[SERVER-4807] test crash Created: 29/Jan/12  Updated: 11/Jul/16  Resolved: 31/Jan/12

Status: Closed
Project: Core Server
Component/s: JavaScript
Affects Version/s: None
Fix Version/s: 2.1.0

Type: Bug Priority: Major - P3
Reporter: Eliot Horowitz (Inactive) Assignee: Antoine Girbal
Resolution: Done Votes: 0
Labels: buildbot
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Operating System: ALL
Participants:

 Description   

http://buildbot.mongodb.org:8081/builders/Linux%2064-bit%20v8/builds/2955/steps/test/logs/stdio



 Comments   
Comment by auto [ 31/Jan/12 ]

Author:

{u'login': u'agirbal', u'name': u'agirbal', u'email': u'antoine@10gen.com'}

Message: - SERVER-4807: access to bsonholder on objects that dont have it
Branch: master
https://github.com/mongodb/mongo/commit/6a5269e37025ab957320a51717787187b1040bde

Comment by Eric Milkie [ 30/Jan/12 ]

Most of the time, I can also get the mongod process to crash. The crash occurs on the same line as above:

 
==14376== Invalid read of size 4
==14376==    at 0x7F6D73: mongo::unwrapBSONObj(v8::Handle<v8::Object> const&) (atomic_int.h:87)
==14376==    by 0x800043: mongo::V8Scope::v8ToMongo(v8::Handle<v8::Object>, int) (engine_v8.cpp:1497)
==14376==    by 0x802291: mongo::V8Scope::v8ToMongoElement(mongo::BSONObjBuilder&, std::string, v8::Handle<v8::Value>, int, mongo::BSONObj*) (engine_v8.cpp:1470)
==14376==    by 0x800241: mongo::V8Scope::v8ToMongo(v8::Handle<v8::Object>, int) (engine_v8.cpp:1527)
==14376==    by 0x802291: mongo::V8Scope::v8ToMongoElement(mongo::BSONObjBuilder&, std::string, v8::Handle<v8::Value>, int, mongo::BSONObj*) (engine_v8.cpp:1470)
==14376==    by 0x802F8A: mongo::V8Scope::append(mongo::BSONObjBuilder&, char const*, char const*) (engine_v8.cpp:1348)
==14376==    by 0x7C851C: mongo::dbEval(std::string const&, mongo::BSONObj&, mongo::BSONObjBuilder&, std::string&) (dbeval.cpp:104)
==14376==    by 0x7C9515: mongo::CmdEval::run(std::string const&, mongo::BSONObj&, int, std::string&, mongo::BSONObjBuilder&, bool) (dbeval.cpp:132)
==14376==    by 0x8B4DA5: mongo::_execCommand(mongo::Command*, std::string const&, mongo::BSONObj&, int, mongo::BSONObjBuilder&, bool) (dbcommands.cpp:1774)
==14376==    by 0x8B5A03: mongo::execCommand(mongo::Command*, mongo::Client&, int, char const*, mongo::BSONObj&, mongo::BSONObjBuilder&, bool) (dbcommands.cpp:1878)
==14376==    by 0x8B76E6: mongo::_runCommands(char const*, mongo::BSONObj&, mongo::_BufBuilder<mongo::TrivialAllocator>&, mongo::BSONObjBuilder&, bool, int) (dbcommands.cpp:1947)
==14376==    by 0x9724E4: mongo::runCommands(char const*, mongo::BSONObj&, mongo::CurOp&, mongo::_BufBuilder<mongo::TrivialAllocator>&, mongo::BSONObjBuilder&, bool, int) (query.cpp:56)
==14376==  Address 0xFFFFFFFF is not stack'd, malloc'd or (recently) free'd

I tried to run using the debugger but I am hitting some bugs in gdb or valgrind (on the V8 buildslave, both are out of date and need to be upgraded).
I haven't set up a V8 build on my local machine yet. But here's what I'm using to test:

valgrind --leak-check=no --db-attach=yes --db-command="gdbtui %f %p" ./mongod --nojournal

and then in another terminal:

./mongo jstests/eval9.js

Comment by Eric Milkie [ 30/Jan/12 ]

Hi Antoine,
I got some uninitialized branch/jump errors on the server while running eval9.js; maybe they are related to the crashes?

 
==10280== Thread 10:
==10280== Conditional jump or move depends on uninitialised value(s)
==10280==    at 0x7F6D6C: mongo::unwrapBSONObj(v8::Handle<v8::Object> const&) (intrusive_ptr.hpp:96)
==10280==    by 0x800043: mongo::V8Scope::v8ToMongo(v8::Handle<v8::Object>, int) (engine_v8.cpp:1497)
==10280==    by 0x802291: mongo::V8Scope::v8ToMongoElement(mongo::BSONObjBuilder&, std::string, v8::Handle<v8::Value>, int, mongo::BSONObj*) (engine_v8.cpp:1470)
==10280==    by 0x800241: mongo::V8Scope::v8ToMongo(v8::Handle<v8::Object>, int) (engine_v8.cpp:1527)
==10280==    by 0x802291: mongo::V8Scope::v8ToMongoElement(mongo::BSONObjBuilder&, std::string, v8::Handle<v8::Value>, int, mongo::BSONObj*) (engine_v8.cpp:1470)
==10280==    by 0x802F8A: mongo::V8Scope::append(mongo::BSONObjBuilder&, char const*, char const*) (engine_v8.cpp:1348)
==10280==    by 0x7C851C: mongo::dbEval(std::string const&, mongo::BSONObj&, mongo::BSONObjBuilder&, std::string&) (dbeval.cpp:104)
==10280==    by 0x7C9515: mongo::CmdEval::run(std::string const&, mongo::BSONObj&, int, std::string&, mongo::BSONObjBuilder&, bool) (dbeval.cpp:132)
==10280==    by 0x8B4DA5: mongo::_execCommand(mongo::Command*, std::string const&, mongo::BSONObj&, int, mongo::BSONObjBuilder&, bool) (dbcommands.cpp:1774)
==10280==    by 0x8B5A03: mongo::execCommand(mongo::Command*, mongo::Client&, int, char const*, mongo::BSONObj&, mongo::BSONObjBuilder&, bool) (dbcommands.cpp:1878)
==10280==    by 0x8B76E6: mongo::_runCommands(char const*, mongo::BSONObj&, mongo::_BufBuilder<mongo::TrivialAllocator>&, mongo::BSONObjBuilder&, bool, int) (dbcommands.cpp:1947)
==10280==    by 0x9724E4: mongo::runCommands(char const*, mongo::BSONObj&, mongo::CurOp&, mongo::_BufBuilder<mongo::TrivialAllocator>&, mongo::BSONObjBuilder&, bool, int) (query.cpp:56)

Comment by Eric Milkie [ 30/Jan/12 ]

Build 2957 contains the above fix but eval9.js still crashed. I am going to run with Valgrind Memcheck to see if it can shed more light on the problem.

Comment by auto [ 30/Jan/12 ]

Author:

{u'login': u'agirbal', u'name': u'agirbal', u'email': u'antoine@10gen.com'}

Message: SERVER-4807: fix type for delete
Branch: master
https://github.com/mongodb/mongo/commit/6a40af08608a412b30d8c75f29ad67e7ff1926c0

Generated at Thu Feb 08 03:07:03 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.