nginx 0.8 segmentation violation в src/core/ngx_output_chain.c:629
DeD MustDIE
dedmustdie на gmail.com
Чт Ноя 18 11:34:58 MSK 2010
Здравствуйте.
При заходе на определённые страницы сайта стали падать воркеры nginx.
worker process 31710 exited on signal 11 (core dumped)
Страницы динамические, генерятся php и по fastcgi передаются nginx.
FreeBSD example.com 7.2-STABLE FreeBSD 7.2-STABLE #3: Fri Aug 7
15:40:24 MSD 2009 root на example.com:/usr/obj/usr/src/sys/KERNEL
amd64
nginx version: nginx/0.8.53
configure arguments: --without-http_scgi_module
--without-http_uwsgi_module --prefix=/usr/local/etc/nginx
--with-cc-opt='-I /usr/local/include' --with-ld-opt='-L
/usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf
--sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid
--error-log-path=/var/log/nginx-error.log --user=www --group=www
--with-debug --http-client-body-temp-path=/var/tmp/nginx/client_body_temp
--http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp
--http-proxy-temp-path=/var/tmp/nginx/proxy_temp
--http-scgi-temp-path=/var/tmp/nginx/scgi_temp
--http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp
--http-log-path=/var/log/nginx-access.log --with-http_flv_module
--with-http_realip_module --with-http_stub_status_module
--add-module=/var/tmp/ports/usr/ports/www/nginx-devel/work/nginx_upload_module-2.2.0
--add-module=/var/tmp/ports/usr/ports/www/nginx-devel/work/nginx_uploadprogress_module-0.8
--with-pcre
core dump показывает, что
ошибка в src/core/ngx_output_chain.c:629
624 cl = ngx_alloc_chain_link(ctx->pool);
625 if (cl == NULL) {
626 return NGX_ERROR;
627 }
628
>629 cl->buf = in->buf;
630 cl->next = NULL;
631 *ctx->last = cl;
632 ctx->last = &cl->next;
0x40a533 <ngx_chain_writer+641> mov DWORD PTR
[rbp-72],0xffffffffffffffff
0x40a53b <ngx_chain_writer+649> jmp 0x40a83c
<ngx_chain_writer+1418>
0x40a540 <ngx_chain_writer+654> mov rax,DWORD PTR [rbp-48]
0x40a544 <ngx_chain_writer+658> mov rdx,DWORD PTR [rax]
0x40a547 <ngx_chain_writer+661> mov rax,DWORD PTR [rbp-16]
0x40a54b <ngx_chain_writer+665> mov DWORD PTR [rax],rdx
здесь вылетает
(gdb) info register
rax 0x45c1a8 4571560
rbx 0x1 1
rcx 0xffffffffffffff3e -194
rdx 0x8012261c8 34378768840
rsi 0x10 16
rdi 0x8013fe000 34380701696
rbp 0x7fffffffe400 0x7fffffffe400
rsp 0x7fffffffe3a0 0x7fffffffe3a0
r8 0x0 0
r9 0x7fffffffda38 140737488345656
r10 0xfffffffffffffff4 -12
r11 0x202 514
r12 0x7fffffffea90 140737488349840
r13 0x7fffffffea80 140737488349824
r14 0x0 0
r15 0x0 0
rip 0x40a54b 0x40a54b <ngx_chain_writer+665>
eflags 0x10202 66050
cs 0x2b 43
ss 0x23 35
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb) bt
#0 0x000000000040a54b in ngx_chain_writer (data=0x8013ff0e8,
in=0x801226770) at src/core/ngx_output_chain.c:629
#1 0x0000000000409388 in ngx_output_chain (ctx=0x8013ff080,
in=0x801226770) at src/core/ngx_output_chain.c:65
#2 0x000000000045bf3e in ngx_http_upstream_send_request
(r=0x800e3d800, u=0x8013ff000)
at src/http/ngx_http_upstream.c:1339
#3 0x000000000045c1a4 in ngx_http_upstream_send_request_handler
(r=0x800e3d800, u=0x8013ff000)
at src/http/ngx_http_upstream.c:1440
#4 0x000000000045b0a9 in ngx_http_upstream_handler (ev=0x801e004d0)
at src/http/ngx_http_upstream.c:892
#5 0x0000000000434f44 in ngx_kqueue_process_events
(cycle=0x800e10050, timer=500, flags=1)
at src/event/modules/ngx_kqueue_module.c:683
#6 0x0000000000424ec9 in ngx_process_events_and_timers
(cycle=0x800e10050) at src/event/ngx_event.c:245
#7 0x0000000000431703 in ngx_worker_process_cycle (cycle=0x800e10050,
data=0x0) at src/os/unix/ngx_process_cycle.c:795
#8 0x000000000042e8bd in ngx_spawn_process
(cycle=dwarf2_read_address: Corrupted DWARF expression.
) at src/os/unix/ngx_process.c:196
#9 0x00000000004305f4 in ngx_start_worker_processes
(cycle=0x800e10050, n=8, type=-3)
at src/os/unix/ngx_process_cycle.c:355
#10 0x000000000042fc79 in ngx_master_process_cycle (cycle=0x800e10050)
at src/os/unix/ngx_process_cycle.c:136
#11 0x000000000040350c in main (argc=1, argv=0x7fffffffea80) at
src/core/nginx.c:401
(gdb) p ctx->pool
$1 = (ngx_pool_t *) 0x8013fe000
(gdb) p *ctx->pool
$2 = {d = {last = 0x8013ff000 "╦аE", end = 0x8013ff000 "╦аE", next =
0x8013ff000, failed = 1}, max = 4016,
current = 0x8013fe000, chain = 0x0, large = 0x0, cleanup = 0x0, log
= 0x80129ea60}
$20 = (ngx_pool_t *) 0x8013ff000
(gdb) p *ctx->pool->current->d.next
$21 = {d = {last = 0x45c1b8 "\213EхH\213@\020H\211EПH\213EПH\213 на PH\213",
end = 0x45c0e6 "UH\211ЕH\203Л
H\211}ХH\211uЮH\213EЮH\213@\020H\211EЬH\213EХH\213@\bH\213 на PH\213",
next = 0x801700790,
failed = 34374622008}, max = 16, current = 0x80129b830, chain =
0x1, large = 0x463baf, cleanup = 0x4645cc,
log = 0x8012267f8}
(gdb) p cl
$4 = (ngx_chain_t *) 0x45c1a8
cl->buf - указывает на секцию кода, поэтому при попытке записать в
него, происходит
segmentation violation
Неверный указатель cl возвращает цепочка функций
ngx_alloc_chain_link->ngx_palloc
ngx_palloc возвращает неверный указатель, т.к.
ctx->pool->current.d->next (0x8013ff000) на несуществующий
или затёртый объект.
Что делать?
-----------------------------------
Лалетин Михаил
Подробная информация о списке рассылки nginx-ru