DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=26562>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=26562 There appears to be a major memory leak in mod_ssl/OpenSSL ------- Additional Comments From [EMAIL PROTECTED] 2004-03-17 15:35 ------- Here is some more info from on our Linux Heads: While attempting to locate the cause for what appears to be a memory consumption problem in the SSL code, the server segmentation faults. The first worker child & all of its child threads continue to consume memory while the parent stays the same or gets a little smaller. The child threads never give the memory back unless restarted. Please advise if this is an expected behavior. Running with 'SSLSessionCache none' doesn't consume memory (and doesn't seg fault), but it performs poorly when using 2048 bit keys. I observed the segmentation fault issue in mod_ssl while running the small script listed below. Based on the stack information the issue appears to be in shmcb_cton_memcpy() during an attempt to remove a session id. The server keeps on reponding, but all the child threads die and are restarted. I am not sure what is happening, but the following variables seem to get corrupted: The stack trace shows these are supposed to be: src_offset=6402 src_len=10240 Inside the frame they have these values: (gdb) print src_offset (in edi register) $55 = 3183473748 (gdb) print src_len (in edx register) $56 = 3183464512 The configuration file, and my initial debug session are attached. Apache error_log ... [Mon Mar 15 11:21:33 2004] [notice] Apache/2.0.48 configured -- resuming normal operations [Mon Mar 15 11:25:28 2004] [error] server reached MaxClients setting, consider raising the MaxClients setting [Mon Mar 15 11:38:29 2004] [notice] child pid 1065 exit signal Segmentation fault (11) [Mon Mar 15 12:06:28 2004] [notice] child pid 1154 exit signal Segmentation fault (11) [Mon Mar 15 12:44:49 2004] [notice] child pid 1258 exit signal Segmentation fault (11) [Mon Mar 15 13:04:40 2004] [notice] child pid 1315 exit signal Segmentation fault (11) [Mon Mar 15 13:17:29 2004] [notice] child pid 1363 exit signal Segmentation fault (11) [Mon Mar 15 13:45:12 2004] [notice] child pid 1401 exit signal Segmentation fault (11) ... OS RedHat 7.3 gcc-2.96-113 glibc-2.2.5-43 openssl-0.9.6b-35.7 Apache 2.0.48 Build Script: ./configure --with-program-name=leakd --with-port=9200 --with-mpm=worker -- enable-ssl=shared --enable-maintainer-mode \ --enable-proxy=shared --enable- cgi=shared --enable-setenvif=shared --enable-cgi=shared --enable-access=shared \ --enable-rewrite=shared --enable-dir=shared --enable-actions=shared --enable- mime=shared --enable-proxy_connect=shared \ --enable-proxy_http=shared -- enable-negotiation=shared --enable-alias=shared --enable-env=shared --enable- dir=shared \ --enable-mod-actions=shared --enable-log-config=shared --enable- imap=shared --enable-headers=shared \ --enable-layout=webserver --disable- autoindex --disable-userdir --disable-usertrack --disable-cgid \ --disable- asis --disable-auth --disable-auth_digest --disable-auth_dbm --disable- auth_anon --disable-dav \ --disable-dav_fs --disable-vhost_alias --disable- unique_id --disable-speling --disable-cern_meta --disable-include \ --disable- expires --enable-status=shared --enable-info=shared ldd leakd: libssl.so.2 => /lib/libssl.so.2 (0x40024000) libcrypto.so.2 => /lib/libcrypto.so.2 (0x40052000) libaprutil-0.so.0 => /usr/webserver/lib/libaprutil-0.so.0 (0x40119000) libgdbm.so.2 => /usr/lib/libgdbm.so.2 (0x4012d000) libdb-3.3.so => /lib/libdb-3.3.so (0x40133000) libexpat.so.0 => /usr/lib/libexpat.so.0 (0x401c2000) libapr-0.so.0 => /usr/webserver/lib/libapr-0.so.0 (0x401e1000) libpthread.so.0 => /lib/libpthread.so.0 (0x40200000) librt.so.1 => /lib/librt.so.1 (0x40215000) libm.so.6 => /lib/libm.so.6 (0x40226000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x40247000) libnsl.so.1 => /lib/libnsl.so.1 (0x40274000) libdl.so.2 => /lib/libdl.so.2 (0x40288000) libc.so.6 => /lib/libc.so.6 (0x4028c000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) Simple script on external machine downloads copies of the stock Apache index.html.en page under both unsecure & secure sites: #!/bin/sh counter=0 limit=32000 while [ "$counter" -lt "$limit" ] do wget -O - http://myboxaddr:9200 wget -O - https://myboxaddr:9201 counter=`expr $counter + 1` echo "Count=> $counter" done --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
