Memory leak?
Closed this issue · 0 comments
bartebor commented
It looks like nginx is loosing memory on accepting new ssl connections.
Simple stresstest against debug version from docker shows constantly increasing memory usage.
How to reproduce using docker:
# compile nginx with ASAN disabled:
$ ./auto/configure --add-module=/build/nginx-ssl-ja3 --with-http_ssl_module --with-stream_ssl_module --with-debug --with-stream --with-cc-opt=" -O -fno-omit-frame-pointer" --with-ld-opt="-L/usr/local/lib -Wl,-E"
$ make install
$ valgrind --trace-children=yes --leak-check=full --show-leak-kinds=all nginx
# on some other terminal
wrk -c10 -t1 -d60 -H'Connection: close' https://127.0.0.1
Running 1m test @ https://127.0.0.1
1 threads and 10 connections
Thread Stats Avg Stdev Max +/- Stdev
Latency 12.22ms 1.37ms 85.89ms 93.62%
Req/Sec 123.37 15.93 141.00 95.76%
7241 requests in 1.00m, 4.17MB read
Requests/sec: 120.48
Transfer/sec: 71.07KB
# hit Ctrl-C in nginx console:
[...]
==18042== 4,121,558 (3,644,424 direct, 477,134 indirect) bytes in 7,231 blocks are definitely lost in loss record 25 of 25
==18042== at 0x483577F: malloc (vg_replace_malloc.c:299)
==18042== by 0x4B8787D: CRYPTO_malloc (mem.c:222)
==18042== by 0x4B878B0: CRYPTO_zalloc (mem.c:230)
==18042== by 0x496CE46: SSL_SESSION_new (ssl_sess.c:72)
==18042== by 0x49557FB: d2i_SSL_SESSION (ssl_asn1.c:254)
==18042== by 0x499ECA8: tls_decrypt_ticket (t1_lib.c:1408)
==18042== by 0x499E7E2: tls_get_ticket_from_client (t1_lib.c:1249)
==18042== by 0x496DEE9: ssl_get_prev_session (ssl_sess.c:553)
==18042== by 0x4995048: tls_early_post_process_client_hello (statem_srvr.c:1800)
==18042== by 0x49960B7: tls_post_process_client_hello (statem_srvr.c:2218)
==18042== by 0x4993B8A: ossl_statem_server_post_process_message (statem_srvr.c:1214)
==18042== by 0x49802AA: read_state_machine (statem.c:661)
==18042==
==18042== LEAK SUMMARY:
==18042== definitely lost: 3,649,472 bytes in 7,242 blocks
==18042== indirectly lost: 481,764 bytes in 14,520 blocks
==18042== possibly lost: 443,066 bytes in 7 blocks
==18042== still reachable: 11,974 bytes in 142 blocks
==18042== suppressed: 0 bytes in 0 blocks
I tried this also on my own nginx with JA3 module with similar outcome. The same version without JA3 does not leak.