Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-10040

Failed SSL connection memory leak

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.4.6, 2.5.1
    • Affects Version/s: 2.4.4
    • Component/s: Networking
    • None
    • Environment:
      Using MongoDB SSL
    • ALL

      Creating a non-ssl connection to a MongoD running SSL will fail. This failure will increase the non-mapped virtual memory used by the cluster.

      Log Excerpt

      Thu Jun 27 09:04:04.294 [initandlisten] connection accepted from 127.0.0.1:43490 #17348 (9 connections now open)
      Thu Jun 27 09:04:04.294 [conn17348] ERROR: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
      Thu Jun 27 09:04:04.294 [conn17348] SocketException handling request, closing client connection: 9001 socket exception [6]
      Thu Jun 27 09:04:04.329 [initandlisten] connection accepted from 127.0.0.1:43491 #17349 (9 connections now open)
      Thu Jun 27 09:04:04.329 [conn17349] ERROR: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
      Thu Jun 27 09:04:04.329 [conn17349] SocketException handling request, closing client connection: 9001 socket exception [6]
      Thu Jun 27 09:04:04.365 [initandlisten] connection accepted from 127.0.0.1:43492 #17350 (9 connections now open)
      Thu Jun 27 09:04:04.365 [conn17350] ERROR: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
      Thu Jun 27 09:04:04.365 [conn17350] SocketException handling request, closing client connection: 9001 socket exception [6]
      

      Running the following will grow virtual memory quickly

      while true; do echo "db.isMaster()" | mongo --port 30002 --quiet; done
      

      Running the same with --ssl causes no issues

      while true; do echo "db.isMaster()" | mongo --port 30002 --quiet --ssl; done
      

      Output from Mongostat

      insert  query update delete getmore command flushes mapped  vsize    res faults                   locked db idx miss %     qr|qw   ar|aw  netIn netOut  conn     set repl       time
          *0     *0     *0     *0       0     2|0       0   8.9g  18.7g   151m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:42
          *0      4     *0     *0       0     6|0       0   8.9g  18.7g   152m      0                   test:0.0%          0       0|0     0|0   753b     9k     8 shard-1  SEC   09:01:43
          *0     *0     *0     *0       0     2|0       0   8.9g  18.7g   153m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:44
          *0     *0     *0     *0       0     2|0       0   8.9g  18.7g   154m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:45
          *0     *0     *0     *0       0    12|0       0   8.9g  18.7g   155m      0                   test:0.0%          0       0|0     0|0   813b    12k     8 shard-1  SEC   09:01:46
          *0     *0     *0     *0       0     2|0       0   8.9g  18.7g   156m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:47
          *0     *0     *0     *0       0     2|0       1   8.9g  18.7g   157m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:48
          *0      7     *0     *0       0     2|0       0   8.9g  18.7g   158m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:49
          *0     *0     *0     *0       0     2|0       0   8.9g  18.7g   159m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:50
          *0     *0     *0     *0       0     4|0       0   8.9g  18.7g   160m      0                   test:0.0%          0       0|0     0|0   314b     5k     8 shard-1  SEC   09:01:51
      insert  query update delete getmore command flushes mapped  vsize    res faults                   locked db idx miss %     qr|qw   ar|aw  netIn netOut  conn     set repl       time
          *0     *0     *0     *0       0     2|0       0   8.9g  18.7g   160m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:52
          *0     *0     *0     *0       0     2|0       0   8.9g  18.7g   161m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:53
          *0     *0     *0     *0       0     2|0       0   8.9g  18.7g   162m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:54
          *0     *0     *0     *0       0     2|0       0   8.9g  18.7g   163m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:55
          *0     *0     *0     *0       0     2|0       0   8.9g  18.7g   164m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:56
          *0     *0     *0     *0       0     2|0       0   8.9g  18.7g   165m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:57
          *0     *0     *0     *0       0     2|0       0   8.9g  18.7g   166m      0                   test:0.0%          0       0|0     0|0   190b     4k     9 shard-1  SEC   09:01:58
          *0     *0     *0     *0       0     2|0       0   8.9g  18.8g   167m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:01:59
          *0     *0     *0     *0       0     2|0       0   8.9g  18.8g   168m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:02:00
          *0     *0     *0     *0       0     4|0       0   8.9g  18.8g   169m      0                   test:0.0%          0       0|0     0|0   314b     5k     8 shard-1  SEC   09:02:01
      insert  query update delete getmore command flushes mapped  vsize    res faults                   locked db idx miss %     qr|qw   ar|aw  netIn netOut  conn     set repl       time
          *0     *0     *0     *0       0     2|0       0   8.9g  18.8g   170m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:02:02
          *0     *0     *0     *0       0     2|0       0   8.9g  18.8g   171m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:02:03
          *0     *0     *0     *0       0     2|0       0   8.9g  18.8g   171m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:02:04
          *0     *0     *0     *0       0     2|0       0   8.9g  18.8g   172m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:02:05
          *0     *0     *0     *0       0     2|0       0   8.9g  18.8g   173m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:02:06
          *0     *0     *0     *0       0     2|0       0   8.9g  18.8g   174m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:02:07
          *0     *0     *0     *0       0     2|0       0   8.9g  18.8g   175m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:02:08
          *0     *0     *0     *0       0     2|0       0   8.9g  18.8g   176m      0                   test:0.0%          0       0|0     0|0   190b     4k     8 shard-1  SEC   09:02:09
          *0      4     *0     *0       0     6|0       0   8.9g  18.8g   177m      0                   test:0.0%          0       0|0     0|0   753b     9k     8 shard-1  SEC   09:02:10
          *0     *0     *0     *0       0     4|0       0   8.9g  18.8g   178m      0                   test:0.0%          0       0|0     0|0   314b     5k     8 shard-1  SEC   09:02:11
      

            Assignee:
            andreas.nilsson Andreas Nilsson
            Reporter:
            david.hows David Hows
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: