[SERVER-15677] Address sanitizer heap use after free bug in repl_coordinator_impl_reconfig_test Created: 15/Oct/14  Updated: 25/Oct/14  Resolved: 20/Oct/14

Status: Closed
Project: Core Server
Component/s: Testing Infrastructure
Affects Version/s: None
Fix Version/s: 2.7.8

Type: Bug Priority: Major - P3
Reporter: Andrew Morrow (Inactive) Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: 28qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Steps To Reproduce:

Run the test under address sanitizer.

Participants:

 Description   

=================================================================
==1981==ERROR: AddressSanitizer: heap-use-after-free on address 0x611000002840 at pc 0x7d61ae bp 0x7ff34b91c970 sp 0x7ff34b91c968
READ of size 8 at 0x611000002840 thread T28
    #0 0x7d61ad in mongo::repl::ReplicationCoordinatorImpl::_heartbeatReconfigStore(mongo::repl::ReplicaSetConfig const&) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/repl/repl_coordinator_impl_heartbeat.cpp:305
    #1 0xab6e94 in boost::(anonymous namespace)::thread_proxy(void*) /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/boost/libs/thread/src/pthread/thread.cpp:121
    #2 0x7ff350ae9181 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8181)
    #3 0x7ff34f8c9fbc (/lib/x86_64-linux-gnu/libc.so.6+0xfafbc)
 
0x611000002840 is located 0 bytes inside of 256-byte region [0x611000002840,0x611000002940)
freed by thread T0 here:
    #0 0x55d009 in operator delete(void*) (/home/andrew/Documents/10gen/dev/src/mongodb/build/cached/mongo/db/repl/repl_coordinator_impl_reconfig_test+0x55d009)
    #1 0x77fccc in void boost::checked_delete<mongo::repl::ReplicationCoordinatorExternalState>(mongo::repl::ReplicationCoordinatorExternalState*) /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/boost/boost/checked_delete.hpp:39
    #2 0x77fccc in ~scoped_ptr /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/boost/boost/smart_ptr/scoped_ptr.hpp:80
    #3 0x77fccc in mongo::repl::ReplicationCoordinatorImpl::~ReplicationCoordinatorImpl() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/repl/repl_coordinator_impl.cpp:160
    #4 0x77f98d in mongo::repl::ReplicationCoordinatorImpl::~ReplicationCoordinatorImpl() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/repl/repl_coordinator_impl.cpp:160
    #5 0x7dee14 in void boost::checked_delete<mongo::repl::ReplicationCoordinatorImpl>(mongo::repl::ReplicationCoordinatorImpl*) /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/boost/boost/checked_delete.hpp:39
    #6 0x7dee14 in ~scoped_ptr /home/andrew/Documents/10gen/dev/src/mongodb/src/third_party/boost/boost/smart_ptr/scoped_ptr.hpp:80
    #7 0x7dee14 in mongo::repl::ReplCoordTest::~ReplCoordTest() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/repl/repl_coordinator_test_fixture.cpp:63
    #8 0x5728e2 in void mongo::unittest::Suite::runTestObject<mongo::repl::(anonymous namespace)::UnitTest__ReplCoordTest__ReconfigDuringHBReconfigFails>() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.h:368
    #9 0x8dc3ef in std::__1::function<void ()>::operator()() const /usr/include/c++/v1/functional:1755
    #10 0x8dc3ef in mongo::unittest::TestHolder::run() const /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.h:238
    #11 0x8dc3ef in mongo::unittest::Suite::run(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, int) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.cpp:224
    #12 0x8e17b7 in mongo::unittest::Suite::run(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, int) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.cpp:289
    #13 0x8ec3f7 in main /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest_main.cpp:40
    #14 0x7ff34f7f0ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
 
previously allocated by thread T0 here:
    #0 0x55cd09 in operator new(unsigned long) (/home/andrew/Documents/10gen/dev/src/mongodb/build/cached/mongo/db/repl/repl_coordinator_impl_reconfig_test+0x55cd09)
    #1 0x7df35a in mongo::repl::ReplCoordTest::init() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/repl/repl_coordinator_test_fixture.cpp:99
    #2 0x7dfb05 in mongo::repl::ReplCoordTest::start(mongo::BSONObj const&, mongo::HostAndPort const&) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/repl/repl_coordinator_test_fixture.cpp:132
    #3 0x7e00bb in mongo::repl::ReplCoordTest::assertStart(mongo::repl::ReplicationCoordinator::Mode, mongo::BSONObj const&, mongo::HostAndPort const&) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/repl/repl_coordinator_test_fixture.cpp:151
    #4 0x574903 in mongo::repl::(anonymous namespace)::UnitTest__ReplCoordTest__ReconfigDuringHBReconfigFails::_doTest() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/db/repl/repl_coordinator_impl_reconfig_test.cpp:398
    #5 0x8d8ce4 in mongo::unittest::Test::run() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.cpp:133
    #6 0x5728da in void mongo::unittest::Suite::runTestObject<mongo::repl::(anonymous namespace)::UnitTest__ReplCoordTest__ReconfigDuringHBReconfigFails>() /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.h:367
    #7 0x8dc3ef in std::__1::function<void ()>::operator()() const /usr/include/c++/v1/functional:1755
    #8 0x8dc3ef in mongo::unittest::TestHolder::run() const /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.h:238
    #9 0x8dc3ef in mongo::unittest::Suite::run(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, int) /home/andrew/Documents/10gen/dev/src/mongodb/src/mongo/unittest/unittest.cpp:224



 Comments   
Comment by Githook User [ 20/Oct/14 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@mongodb.com'}

Message: SERVER-15677 Make sure heartbeat reconfig thread is joined before shutting down
Branch: master
https://github.com/mongodb/mongo/commit/d119c7e78dd03714c4d8973d068a48e320eade18

Comment by Githook User [ 15/Oct/14 ]

Author:

{u'username': u'dannenberg', u'name': u'matt dannenberg', u'email': u'matt.dannenberg@10gen.com'}

Message: SERVER-15677 temporarily disable to test to allow ASAN builder to make some progress
Branch: master
https://github.com/mongodb/mongo/commit/b1c0b85c0857d3ceb945d061ea20ae7dc9740ffc

Generated at Thu Feb 08 03:38:39 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.