-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
Minor - P4
-
None
-
Affects Version/s: None
-
Component/s: None
-
Query Integration
-
ALL
-
0
-
None
-
None
-
None
-
None
-
None
-
None
-
None
MongoDB tested the provided binaries on the Antithesis autonomous testing platform and found this potential bug.
If the artifacts attached to this ticket don't provide enough information for debugging, you can use the platform's multiverse debugger to perfectly recreate the bug moment and inject commands (ex. Produce a core dump or attach GDB to generate thread dumps).
Follow these instructions to start a multiverse debugging session. The curl command will look like this:
curl --fail -u 'mongodb:<PASSWORD>' \
-X POST https://mongo.antithesis.com/api/v1/launch_experiment/launch_debugging \
-d '{"params": {
"antithesis.debugging.session_id":"<SESSION_ID>",
"antithesis.debugging.input_hash":"<INPUT_HASH>" ,
"antithesis.debugging.vtime":"<VTIME>",
"antithesis.report.recipients":"<YOUR_EMAIL@mongodb.com>"
}}'
Users can find the password in How-To: Investigate Antithesis BFs wiki. For any other questions, please reach out to lawrie.green@antithesis.com or zoe.park@antithesis.com directly on this ticket or in the ext-antithesis-mongodb channel in slack and they'll be happy to assist. (Note that the slack channel is private so you may need to request to be added)
Follow the Antithesis binaries to find both the archive_dist_test and archive_dist_test_debug Evergreen tasks which correspond to the “Failing Buildvariants” in the ticket and are essential when loading the core dump.
Link to the Antithesis Report
12818:[ 166.804] [ workload] [inf] [fsm_workload_test:update_inc_capped] ================================================================= 12819:[ 166.804] [ workload] [inf] [fsm_workload_test:update_inc_capped] ==571==ERROR: AddressSanitizer: heap-use-after-free on address 0x50c000103da0 at pc 0x7f73d9f79ff4 bp 0x7f73ac1f5150 sp 0x7f73ac1f5148 12820:[ 166.804] [ workload] [inf] [fsm_workload_test:update_inc_capped] READ of size 16 at 0x50c000103da0 thread T9 12821:[ 166.804] [ workload] [inf] [fsm_workload_test:update_inc_capped] #0 0x7f73d9f79ff3 in std::enable_if<__and_<std::__not_<std::__is_tuple_like<char const*> >, std::is_move_constructible<char const*>, std::is_move_assignable<char const*> >::value, void>::type std::swap<char const*>(char const*&, char const*&) external/mongo_toolchain_v5/stow/gcc-v5/include/c++/14.2.0/bits/move.h:221:19 12822:[ 166.804] [ workload] [inf] [fsm_workload_test:update_inc_capped] #1 0x7f73d9f79ff3 in mongo::BSONObj::swap(mongo::BSONObj&) src/mongo/bson/bsonobj.h:203:9 12823:[ 166.804] [ workload] [inf] [fsm_workload_test:update_inc_capped] #2 0x7f73d9f79ff3 in mongo::BSONObj::operator=(mongo::BSONObj) src/mongo/bson/bsonobj.h:194:15 12824:[ 166.804] [ workload] [inf] [fsm_workload_test:update_inc_capped] #3 0x7f73d9f79ff3 in mongo::mozjs::JSThreadConfig::JSThread::run(void*) ./src/mongo/scripting/mozjs/jsthread.cpp:230:49 12825:[ 166.804] [ workload] [inf] [fsm_workload_test:update_inc_capped] #4 0x7f73d9f7bc1a in void std::__invoke_impl<void, void (*)(void*), mongo::mozjs::JSThreadConfig::JSThread*>(std::__invoke_other, void (*&&)(void*), mongo::mozjs::JSThreadConfig::JSThread*&&) external/mongo_toolchain_v5/stow/gcc-v5/include/c++/14.2.0/bits/invoke.h:61:14 12826:[ 166.804] [ workload] [inf] [fsm_workload_test:update_inc_capped] #5 0x7f73d9f7bc1a in std::__invoke_result<void (*)(void*), mongo::mozjs::JSThreadConfig::JSThread*>::type std::__invoke<void (*)(void*), mongo::mozjs::JSThreadConfig::JSThread*>(void (*&&)(void*), mongo::mozjs::JSThreadConfig::JSThread*&&) external/mongo_toolchain_v5/stow/gcc-v5/include/c++/14.2.0/bits/invoke.h:96:14 12827:[ 166.804] [ workload] [inf] [fsm_workload_test:update_inc_capped] #6 0x7f73d9f7bc1a in decltype(auto) std::__apply_impl<void (*)(void*), std::tuple<mongo::mozjs::JSThreadConfig::JSThread*>, 0ul>(void (*&&)(void*), std::tuple<mongo::mozjs::JSThreadConfig::JSThread*>&&, std::integer_sequence<unsigned long, 0ul>) external/mongo_toolchain_v5/stow/gcc-v5/include/c++/14.2.0/tuple:2921:14 12828:[ 166.804] [ workload] [inf] [fsm_workload_test:update_inc_capped] #7 0x7f73d9f7bc1a in decltype(auto) std::apply<void (*)(void*), std::tuple<mongo::mozjs::JSThreadConfig::JSThread*> >(void (*&&)(void*), std::tuple<mongo::mozjs::JSThreadConfig::JSThread*>&&) external/mongo_toolchain_v5/stow/gcc-v5/include/c++/14.2.0/tuple:2936:14 12829:[ 166.804] [ workload] [inf] [fsm_workload_test:update_inc_capped] #8 0x7f73d9f7bc1a in _ZZN5mongo4stdx6threadC1IPFvPvEJPNS_5mozjs14JSThreadConfig8JSThreadEETnNSt9enable_ifIXntsr3stdE9is_same_vIS1_NSt5decayIT_E4typeEEEiE4typeELi0EEESC_DpOT0_ENUlvE_clEv src/mongo/stdx/thread.h:197:26 12830:[ 166.804] [ workload] [inf] [fsm_workload_test:update_inc_capped] #9 0x7f73c4df0f73 in execute_native_thread_routine (/usr/bin/../lib/libabsl_base.so+0xff73) (BuildId: 025dc2d1441466e6217869bdda57df073b09f099) 12831:[ 166.804] [ workload] [inf] [fsm_workload_test:update_inc_capped] #10 0x563a3d34e4f6 in asan_thread_start(void*) /data/mci/a0968bc47022ff3739483c0d3cbbeb89/toolchain-builder/tmp/build-llvm-v5.sh-bww/llvm-project-llvmorg/compiler-rt/lib/asan/asan_interceptors.cpp:239:28 12832:[ 166.804] [ workload] [inf] [fsm_workload_test:update_inc_capped] #11 0x7f73bb640ac2 in start_thread nptl/./nptl/pthread_create.c:442:8 12833:[ 166.804] [ workload] [inf] [fsm_workload_test:update_inc_capped] #12 0x7f73bb6d1a73 in clone misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:100 12834:[ 166.804] [ workload] [inf] [fsm_workload_test:update_inc_capped] 12835:[ 166.804] [ workload] [inf] [fsm_workload_test:update_inc_capped] 0x50c000103da0 is located 32 bytes inside of 128-byte region [0x50c000103d80,0x50c000103e00) 12836:[ 166.804] [ workload] [inf] [fsm_workload_test:update_inc_capped] freed by thread T4 here:
- is duplicated by
-
-
- Closed
-