Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-20382

Null pointer dereference on shutdown

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Duplicate
    • Priority: Icon: Minor - P4 Minor - P4
    • None
    • Affects Version/s: 3.1.7
    • Component/s: Sharding
    • None
    • ALL
    • Hide

      Compile mongod with ASAN and UBSAN on Clang.
      Call `./mongod`.
      Press ctrl-c.

      Show
      Compile mongod with ASAN and UBSAN on Clang. Call `./mongod`. Press ctrl-c.
    • Sharding A (10/09/15)
    • None
    • 0
    • None
    • None
    • None
    • None
    • None
    • None

      While running ASAN and UBSAN:

      ^C2015-09-11T17:01:15.879-0400 I CONTROL  [signalProcessingThread] got signal 2 (Interrupt), will terminate after current cmd ends
2015-09-11T17:01:15.879-0400 I FTDC     [signalProcessingThread] Stopping full-time diagnostic data capture
src/mongo/s/grid.cpp:139:12: runtime error: member call on null pointer of type 'mongo::ForwardingCatalogManager'
SUMMARY: AddressSanitizer: undefined-behavior src/mongo/s/grid.cpp:139 
ASAN:SIGSEGV
=================================================================
==23668==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000bba0a80 bp 0x7f7bb915ad10 sp 0x7f7bb915ac00 T1)
    #0 0xbba0a7f in mongo::Grid::catalogManager(mongo::OperationContext*) /home/sajack/mongo/src/mongo/s/grid.cpp:139:12
    #1 0x6106d3b in mongo::exitCleanly(mongo::ExitCode) /home/sajack/mongo/src/mongo/db/instance.cpp:1235:23
    #2 0xcc2ce81 in mongo::(anonymous namespace)::signalProcessingThread() /home/sajack/mongo/src/mongo/util/signal_handlers.cpp:182:17
    #3 0x8623804 in void std::_Bind_simple<void (*())()>::_M_invoke<>(std::_Index_tuple<>) /bin/../lib64/gcc/x86_64-unknown-linux-gnu/5.2.0/../../../../include/c++/5.2.0/functional:1530:18
    #4 0x862344f in std::_Bind_simple<void (*())()>::operator()() /bin/../lib64/gcc/x86_64-unknown-linux-gnu/5.2.0/../../../../include/c++/5.2.0/functional:1520:16
    #5 0x8623229 in std::thread::_Impl<std::_Bind_simple<void (*())()> >::_M_run() /bin/../lib64/gcc/x86_64-unknown-linux-gnu/5.2.0/../../../../include/c++/5.2.0/thread:115:13
    #6 0x7f7bbf68a34f in execute_native_thread_routine /build/gcc/src/gcc-5.2.0/libstdc++-v3/src/c++11/thread.cc:84
    #7 0x7f7bbf3bb4a3 in start_thread (/usr/lib/libpthread.so.0+0x74a3)
    #8 0x7f7bbeee313c in __clone (/usr/lib/libc.so.6+0xe913c)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/sajack/mongo/src/mongo/s/grid.cpp:139 mongo::Grid::catalogManager(mongo::OperationContext*)
Thread T1 created by T0 here:
    #0 0x29397e0 in __interceptor_pthread_create (/home/sajack/mongo/mongod+0x29397e0)
    #1 0x7f7bbf68a492 in __gthread_create /build/gcc/src/gcc-build/x86_64-unknown-linux-gnu/libstdc++-v3/include/x86_64-unknown-linux-gnu/bits/gthr-default.h:662
    #2 0x7f7bbf68a492 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) /build/gcc/src/gcc-5.2.0/libstdc++-v3/src/c++11/thread.cc:149

==23668==ABORTING

      It seems calling grid.catalogManager() will dereference _catalogManager, which is a null pointer if grid.init() isn't called from s/sharding_initialization.cpp.

            Assignee:
            schwerin@mongodb.com Andy Schwerin
            Reporter:
            spencer.jackson@mongodb.com Spencer Jackson
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: