I experienced an abort and hang after an "invalid next size" error running 2.0.1 from the official 10gen ubuntu package. The mongod instance had to be killed as it would not stop. The server this occurred on is the master in a master/slave configuration.
The log:
-
-
- glibc detected *** /usr/bin/mongod: free(): invalid next size (normal): 0x00007f2b5c0073f0 ***
======= Backtrace: =========
/lib/libc.so.6(+0x775b6)[0x7f3dbcf1d5b6]
/lib/libc.so.6(+0x7db23)[0x7f3dbcf23b23]
/lib/libc.so.6(realloc+0xf0)[0x7f3dbcf240b0]
/usr/bin/mongod(_ZN5mongo11_BufBuilderINS_16TrivialAllocatorEE15grow_reallocateEv+0x42)[0x504232]
/usr/bin/mongod(_ZNK5mongo7BSONObj8toStringERNS_13StringBuilderEbb+0x30b)[0x50a7db]
/usr/bin/mongod(_ZNK5mongo11BSONElement8toStringERNS_13StringBuilderEbb+0x5d0)[0x508e40]
/usr/bin/mongod(_ZNK5mongo7BSONObj8toStringERNS_13StringBuilderEbb+0x1d2)[0x50a6a2]
/usr/bin/mongod(_ZNK5mongo11BSONElement8toStringERNS_13StringBuilderEbb+0x11b2)[0x509a22]
/usr/bin/mongod(_ZNK5mongo7BSONObj8toStringERNS_13StringBuilderEbb+0x1d2)[0x50a6a2]
/usr/bin/mongod(_ZNK5mongo7OpDebug8toStringEv+0x1fc)[0x8938fc]
/usr/bin/mongod(_ZNK5mongo14LazyStringImplINS_7OpDebugEE3valEv+0xd)[0x88c31d]
/usr/bin/mongod(_ZN5mongo9LogstreamlsERKNS_10LazyStringE+0x1a)[0x50a80a]
/usr/bin/mongod(_ZN5mongo16assembleResponseERNS_7MessageERNS_10DbResponseERKNS_11HostAndPortE+0x95c)[0x88902c]
/usr/bin/mongod(_ZN5mongo16MyMessageHandler7processERNS_7MessageEPNS_21AbstractMessagingPortEPNS_9LastErrorE+0x76)[0xa9c576]
/usr/bin/mongod(_ZN5mongo3pms9threadRunEPNS_13MessagingPortE+0x287)[0x638937]
/lib/libpthread.so.0(+0x69ca)[0x7f3dbd9dd9ca]
/lib/libc.so.6(clone+0x6d)[0x7f3dbcf8c70d]
- glibc detected *** /usr/bin/mongod: free(): invalid next size (normal): 0x00007f2b5c0073f0 ***
-
[snip]
Thu Nov 10 15:45:43 Got signal: 6 (Aborted).
Thu Nov 10 15:45:43 Backtrace:
0xa89b19 0x7f3dbced9af0 0x7f3dbced9a75 0x7f3dbcedd5c0 0x7f3dbcf134fb 0x7f3dbcf1d5b6 0x7f3dbcf23e83 0x67e2e4 0x67d0cc 0x75bc79 0x67dcf1 0x885441 0x885ae0 0xa89c76 0x7f3dbced9af0 0x7f3dbced9a75 0x7f3dbcedd5c0 0x7f3dbcf134fb 0x7f3dbcf1d5b6 0x7f3dbcf23b23
/usr/bin/mongod(_ZN5mongo10abruptQuitEi+0x399) [0xa89b19]
/lib/libc.so.6(+0x33af0) [0x7f3dbced9af0]
/lib/libc.so.6(gsignal+0x35) [0x7f3dbced9a75]
/lib/libc.so.6(abort+0x180) [0x7f3dbcedd5c0]
/lib/libc.so.6(+0x6d4fb) [0x7f3dbcf134fb]
/lib/libc.so.6(+0x775b6) [0x7f3dbcf1d5b6]
/lib/libc.so.6(cfree+0x73) [0x7f3dbcf23e83]
/usr/bin/mongod(ZNSt8_Rb_treeIPN5mongo9MongoFileES2_St9_IdentityIS2_ESt4lessIS2_ESaIS2_EE5eraseERKS2+0x144) [0x67e2e4]
/usr/bin/mongod(_ZN5mongo9MongoFile9destroyedEv+0x2c) [0x67d0cc]
/usr/bin/mongod(_ZN5mongo8MongoMMF5closeEv+0x59) [0x75bc79]
/usr/bin/mongod(_ZN5mongo9MongoFile13closeAllFilesERSt18basic_stringstreamIcSt11char_traitsIcESaIcEE+0x151) [0x67dcf1]
/usr/bin/mongod(_ZN5mongo14shutdownServerEv+0x6d1) [0x885441]
/usr/bin/mongod(_ZN5mongo6dbexitENS_8ExitCodeEPKcb+0x2a0) [0x885ae0]
/usr/bin/mongod(_ZN5mongo10abruptQuitEi+0x4f6) [0xa89c76]
/lib/libc.so.6(+0x33af0) [0x7f3dbced9af0]
/lib/libc.so.6(gsignal+0x35) [0x7f3dbced9a75]
/lib/libc.so.6(abort+0x180) [0x7f3dbcedd5c0]
/lib/libc.so.6(+0x6d4fb) [0x7f3dbcf134fb]
/lib/libc.so.6(+0x775b6) [0x7f3dbcf1d5b6]
/lib/libc.so.6(+0x7db23) [0x7f3dbcf23b23]
Full log information from the time of the crash is attached.
- duplicates
-
SERVER-4609 StringBuilder signed integer max buffer size spec is too low, can cause allocated memory buffer overflow upon call to BSONObj::toString()
-
- Closed
-
- is related to
-
-
- Closed
-