Operational Defect Database
BugZero found this defect 27 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
MongoDB | 2649507
NULL ClusterServerParameterRefresher SEGV
Last update date:
4/22/2024
Affected products:
MongoDB Server
Affected releases:
No affected releases provided.
Fixed releases:
No fixed releases provided.
Description:
Info
While validating another patch, hit a core with a SEGV. Panic stack was #0 0x0000ffff9eadd5f4 in raise () from /lib64/libpthread.so.0 #1 0x0000ffffa004f3cc in mongo::(anonymous namespace)::endProcessWithSignal (signalNum=signalNum@entry=11) at src/mongo/util/signal_handlers_synchronous.cpp:136 #2 0x0000ffffa0050814 in mongo::(anonymous namespace)::abruptQuitWithAddrSignal (signalNum=11, siginfo=0x7075bf622da0, ucontext_erased=) at src/mongo/util/signal_handlers_synchronous.cpp:351 #3 #4 0x0000ffff9ead40a8 in pthread_mutex_trylock () from /lib64/libpthread.so.0 #5 0x0000ffffa003d6ec in __gthread_mutex_trylock (__mutex=0x30) at /opt/mongodbtoolchain/revisions/69f4f0673ffcb290ce2307560a4883ecf2ad138c/stow/gcc-v4.6zb/include/c++/11.3.0/aarch64-mongodb-linux/bits/gthr-default.h:758 #6 std::mutex::try_lock (this=0x30) at /opt/mongodbtoolchain/revisions/69f4f0673ffcb290ce2307560a4883ecf2ad138c/stow/gcc-v4.6zb/include/c++/11.3.0/bits/std_mutex.h:111 #7 mongo::latch_detail::Mutex::lock (this=this@entry=0x18) at src/mongo/platform/mutex.cpp:70 #8 0x0000ffff9ddd3e04 in std::unique_lock::lock (this=0xffff814b3890) at /opt/mongodbtoolchain/revisions/69f4f0673ffcb290ce2307560a4883ecf2ad138c/stow/gcc-v4.6zb/include/c++/11.3.0/bits/unique_lock.h:131 #9 std::unique_lock::unique_lock (__m=..., this=0xffff814b3890) at /opt/mongodbtoolchain/revisions/69f4f0673ffcb290ce2307560a4883ecf2ad138c/stow/gcc-v4.6zb/include/c++/11.3.0/bits/unique_lock.h:69 #10 mongo::ClusterServerParameterRefresher::refreshParameters (this=0x0, opCtx=opCtx@entry=0x7075bfbe4800) at src/mongo/idl/cluster_server_parameter_refresher.cpp:227 #11 0x0000ffff9dff3788 in mongo::(anonymous namespace)::GetClusterParameterCmd::Invocation::typedRun (opCtx=0x7075bfbe4800, this=0x7075bf8d4cc0) at src/mongo/s/commands/cluster_get_cluster_parameter_cmd.cpp:85 #12 mongo::TypedCommand::InvocationBase::_callTypedRun (opCtx=0x7075bfbe4800, this=0x7075bf8d4cc0) at src/mongo/db/commands.h:1437 #13 mongo::TypedCommand::InvocationBase::_runImpl (reply=0xffff814b3b68, opCtx=0x7075bfbe4800, this=0x7075bf8d4cc0) at src/mongo/db/commands.h:1443 #14 mongo::TypedCommand::InvocationBase::run (this=0x7075bf8d4cc0, opCtx=0x7075bfbe4800, reply=0xffff814b3b68) at src/mongo/db/commands.h:1448 #15 0x0000ffff9932e834 in mongo::CommandHelpers::runCommandDirectly (opCtx=0x7075bfbe4800, request=...) at src/mongo/db/commands.cpp:162 #16 0x0000ffff92be1ab8 in mongo::FTDCSimpleInternalCommandCollector::collect (this=, opCtx=, builder=...) at src/mongo/db/ftdc/ftdc_server.cpp:205 #17 0x0000ffff92b7cd5c in mongo::FTDCCollectorCollection::collect (this=this@entry=0x7075bfbdcb68, client=client@entry=0x7075bf8bcbb0, multiServiceSchema=(unknown: 0x1)) at /opt/mongodbtoolchain/revisions/69f4f0673ffcb290ce2307560a4883ecf2ad138c/stow/gcc-v4.6zb/include/c++/11.3.0/bits/unique_ptr.h:173 #18 0x0000ffff92b83464 in mongo::FTDCController::doLoop (this=0x7075bfbdca00, service=) at src/mongo/db/ftdc/controller.cpp:298 #19 0x0000ffff92b83734 in operator() (__closure=0x7075bf8608d0) at src/mongo/db/ftdc/controller.cpp:166 #20 std::__invoke_impl > (__f=...) at /opt/mongodbtoolchain/revisions/69f4f0673ffcb290ce2307560a4883ecf2ad138c/stow/gcc-v4.6zb/include/c++/11.3.0/bits/invoke.h:61 #21 std::__invoke > (__fn=...) at /opt/mongodbtoolchain/revisions/69f4f0673ffcb290ce2307560a4883ecf2ad138c/stow/gcc-v4.6zb/include/c++/11.3.0/bits/invoke.h:96 #22 std::__apply_impl, std::tuple > (__t=..., __f=...) at /opt/mongodbtoolchain/revisions/69f4f0673ffcb290ce2307560a4883ecf2ad138c/stow/gcc-v4.6zb/include/c++/11.3.0/tuple:1858 #23 std::apply, std::tuple > (__t=..., __f=...) at /opt/mongodbtoolchain/revisions/69f4f0673ffcb290ce2307560a4883ecf2ad138c/stow/gcc-v4.6zb/include/c++/11.3.0/tuple:1869 #24 operator() (__closure=0x7075bf8608c8) at src/mongo/stdx/thread.h:192 #25 std::__invoke_impl >(mongo::FTDCController::start(mongo::Service*)::):: > (__f=...) at /opt/mongodbtoolchain/revisions/69f4f0673ffcb290ce2307560a4883ecf2ad138c/stow/gcc-v4.6zb/include/c++/11.3.0/bits/invoke.h:61 #26 std::__invoke >(mongo::FTDCController::start(mongo::Service*)::):: > (__fn=...) at /opt/mongodbtoolchain/revisions/69f4f0673ffcb290ce2307560a4883ecf2ad138c/stow/gcc-v4.6zb/include/c++/11.3.0/bits/invoke.h:96 #27 std::thread::_Invoker >(mongo::FTDCController::start(mongo::Service*)::):: > >::_M_invoke (this=0x7075bf8608c8) at /opt/mongodbtoolchain/revisions/69f4f0673ffcb290ce2307560a4883ecf2ad138c/stow/gcc-v4.6zb/include/c++/11.3.0/bits/std_thread.h:253 #28 std::thread::_Invoker >(mongo::FTDCController::start(mongo::Service*)::):: > >::operator() (this=0x7075bf8608c8) at /opt/mongodbtoolchain/revisions/69f4f0673ffcb290ce2307560a4883ecf2ad138c/stow/gcc-v4.6zb/include/c++/11.3.0/bits/std_thread.h:260 #29 std::thread::_State_impl >(mongo::FTDCController::start(mongo::Service*)::):: > > >::_M_run(void) (this=0x7075bf8608c0) at /opt/mongodbtoolchain/revisions/69f4f0673ffcb290ce2307560a4883ecf2ad138c/stow/gcc-v4.6zb/include/c++/11.3.0/bits/std_thread.h:211 #30 0x0000ffff9f0daaec in execute_native_thread_routine () from /data/debug/lib/libabsl_base.so #31 0x0000ffff9ead1230 in start_thread () from /lib64/libpthread.so.0 #32 0x0000ffff9ea1f7dc in thread_start () from /lib64/libc.so.6 The culprit is the NULL ClusterServerParameterRefresher pointer in #10. gdb confirmed that the NULL+offset mutex pointer we eventually panicked on was at the correct offset: $12 = (mongo::ClusterServerParameterRefresher *) 0x0 $13 = (mongo::Mutex *) 0x18 $14 = (std::mutex *) 0x30
Top User Comments
Steps to Reproduce
