[SERVER-20382] Null pointer dereference on shutdown Created: 11/Sep/15  Updated: 07/Jun/16  Resolved: 24/Sep/15

Status: Closed
Project: Core Server
Component/s: Sharding
Affects Version/s: 3.1.7
Fix Version/s: None

Type: Bug Priority: Minor - P4
Reporter: Spencer Jackson Assignee: Andy Schwerin
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
duplicates SERVER-19162 unsafe access to grid.catalogManager ... Closed
Operating System: ALL
Steps To Reproduce:

Compile mongod with ASAN and UBSAN on Clang.
Call `./mongod`.
Press ctrl-c.

Sprint: Sharding A (10/09/15)
Participants:

 Description   

While running ASAN and UBSAN:

^C2015-09-11T17:01:15.879-0400 I CONTROL  [signalProcessingThread] got signal 2 (Interrupt), will terminate after current cmd ends
2015-09-11T17:01:15.879-0400 I FTDC     [signalProcessingThread] Stopping full-time diagnostic data capture
src/mongo/s/grid.cpp:139:12: runtime error: member call on null pointer of type 'mongo::ForwardingCatalogManager'
SUMMARY: AddressSanitizer: undefined-behavior src/mongo/s/grid.cpp:139 
ASAN:SIGSEGV
=================================================================
==23668==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000bba0a80 bp 0x7f7bb915ad10 sp 0x7f7bb915ac00 T1)
    #0 0xbba0a7f in mongo::Grid::catalogManager(mongo::OperationContext*) /home/sajack/mongo/src/mongo/s/grid.cpp:139:12
    #1 0x6106d3b in mongo::exitCleanly(mongo::ExitCode) /home/sajack/mongo/src/mongo/db/instance.cpp:1235:23
    #2 0xcc2ce81 in mongo::(anonymous namespace)::signalProcessingThread() /home/sajack/mongo/src/mongo/util/signal_handlers.cpp:182:17
    #3 0x8623804 in void std::_Bind_simple<void (*())()>::_M_invoke<>(std::_Index_tuple<>) /bin/../lib64/gcc/x86_64-unknown-linux-gnu/5.2.0/../../../../include/c++/5.2.0/functional:1530:18
    #4 0x862344f in std::_Bind_simple<void (*())()>::operator()() /bin/../lib64/gcc/x86_64-unknown-linux-gnu/5.2.0/../../../../include/c++/5.2.0/functional:1520:16
    #5 0x8623229 in std::thread::_Impl<std::_Bind_simple<void (*())()> >::_M_run() /bin/../lib64/gcc/x86_64-unknown-linux-gnu/5.2.0/../../../../include/c++/5.2.0/thread:115:13
    #6 0x7f7bbf68a34f in execute_native_thread_routine /build/gcc/src/gcc-5.2.0/libstdc++-v3/src/c++11/thread.cc:84
    #7 0x7f7bbf3bb4a3 in start_thread (/usr/lib/libpthread.so.0+0x74a3)
    #8 0x7f7bbeee313c in __clone (/usr/lib/libc.so.6+0xe913c)
 
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/sajack/mongo/src/mongo/s/grid.cpp:139 mongo::Grid::catalogManager(mongo::OperationContext*)
Thread T1 created by T0 here:
    #0 0x29397e0 in __interceptor_pthread_create (/home/sajack/mongo/mongod+0x29397e0)
    #1 0x7f7bbf68a492 in __gthread_create /build/gcc/src/gcc-build/x86_64-unknown-linux-gnu/libstdc++-v3/include/x86_64-unknown-linux-gnu/bits/gthr-default.h:662
    #2 0x7f7bbf68a492 in std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>, void (*)()) /build/gcc/src/gcc-5.2.0/libstdc++-v3/src/c++11/thread.cc:149
 
==23668==ABORTING

It seems calling grid.catalogManager() will dereference _catalogManager, which is a null pointer if grid.init() isn't called from s/sharding_initialization.cpp.



 Comments   
Comment by Andy Schwerin [ 24/Sep/15 ]

This is a duplicate of SERVER-19162, with a really cleanly described repro.

Generated at Thu Feb 08 03:54:02 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.