Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-17338

NULL pointer crash when running copydb against stepped-down 2.6 primary

XMLWordPrintableJSON

    • Fully Compatible
    • ALL

      DBClientWithCommands::getCollectionInfos() queries against 'system.namespaces' with DBClientCursor. This cursor can be NULL when the client fails to connect to the target server.

      One way to trigger the failure is to issue a copydb command against a stepped-down 2.6 primary while running a 3.0 node (or another 2.6 node):

      * thread #13: tid = 0x138c8a5, 0x000000010b097d09 mongod`mongo::DBClientWithCommands::getCollectionInfos(this=0x00007fd873602770, db=0x000000011c5a62b8, filter=0x000000011c5a4a60) + 6169 at dbclient.cpp:962, stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
    frame #0: 0x000000010b097d09 mongod`mongo::DBClientWithCommands::getCollectionInfos(this=0x00007fd873602770, db=0x000000011c5a62b8, filter=0x000000011c5a4a60) + 6169 at dbclient.cpp:962
   959 	        string ns = db + ".system.namespaces";
   960 	        auto_ptr<DBClientCursor> c = query(
   961 	                ns.c_str(), fallbackFilter.obj(), 0, 0, 0, QueryOption_SlaveOk);
-> 962 	        while ( c->more() ) {
   963 	            BSONObj obj = c->nextSafe();
   964 	            string ns = obj["name"].valuestr();
   965 	            if ( ns.find( "$" ) != string::npos )
(lldb) p c
(std::__1::auto_ptr<mongo::DBClientCursor>) $0 = {
  __ptr_ = 0x0000000000000000
}
(lldb) bt
* thread #13: tid = 0x138c8a5, 0x000000010b097d09 mongod`mongo::DBClientWithCommands::getCollectionInfos(this=0x00007fd873602770, db=0x000000011c5a62b8, filter=0x000000011c5a4a60) + 6169 at dbclient.cpp:962, stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
  * frame #0: 0x000000010b097d09 mongod`mongo::DBClientWithCommands::getCollectionInfos(this=0x00007fd873602770, db=0x000000011c5a62b8, filter=0x000000011c5a4a60) + 6169 at dbclient.cpp:962
    frame #1: 0x000000010b2b1b04 mongod`mongo::Cloner::go(this=0x000000011c5a6228, txn=0x000000011c5ab750, toDBName=0x000000011c5a6270, masterHost=0x000000011c5a6448, opts=0x000000011c5a62b8, clonedColls=0x0000000000000000, errmsg=0x000000011c5a79e0, errCode=0x0000000000000000) + 4084 at cloner.cpp:510
    frame #2: 0x000000010b2e0444 mongod`mongo::CmdCopyDb::run(this=0x000000010cc47388, txn=0x000000011c5ab750, dbname=0x000000011c5a7d90, cmdObj=0x000000011c5a85b0, (null)=0, errmsg=0x000000011c5a79e0, result=0x000000011c5a9820, fromRepl=false) + 13348 at copydb.cpp:228
    frame #3: 0x000000010b3e7495 mongod`mongo::_execCommand(txn=0x000000011c5ab750, c=0x000000010cc47388, dbname=0x000000011c5a7d90, cmdObj=0x000000011c5a85b0, queryOptions=0, errmsg=0x000000011c5a79e0, result=0x000000011c5a9820, fromRepl=false) + 197 at dbcommands.cpp:1294
    frame #4: 0x000000010b3e993c mongod`mongo::Command::execCommand(txn=0x000000011c5ab750, c=0x000000010cc47388, queryOptions=0, cmdns=0x00007fd877807414, cmdObj=0x000000011c5a85b0, result=0x000000011c5a9820, fromRepl=false) + 6940 at dbcommands.cpp:1510
    frame #5: 0x000000010b3ea5aa mongod`mongo::_runCommands(txn=0x000000011c5ab750, ns=0x00007fd877807414, _cmdobj=0x000000011c5aa2e8, b=0x000000011c5a9878, anObjBuilder=0x000000011c5a9820, fromRepl=false, queryOptions=0) + 2138 at dbcommands.cpp:1582
    frame #6: 0x000000010b7d4310 mongod`mongo::runCommands(txn=0x000000011c5ab750, ns=0x00007fd877807414, jsobj=0x000000011c5aa2e8, curop=0x00007fd877804200, b=0x000000011c5a9878, anObjBuilder=0x000000011c5a9820, fromRepl=false, queryOptions=0) + 96 at find.cpp:137
    frame #7: 0x000000010b7d08fd mongod`mongo::runQuery(txn=0x000000011c5ab750, m=0x000000011c5abcf0, q=0x000000011c5aa2d0, nss=0x000000011c5aa288, curop=0x00007fd877804200, result=0x00007fd873601270, fromDBDirectClient=false) + 1229 at find.cpp:606
    frame #8: 0x000000010b60d970 mongod`mongo::receivedQuery(txn=0x000000011c5ab750, c=0x00007fd8736017d0, dbresponse=0x000000011c5ab6c8, m=0x000000011c5abcf0, fromDBDirectClient=false) + 928 at instance.cpp:220
    frame #9: 0x000000010b60b840 mongod`mongo::assembleResponse(txn=0x000000011c5ab750, m=0x000000011c5abcf0, dbresponse=0x000000011c5ab6c8, remote=0x000000011c5ab6a8, fromDBDirectClient=false) + 1488 at instance.cpp:403
    frame #10: 0x000000010affd28b mongod`mongo::MyMessageHandler::process(this=0x00007fd873503840, m=0x000000011c5abcf0, port=0x00007fd873507b60, le=0x00007fd873601710) + 395 at db.cpp:206
    frame #11: 0x000000010bef9716 mongod`mongo::PortMessageServer::handleIncomingMsg(arg=0x00007fd873507b60) + 2774 at message_server_port.cpp:229
    frame #12: 0x000000010bef7c44 mongod`boost::detail::thread_data<std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> >::run() [inlined] decltype(__f=0x00007fd873507e00, __args=0x00007fd873507e08)(void*)>(fp)(std::__1::forward<mongo::(anonymous namespace)::MessagingPortWithHandler*&>(fp0))) std::__1::__invoke<void* (*&)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*&>(void* (*&&&)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*&&&) + 164 at __functional_base:413
    frame #13: 0x000000010bef7c21 mongod`boost::detail::thread_data<std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> >::run() [inlined] std::__1::__bind_return<void* (this=0x000000011c5abdd8, __f=0x00007fd873507e00, __bound_args=0x00007fd873507e08, (null)=__tuple_indices<0> at 0x000000011c5abe18, __args=0x000000011c5abdd8)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>, std::__1::tuple<>, _is_valid_bind_return<void* (*)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>, std::__1::tuple<> >::value>::type std::__1::__apply_functor<void* (*)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>, 0ul, std::__1::tuple<> >(void* (*&)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>&, std::__1::__tuple_indices<0ul>, std::__1::tuple<>&&) + 48 at functional:2022
    frame #14: 0x000000010bef7bf1 mongod`boost::detail::thread_data<std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> >::run() [inlined] std::__1::__bind_return<void* (this=0x00007fd873507e00)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>, std::__1::tuple<>, _is_valid_bind_return<void* (*)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>, std::__1::tuple<> >::value>::type std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*>::operator()<>() + 34 at functional:2085
    frame #15: 0x000000010bef7bcf mongod`boost::detail::thread_data<std::__1::__bind<void* (this=0x00007fd873507c00)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> >::run() + 47 at thread.hpp:115
    frame #16: 0x000000010c00e9d5 mongod`boost::(anonymous namespace)::thread_proxy(param=0x00007fd873507c00) + 133 at thread.cpp:173
    frame #17: 0x00007fff8e60b268 libsystem_pthread.dylib`_pthread_body + 131
    frame #18: 0x00007fff8e60b1e5 libsystem_pthread.dylib`_pthread_start + 176
    frame #19: 0x00007fff8e60941d libsystem_pthread.dylib`thread_start + 13

            Assignee:
            geert.bosch@mongodb.com Geert Bosch
            Reporter:
            kamran.khan Kamran K.
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: