NULL pointer crash in Chunk::_getExtremeKey

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Done
    • Priority: Major - P3
    • 3.1.6
    • Affects Version/s: 3.1.5
    • Component/s: Sharding
    • Fully Compatible
    • ALL
    • Sharding 7 08/10/15
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Chunk::_getExtremeKey has this code:

          if (doSplitAtLower) {
        // Splitting close to the lower bound means that the split point will be the
        // upper bound. Chunk range upper bounds are exclusive so skip a document to
        // make the lower half of the split end up with a single document.
        unique_ptr<DBClientCursor> cursor = conn->query(_manager->getns(),
                                                        q,
                                                        1, /* nToReturn */
                                                        1 /* nToSkip */);

        if (cursor->more()) {
            end = cursor->next().getOwned();
        }

      cursor can be NULL when conn->query fails to initialize a client cursor due to an unreachable node (in this case, the node has been killed).

      Backtrace:

      Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f79405f6700 (LWP 16290)]
0x00000000011d5f31 in mongo::Chunk::_getExtremeKey (this=0x7f79180048b0, doSplitAtLower=true) at src/mongo/s/chunk.cpp:252
252	        if (cursor->more()) {

(gdb) p cursor.get()
$2 = (mongo::DBClientCursor *) 0x0

(gdb) bt
#0  0x00000000011d5f31 in mongo::Chunk::_getExtremeKey (this=0x7f79180048b0, doSplitAtLower=true) at src/mongo/s/chunk.cpp:252
#1  0x00000000011d7182 in mongo::Chunk::split (this=0x7f79180048b0, mode=mongo::Chunk::autoSplitInternal, resultingSplits=0x7f791f6fbda0, res=0x7f791f6fbdc0) at src/mongo/s/chunk.cpp:386
#2  0x00000000011d8f3d in mongo::Chunk::splitIfShould (this=0x7f79180048b0, dataWritten=35) at src/mongo/s/chunk.cpp:553
#3  0x000000000121213d in mongo::(anonymous namespace)::splitIfNeeded (nss=..., stats=...) at src/mongo/s/cluster_write.cpp:147
#4  0x0000000001213073 in mongo::ClusterWriter::write (this=0x7f791f6fc3b0, origRequest=..., response=0x7f791f6fc410) at src/mongo/s/cluster_write.cpp:263
#5  0x0000000001245a1a in mongo::(anonymous namespace)::ClusterWriteCmd::run (this=0x1adbd40 <mongo::(anonymous namespace)::clusterInsertCmd>, txn=0x7f78f8006130, dbname=..., cmdObj=..., options=0, 
    errmsg=..., result=...) at src/mongo/s/commands/cluster_write_cmd.cpp:150
#6  0x000000000126c99e in mongo::Command::execCommandClientBasic (txn=0x7f78f8006130, c=0x1adbd40 <mongo::(anonymous namespace)::clusterInsertCmd>, client=..., queryOptions=0, 
    ns=0x7f78f8000e64 "test.$cmd", cmdObj=..., result=...) at src/mongo/s/s_only.cpp:123
#7  0x000000000126ce3a in mongo::Command::runAgainstRegistered (ns=0x7f78f8000e64 "test.$cmd", jsobj=..., anObjBuilder=..., queryOptions=0) at src/mongo/s/s_only.cpp:164
#8  0x0000000001275c42 in mongo::Strategy::clientCommandOp (r=...) at src/mongo/s/strategy.cpp:309
#9  0x000000000126ba3f in mongo::Request::process (this=0x7f791f6fcb90, attempt=0) at src/mongo/s/request.cpp:112
#10 0x0000000000d92d44 in mongo::ShardedMessageHandler::process (this=0x7fff1692b920, m=..., p=0x3af5230) at src/mongo/s/server.cpp:142
#11 0x00000000012dc9dd in mongo::PortMessageServer::handleIncomingMsg (arg=0x3af5230) at src/mongo/util/net/message_server_port.cpp:229
#12 0x00007f79603a0182 in start_thread (arg=0x7f791f6fd700) at pthread_create.c:312
#13 0x00007f79600cd47d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

      Version: 6c49d69bbae5d8807fc205dbca12eecf1a60258b

            Assignee:
            Randolph Tan
            Reporter:
            Kamran K. (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: