[SERVER-11514] segfault on upsert with conflicting fields in the query document Created: 31/Oct/13  Updated: 01/Nov/13  Resolved: 01/Nov/13

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Critical - P2
Reporter: David Storch Assignee: Scott Hernandez (Inactive)
Resolution: Duplicate Votes: 0
Labels: 26qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Tested against mongod git version eab2644c221206c121ac1ab93fcf95c8100f4ff3


Issue Links:
Duplicate
duplicates SERVER-4830 Reject upsert if would create duplica... Closed
Gantt Dependency
Operating System: ALL
Participants:

 Description   

Here are examples of upserts that crash mongod:

1)

> db.x.drop();
> db.x.update( { "a": {}, "a.c": 2 } , { $set : { x: 1 } }, true , false )

2)

> db.x.drop();
> db.x.update( { "a.b": 1, "a.c": 2 } , { $set: {x: 1} }, true , false )

These do NOT cause a segfault when the upsert flag is set to false. There is also no crash if there are no conflicting fields in the query document, as in this example:

> db.x.drop()
> db.x.update( { "a.b": 1, "c.d": 2 } , { $set: {x: 1} }, true , false )

Example stack trace from mongod when it crashes:

Invalid access at address: 0x8 from thread: conn1
Got signal: 11 (Segmentation fault: 11).
Backtrace:
0x10061fdfb 0x1000015ab 0x100001761 0x7fff8ba6590a 0x104aa5388 0x10031ef8f 0x10031ade0 0x10029472a 0x1002989cb 0x1000074d4 0x1005ec461 0x100652605 0x7fff8ba77772 0x7fff8ba641a1
 0   mongod                              0x000000010061fdfb _ZN5mongo15printStackTraceERSo + 43
 1   mongod                              0x00000001000015ab _ZN5mongo10abruptQuitEi + 251
 2   mongod                              0x0000000100001761 _ZN5mongo24abruptQuitWithAddrSignalEiP9__siginfoPv + 257
 3   libsystem_c.dylib                   0x00007fff8ba6590a _sigtramp + 26
 4   ???                                 0x0000000104aa5388 0x0 + 4373238664
 5   mongod                              0x000000010031ef8f _ZN5mongo12UpdateDriver15createFromQueryERKNS_7BSONObjERNS_11mutablebson8DocumentE + 1107
 6   mongod                              0x000000010031ade0 _ZN5mongo6updateERKNS_13UpdateRequestEPNS_7OpDebugEPNS_12UpdateDriverE + 7104
 7   mongod                              0x000000010029472a _ZN5mongo14receivedUpdateERNS_7MessageERNS_5CurOpE + 2938
 8   mongod                              0x00000001002989cb _ZN5mongo16assembleResponseERNS_7MessageERNS_10DbResponseERKNS_11HostAndPortE + 7499
 9   mongod                              0x00000001000074d4 _ZN5mongo16MyMessageHandler7processERNS_7MessageEPNS_21AbstractMessagingPortEPNS_9LastErrorE + 308
 10  mongod                              0x00000001005ec461 _ZN5mongo17PortMessageServer17handleIncomingMsgEPv + 1681
 11  mongod                              0x0000000100652605 thread_proxy + 229
 12  libsystem_c.dylib                   0x00007fff8ba77772 _pthread_start + 327
 13  libsystem_c.dylib                   0x00007fff8ba641a1 thread_start + 13


Generated at Thu Feb 08 03:25:58 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.