nginx 0.7.62/0.8.20 ssl and "worker process ... exited on signal 11"

Andrey Y. Ostanovsky andrey at ostanovsky.spb.ru
Fri Oct 30 12:21:56 MSK 2009 

Maxim Dounin пишет:
> On Fri, Oct 23, 2009 at 11:52:03AM +0400, Andrey Y. Ostanovsky wrote
>> Maxim Dounin пишет:
>>     
>>> Либо это совсем плохой, негодный стек, либо gdb запускали не с тем 
>>> бинарником.
>>>
>>> Я склоняюсь ко второму варианту - адреса переменных вполне похожи 
>>> на правду, между тем как имена функций и файлы/строки - абсолютно 
>>> левые
>>>       
>> Точно! Не с той коркой. Прошу прощения. Вот более правильный вариант:
>>
>> # gdb /usr/local/sbin/nginx-0.8.20 /var/tmp/80.nginx-0.8.20.core
>> GNU gdb 6.1.1 [FreeBSD]
>> Copyright 2004 Free Software Foundation, Inc.
>> GDB is free software, covered by the GNU General Public License, and you are
>> welcome to change it and/or distribute copies of it under certain
>> conditions.
>> Type "show copying" to see the conditions.
>> There is absolutely no warranty for GDB.  Type "show warranty" for details.
>> This GDB was configured as "i386-marcel-freebsd"...
>> Core was generated by `nginx-0.8.20'.
>> Program terminated with signal 11, Segmentation fault.
>> Reading symbols from /lib/libcrypt.so.4...done.
>> Loaded symbols for /lib/libcrypt.so.4
>> Reading symbols from /usr/local/lib/libpcre.so.0...done.
>> Loaded symbols for /usr/local/lib/libpcre.so.0
>> Reading symbols from /usr/lib/libssl.so.5...done.
>> Loaded symbols for /usr/lib/libssl.so.5
>> Reading symbols from /lib/libcrypto.so.5...done.
>> Loaded symbols for /lib/libcrypto.so.5
>> Reading symbols from /lib/libz.so.4...done.
>> Loaded symbols for /lib/libz.so.4
>> Reading symbols from /lib/libc.so.7...done.
>> Loaded symbols for /lib/libc.so.7
>> Reading symbols from /libexec/ld-elf.so.1...done.
>> Loaded symbols for /libexec/ld-elf.so.1
>> #0  0x283e18a3 in memcpy () from /lib/libc.so.7
>> (gdb) bt
>> #0  0x283e18a3 in memcpy () from /lib/libc.so.7
>> #1  0x08077ad1 in ngx_ssl_send_chain (c=0x28567258, in=0x285d9f9c,
>> limit=2012)
>>     at src/event/ngx_event_openssl.c:973
>>     
>
> fr 1
> p *buf
> p *in
> p *in->buf
> p size
>   
Кто бы еще сказал, что это надо выполнить в том же gdb. :(

(gdb) fr 1
#1  0x08077ad1 in ngx_ssl_send_chain (c=0x286018fc, in=0x285487b4,
limit=12288)
    at src/event/ngx_event_openssl.c:973
973     src/event/ngx_event_openssl.c: No such file or directory.
        in src/event/ngx_event_openssl.c
(gdb) p *buf
$1 = {pos = 0xa5a5a5a5 <Address 0xa5a5a5a5 out of bounds>,
  last = 0xa5a5a5a5 <Address 0xa5a5a5a5 out of bounds>, file_pos =
-6510615555426900571,
  file_last = -6510615555426900571, start = 0xa5a5a5a5 <Address
0xa5a5a5a5 out of bounds>,
  end = 0xa5a5a5a5 <Address 0xa5a5a5a5 out of bounds>, tag = 0xa5a5a5a5,
file = 0xa5a5a5a5,
  shadow = 0xa5a5a5a5, temporary = 1, memory = 0, mmap = 1, recycled =
0, in_file = 0, flush = 1,
  sync = 0, last_buf = 1, last_in_chain = 1, last_shadow = 0, temp_file
= 1, num = -1515870811}
(gdb) p *in
$2 = {buf = 0x65a6dca5, next = 0x69aa4828}
(gdb) p *in->buf
Cannot access memory at address 0x65a6dca5
(gdb) p size
$3 = -4096
(gdb)

> Ну и чтобы два раза не вставать:
>
> p *c
> p *c->ssl

(gdb) p *c
$6 = {data = 0x28529000, read = 0x28665564, write = 0x286a1564, fd = 4,
  recv = 0x80771a0 <ngx_ssl_recv>, send = 0x8077c90 <ngx_ssl_write>,
  recv_chain = 0x80770d0 <ngx_ssl_recv_chain>, send_chain = 0x80776e0
<ngx_ssl_send_chain>,
  listening = 0x2854a654, sent = 16384, log = 0x2851a038, pool =
0x2851a000,
  sockaddr = 0x2851a028, socklen = 16, addr_text = {len = 15,
    data = 0x2851a050 "╔╔╔╔╔╔╔╔╔\200©b(DЛg(D╛k(ЪЪЪЪ", '╔' <repeats 84
times>, "Д©b(\200Лg(\200╛k(ЪЪЪЪ", '╔' <repeats 75 times>...}, ssl =
0x2851a08c, local_sockaddr = 0x285c7b94, local_socklen = 16,
  buffer = 0x2851a0a8, number = 32880, requests = 1, buffered = 0,
log_error = 2,
  single_connection = 0, unexpected_eof = 0, timedout = 0, error = 0,
destroyed = 0, idle = 0,
  close = 0, sendfile = 1, sndlowat = 0, tcp_nodelay = 0, tcp_nopush =
2, aio_sendfile = 0,
  busy_sendfile = 0x0}
(gdb) p *c->ssl
$7 = {connection = 0xa5a5a5a5, last = -1515870811, buf = 0xa5a5a5a5,
handler = 0xa5a5a5a5,
  saved_read_handler = 0xa5a5a5a5, saved_write_handler = 0xa5a5a5a5,
handshaked = 1, buffer = 0,
  no_wait_shutdown = 1, no_send_shutdown = 0}
(gdb)

>> #2  0x0808fbe0 in ngx_http_write_filter (r=0x2855c000, in=0x0)
>>     at src/http/ngx_http_write_filter_module.c:238
>> #3  0x080a5a76 in ngx_http_chunked_body_filter (r=0x2855c000, in=0x0)
>>     at src/http/modules/ngx_http_chunked_filter_module.c:84
>> #4  0x080ad0e5 in ngx_http_gzip_body_filter (r=0x2855c000, in=0x0)
>>     at src/http/modules/ngx_http_gzip_filter_module.c:304
>> #5  0x080aeb0b in ngx_http_postpone_filter (r=0x2855c000, in=0x0)
>>     at src/http/ngx_http_postpone_filter_module.c:82
>> #6  0x080af7c3 in ngx_http_charset_body_filter (r=0x2855c000, in=0x0)
>>     at src/http/modules/ngx_http_charset_filter_module.c:552
>> #7  0x080b1ce5 in ngx_http_ssi_body_filter (r=0x2855c000, in=0x0)
>>     at src/http/modules/ngx_http_ssi_filter_module.c:395
>> #8  0x08050dfe in ngx_output_chain (ctx=0x285de204, in=0x0) at
>> src/core/ngx_output_chain.c:56
>> #9  0x0809029d in ngx_http_copy_filter (r=0x2855c000, in=0x0)
>>     at src/http/ngx_http_copy_filter_module.c:137
>> #10 0x080a6d21 in ngx_http_range_body_filter (r=0x2855c000, in=0x0)
>>     at src/http/modules/ngx_http_range_filter_module.c:549
>> #11 0x0807f635 in ngx_http_output_filter (r=0x2855c000, in=0x0)
>>     at src/http/ngx_http_core_module.c:1729
>> #12 0x0808a3c5 in ngx_http_writer (r=0x2855c000) at
>> src/http/ngx_http_request.c:2211
>> #13 0x08089588 in ngx_http_request_handler (ev=0x2863d168) at
>> src/http/ngx_http_request.c:1779
>> #14 0x08068f33 in ngx_event_expire_timers () at
>> src/event/ngx_event_timer.c:149
>> #15 0x08067246 in ngx_process_events_and_timers (cycle=0x28526028) at
>> src/event/ngx_event.c:261
>> #16 0x080722e2 in ngx_worker_process_cycle (cycle=0x28526028, data=0x0)
>>     at src/os/unix/ngx_process_cycle.c:781
>> #17 0x0806fa9a in ngx_spawn_process (cycle=0x28526028, proc=0x80721a0
>> <ngx_worker_process_cycle>,
>>     data=0x0, name=0x80d355c "worker process", respawn=1) at
>> src/os/unix/ngx_process.c:196
>> #18 0x08071ea8 in ngx_reap_children (cycle=0x28526028) at
>> src/os/unix/ngx_process_cycle.c:602
>> #19 0x08070f3b in ngx_master_process_cycle (cycle=0x28526028)
>>     at src/os/unix/ngx_process_cycle.c:177
>> #20 0x0804be2e in main (argc=5, argv=0xbfbfeed0) at src/core/nginx.c:392
>> (gdb)
>>     

-- 
Best regards, Andrey Y. Ostanovsky
jabberID: aost at jabber.spb.ru
St. Petersburg, Russia 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx-ru/attachments/20091030/479c3e87/attachment.html>

More information about the nginx-ru mailing list