Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Major - P3
Fix Version/s: 3.0.0-rc9, 3.1.0
Affects Version/s: 3.0.0-rc7
Component/s: Index Maintenance, Storage
Labels:
- 28qa

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Completed:

3.0.0-rc9
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

During a longevity test, I noticed a crash that was triggered by a getmore operation accessing invalid BSONObj objdata. The getmore was happening concurrently with a repair on the same database.

(gdb) bt
#0  __memcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:166
#1  0x0000000001143b50 in mongo::ConstDataView::readNative<int> (this=0x7ffdd7caef50, t=0x7ffdd7caef0c, offset=0) at src/mongo/base/data_view.h:59
#2  0x00000000011425c7 in mongo::ConstDataView::readNative<int> (this=0x7ffdd7caef50, offset=0) at src/mongo/base/data_view.h:66
#3  0x0000000001140237 in mongo::ConstDataView::readLE<int> (this=0x7ffdd7caef50, offset=0) at src/mongo/base/data_view.h:72
#4  0x000000000113d195 in mongo::BSONObj::objsize (this=0x7ffdd7caf130) at src/mongo/bson/bsonobj.h:318
#5  0x00000000015365ce in mongo::getMore (txn=0x7ffdd7caf7d0, ns=0x4ac8414 "aggdb.$cmd.listIndexes.testGeoUpdate", ntoreturn=0, cursorid=4905077146, curop=..., pass=0, exhaust=@0x7ffdd7caf296: false, 
    isCursorAuthorized=0x7ffdd7caf320, fromDBDirectClient=false) at src/mongo/db/query/find.cpp:341
#6  0x00000000014420fb in mongo::receivedGetMore (txn=0x7ffdd7caf7d0, dbresponse=..., m=..., curop=..., fromDBDirectClient=false) at src/mongo/db/instance.cpp:786
#7  0x000000000143f0e3 in mongo::assembleResponse (txn=0x7ffdd7caf7d0, m=..., dbresponse=..., remote=..., fromDBDirectClient=false) at src/mongo/db/instance.cpp:406
#8  0x000000000113f4f8 in mongo::MyMessageHandler::process (this=0x30b81c0, m=..., port=0xc16fa40, le=0x73d5db0) at src/mongo/db/db.cpp:206
#9  0x00000000018e1118 in mongo::PortMessageServer::handleIncomingMsg (arg=0xc16fa40) at src/mongo/util/net/message_server_port.cpp:229
#10 0x00007ffff7bc4182 in start_thread (arg=0x7ffdd7cb0700) at pthread_create.c:312
#11 0x00007ffff6cc500d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

(gdb) f 5
#5  0x00000000015365ce in mongo::getMore (txn=0x7ffdd7caf7d0, ns=0x4ac8414 "aggdb.$cmd.listIndexes.testGeoUpdate", ntoreturn=0, cursorid=4905077146, curop=..., pass=0, exhaust=@0x7ffdd7caf296: false, 
    isCursorAuthorized=0x7ffdd7caf320, fromDBDirectClient=false) at src/mongo/db/query/find.cpp:341
341                     bb.appendBuf((void*)obj.objdata(), obj.objsize());
(gdb) p obj
$57 = {_objdata = 0x7ffacc2d6340 <error: Cannot access memory at address 0x7ffacc2d6340>, _ownedBuffer = {_holder = {px = 0x0}}}

Version: ac9ee2fb80f2afc2737

is related to

SERVER-14707 listCollections and listIndexes commands should return a cursor

Closed

Assignee:: David Storch
Reporter:: Kamran K. (Inactive)
Participants:: David Storch, Githook User, Kamran K.
Votes:: 0 Vote for this issue
Watchers:: 7 Start watching this issue

Created:: Jan 29 2015 06:52:13 AM UTC
Updated:: Sep 18 2015 10:39:47 PM UTC
Resolved:: Feb 18 2015 10:54:00 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates