-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Major - P3
-
Affects Version/s: 3.5.8
-
Component/s: Networking
-
Labels:None
-
Fully Compatible
-
ALL
Running nmap against a mongod off master, commit aafc13d6786bd99cf1f18c3161b3febddc4669c9, results in the server segfaulting.
The server was started with just './mongod'.
nmap was run with 'nmap 127.0.0.1 -p 27017'.
Backtrace taken with GDB:
Thread 28 "listener" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffddb14700 (LWP 19473)]
0x0000555559187ea3 in std::(anonymous namespace)::list<std::weak_ptr<mongo::transport::TransportLayerASIO::ASIOSession>, std::allocator<std::weak_ptr<mongo::transport::TransportLayerASIO::ASIOSession> > >::erase (this=0x7fffee8d0968,
__position=non-dereferenceable iterator for std::list) at /opt/mongodbtoolchain/v2/include/c++/5.4.0/bits/list.tcc:155
155 iterator __ret = iterator(__position._M_node->_M_next);
(gdb) bt
#0 0x0000555559187ea3 in std::(anonymous namespace)::list<std::weak_ptr<mongo::transport::TransportLayerASIO::ASIOSession>, std::allocator<std::weak_ptr<mongo::transport::TransportLayerASIO::ASIOSession> > >::erase (this=0x7fffee8d0968,
__position=non-dereferenceable iterator for std::list) at /opt/mongodbtoolchain/v2/include/c++/5.4.0/bits/list.tcc:155
#1 0x0000555559181c11 in (anonymous namespace)::(anonymous namespace)::TransportLayerASIO::eraseSession (this=0x7fffee8d0920,
it=non-dereferenceable iterator for std::list) at src/mongo/transport/transport_layer_asio.cpp:314
#2 0x0000555559185327 in (anonymous namespace)::(anonymous namespace)::TransportLayerASIO::ASIOSession::~ASIOSession (
this=0x7fffee8b96e0, __in_chrg=<optimized out>) at src/mongo/transport/session_asio.h:60
#3 0x00005555591853ac in (anonymous namespace)::(anonymous namespace)::TransportLayerASIO::ASIOSession::~ASIOSession (
this=0x7fffee8b96e0, __in_chrg=<optimized out>) at src/mongo/transport/session_asio.h:61
#4 0x000055555918d78a in std::_Sp_counted_ptr<mongo::transport::TransportLayerASIO::ASIOSession*, (__gnu_cxx::_Lock_policy)2>::_M_dispose
(this=0x7fffed027f70) at /opt/mongodbtoolchain/v2/include/c++/5.4.0/bits/shared_ptr_base.h:374
#5 0x0000555557982e0e in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release (this=0x7fffed027f70)
at /opt/mongodbtoolchain/v2/include/c++/5.4.0/bits/shared_ptr_base.h:150
#6 0x000055555797d7bf in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count (this=0x7fffddb13550, __in_chrg=<optimized out>)
at /opt/mongodbtoolchain/v2/include/c++/5.4.0/bits/shared_ptr_base.h:659
#7 0x000055555917c3c6 in std::__shared_ptr<mongo::transport::TransportLayerASIO::ASIOSession, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr (
this=0x7fffddb13548, __in_chrg=<optimized out>) at /opt/mongodbtoolchain/v2/include/c++/5.4.0/bits/shared_ptr_base.h:925
#8 0x000055555917c3e2 in std::shared_ptr<mongo::transport::TransportLayerASIO::ASIOSession>::~shared_ptr (this=0x7fffddb13548,
__in_chrg=<optimized out>) at /opt/mongodbtoolchain/v2/include/c++/5.4.0/bits/shared_ptr.h:93
#9 0x000055555918222c in (anonymous namespace)::(anonymous namespace)::TransportLayerASIO::<lambda(std::error_code)>::~<lambda>(void) (
this=0x7fffddb13540, __in_chrg=<optimized out>) at src/mongo/transport/transport_layer_asio.cpp:326
#10 0x0000555559183642 in (anonymous namespace)::(anonymous namespace)::binder1<mongo::transport::TransportLayerASIO::_acceptConnection(mongo::transport::TransportLayerASIO::GenericAcceptor&)::<lambda(std::error_code)>, std::error_code>::~binder1(void)
(this=0x7fffddb13540,
__in_chrg=<optimized out>) at src/third_party/asio-master/asio/include/asio/detail/bind_handler.hpp:32
#11 0x00005555591837a7 in (anonymous namespace)::(anonymous namespace)::reactive_socket_accept_op<asio::basic_socket<asio::generic::stream_protocol>, asio::generic::stream_protocol, mongo::transport::TransportLayerASIO::_acceptConnection(mongo::transpo$
t::TransportLayerASIO::GenericAcceptor&)::<lambda(std::error_code)> >::do_complete(void *, (anonymous namespace)::(anonymous namespace)::operation *, const (anonymous namespace)::error_code &, std::size_t) (owner=0x7fffed09fe20, base=0x7fffeca98460)
at src/third_party/asio-master/asio/include/asio/detail/reactive_socket_accept_op.hpp:127
#12 0x00005555594f4f1c in (anonymous namespace)::(anonymous namespace)::scheduler_operation::complete (this=0x7fffeca98460,
owner=0x7fffed09fe20, ec=..., bytes_transferred=0) at src/third_party/asio-master/asio/include/asio/detail/scheduler_operation.hpp:39
#13 0x00005555594e50a1 in (anonymous namespace)::(anonymous namespace)::epoll_reactor::descriptor_state::do_complete (
owner=0x7fffed09fe20, base=0x7fffed0c5ec0, ec=..., bytes_transferred=1)
at src/third_party/asio-master/asio/include/asio/detail/impl/epoll_reactor.ipp:745
---Type <return> to continue, or q <return> to quit---
#14 0x00005555594f4f1c in (anonymous namespace)::(anonymous namespace)::scheduler_operation::complete (this=0x7fffed0c5ec0,
owner=0x7fffed09fe20, ec=..., bytes_transferred=1) at src/third_party/asio-master/asio/include/asio/detail/scheduler_operation.hpp:39
#15 0x00005555594e8852 in (anonymous namespace)::(anonymous namespace)::scheduler::do_run_one (this=0x7fffed09fe20, lock=...,
this_thread=..., ec=...) at src/third_party/asio-master/asio/include/asio/detail/impl/scheduler.ipp:398
#16 0x00005555594e79f3 in (anonymous namespace)::(anonymous namespace)::scheduler::run (this=0x7fffed09fe20, ec=...)
at src/third_party/asio-master/asio/include/asio/detail/impl/scheduler.ipp:151
#17 0x00005555594e0a3c in (anonymous namespace)::io_context::run (this=0x7fffee847560)
at src/third_party/asio-master/asio/include/asio/impl/io_context.ipp:61
#18 0x0000555559181855 in (anonymous namespace)::(anonymous namespace)::TransportLayerASIO::<lambda()>::operator()(void) const (
__closure=0x7fffee9edd08) at src/mongo/transport/transport_layer_asio.cpp:283
#19 0x0000555559184af0 in std::_Bind_simple<mongo::transport::TransportLayerASIO::start()::<lambda()>()>::_M_invoke<>(std::_Index_tuple<>)
(this=0x7fffee9edd08) at /opt/mongodbtoolchain/v2/include/c++/5.4.0/functional:1531
#20 0x0000555559184a46 in std::_Bind_simple<mongo::transport::TransportLayerASIO::start()::<lambda()>()>::operator()(void) (
this=0x7fffee9edd08) at /opt/mongodbtoolchain/v2/include/c++/5.4.0/functional:1520
#21 0x00005555591849d6 in std::thread::_Impl<std::_Bind_simple<mongo::transport::TransportLayerASIO::start()::<lambda()>()> >::_M_run(void)
(this=0x7fffee9edcf0) at /opt/mongodbtoolchain/v2/include/c++/5.4.0/thread:115
#22 0x00005555597e2c80 in std::execute_native_thread_routine (__p=<optimized out>)
at ../../../../../gcc-5.4.0/libstdc++-v3/src/c++11/thread.cc:84
#23 0x00007ffff5069297 in start_thread () from /usr/lib/libpthread.so.0
#24 0x00007ffff4daa25f in clone () from /usr/lib/libc.so.6