[SERVER-19248] Segmentation fault running query with $where Created: 01/Jul/15  Updated: 11/Aug/15  Resolved: 11/Aug/15

Status: Closed
Project: Core Server
Component/s: JavaScript
Affects Version/s: 2.6.10
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Jon Gorrono Assignee: Sam Kleinman (Inactive)
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
duplicates SERVER-15920 Segmentation fault on mongod processe... Closed
duplicates SERVER-12991 Segmentation fault during V8 initiali... Closed
duplicates SERVER-16564 package installation should configure... Closed
Operating System: ALL
Steps To Reproduce:

$mongo
MongoDB shell version: 2.6.10
connecting to: test
Server has startup warnings: 
2015-07-01T12:41:47.230-0700 ** WARNING: --rest is specified without --httpinterface,
2015-07-01T12:41:47.230-0700 **          enabling http interface
> db.version()
2.6.10
> version()
2.6.10
> > db.test.find( { $where: "this.credits == this.debits" } )
2015-07-01T12:36:12.748-0700 DBClientCursor::init call() failed
Error: error doing query: failed
2015-07-01T12:36:12.750-0700 trying reconnect to 127.0.0.1:27017 (127.0.0.1) failed
2015-07-01T12:36:12.751-0700 warning: Failed to connect to 127.0.0.1:27017, reason: errno:111 Connection refused
...

Participants:

 Description   

Running example from docs
(http://docs.mongodb.org/v2.6/reference/operator/query/where/):

db.test.find( { $where: "this.credits == this.debits" } );

produced instant segfault:

2015-07-01T12:36:12.331-0700 [conn1] SEVERE: Invalid access at address: 0x20
2015-07-01T12:36:12.654-0700 [conn1] SEVERE: Got signal: 11 (Segmentation fault).
Backtrace:0x121eb61 0x121df3e 0x121e02f 0x7f038822a0d0 0x1504115 0x15d2e1f 0x150513e 0x1505159 0x15a0b8e 0x14e5b22 0x15a0cc0 0x1316e37 0x15a76da 0x117a005 0x118d539 0x116dd93 0xc10484 0xc10c0f 0xc086fc 0xc03226 
 /usr/bin/mongod(_ZN5mongo15printStackTraceERSo+0x21) [0x121eb61]
 /usr/bin/mongod() [0x121df3e]
 /usr/bin/mongod() [0x121e02f]
 /lib64/libpthread.so.0(+0x100d0) [0x7f038822a0d0]
 /usr/bin/mongod(_ZN2v88internal2OS8AllocateEmPmb+0xe5) [0x1504115]
 /usr/bin/mongod(_ZN2v88internal28CreateTranscendentalFunctionENS0_19TranscendentalCache4TypeE+0x3f) [0x15d2e1f]
 /usr/bin/mongod(_ZN2v88internal22init_fast_sin_functionEv+0xe) [0x150513e]
 /usr/bin/mongod(_ZN2v88internal14POSIXPostSetUpEv+0x9) [0x1505159]
 /usr/bin/mongod(_ZN2v88internal2V828InitializeOncePerProcessImplEv+0x3e) [0x15a0b8e]
 /usr/bin/mongod(_ZN2v88internal12CallOnceImplEPlPFvPvES2_+0x62) [0x14e5b22]
 /usr/bin/mongod(_ZN2v88internal2V810InitializeEPNS0_12DeserializerE+0x20) [0x15a0cc0]
 /usr/bin/mongod(_ZN2v82V810InitializeEv+0x47) [0x1316e37]
 /usr/bin/mongod(_ZN2v86LockerC1EPNS_7IsolateE+0x9a) [0x15a76da]
 /usr/bin/mongod(_ZN5mongo7V8ScopeC1EPNS_14V8ScriptEngineE+0x3c5) [0x117a005]
 /usr/bin/mongod(_ZN5mongo14V8ScriptEngine11createScopeEv+0x29) [0x118d539]
 /usr/bin/mongod(_ZN5mongo12ScriptEngine14getPooledScopeERKSsS2_+0x283) [0x116dd93]
 /usr/bin/mongod(_ZN5mongo20WhereMatchExpression4initERKNS_10StringDataES3_RKNS_7BSONObjE+0x2e4) [0xc10484]
 /usr/bin/mongod(_ZN5mongo33expressionParserWhereCallbackRealERKNS_11BSONElementE+0x22f) [0xc10c0f]
 /usr/bin/mongod(_ZN5boost6detail8function17function_invoker1IPFN5mongo10StatusWithIPNS3_15MatchExpressionEEERKNS3_11BSONElementEES7_SA_E6invokeERNS1_15function_bufferESA_+0xc) [0xc086fc]
 /usr/bin/mongod(_ZN5mongo21MatchExpressionParser6_parseERKNS_7BSONObjEi+0xf16) [0xc03226]

Server configs are defaults except:
added http interface
created replicaset with one member to get oplogs:

grep '^[^#]' /etc/mongod.conf
rest=true
nohttpinterface=false
logpath=/var/log/mongodb/mongod.log
logappend=true
fork=true
dbpath=/var/lib/mongo
pidfilepath=/var/run/mongodb/mongod.pid
bind_ip=127.0.0.1
replSet=localhost



 Comments   
Comment by Sam Kleinman (Inactive) [ 11/Aug/15 ]

I'm going to go ahead and close this ticket, as there are already other reports of the underlying issue. See the
documentation for configuring SELinux, for a working policy configuration.

Regards,
sam

Comment by Jon Gorrono [ 11/Aug/15 ]

Yes, turning off enforcement avoided the segfault. Do you have pre-baked policies I can use?

Comment by Jon Gorrono [ 10/Aug/15 ]

Sorry about the delay. I completely missed the email for the initial reply comment. I will look at the ticket referenced and try to confirm the relationship later tonight or in the morning.

Comment by Ramon Fernandez Marina [ 03/Aug/15 ]

ccjon, we haven't heard back from you for some time. If this is still an issue for you, can you please reply with the information about SELinux requested by Sam above?

Thanks,
Ramón.

Comment by Sam Kleinman (Inactive) [ 02/Jul/15 ]

Hello,

Thanks for this report. Sometimes errors like this happening during javascript execution are caused by an interaction with the SELinux configuration. See SERVER-12991 for another related case.

Is SE Linux configured on this machine? Can you reproduce with SELinux disabled?

Regards,
sam

Comment by Jon Gorrono [ 01/Jul/15 ]

same behavior in 2.7.8 on the same machine

Comment by Jon Gorrono [ 01/Jul/15 ]

Forgot to add that this is lastest package version from Fedora 21:
uname -srmvpio
Linux 4.0.6-200.fc21.x86_64 #1 SMP Tue Jun 23 13:59:12 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

Generated at Thu Feb 08 03:50:19 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.