Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-19725

NULL pointer crash in QueryPlanner::plan with $near operator

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.6.12, 3.0.7, 3.1.7
    • Affects Version/s: 2.6.10, 3.0.5, 3.1.6
    • Component/s: Querying
    • Labels:
      None
    • Fully Compatible
    • ALL
    • Quint Iteration 7

      Affects 2.6.x and up.

      Backtrace:

      (lldb) f 1
frame #1: 0x00000001009f838c mongod`mongo::QueryPlanner::plan(query=0x0000000104825550, params=0x000000010a86dde0, out=0x000000010a86d9c0) + 21372 at query_planner.cpp:669
   666 	    if (QueryPlannerCommon::hasNode(query.root(), MatchExpression::GEO_NEAR, &gnNode)) {
   667 	        // No index for GEO_NEAR?  No query.
   668 	        RelevantTag* tag = static_cast<RelevantTag*>(gnNode->getTag());
-> 669 	        if (0 == tag->first.size() && 0 == tag->notFirst.size()) {
   670 	            LOG(5) << "Unable to find index for $geoNear query." << endl;
   671 	            // Don't leave tags on query tree.
   672 	            query.root()->resetTag();
(lldb) p tag
(mongo::RelevantTag *) $2 = 0x0000000000000000

* thread #2: tid = 0x23341ea, 0x00000001009f838c mongod`mongo::QueryPlanner::plan(mongo::CanonicalQuery const&, mongo::QueryPlannerParams const&, std::__1::vector<mongo::QuerySolution*, std::__1::allocator<mongo::QuerySolution*> >*) [inlined] std::__1::vector<unsigned long, std::__1::allocator<unsigned long> >::size(this=0x0000000000000008) const at vector:653, stop reason = EXC_BAD_ACCESS (code=1, address=0x10)
    frame #0: 0x00000001009f838c mongod`mongo::QueryPlanner::plan(mongo::CanonicalQuery const&, mongo::QueryPlannerParams const&, std::__1::vector<mongo::QuerySolution*, std::__1::allocator<mongo::QuerySolution*> >*) [inlined] std::__1::vector<unsigned long, std::__1::allocator<unsigned long> >::size(this=0x0000000000000008) const at vector:653
  * frame #1: 0x00000001009f838c mongod`mongo::QueryPlanner::plan(query=0x0000000104825550, params=0x000000010a86dde0, out=0x000000010a86d9c0) + 21372 at query_planner.cpp:669
    frame #2: 0x00000001009022fa mongod`mongo::(anonymous namespace)::prepareExecution(opCtx=0x000000010a872318, collection=0x0000000104e0ed90, ws=0x000000010483d240, canonicalQuery=0x0000000104825550, plannerOptions=0, rootOut=0x000000010a86e858, querySolutionOut=0x000000010a86e850) + 9498 at get_executor.cpp:335
    frame #3: 0x00000001008fe791 mongod`mongo::getExecutor(txn=0x000000010a872318, collection=0x0000000104e0ed90, canonicalQuery=unique_ptr<mongo::CanonicalQuery, std::__1::default_delete<mongo::CanonicalQuery> > at 0x000000010a86f380, yieldPolicy=YIELD_AUTO, plannerOptions=0) + 209 at get_executor.cpp:416
    frame #4: 0x0000000100906c3c mongod`mongo::getExecutorFind(txn=0x000000010a872318, collection=0x0000000104e0ed90, nss=0x000000010a8720f0, canonicalQuery=unique_ptr<mongo::CanonicalQuery, std::__1::default_delete<mongo::CanonicalQuery> > at 0x000000010a870198, yieldPolicy=YIELD_AUTO) + 1436 at get_executor.cpp:611
    frame #5: 0x00000001008f707a mongod`mongo::runQuery(txn=0x000000010a872318, q=0x000000010a870df8, nss=0x000000010a8720f0, result=0x000000010483dc20) + 3274 at find.cpp:515
    frame #6: 0x00000001006d7185 mongod`mongo::receivedQuery(txn=0x000000010a872318, nss=0x000000010a8720f0, c=0x0000000104821860, dbResponse=0x000000010a872390, m=0x000000010a872b90) + 837 at instance.cpp:376
    frame #7: 0x00000001006d4725 mongod`mongo::assembleResponse(txn=0x000000010a872318, m=0x000000010a872b90, dbresponse=0x000000010a872390, remote=0x000000010a8722f8) + 2389 at instance.cpp:504
    frame #8: 0x0000000100018f03 mongod`mongo::MyMessageHandler::process(this=0x000000010482f0a0, m=0x000000010a872b90, port=0x0000000104908b70) + 307 at db.cpp:165
    frame #9: 0x00000001012c6427 mongod`mongo::PortMessageServer::handleIncomingMsg(arg=0x0000000104908b70) + 2983 at message_server_port.cpp:229
    frame #10: 0x00000001012c47aa mongod`void* std::__1::__thread_proxy<std::__1::tuple<std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> > >(void*) [inlined] decltype(__f=0x0000000104905cf0, __args=0x0000000104905cf8)(void*)>(fp)(std::__1::forward<mongo::(anonymous namespace)::MessagingPortWithHandler*&>(fp0))) std::__1::__invoke<void* (*&)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*&>(void* (*&&&)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*&&&) + 24 at __functional_base:413
    frame #11: 0x00000001012c4792 mongod`void* std::__1::__thread_proxy<std::__1::tuple<std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> > >(void*) [inlined] std::__1::__bind_return<void* (*)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>, std::__1::tuple<>, _is_valid_bind_return<void* (*)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>, std::__1::tuple<> >::value>::type std::__1::__apply_functor<void* (__f=0x0000000104905cf0, __bound_args=0x0000000104905cf8, (null)=__tuple_indices<0> at 0x000000010a872ea0, __args=0x000000010a872e60)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>, 0ul, std::__1::tuple<> >(void* (*&)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>&, std::__1::__tuple_indices<0ul>, std::__1::tuple<>&&) + 40 at functional:2023
    frame #12: 0x00000001012c476a mongod`void* std::__1::__thread_proxy<std::__1::tuple<std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> > >(void*) [inlined] std::__1::__bind_return<void* (*)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>, std::__1::tuple<>, _is_valid_bind_return<void* (*)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>, std::__1::tuple<> >::value>::type std::__1::__bind<void* (this=0x0000000104905cf0)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*>::operator()<>() + 38 at functional:2086
    frame #13: 0x00000001012c4744 mongod`void* std::__1::__thread_proxy<std::__1::tuple<std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> > >(void*) [inlined] decltype(__f=0x0000000104905cf0)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> >(fp)(std::__1::forward<>(fp0))) std::__1::__invoke<std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> >(std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*>&&) + 11 at __functional_base:413
    frame #14: 0x00000001012c4739 mongod`void* std::__1::__thread_proxy<std::__1::tuple<std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> > >(void*) [inlined] void std::__1::__thread_execute<std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> >(__t=0x0000000104905cf0, (null)=__tuple_indices<> at 0x000000010a872e38)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> >&, std::__1::__tuple_indices<>) + 25 at thread:332
    frame #15: 0x00000001012c4720 mongod`void* std::__1::__thread_proxy<std::__1::tuple<std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> > >(__vp=0x0000000104905cf0) + 368 at thread:342
    frame #16: 0x00007fff938cd268 libsystem_pthread.dylib`_pthread_body + 131
    frame #17: 0x00007fff938cd1e5 libsystem_pthread.dylib`_pthread_start + 176
    frame #18: 0x00007fff938cb41d libsystem_pthread.dylib`thread_start + 13

            Assignee:
            david.storch@mongodb.com David Storch
            Reporter:
            j.delaney J Delaney
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: