Created attachment 386942 [details]
Since updating nginx to 1.7.6 I have lots like this in the logs:
kernel: nginx: segfault at 8 ip 00000030c1bbc960 sp 000003ccdc7ca510 error 4 in nginx[30c1b7e000+134000]
kernel: grsec: From 220.127.116.11: Segmentation fault occurred at 0000000000000008 in /usr/sbin/nginx[nginx:8079] uid/euid:102/102 gid/egid:248/248, parent /usr/sbin/nginx[nginx:6725] uid/euid:0/0 gid/egid:0/0
kernel: grsec: From 18.104.22.168: bruteforce prevention initiated for the next 30 minutes or until service restarted, stalling each fork 30 seconds. Please investigate the crash report for /usr/sbin/nginx[nginx:8079]
This happens immediately after starting the daemon!
Downgraded to version 1.7.5, same results.
Downgraded to version 1.7.4 and all works fine.
This happens with the standard nginx config too!
And I have just tested it on a desktop system, same result,
Endlessly in the log:
kernel: nginx: segfault at 8 ip 0000000000421224 sp 00007fffb1120060 error 4 in nginx[400000+cc000]
Please attach a full gdb backtrace of the segfaulting command.
Also, post your `emerge -vpq www-servers/nginx' output in a comment.
From my Desktop system:
emerge -vpq www-servers/nginx [16:09:23]
[ebuild R ] www-servers/nginx-1.7.6 USE="aio http http-cache ipv6 pcre rtmp ssl vim-syntax -debug -libatomic -luajit -pcre-jit (-selinux)" NGINX_MODULES_HTTP="access auth_basic autoindex browser charset empty_gif fastcgi geo gzip limit_conn limit_req map memcached proxy referer rewrite scgi split_clients ssi upstream_ip_hash userid uwsgi -addition -ajp -auth_pam -auth_request -cache_purge -dav -dav_ext -degradation -echo -fancyindex -flv -geoip -gunzip -gzip_static -headers_more -image_filter -lua -metrics -mogilefs -mp4 -naxsi -perl -push_stream -random_index -realip -secure_link -security -slowfs_cache -spdy -sticky -stub_status -sub -upload_progress -upstream_check -xslt" NGINX_MODULES_MAIL="-imap -pop3 -smtp"
I have not build my system with debugging symbols. Go, do it your self!
it works for me in production wit 4days of uptime.
(In reply to andros from comment #4)
> I have not build my system with debugging symbols. Go, do it your self!
If we are unable to reproduce the problem, _you_ need to do it. Please compile it with -ggdb and use gdb for start it.
What I could find is that it works when use flag > rtmp < is removed!
I could repeat this on a third system now, enable rtmp use flag and nginx is broken!
I don't understand why there is only this version (1.7.6) in portage. It's make no sense to say to the user debug your self, but have only one version to choose!