[SERVER-33440] Specifying a txnNumber to a $out aggregation causes the server to crash Created: 22/Feb/18  Updated: 29/Oct/23  Resolved: 23/Feb/18

Status: Closed
Project: Core Server
Component/s: Storage
Affects Version/s: None
Fix Version/s: 3.7.3

Type: Bug Priority: Major - P3
Reporter: Max Hirschhorn Assignee: Tess Avitabile (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Problem/Incident
is caused by SERVER-33221 Add find & getMore commands to sessio... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Steps To Reproduce:

python buildscripts/resmoke.py --suites jstestfuzz_replication_session repro_server33440.js

repro_server33440.js

// Insert a document into the source collection to ensure the $out stage has work to do.
assert.commandWorked(db.mycoll.insert({}));
assert.commandWorked(db.runCommand({
    aggregate: "mycoll",
    pipeline: [{$out: "mycoll_out"}],
    cursor: {},
    txnNumber: NumberLong(0),
}));

Sprint: Storage 2018-02-26
Participants:
Linked BF Score: 0

 Description   

This issue was introduced by the changes from d6ad188 as part of SERVER-33221 and therefore only affects the master branch. The "aggregate" command uses DBDirectClient to perform the insert operations as part of the $out stage but isn't present in cmdWhitelist.

Thread 76 "conn2" received signal SIGSEGV, Segmentation fault.
(gdb) bt
#0  0x00007ffff7083404 in pthread_mutex_lock () from /lib/x86_64-linux-gnu/libpthread.so.0
#1  0x0000555556536261 in __gthread_mutex_lock (__mutex=0x38) at /opt/mongodbtoolchain/v2/include/c++/5.4.0/x86_64-mongodb-linux/bits/gthr-default.h:748
#2  std::mutex::lock (this=0x38) at /opt/mongodbtoolchain/v2/include/c++/5.4.0/mutex:135
#3  std::lock_guard<std::mutex>::lock_guard (__m=..., this=<synthetic pointer>) at /opt/mongodbtoolchain/v2/include/c++/5.4.0/mutex:386
#4  mongo::Session::checkStatementExecutedNoOplogEntryFetch (this=0x0, txnNumber=txnNumber@entry=0, stmtId=0) at src/mongo/db/session.cpp:388
#5  0x00005555563fa42b in mongo::performInserts (opCtx=opCtx@entry=0x5555616e2640, wholeOp=...) at src/mongo/db/ops/write_ops_exec.cpp:489
#6  0x00005555563c11e0 in mongo::(anonymous namespace)::CmdInsert::runImpl (this=<optimized out>, opCtx=0x5555616e2640, request=..., result=...) at src/mongo/db/commands/write_commands/write_commands.cpp:262
#7  0x00005555563be028 in mongo::(anonymous namespace)::WriteCommand::enhancedRun (this=<optimized out>, opCtx=0x5555616e2640, request=..., result=...) at src/mongo/db/commands/write_commands/write_commands.cpp:228
#8  0x00005555571134de in mongo::Command::publicRun (this=0x55555858fee0 <mongo::(anonymous namespace)::cmdInsert>, opCtx=0x5555616e2640, request=..., result=...) at src/mongo/db/commands.cpp:448
#9  0x0000555555f67f19 in mongo::(anonymous namespace)::runCommandImpl (startOperationTime=..., replyBuilder=0x55555efef290, request=..., command=0x55555858fee0 <mongo::(anonymous namespace)::cmdInsert>, opCtx=0x5555616e2640) at src/mongo/db/service_entry_point_mongod.cpp:463
#10 mongo::(anonymous namespace)::execCommandDatabase (opCtx=<optimized out>, command=command@entry=0x55555858fee0 <mongo::(anonymous namespace)::cmdInsert>, request=..., replyBuilder=<optimized out>, this=<optimized out>, this=<optimized out>) at src/mongo/db/service_entry_point_mongod.cpp:699
#11 0x0000555555f68841 in mongo::(anonymous namespace)::<lambda()>::operator()(void) const (__closure=__closure@entry=0x7ffff7fcc2d0) at src/mongo/db/service_entry_point_mongod.cpp:813
#12 0x0000555555f69677 in mongo::(anonymous namespace)::runCommands (message=..., opCtx=0x5555616e2640) at src/mongo/db/service_entry_point_mongod.cpp:823
#13 mongo::ServiceEntryPointMongod::handleRequest (this=<optimized out>, opCtx=0x5555616e2640, m=...) at src/mongo/db/service_entry_point_mongod.cpp:1079
#14 0x0000555556ea193d in mongo::(anonymous namespace)::loopbackBuildResponse (opCtx=0x5555616e2640, lastError=0x5555616e2810, toSend=...) at src/mongo/db/dbdirectclient.cpp:145
#15 0x0000555556ea1f1f in mongo::DBDirectClient::say (this=<optimized out>, toSend=..., isRetry=<optimized out>, actualServer=<optimized out>) at src/mongo/db/dbdirectclient.cpp:158
#16 0x00005555571aba2f in mongo::DBClientBase::runFireAndForgetCommand (this=0x5555616e2798, request=...) at src/mongo/client/dbclient.cpp:211
#17 0x00005555571b1c8f in mongo::DBClientBase::insert (this=this@entry=0x5555616e2798, ns=..., v=..., flags=flags@entry=0) at src/mongo/client/dbclient.cpp:1214
#18 0x00005555565c74b7 in mongo::PipelineD::MongoDInterface::insert (this=0x5555616e2790, expCtx=..., ns=..., objs=...) at src/mongo/db/pipeline/pipeline_d.cpp:602
#19 0x0000555557011064 in mongo::DocumentSourceOut::spill (this=this@entry=0x55555cb8b5c0, toInsert=...) at src/mongo/db/pipeline/document_source_out.cpp:148
#20 0x00005555570133af in mongo::DocumentSourceOut::getNext (this=0x55555cb8b5c0) at src/mongo/db/pipeline/document_source_out.cpp:183
#21 0x0000555556fcf59d in mongo::Pipeline::getNext (this=0x55555922db80) at src/mongo/db/pipeline/pipeline.cpp:557
#22 0x000055555658f105 in mongo::PipelineProxyStage::getNextBson (this=this@entry=0x55555cbfc180) at src/mongo/db/exec/pipeline_proxy.cpp:118
#23 0x000055555658f2bc in mongo::PipelineProxyStage::doWork (this=0x55555cbfc180, out=0x7ffff7fcd850) at src/mongo/db/exec/pipeline_proxy.cpp:75
#24 0x000055555658f80b in mongo::PlanStage::work (this=0x55555cbfc180, out=out@entry=0x7ffff7fcd850) at src/mongo/db/exec/plan_stage.cpp:46
#25 0x00005555565dde1b in mongo::PlanExecutor::getNextImpl (this=0x55555effa200, objOut=objOut@entry=0x7ffff7fcd8e0, dlOut=dlOut@entry=0x0) at src/mongo/db/query/plan_executor.cpp:557
#26 0x00005555565de80b in mongo::PlanExecutor::getNext (this=<optimized out>, objOut=objOut@entry=0x7ffff7fcda60, dlOut=dlOut@entry=0x0) at src/mongo/db/query/plan_executor.cpp:406
#27 0x0000555556396085 in mongo::(anonymous namespace)::handleCursorCommand (result=..., request=..., cursor=0x55555effa300, nsForCursor=..., opCtx=0x5555616e2640) at src/mongo/db/commands/run_aggregate.cpp:105
#28 mongo::runAggregate (opCtx=opCtx@entry=0x5555616e2640, origNss=..., request=..., cmdObj=unowned BSONObj 255 bytes @ 0x5555616e23dd = {...}, result=...) at src/mongo/db/commands/run_aggregate.cpp:543
#29 0x000055555638bd40 in mongo::(anonymous namespace)::PipelineCommand::run (this=this@entry=0x55555858e420 <mongo::(anonymous namespace)::pipelineCmd>, opCtx=opCtx@entry=0x5555616e2640, dbname=..., cmdObj=unowned BSONObj 255 bytes @ 0x5555616e23dd = {...}, result=...) at src/mongo/db/commands/pipeline_command.cpp:91
#30 0x0000555557119186 in mongo::BasicCommand::enhancedRun (this=0x55555858e420 <mongo::(anonymous namespace)::pipelineCmd>, opCtx=0x5555616e2640, request=..., result=...) at src/mongo/db/commands.cpp:479
#31 0x00005555571134de in mongo::Command::publicRun (this=0x55555858e420 <mongo::(anonymous namespace)::pipelineCmd>, opCtx=0x5555616e2640, request=..., result=...) at src/mongo/db/commands.cpp:448
#32 0x0000555555f67f19 in mongo::(anonymous namespace)::runCommandImpl (startOperationTime=..., replyBuilder=0x55555efee870, request=..., command=0x55555858e420 <mongo::(anonymous namespace)::pipelineCmd>, opCtx=0x5555616e2640) at src/mongo/db/service_entry_point_mongod.cpp:463
#33 mongo::(anonymous namespace)::execCommandDatabase (opCtx=<optimized out>, command=command@entry=0x55555858e420 <mongo::(anonymous namespace)::pipelineCmd>, request=..., replyBuilder=<optimized out>, this=<optimized out>, this=<optimized out>) at src/mongo/db/service_entry_point_mongod.cpp:699
#34 0x0000555555f68841 in mongo::(anonymous namespace)::<lambda()>::operator()(void) const (__closure=__closure@entry=0x7ffff7fcf510) at src/mongo/db/service_entry_point_mongod.cpp:813
#35 0x0000555555f69677 in mongo::(anonymous namespace)::runCommands (message=..., opCtx=0x5555616e2640) at src/mongo/db/service_entry_point_mongod.cpp:823
#36 mongo::ServiceEntryPointMongod::handleRequest (this=<optimized out>, opCtx=0x5555616e2640, m=...) at src/mongo/db/service_entry_point_mongod.cpp:1079
#37 0x0000555555f7631a in mongo::ServiceStateMachine::_processMessage (this=0x55555cbfc430, guard=...) at src/mongo/transport/service_state_machine.cpp:367
#38 0x0000555555f71987 in mongo::ServiceStateMachine::_runNextInGuard (this=0x55555cbfc430, guard=...) at src/mongo/transport/service_state_machine.cpp:428
#39 0x0000555555f75091 in mongo::ServiceStateMachine::<lambda()>::operator() (__closure=0x5555604c5aa0) at src/mongo/transport/service_state_machine.cpp:468
#40 std::_Function_handler<void(), mongo::ServiceStateMachine::_scheduleNextWithGuard(mongo::ServiceStateMachine::ThreadGuard, mongo::transport::ServiceExecutor::ScheduleFlags, mongo::transport::ServiceExecutorTaskName, mongo::ServiceStateMachine::Ownership)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /opt/mongodbtoolchain/v2/include/c++/5.4.0/functional:1871
#41 0x0000555556efb6c2 in std::function<void ()>::operator()() const (this=0x7ffff7fd0570) at /opt/mongodbtoolchain/v2/include/c++/5.4.0/functional:2267
#42 mongo::transport::ServiceExecutorSynchronous::schedule(std::function<void ()>, mongo::transport::ServiceExecutor::ScheduleFlags, mongo::transport::ServiceExecutorTaskName) (this=this@entry=0x555559224480, task=..., flags=flags@entry=mongo::transport::ServiceExecutor::kMayRecurse, taskName=taskName@entry=mongo::transport::ServiceExecutorTaskName::kSSMProcessMessage) at src/mongo/transport/service_executor_synchronous.cpp:121
#43 0x0000555555f706ff in mongo::ServiceStateMachine::_scheduleNextWithGuard (this=this@entry=0x55555cbfc430, guard=..., flags=flags@entry=mongo::transport::ServiceExecutor::kMayRecurse, taskName=taskName@entry=mongo::transport::ServiceExecutorTaskName::kSSMProcessMessage, ownershipModel=ownershipModel@entry=mongo::ServiceStateMachine::Ownership::kOwned) at src/mongo/transport/service_state_machine.cpp:472
#44 0x0000555555f72d35 in mongo::ServiceStateMachine::_sourceCallback (this=this@entry=0x55555cbfc430, status=Status::OK()) at src/mongo/transport/service_state_machine.cpp:294
#45 0x0000555555f7362b in mongo::ServiceStateMachine::_sourceMessage (this=this@entry=0x55555cbfc430, guard=...) at src/mongo/transport/service_state_machine.cpp:251
#46 0x0000555555f71a0d in mongo::ServiceStateMachine::_runNextInGuard (this=0x55555cbfc430, guard=...) at src/mongo/transport/service_state_machine.cpp:425
#47 0x0000555555f75091 in mongo::ServiceStateMachine::<lambda()>::operator() (__closure=0x5555604c5ce0) at src/mongo/transport/service_state_machine.cpp:468
#48 std::_Function_handler<void(), mongo::ServiceStateMachine::_scheduleNextWithGuard(mongo::ServiceStateMachine::ThreadGuard, mongo::transport::ServiceExecutor::ScheduleFlags, mongo::transport::ServiceExecutorTaskName, mongo::ServiceStateMachine::Ownership)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /opt/mongodbtoolchain/v2/include/c++/5.4.0/functional:1871
#49 0x0000555556efbc25 in std::function<void ()>::operator()() const (this=<optimized out>) at /opt/mongodbtoolchain/v2/include/c++/5.4.0/functional:2267
#50 mongo::transport::ServiceExecutorSynchronous::<lambda()>::operator() (__closure=0x55555efee690) at src/mongo/transport/service_executor_synchronous.cpp:138
#51 std::_Function_handler<void(), mongo::transport::ServiceExecutorSynchronous::schedule(mongo::transport::ServiceExecutor::Task, mongo::transport::ServiceExecutor::ScheduleFlags, mongo::transport::ServiceExecutorTaskName)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /opt/mongodbtoolchain/v2/include/c++/5.4.0/functional:1871
#52 0x00005555575e95d4 in std::function<void ()>::operator()() const (this=<optimized out>) at /opt/mongodbtoolchain/v2/include/c++/5.4.0/functional:2267
#53 mongo::(anonymous namespace)::runFunc (ctx=0x5555604c59c0) at src/mongo/transport/service_entry_point_utils.cpp:55
#54 0x00007ffff7081184 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#55 0x00007ffff6dae03d in clone () from /lib/x86_64-linux-gnu/libc.so.6



 Comments   
Comment by Githook User [ 23/Feb/18 ]

Author:

{'email': 'tess.avitabile@mongodb.com', 'name': 'Tess Avitabile', 'username': 'tessavitabile'}

Message: SERVER-33440 DBDirectClient operations should be able to perform session checkout
Branch: master
https://github.com/mongodb/mongo/commit/0f1a697cea94307c4aec72e8309372254e1f3570

Comment by Eric Milkie [ 22/Feb/18 ]

This might have a quick fix that we can slip in.

Generated at Thu Feb 08 04:33:24 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.