After a rollback, a node's replication progress could be behind where other nodes believe it to be, because the writeConcern code does not have support for replication progress being undone. As a result of this, getLastError for ops that occurred between the point of diversion and the latestOp for the rolled-back node could be satisfied with one too few nodes.

No test has been written for this case yet. But I believe one could be written that is a copy of replsets/rollback2.js where each node is replaced with a pair of nodes, and one of the to-be-rolled-back nodes does not apply operations it has copied from the PRIMARY (failpoint: rsSyncApplyStop), once they have been isolated. This node will have the replication progress of the to-be-rolled-back PRIMARY, but will not have the ops in its own oplog. Remove the PRIMARY, bring back the two not-going-to-roll-back nodes, wait for them to receive the replication progress of the to-be-rolled-back PRIMARY, then remove the other to-be-rolled-back node. After a new PRIMARY is elected, do one new write. We should then be able to erroneously satisfy writeConcern w:3 for any optime between the point of divergence and the to-be-rolled-back nodes' last optime.