The core dump may occur during initialization
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000000000441711 in ngx_event_process_init (cycle=0x1e93cc0) at src/event/ngx_event.c:807
801 i = cycle->connection_n;
802 next = NULL;
803
804 do {
805 i--;
806
807 c[i].data = next;
#1 0x000000000044abb9 in ngx_worker_process_init (cycle=cycle@entry=0x1e93cc0, worker=worker@entry=-1) at src/os/unix/ngx_process_cycle.c:968
This memory leak was found by running the Valgrind testing mode against
lua-resty-core's `ssl-session-fetch.t` test suite:
TEST 5: yield during doing handshake with client which uses low version OpenSSL
==16956== 64 (32 direct, 32 indirect) bytes in 1 blocks are definitely lost in loss record 5 of 15
==16956== at 0x4C2B002: malloc (vg_replace_malloc.c:298)
==16956== by 0x5FFC868: CRYPTO_malloc (mem.c:222)
==16956== by 0x5FFC96F: CRYPTO_zalloc (mem.c:230)
==16956== by 0x603C54A: OPENSSL_sk_new_reserve (stack.c:209)
==16956== by 0x603C597: OPENSSL_sk_new_null (stack.c:118)
==16956== by 0x5C94A86: sk_SSL_CIPHER_new_null (ssl.h:960)
==16956== by 0x5C94A86: bytes_to_cipher_list (ssl_lib.c:5361)
==16956== by 0x5CB52E9: tls_early_post_process_client_hello (statem_srvr.c:1713)
==16956== by 0x5CB52E9: tls_post_process_client_hello (statem_srvr.c:2231)
==16956== by 0x5CB6F39: ossl_statem_server_post_process_message (statem_srvr.c:1218)
==16956== by 0x5CA4C11: read_state_machine (statem.c:664)
==16956== by 0x5CA4C11: state_machine (statem.c:434)
==16956== by 0x5CA538A: ossl_statem_accept (statem.c:255)
==16956== by 0x5C91759: SSL_do_handshake (ssl_lib.c:3609)
==16956== by 0x45456B: ngx_ssl_handshake (ngx_event_openssl.c:1606)
==16956== by 0x4698D3: ngx_http_ssl_handshake (ngx_http_request.c:751)
==16956== by 0x44ECA8: ngx_epoll_process_events (ngx_epoll_module.c:901)
==16956== by 0x443E94: ngx_process_events_and_timers (ngx_event.c:257)
==16956== by 0x44DC25: ngx_single_process_cycle (ngx_process_cycle.c:333)
==16956== by 0x4236AB: main (nginx.c:382)
==16956==
{
<insert_a_suppression_name_here>
Memcheck:Leak
match-leak-kinds: definite
fun:malloc
fun:CRYPTO_malloc
fun:CRYPTO_zalloc
fun:OPENSSL_sk_new_reserve
fun:OPENSSL_sk_new_null
fun:sk_SSL_CIPHER_new_null
fun:bytes_to_cipher_list
fun:tls_early_post_process_client_hello
fun:tls_post_process_client_hello
fun:ossl_statem_server_post_process_message
fun:read_state_machine
fun:state_machine
fun:ossl_statem_accept
fun:SSL_do_handshake
fun:ngx_ssl_handshake
fun:ngx_http_ssl_handshake
fun:ngx_epoll_process_events
fun:ngx_process_events_and_timers
fun:ngx_single_process_cycle
fun:main
}
==16956== 368 (32 direct, 336 indirect) bytes in 1 blocks are definitely lost in loss record 8 of 15
==16956== at 0x4C2B002: malloc (vg_replace_malloc.c:298)
==16956== by 0x5FFC868: CRYPTO_malloc (mem.c:222)
==16956== by 0x5FFC96F: CRYPTO_zalloc (mem.c:230)
==16956== by 0x603C54A: OPENSSL_sk_new_reserve (stack.c:209)
==16956== by 0x603C597: OPENSSL_sk_new_null (stack.c:118)
==16956== by 0x5C94A79: sk_SSL_CIPHER_new_null (ssl.h:960)
==16956== by 0x5C94A79: bytes_to_cipher_list (ssl_lib.c:5360)
==16956== by 0x5CB52E9: tls_early_post_process_client_hello (statem_srvr.c:1713)
==16956== by 0x5CB52E9: tls_post_process_client_hello (statem_srvr.c:2231)
==16956== by 0x5CB6F39: ossl_statem_server_post_process_message (statem_srvr.c:1218)
==16956== by 0x5CA4C11: read_state_machine (statem.c:664)
==16956== by 0x5CA4C11: state_machine (statem.c:434)
==16956== by 0x5CA538A: ossl_statem_accept (statem.c:255)
==16956== by 0x5C91759: SSL_do_handshake (ssl_lib.c:3609)
==16956== by 0x45456B: ngx_ssl_handshake (ngx_event_openssl.c:1606)
==16956== by 0x4698D3: ngx_http_ssl_handshake (ngx_http_request.c:751)
==16956== by 0x44ECA8: ngx_epoll_process_events (ngx_epoll_module.c:901)
==16956== by 0x443E94: ngx_process_events_and_timers (ngx_event.c:257)
==16956== by 0x44DC25: ngx_single_process_cycle (ngx_process_cycle.c:333)
==16956== by 0x4236AB: main (nginx.c:382)
==16956==
{
<insert_a_suppression_name_here>
Memcheck:Leak
match-leak-kinds: definite
fun:malloc
fun:CRYPTO_malloc
fun:CRYPTO_zalloc
fun:OPENSSL_sk_new_reserve
fun:OPENSSL_sk_new_null
fun:sk_SSL_CIPHER_new_null
fun:bytes_to_cipher_list
fun:tls_early_post_process_client_hello
fun:tls_post_process_client_hello
fun:ossl_statem_server_post_process_message
fun:read_state_machine
fun:state_machine
fun:ossl_statem_accept
fun:SSL_do_handshake
fun:ngx_ssl_handshake
fun:ngx_http_ssl_handshake
fun:ngx_epoll_process_events
fun:ngx_process_events_and_timers
fun:ngx_single_process_cycle
fun:main
}
When `reuseport` is enabled in the `listen` directive, Nginx will create
a listening fd for each worker process in the master process.
These fds will be inherited by the worker processes, but most of them
are unused. For example, considering we have 32 listening ip:port
configurations and 64 worker processes, each worker process will inherit
2048 (32 * 64) listening fds, but only 32 fds are used. By closing the
unused fds, this change could save up to 2016 (32 * 63) fds in a worker
process.
It doesn't affect the listening socket, since there is only one used fd
which associates to the socket with or without this change.
Co-authored-by: Thibault Charbonnier <thibaultcha@me.com>
lijunlong
Bo Xu
耗子
Johnny Wang
kurt
swananan
fesily
Zhefeng Chen
wangyao
Yichun Zhang (agentzh)
root
lijunlong
Thibault Charbonnier
Datong Sun
spacewander