Nginx 1.1.9 Linux AIO segfault
Maxim Dounin
mdounin на mdounin.ru
Вт Ноя 29 14:38:56 UTC 2011
Hello!
On Tue, Nov 29, 2011 at 06:03:43AM -0500, INF[SZ] wrote:
> Игорь, вот 4 гига core dump меньше чем за
> минуту http://centos.alt.ru/pub/temp/nginx/core/
>
> Проблема 100% повторяема при
> одновременном наличии двух опций в
> одной локации
>
> 1. aio on;
> 2. directio 512;
>
> Пример
>
> location /repository {
> root /var/ftp/pub;
> autoindex on;
> aio on;
> directio 256;
> }
>
>
> В Nginx 1.1.8 проблема отсутствует.
Патч прилагается.
Maxim Dounin
-------------- next part --------------
# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1322577234 -10800
# Node ID 22cdd4c1a352f25fa3c5a2ece4f1613da5cf815b
# Parent 583a3cd2773c95a8741a8e5c15f1afc61307b87e
Fixed AIO on Linux, broken in r4306.
Events from eventfd do not have c->write set, and the stale event
check added in r4306 causes null pointer dereference.
diff --git a/src/event/modules/ngx_epoll_module.c b/src/event/modules/ngx_epoll_module.c
--- a/src/event/modules/ngx_epoll_module.c
+++ b/src/event/modules/ngx_epoll_module.c
@@ -681,19 +681,19 @@ ngx_epoll_process_events(ngx_cycle_t *cy
wev = c->write;
- if (c->fd == -1 || wev->instance != instance) {
+ if ((revents & EPOLLOUT) && wev->active) {
- /*
- * the stale event from a file descriptor
- * that was just closed in this iteration
- */
+ if (c->fd == -1 || wev->instance != instance) {
- ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
- "epoll: stale event %p", c);
- continue;
- }
+ /*
+ * the stale event from a file descriptor
+ * that was just closed in this iteration
+ */
- if ((revents & EPOLLOUT) && wev->active) {
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
+ "epoll: stale event %p", c);
+ continue;
+ }
if (flags & NGX_POST_THREAD_EVENTS) {
wev->posted_ready = 1;
Подробная информация о списке рассылки nginx-ru