Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-13798

v8 garbage collection can cause crash due to independent lifetime of DBClient and Cursor objects

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.6.4, 2.7.1
    • Affects Version/s: 2.6.0
    • Component/s: JavaScript
    • Labels:
      None
    • ALL
    • Server 2.7.1

      To reproduce:

      • apply the attached patch.
      • run the multi version test suite

      After applying the patch, it would be necessary to explicitly invoke gc() in the test script to prevent the shell from crashing.

      Stack trace in the mongo shell program:

      2014-04-30T09:05:02.659-0400 mongo got signal 11 (Segmentation fault), stack trace: 
2014-04-30T09:05:02.662-0400 0xd86f13 0xaa8e53 0x7f3503928400 0xb4b965 0xb4b7a9 0xc97aee 0xc97aa4 0xc966f5 0xcb46fe 0x1088e43 0x108740f 0x109a68a 0x1099d95 0xfe013f 0x10998bf 0x1039acc 0x12c4b58 0x3df6dbc06362 
 /home/dannenberg/work/server10086/mongo/mongo(_ZN5mongo15printStackTraceERSo+0x23) [0xd86f13]
 /home/dannenberg/work/server10086/mongo/mongo(_Z12quitAbruptlyi+0xf3) [0xaa8e53]
 /usr/lib/libc.so.6(+0x35400) [0x7f3503928400]
 /home/dannenberg/work/server10086/mongo/mongo(_ZN5mongo14DBClientCursorD1Ev+0x1a5) [0xb4b965]
 /home/dannenberg/work/server10086/mongo/mongo(_ZN5mongo14DBClientCursorD0Ev+0x19) [0xb4b7a9]
 /home/dannenberg/work/server10086/mongo/mongo(_ZN5boost14checked_deleteIN5mongo14DBClientCursorEEEvPT_+0x2e) [0xc97aee]
 /home/dannenberg/work/server10086/mongo/mongo(_ZN5boost10scoped_ptrIN5mongo14DBClientCursorEED2Ev+0x14) [0xc97aa4]
 /home/dannenberg/work/server10086/mongo/mongo(_ZN5mongo10ObjTrackerINS_14DBClientCursorEE10TrackedPtrD2Ev+0x15) [0xc966f5]
 /home/dannenberg/work/server10086/mongo/mongo(_ZN5mongo10ObjTrackerINS_14DBClientCursorEE15deleteOnCollectEN2v810PersistentINS3_5ValueEEEPv+0x4e) [0xcb46fe]
 /home/dannenberg/work/server10086/mongo/mongo(_ZN2v88internal13GlobalHandles4Node31PostGarbageCollectionProcessingEPNS0_7IsolateEPS1_+0x1d3) [0x1088e43]
 /home/dannenberg/work/server10086/mongo/mongo(_ZN2v88internal13GlobalHandles31PostGarbageCollectionProcessingENS0_16GarbageCollectorE+0x1bf) [0x108740f]
 /home/dannenberg/work/server10086/mongo/mongo(_ZN2v88internal4Heap24PerformGarbageCollectionENS0_16GarbageCollectorEPNS0_8GCTracerE+0x64a) [0x109a68a]
 /home/dannenberg/work/server10086/mongo/mongo(_ZN2v88internal4Heap14CollectGarbageENS0_15AllocationSpaceENS0_16GarbageCollectorEPKcS5_+0x3b5) [0x1099d95]
 /home/dannenberg/work/server10086/mongo/mongo(_ZN2v88internal4Heap14CollectGarbageENS0_15AllocationSpaceEPKc+0x4f) [0xfe013f]
 /home/dannenberg/work/server10086/mongo/mongo(_ZN2v88internal4Heap17CollectAllGarbageEiPKc+0x3f) [0x10998bf]
 /home/dannenberg/work/server10086/mongo/mongo(_ZN2v88internal9Execution25HandleStackGuardInterruptEPNS0_7IsolateE+0x7c) [0x1039acc]
 /home/dannenberg/work/server10086/mongo/mongo(_ZN2v88internal18Runtime_StackGuardENS0_9ArgumentsEPNS0_7IsolateE+0xc8) [0x12c4b58]
 ??? [0x3df6dbc06362]

      When addr2line'd this looks like:

      /home/dannenberg/work/server10086/mongo/src/mongo/util/stacktrace.cpp:306
/home/dannenberg/work/server10086/mongo/src/mongo/shell/dbshell.cpp:229
??:0
/home/dannenberg/work/server10086/mongo/src/mongo/client/dbclientcursor.cpp:331
/home/dannenberg/work/server10086/mongo/src/mongo/client/dbclientcursor.cpp:327
/home/dannenberg/work/server10086/mongo/src/third_party/boost/boost/checked_delete.hpp:40
/home/dannenberg/work/server10086/mongo/src/third_party/boost/boost/smart_ptr/scoped_ptr.hpp:80
/home/dannenberg/work/server10086/mongo/src/mongo/scripting/engine_v8.h:92
/home/dannenberg/work/server10086/mongo/src/mongo/scripting/engine_v8.h:110
/home/dannenberg/work/server10086/mongo/src/third_party/v8/src/global-handles.cc:233
/home/dannenberg/work/server10086/mongo/src/third_party/v8/src/global-handles.cc:558
/home/dannenberg/work/server10086/mongo/src/third_party/v8/src/heap.cc:923
/home/dannenberg/work/server10086/mongo/src/third_party/v8/src/heap.cc:588
/home/dannenberg/work/server10086/mongo/src/third_party/v8/src/heap-inl.h:440
/home/dannenberg/work/server10086/mongo/src/third_party/v8/src/heap.cc:498
/home/dannenberg/work/server10086/mongo/src/third_party/v8/src/execution.cc:928
/home/dannenberg/work/server10086/mongo/src/third_party/v8/src/runtime.cc:9198
??:0

        1. server13798.patch
          0.5 kB
          Benety Goh

            Assignee:
            benety.goh@mongodb.com Benety Goh
            Reporter:
            matt.dannenberg Matt Dannenberg
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: