[SERVER-31022] renameCollection with dropTarget can segfault on 3.5 Created: 11/Sep/17  Updated: 29/Jan/18  Resolved: 25/Sep/17

Status: Closed
Project: Core Server
Component/s: Storage
Affects Version/s: 3.5.12
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Robert Guo (Inactive) Assignee: Geert Bosch
Resolution: Duplicate Votes: 0
Labels: rbfz
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Gantt Dependency
has to be done before SERVER-30496 Add additional testing for rollback o... Closed
has to be done before SERVER-30965 Run the fuzzer with a permanent logic... Closed
Related
related to SERVER-31462 convertToCapped + renameCollection ma... Closed
is related to SERVER-18206 renameCollection should handle WriteC... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Steps To Reproduce:

// On a replica set primary:

use test
db.test.insert({x:1}); // create a dummy collection
db.adminCommand({renameCollection:"test.test", to:"test.test", dropTarget:true });

Sprint: Storage 2017-10-02
Participants:

 Description   

A renameCollection with dropTarget and the same from and to collections causes a WCE, which triggers an access violation. Repros on master (3.5.12). 3.4 does not seem to be affected.

[js_test:rollback_test_1504935613_0-dropCollectionSegfault] 2017-09-11T09:40:23.576-0400 d20013| 2017-09-11T09:40:23.576-0400 F -        [conn3] Invalid access at address: 0x10
[js_test:rollback_test_1504935613_0-dropCollectionSegfault] 2017-09-11T09:40:23.617-0400 d20013| 2017-09-11T09:40:23.617-0400 F -        [conn3] Got signal: 11 (Segmentation fault: 11).
 
// Demangled stack trace:
 /Users/guo/dev.mongo/src/mongo/util/stacktrace_posix.cpp:172:30: mongo::printStackTrace(std::__1::basic_ostream<char, std::__1::char_traits<char> >&)
 /Users/guo/dev.mongo/src/mongo/util/signal_handlers_synchronous.cpp:180:5: mongo::(anonymous namespace)::printSignalAndBacktrace(int)
 /Users/guo/dev.mongo/src/mongo/util/signal_handlers_synchronous.cpp:276:5: mongo::(anonymous namespace)::abruptQuitWithAddrSignal(int, __siginfo*, void*)
 ??:0:0: ??
 ??:0:0: ??
 /Users/guo/dev.mongo/src/mongo/db/catalog/collection.h:406:22: mongo::Collection::ns() const
 /Users/guo/dev.mongo/src/mongo/db/catalog/uuid_catalog.cpp:115:37: mongo::UUIDCatalog::registerUUIDCatalogEntry(mongo::UUID, mongo::Collection*)
 /Users/guo/dev.mongo/src/mongo/db/catalog/uuid_catalog.cpp:63:35: mongo::UUIDCatalog::onDropCollection(mongo::OperationContext*, mongo::UUID)::$_1::operator()() const
 /Users/guo/dev.mongo/src/mongo/db/storage/recovery_unit.h:196:17: void mongo::RecoveryUnit::onRollback<mongo::UUIDCatalog::onDropCollection(mongo::OperationContext*, mongo::UUID)::$_1>(mongo::UUIDCatalog::onDropCollection(mongo::OperationContext*, mongo::UUID)::$_1)::OnRollbackChange::rollback()
 /Users/guo/dev.mongo/src/mongo/db/storage/wiredtiger/wiredtiger_recovery_unit.cpp:103:21: mongo::WiredTigerRecoveryUnit::_abort()
 /Users/guo/dev.mongo/src/mongo/db/storage/wiredtiger/wiredtiger_recovery_unit.cpp:128:5: mongo::WiredTigerRecoveryUnit::abortUnitOfWork()
 /Users/guo/dev.mongo/src/mongo/db/operation_context.h:500:41: mongo::WriteUnitOfWork::~WriteUnitOfWork()
 /Users/guo/dev.mongo/src/mongo/db/operation_context.h:495:24: mongo::WriteUnitOfWork::~WriteUnitOfWork()
 /Users/guo/dev.mongo/src/mongo/db/catalog/rename_collection.cpp:226:9: mongo::(anonymous namespace)::renameCollectionCommon(mongo::OperationContext*, mongo::NamespaceString const&, mongo::NamespaceString const&, boost::optional<mongo::UUID>, mongo::repl::OpTime, mongo::RenameCollectionOptions const&)::$_0::operator()() const
 /Users/guo/dev.mongo/src/mongo/db/concurrency/write_conflict_exception.h:76:20: _ZN5mongo18writeConflictRetryIZNS_12_GLOBAL__N_122renameCollectionCommonEPNS_16OperationContextERKNS_15NamespaceStringES6_N5boost8optionalINS_4UUIDEEENS_4repl6OpTimeERKNS_23RenameCollectionOptionsEE3$_0EEDaS3_NS_10StringDataESI_OT_
 /Users/guo/dev.mongo/src/mongo/db/catalog/rename_collection.cpp:173:16: mongo::(anonymous namespace)::renameCollectionCommon(mongo::OperationContext*, mongo::NamespaceString const&, mongo::NamespaceString const&, boost::optional<mongo::UUID>, mongo::repl::OpTime, mongo::RenameCollectionOptions const&)
 /Users/guo/dev.mongo/src/mongo/db/catalog/rename_collection.cpp:403:12: mongo::renameCollection(mongo::OperationContext*, mongo::NamespaceString const&, mongo::NamespaceString const&, mongo::RenameCollectionOptions const&)
 /Users/guo/dev.mongo/src/mongo/db/commands/rename_collection_cmd.cpp:150:44: mongo::(anonymous namespace)::CmdRenameCollection::errmsgRun(mongo::OperationContext*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, mongo::BSONObj const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >&, mongo::BSONObjBuilder&)
 /Users/guo/dev.mongo/src/mongo/db/commands.cpp:398:15: mongo::ErrmsgCommandDeprecated::run(mongo::OperationContext*, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, mongo::BSONObj const&, mongo::BSONObjBuilder&)
 /Users/guo/dev.mongo/src/mongo/db/commands.cpp:390:12: mongo::BasicCommand::enhancedRun(mongo::OperationContext*, mongo::OpMsgRequest const&, mongo::BSONObjBuilder&)
 /Users/guo/dev.mongo/src/mongo/db/commands.cpp:328:16: mongo::Command::publicRun(mongo::OperationContext*, mongo::OpMsgRequest const&, mongo::BSONObjBuilder&)
 /Users/guo/dev.mongo/src/mongo/db/service_entry_point_mongod.cpp:466:27: mongo::(anonymous namespace)::runCommandImpl(mongo::OperationContext*, mongo::Command*, mongo::OpMsgRequest const&, mongo::rpc::ReplyBuilderInterface*, mongo::LogicalTime)
 /Users/guo/dev.mongo/src/mongo/db/service_entry_point_mongod.cpp:698:18: mongo::(anonymous namespace)::execCommandDatabase(mongo::OperationContext*, mongo::Command*, mongo::OpMsgRequest const&, mongo::rpc::ReplyBuilderInterface*)
 /Users/guo/dev.mongo/src/mongo/db/service_entry_point_mongod.cpp:815:13: mongo::(anonymous namespace)::runCommands(mongo::OperationContext*, mongo::Message const&)::$_4::operator()() const
 /Users/guo/dev.mongo/src/mongo/db/service_entry_point_mongod.cpp:771:5: mongo::(anonymous namespace)::runCommands(mongo::OperationContext*, mongo::Message const&)
 /Users/guo/dev.mongo/src/mongo/db/service_entry_point_mongod.cpp:1084:22: mongo::ServiceEntryPointMongod::handleRequest(mongo::OperationContext*, mongo::Message const&)
 /Users/guo/dev.mongo/src/mongo/transport/service_state_machine.cpp:317:35: mongo::ServiceStateMachine::_processMessage(mongo::ServiceStateMachine::ThreadGuard&)
 /Users/guo/dev.mongo/src/mongo/transport/service_state_machine.cpp:407:17: mongo::ServiceStateMachine::_runNextInGuard(mongo::ServiceStateMachine::ThreadGuard&)
 /Users/guo/dev.mongo/src/mongo/transport/service_state_machine.cpp:373:12: mongo::ServiceStateMachine::runNext()



 Comments   
Comment by Githook User [ 15/Sep/17 ]

Author:

{'username': 'GeertBosch', 'name': 'Geert Bosch', 'email': 'geert@mongodb.com'}

Message: Revert "SERVER-31022 Fix UUID catalog prev/next with non-existent UUIDs"

This reverts commit be75e8b8acd7de840b4da96f67ca6d503d54e1a0.
Branch: master
https://github.com/mongodb/mongo/commit/574e1d589c8d0ab9f1c24e6ec5335a01545855e0

Comment by Githook User [ 15/Sep/17 ]

Author:

{'username': 'GeertBosch', 'name': 'Geert Bosch', 'email': 'geert@mongodb.com'}

Message: SERVER-31022 Fix UUID catalog prev/next with non-existent UUIDs
Branch: master
https://github.com/mongodb/mongo/commit/be75e8b8acd7de840b4da96f67ca6d503d54e1a0

Generated at Thu Feb 08 04:25:45 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.