[Pkg-mongodb-maintainers] Bug#876755: mongodb-server: segfault on spidermonkey GC under load

Apollon Oikonomopoulos apoikos at debian.org
Mon Sep 25 14:45:04 UTC 2017 

Package: mongodb-server
Version: 1:3.2.11-2
Severity: important

MongoDB 3.2.11-2 on Stretch has crashed repeatedly a couple of times on 
big map-reduce operations with the following backtrace:

  _ZN5mongo15printStackTraceERSo at src/mongo/util/stacktrace_posix.cpp:172
  printSignalAndBacktrace at src/mongo/util/signal_handlers_synchronous.cpp:182
  abruptQuitWithAddrSignal at src/mongo/util/signal_handlers_synchronous.cpp:277
  ?? at ??:0
  ShouldMoveToTenured at src/third_party/mozjs-38/extract/js/src/gc/Nursery.cpp:749
   (inlined by) _ZN2js7Nursery15MinorGCCallbackEP8JSTracerPPv13JSGCTraceKind at src/third_party/mozjs-38/extract/js/src/gc/Nursery.cpp:759
  _ZN8JSTracer19clearTracingDetailsEv at src/third_party/mozjs-38/include/js/TracingAPI.h:129
   (inlined by) MarkInternal<js::NativeObject> at src/third_party/mozjs-38/extract/js/src/gc/Marking.cpp:294
  _ZNK8JSObject8getClassEv at src/third_party/mozjs-38/extract/js/src/jsobj.h:134
   (inlined by) _ZNK8JSObject2isI10JSFunctionEEbv at src/third_party/mozjs-38/extract/js/src/jsobj.h:561
   (inlined by) _ZN2js8frontend9ObjectBox13isFunctionBoxEv at src/third_party/mozjs-38/extract/js/src/frontend/ParseNode.h:1535
   (inlined by) _ZN2js8frontend9ObjectBox5traceEP8JSTracer at src/third_party/mozjs-38/extract/js/src/frontend/ParseNode.cpp:1101
  _ZN2JS12AutoGCRooter5traceEP8JSTracer at src/third_party/mozjs-38/extract/js/src/gc/RootMarking.cpp:143
  _ZN2JS12AutoGCRooter17traceAllInContextI9JSContextEEvPT_P8JSTracer at src/third_party/mozjs-38/extract/js/src/jspubtd.h:230
   (inlined by) _ZN2JS12AutoGCRooter8traceAllEP8JSTracer at src/third_party/mozjs-38/extract/js/src/gc/RootMarking.cpp:307
  _ZN2js2gc9GCRuntime11markRuntimeEP8JSTracerNS1_18TraceOrMarkRuntimeENS1_21TraceRootsOrUsedSavedE at src/third_party/mozjs-38/extract/js/src/gc/RootMarking.cpp:441
  _ZN2js7Nursery7collectEP9JSRuntimeN2JS8gcreason6ReasonEPNS_6VectorIPNS_11ObjectGroupELm0ENS_17SystemAllocPolicyEEE at src/third_party/mozjs-38/extract/js/src/gc/Nursery.cpp:836
  _ZN2js2gc9GCRuntime7minorGCEP9JSContextN2JS8gcreason6ReasonE at src/third_party/mozjs-38/extract/js/src/jsgc.cpp:6412
  _ZN9JSContext7minorGCEN2JS8gcreason6ReasonE at src/third_party/mozjs-38/extract/js/src/jscntxt.h:418
   (inlined by) _ZN2js2gc25AllocateObjectForCacheHitILNS_7AllowGCE1EEEP8JSObjectP9JSContextNS0_9AllocKindENS0_11InitialHeapEPKNS_5ClassE at src/third_party/mozjs-38/extract/js/src/jsgcinlines.h:594
   (inlined by) _ZN2js14NewObjectCache16newObjectFromHitEP9JSContextiNS_2gc11InitialHeapE at src/third_party/mozjs-38/extract/js/src/vm/Runtime-inl.h:73
  _ZN2js29NewObjectWithClassProtoCommonEPNS_16ExclusiveContextEPKNS_5ClassEN2JS6HandleIP8JSObjectEES9_NS_2gc9AllocKindENS_13NewObjectKindE at src/third_party/mozjs-38/extract/js/src/jsobj.cpp:1423
  _ZN2js23NewBuiltinClassInstanceINS_11PlainObjectEEEPT_PNS_16ExclusiveContextENS_13NewObjectKindE at src/third_party/mozjs-38/extract/js/src/jsobjinlines.h:609
   (inlined by) newNode at src/third_party/mozjs-38/extract/js/src/jsreflect.cpp:708
  newNode at src/third_party/mozjs-38/extract/js/src/jsreflect.cpp:383
  expressionStatement at src/third_party/mozjs-38/extract/js/src/jsreflect.cpp:834
   (inlined by) statement at src/third_party/mozjs-38/extract/js/src/jsreflect.cpp:2393
  statements at src/third_party/mozjs-38/extract/js/src/jsreflect.cpp:1961
  program at src/third_party/mozjs-38/extract/js/src/jsreflect.cpp:2003
   (inlined by) reflect_parse at src/third_party/mozjs-38/extract/js/src/jsreflect.cpp:3554
  
>From the backtrace it appears to be mozjs-GC-related and the underlying 
cause might be the same as for #871906. Investigation sofar has revealed 
that it might be related to optimizations enabled in GCC 6 and, as 
indicated by
  https://trac.wildfiregames.com/ticket/4053
and
  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70526

I'm filing a separate bug than #871906, as this case is not easily 
reproducible and will take some time to figure out whether it's been 
fixed or not, and the fix will have to be backported to Stretch as well.

More information about the Pkg-mongodb-maintainers mailing list