NGINX crash

Maxim Dounin mdounin at mdounin.ru
Wed Aug 8 10:14:48 UTC 2012 

Hello!

On Tue, Aug 07, 2012 at 10:38:59AM -0400, double wrote:

> Hello,
> "nginx" crashes in "ngx_http_limit_req_handler".
> This does not happen, if "limit_req" is not nested.
> We couldn't reproduce this issue in a testing environment.
> Thanks a lot

What does nginx -V show on the affected host?  Any 3rd party 
modules/patches?  Which OS, which PCRE library version?  Are 
hardware problems ruled out (i.e. are you able to reproduce the 
problem on another host)?

It would be cool if you could obtain debug log.

> _____Request_____
> 
> GET / HTTP/1.1
> Host: hostname.com
> X-REAL-IP: 123.123.12.123
> 

Is it actual request which corresponds to a backtrace below?

> _____Config_____ (simplified)
> 
> http {
>     # ipaddress + ipaddress/16 + ipaddress/24
>     map $http_x_real_ip $ipaddress {
>         default                         $remote_addr;
>         "~^\d+\.\d+\.\d+\.\d+$"         $http_x_real_ip;
>     }

It would be better to see full actual config used.

[...]

> #1  0x000000000040535c in ngx_log_error_core (level=4, log=0x1b9f0e70,
> err=0, fmt=0x4822e0 "the value of the \"%V\" variable is more than 65535
> bytes: \"%v\"") at src/core/ngx_log.c:120
>         args = {{gp_offset = 48, fp_offset = 48, overflow_arg_area =
> 0x7fff4f9bea70, reg_save_area = 0x7fff4f9be9a0}}
>         p = 0x7fff4f9be19e "the value of the \"ipaddress\" variable is
> more than 65535 bytes: \""
>         last = 0x7fff4f9be970 "0"
>         msg = 0x7fff4f9be19e "the value of the \"ipaddress\" variable is
> more than 65535 bytes: \""
>         errstr = "2012/08/07 16:17:42 [error] 30667#0: *1901681 the
> value of the \"ipaddress\" variable is more than 65535 bytes:
> \"\000\000\000\000\000\000\000\000\000>\001\000\006\000\000\000\000`\233\231\033\000\000\000\000\303)\000\000\000\000\000\000\341\346\233O\377\177\000\000he\233\033\000\000\000\000V\\\000\000\000\000\000\000\000\200\001\000\000\000\000\000pd\233\033\000\000\000\000p\312s\033\371*\000\000\000\000\000\000\000\000\000\000P\363\233O\377\177\000\000\020c\233\033\000\000\000\000"...
> 
> #2  0x000000000046d5d2 in ngx_http_limit_req_handler (r=0x1b99faa0) at
> src/http/modules/ngx_http_limit_req_module.c:192
>         len = 194343136
>         hash = 4294967295
>         rc = -5
>         n = 0
>         excess = 0
>         delay = 463076000
>         vv = 0x1b99a040
>         ctx = 0x1b958128
>         lrcf = 0x1b9594a0
>         limit = 0x1b959f00
>         limits = 0x1b959f00

It looks like the $ipaddress variable was corrupted somehow. Could 
you please show 

fr 2
p *limit
p *ctx
p *vv
p *r

output from gdb?

[...]

Maxim Dounin

More information about the nginx mailing list