Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-15677

Address sanitizer heap use after free bug in repl_coordinator_impl_reconfig_test

XMLWordPrintableJSON

    • Fully Compatible
    • ALL
    • Hide

      Run the test under address sanitizer.

      Show
      Run the test under address sanitizer. 

      =================================================================
==1981==ERROR: AddressSanitizer: heap-use-after-free on address 0x611000002840 at pc 0x7d61ae bp 0x7ff34b91c970 sp 0x7ff34b91c968
READ of size 8 at 0x611000002840 thread T28
    #0 0x7d61ad in mongo::repl::ReplicationCoordinatorImpl::_heartbeatReconfigStore(mongo::repl::ReplicaSetConfig const&) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/repl/repl_coordinator_impl_heartbeat.cpp:305
    #1 0xab6e94 in boost::(anonymous namespace)::thread_proxy(void*) /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/boost/libs/thread/src/pthread/thread.cpp:121
    #2 0x7ff350ae9181 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8181)
    #3 0x7ff34f8c9fbc (/lib/x86_64-linux-gnu/libc.so.6+0xfafbc)

0x611000002840 is located 0 bytes inside of 256-byte region [0x611000002840,0x611000002940)
freed by thread T0 here:
    #0 0x55d009 in operator delete(void*) (/home/andrew/Documents/10gen/dev/src/mongodb/build/cached/mongo/db/repl/repl_coordinator_impl_reconfig_test+0x55d009)
    #1 0x77fccc in void boost::checked_delete<mongo::repl::ReplicationCoordinatorExternalState>(mongo::repl::ReplicationCoordinatorExternalState*) /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/boost/boost/checked_delete.hpp:39
    #2 0x77fccc in ~scoped_ptr /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/boost/boost/smart_ptr/scoped_ptr.hpp:80
    #3 0x77fccc in mongo::repl::ReplicationCoordinatorImpl::~ReplicationCoordinatorImpl() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/repl/repl_coordinator_impl.cpp:160
    #4 0x77f98d in mongo::repl::ReplicationCoordinatorImpl::~ReplicationCoordinatorImpl() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/repl/repl_coordinator_impl.cpp:160
    #5 0x7dee14 in void boost::checked_delete<mongo::repl::ReplicationCoordinatorImpl>(mongo::repl::ReplicationCoordinatorImpl*) /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/boost/boost/checked_delete.hpp:39
    #6 0x7dee14 in ~scoped_ptr /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/boost/boost/smart_ptr/scoped_ptr.hpp:80
    #7 0x7dee14 in mongo::repl::ReplCoordTest::~ReplCoordTest() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/repl/repl_coordinator_test_fixture.cpp:63
    #8 0x5728e2 in void mongo::unittest::Suite::runTestObject<mongo::repl::(anonymous namespace)::UnitTest__ReplCoordTest__ReconfigDuringHBReconfigFails>() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.h:368
    #9 0x8dc3ef in std::__1::function<void ()>::operator()() const /usr/include/c++/v1/functional:1755
    #10 0x8dc3ef in mongo::unittest::TestHolder::run() const /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.h:238
    #11 0x8dc3ef in mongo::unittest::Suite::run(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, int) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.cpp:224
    #12 0x8e17b7 in mongo::unittest::Suite::run(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, int) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.cpp:289
    #13 0x8ec3f7 in main /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest_main.cpp:40
    #14 0x7ff34f7f0ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)

previously allocated by thread T0 here:
    #0 0x55cd09 in operator new(unsigned long) (/home/andrew/Documents/10gen/dev/src/mongodb/build/cached/mongo/db/repl/repl_coordinator_impl_reconfig_test+0x55cd09)
    #1 0x7df35a in mongo::repl::ReplCoordTest::init() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/repl/repl_coordinator_test_fixture.cpp:99
    #2 0x7dfb05 in mongo::repl::ReplCoordTest::start(mongo::BSONObj const&, mongo::HostAndPort const&) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/repl/repl_coordinator_test_fixture.cpp:132
    #3 0x7e00bb in mongo::repl::ReplCoordTest::assertStart(mongo::repl::ReplicationCoordinator::Mode, mongo::BSONObj const&, mongo::HostAndPort const&) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/repl/repl_coordinator_test_fixture.cpp:151
    #4 0x574903 in mongo::repl::(anonymous namespace)::UnitTest__ReplCoordTest__ReconfigDuringHBReconfigFails::_doTest() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/repl/repl_coordinator_impl_reconfig_test.cpp:398
    #5 0x8d8ce4 in mongo::unittest::Test::run() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.cpp:133
    #6 0x5728da in void mongo::unittest::Suite::runTestObject<mongo::repl::(anonymous namespace)::UnitTest__ReplCoordTest__ReconfigDuringHBReconfigFails>() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.h:367
    #7 0x8dc3ef in std::__1::function<void ()>::operator()() const /usr/include/c++/v1/functional:1755
    #8 0x8dc3ef in mongo::unittest::TestHolder::run() const /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.h:238
    #9 0x8dc3ef in mongo::unittest::Suite::run(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, int) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.cpp:224

            Assignee:
            spencer@mongodb.com Spencer Brody (Inactive)
            Reporter:
            andrew.morrow@mongodb.com Andrew Morrow (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: