-
Type:
Bug
-
Resolution: Done
-
Priority:
Major - P3
-
None
-
Affects Version/s: 2.4.12, 2.8.0-rc3
-
Component/s: Sharding
-
None
-
Sharding
-
ALL
-
Sharding C (11/20/15)
-
None
-
3
-
None
-
None
-
None
-
None
-
None
-
None
ParallelConnectionMetadata::cleanup calls ShardConnection::done, which can potentially delete the underlying connection (https://github.com/mongodb/mongo/blob/r2.8.0-rc3/src/mongo/client/connpool.cpp#L66-73). This is also the same connection pointer stored in the cursor and when it's destructor gets called, it can try to access the pointer (https://github.com/mongodb/mongo/blob/r2.8.0-rc3/src/mongo/client/dbclientcursor.cpp#L364-372).
Sample stacktrace from special local 2.4.12 build with special fail points to make it fail easier:
m30999| /home/ren/mongo-copy/mongos(_ZN5mongo17printStackAndExitEi+0x65)[0x965f65] m30999| /lib/x86_64-linux-gnu/libc.so.6(+0x370b0)[0x7f3885d7d0b0] m30999| /lib/x86_64-linux-gnu/libc.so.6(+0x150fe9)[0x7f3885e96fe9] m30999| /home/ren/mongo-copy/mongos(_ZNK5mongo18DBClientReplicaSet11_getMonitorEv+0xa9)[0x6b8269] m30999| /home/ren/mongo-copy/mongos(_ZN5mongo18DBClientReplicaSet11checkMasterEv+0x24)[0x6b8314] m30999| /home/ren/mongo-copy/mongos(_ZN5mongo18DBClientReplicaSet3sayERNS_7MessageEbPSs+0x7e)[0x6bbc6e] m30999| /home/ren/mongo-copy/mongos(_ZN5mongo14DBClientCursorD1Ev+0x578)[0x6c6238] m30999| /home/ren/mongo-copy/mongos(_ZN5mongo14DBClientCursorD0Ev+0x9)[0x6c65e9] m30999| /home/ren/mongo-copy/mongos(_ZN5boost6detail12shared_countD2Ev+0x39)[0x6736c9] m30999| /home/ren/mongo-copy/mongos(_ZN5boost6detail17sp_counted_impl_pIN5mongo23ParallelConnectionStateEE7disposeEv+0x2a)[0x6f6efa] m30999| /home/ren/mongo-copy/mongos(_ZN5boost6detail12shared_countD2Ev+0x39)[0x6736c9] m30999| /home/ren/mongo-copy/mongos(_ZN5mongo26ParallelConnectionMetadata7cleanupEb+0x172)[0x6e47a2] m30999| /home/ren/mongo-copy/mongos(_ZNSt8_Rb_treeIN5mongo5ShardESt4pairIKS1_NS0_26ParallelConnectionMetadataEESt10_Select1stIS5_ESt4lessIS1_ESaIS5_EE8_M_eraseEPSt13_Rb_tree_nodeIS5_E+0x4b)[0x6f84bb] m30999| /home/ren/mongo-copy/mongos(_ZN5mongo27ParallelSortClusteredCursorD1Ev+0xcd)[0x6e585d] m30999| /home/ren/mongo-copy/mongos(_ZN5mongo27ParallelSortClusteredCursorD0Ev+0x9)[0x6e59e9] m30999| /home/ren/mongo-copy/mongos(_ZN5mongo13ShardStrategy7queryOpERNS_7RequestE+0x11cd)[0x8c434d] m30999| /home/ren/mongo-copy/mongos(_ZN5mongo7Request7processEi+0x18f)[0x8aa74f] m30999| /home/ren/mongo-copy/mongos(_ZN5mongo21ShardedMessageHandler7processERNS_7MessageEPNS_21AbstractMessagingPortEPNS_9LastErrorE+0x60)[0x679090] m30999| /home/ren/mongo-copy/mongos(_ZN5mongo17PortMessageServer17handleIncomingMsgEPv+0x471)[0x951501] m30999| /lib/x86_64-linux-gnu/libpthread.so.0(+0x7f8e)[0x7f3886b44f8e]
- is related to
-
-
- Closed
-