Major - P3 The stageDebug command allows you to construct a DeleteStage with a NULL child which causes a crash in getStageByType.
* thread #15: tid = 0x000e, 0x000000010e7879b6 mongod`mongo::(anonymous namespace)::getStageByType(root=0x0000000000000000, type=STAGE_SUBPLAN) + 22 at plan_executor.cpp:65, stop reason = signal SIGSTOP
frame #0: 0x000000010e7879b6 mongod`mongo::(anonymous namespace)::getStageByType(root=0x0000000000000000, type=STAGE_SUBPLAN) + 22 at plan_executor.cpp:65
frame #1: 0x000000010e787a47 mongod`mongo::(anonymous namespace)::getStageByType(root=0x00007fd572446600, type=STAGE_SUBPLAN) + 167 at plan_executor.cpp:71
frame #2: 0x000000010e787a47 mongod`mongo::(anonymous namespace)::getStageByType(root=0x00007fd574d11180, type=STAGE_SUBPLAN) + 167 at plan_executor.cpp:71
frame #3: 0x000000010e78658c mongod`mongo::PlanExecutor::pickBestPlan(this=0x00007fd57243b7f0, policy=YIELD_AUTO) + 140 at plan_executor.cpp:186
frame #4: 0x000000010e783156 mongod`mongo::PlanExecutor::make(txn=0x00000001130ef318, ws=unique_ptr<mongo::WorkingSet, std::__1::default_delete<mongo::WorkingSet> > at 0x00000001130eb6f8, rt=unique_ptr<mongo::PlanStage, std::__1::default_delete<mongo::PlanStage> > at 0x00000001130eb6f0, qs=unique_ptr<mongo::QuerySolution, std::__1::default_delete<mongo::QuerySolution> > at 0x00000001130eb6e8, cq=unique_ptr<mongo::CanonicalQuery, std::__1::default_delete<mongo::CanonicalQuery> > at 0x00000001130eb6e0, collection=0x00007fd574d532d0, ns=0x00000001130eb6c8, yieldPolicy=YIELD_AUTO) + 2726 at plan_executor.cpp:143
frame #5: 0x000000010e781e3b mongod`mongo::PlanExecutor::make(opCtx=0x00000001130ef318, ws=<unavailable>, rt=<unavailable>, collection=0x00007fd574d532d0, yieldPolicy=YIELD_AUTO) + 1243 at plan_executor.cpp:87
frame #6: 0x000000010e376951 mongod`mongo::StageDebugCmd::run(this=0x00007fd57250ecc0, txn=0x00000001130ef318, dbname=0x00000001130ed2d0, cmdObj=0x00000001130ed300, (null)=0, errmsg=0x00000001130ed2e8, result=0x00000001130ed3b0) + 4865 at stagedebug_cmd.cpp:176
frae #7: 0x000000010e264b7a mongod`mongo::Command::run(this=0x00007fd57250ecc0, txn=0x00000001130ef318, request=0x00000001130ee030, replyBuilder=0x00000001130ee0b0) + 1642 at dbcommands.cpp:1307
frame #8: 0x000000010e26419d mongod`mongo::Command::execCommand(txn=0x00000001130ef318, command=0x00007fd57250ecc0, request=0x00000001130ee030, replyBuilder=0x00000001130ee0b0) + 4861 at dbcommands.cpp:1257
frame #9: 0x000000010e113f70 mongod`mongo::runCommands(txn=0x00000001130ef318, request=0x00000001130ee030, replyBuilder=0x00000001130ee0b0) + 1952 at commands.cpp:495
frame #10: 0x000000010e4beee9 mongod`mongo::(anonymous namespace)::receivedRpc(txn=0x00000001130ef318, client=0x00007fd574d5e5d0, dbResponse=0x00000001130ef390, message=0x00000001130efb90) + 633 at instance.cpp:289
frame #11: 0x000000010e4bb899 mongod`mongo::assembleResponse(txn=0x00000001130ef318, m=0x00000001130efb90, dbresponse=0x00000001130ef390, remote=0x00000001130ef2f8) + 2441 at instance.cpp:507
frame #12: 0x000000010ddf2d03 mongod`mongo::MyMessageHandler::process(this=0x00007fd57250c120, m=0x00000001130efb90, port=0x00007fd5749502f0) + 307 at db.cpp:167
frame #13: 0x000000010f0309e7 mongod`mongo::PortMessageServer::handleIncomingMsg(arg=0x00007fd5749502f0) + 2983 at message_server_port.cpp:229
frame #14: 0x000000010f02ed6a mongod`void* std::__1::__thread_proxy<std::__1::tuple<std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> > >(void*) [inlined] decltype(__f=0x00007fd574b35310, __args=0x00007fd574b35318)(void*)>(fp)(std::__1::forward<mongo::(anonymous namespace)::MessagingPortWithHandler*&>(fp0))) std::__1::__invoke<void* (*&)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*&>(void* (*&&&)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*&&&) + 24 at __functional_base:413
frame #15: 0x000000010f02ed52 mongod`void* std::__1::__thread_proxy<std::__1::tuple<std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> > >(void*) [inlined] std::__1::__bind_return<void* (*)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>, std::__1::tuple<>, _is_valid_bind_return<void* (*)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>, std::__1::tuple<> >::value>::type std::__1::__apply_functor<void* (__f=0x00007fd574b35310, __bound_args=0x00007fd574b35318, (null)=__tuple_indices<0> at 0x00000001130efea0, __args=0x00000001130efe60)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>, 0ul, std::__1::tuple<> >(void* (*&)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>&, std::__1::__tuple_indices<0ul>, std::__1::tuple<>&&) + 40 at functional:2023
frame #16: 0x000000010f02ed2a mongod`void* std::__1::__thread_proxy<std::__1::tuple<std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> > >(void*) [inlined] std::__1::__bind_return<void* (*)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>, std::__1::tuple<>, _is_valid_bind_return<void* (*)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>, std::__1::tuple<> >::value>::type std::__1::__bind<void* (this=0x00007fd574b35310)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*>::operator()<>() + 38 at functional:2086
frame #17: 0x000000010f02ed04 mongod`void* std::__1::__thread_proxy<std::__1::tuple<std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> > >(void*) [inlined] decltype(__f=0x00007fd574b35310)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> >(fp)(std::__1::forward<>(fp0))) std::__1::__invoke<std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> >(std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*>&&) + 11 at __functional_base:413
frame #18: 0x000000010f02ecf9 mongod`void* std::__1::__thread_proxy<std::__1::tuple<std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> > >(void*) [inlined] void std::__1::__thread_execute<std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> >(__t=0x00007fd574b35310, (null)=__tuple_indices<> at 0x00000001130efe38)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> >&, std::__1::__tuple_indices<>) + 25 at thread:332
frame #19: 0x000000010f02ece0 mongod`void* std::__1::__thread_proxy<std::__1::tuple<std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> > >(__vp=0x00007fd574b35310) + 368 at thread:342
frame #20: 0x00007fff8c7a8268 libsystem_pthread.dylib`_pthread_body + 131
frame #21: 0x00007fff8c7a81e5 libsystem_pthread.dylib`_pthread_start + 176
frame #22: 0x00007fff8c7a641d libsystem_pthread.dylib`thread_start + 13
mongod version 2f631e8
- links to