[SERVER-10040] Failed SSL connection memory leak Created: 26/Jun/13  Updated: 11/Jul/16  Resolved: 04/Jul/13

Status: Closed
Project: Core Server
Component/s: Networking
Affects Version/s: 2.4.4
Fix Version/s: 2.4.6, 2.5.1

Type: Bug Priority: Major - P3
Reporter: David Hows Assignee: Andreas Nilsson
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Using MongoDB SSL


Attachments: PNG File Screen Shot 2013-06-27 at 9.13.38 AM.png    
Issue Links:
Depends
Operating System: ALL
Participants:

 Description   

Creating a non-ssl connection to a MongoD running SSL will fail. This failure will increase the non-mapped virtual memory used by the cluster.

Log Excerpt

Thu Jun 27 09:04:04.294 [initandlisten] connection accepted from 127.0.0.1:43490 #17348 (9 connections now open)
Thu Jun 27 09:04:04.294 [conn17348] ERROR: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Thu Jun 27 09:04:04.294 [conn17348] SocketException handling request, closing client connection: 9001 socket exception [6]
Thu Jun 27 09:04:04.329 [initandlisten] connection accepted from 127.0.0.1:43491 #17349 (9 connections now open)
Thu Jun 27 09:04:04.329 [conn17349] ERROR: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Thu Jun 27 09:04:04.329 [conn17349] SocketException handling request, closing client connection: 9001 socket exception [6]
Thu Jun 27 09:04:04.365 [initandlisten] connection accepted from 127.0.0.1:43492 #17350 (9 connections now open)
Thu Jun 27 09:04:04.365 [conn17350] ERROR: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Thu Jun 27 09:04:04.365 [conn17350] SocketException handling request, closing client connection: 9001 socket exception [6]

Running the following will grow virtual memory quickly

while true; do echo "db.isMaster()" | mongo --port 30002 --quiet; done

Running the same with --ssl causes no issues

while true; do echo "db.isMaster()" | mongo --port 30002 --quiet --ssl; done

Output from Mongostat

insert  query update delete getmore command flushes mapped  vsize    res faults                   locked db idx miss %     qr|qw   ar|aw  netIn netOut  conn     set repl       time
    *0     *0     *0     *0       0     2|0       0   8.9g  18.7g   151m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:42
    *0      4     *0     *0       0     6|0       0   8.9g  18.7g   152m      0                   test:0.0%          0       0|0     0|0   753b     9k     8 shard-1  SEC   09:01:43
    *0     *0     *0     *0       0     2|0       0   8.9g  18.7g   153m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:44
    *0     *0     *0     *0       0     2|0       0   8.9g  18.7g   154m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:45
    *0     *0     *0     *0       0    12|0       0   8.9g  18.7g   155m      0                   test:0.0%          0       0|0     0|0   813b    12k     8 shard-1  SEC   09:01:46
    *0     *0     *0     *0       0     2|0       0   8.9g  18.7g   156m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:47
    *0     *0     *0     *0       0     2|0       1   8.9g  18.7g   157m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:48
    *0      7     *0     *0       0     2|0       0   8.9g  18.7g   158m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:49
    *0     *0     *0     *0       0     2|0       0   8.9g  18.7g   159m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:50
    *0     *0     *0     *0       0     4|0       0   8.9g  18.7g   160m      0                   test:0.0%          0       0|0     0|0   314b     5k     8 shard-1  SEC   09:01:51
insert  query update delete getmore command flushes mapped  vsize    res faults                   locked db idx miss %     qr|qw   ar|aw  netIn netOut  conn     set repl       time
    *0     *0     *0     *0       0     2|0       0   8.9g  18.7g   160m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:52
    *0     *0     *0     *0       0     2|0       0   8.9g  18.7g   161m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:53
    *0     *0     *0     *0       0     2|0       0   8.9g  18.7g   162m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:54
    *0     *0     *0     *0       0     2|0       0   8.9g  18.7g   163m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:55
    *0     *0     *0     *0       0     2|0       0   8.9g  18.7g   164m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:56
    *0     *0     *0     *0       0     2|0       0   8.9g  18.7g   165m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:57
    *0     *0     *0     *0       0     2|0       0   8.9g  18.7g   166m      0                   test:0.0%          0       0|0     0|0   190b     4k     9 shard-1  SEC   09:01:58
    *0     *0     *0     *0       0     2|0       0   8.9g  18.8g   167m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:59
    *0     *0     *0     *0       0     2|0       0   8.9g  18.8g   168m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:02:00
    *0     *0     *0     *0       0     4|0       0   8.9g  18.8g   169m      0                   test:0.0%          0       0|0     0|0   314b     5k     8 shard-1  SEC   09:02:01
insert  query update delete getmore command flushes mapped  vsize    res faults                   locked db idx miss %     qr|qw   ar|aw  netIn netOut  conn     set repl       time
    *0     *0     *0     *0       0     2|0       0   8.9g  18.8g   170m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:02:02
    *0     *0     *0     *0       0     2|0       0   8.9g  18.8g   171m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:02:03
    *0     *0     *0     *0       0     2|0       0   8.9g  18.8g   171m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:02:04
    *0     *0     *0     *0       0     2|0       0   8.9g  18.8g   172m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:02:05
    *0     *0     *0     *0       0     2|0       0   8.9g  18.8g   173m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:02:06
    *0     *0     *0     *0       0     2|0       0   8.9g  18.8g   174m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:02:07
    *0     *0     *0     *0       0     2|0       0   8.9g  18.8g   175m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:02:08
    *0     *0     *0     *0       0     2|0       0   8.9g  18.8g   176m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:02:09
    *0      4     *0     *0       0     6|0       0   8.9g  18.8g   177m      0                   test:0.0%          0       0|0     0|0   753b     9k     8 shard-1  SEC   09:02:10
    *0     *0     *0     *0       0     4|0       0   8.9g  18.8g   178m      0                   test:0.0%          0       0|0     0|0   314b     5k     8 shard-1  SEC   09:02:11



 Comments   
Comment by auto [ 12/Jul/13 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-10040 Fixed SSL memory leak for failed connects and accepts
Branch: v2.4
https://github.com/mongodb/mongo/commit/d9a15614c71fbf4ee8ad457330b793b16f2336bc

Comment by Eric Milkie [ 04/Jul/13 ]

the code is committed to master for 2.5.1, so this is resolved. backport is requested.

Comment by auto [ 28/Jun/13 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-10040 Fixed SSL memory leak for failed connects and accepts
Branch: master
https://github.com/mongodb/mongo/commit/a3f89bd33d2321f0cd518ea71c63683383fa3ac6

Generated at Thu Feb 08 03:22:06 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.