Details
-
Bug
-
Resolution: Done
-
Major - P3
-
2.7.7
-
ALL
Description
Output from address sanitizer:
==18019==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000046930 at pc 0x1012aba67 bp 0x7fff5fbfa350 sp 0x7fff5fbfa348
|
READ of size 8 at 0x603000046930 thread T0
|
==18019==WARNING: Trying to symbolize code, but external symbolizer is not initialized!
|
#0 0x1012aba66 in mongo::newlm::ResourceId::operator== const resource_id.h:81
|
#1 0x1012ab5ab in std::equal_to<mongo::newlm::ResourceId>::operator const stl_function.h:200
|
#2 0x1012e1cb4 in std::tr1::__detail::_Hash_code_base<mongo::newlm::ResourceId, std::pair<mongo::newlm::ResourceId const, mongo::newlm::LockRequest*>, std::_Select1st<std::pair<mongo::newlm::ResourceId const, mongo::newlm::LockRequest*> >, std::equal_to<mongo::newlm::ResourceId>, std::tr1::hash<mongo::newlm::ResourceId>, std::tr1::__detail::_Mod_range_hashing, std::tr1::__detail::_Default_ranged_hash, false>::_M_compare const hashtable_policy.h:805
|
#3 0x1012df876 in std::tr1::_Hashtable<mongo::newlm::ResourceId, std::pair<mongo::newlm::ResourceId const, mongo::newlm::LockRequest*>, std::allocator<std::pair<mongo::newlm::ResourceId const, mongo::newlm::LockRequest*> >, std::_Select1st<std::pair<mongo::newlm::ResourceId const, mongo::newlm::LockRequest*> >, std::equal_to<mongo::newlm::ResourceId>, std::tr1::hash<mongo::newlm::ResourceId>, std::tr1::__detail::_Mod_range_hashing, std::tr1::__detail::_Default_ranged_hash, std::tr1::__detail::_Prime_rehash_policy, false, false, true>::erase hashtable:1067
|
#4 0x1012c3d51 in mongo::newlm::LockerImpl::_unlockAndUpdateRequestsList lock_state.cpp:686
|
#5 0x1012c46b5 in mongo::newlm::LockerImpl::unlock lock_state.cpp:540
|
#6 0x1012c12e7 in mongo::newlm::LockerImpl::unlockAll lock_state.cpp:397
|
#7 0x1012127ec in mongo::Lock::DBLock::unlockDB d_concurrency.cpp:276
|
#8 0x10121223f in mongo::Lock::DBLock::~DBLock d_concurrency.cpp:253
|
#9 0x101211ff2 in mongo::Lock::DBLock::~DBLock d_concurrency.cpp:252
|
#10 0x100cf59a0 in mongo::AutoGetCollectionForRead::~AutoGetCollectionForRead client.cpp:257
|
#11 0x100cf5292 in mongo::AutoGetCollectionForRead::~AutoGetCollectionForRead client.cpp:248
|
#12 0x1008e3316 in mongo::AuthzManagerExternalStateMongod::findOne authz_manager_external_state_d.cpp:91
|
#13 0x1008f2071 in mongo::AuthzManagerExternalStateLocal::getStoredAuthorizationVersion authz_manager_external_state_local.cpp:66
|
#14 0x1008323f1 in mongo::AuthorizationManager::getAuthorizationVersion authorization_manager.cpp:271
|
#15 0x100829ac7 in mongo::authindex::configureSystemIndexes auth_index_d.cpp:77
|
#16 0x1000068e8 in mongo::_initAndListen db.cpp:537
|
#17 0x100001b24 in mongo::initAndListen db.cpp:580
|
#18 0x100009071 in mongoDbMain db.cpp:816
|
#19 0x100007e8d in main db.cpp:629
|
#20 0x1000017d3 in start (in mongod) + 51
|
#21 0x2 in 0x00000002 (in mongod)
|
|
|
0x603000046930 is located 0 bytes inside of 32-byte region [0x603000046930,0x603000046950)
|
freed by thread T0 here:
|
#0 0x10e150563 in wrap_free (in libclang_rt.asan_osx_dynamic.dylib) + 115
|
#1 0x1012e2883 in __gnu_cxx::new_allocator<std::tr1::__detail::_Hash_node<std::pair<mongo::newlm::ResourceId const, mongo::newlm::LockRequest*>, false> >::deallocate new_allocator.h:97
|
#2 0x1012e203a in std::tr1::_Hashtable<mongo::newlm::ResourceId, std::pair<mongo::newlm::ResourceId const, mongo::newlm::LockRequest*>, std::allocator<std::pair<mongo::newlm::ResourceId const, mongo::newlm::LockRequest*> >, std::_Select1st<std::pair<mongo::newlm::ResourceId const, mongo::newlm::LockRequest*> >, std::equal_to<mongo::newlm::ResourceId>, std::tr1::hash<mongo::newlm::ResourceId>, std::tr1::__detail::_Mod_range_hashing, std::tr1::__detail::_Default_ranged_hash, std::tr1::__detail::_Prime_rehash_policy, false, false, true>::_M_deallocate_node hashtable:476
|
#3 0x1012df9dc in std::tr1::_Hashtable<mongo::newlm::ResourceId, std::pair<mongo::newlm::ResourceId const, mongo::newlm::LockRequest*>, std::allocator<std::pair<mongo::newlm::ResourceId const, mongo::newlm::LockRequest*> >, std::_Select1st<std::pair<mongo::newlm::ResourceId const, mongo::newlm::LockRequest*> >, std::equal_to<mongo::newlm::ResourceId>, std::tr1::hash<mongo::newlm::ResourceId>, std::tr1::__detail::_Mod_range_hashing, std::tr1::__detail::_Default_ranged_hash, std::tr1::__detail::_Prime_rehash_policy, false, false, true>::erase hashtable:1071
|
#4 0x1012c3d51 in mongo::newlm::LockerImpl::_unlockAndUpdateRequestsList lock_state.cpp:686
|
#5 0x1012c46b5 in mongo::newlm::LockerImpl::unlock lock_state.cpp:540
|
#6 0x1012c12e7 in mongo::newlm::LockerImpl::unlockAll lock_state.cpp:397
|
#7 0x1012127ec in mongo::Lock::DBLock::unlockDB d_concurrency.cpp:276
|
#8 0x10121223f in mongo::Lock::DBLock::~DBLock d_concurrency.cpp:253
|
#9 0x101211ff2 in mongo::Lock::DBLock::~DBLock d_concurrency.cpp:252
|
#10 0x100cf59a0 in mongo::AutoGetCollectionForRead::~AutoGetCollectionForRead client.cpp:257
|
#11 0x100cf5292 in mongo::AutoGetCollectionForRead::~AutoGetCollectionForRead client.cpp:248
|
#12 0x1008e3316 in mongo::AuthzManagerExternalStateMongod::findOne authz_manager_external_state_d.cpp:91
|
#13 0x1008f2071 in mongo::AuthzManagerExternalStateLocal::getStoredAuthorizationVersion authz_manager_external_state_local.cpp:66
|
#14 0x1008323f1 in mongo::AuthorizationManager::getAuthorizationVersion authorization_manager.cpp:271
|
#15 0x100829ac7 in mongo::authindex::configureSystemIndexes auth_index_d.cpp:77
|
#16 0x1000068e8 in mongo::_initAndListen db.cpp:537
|
#17 0x100001b24 in mongo::initAndListen db.cpp:580
|
#18 0x100009071 in mongoDbMain db.cpp:816
|
#19 0x100007e8d in main db.cpp:629
|
#20 0x1000017d3 in start (in mongod) + 51
|
#21 0x2 in 0x00000002 (in mongod)
|
|
|
previously allocated by thread T0 here:
|
#0 0x10e150495 in wrap_malloc (in libclang_rt.asan_osx_dynamic.dylib) + 117
|
#1 0x7fff8ddde36d in operator new(unsigned long) (in libc++abi.dylib) + 29
|
#2 0x1012fe6f0 in __gnu_cxx::new_allocator<std::tr1::__detail::_Hash_node<std::pair<mongo::newlm::ResourceId const, mongo::newlm::LockRequest*>, false> >::allocate new_allocator.h:91
|
#3 0x1012f98aa in std::tr1::_Hashtable<mongo::newlm::ResourceId, std::pair<mongo::newlm::ResourceId const, mongo::newlm::LockRequest*>, std::allocator<std::pair<mongo::newlm::ResourceId const, mongo::newlm::LockRequest*> >, std::_Select1st<std::pair<mongo::newlm::ResourceId const, mongo::newlm::LockRequest*> >, std::equal_to<mongo::newlm::ResourceId>, std::tr1::hash<mongo::newlm::ResourceId>, std::tr1::__detail::_Mod_range_hashing, std::tr1::__detail::_Default_ranged_hash, std::tr1::__detail::_Prime_rehash_policy, false, false, true>::_M_allocate_node hashtable:452
|
#4 0x1012f8b12 in std::tr1::_Hashtable<mongo::newlm::ResourceId, std::pair<mongo::newlm::ResourceId const, mongo::newlm::LockRequest*>, std::allocator<std::pair<mongo::newlm::ResourceId const, mongo::newlm::LockRequest*> >, std::_Select1st<std::pair<mongo::newlm::ResourceId const, mongo::newlm::LockRequest*> >, std::equal_to<mongo::newlm::ResourceId>, std::tr1::hash<mongo::newlm::ResourceId>, std::tr1::__detail::_Mod_range_hashing, std::tr1::__detail::_Default_ranged_hash, std::tr1::__detail::_Prime_rehash_policy, false, false, true>::_M_insert_bucket hashtable:877
|
#5 0x1012f7b77 in std::tr1::_Hashtable<mongo::newlm::ResourceId, std::pair<mongo::newlm::ResourceId const, mongo::newlm::LockRequest*>, std::allocator<std::pair<mongo::newlm::ResourceId const, mongo::newlm::LockRequest*> >, std::_Select1st<std::pair<mongo::newlm::ResourceId const, mongo::newlm::LockRequest*> >, std::equal_to<mongo::newlm::ResourceId>, std::tr1::hash<mongo::newlm::ResourceId>, std::tr1::__detail::_Mod_range_hashing, std::tr1::__detail::_Default_ranged_hash, std::tr1::__detail::_Prime_rehash_policy, false, false, true>::_M_insert hashtable:920
|
#6 0x1012dbfda in std::tr1::_Hashtable<mongo::newlm::ResourceId, std::pair<mongo::newlm::ResourceId const, mongo::newlm::LockRequest*>, std::allocator<std::pair<mongo::newlm::ResourceId const, mongo::newlm::LockRequest*> >, std::_Select1st<std::pair<mongo::newlm::ResourceId const, mongo::newlm::LockRequest*> >, std::equal_to<mongo::newlm::ResourceId>, std::tr1::hash<mongo::newlm::ResourceId>, std::tr1::__detail::_Mod_range_hashing, std::tr1::__detail::_Default_ranged_hash, std::tr1::__detail::_Prime_rehash_policy, false, false, true>::insert hashtable:398
|
#7 0x1012c2a63 in mongo::newlm::LockerImpl::lock lock_state.cpp:442
|
#8 0x100cf3d28 in mongo::AutoGetCollectionForRead::_init client.cpp:232
|
#9 0x100cf4e10 in mongo::AutoGetCollectionForRead::AutoGetCollectionForRead client.cpp:217
|
#10 0x100cf475b in mongo::AutoGetCollectionForRead::AutoGetCollectionForRead client.cpp:218
|
#11 0x1008e2a30 in mongo::AuthzManagerExternalStateMongod::findOne authz_manager_external_state_d.cpp:79
|
#12 0x1008f2071 in mongo::AuthzManagerExternalStateLocal::getStoredAuthorizationVersion authz_manager_external_state_local.cpp:66
|
#13 0x1008323f1 in mongo::AuthorizationManager::getAuthorizationVersion authorization_manager.cpp:271
|
#14 0x100829ac7 in mongo::authindex::configureSystemIndexes auth_index_d.cpp:77
|
#15 0x1000068e8 in mongo::_initAndListen db.cpp:537
|
#16 0x100001b24 in mongo::initAndListen db.cpp:580
|
#17 0x100009071 in mongoDbMain db.cpp:816
|
#18 0x100007e8d in main db.cpp:629
|
#19 0x1000017d3 in start (in mongod) + 51
|
#20 0x2 in 0x00000002 (in mongod)
|
|
|
SUMMARY: AddressSanitizer: heap-use-after-free ??:0 ??
|
Shadow bytes around the buggy address:
|
0x1c0600008cd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x1c0600008ce0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x1c0600008cf0: fa fa fa fa fa fa fa fa fa fa fa fa 00 00 00 fa
|
0x1c0600008d00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x1c0600008d10: fa fa fa fa 00 00 00 fa fa fa fd fd fd fd fa fa
|
=>0x1c0600008d20: 00 00 00 00 fa fa[fd]fd fd fd fa fa fd fd fd fd
|
0x1c0600008d30: fa fa 00 00 00 00 fa fa fd fd fd fd fa fa 00 00
|
0x1c0600008d40: 00 06 fa fa 00 00 00 fa fa fa 00 00 00 fa fa fa
|
0x1c0600008d50: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd
|
0x1c0600008d60: fa fa fd fd fd fd fa fa fd fd fd fd fa fa 00 00
|
0x1c0600008d70: 00 fa fa fa 00 00 00 fa fa fa fd fd fd fd fa fa
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Heap right redzone: fb
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack partial redzone: f4
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
ASan internal: fe
|
==18019==ABORTING
|