A possible bug in ngx_rbtree
Maxim Dounin
mdounin at mdounin.ru
Tue Oct 2 13:00:09 UTC 2012
Hello!
On Fri, Sep 28, 2012 at 11:01:12AM -0400, YongFeng Wu wrote:
> Hi,
>
>
>
> We just found a worker process was stuck in an infinite loop, in function
> ngx_open_file_lookup(). Checking the open file cache RB tree with GDB shows
> the following:
>
>
>
> (gdb) p cache->rbtree.root->right
>
> $3 = (ngx_rbtree_node_t *) 0x80122f900
>
> (gdb) p cache->rbtree.root->right->right
>
> $4 = (ngx_rbtree_node_t *) 0x8040ea400
>
> (gdb) p cache->rbtree.root->right->right->left
>
> $5 = (ngx_rbtree_node_t *) 0x801236980
>
>
>
> (gdb) p cache->rbtree.root->right->right->left->right
>
> $6 = (ngx_rbtree_node_t *) 0x8090ee080
>
> (gdb) p cache->rbtree.root->right->right->left->right->right
>
> $7 = (ngx_rbtree_node_t *) 0x804aab280
>
> (gdb) p cache->rbtree.root->right->right->left->right->right->left
>
> $8 = (ngx_rbtree_node_t *) 0x804aabf00
[...]
> That means the $9 == $9->parent->parent->parent, so the infinite
> loop.
>
> I think there might be a bug in ngx_rbtree.c. I'll really appreciate it if
> somebody can look into it.
I've looked though code again and don't see any obvious problems.
Could you please provide more details? It would be helpful to see
"nginx -V" output, and to make sure there are no 3rd party
modules/patches. It might be also helpful to look at
"cache", "*cache" and "cache->rbtree", in particular at root and
sentinel addresses, as the best guess for now is some memory
corruption. Stack trace might be also helpful.
--
Maxim Dounin
http://nginx.com/support.html
More information about the nginx-devel
mailing list