I've historically used restart action to refresh CRL's, used by Apache web server on configuration with mod_php and connection to external database. In such case apache normally reserves 6 semaphores: # ipcs -s | grep -c apache 6 After migration our main production server to Apache 2.4 I've found semaphore leaks on it's restart. It looks very like https://bugzilla.redhat.com/show_bug.cgi?id=1410883 for reload action. Hoping the issue is fixed in the latest release I've built apache 2.4.43. But in this version my issue still presents. Probably httpd fails to free semaphores when restart request interrupts some operations. Switching CRL update script to reload action is the sufficient workaround.
What modules are in use? In a sandbox can you get it to stop leaking by removing any module or directive?
(In reply to Eric Covener from comment #1) > What modules are in use? In a sandbox can you get it to stop leaking by > removing any module or directive? I use almost standard EL7 config. # httpd -M Loaded Modules: core_module (static) so_module (static) http_module (static) access_compat_module (shared) actions_module (shared) alias_module (shared) allowmethods_module (shared) auth_basic_module (shared) auth_digest_module (shared) authn_anon_module (shared) authn_core_module (shared) authn_dbd_module (shared) authn_dbm_module (shared) authn_file_module (shared) authn_socache_module (shared) authz_core_module (shared) authz_dbd_module (shared) authz_dbm_module (shared) authz_groupfile_module (shared) authz_host_module (shared) authz_owner_module (shared) authz_user_module (shared) autoindex_module (shared) cache_module (shared) cache_disk_module (shared) data_module (shared) dbd_module (shared) deflate_module (shared) dir_module (shared) dumpio_module (shared) echo_module (shared) env_module (shared) expires_module (shared) ext_filter_module (shared) filter_module (shared) headers_module (shared) include_module (shared) info_module (shared) log_config_module (shared) logio_module (shared) mime_magic_module (shared) mime_module (shared) negotiation_module (shared) remoteip_module (shared) reqtimeout_module (shared) rewrite_module (shared) setenvif_module (shared) slotmem_plain_module (shared) slotmem_shm_module (shared) socache_dbm_module (shared) socache_memcache_module (shared) socache_shmcb_module (shared) status_module (shared) substitute_module (shared) suexec_module (shared) unique_id_module (shared) unixd_module (shared) userdir_module (shared) version_module (shared) vhost_alias_module (shared) dav_module (shared) dav_fs_module (shared) dav_lock_module (shared) lua_module (shared) mpm_prefork_module (shared) proxy_module (shared) lbmethod_bybusyness_module (shared) lbmethod_byrequests_module (shared) lbmethod_bytraffic_module (shared) lbmethod_heartbeat_module (shared) proxy_ajp_module (shared) proxy_balancer_module (shared) proxy_connect_module (shared) proxy_express_module (shared) proxy_fcgi_module (shared) proxy_fdpass_module (shared) proxy_ftp_module (shared) proxy_http_module (shared) proxy_scgi_module (shared) proxy_wstunnel_module (shared) ssl_module (shared) systemd_module (shared) cgi_module (shared) php5_module (shared) Following noted RedHat bug I've tried to disable obviously unneccessary modules. But it changed almost nothing, AFAIR just decreased leaking semaphores from 6 to 5. The issue looks like depending on load and appears not on all servers with typical configuration, varies just in load. So, I've don't reproduce it in sandbox.