Hello, ZNV!
Thanks for your advice, we really found some situations just like you
described, for example,
0 async_fibre_swapcontext (o=0x235ede0, n=0x215c070, r=1) at
crypto/async/arch/async_posix.h:38
#1 0x00007f8e7c5cdbae in ASYNC_pause_job () at crypto/async/async.c:273
#2 0x00007f8e7bd44e4b in dummy_pause_job () at engines/e_dasync.c:459
#3 0x00007f8e7bd44eb4 in dasync_sha1_update (ctx=0x236f6e0,
data=0x212cd10, count=1236) at engines/e_dasync.c:486
#4 0x00007f8e7c6a290b in EVP_DigestUpdate (ctx=0x236f6e0, data=0x212cd10,
count=1236) at crypto/evp/digest.c:148
#5 0x00007f8e7c6a2e2b in EVP_Digest (data=0x212cd10, count=1236,
md=0x22e5cd0 "", size=0x0, type=0x7f8e7ca13dc0 <sha1_md>, impl=0x0) at
crypto/evp/digest.c:275
#6 0x00007f8e7c5b19bb in ASN1_item_digest (it=0x7f8e7ca24e60 <X509_it>,
type=0x7f8e7ca13dc0 <sha1_md>, asn=0x22e5ba0, md=0x22e5cd0 "", len=0x0) at
crypto/asn1/a_digest.c:57
#7 0x00007f8e7c75d866 in X509_digest (data=0x22e5ba0, type=0x7f8e7ca13dc0
<sha1_md>, md=0x22e5cd0 "", len=0x0) at crypto/x509/x_all.c:372
#8 0x00007f8e7c776e17 in x509v3_cache_extensions (x=0x22e5ba0) at
crypto/x509v3/v3_purp.c:359
#9 0x00007f8e7c77655d in X509_check_purpose (x=0x22e5ba0, id=-1, ca=-1) at
crypto/x509v3/v3_purp.c:83
#10 0x00007f8e7c777f52 in X509_get_extension_flags (x=0x22e5ba0) at
crypto/x509v3/v3_purp.c:822
#11 0x00007f8e7cab5c4a in ssl_security_cert_sig (s=0x23a6b50, ctx=0x0,
x=0x22e5ba0, op=393234) at ssl/t1_lib.c:2258
#12 0x00007f8e7cab5d8a in ssl_security_cert (s=0x23a6b50, ctx=0x0,
x=0x22e5ba0, vfy=0, is_ee=0) at ssl/t1_lib.c:2282
#13 0x00007f8e7ca6dd81 in ssl_cert_add0_chain_cert (s=0x23a6b50, ctx=0x0,
x=0x22e5ba0) at ssl/ssl_cert.c:295
#14 0x00007f8e7ca69008 in ssl3_ctrl (s=0x23a6b50, cmd=89, larg=0,
parg=0x22e5ba0) at ssl/s3_lib.c:3552
#15 0x00007f8e7ca79db1 in SSL_ctrl (s=0x23a6b50, cmd=89, larg=0,
parg=0x22e5ba0) at ssl/ssl_lib.c:2239
#16 0x0000000000578574 in ngx_http_lua_ffi_ssl_set_der_certificate
(r=0x246ac20, data=0x40931498
"0\202\006\065\060\202\005\035\240\003\002\001\002\002\t", len=5010,
err=0x40910bf0) at
/disk/ssd2/alex_workflow/marco/deps/lua-nginx-module-0.10.11h/src/ngx_http_lua_ssl_certby.c:688
#17 0x00007f8e7cff7b86 in lj_vm_ffi_call () from
/usr/local/marco/luajit/lib/libluajit-5.1.so.2
#18 0x00007f8e7d038848 in lj_ccall_func (L=0x41591ba0, cd=<optimized out>)
at lj_ccall.c:1161
#19 0x00007f8e7d04cbb6 in lj_cf_ffi_meta___call (L=<optimized out>) at
lib_ffi.c:230
#20 0x00007f8e7cff5be7 in lj_BC_FUNCC () from
/usr/local/marco/luajit/lib/libluajit-5.1.so.2
#21 0x0000000000550c13 in ngx_http_lua_run_thread (L=0x41cd0378,
r=0x246ac20, ctx=0x22a0f20, nrets=0) at
/disk/ssd2/alex_workflow/marco/deps/lua-nginx-module-0.10.11h/src/ngx_http_lua_util.c:1013
#22 0x000000000057825c in ngx_http_lua_ssl_cert_by_chunk (L=0x41cd0378,
r=0x246ac20) at
/disk/ssd2/alex_workflow/marco/deps/lua-nginx-module-0.10.11h/src/ngx_http_lua_ssl_certby.c:527
#23 0x0000000000577457 in ngx_http_lua_ssl_cert_handler_file (r=0x246ac20,
lscf=0x208fa20, L=0x41cd0378) at
/disk/ssd2/alex_workflow/marco/deps/lua-nginx-module-0.10.11h/src/ngx_http_lua_ssl_certby.c:57
#24 0x0000000000577c2c in ngx_http_lua_ssl_cert_handler
(ssl_conn=0x23a6b50, data=0x0) at
/disk/ssd2/alex_workflow/marco/deps/lua-nginx-module-0.10.11h/src/ngx_http_lua_ssl_certby.c:315
#25 0x00007f8e7caab44a in tls_post_process_client_hello (s=0x23a6b50,
wst=WORK_MORE_B) at ssl/statem/statem_srvr.c:2179
#26 0x00007f8e7caa8d2f in ossl_statem_server_post_process_message
(s=0x23a6b50, wst=WORK_MORE_A) at ssl/statem/statem_srvr.c:1148
#27 0x00007f8e7ca95e52 in read_state_machine (s=0x23a6b50) at
ssl/statem/statem.c:660
#28 0x00007f8e7ca957a9 in state_machine (s=0x23a6b50, server=1) at
ssl/statem/statem.c:428
#29 0x00007f8e7ca9533b in ossl_statem_accept (s=0x23a6b50) at
ssl/statem/statem.c:251
#30 0x00007f8e7ca7c42d in ssl_do_handshake_intern (vargs=0x1ff6b20) at
ssl/ssl_lib.c:3467
#31 0x00007f8e7c5cd70f in async_start_func () at crypto/async/async.c:154
#32 0x00007f8e7c1a75d0 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#33 0x0000000000000000 in ?? ()
Lua VM runs inside the OpenSSL fiber stack,
and it calls the OpenSSL function through FFI while
the OpenSSL function tries to switch the task (for the digest).
We will try to do some jobs to avoid this. :)
Best Regards
Alex Zhang
https://github.com/tokers
