732>: mov 0x8(%rdx),%rax
0x000000000046a800 <ngx_http_proxy_create_request+736>: mov 0x50(%rax),%rsi
0x000000000046a804 <ngx_http_proxy_create_request+740>: cmpq $0x3,(%rsi)
0x000000000046a808 <ngx_http_proxy_create_request+744>: jbe 0x46a926 <ngx_http_proxy_create_request+1030>
0x000000000046a80e <ngx_http_proxy_create_request+750>: xor %eax,%eax
0x000000000046a810 <ngx_http_proxy_create_request+752>: mov $0x495e80,%ecx
0x000000000046a815 <ngx_http_proxy_create_request+757>: xor %edx,%edx
0x000000000046a817 <ngx_http_proxy_create_request+759>: mov $0x4,%edi
0x000000000046a81c <ngx_http_proxy_create_request+764>: callq 0x4069e0 <ngx_log_error_core>
0x000000000046a821 <ngx_http_proxy_create_request+769>: mov $0xffffffffffffffff,%rax
0x000000000046a828 <ngx_http_proxy_create_request+776>: jmpq 0x46a92d <ngx_http_proxy_create_request+1037>
0x000000000046a82d <ngx_http_proxy_create_request+781>: nopl (%rax)
0x000000000046a830 <ngx_http_proxy_create_request+784>: mov 0x48(%rsp),%rax
0x000000000046a835 <ngx_http_proxy_create_request+789>: mov 0x1e8(%rax),%rax
0x000000000046a83c <ngx_http_proxy_create_request+796>: test %rax,%rax
0x000000000046a83f <ngx_http_proxy_create_request+799>: mov %rax,0x58(%rsp)
0x000000000046a844 <ngx_http_proxy_create_request+804>: jne 0x46a8c4 <ngx_http_proxy_create_request+932>
0x000000000046a846 <ngx_http_proxy_create_request+806>: mov 0x10(%rsp),%rax
0x000000000046a84b <ngx_http_proxy_create_request+811>: mov 0x10(%rsp),%rcx
0x000000000046a850 <ngx_http_proxy_create_request+816>: mov 0x378(%rax),%rax
0x000000000046a857 <ngx_http_proxy_create_request+823>: mov %rax,0x50(%rsp)
0x000000000046a85c <ngx_http_proxy_create_request+828>: mov 0x370(%rcx),%rax
0x000000000046a863 <ngx_http_proxy_create_request+835>: add $0x1,%rax
0x000000000046a867 <ngx_http_proxy_create_request+839>: mov %rax,0x58(%rsp)
0x000000000046a86c <ngx_http_proxy_create_request+844>: jmpq 0x46a585 <ngx_http_proxy_create_request+101>
0x000000000046a871 <ngx_http_proxy_create_request+849>: test %rdx,%rdx
0x000000000046a874 <ngx_http_proxy_create_request+852>: je 0x46a780 <ngx_http_proxy_create_request+608>
0x000000000046a87a <ngx_http_proxy_create_request+858>: mov 0x48(%rsp),%rdx
0x000000000046a87f <ngx_http_proxy_create_request+863>: mov 0x1f8(%rdx),%rdx
0x000000000046a886 <ngx_http_proxy_create_request+870>: mov %rdx,0x18(%rsp)
0x000000000046a88b <ngx_http_proxy_create_request+875>: jmpq 0x46a789 <ngx_http_proxy_create_request+617>
0x000000000046a890 <ngx_http_proxy_create_request+880>: cmp %rcx,0x398(%rcx)
0x000000000046a897 <ngx_http_proxy_create_request+887>: jne 0x46a76e <ngx_http_proxy_create_request+590>
0x000000000046a89d <ngx_http_proxy_create_request+893>: mov 0x360(%rcx),%rax
0x000000000046a8a4 <ngx_http_proxy_create_request+900>: movq $0x0,0x18(%rsp)
0x000000000046a8ad <ngx_http_proxy_create_request+909>: movq $0x0,0x20(%rsp)
0x000000000046a8b6 <ngx_http_proxy_create_request+918>: movq $0x1,0x28(%rsp)
0x000000000046a8bf <ngx_http_proxy_create_request+927>: jmpq 0x46a7ee <ngx_http_proxy_create_request+718>
0x000000000046a8c4 <ngx_http_proxy_create_request+932>: mov 0x48(%rsp),%rcx
0x000000000046a8c9 <ngx_http_proxy_create_request+937>: mov 0x1f0(%rcx),%rcx
0x000000000046a8d0 <ngx_http_proxy_create_request+944>: mov %rcx,0x50(%rsp)
0x000000000046a8d5 <ngx_http_proxy_create_request+949>: jmpq 0x46a585 <ngx_http_proxy_create_request+101>
0x000000000046a8da <ngx_http_proxy_create_request+954>: mov 0x10(%rsp),%rax
0x000000000046a8df <ngx_http_proxy_create_request+959>: mov 0x18(%rsp),%rsi
0x000000000046a8e4 <ngx_http_proxy_create_request+964>: xor %ecx,%ecx
0x000000000046a8e6 <ngx_http_proxy_create_request+966>: xor %edi,%edi
0x000000000046a8e8 <ngx_http_proxy_create_request+968>: mov 0x330(%rax),%rdx
0x000000000046a8ef <ngx_http_proxy_create_request+975>: add 0x338(%rax),%rsi
0x000000000046a8f6 <ngx_http_proxy_create_request+982>: sub 0x18(%rsp),%rdx
0x000000000046a8fb <ngx_http_proxy_create_request+987>: callq 0x40a6f0 <ngx_escape_uri>
0x000000000046a900 <ngx_http_proxy_create_request+992>: add %rax,%rax
0x000000000046a903 <ngx_http_proxy_create_request+995>: mov %rax,0x20(%rsp)
0x000000000046a908 <ngx_http_proxy_create_request+1000>: jmpq 0x46a7bb <ngx_http_proxy_create_request+667>
0x000000000046a90d <ngx_http_proxy_create_request+1005>: mov 0x10(%rsp),%rcx
0x000000000046a912 <ngx_http_proxy_create_request+1010>: mov %rbx,%rsi
0x000000000046a915 <ngx_http_proxy_create_request+1013>: mov 0x58(%rcx),%rdi
0x000000000046a919 <ngx_http_proxy_create_request+1017>: callq 0x408fd0 <ngx_create_temp_buf>
0x000000000046a91e <ngx_http_proxy_create_request+1022>: test %rax,%rax
0x000000000046a921 <ngx_http_proxy_create_request+1025>: mov %rax,%rbp
0x000000000046a924 <ngx_http_proxy_create_request+1028>: jne 0x46a971 <ngx_http_proxy_create_request+1105>
0x000000000046a926 <ngx_http_proxy_create_request+1030>: mov $0xffffffffffffffff,%rax
0x000000000046a92d <ngx_http_proxy_create_request+1037>: add $0x128,%rsp
0x000000000046a934 <ngx_http_proxy_create_request+1044>: pop %rbx
0x000000000046a935 <ngx_http_proxy_create_request+1045>: pop %rbp
0x000000000046a936 <ngx_http_proxy_create_request+1046>: pop %r12
0x000000000046a938 <ngx_http_proxy_create_request+1048>: pop %r13
0x000000000046a93a <ngx_http_proxy_create_request+1050>: pop %r14
0x000000000046a93c <ngx_http_proxy_create_request+1052>: pop %r15
0x000000000046a93e <ngx_http_proxy_create_request+1054>: retq
0x000000000046a93f <ngx_http_proxy_create_request+1055>: mov 0x50(%rsp),%rdi
0x000000000046a944 <ngx_http_proxy_create_request+1060>: mov $0x5,%edx
0x000000000046a949 <ngx_http_proxy_create_request+1065>: mov $0x495e7a,%esi
0x000000000046a94e <ngx_http_proxy_create_request+1070>: callq 0x409c90 <ngx_strncasecmp>
0x000000000046a953 <ngx_http_proxy_create_request+1075>: test %rax,%rax
0x000000000046a956 <ngx_http_proxy_create_request+1078>: jne 0x46a5a3 <ngx_http_proxy_create_request+131>
0x000000000046a95c <ngx_http_proxy_create_request+1084>: mov 0x40(%rsp),%rax
0x000000000046a961 <ngx_http_proxy_create_request+1089>: movq $0x1,0x98(%rax)
0x000000000046a96c <ngx_http_proxy_create_request+1100>: jmpq 0x46a5a3 <ngx_http_proxy_create_request+131>
0x000000000046a971 <ngx_http_proxy_create_request+1105>: mov 0x10(%rsp),%rax
0x000000000046a976 <ngx_http_proxy_create_request+1110>: mov 0x58(%rax),%rdi
0x000000000046a97a <ngx_http_proxy_create_request+1114>: callq 0x408df0 <ngx_alloc_chain_link>
0x000000000046a97f <ngx_http_proxy_create_request+1119>: test %rax,%rax
0x000000000046a982 <ngx_http_proxy_create_request+1122>: mov %rax,0x30(%rsp)
0x000000000046a987 <ngx_http_proxy_create_request+1127>: je 0x46a926 <ngx_http_proxy_create_request+1030>
0x000000000046a989 <ngx_http_proxy_create_request+1129>: mov 0x58(%rsp),%rdx
0x000000000046a98e <ngx_http_proxy_create_request+1134>: mov 0x8(%rbp),%rdi
0x000000000046a992 <ngx_http_proxy_create_request+1138>: mov 0x50(%rsp),%rsi
0x000000000046a997 <ngx_http_proxy_create_request+1143>: mov %rbp,(%rax)
0x000000000046a99a <ngx_http_proxy_create_request+1146>: callq 0x404798 <memcpy@plt>
0x000000000046a99f <ngx_http_proxy_create_request+1151>: mov 0x48(%rsp),%rcx
0x000000000046a9a4 <ngx_http_proxy_create_request+1156>: add 0x58(%rsp),%rax
0x000000000046a9a9 <ngx_http_proxy_create_request+1161>: mov 0x38(%rsp),%rdx
0x000000000046a9ae <ngx_http_proxy_create_request+1166>: cmpq $0x0,0x1b0(%rcx)
0x000000000046a9b6 <ngx_http_proxy_create_request+1174>: mov %rax,0x8(%rbp)
0x000000000046a9ba <ngx_http_proxy_create_request+1178>: mov %rax,0x348(%rdx)
0x000000000046a9c1 <ngx_http_proxy_create_request+1185>: je 0x46a9d5 <ngx_http_proxy_create_request+1205>
0x000000000046a9c3 <ngx_http_proxy_create_request+1187>: mov 0x40(%rsp),%rax
0x000000000046a9c8 <ngx_http_proxy_create_request+1192>: mov 0x68(%rax),%rdx
0x000000000046a9cc <ngx_http_proxy_create_request+1196>: test %rdx,%rdx
0x000000000046a9cf <ngx_http_proxy_create_request+1199>: jne 0x46ac3d <ngx_http_proxy_create_request+1821>
0x000000000046a9d5 <ngx_http_proxy_create_request+1205>: cmpq $0x0,0x28(%rsp)
0x000000000046a9db <ngx_http_proxy_create_request+1211>: jne 0x46ae09 <ngx_http_proxy_create_request+2281>
0x000000000046a9e1 <ngx_http_proxy_create_request+1217>: mov 0x10(%rsp),%rcx
0x000000000046a9e6 <ngx_http_proxy_create_request+1222>: testb $0x8,0x43c(%rcx)
0x000000000046a9ed <ngx_http_proxy_create_request+1229>: jne 0x46af77 <ngx_http_proxy_create_request+2647>
0x000000000046a9f3 <ngx_http_proxy_create_request+1235>: cmpq $0x0,0x20(%rsp)
0x000000000046a9f9 <ngx_http_proxy_create_request+1241>: je 0x46adc6 <ngx_http_proxy_create_request+2214>
0x000000000046a9ff <ngx_http_proxy_create_request+1247>: mov 0x10(%rsp),%rcx
0x000000000046aa04 <ngx_http_proxy_create_request+1252>: mov 0x18(%rsp),%rsi
0x000000000046aa09 <ngx_http_proxy_create_request+1257>: mov 0x8(%rbp),%rdi
0x000000000046aa0d <ngx_http_proxy_create_request+1261>: mov 0x330(%rcx),%rdx
0x000000000046aa14 <ngx_http_proxy_create_request+1268>: add 0x338(%rcx),%rsi
0x000000000046aa1b <ngx_http_proxy_create_request+1275>: xor %ecx,%ecx
0x000000000046aa1d <ngx_http_proxy_create_request+1277>: sub 0x18(%rsp),%rdx
0x000000000046aa22 <ngx_http_proxy_create_request+1282>: callq 0x40a6f0 <ngx_escape_uri>
0x000000000046aa27 <ngx_http_proxy_create_request+1287>: mov 0x10(%rsp),%rax
0x000000000046aa2c <ngx_http_proxy_create_request+1292>: mov 0x18(%rsp),%rdx
0x000000000046aa31 <ngx_http_proxy_create_request+1297>: mov 0x330(%rax),%rax
0x000000000046aa38 <ngx_http_proxy_create_request+1304>: add %rax,0x20(%rsp)
0x000000000046aa3d <ngx_http_proxy_create_request+1309>: sub %rdx,0x20(%rsp)
0x000000000046aa42 <ngx_http_proxy_create_request+1314>: mov 0x20(%rsp),%rcx
0x000000000046aa47 <ngx_http_proxy_create_request+1319>: add %rcx,0x8(%rbp)
0x000000000046aa4b <ngx_http_proxy_create_request+1323>: mov 0x10(%rsp),%rax
0x000000000046aa50 <ngx_http_proxy_create_request+1328>: cmpq $0x0,0x340(%rax)
0x000000000046aa58 <ngx_http_proxy_create_request+1336>: jne 0x46af40 <ngx_http_proxy_create_request+2592>
0x000000000046aa5e <ngx_http_proxy_create_request+1342>: mov 0x38(%rsp),%rcx
0x000000000046aa63 <ngx_http_proxy_create_request+1347>: mov 0x8(%rbp),%rdx
0x000000000046aa67 <ngx_http_proxy_create_request+1351>: mov %rdx,%rax
0x000000000046aa6a <ngx_http_proxy_create_request+1354>: sub 0x348(%rcx),%rax
0x000000000046aa71 <ngx_http_proxy_create_request+1361>: mov %rax,0x340(%rcx)
0x000000000046aa78 <ngx_http_proxy_create_request+1368>: mov 0x48(%rsp),%rax
0x000000000046aa7d <ngx_http_proxy_create_request+1373>: cmpq $0x3e9,0x298(%rax)
0x000000000046aa88 <ngx_http_proxy_create_request+1384>: je 0x46ad9a <ngx_http_proxy_create_request+2170>
0x000000000046aa8e <ngx_http_proxy_create_request+1390>: mov 0x2496df(%rip),%rax # 0x6b4174 <ngx_http_proxy_version>
0x000000000046aa95 <ngx_http_proxy_create_request+1397>: mov %rax,(%rdx)
0x000000000046aa98 <ngx_http_proxy_create_request+1400>: movzwl 0x2496dd(%rip),%eax # 0x6b417c <ngx_http_proxy_version+8>
0x000000000046aa9f <ngx_http_proxy_create_request+1407>: mov %ax,0x8(%rdx)
0x000000000046aaa3 <ngx_http_proxy_create_request+1411>: movzbl 0x2496d4(%rip),%eax # 0x6b417e <ngx_http_proxy_version+10>
0x000000000046aaaa <ngx_http_proxy_create_request+1418>: mov %al,0xa(%rdx)
0x000000000046aaad <ngx_http_proxy_create_request+1421>: lea 0xb(%rdx),%rax
0x000000000046aab1 <ngx_http_proxy_create_request+1425>: mov %rax,0x8(%rbp)
0x000000000046aab5 <ngx_http_proxy_create_request+1429>: lea 0xc0(%rsp),%r13
0x000000000046aabd <ngx_http_proxy_create_request+1437>: mov $0x58,%edx
0x000000000046aac2 <ngx_http_proxy_create_request+1442>: xor %esi,%esi
0x000000000046aac4 <ngx_http_proxy_create_request+1444>: mov %r13,%rdi
0x000000000046aac7 <ngx_http_proxy_create_request+1447>: callq 0x403fe8 <memset@plt>
0x000000000046aacc <ngx_http_proxy_create_request+1452>: mov 0x48(%rsp),%rdx
0x000000000046aad1 <ngx_http_proxy_create_request+1457>: mov 0x10(%rsp),%rcx
0x000000000046aad6 <ngx_http_proxy_create_request+1462>: mov 0x190(%rdx),%rax
0x000000000046aadd <ngx_http_proxy_create_request+1469>: mov %rcx,0x110(%rsp)
0x000000000046aae5 <ngx_http_proxy_create_request+1477>: mov (%rax),%rax
0x000000000046aae8 <ngx_http_proxy_create_request+1480>: mov %rax,0xc0(%rsp)
0x000000000046aaf0 <ngx_http_proxy_create_request+1488>: mov 0x8(%rbp),%rax
0x000000000046aaf4 <ngx_http_proxy_create_request+1492>: orb $0x1,0x100(%rsp)
0x000000000046aafc <ngx_http_proxy_create_request+1500>: mov %rax,0xc8(%rsp)
0x000000000046ab04 <ngx_http_proxy_create_request+1508>: mov 0x188(%rdx),%rax
0x000000000046ab0b <ngx_http_proxy_create_request+1515>: mov (%rax),%rax
(continues)
--
Russell Howe
rhowe@moonfruit.com
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
This turned out to be an instance of:
http://forum.nginx.org/read.php?2,213479
whereby we had a config snippet which looked like:
error_page 400 @fallback
Triggered (we think) by someone running an exploit for CVE-2009-3896
I can reproduce the segfault by running:
$ echo -e "GET $(perl -e 'print "o" x 4079;')/ HTTP/1.1\r\n\r\n"|openssl s_client -connect 256.256.256.256:443
(where 256.256.256.256 is the address of an nginx host configured with SSL)
Here's a gdb backtrace. Unfortunately, my debugging skills aren't quite up to dealing with this as so far as I can tell, the optimiser has had its wicked way and rearranged everything, making it difficult to match the disassembly with the code.
Is this helpful to anyone?
Also, I discovered that your nginx-debug RPM doesn't actually include debug symbols (!)
On CentOS 5 I fixed this by adding to the top of the spec file:
%define __os_install_post \
/usr/lib/rpm/brp-compress \
/usr/lib/rpm/brp-strip-static-archive \
/usr/lib/rpm/brp-strip-comment-note \
Which is redefining __os_install_post to be the same as usual, minus the call to /usr/lib/rpm/brp-strip
What was happening was that the nginx binary was built, complete with symbols, copied to nginx.debug, then the original binary was stripped.
Then, __os_install_post ran, which called brp-strip. brp-strip goes and strips all the executables it can find, including nginx.debug!
GNU gdb (GDB) CentOS (7.0.1-42.el5.centos)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/.
Attaching to process 6810
Reading symbols from /usr/sbin/nginx.debug...done.
Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done.
[Thread debugging using libthread_db enabled]
Loaded symbols for /lib64/libpthread.so.0
Reading symbols from /lib64/libcrypt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libcrypt.so.1
Reading symbols from /lib64/libpcre.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib64/libpcre.so.0
Reading symbols from /lib64/libssl.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libssl.so.6
Reading symbols from /lib64/libcrypto.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libcrypto.so.6
Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /lib64/libz.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libz.so.1
Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libc.so.6
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /usr/lib64/libgssapi_krb5.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libgssapi_krb5.so.2
Reading symbols from /usr/lib64/libkrb5.so.3...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libkrb5.so.3
Reading symbols from /lib64/libcom_err.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libcom_err.so.2
Reading symbols from /usr/lib64/libk5crypto.so.3...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libk5crypto.so.3
Reading symbols from /usr/lib64/libkrb5support.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libkrb5support.so.0
Reading symbols from /lib64/libkeyutils.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libkeyutils.so.1
Reading symbols from /lib64/libresolv.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libresolv.so.2
Reading symbols from /lib64/libselinux.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libselinux.so.1
Reading symbols from /lib64/libsepol.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libsepol.so.1
Reading symbols from /lib64/libnss_files.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libnss_files.so.2
warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7fffc613d000
0x000000321ced3603 in __epoll_wait_nocancel () from /lib64/libc.so.6
(gdb)
(gdb)
(gdb) cont
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0x000000321ce7ab6e in memcpy () from /lib64/libc.so.6
(gdb) bt
#0 0x000000321ce7ab6e in memcpy () from /lib64/libc.so.6
#1 0x000000000046a99f in ngx_http_proxy_create_request (r=0x12c3a110) at src/http/modules/ngx_http_proxy_module.c:1067
#2 0x000000000044a023 in ngx_http_upstream_init_request (r=0x12c3a110) at src/http/ngx_http_upstream.c:505
#3 0x000000000043ef26 in ngx_http_read_client_request_body (r=0x12c3a110, post_handler=0x44a690 <ngx_http_upstream_init>) at src/http/ngx_http_request_body.c:155
#4 0x0000000000468ecb in ngx_http_proxy_handler (r=0x12c3a110) at src/http/modules/ngx_http_proxy_module.c:702
#5 0x00000000004325bc in ngx_http_core_content_phase (r=0x12c3a110, ph=0x12c3df18) at src/http/ngx_http_core_module.c:1396
#6 0x000000000042d2ad in ngx_http_core_run_phases (r=0x12c3a110) at src/http/ngx_http_core_module.c:877
#7 0x00000000004312d0 in ngx_http_named_location (r=0x12c3a110, name=0x7fffc606fa20) at src/http/ngx_http_core_module.c:2603
#8 0x00000000004346a7 in ngx_http_send_error_page (r=0x12c3a110, error=<value optimized out>) at src/http/ngx_http_special_response.c:573
#9 ngx_http_special_response_handler (r=0x12c3a110, error=<value optimized out>) at src/http/ngx_http_special_response.c:415
#10 0x00000000004379d1 in ngx_http_finalize_request (r=0x12c3a110, rc=400) at src/http/ngx_http_request.c:2004
#11 0x00000000004392ab in ngx_http_process_request_line (rev=0x2b982deef148) at src/http/ngx_http_request.c:943
#12 0x000000000041d2e4 in ngx_event_process_posted (cycle=0x12c01640, posted=0x6bd4a8) at src/event/ngx_event_posted.c:40
#13 0x00000000004241c6 in ngx_worker_process_cycle (cycle=0x12c01640, data=<value optimized out>) at src/os/unix/ngx_process_cycle.c:808
#14 0x00000000004226dd in ngx_spawn_process (cycle=0x12c01640, proc=0x424100 <ngx_worker_process_cycle>, data=0x0, name=0x48d306 "worker process", respawn=-3) at src/os/unix/ngx_process.c:198
#15 0x00000000004236fc in ngx_start_worker_processes (cycle=0x12c01640, n=4, type=-3) at src/os/unix/ngx_process_cycle.c:365
#16 0x0000000000424994 in ngx_master_process_cycle (cycle=0x12c01640) at src/os/unix/ngx_process_cycle.c:137
#17 0x00000000004066e5 in main (argc=3, argv=<value optimized out>) at src/core/nginx.c:410
(gdb) disassemble 0x000000000046a99f
Dump of assembler code for function ngx_http_proxy_create_request:
0x000000000046a520 <ngx_http_proxy_create_request+0>: push %r15
0x000000000046a522 <ngx_http_proxy_create_request+2>: push %r14
0x000000000046a524 <ngx_http_proxy_create_request+4>: push %r13
0x000000000046a526 <ngx_http_proxy_create_request+6>: push %r12
0x000000000046a528 <ngx_http_proxy_create_request+8>: push %rbp
0x000000000046a529 <ngx_http_proxy_create_request+9>: push %rbx
0x000000000046a52a <ngx_http_proxy_create_request+10>: sub $0x128,%rsp
0x000000000046a531 <ngx_http_proxy_create_request+17>: mov 0x48(%rdi),%rax
0x000000000046a535 <ngx_http_proxy_create_request+21>: mov %rdi,0x10(%rsp)
0x000000000046a53a <ngx_http_proxy_create_request+26>: mov %rax,0x38(%rsp)
0x000000000046a53f <ngx_http_proxy_create_request+31>: mov 0x249b5a(%rip),%rax # 0x6b40a0 <ngx_http_proxy_module>
0x000000000046a546 <ngx_http_proxy_create_request+38>: mov 0x38(%rsp),%rcx
0x000000000046a54b <ngx_http_proxy_create_request+43>: lea 0x0(,%rax,8),%rdx
0x000000000046a553 <ngx_http_proxy_create_request+51>: mov 0x28(%rdi),%rax
0x000000000046a557 <ngx_http_proxy_create_request+55>: mov (%rax,%rdx,1),%rax
0x000000000046a55b <ngx_http_proxy_create_request+59>: mov %rax,0x48(%rsp)
0x000000000046a560 <ngx_http_proxy_create_request+64>: mov 0x320(%rcx),%rax
0x000000000046a567 <ngx_http_proxy_create_request+71>: test %rax,%rax
0x000000000046a56a <ngx_http_proxy_create_request+74>: je 0x46a830 <ngx_http_proxy_create_request+784>
0x000000000046a570 <ngx_http_proxy_create_request+80>: mov 0x328(%rcx),%rcx
0x000000000046a577 <ngx_http_proxy_create_request+87>: add $0x1,%rax
0x000000000046a57b <ngx_http_proxy_create_request+91>: mov %rax,0x58(%rsp)
0x000000000046a580 <ngx_http_proxy_create_request+96>: mov %rcx,0x50(%rsp)
0x000000000046a585 <ngx_http_proxy_create_request+101>: mov 0x10(%rsp),%rcx
0x000000000046a58a <ngx_http_proxy_create_request+106>: cmpq $0x5,0x58(%rsp)
0x000000000046a590 <ngx_http_proxy_create_request+112>: mov 0x10(%rcx),%rax
0x000000000046a594 <ngx_http_proxy_create_request+116>: mov (%rdx,%rax,1),%rdx
0x000000000046a598 <ngx_http_proxy_create_request+120>: mov %rdx,0x40(%rsp)
0x000000000046a59d <ngx_http_proxy_create_request+125>: je 0x46a93f <ngx_http_proxy_create_request+1055>
0x000000000046a5a3 <ngx_http_proxy_create_request+131>: mov 0x48(%rsp),%rdx
0x000000000046a5a8 <ngx_http_proxy_create_request+136>: cmpq $0x0,0x1b0(%rdx)
0x000000000046a5b0 <ngx_http_proxy_create_request+144>: je 0x46a74e <ngx_http_proxy_create_request+558>
0x000000000046a5b6 <ngx_http_proxy_create_request+150>: mov 0x40(%rsp),%rcx
0x000000000046a5bb <ngx_http_proxy_create_request+155>: xor %edx,%edx
0x000000000046a5bd <ngx_http_proxy_create_request+157>: mov 0x68(%rcx),%rax
0x000000000046a5c1 <ngx_http_proxy_create_request+161>: test %rax,%rax
0x000000000046a5c4 <ngx_http_proxy_create_request+164>: je 0x46a75c <ngx_http_proxy_create_request+572>
0x000000000046a5ca <ngx_http_proxy_create_request+170>: movq $0x0,0x18(%rsp)
0x000000000046a5d3 <ngx_http_proxy_create_request+179>: movq $0x0,0x20(%rsp)
0x000000000046a5dc <ngx_http_proxy_create_request+188>: movq $0x0,0x28(%rsp)
0x000000000046a5e5 <ngx_http_proxy_create_request+197>: mov 0x58(%rsp),%rcx
0x000000000046a5ea <ngx_http_proxy_create_request+202>: mov 0x10(%rsp),%rdi
0x000000000046a5ef <ngx_http_proxy_create_request+207>: lea 0xd(%rcx,%rax,1),%rbx
0x000000000046a5f4 <ngx_http_proxy_create_request+212>: mov 0x48(%rsp),%rax
0x000000000046a5f9 <ngx_http_proxy_create_request+217>: mov 0x170(%rax),%rsi
0x000000000046a600 <ngx_http_proxy_create_request+224>: callq 0x441c40 <ngx_http_script_flush_no_cacheable_variables>
0x000000000046a605 <ngx_http_proxy_create_request+229>: mov 0x48(%rsp),%rdx
0x000000000046a60a <ngx_http_proxy_create_request+234>: mov 0x178(%rdx),%rax
0x000000000046a611 <ngx_http_proxy_create_request+241>: test %rax,%rax
0x000000000046a614 <ngx_http_proxy_create_request+244>: je 0x46a65f <ngx_http_proxy_create_request+319>
0x000000000046a616 <ngx_http_proxy_create_request+246>: mov (%rax),%rax
0x000000000046a619 <ngx_http_proxy_create_request+249>: orb $0x1,0xa0(%rsp)
0x000000000046a621 <ngx_http_proxy_create_request+257>: xor %ebp,%ebp
0x000000000046a623 <ngx_http_proxy_create_request+259>: mov 0x10(%rsp),%rcx
0x000000000046a628 <ngx_http_proxy_create_request+264>: cmpq $0x0,(%rax)
0x000000000046a62c <ngx_http_proxy_create_request+268>: mov %rax,0x60(%rsp)
0x000000000046a631 <ngx_http_proxy_create_request+273>: mov %rcx,0xb0(%rsp)
0x000000000046a639 <ngx_http_proxy_create_request+281>: je 0x46a653 <ngx_http_proxy_create_request+307>
0x000000000046a63b <ngx_http_proxy_create_request+283>: lea 0x60(%rsp),%r12
0x000000000046a640 <ngx_http_proxy_create_request+288>: mov %r12,%rdi
0x000000000046a643 <ngx_http_proxy_create_request+291>: callq *(%rax)
0x000000000046a645 <ngx_http_proxy_create_request+293>: add %rax,%rbp
0x000000000046a648 <ngx_http_proxy_create_request+296>: mov 0x60(%rsp),%rax
0x000000000046a64d <ngx_http_proxy_create_request+301>: cmpq $0x0,(%rax)
0x000000000046a651 <ngx_http_proxy_create_request+305>: jne 0x46a640 <ngx_http_proxy_create_request+288>
0x000000000046a653 <ngx_http_proxy_create_request+307>: mov 0x40(%rsp),%rax
0x000000000046a658 <ngx_http_proxy_create_request+312>: add %rbp,%rbx
0x000000000046a65b <ngx_http_proxy_create_request+315>: mov %rbp,0x78(%rax)
0x000000000046a65f <ngx_http_proxy_create_request+319>: mov 0x48(%rsp),%rdx
0x000000000046a664 <ngx_http_proxy_create_request+324>: mov 0x10(%rsp),%rcx
0x000000000046a669 <ngx_http_proxy_create_request+329>: lea 0x60(%rsp),%r12
0x000000000046a66e <ngx_http_proxy_create_request+334>: mov 0x188(%rdx),%rax
0x000000000046a675 <ngx_http_proxy_create_request+341>: mov %rcx,0xb0(%rsp)
0x000000000046a67d <ngx_http_proxy_create_request+349>: mov (%rax),%rax
0x000000000046a680 <ngx_http_proxy_create_request+352>: orb $0x1,0xa0(%rsp)
0x000000000046a688 <ngx_http_proxy_create_request+360>: cmpq $0x0,(%rax)
0x000000000046a68c <ngx_http_proxy_create_request+364>: mov %rax,0x60(%rsp)
---Type <return> to continue, or q <return> to quit---
0x000000000046a691 <ngx_http_proxy_create_request+369>: je 0x46a6bb <ngx_http_proxy_create_request+411>
0x000000000046a693 <ngx_http_proxy_create_request+371>: mov 0x60(%rsp),%rdx
0x000000000046a698 <ngx_http_proxy_create_request+376>: mov %r12,%rdi
0x000000000046a69b <ngx_http_proxy_create_request+379>: callq *(%rdx)
0x000000000046a69d <ngx_http_proxy_create_request+381>: mov 0x60(%rsp),%rdx
0x000000000046a6a2 <ngx_http_proxy_create_request+386>: add %rax,%rbx
0x000000000046a6a5 <ngx_http_proxy_create_request+389>: cmpq $0x0,(%rdx)
0x000000000046a6a9 <ngx_http_proxy_create_request+393>: jne 0x46a698 <ngx_http_proxy_create_request+376>
0x000000000046a6ab <ngx_http_proxy_create_request+395>: cmpq $0x0,0x8(%rdx)
0x000000000046a6b0 <ngx_http_proxy_create_request+400>: lea 0x8(%rdx),%rax
0x000000000046a6b4 <ngx_http_proxy_create_request+404>: mov %rax,0x60(%rsp)
0x000000000046a6b9 <ngx_http_proxy_create_request+409>: jne 0x46a693 <ngx_http_proxy_create_request+371>
0x000000000046a6bb <ngx_http_proxy_create_request+411>: mov 0x48(%rsp),%rax
0x000000000046a6c0 <ngx_http_proxy_create_request+416>: cmpq $0x0,0x98(%rax)
0x000000000046a6c8 <ngx_http_proxy_create_request+424>: je 0x46a90d <ngx_http_proxy_create_request+1005>
0x000000000046a6ce <ngx_http_proxy_create_request+430>: mov 0x10(%rsp),%rdx
0x000000000046a6d3 <ngx_http_proxy_create_request+435>: mov 0x10(%rsp),%r12
0x000000000046a6d8 <ngx_http_proxy_create_request+440>: mov %rax,%r15
0x000000000046a6db <ngx_http_proxy_create_request+443>: xor %r13d,%r13d
0x000000000046a6de <ngx_http_proxy_create_request+446>: add $0x198,%r15
0x000000000046a6e5 <ngx_http_proxy_create_request+453>: mov 0x70(%rdx),%r14
0x000000000046a6e9 <ngx_http_proxy_create_request+457>: add $0x70,%r12
0x000000000046a6ed <ngx_http_proxy_create_request+461>: cmp 0x8(%r12),%r13
0x000000000046a6f2 <ngx_http_proxy_create_request+466>: jb 0x46a73f <ngx_http_proxy_create_request+543>
0x000000000046a6f4 <ngx_http_proxy_create_request+468>: mov 0x10(%r12),%r12
0x000000000046a6f9 <ngx_http_proxy_create_request+473>: test %r12,%r12
0x000000000046a6fc <ngx_http_proxy_create_request+476>: je 0x46a90d <ngx_http_proxy_create_request+1005>
0x000000000046a702 <ngx_http_proxy_create_request+482>: mov (%r12),%r14
0x000000000046a706 <ngx_http_proxy_create_request+486>: xor %eax,%eax
0x000000000046a708 <ngx_http_proxy_create_request+488>: mov $0x1,%r13d
0x000000000046a70e <ngx_http_proxy_create_request+494>: lea (%r14,%rax,1),%rbp
0x000000000046a712 <ngx_http_proxy_create_request+498>: mov %r15,%rdi
0x000000000046a715 <ngx_http_proxy_create_request+501>: mov 0x8(%rbp),%rcx
0x000000000046a719 <ngx_http_proxy_create_request+505>: mov 0x28(%rbp),%rdx
0x000000000046a71d <ngx_http_proxy_create_request+509>: mov 0x0(%rbp),%rsi
0x000000000046a721 <ngx_http_proxy_create_request+513>: callq 0x407a50 <ngx_hash_find>
0x000000000046a726 <ngx_http_proxy_create_request+518>: test %rax,%rax
0x000000000046a729 <ngx_http_proxy_create_request+521>: jne 0x46a6ed <ngx_http_proxy_create_request+461>
0x000000000046a72b <ngx_http_proxy_create_request+523>: mov 0x18(%rbp),%rax
0x000000000046a72f <ngx_http_proxy_create_request+527>: add 0x8(%rbp),%rax
0x000000000046a733 <ngx_http_proxy_create_request+531>: cmp 0x8(%r12),%r13
0x000000000046a738 <ngx_http_proxy_create_request+536>: lea 0x4(%rax,%rbx,1),%rbx
0x000000000046a73d <ngx_http_proxy_create_request+541>: jae 0x46a6f4 <ngx_http_proxy_create_request+468>
0x000000000046a73f <ngx_http_proxy_create_request+543>: lea 0x0(%r13,%r13,2),%rax
0x000000000046a744 <ngx_http_proxy_create_request+548>: add $0x1,%r13
0x000000000046a748 <ngx_http_proxy_create_request+552>: shl $0x4,%rax
0x000000000046a74c <ngx_http_proxy_create_request+556>: jmp 0x46a70e <ngx_http_proxy_create_request+494>
0x000000000046a74e <ngx_http_proxy_create_request+558>: mov 0x40(%rsp),%rax
0x000000000046a753 <ngx_http_proxy_create_request+563>: mov 0x68(%rax),%rdx
0x000000000046a757 <ngx_http_proxy_create_request+567>: test %rdx,%rdx
0x000000000046a75a <ngx_http_proxy_create_request+570>: jne 0x46a76e <ngx_http_proxy_create_request+590>
0x000000000046a75c <ngx_http_proxy_create_request+572>: mov 0x10(%rsp),%rcx
0x000000000046a761 <ngx_http_proxy_create_request+577>: testb $0x10,0x43c(%rcx)
0x000000000046a768 <ngx_http_proxy_create_request+584>: jne 0x46a890 <ngx_http_proxy_create_request+880>
0x000000000046a76e <ngx_http_proxy_create_request+590>: mov 0x10(%rsp),%rax
0x000000000046a773 <ngx_http_proxy_create_request+595>: testb $0x8,0x43c(%rax)
0x000000000046a77a <ngx_http_proxy_create_request+602>: jne 0x46a871 <ngx_http_proxy_create_request+849>
0x000000000046a780 <ngx_http_proxy_create_request+608>: movq $0x0,0x18(%rsp)
0x000000000046a789 <ngx_http_proxy_create_request+617>: mov 0x10(%rsp),%rcx
0x000000000046a78e <ngx_http_proxy_create_request+622>: mov $0x140000000,%rax
0x000000000046a798 <ngx_http_proxy_create_request+632>: test %rax,0x438(%rcx)
0x000000000046a79f <ngx_http_proxy_create_request+639>: jne 0x46a8da <ngx_http_proxy_create_request+954>
0x000000000046a7a5 <ngx_http_proxy_create_request+645>: movq $0x0,0x20(%rsp)
0x000000000046a7ae <ngx_http_proxy_create_request+654>: testb $0x10,0x440(%rcx)
0x000000000046a7b5 <ngx_http_proxy_create_request+661>: jne 0x46a8da <ngx_http_proxy_create_request+954>
0x000000000046a7bb <ngx_http_proxy_create_request+667>: mov 0x10(%rsp),%rdx
0x000000000046a7c0 <ngx_http_proxy_create_request+672>: mov 0x40(%rsp),%rcx
0x000000000046a7c5 <ngx_http_proxy_create_request+677>: movq $0x0,0x28(%rsp)
0x000000000046a7ce <ngx_http_proxy_create_request+686>: mov 0x330(%rdx),%rax
0x000000000046a7d5 <ngx_http_proxy_create_request+693>: add 0x68(%rcx),%rax
0x000000000046a7d9 <ngx_http_proxy_create_request+697>: add $0x1,%rax
0x000000000046a7dd <ngx_http_proxy_create_request+701>: add 0x340(%rdx),%rax
0x000000000046a7e4 <ngx_http_proxy_create_request+708>: sub 0x18(%rsp),%rax
0x000000000046a7e9 <ngx_http_proxy_create_request+713>: add 0x20(%rsp),%rax
0x000000000046a7ee <ngx_http_proxy_create_request+718>: test %rax,%rax
0x000000000046a7f1 <ngx_http_proxy_create_request+721>: jne 0x46a5e5 <ngx_http_proxy_create_request+197>
0x000000000046a7f7 <ngx_http_proxy_create_request+727>: mov 0x10(%rsp),%rdx
0x000000000046a7fc <ngx_http_proxy_create_request+732>: mov 0x8(%rdx),%rax
0x000000000046a800 <ngx_http_proxy_create_request+736>: mov 0x50(%rax),%rsi
0x000000000046a804 <ngx_http_proxy_create_request+740>: cmpq $0x3,(%rsi)
0x000000000046a808 <ngx_http_proxy_create_request+744>: jbe 0x46a926 <ngx_http_proxy_create_request+1030>
0x000000000046a80e <ngx_http_proxy_create_request+750>: xor %eax,%eax
0x000000000046a810 <ngx_http_proxy_create_request+752>: mov $0x495e80,%ecx
0x000000000046a815 <ngx_http_proxy_create_request+757>: xor %edx,%edx
0x000000000046a817 <ngx_http_proxy_create_request+759>: mov $0x4,%edi
0x000000000046a81c <ngx_http_proxy_create_request+764>: callq 0x4069e0 <ngx_log_error_core>
0x000000000046a821 <ngx_http_proxy_create_request+769>: mov $0xffffffffffffffff,%rax
0x000000000046a828 <ngx_http_proxy_create_request+776>: jmpq 0x46a92d <ngx_http_proxy_create_request+1037>
0x000000000046a82d <ngx_http_proxy_create_request+781>: nopl (%rax)
0x000000000046a830 <ngx_http_proxy_create_request+784>: mov 0x48(%rsp),%rax
0x000000000046a835 <ngx_http_proxy_create_request+789>: mov 0x1e8(%rax),%rax
0x000000000046a83c <ngx_http_proxy_create_request+796>: test %rax,%rax
0x000000000046a83f <ngx_http_proxy_create_request+799>: mov %rax,0x58(%rsp)
0x000000000046a844 <ngx_http_proxy_create_request+804>: jne 0x46a8c4 <ngx_http_proxy_create_request+932>
0x000000000046a846 <ngx_http_proxy_create_request+806>: mov 0x10(%rsp),%rax
0x000000000046a84b <ngx_http_proxy_create_request+811>: mov 0x10(%rsp),%rcx
0x000000000046a850 <ngx_http_proxy_create_request+816>: mov 0x378(%rax),%rax
0x000000000046a857 <ngx_http_proxy_create_request+823>: mov %rax,0x50(%rsp)
0x000000000046a85c <ngx_http_proxy_create_request+828>: mov 0x370(%rcx),%rax
0x000000000046a863 <ngx_http_proxy_create_request+835>: add $0x1,%rax
0x000000000046a867 <ngx_http_proxy_create_request+839>: mov %rax,0x58(%rsp)
0x000000000046a86c <ngx_http_proxy_create_request+844>: jmpq 0x46a585 <ngx_http_proxy_create_request+101>
0x000000000046a871 <ngx_http_proxy_create_request+849>: test %rdx,%rdx
0x000000000046a874 <ngx_http_proxy_create_request+852>: je 0x46a780 <ngx_http_proxy_create_request+608>
0x000000000046a87a <ngx_http_proxy_create_request+858>: mov 0x48(%rsp),%rdx
0x000000000046a87f <ngx_http_proxy_create_request+863>: mov 0x1f8(%rdx),%rdx
0x000000000046a886 <ngx_http_proxy_create_request+870>: mov %rdx,0x18(%rsp)
0x000000000046a88b <ngx_http_proxy_create_request+875>: jmpq 0x46a789 <ngx_http_proxy_create_request+617>
0x000000000046a890 <ngx_http_proxy_create_request+880>: cmp %rcx,0x398(%rcx)
0x000000000046a897 <ngx_http_proxy_create_request+887>: jne 0x46a76e <ngx_http_proxy_create_request+590>
0x000000000046a89d <ngx_http_proxy_create_request+893>: mov 0x360(%rcx),%rax
0x000000000046a8a4 <ngx_http_proxy_create_request+900>: movq $0x0,0x18(%rsp)
0x000000000046a8ad <ngx_http_proxy_create_request+909>: movq $0x0,0x20(%rsp)
0x000000000046a8b6 <ngx_http_proxy_create_request+918>: movq $0x1,0x28(%rsp)
0x000000000046a8bf <ngx_http_proxy_create_request+927>: jmpq 0x46a7ee <ngx_http_proxy_create_request+718>
0x000000000046a8c4 <ngx_http_proxy_create_request+932>: mov 0x48(%rsp),%rcx
0x000000000046a8c9 <ngx_http_proxy_create_request+937>: mov 0x1f0(%rcx),%rcx
0x000000000046a8d0 <ngx_http_proxy_create_request+944>: mov %rcx,0x50(%rsp)
0x000000000046a8d5 <ngx_http_proxy_create_request+949>: jmpq 0x46a585 <ngx_http_proxy_create_request+101>
0x000000000046a8da <ngx_http_proxy_create_request+954>: mov 0x10(%rsp),%rax
0x000000000046a8df <ngx_http_proxy_create_request+959>: mov 0x18(%rsp),%rsi
0x000000000046a8e4 <ngx_http_proxy_create_request+964>: xor %ecx,%ecx
0x000000000046a8e6 <ngx_http_proxy_create_request+966>: xor %edi,%edi
0x000000000046a8e8 <ngx_http_proxy_create_request+968>: mov 0x330(%rax),%rdx
0x000000000046a8ef <ngx_http_proxy_create_request+975>: add 0x338(%rax),%rsi
0x000000000046a8f6 <ngx_http_proxy_create_request+982>: sub 0x18(%rsp),%rdx
0x000000000046a8fb <ngx_http_proxy_create_request+987>: callq 0x40a6f0 <ngx_escape_uri>
0x000000000046a900 <ngx_http_proxy_create_request+992>: add %rax,%rax
0x000000000046a903 <ngx_http_proxy_create_request+995>: mov %rax,0x20(%rsp)
0x000000000046a908 <ngx_http_proxy_create_request+1000>: jmpq 0x46a7bb <ngx_http_proxy_create_request+667>
0x000000000046a90d <ngx_http_proxy_create_request+1005>: mov 0x10(%rsp),%rcx
0x000000000046a912 <ngx_http_proxy_create_request+1010>: mov %rbx,%rsi
0x000000000046a915 <ngx_http_proxy_create_request+1013>: mov 0x58(%rcx),%rdi
0x000000000046a919 <ngx_http_proxy_create_request+1017>: callq 0x408fd0 <ngx_create_temp_buf>
0x000000000046a91e <ngx_http_proxy_create_request+1022>: test %rax,%rax
0x000000000046a921 <ngx_http_proxy_create_request+1025>: mov %rax,%rbp
0x000000000046a924 <ngx_http_proxy_create_request+1028>: jne 0x46a971 <ngx_http_proxy_create_request+1105>
0x000000000046a926 <ngx_http_proxy_create_request+1030>: mov $0xffffffffffffffff,%rax
0x000000000046a92d <ngx_http_proxy_create_request+1037>: add $0x128,%rsp
0x000000000046a934 <ngx_http_proxy_create_request+1044>: pop %rbx
0x000000000046a935 <ngx_http_proxy_create_request+1045>: pop %rbp
0x000000000046a936 <ngx_http_proxy_create_request+1046>: pop %r12
0x000000000046a938 <ngx_http_proxy_create_request+1048>: pop %r13
0x000000000046a93a <ngx_http_proxy_create_request+1050>: pop %r14
0x000000000046a93c <ngx_http_proxy_create_request+1052>: pop %r15
0x000000000046a93e <ngx_http_proxy_create_request+1054>: retq
0x000000000046a93f <ngx_http_proxy_create_request+1055>: mov 0x50(%rsp),%rdi
0x000000000046a944 <ngx_http_proxy_create_request+1060>: mov $0x5,%edx
0x000000000046a949 <ngx_http_proxy_create_request+1065>: mov $0x495e7a,%esi
0x000000000046a94e <ngx_http_proxy_create_request+1070>: callq 0x409c90 <ngx_strncasecmp>
0x000000000046a953 <ngx_http_proxy_create_request+1075>: test %rax,%rax
0x000000000046a956 <ngx_http_proxy_create_request+1078>: jne 0x46a5a3 <ngx_http_proxy_create_request+131>
0x000000000046a95c <ngx_http_proxy_create_request+1084>: mov 0x40(%rsp),%rax
0x000000000046a961 <ngx_http_proxy_create_request+1089>: movq $0x1,0x98(%rax)
0x000000000046a96c <ngx_http_proxy_create_request+1100>: jmpq 0x46a5a3 <ngx_http_proxy_create_request+131>
0x000000000046a971 <ngx_http_proxy_create_request+1105>: mov 0x10(%rsp),%rax
0x000000000046a976 <ngx_http_proxy_create_request+1110>: mov 0x58(%rax),%rdi
0x000000000046a97a <ngx_http_proxy_create_request+1114>: callq 0x408df0 <ngx_alloc_chain_link>
0x000000000046a97f <ngx_http_proxy_create_request+1119>: test %rax,%rax
0x000000000046a982 <ngx_http_proxy_create_request+1122>: mov %rax,0x30(%rsp)
0x000000000046a987 <ngx_http_proxy_create_request+1127>: je 0x46a926 <ngx_http_proxy_create_request+1030>
0x000000000046a989 <ngx_http_proxy_create_request+1129>: mov 0x58(%rsp),%rdx
0x000000000046a98e <ngx_http_proxy_create_request+1134>: mov 0x8(%rbp),%rdi
0x000000000046a992 <ngx_http_proxy_create_request+1138>: mov 0x50(%rsp),%rsi
0x000000000046a997 <ngx_http_proxy_create_request+1143>: mov %rbp,(%rax)
0x000000000046a99a <ngx_http_proxy_create_request+1146>: callq 0x404798 <memcpy@plt>
0x000000000046a99f <ngx_http_proxy_create_request+1151>: mov 0x48(%rsp),%rcx
0x000000000046a9a4 <ngx_http_proxy_create_request+1156>: add 0x58(%rsp),%rax
0x000000000046a9a9 <ngx_http_proxy_create_request+1161>: mov 0x38(%rsp),%rdx
0x000000000046a9ae <ngx_http_proxy_create_request+1166>: cmpq $0x0,0x1b0(%rcx)
0x000000000046a9b6 <ngx_http_proxy_create_request+1174>: mov %rax,0x8(%rbp)
0x000000000046a9ba <ngx_http_proxy_create_request+1178>: mov %rax,0x348(%rdx)
0x000000000046a9c1 <ngx_http_proxy_create_request+1185>: je 0x46a9d5 <ngx_http_proxy_create_request+1205>
0x000000000046a9c3 <ngx_http_proxy_create_request+1187>: mov 0x40(%rsp),%rax
0x000000000046a9c8 <ngx_http_proxy_create_request+1192>: mov 0x68(%rax),%rdx
0x000000000046a9cc <ngx_http_proxy_create_request+1196>: test %rdx,%rdx
0x000000000046a9cf <ngx_http_proxy_create_request+1199>: jne 0x46ac3d <ngx_http_proxy_create_request+1821>
0x000000000046a9d5 <ngx_http_proxy_create_request+1205>: cmpq $0x0,0x28(%rsp)
0x000000000046a9db <ngx_http_proxy_create_request+1211>: jne 0x46ae09 <ngx_http_proxy_create_request+2281>
0x000000000046a9e1 <ngx_http_proxy_create_request+1217>: mov 0x10(%rsp),%rcx
0x000000000046a9e6 <ngx_http_proxy_create_request+1222>: testb $0x8,0x43c(%rcx)
0x000000000046a9ed <ngx_http_proxy_create_request+1229>: jne 0x46af77 <ngx_http_proxy_create_request+2647>
0x000000000046a9f3 <ngx_http_proxy_create_request+1235>: cmpq $0x0,0x20(%rsp)
0x000000000046a9f9 <ngx_http_proxy_create_request+1241>: je 0x46adc6 <ngx_http_proxy_create_request+2214>
0x000000000046a9ff <ngx_http_proxy_create_request+1247>: mov 0x10(%rsp),%rcx
0x000000000046aa04 <ngx_http_proxy_create_request+1252>: mov 0x18(%rsp),%rsi
0x000000000046aa09 <ngx_http_proxy_create_request+1257>: mov 0x8(%rbp),%rdi
0x000000000046aa0d <ngx_http_proxy_create_request+1261>: mov 0x330(%rcx),%rdx
0x000000000046aa14 <ngx_http_proxy_create_request+1268>: add 0x338(%rcx),%rsi
0x000000000046aa1b <ngx_http_proxy_create_request+1275>: xor %ecx,%ecx
0x000000000046aa1d <ngx_http_proxy_create_request+1277>: sub 0x18(%rsp),%rdx
0x000000000046aa22 <ngx_http_proxy_create_request+1282>: callq 0x40a6f0 <ngx_escape_uri>
0x000000000046aa27 <ngx_http_proxy_create_request+1287>: mov 0x10(%rsp),%rax
0x000000000046aa2c <ngx_http_proxy_create_request+1292>: mov 0x18(%rsp),%rdx
0x000000000046aa31 <ngx_http_proxy_create_request+1297>: mov 0x330(%rax),%rax
0x000000000046aa38 <ngx_http_proxy_create_request+1304>: add %rax,0x20(%rsp)
0x000000000046aa3d <ngx_http_proxy_create_request+1309>: sub %rdx,0x20(%rsp)
0x000000000046aa42 <ngx_http_proxy_create_request+1314>: mov 0x20(%rsp),%rcx
0x000000000046aa47 <ngx_http_proxy_create_request+1319>: add %rcx,0x8(%rbp)
0x000000000046aa4b <ngx_http_proxy_create_request+1323>: mov 0x10(%rsp),%rax
0x000000000046aa50 <ngx_http_proxy_create_request+1328>: cmpq $0x0,0x340(%rax)
0x000000000046aa58 <ngx_http_proxy_create_request+1336>: jne 0x46af40 <ngx_http_proxy_create_request+2592>
0x000000000046aa5e <ngx_http_proxy_create_request+1342>: mov 0x38(%rsp),%rcx
0x000000000046aa63 <ngx_http_proxy_create_request+1347>: mov 0x8(%rbp),%rdx
0x000000000046aa67 <ngx_http_proxy_create_request+1351>: mov %rdx,%rax
0x000000000046aa6a <ngx_http_proxy_create_request+1354>: sub 0x348(%rcx),%rax
0x000000000046aa71 <ngx_http_proxy_create_request+1361>: mov %rax,0x340(%rcx)
0x000000000046aa78 <ngx_http_proxy_create_request+1368>: mov 0x48(%rsp),%rax
0x000000000046aa7d <ngx_http_proxy_create_request+1373>: cmpq $0x3e9,0x298(%rax)
0x000000000046aa88 <ngx_http_proxy_create_request+1384>: je 0x46ad9a <ngx_http_proxy_create_request+2170>
0x000000000046aa8e <ngx_http_proxy_create_request+1390>: mov 0x2496df(%rip),%rax # 0x6b4174 <ngx_http_proxy_version>
0x000000000046aa95 <ngx_http_proxy_create_request+1397>: mov %rax,(%rdx)
0x000000000046aa98 <ngx_http_proxy_create_request+1400>: movzwl 0x2496dd(%rip),%eax # 0x6b417c <ngx_http_proxy_version+8>
0x000000000046aa9f <ngx_http_proxy_create_request+1407>: mov %ax,0x8(%rdx)
0x000000000046aaa3 <ngx_http_proxy_create_request+1411>: movzbl 0x2496d4(%rip),%eax # 0x6b417e <ngx_http_proxy_version+10>
0x000000000046aaaa <ngx_http_proxy_create_request+1418>: mov %al,0xa(%rdx)
0x000000000046aaad <ngx_http_proxy_create_request+1421>: lea 0xb(%rdx),%rax
0x000000000046aab1 <ngx_http_proxy_create_request+1425>: mov %rax,0x8(%rbp)
0x000000000046aab5 <ngx_http_proxy_create_request+1429>: lea 0xc0(%rsp),%r13
0x000000000046aabd <ngx_http_proxy_create_request+1437>: mov $0x58,%edx
0x000000000046aac2 <ngx_http_proxy_create_request+1442>: xor %esi,%esi
0x000000000046aac4 <ngx_http_proxy_create_request+1444>: mov %r13,%rdi
0x000000000046aac7 <ngx_http_proxy_create_request+1447>: callq 0x403fe8 <memset@plt>
0x000000000046aacc <ngx_http_proxy_create_request+1452>: mov 0x48(%rsp),%rdx
0x000000000046aad1 <ngx_http_proxy_create_request+1457>: mov 0x10(%rsp),%rcx
0x000000000046aad6 <ngx_http_proxy_create_request+1462>: mov 0x190(%rdx),%rax
0x000000000046aadd <ngx_http_proxy_create_request+1469>: mov %rcx,0x110(%rsp)
0x000000000046aae5 <ngx_http_proxy_create_request+1477>: mov (%rax),%rax
0x000000000046aae8 <ngx_http_proxy_create_request+1480>: mov %rax,0xc0(%rsp)
0x000000000046aaf0 <ngx_http_proxy_create_request+1488>: mov 0x8(%rbp),%rax
0x000000000046aaf4 <ngx_http_proxy_create_request+1492>: orb $0x1,0x100(%rsp)
0x000000000046aafc <ngx_http_proxy_create_request+1500>: mov %rax,0xc8(%rsp)
0x000000000046ab04 <ngx_http_proxy_create_request+1508>: mov 0x188(%rdx),%rax
0x000000000046ab0b <ngx_http_proxy_create_request+1515>: mov (%rax),%rax
(continues)
--
Russell Howe
rhowe@moonfruit.com
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
| Subject | Author | Posted |
|---|---|---|
|
Russell Howe | July 12, 2012 12:50PM |
|
Maxim Dounin | July 13, 2012 05:40PM |
|
Russell Howe | July 17, 2012 04:26AM |
|
Sergey Budnevitch | July 15, 2012 04:36AM |
Sorry, only registered users may post in this forum.
Online Users
Guests:
295
Record Number of Users:
8
on April 13, 2023
Record Number of Guests:
421
on December 02, 2018
This forum is powered by Phorum.
 |
 |
 |
 |
|