[SERVER-11589] Initialization order fiasco between dataFileSync and cmdServerStatus Created: 05/Nov/13  Updated: 31/May/17  Resolved: 08/May/17

Status: Closed
Project: Core Server
Component/s: Internal Code
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Andrew Morrow (Inactive) Assignee: Andrew Morrow (Inactive)
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
duplicates SERVER-29012 Undefined behaviour in the ServerStat... Closed
Operating System: ALL
Steps To Reproduce:

scons --sanitize=address --allocator=system --cc=/usr/bin/clang --cxx=/usr/bin/clang++ smokeJs

The test will fail immediately because mongod doesn't start.

Participants:

 Description   

In db.cpp the static object dataFileSync of class DataFileSync depends on the static object cmdServerStatus inserver_status.cpp having already been initialized. These static objects are in different translation units so there is no guarantee that cmdServerStatus has been constructed when dataFileSync's constructor runs.



 Comments   
Comment by Andrew Morrow (Inactive) [ 08/May/17 ]

The indicated work was done in SERVER-29012.

Comment by Andrew Morrow (Inactive) [ 06/Jan/14 ]

ASAN now requires startup options to detect this error: https://code.google.com/p/address-sanitizer/wiki/InitializationOrderFiasco

Repro is now:

ASAN_OPTIONS=check_initialization_order=true ./mongod 2>&1 | asan_symbolize | c++filt

Comment by Andrew Morrow (Inactive) [ 06/Nov/13 ]

Here is the AddressSanitizer output:

./mongod 2>&1 | asan_symbolize
=================================================================
==22807==ERROR: AddressSanitizer: initialization-order-fiasco on address 0x00000a4f24f8 at pc 0x1bc1a17 bp 0x7fff9741c070 sp 0x7fff9741c068
READ of size 1 at 0x00000a4f24f8 thread T0
==22807==WARNING: Trying to symbolize code, but external symbolizer is not initialized!
    #0 0x1bc1a16 in _ZN5mongo15CmdServerStatus10addSectionEPNS_19ServerStatusSectionE /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/commands/server_status.cpp:176
    #1 0x1ba94a2 in ServerStatusSection /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/commands/server_status.cpp:196
    #2 0xe924cf in DataFileSync /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/db.cpp:492
    #3 0xe26893 in __cxx_global_var_init42 /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/db.cpp:563
    #4 0xe2792e in _GLOBAL__I_a /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/db.cpp:229
    #5 0x7b305ac in __libc_csu_init ??:?
    #6 0x7f762b4a0e34 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:219
    #7 0xe0abcc in _start ??:?
 
0x00000a4f24f8 is located 40 bytes to the left of global variable 'mongo::CmdServerStatus::_sections' from 'src/mongo/db/commands/server_status.cpp' (0xa4f2520) of size 8
0x00000a4f24f8 is located 24 bytes inside of global variable 'mongo::cmdServerStatus' from 'src/mongo/db/commands/server_status.cpp' (0xa4f24e0) of size 32
SUMMARY: AddressSanitizer: initialization-order-fiasco ??:0 ??
Shadow bytes around the buggy address:
  0x000081496440: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6
  0x000081496450: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6
  0x000081496460: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6
  0x000081496470: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6
  0x000081496480: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6
=>0x000081496490: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6[f6]
  0x0000814964a0: f6 f6 f6 f6 00 f9 f9 f9 f9 f9 f9 f9 f6 f6 f6 f6
  0x0000814964b0: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6
  0x0000814964c0: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6
  0x0000814964d0: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6
  0x0000814964e0: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:     fa
  Heap right redzone:    fb
  Freed heap region:     fd
  Stack left redzone:    f1
  Stack mid redzone:     f2
  Stack right redzone:   f3
  Stack partial redzone: f4
  Stack after return:    f5
  Stack use after scope: f8
  Global redzone:        f9
  Global init order:     f6
  Poisoned by user:      f7
  ASan internal:         fe
==22807==ABORTING

Generated at Thu Feb 08 03:26:14 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.