Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-11514

segfault on upsert with conflicting fields in the query document

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Duplicate
    • Priority: Icon: Critical - P2 Critical - P2
    • None
    • Affects Version/s: None
    • Component/s: None
    • Labels:
    • Environment:
      Tested against mongod git version eab2644c221206c121ac1ab93fcf95c8100f4ff3
    • ALL

      Here are examples of upserts that crash mongod:

      1)

      > db.x.drop();
> db.x.update( { "a": {}, "a.c": 2 } , { $set : { x: 1 } }, true , false )

      2)

      > db.x.drop();
> db.x.update( { "a.b": 1, "a.c": 2 } , { $set: {x: 1} }, true , false )

      These do NOT cause a segfault when the upsert flag is set to false. There is also no crash if there are no conflicting fields in the query document, as in this example:

      > db.x.drop()
> db.x.update( { "a.b": 1, "c.d": 2 } , { $set: {x: 1} }, true , false )

      Example stack trace from mongod when it crashes:

      Invalid access at address: 0x8 from thread: conn1
Got signal: 11 (Segmentation fault: 11).
Backtrace:
0x10061fdfb 0x1000015ab 0x100001761 0x7fff8ba6590a 0x104aa5388 0x10031ef8f 0x10031ade0 0x10029472a 0x1002989cb 0x1000074d4 0x1005ec461 0x100652605 0x7fff8ba77772 0x7fff8ba641a1
 0   mongod                              0x000000010061fdfb _ZN5mongo15printStackTraceERSo + 43
 1   mongod                              0x00000001000015ab _ZN5mongo10abruptQuitEi + 251
 2   mongod                              0x0000000100001761 _ZN5mongo24abruptQuitWithAddrSignalEiP9__siginfoPv + 257
 3   libsystem_c.dylib                   0x00007fff8ba6590a _sigtramp + 26
 4   ???                                 0x0000000104aa5388 0x0 + 4373238664
 5   mongod                              0x000000010031ef8f _ZN5mongo12UpdateDriver15createFromQueryERKNS_7BSONObjERNS_11mutablebson8DocumentE + 1107
 6   mongod                              0x000000010031ade0 _ZN5mongo6updateERKNS_13UpdateRequestEPNS_7OpDebugEPNS_12UpdateDriverE + 7104
 7   mongod                              0x000000010029472a _ZN5mongo14receivedUpdateERNS_7MessageERNS_5CurOpE + 2938
 8   mongod                              0x00000001002989cb _ZN5mongo16assembleResponseERNS_7MessageERNS_10DbResponseERKNS_11HostAndPortE + 7499
 9   mongod                              0x00000001000074d4 _ZN5mongo16MyMessageHandler7processERNS_7MessageEPNS_21AbstractMessagingPortEPNS_9LastErrorE + 308
 10  mongod                              0x00000001005ec461 _ZN5mongo17PortMessageServer17handleIncomingMsgEPv + 1681
 11  mongod                              0x0000000100652605 thread_proxy + 229
 12  libsystem_c.dylib                   0x00007fff8ba77772 _pthread_start + 327
 13  libsystem_c.dylib                   0x00007fff8ba641a1 thread_start + 13

            Assignee:
            scotthernandez Scott Hernandez (Inactive)
            Reporter:
            david.storch@mongodb.com David Storch
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: