Loading...

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 5.0.0-rc0
Affects Version/s: None
Component/s: Query Execution
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Steps To Reproduce:
Hide

Minimal repro is below:

db.coll.drop() db.coll.insert({}) db.coll.find({}, {"a": {$concat: [{$toLower: "$b"}]}})

Exec tree and code fragments for the query above:

[2] traverse s8 s7 s2 from [1] scan s2 s3 [] @"0bc7e233-e06b-428b-a092-fc8d4c83f39b" true in [2] mkbson s7 s2 [_id] keep [a = s6] true false [2] project [s6 = e1:{let [l2.0 = let [l1.0 = s5] if (! exists (l1.0) || typeMatch (l1.0, 0x00000440), "", if (typeMatch (l1.0, 0x000F4206), toLower (coerceToString (l1.0)), fail ( 5066300 ,$toLower input type is not supported)))] if (! exists (l2.0) || typeMatch (l2.0, 0x0000044 0), null, if (isString (l2.0), concat (l2.0), fail ( 5073001 ,$concat supports only strings)))}] [2] traverse s5 s5 s4 from [2] project [s4 = e2:{getField (s2, "b")}] [2] limit 1 [2] coscan in [2] project [s5 = e3:{s4}] [2] limit 1 [2] coscan Code fragment 1 0x0000: pushAccessVal(1,0) 0x561786721640 0x0009: pushLocalVal(1,0) 0 0x000e: exists(0,1) 0x000f: logicNot(0,1) 0x0010: jmpNothing(0,1) 0x001e -> 0x0033 0x0015: jmpTrue(-1,1) 0x000f -> 0x0029 0x001a: pushLocalVal(1,0) 0 0x001f: typeMatch(0,1) 0x00000440 0x0024: jmp(0,0) 0x000a -> 0x0033 0x0029: pushConstVal(1,0) true 0x0033: jmpNothing(0,1) 0x004d -> 0x0085 0x0038: jmpTrue(-1,1) 0x003e -> 0x007b 0x003d: pushLocalVal(1,0) 0 0x0042: typeMatch(0,1) 0x000f4206 0x0047: jmpNothing(0,1) 0x002a -> 0x0076 0x004c: jmpTrue(-1,1) 0x001a -> 0x006b 0x0051: pushConstVal(1,0) 5066300 0x005b: pushConstVal(1,0) "$toLower input type is not supported" 0x0065: fail(-1,2) 0x0066: jmp(0,0) 0x000b -> 0x0076 0x006b: pushLocalVal(1,0) 0 0x0070: functionSmall(0,1) coerceToString 0x0073: functionSmall(0,1) toLower 0x0076: jmp(0,0) 0x000a -> 0x0085 0x007b: pushConstVal(1,0) "" 0x0085: swap(0,2) 0x0086: pop(-1,1) 0x0087: pushLocalVal(1,0) 0 0x008c: exists(0,1) 0x008d: logicNot(0,1) 0x008e: jmpNothing(0,1) 0x001e -> 0x00b1 0x0093: jmpTrue(-1,1) 0x000f -> 0x00a7 0x0098: pushLocalVal(1,0) 0 0x009d: typeMatch(0,1) 0x00000440 0x00a2: jmp(0,0) 0x000a -> 0x00b1 0x00a7: pushConstVal(1,0) true 0x00b1: jmpNothing(0,1) 0x0046 -> 0x00fc 0x00b6: jmpTrue(-1,1) 0x0037 -> 0x00f2 0x00bb: pushLocalVal(1,0) 0 0x00c0: isString(0,1) 0x00c1: jmpNothing(0,1) 0x0027 -> 0x00ed 0x00c6: jmpTrue(-1,1) 0x001a -> 0x00e5 0x00cb: pushConstVal(1,0) 5073001 0x00d5: pushConstVal(1,0) "$concat supports only strings" 0x00df: fail(-1,2) 0x00e0: jmp(0,0) 0x0008 -> 0x00ed 0x00e5: pushLocalVal(1,0) 0 0x00ea: functionSmall(0,1) concat 0x00ed: jmp(0,0) 0x000a -> 0x00fc 0x00f2: pushConstVal(1,0) null 0x00fc: swap(0,2) 0x00fd: pop(-1,1) 0x00fe: eof Code fragment 2 0x0000: pushAccessVal(1,0) 0x5617867219a8 0x0009: pushConstVal(1,0) "b" 0x0013: getField(-1,2) 0x0014: eof Code fragment 3 0x0000: pushAccessVal(1,0) 0x561786721628 0x0009: eof
Show
Minimal repro is below: db.coll.drop() db.coll.insert({}) db.coll.find({}, {"a": {$concat: [{$toLower: "$b"}]}}) Exec tree and code fragments for the query above: [2] traverse s8 s7 s2 from [1] scan s2 s3 [] @"0bc7e233-e06b-428b-a092-fc8d4c83f39b" true in [2] mkbson s7 s2 [_id] keep [a = s6] true false [2] project [s6 = e1:{let [l2.0 = let [l1.0 = s5] if (! exists (l1.0) || typeMatch (l1.0, 0x00000440), "", if (typeMatch (l1.0, 0x000F4206), toLower (coerceToString (l1.0)), fail ( 5066300 ,$toLower input type is not supported)))] if (! exists (l2.0) || typeMatch (l2.0, 0x0000044 0), null, if (isString (l2.0), concat (l2.0), fail ( 5073001 ,$concat supports only strings)))}] [2] traverse s5 s5 s4 from [2] project [s4 = e2:{getField (s2, "b")}] [2] limit 1 [2] coscan in [2] project [s5 = e3:{s4}] [2] limit 1 [2] coscan Code fragment 1 0x0000: pushAccessVal(1,0) 0x561786721640 0x0009: pushLocalVal(1,0) 0 0x000e: exists(0,1) 0x000f: logicNot(0,1) 0x0010: jmpNothing(0,1) 0x001e -> 0x0033 0x0015: jmpTrue(-1,1) 0x000f -> 0x0029 0x001a: pushLocalVal(1,0) 0 0x001f: typeMatch(0,1) 0x00000440 0x0024: jmp(0,0) 0x000a -> 0x0033 0x0029: pushConstVal(1,0) true 0x0033: jmpNothing(0,1) 0x004d -> 0x0085 0x0038: jmpTrue(-1,1) 0x003e -> 0x007b 0x003d: pushLocalVal(1,0) 0 0x0042: typeMatch(0,1) 0x000f4206 0x0047: jmpNothing(0,1) 0x002a -> 0x0076 0x004c: jmpTrue(-1,1) 0x001a -> 0x006b 0x0051: pushConstVal(1,0) 5066300 0x005b: pushConstVal(1,0) "$toLower input type is not supported" 0x0065: fail(-1,2) 0x0066: jmp(0,0) 0x000b -> 0x0076 0x006b: pushLocalVal(1,0) 0 0x0070: functionSmall(0,1) coerceToString 0x0073: functionSmall(0,1) toLower 0x0076: jmp(0,0) 0x000a -> 0x0085 0x007b: pushConstVal(1,0) "" 0x0085: swap(0,2) 0x0086: pop(-1,1) 0x0087: pushLocalVal(1,0) 0 0x008c: exists(0,1) 0x008d: logicNot(0,1) 0x008e: jmpNothing(0,1) 0x001e -> 0x00b1 0x0093: jmpTrue(-1,1) 0x000f -> 0x00a7 0x0098: pushLocalVal(1,0) 0 0x009d: typeMatch(0,1) 0x00000440 0x00a2: jmp(0,0) 0x000a -> 0x00b1 0x00a7: pushConstVal(1,0) true 0x00b1: jmpNothing(0,1) 0x0046 -> 0x00fc 0x00b6: jmpTrue(-1,1) 0x0037 -> 0x00f2 0x00bb: pushLocalVal(1,0) 0 0x00c0: isString(0,1) 0x00c1: jmpNothing(0,1) 0x0027 -> 0x00ed 0x00c6: jmpTrue(-1,1) 0x001a -> 0x00e5 0x00cb: pushConstVal(1,0) 5073001 0x00d5: pushConstVal(1,0) "$concat supports only strings" 0x00df: fail(-1,2) 0x00e0: jmp(0,0) 0x0008 -> 0x00ed 0x00e5: pushLocalVal(1,0) 0 0x00ea: functionSmall(0,1) concat 0x00ed: jmp(0,0) 0x000a -> 0x00fc 0x00f2: pushConstVal(1,0) null 0x00fc: swap(0,2) 0x00fd: pop(-1,1) 0x00fe: eof Code fragment 2 0x0000: pushAccessVal(1,0) 0x5617867219a8 0x0009: pushConstVal(1,0) "b" 0x0013: getField(-1,2) 0x0014: eof Code fragment 3 0x0000: pushAccessVal(1,0) 0x561786721628 0x0009: eof
Sprint:
Query Execution 2021-04-19, Query Execution 2021-05-03

We're hitting an invariant on this line. Stack trace is below, and the fuzzer task is here.

{"expr":"!rhsOwned","file":"src/mongo/db/exec/sbe/vm/vm.cpp","line":3242}}
[js_test:agg_fuzzer-8818-1618156873301-1] d20020| {"t":{"$date":"2021-04-11T16:04:27.405+00:00"},"s":"F",  "c":"-",        "id":23080,   "ctx":"conn1","msg":"\n\n***aborting after invariant() failure\n\n"}
[js_test:agg_fuzzer-8818-1618156873301-1] d20020| {"t":{"$date":"2021-04-11T16:04:27.405+00:00"},"s":"F",  "c":"CONTROL",  "id":4757800, "ctx":"conn1","msg":"Writing fatal message","attr":{"message":"Got signal: 6 (Aborted).\n"}}
[js_test:agg_fuzzer-8818-1618156873301-1] d20020| {"t":{"$date":"2021-04-11T16:04:27.573+00:00"},"s":"I",  "c":"CONTROL",  "id":31380,   "ctx":"conn1","msg":"BACKTRACE","attr":{"bt":{"backtrace":[{"a":"7F158B4090A2","b":"7F158B214000","o":"1F50A2","s":"_ZN5mongo18stack_trace_detail12_GLOBAL__N_119printStackTraceImplERKNS1_7OptionsEPNS_14StackTraceSinkE.constprop.630","s+":"212"},{"a":"7F158B40AAD9","b":"7F158B214000","o":"1F6AD9","s":"_ZN5mongo15printStackTraceEv","s+":"29"},{"a":"7F158B40600F","b":"7F158B214000","o":"1F200F","s":"abruptQuit","s+":"6F"},{"a":"7F1589822D80","b":"7F1589810000","o":"12D80","s":"funlockfile","s+":"50"},{"a":"7F158910193F","b":"7F15890CA000","o":"3793F","s":"gsignal","s+":"10F"},{"a":"7F15890EBC95","b":"7F15890CA000","o":"21C95","s":"abort","s+":"127"},{"a":"7F158B334714","b":"7F158B214000","o":"120714","s":"_ZN5mongo15invariantFailedEPKcS1_j","s+":"12C"},{"a":"7F15857EE63D","b":"7F1585799000","o":"5563D","s":"_ZN5mongo3sbe2vm8ByteCode3runEPKNS1_12CodeFragmentE.cold.1102","s+":"113"},{"a":"7F15858379CB","b":"7F1585799000","o":"9E9CB","s":"_ZN5mongo3sbe12ProjectStage7getNextEv","s+":"11B"},{"a":"7F15858301CF","b":"7F1585799000","o":"971CF","s":"_ZN5mongo3sbe16MakeObjStageBaseILNS0_17MakeObjOutputTypeE1EE7getNextEv","s+":"3F"},{"a":"7F158585B088","b":"7F1585799000","o":"C2088","s":"_ZN5mongo3sbe13TraverseStage8traverseEPNS0_5value12SlotAccessorEPNS2_18OwnedValueAccessorEm","s+":"338"},{"a":"7F158585B688","b":"7F1585799000","o":"C2688","s":"_ZN5mongo3sbe13TraverseStage7getNextEv","s+":"E8"},{"a":"7F15858301CF","b":"7F1585799000","o":"971CF","s":"_ZN5mongo3sbe16MakeObjStageBaseILNS0_17MakeObjOutputTypeE1EE7getNextEv","s+":"3F"},{"a":"7F158585B088","b":"7F1585799000","o":"C2088","s":"_ZN5mongo3sbe13TraverseStage8traverseEPNS0_5value12SlotAccessorEPNS2_18OwnedValueAccessorEm","s+":"338"},{"a":"7F158585B688","b":"7F1585799000","o":"C2688","s":"_ZN5mongo3sbe13TraverseStage7getNextEv","s+":"E8"},{"a":"7F15858301CF","b":"7F1585799000","o":"971CF","s":"_ZN5mongo3sbe16MakeObjStageBaseILNS0_17MakeObjOutputTypeE1EE7getNextEv","s+":"3F"},{"a":"7F158585B088","b":"7F1585799000","o":"C2088","s":"_ZN5mongo3sbe13TraverseStage8traverseEPNS0_5value12SlotAccessorEPNS2_18OwnedValueAccessorEm","s+":"338"},{"a":"7F158585B688","b":"7F1585799000","o":"C2688","s":"_ZN5mongo3sbe13TraverseStage7getNextEv","s+":"E8"},{"a":"7F15858301CF","b":"7F1585799000","o":"971CF","s":"_ZN5mongo3sbe16MakeObjStageBaseILNS0_17MakeObjOutputTypeE1EE7getNextEv","s+":"3F"},{"a":"7F158585B088","b":"7F1585799000","o":"C2088","s":"_ZN5mongo3sbe13TraverseStage8traverseEPNS0_5value12SlotAccessorEPNS2_18OwnedValueAccessorEm","s+":"338"},{"a":"7F158585B688","b":"7F1585799000","o":"C2688","s":"_ZN5mongo3sbe13TraverseStage7getNextEv","s+":"E8"},{"a":"7F1586207B65","b":"7F1586057000","o":"1B0B65","s":"_ZN5mongo9fetchNextEPNS_3sbe9PlanStageEPNS0_5value12SlotAccessorES5_PNS_7BSONObjEPNS_8RecordIdEb","s+":"45"},{"a":"7F158620931C","b":"7F1586057000","o":"1B231C","s":"_ZN5mongo15PlanExecutorSBE7getNextEPNS_7BSONObjEPNS_8RecordIdE","s+":"3EC"},{"a":"7F15862094FE","b":"7F1586057000","o":"1B24FE","s":"_ZN5mongo15PlanExecutorSBE15getNextDocumentEPNS_8DocumentEPNS_8RecordIdE","s+":"5E"},{"a":"7F15861CDA55","b":"7F1586057000","o":"176A55","s":"_ZN5mongo20DocumentSourceCursor9loadBatchEv","s+":"355"},{"a":"7F15861CDE08","b":"7F1586057000","o":"176E08","s":"_ZN5mongo20DocumentSourceCursor9doGetNextEv","s+":"98"},{"a":"7F1584DF8E23","b":"7F1584C53000","o":"1A5E23","s":"_ZN5mongo18DocumentSourceSort8populateEv","s+":"53"},{"a":"7F1584DF90D2","b":"7F1584C53000","o":"1A60D2","s":"_ZN5mongo18DocumentSourceSort9doGetNextEv","s+":"32"},{"a":"7F1584E1A7FD","b":"7F1584C53000","o":"1C77FD","s":"_ZN5mongo9TeeBuffer13loadNextBatchEv","s+":"9D"},{"a":"7F1584E1ABB0","b":"7F1584C53000","o":"1C7BB0","s":"_ZN5mongo9TeeBuffer7getNextEm","s+":"90"},{"a":"7F1584DFE85E","b":"7F1584C53000","o":"1AB85E","s":"_ZN5mongo25DocumentSourceTeeConsumer9doGetNextEv","s+":"2E"},{"a":"7F1584D47E64","b":"7F1584C53000","o":"F4E64","s":"_ZN5mongo14DocumentSource7getNextEv","s+":"44"},{"a":"7F1584DB906C","b":"7F1584C53000","o":"16606C","s":"_ZN5mongo19DocumentSourceMatch9doGetNextEv","s+":"4C"},{"a":"7F1584D73402","b":"7F1584C53000","o":"120402","s":"_ZN5mongo19DocumentSourceFacet9doGetNextEv","s+":"1F2"},{"a":"7F1584D47E64","b":"7F1584C53000","o":"F4E64","s":"_ZN5mongo14DocumentSource7getNextEv","s+":"44"},{"a":"7F1584E132CC","b":"7F1584C53000","o":"1C02CC","s":"_ZN5mongo8Pipeline7getNextEv","s+":"3C"},{"a":"7F15861D89B9","b":"7F1586057000","o":"1819B9","s":"_ZN5mongo20PlanExecutorPipeline8_getNextEv","s+":"29"},{"a":"7F15861D8A5C","b":"7F1586057000","o":"181A5C","s":"_ZN5mongo20PlanExecutorPipeline15getNextDocumentEPNS_8DocumentEPNS_8RecordIdE","s+":"4C"},{"a":"7F15861D8BDE","b":"7F1586057000","o":"181BDE","s":"_ZN5mongo20PlanExecutorPipeline7getNextEPNS_7BSONObjEPNS_8RecordIdE","s+":"EE"},{"a":"7F15800678D0","b":"7F157FF6B000","o":"FC8D0","s":"_ZN5mongo12runAggregateEPNS_16OperationContextERKNS_15NamespaceStringERKNS_23AggregateCommandRequestERKNS_18LiteParsedPipelineERKNS_7BSONObjERKSt6vectorINS_9PrivilegeESaISF_EEPNS_3rpc21ReplyBuilderInterfaceE","s+":"32D0"},

is depended on by

SERVER-56119 Enable generational agg and query fuzzer suites for "Classic Execution Engine" build variant

Closed

Details

Description

Attachments

Issue Links

Activity

People

Dates