New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Memory leak on FreeBSD 12.1+ when communicating over vici
socket.
#966
Comments
Does it also happen if you use VICI over TCP instead of a UNIX socket? |
Changed In fact I think this behaviour is because frequent memory allocation and deallocation ( One more note: I first observed this behaviour with strongswan version |
That would indicate an issue in the memory allocator of FreeBSD's libc (fragmentation or something) or maybe even the kernel, not really strongSwan (in particular because it apparently isn't an issue on Linux). Did you have a look at the man page for FreeBSD's malloc()? There seem to be various options to tune it. For instance, the number of arenas or thread-specific caching (there are also some debug options). |
Yes, It's possible, that problem is due to wrong tuning of FreeBSD memory allocator. But on the other hand - there is no special malloc configuration for I made similar test test on FreeBSD 9.3 VM, which is the last release before incorporating (Attached charon_mem.log) I also changed definition of FreeBSD 13.1 VM to use only one cpu core, but this did not change anything. Here is result of following command on 1CPU FreeBSD13.1-BETA2: sh -c "MALLOC_CONF='stats_print:true,narenas:1' /usr/local/libexec/ipsec/charon 2>/var/log/charon-memdump-0.log" Attached log of periodic monitoring of used memory charon_mem-1cpu-memstats.log and stats dumped by Unfortunately I don't know anything about debugging of jemalloc, so these numbers are rather cryptic for me :-) |
No idea whatsoever.
Unless the previous allocator behaved similarly, it might be something else then (maybe an issue with sockets).
Don't really know either. Have you checked the jemalloc tuning guide, and the heap profiling and leak checking pages? |
Thank you very much for your help. Yes, I've read these pages, unfortunately heap profiling and leak checking require profiling support which is not compiled into FreeBSD's I filled bug report on FreeBSD bugzilla, maybe someone from FreeBSD team would notice something obvious I cannot see: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262743 I also remade again test with valgrind just to be sure, attaching log - no real leaks, but showed some warnings which can be interesting. The same test, using
And valgrind's log: charon-valgrind-full.log |
While not fixing the issue, setting |
Thank you again for all the help.
I was wrong - the I made long-lasting test (1.5 week) with more aggresive stressing and it looks that just few hours after start, memory footprint increases (not as much as for Note graph below - every day at 3:01 AM starts some cron job which checks the whole system, downloads some CVE reports, which is rather memory consuming task - on the graph you can see drops of used RSS memory at that time: Attaching also script for tracking ( memlogger.sh It looks like this option resolves my problem. Note, that strongswan FreeBSD package is by default compiled with this option, and when manual building from ports, this option can be changed (although it is also by default set to Maybe this note is worth of adding to the FreeBSD installation documentation? I think this issue can be closed. |
Thanks for the update. I've added the option and a note to the docs. |
System (please complete the following information):
Describe the bug
On FreeBSD system (amd64, arm64) when communicating over vici socket memory leaks in terms of constantly increasing Virtual and Resident (VSS and RSS) memory of process occur, until all system memory is exhausted, when process
charon
is killed by kernel with messagekernel: pid 903 (charon), jid 0, uid 0, was killed: failed to reclaim memory
.Any tool for memory leak detection tools (
valgrind
,ktrace
) does not detect any memory leaks, increasing RSS is the only symptom.Also this behaviour is not observed on Linux (tested on Ubuntu 20.04 and Debian 10 bookworm/sid).
To Reproduce
Steps to reproduce the behavior:
Run VM and disable swap (to speed-up failure)
git clone https://github.com/strongswan/strongswan
ipsec start
swanctl --stats
is enough to reproduce error:charon
process, using e.g.top
or attachedmemlogger.py
Expected behavior
Memory used by
charon
process should not constantly increase, and should not finally cause charon to be killed.Logs/Backtraces
python3
and python packagepsutil
(pkg install py38-psutil
).charon
from 9MB to 95MB took about 1.5 hourAdditional context
Problem occurred when monitored via vici socket state of charon daemon (tunnel definitions, SAs, etc), but it was also reproduced using simple
swanctl --stats
command repeated in loop.No change in this beaviour is observed when using different configure's
--with-printf-hooks=
-- according to issue in pfsense: https://redmine.pfsense.org/issues/5149 this could be the reason, but tests with--with-printf-hooks=builtin
,--with-printf-hooks=glibc
and--with-printf-hooks=vstr
did not fix the error.The text was updated successfully, but these errors were encountered: