Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Unresolved
Priority: Major - P3
Fix Version/s: None
Affects Version/s: 3.3.5
Component/s: JavaScript
Labels:
- move-sa
- platforms-re-triaged

Assigned Teams:

Query Execution
Backwards Compatibility:
Fully Compatible

1 - My shell was built with SpiderMonkey 45.0.2:

$ ./mongo --version
MongoDB shell version: 3.3.4-319-g64258ac

2 - I built with optimizations off on OS X 10.11.4:

scons -j5 core --opt=off

$ clang --version
Apple LLVM version 7.3.0 (clang-703.0.29)

3 - I removed the build/ directory and rebuilt and can still repro the crash:

frame #0: 0x0000000107ceb46d mongo`js::detail::HashTable<js::AtomStateEntry const, js::HashSet<js::AtomStateEntry, js::AtomHasher, js::SystemAllocPolicy>::SetOps, js::SystemAllocPolicy>::all(this=0x0000000000000000) const + 29 at HashTable.h:1578
   1575	    Range all() const
   1576	    {
   1577	        MOZ_ASSERT(table);
-> 1578	        return Range(*this, table, table + capacity());
   1579	    }
   1580	
   1581	    bool empty() const
(lldb) fr v
(const js::detail::HashTable<const js::AtomStateEntry, js::HashSet<js::AtomStateEntry, js::AtomHasher, js::SystemAllocPolicy>::SetOps, js::SystemAllocPolicy> *) this = 0x0000000000000000
(lldb) bt
* thread #3: tid = 0x0002, 0x0000000107ceb46d mongo`js::detail::HashTable<js::AtomStateEntry const, js::HashSet<js::AtomStateEntry, js::AtomHasher, js::SystemAllocPolicy>::SetOps, js::SystemAllocPolicy>::all(this=0x0000000000000000) const + 29 at HashTable.h:1578, stop reason = signal SIGSTOP
  * frame #0: 0x0000000107ceb46d mongo`js::detail::HashTable<js::AtomStateEntry const, js::HashSet<js::AtomStateEntry, js::AtomHasher, js::SystemAllocPolicy>::SetOps, js::SystemAllocPolicy>::all(this=0x0000000000000000) const + 29 at HashTable.h:1578
    frame #1: 0x0000000107ceb431 mongo`js::HashSet<js::AtomStateEntry, js::AtomHasher, js::SystemAllocPolicy>::all(this=0x0000000000000000) const + 17 at HashTable.h:402
    frame #2: 0x0000000107ced571 mongo`js::detail::HashTable<js::AtomStateEntry const, js::HashSet<js::AtomStateEntry, js::AtomHasher, js::SystemAllocPolicy>::SetOps, js::SystemAllocPolicy>::Enum::Enum<js::GCHashSet<js::AtomStateEntry, js::AtomHasher, js::SystemAllocPolicy, js::DefaultGCPolicy<js::AtomStateEntry> > >(this=0x0000700000102bc0, map=0x0000000000000000) + 33 at HashTable.h:977
    frame #3: 0x0000000107ce9e4d mongo`js::detail::HashTable<js::AtomStateEntry const, js::HashSet<js::AtomStateEntry, js::AtomHasher, js::SystemAllocPolicy>::SetOps, js::SystemAllocPolicy>::Enum::Enum<js::GCHashSet<js::AtomStateEntry, js::AtomHasher, js::SystemAllocPolicy, js::DefaultGCPolicy<js::AtomStateEntry> > >(this=0x0000700000102bc0, map=0x0000000000000000) + 29 at HashTable.h:977
    frame #4: 0x0000000107ce7e8e mongo`js::MarkAtoms(trc=0x00007fcc6b05a238) + 46 at jsatom.cpp:197
    frame #5: 0x00000001085a51e2 mongo`js::gc::GCRuntime::markRuntime(this=0x00007fcc6b0583f0, trc=0x00007fcc6b05a238, traceOrMark=MarkRuntime) + 994 at RootMarking.cpp:298
    frame #6: 0x00000001081d81dd mongo`js::gc::GCRuntime::beginMarkPhase(this=0x00007fcc6b0583f0, reason=DESTROY_RUNTIME) + 2765 at jsgc.cpp:4044
    frame #7: 0x00000001081df0f3 mongo`js::gc::GCRuntime::incrementalCollectSlice(this=0x00007fcc6b0583f0, budget=0x0000700000103390, reason=DESTROY_RUNTIME) + 387 at jsgc.cpp:6024
    frame #8: 0x00000001081dfb90 mongo`js::gc::GCRuntime::gcCycle(this=0x00007fcc6b0583f0, nonincrementalByAPI=true, budget=0x0000700000103390, reason=DESTROY_RUNTIME) + 704 at jsgc.cpp:6278
    frame #9: 0x00000001081e0261 mongo`js::gc::GCRuntime::collect(this=0x00007fcc6b0583f0, nonincrementalByAPI=true, budget=SliceBudget @ 0x0000700000103390, reason=DESTROY_RUNTIME) + 497 at jsgc.cpp:6384
    frame #10: 0x00000001081e0746 mongo`js::gc::GCRuntime::gc(this=0x00007fcc6b0583f0, gckind=GC_NORMAL, reason=DESTROY_RUNTIME) + 102 at jsgc.cpp:6442
    frame #11: 0x0000000108434dad mongo`JSRuntime::~JSRuntime(this=0x00007fcc6b058000) + 893 at Runtime.cpp:412
    frame #12: 0x0000000108435455 mongo`JSRuntime::~JSRuntime(this=0x00007fcc6b058000) + 21 at Runtime.cpp:361
    frame #13: 0x000000010815ec18 mongo`JS_DestroyRuntime(JSRuntime*) [inlined] void js_delete<JSRuntime>(p=0x00007fcc6b058000) + 20 at Utility.h:370
    frame #14: 0x000000010815ec04 mongo`JS_DestroyRuntime(rt=0x00007fcc6b058000) + 20 at jsapi.cpp:480
    frame #15: 0x00000001076ccabe mongo`mongo::mozjs::MozJSImplScope::MozRuntime::~MozRuntime(this=0x00007fcc6b055468) + 46 at implscope.cpp:280
    frame #16: 0x00000001076ccb85 mongo`mongo::mozjs::MozJSImplScope::MozRuntime::~MozRuntime(this=0x00007fcc6b055468) + 21 at implscope.cpp:278
    frame #17: 0x00000001076cdbde mongo`mongo::mozjs::MozJSImplScope::MozJSImplScope(this=0x00007fcc6b055400, engine=0x00007fcc6ac0c7b0) + 4174 at implscope.cpp:365
    frame #18: 0x00000001076cea1d mongo`mongo::mozjs::MozJSImplScope::MozJSImplScope(this=0x00007fcc6b055400, engine=0x00007fcc6ac0c7b0) + 29 at implscope.cpp:332
    frame #19: 0x0000000107714848 mongo`mongo::mozjs::MozJSProxyScope::implThread(arg=0x00007fcc6ae005c0) + 264 at proxyscope.cpp:330
    frame #20: 0x00000001076a75d6 mongo`nspr::Thread::ThreadRoutine(arg=0x00007fcc6ae006f0) + 54 at PosixNSPR.cpp:56
    frame #21: 0x00000001076aa16d mongo`void* std::__1::__thread_proxy<std::__1::tuple<void* (*)(void*), nspr::Thread*> >(void*) [inlined] decltype(__f=0x00007fcc6ae00710, __args=0x00007fcc6ae00718)(void*)>(fp)(std::__1::forward<nspr::Thread*>(fp0))) std::__1::__invoke<void* (*)(void*), nspr::Thread*>(void* (*&&)(void*), nspr::Thread*&&) + 24 at __functional_base:416
    frame #22: 0x00000001076aa155 mongo`void* std::__1::__thread_proxy<std::__1::tuple<void* (*)(void*), nspr::Thread*> >(void*) [inlined] void std::__1::__thread_execute<void* (*)(void*), nspr::Thread*, 1ul>(__t=0x00007fcc6ae00710)(void*), nspr::Thread*>&, std::__1::__tuple_indices<1ul>) + 40 at thread:337
    frame #23: 0x00000001076aa12d mongo`void* std::__1::__thread_proxy<std::__1::tuple<void* (*)(void*), nspr::Thread*> >(__vp=0x00007fcc6ae00710) + 365 at thread:347
    frame #24: 0x00007fff8ee0599d libsystem_pthread.dylib`_pthread_body + 131
    frame #25: 0x00007fff8ee0591a libsystem_pthread.dylib`_pthread_start + 168
    frame #26: 0x00007fff8ee03351 libsystem_pthread.dylib`thread_start + 13
(lldb)

is duplicated by

SERVER-24469 jstests/core/and.js fails with SEGFAULT in the JS engine intermittently on OS X 10.11 when compiled with --opt=off

Closed

SERVER-25112 mapReduce segmentation fault on v3.3.9 unoptimized builds

Closed

Assignee:: [DO NOT USE] Backlog - Query Execution

Reporter:: Kamran K.

Participants:: [DO NOT USE] Backlog - Query Execution, Andrew Morrow, Geert Bosch, Jonathan Reams, Kamran K.

Votes:: 1 Vote for this issue

Watchers:: 13 Start watching this issue

Created:: Apr 22 2016 10:08:56 PM UTC

Updated:: Jan 08 2024 03:23:16 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates