SSLThreadInfo is stored in a boost::thread_specific_ptr. When the thread shuts down, thread_specific_ptr calls SSLThreadInfo's deconstructor. SSLThreadInfo::~SSLThreadInfo calls 'ERR_remove_state(0)'. In the below stacktrace, ERR_remove_state calls CRYPTO_THREADID_current, which calls our callback to obtain a thread ID OpenSSL uses to track resources. Our callback uses the SSLThreadInfo stored in the boost::thread_specific_ptr. Because the active ptr doesn't exist(because it's being destroyed), our callback makes a new SSLThreadInfo, and allocates a new thread ID.
This could impact OpenSSL's ability to correctly manage thread local memory.
(gdb) bt #0 0x00007ffff50faea0 in raise () from /usr/lib/libpthread.so.0 #1 0x000055555a4a42ab in mongo::breakpoint () at src/mongo/util/debugger.cpp:75 #2 0x000055555a667f18 in mongo::(anonymous namespace)::myTerminate () at src/mongo/util/signal_handlers_synchronous.cpp:229 #3 0x00007ffff53962a6 in __cxxabiv1::__terminate (handler=<optimized out>) at /build/gcc/src/gcc/libstdc++-v3/libsupc++/eh_terminate.cc:47 #4 0x00007ffff53962f1 in std::terminate () at /build/gcc/src/gcc/libstdc++-v3/libsupc++/eh_terminate.cc:57 #5 0x000055555a5658f8 in mongo::(anonymous namespace)::SSLThreadInfo::SSLThreadInfo (this=0x602000140010) at src/mongo/util/net/ssl_manager.cpp:169 #6 0x000055555a560f25 in mongo::(anonymous namespace)::SSLThreadInfo::get () at src/mongo/util/net/ssl_manager.cpp:199 #7 0x000055555a560c99 in mongo::(anonymous namespace)::_ssl_id_callback () at src/mongo/util/net/ssl_manager.cpp:217 #8 0x00007ffff6786a72 in CRYPTO_THREADID_current () from /usr/lib/libcrypto.so.1.0.0 #9 0x00007ffff685f768 in ERR_remove_thread_state () from /usr/lib/libcrypto.so.1.0.0 #10 0x000055555a576710 in mongo::(anonymous namespace)::SSLThreadInfo::~SSLThreadInfo (this=0x60200013f650) at src/mongo/util/net/ssl_manager.cpp:174 #11 0x000055555a5766db in boost::thread_specific_ptr<mongo::(anonymous namespace)::SSLThreadInfo>::delete_data::operator() (this=0x602000002ad0, data=0x60200013f650) at src/third_party/boost-1.60.0/boost/thread/tss.hpp:42 #12 0x000055555b00f258 in boost::detail::(anonymous namespace)::tls_destructor (data=0x6130000c0a00) at src/third_party/boost-1.60.0/libs/thread/src/pthread/thread.cpp:108 #13 0x00007ffff50ef429 in __nptl_deallocate_tsd.part.4 () from /usr/lib/libpthread.so.0 #14 0x00007ffff50f0498 in start_thread () from /usr/lib/libpthread.so.0 #15 0x00007ffff4c1a54f in clone () from /usr/lib/libc.so.6
- is duplicated by
-
SERVER-28660 memory leak of mongodb database with SSL support
- Closed