[SERVER-17313] Segfault in BtreeLogic::_insert when inserting into previously-dropped namespace Created: 18/Feb/15  Updated: 18/Sep/15  Resolved: 27/Mar/15

Status: Closed
Project: Core Server
Component/s: Index Maintenance, MMAPv1, Storage
Affects Version/s: 3.0.0-rc8
Fix Version/s: 3.0.2, 3.1.1

Type: Bug Priority: Major - P3
Reporter: Kamran K. Assignee: Mathias Stearn
Resolution: Done Votes: 0
Labels: 28qa, cap-ss
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Completed:
Sprint: Quint Iteration 3.1.1
Participants:

 Description   

The following crash only seems to occur with v:0 indexes, but it may be a more general corruption issue.

The crash is not reproducible with 2.6.7.

(lldb) f 2
frame #2: 0x0000000100ae062e mongod`mongo::BtreeLogic<mongo::BtreeLayoutV0>::_insert(this=0x00000001058047f0, txn=0x0000000114a05750, bucket=0x00000001109af010, bucketLoc=(_a = 0, ofs = 172032), key=0x00000001149fe1f8, recordLoc=(_a = 0, ofs = 20656), dupsAllowed=true, leftChild=(_a = -1, ofs = 0), rightChild=(_a = -1, ofs = 0)) + 446 at btree_logic.cpp:2276
   2273	
   2274	        if (found) {
   2275	            static KeyHeaderType& header = getKeyHeader(bucket, pos);
-> 2276	            if (header.isUnused()) {
   2277	                LOG(4) << "btree _insert: reusing unused key" << endl;
   2278	                massert(17433, "_insert: reuse key but lchild is not null", leftChild.isNull());
   2279	                massert(17434, "_insert: reuse key but rchild is not null", rightChild.isNull());
(lldb) p header
error: Couldn't apply expression side effects : Couldn't dematerialize a result variable: couldn't read its memory
 
(lldb) bt
* thread #2: tid = 0xf59c07, 0x0000000100add84c mongod`mongo::DiskLoc::getOfs(this=0x000000011aa32040) const + 12 at diskloc.h:117, stop reason = EXC_BAD_ACCESS (code=1, address=0x11aa32044)
    frame #0: 0x0000000100add84c mongod`mongo::DiskLoc::getOfs(this=0x000000011aa32040) const + 12 at diskloc.h:117
    frame #1: 0x0000000100add82c mongod`mongo::FixedWidthKey<mongo::DiskLoc>::isUnused(this=0x000000011aa32038) const + 28 at btree_ondisk.h:113
  * frame #2: 0x0000000100ae062e mongod`mongo::BtreeLogic<mongo::BtreeLayoutV0>::_insert(this=0x00000001058047f0, txn=0x0000000114a05750, bucket=0x00000001109af010, bucketLoc=(_a = 0, ofs = 172032), key=0x00000001149fe1f8, recordLoc=(_a = 0, ofs = 20656), dupsAllowed=true, leftChild=(_a = -1, ofs = 0), rightChild=(_a = -1, ofs = 0)) + 446 at btree_logic.cpp:2276
    frame #3: 0x0000000100ae039b mongod`mongo::BtreeLogic<mongo::BtreeLayoutV0>::insert(this=0x00000001058047f0, txn=0x0000000114a05750, rawKey=0x0000000103626190, value=0x00000001149fe270, dupsAllowed=true) + 827 at btree_logic.cpp:2243
    frame #4: 0x0000000100adc39f mongod`mongo::BtreeInterfaceImpl<mongo::BtreeLayoutV0>::insert(this=0x0000000105803450, txn=0x0000000114a05750, key=0x0000000103626190, loc=0x00000001149fe918, dupsAllowed=true) + 143 at btree_interface.cpp:92
    frame #5: 0x00000001005d2255 mongod`mongo::BtreeBasedAccessMethod::insert(this=0x0000000105804830, txn=0x0000000114a05750, obj=0x00000001036268c0, loc=0x00000001149fe918, options=0x00000001149fe710, numInserted=0x00000001149fe708) + 1077 at btree_based_access_method.cpp:83
    frame #6: 0x00000001002a6a0b mongod`mongo::IndexCatalog::_indexRecord(this=0x0000000104204948, txn=0x0000000114a05750, index=0x0000000105804790, obj=0x00000001036268c0, loc=0x00000001149fe918) + 171 at index_catalog.cpp:1089
    frame #7: 0x00000001002a6e7d mongod`mongo::IndexCatalog::indexRecord(this=0x0000000104204948, txn=0x0000000114a05750, obj=0x00000001036268c0, loc=0x00000001149fe918) + 237 at index_catalog.cpp:1121
    frame #8: 0x000000010026b0c1 mongod`mongo::Collection::_insertDocument(this=0x00000001042048a0, txn=0x0000000114a05750, docToInsert=0x00000001036268c0, enforceQuota=true) + 721 at collection.cpp:254
    frame #9: 0x000000010026ace1 mongod`mongo::Collection::insertDocument(this=0x00000001042048a0, txn=0x0000000114a05750, docToInsert=0x00000001036268c0, enforceQuota=true) + 497 at collection.cpp:201
    frame #10: 0x00000001003cb65f mongod`mongo::singleInsert(txn=0x0000000114a05750, docToInsert=0x00000001036268c0, collection=0x00000001042048a0, result=0x00000001149fede8)::WriteOpResult*) + 271 at batch_executor.cpp:1140
    frame #11: 0x00000001003ca6ae mongod`mongo::insertOne(state=0x0000000114a00310, result=0x00000001149fede8)::WriteOpResult*) + 622 at batch_executor.cpp:1071
    frame #12: 0x00000001003c721f mongod`mongo::WriteBatchExecutor::execOneInsert(this=0x0000000114a00fd8, state=0x0000000114a00310, error=0x0000000114a002e0) + 303 at batch_executor.cpp:1112
    frame #13: 0x00000001003c6305 mongod`mongo::WriteBatchExecutor::execInserts(this=0x0000000114a00fd8, request=0x0000000114a010a8, errors=0x0000000114a00c98) + 501 at batch_executor.cpp:885
    frame #14: 0x00000001003c4cd6 mongod`mongo::WriteBatchExecutor::bulkExecute(this=0x0000000114a00fd8, request=0x0000000114a010a8, upsertedIds=0x0000000114a00c78, errors=0x0000000114a00c98) + 102 at batch_executor.cpp:767
    frame #15: 0x00000001003c3dff mongod`mongo::WriteBatchExecutor::executeBatch(this=0x0000000114a00fd8, request=0x0000000114a010a8, response=0x0000000114a01118) + 2207 at batch_executor.cpp:272
    frame #16: 0x00000001003d362c mongod`mongo::WriteCmd::run(this=0x000000010362a400, txn=0x0000000114a05750, dbName=0x0000000114a01d90, cmdObj=0x0000000114a025b0, options=0, errMsg=0x0000000114a019e0, result=0x0000000114a03820, fromRepl=false) + 732 at write_commands.cpp:147
    frame #17: 0x0000000100409035 mongod`mongo::_execCommand(txn=0x0000000114a05750, c=0x000000010362a400, dbname=0x0000000114a01d90, cmdObj=0x0000000114a025b0, queryOptions=0, errmsg=0x0000000114a019e0, result=0x0000000114a03820, fromRepl=false) + 197 at dbcommands.cpp:1295
    frame #18: 0x000000010040b4dc mongod`mongo::Command::execCommand(txn=0x0000000114a05750, c=0x000000010362a400, queryOptions=0, cmdns=0x0000000103898e14, cmdObj=0x0000000114a025b0, result=0x0000000114a03820, fromRepl=false) + 6940 at dbcommands.cpp:1511
    frame #19: 0x000000010040c14a mongod`mongo::_runCommands(txn=0x0000000114a05750, ns=0x0000000103898e14, _cmdobj=0x0000000114a042e8, b=0x0000000114a03878, anObjBuilder=0x0000000114a03820, fromRepl=false, queryOptions=0) + 2138 at dbcommands.cpp:1583
    frame #20: 0x00000001007f5890 mongod`mongo::runCommands(txn=0x0000000114a05750, ns=0x0000000103898e14, jsobj=0x0000000114a042e8, curop=0x000000010500ee00, b=0x0000000114a03878, anObjBuilder=0x0000000114a03820, fromRepl=false, queryOptions=0) + 96 at find.cpp:137
    frame #21: 0x00000001007f1e7d mongod`mongo::runQuery(txn=0x0000000114a05750, m=0x0000000114a05cf0, q=0x0000000114a042d0, nss=0x0000000114a04288, curop=0x000000010500ee00, result=0x000000010362c160, fromDBDirectClient=false) + 1229 at find.cpp:606
    frame #22: 0x000000010062eef0 mongod`mongo::receivedQuery(txn=0x0000000114a05750, c=0x0000000104202940, dbresponse=0x0000000114a056c8, m=0x0000000114a05cf0, fromDBDirectClient=false) + 928 at instance.cpp:220
    frame #23: 0x000000010062cdc0 mongod`mongo::assembleResponse(txn=0x0000000114a05750, m=0x0000000114a05cf0, dbresponse=0x0000000114a056c8, remote=0x0000000114a056a8, fromDBDirectClient=false) + 1488 at instance.cpp:403
    frame #24: 0x000000010001deab mongod`mongo::MyMessageHandler::process(this=0x0000000105800030, m=0x0000000114a05cf0, port=0x0000000104202540, le=0x00000001042028c0) + 395 at db.cpp:206
    frame #25: 0x0000000100f1d486 mongod`mongo::PortMessageServer::handleIncomingMsg(arg=0x0000000104202540) + 2774 at message_server_port.cpp:229
    frame #26: 0x0000000100f1b9b4 mongod`boost::detail::thread_data<std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> >::run() [inlined] decltype(__f=0x00000001042028b0, __args=0x00000001042028b8)(void*)>(fp)(std::__1::forward<mongo::(anonymous namespace)::MessagingPortWithHandler*&>(fp0))) std::__1::__invoke<void* (*&)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*&>(void* (*&&&)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*&&&) + 164 at __functional_base:413
    frame #27: 0x0000000100f1b991 mongod`boost::detail::thread_data<std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> >::run() [inlined] std::__1::__bind_return<void* (this=0x0000000114a05dd8, __f=0x00000001042028b0, __bound_args=0x00000001042028b8, (null)=__tuple_indices<0> at 0x0000000114a05e18, __args=0x0000000114a05dd8)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>, std::__1::tuple<>, _is_valid_bind_return<void* (*)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>, std::__1::tuple<> >::value>::type std::__1::__apply_functor<void* (*)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>, 0ul, std::__1::tuple<> >(void* (*&)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>&, std::__1::__tuple_indices<0ul>, std::__1::tuple<>&&) + 48 at functional:2022
    frame #28: 0x0000000100f1b961 mongod`boost::detail::thread_data<std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> >::run() [inlined] std::__1::__bind_return<void* (this=0x00000001042028b0)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>, std::__1::tuple<>, _is_valid_bind_return<void* (*)(void*), std::__1::tuple<mongo::(anonymous namespace)::MessagingPortWithHandler*>, std::__1::tuple<> >::value>::type std::__1::__bind<void* (*)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*>::operator()<>() + 34 at functional:2085
    frame #29: 0x0000000100f1b93f mongod`boost::detail::thread_data<std::__1::__bind<void* (this=0x00000001042026b0)(void*), mongo::(anonymous namespace)::MessagingPortWithHandler*> >::run() + 47 at thread.hpp:115
    frame #30: 0x0000000101032745 mongod`boost::(anonymous namespace)::thread_proxy(param=0x00000001042026b0) + 133 at thread.cpp:173
    frame #31: 0x00007fff8e60b268 libsystem_pthread.dylib`_pthread_body + 131
    frame #32: 0x00007fff8e60b1e5 libsystem_pthread.dylib`_pthread_start + 176
    frame #33: 0x00007fff8e60941d libsystem_pthread.dylib`thread_start + 13


Version: 490b0b2b14fa14



 Comments   
Comment by Githook User [ 30/Mar/15 ]

Author:

{u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'}

Message: SERVER-17313 Get correct key header on each call to BtreeLogic::_insert()

(cherry picked from commit 5a33001562a131ebeca590a06a02ccb5076d856e)
Branch: v3.0
https://github.com/mongodb/mongo/commit/a53edba40e7722f4cf6d731dd6d294f662287967

Comment by Githook User [ 27/Mar/15 ]

Author:

{u'username': u'RedBeard0531', u'name': u'Mathias Stearn', u'email': u'mathias@10gen.com'}

Message: SERVER-17313 Get correct key header on each call to BtreeLogic::_insert()
Branch: master
https://github.com/mongodb/mongo/commit/5a33001562a131ebeca590a06a02ccb5076d856e

Generated at Thu Feb 08 03:43:59 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.