[SERVER-24469] jstests/core/and.js fails with SEGFAULT in the JS engine intermittently on OS X 10.11 when compiled with --opt=off Created: 08/Jun/16  Updated: 05/Dec/16  Resolved: 05/Dec/16

Status: Closed
Project: Core Server
Component/s: JavaScript, MapReduce
Affects Version/s: 3.3.8
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: David Hatch Assignee: DO NOT USE - Backlog - Platform Team
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File and.log     Text File jscore.log     Text File spider-monkey-dbg.log     Text File stacktrace.txt    
Issue Links:
Duplicate
duplicates SERVER-23888 Unoptimized builds on OSX overflow th... Backlog
Backwards Compatibility: Fully Compatible
Operating System: ALL
Steps To Reproduce:

1. git checkout r3.3.8
2. Compile mongod using optimization off, debug on: scons --opt=off --dbg=on core.
3. Execute and.js: /buildscripts/resmoke.py --dbpathPrefix=$(mktemp -d) jstests/core/and.js | tee and.log
4. Repeat the prior step until a segmentation fault is observed.
5. The stack trace can be obtained by running xcrun atos -o mongod -l <A> <ADDRS...>, where <A> is the first value of "b" in the backtrace JSON output, and <ADDRS...> is the space separated list of addresses just before ----- BEGIN BACKTRACE ----- in the log output. In the stack trace example, <A> is 100F4A000, <ADDRS...> is 0x1023c65c4 0x1023c6045....

Sprint: Platforms 2017-01-23
Participants:

 Description   

This issue affects JS tests that run the javascript engine on mongod, that is, anything utilizing mapReduce or $where. It occurs in 3.3.8, but I have not tested prior releases.

This test failure is reliably reproducible when running jstests/core/and.js. Although some runs succeed, most result in failure.

I have been unable to reproduce the issue on any platform other than OS X 10.11, and the issue is not present when compiled with optimizations off. I've attached log output, and a symbolized stack trace. I've also attached jscore.log, which shows an example of another JS test failing in a similar fashion.

The issue seems to stem from within the JS engine, during a garbage collection sweep.

clang version:

Apple LLVM version 7.3.0 (clang-703.0.31)
Target: x86_64-apple-darwin15.5.0



 Comments   
Comment by David Hatch [ 08/Jun/16 ]

Actually, I attached spider-monkey-dbg.log, which shows a failure with this compile flag as well.

Comment by David Hatch [ 08/Jun/16 ]

mark.benvenuto, I can't seem to reproduce with --spider-monkey-dbg=on

Comment by Kamran K. [ 08/Jun/16 ]

This seems like a duplicate of SERVER-23888.

Comment by Mark Benvenuto [ 08/Jun/16 ]

Does it repro if you build with --spider-monkey-dbg=on? If so, what is the stack in this case or do we hit an internal assert?

Generated at Thu Feb 08 04:06:27 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.