[CDRIVER-1445] /BulkOperation/error/insert/hangup/single/v1 use-after-free Created: 03/Aug/16  Updated: 10/Aug/16  Resolved: 10/Aug/16

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: None
Fix Version/s: 1.4.0

Type: Bug Priority: Major - P3
Reporter: Hannes Magnusson Assignee: Hannes Magnusson
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to CDRIVER-1438 /BulkOperation/error/insert/hangup/po... Closed

 Description   

https://evergreen.mongodb.com/task/mongo_c_driver_os_x_1010_64_nossl_integration_test_2.6_replica_set_no_auth_98713feddcc334e667c0f7a0cff82c4f5a900dcd_16_08_02_14_27_04

[2016/08/02 07:39:51.878] Begin /BulkOperation/error/insert/hangup/single/v1
[2016/08/02 07:39:51.900] test-libmongoc(63494,0x10dd05000) malloc: *** error for object 0x7fcb70e00000: incorrect checksum for freed object - object was probably modified after being freed.
[2016/08/02 07:39:51.900] *** set a breakpoint in malloc_error_break to debug
[2016/08/02 07:39:52.128]     { "status": "FAIL", "test_file": "/BulkOperation/error/insert/hangup/single/v1", "seed": "3836733313", "start": 10695464.895452188, "end": 10695465.145489640, "elapsed": 0.250037452 },



 Comments   
Comment by Hannes Magnusson [ 10/Aug/16 ]

This the crash is in the mockserver, I don't think this was ever a real bug in the driver.

I can no longer repro this, so closing

Comment by Hannes Magnusson [ 10/Aug/16 ]

I've been running those tests now for ~an hour, and can't repro.
This might have been caused by the mockserevr changes we reverted few days ago

Comment by Hannes Magnusson [ 05/Aug/16 ]

(lldb) bt all
* thread #1: tid = 0x0000, 0x00007fff9583610a libsystem_kernel.dylib`__semwait_signal + 10, stop reason = signal SIGSTOP
  * frame #0: 0x00007fff9583610a libsystem_kernel.dylib`__semwait_signal + 10
    frame #1: 0x00007fff9932bd0f libsystem_c.dylib`nanosleep + 199
    frame #2: 0x00007fff9932bc02 libsystem_c.dylib`usleep + 54
    frame #3: 0x000000010bb88cd6 test-libmongoc`_mongoc_usleep(usec=1000) + 118 at mongoc-util.c:61
    frame #4: 0x000000010bacf5ac test-libmongoc`mock_server_destroy(server=0x00007fb8a8c16cc0) + 188 at mock-server.c:1426
    frame #5: 0x000000010bad7677 test-libmongoc`_test_legacy_write_err(ctx=0x000000010bbba710) + 2743 at test-bulk.c:2803
    frame #6: 0x000000010bb41190 test-libmongoc`TestSuite_RunTest(suite=0x00007fff54139780, test=0x00007fb8a8d02710, count=0x00007fff5413966c) + 320 at TestSuite.c:512
    frame #7: 0x000000010bb40c55 test-libmongoc`TestSuite_RunNamed(suite=0x00007fff54139780, testname="/BulkOperation/error/insert/hangup/*") + 597 at TestSuite.c:801
    frame #8: 0x000000010bb4052a test-libmongoc`TestSuite_Run(suite=0x00007fff54139780) + 186 at TestSuite.c:837
    frame #9: 0x000000010bad5cd8 test-libmongoc`main(argc=6, argv=0x00007fff541397e0) + 600 at test-libmongoc.c:1802
    frame #10: 0x00007fff947e85ad libdyld.dylib`start + 1
 
  thread #2: tid = 0x0001, 0x00007fff95835f06 libsystem_kernel.dylib`__pthread_kill + 10, stop reason = signal SIGSTOP
    frame #0: 0x00007fff95835f06 libsystem_kernel.dylib`__pthread_kill + 10
    frame #1: 0x00007fff882394ec libsystem_pthread.dylib`pthread_kill + 90
    frame #2: 0x00007fff9930a6df libsystem_c.dylib`abort + 129
    frame #3: 0x00007fff86d36396 libsystem_malloc.dylib`szone_error + 626
    frame #4: 0x00007fff86d2c5f4 libsystem_malloc.dylib`tiny_free_list_remove_ptr + 289
    frame #5: 0x00007fff86d2a946 libsystem_malloc.dylib`szone_free_definite_size + 1480
    frame #6: 0x000000010bc33284 libbson-1.0.0.dylib`bson_free + 36
    frame #7: 0x000000010bb45d53 test-libmongoc`_mongoc_array_destroy(array=0x0000700000080e98) + 51 at mongoc-array.c:69
    frame #8: 0x000000010bb45ca9 test-libmongoc`_mongoc_array_copy(dst=0x0000700000080e98, src=0x00007fb8a8c16d70) + 25 at mongoc-array.c:55
    frame #9: 0x000000010bacdc64 test-libmongoc`main_thread(data=0x00007fb8a8c16cc0) + 676 at mock-server.c:1564
    frame #10: 0x00007fff8823699d libsystem_pthread.dylib`_pthread_body + 131
    frame #11: 0x00007fff8823691a libsystem_pthread.dylib`_pthread_start + 168
    frame #12: 0x00007fff88234351 libsystem_pthread.dylib`thread_start + 13
 
  thread #3: tid = 0x0002, 0x00007fff95835de6 libsystem_kernel.dylib`__psynch_mutexwait + 10, stop reason = signal SIGSTOP
    frame #0: 0x00007fff95835de6 libsystem_kernel.dylib`__psynch_mutexwait + 10
    frame #1: 0x00007fff88236e4a libsystem_pthread.dylib`_pthread_mutex_lock_wait + 89
    frame #2: 0x000000010bacf97b test-libmongoc`worker_thread(data=0x00007fb8a8d151a0) + 507 at mock-server.c:1631
    frame #3: 0x00007fff8823699d libsystem_pthread.dylib`_pthread_body + 131
    frame #4: 0x00007fff8823691a libsystem_pthread.dylib`_pthread_start + 168
    frame #5: 0x00007fff88234351 libsystem_pthread.dylib`thread_start + 13

Generated at Wed Feb 07 21:12:34 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.