Bug#319517: eat all the available memory

Igor Genibel Fri, 22 Jul 2005 11:16:14 -0700

Package: proftpd
Severity: important


Hi Francesco,

We encounter a serious problem with proftpd since the -10 version on our
webhosting platform.
The -9 version does not have this bug.
We have machine in Sarge and we are quite frightened because of
potential security updates.

Thanks.

After few hours a process eat all the memory and then all the processes
are killed by the VM killer. He are some information:

proftpd.conf:
ServerType standalone
RequireValidShell off
DefaultRoot ~
MaxClientsPerUser 8
MaxClientsPerHost 16
MaxHostsPerUser 8
MaxInstances 100
# hide version
ServerIdent on ""
TransferLog /var/log/proftpd.log
TimeoutIdle 900
Umask 0072

# boost initial connection up
IdentLookups off
WtmpLog off
UseReverseDNS off

Bind 10.0.1.14
AllowOverwrite on
AllowStoreRestart on

ListOptions "-a"

# SSL
#TLSEngine on
#TLSRSACertificateFile /etc/proftpd-rsa.pem
#TLSLog /var/log/tls.log


[EMAIL PROTECTED]:~# ps auwxww | grep proftpd
root     12950  0.1  0.1   4688  1388 ?        Ss   14:21   0:14 proftpd: 
(accepting connections)
21340    11699  1.7  0.2   4872  2112 ?        S    17:37   0:03 proftpd: 
pakavadenn - 62.161.99.217: IDLE
cyrilb   11703 26.1 89.6 1370784 926096 ?      R    17:38   0:37 proftpd: 
cyrilb - 10.0.6.2: IDLE
ngs      11806  0.4  0.2   4872  2360 ?        S    17:39   0:00 proftpd: ngs - 
84.6.16.193: IDLE
root     11946  0.0  0.0   1540   496 pts/2    R+   17:40   0:00 grep proftpd



[EMAIL PROTECTED]:~# strace -p 11703
Process 11703 attached - interrupt to quit
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
fcntl64(4, F_SETLKW64, {type=F_WRLCK, whence=SEEK_CUR, start=16, len=520}, 
0x80d7a48) = 0
_llseek(4, 16, [16], SEEK_SET)          = 0
write(4, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 520) = 520
_llseek(4, 16, [16], SEEK_SET)          = 0
fcntl64(4, F_SETLKW64, {type=F_UNLCK, whence=SEEK_CUR, start=16, len=520}, 
0x80d7a48) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
fcntl64(4, F_SETLKW64, {type=F_WRLCK, whence=SEEK_CUR, start=16, len=520}, 
0x80d7a48) = 0
_llseek(4, 16, [16], SEEK_SET)          = 0
write(4, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 520) = 520
_llseek(4, 16, [16], SEEK_SET)          = 0
fcntl64(4, F_SETLKW64, {type=F_UNLCK, whence=SEEK_CUR, start=16, len=520}, 
0x80d7a48) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
fcntl64(4, F_SETLKW64, {type=F_WRLCK, whence=SEEK_CUR, start=16, len=520}, 
0x80d7a48) = 0
_llseek(4, 16, [16], SEEK_SET)          = 0
write(4, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 520) = 520
_llseek(4, 16, [16], SEEK_SET)          = 0
fcntl64(4, F_SETLKW64, {type=F_UNLCK, whence=SEEK_CUR, start=16, len=520}, 
0x80d7a48) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
fcntl64(4, F_SETLKW64, {type=F_WRLCK, whence=SEEK_CUR, start=16, len=520}, 
0x80d7a48) = 0
_llseek(4, 16, [16], SEEK_SET)          = 0
write(4, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 520) = 520
_llseek(4, 16, [16], SEEK_SET)          = 0
fcntl64(4, F_SETLKW64, {type=F_UNLCK, whence=SEEK_CUR, start=16, len=520}, 
0x80d7a48) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
fcntl64(4, F_SETLKW64, {type=F_WRLCK, whence=SEEK_CUR, start=16, len=520}, 
0x80d7a48) = 0
_llseek(4, 16, [16], SEEK_SET)          = 0
write(4, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 520) = 520
_llseek(4, 16, [16], SEEK_SET)          = 0
fcntl64(4, F_SETLKW64, {type=F_UNLCK, whence=SEEK_CUR, start=16, len=520}, 
0x80d7a48) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) --- fcntl64(4, F_SETLKW64, 
{type=F_WRLCK, whence=SEEK_CUR, start=16, len=520}, 0x80d7a48) = 0
_llseek(4, 16, [16], SEEK_SET)          = 0
write(4, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 520) = 520
_llseek(4, 16, [16], SEEK_SET)          = 0
fcntl64(4, F_SETLKW64, {type=F_UNLCK, whence=SEEK_CUR, start=16, len=520}, 
0x80d7a48) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
fcntl64(4, F_SETLKW64, {type=F_WRLCK, whence=SEEK_CUR, start=16, len=520}, 
0x80d7a48) = 0
_llseek(4, 16, [16], SEEK_SET)          = 0
write(4, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 520) = 520
_llseek(4, 16, [16], SEEK_SET)          = 0
[...]
until killed

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#319517: eat all the available memory

Reply via email to