Using fragments in query sometimes results in double-free/SEGV sanitizer crashes. #357
Description
Version used: 4.5.8 (checked the diff for 4.5.9 and it's irrelevant)
For debug purposes I'm running the app with sanitizer on and I'm sometimes getting crashes for same query. Imagine following body (slightly formatted for readability):
{
"query": "fragment XFields on X {
irrelevant0
irrelevant1
sub0 {
irrelevant2
irrelevant3
}
sub1 {
irrelevant4
irrelevant5
}
}
query something($id: ID!) {something(sometingId: $id) {
A {
a0
ax {
...XFields
}
}
B {
b0
b1
bx {
...XFields
}
}
C {
...XFields
}
D {
...XFields
}
}
}",
"variables": {
"id": "whatever"
}
}
All irrelevant fields are ints, doubles or enums. I don't know if it matters, but A, B, C and D in the application code are returned as a std::future. Requesting any of A, B or C fields will fill all three; D is a separate task.
Doing this exact query, will result in sanitizer double-free attempt crash within few attempts (usually below 10). Here's example trace
==35122==ERROR: AddressSanitizer: attempting double-free on 0x5040008f95d0 in thread T457:
#0 0x7fffff1e65e8 in operator delete(void*, unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:164
#1 0x7ffffe20ad6d in graphql::service::SelectionVisitor::visitFragmentSpread(graphql::peg::ast_node const&) (/opt/ang/lib/libgraphqlservice.so+0x64d6d) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
#2 0x7ffffe20cd7d in graphql::service::Object::resolve(graphql::service::Object::resolve(graphql::service::SelectionSetParams const&, graphql::peg::ast_node const&, graphql::internal::sorted_map<std::basic_string_view<char, std::char_traits<char> >, graphql::service::Fragment, graphql::internal::shorter_or_less> const&, graphql::response::Value const&) const::_ZNK7graphql7service6Object7resolveERKNS0_18SelectionSetParamsERKNS_3peg8ast_nodeERKNS_8internal10sorted_mapISt17basic_string_viewIcSt11char_traitsIcEENS0_8FragmentENS9_15shorter_or_lessEEERKNS_8response5ValueE.Frame*) [clone .actor] (/opt/ang/lib/libgraphqlservice.so+0x66d7d) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
#3 0x7ffffe20d584 in graphql::service::Object::resolve(graphql::service::SelectionSetParams const&, graphql::peg::ast_node const&, graphql::internal::sorted_map<std::basic_string_view<char, std::char_traits<char> >, graphql::service::Fragment, graphql::internal::shorter_or_less> const&, graphql::response::Value const&) const (/opt/ang/lib/libgraphqlservice.so+0x67584) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
#4 0x7ffffe215103 in graphql::service::Result<graphql::service::Object>::convert(graphql::service::Result<graphql::service::Object>::convert(graphql::service::AwaitableObject<std::shared_ptr<graphql::service::Object const> >, graphql::service::ResolverParams&&)::_ZN7graphql7service6ResultINS0_6ObjectEE7convertENS0_15AwaitableObjectISt10shared_ptrIKS2_EEEONS0_14ResolverParamsE.Frame*) [clone .actor] (/opt/ang/lib/libgraphqlservice.so+0x6f103) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
#5 0x7ffffe2154c2 in graphql::service::Result<graphql::service::Object>::convert(graphql::service::AwaitableObject<std::shared_ptr<graphql::service::Object const> >, graphql::service::ResolverParams&&) (/opt/ang/lib/libgraphqlservice.so+0x6f4c2) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
#6 0x55555744c014 in convert /workspace/ext/cppgraphqlgen/include/graphqlservice/GraphQLService.h:1044
#7 0x555557450b6b in convert<> /workspace/ext/cppgraphqlgen/include/graphqlservice/GraphQLService.h:1029
#8 0x555557450b6b in graphql::mine::object::B::resolveX(graphql::service::ResolverParams&&) const graphql/schema/BObject.cpp:76
#9 0x555557451fc9 in operator() graphql/schema/BObject.cpp:42
#10 0x555557451fc9 in __invoke_impl<graphql::internal::Awaitable<graphql::service::ResolverResult>, graphql::mine::object::B::getResolvers() const::<lambda(graphql::service::ResolverParams&&)>&, graphql::service::ResolverParams> /usr/include/c++/13/bits/invoke.h:61
#11 0x555557451fc9 in __invoke_r<graphql::internal::Awaitable<graphql::service::ResolverResult>, graphql::mine::object::B::getResolvers() const::<lambda(graphql::service::ResolverParams&&)>&, graphql::service::ResolverParams> /usr/include/c++/13/bits/invoke.h:116
#12 0x555557451fc9 in _M_invoke /usr/include/c++/13/bits/std_function.h:291
#13 0x7ffffe209ed3 in graphql::service::SelectionVisitor::visitField(graphql::peg::ast_node const&) (/opt/ang/lib/libgraphqlservice.so+0x63ed3) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
#14 0x7ffffe20cd7d in graphql::service::Object::resolve(graphql::service::Object::resolve(graphql::service::SelectionSetParams const&, graphql::peg::ast_node const&, graphql::internal::sorted_map<std::basic_string_view<char, std::char_traits<char> >, graphql::service::Fragment, graphql::internal::shorter_or_less> const&, graphql::response::Value const&) const::_ZNK7graphql7service6Object7resolveERKNS0_18SelectionSetParamsERKNS_3peg8ast_nodeERKNS_8internal10sorted_mapISt17basic_string_viewIcSt11char_traitsIcEENS0_8FragmentENS9_15shorter_or_lessEEERKNS_8response5ValueE.Frame*) [clone .actor] (/opt/ang/lib/libgraphqlservice.so+0x66d7d) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
#15 0x7ffffe20d584 in graphql::service::Object::resolve(graphql::service::SelectionSetParams const&, graphql::peg::ast_node const&, graphql::internal::sorted_map<std::basic_string_view<char, std::char_traits<char> >, graphql::service::Fragment, graphql::internal::shorter_or_less> const&, graphql::response::Value const&) const (/opt/ang/lib/libgraphqlservice.so+0x67584) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
#16 0x7ffffe215103 in graphql::service::Result<graphql::service::Object>::convert(graphql::service::Result<graphql::service::Object>::convert(graphql::service::AwaitableObject<std::shared_ptr<graphql::service::Object const> >, graphql::service::ResolverParams&&)::_ZN7graphql7service6ResultINS0_6ObjectEE7convertENS0_15AwaitableObjectISt10shared_ptrIKS2_EEEONS0_14ResolverParamsE.Frame*) [clone .actor] (/opt/ang/lib/libgraphqlservice.so+0x6f103) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
#17 0x7ffffe2154c2 in graphql::service::Result<graphql::service::Object>::convert(graphql::service::AwaitableObject<std::shared_ptr<graphql::service::Object const> >, graphql::service::ResolverParams&&) (/opt/ang/lib/libgraphqlservice.so+0x6f4c2) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
#18 0x5555578fc981 in convert /workspace/ext/cppgraphqlgen/include/graphqlservice/GraphQLService.h:1044
#19 0x5555579004c4 in convert<> /workspace/ext/cppgraphqlgen/include/graphqlservice/GraphQLService.h:1029
#20 0x5555579004c4 in convert /workspace/ext/cppgraphqlgen/include/graphqlservice/GraphQLService.h:1182
#21 0x55555790d883 in std::__n4861::coroutine_handle<void>::resume() const /usr/include/c++/13/coroutine:135
#22 0x55555790d883 in graphql::service::AwaitableObject<std::vector<std::shared_ptr<graphql::mine::object::B>, std::allocator<std::shared_ptr<graphql::mine::object::B> > > >::await_suspend(std::__n4861::coroutine_handle<void>) const::{lambda(std::__n4861::coroutine_handle<void>)#1}::operator()(std::__n4861::coroutine_handle<void>) const /workspace/ext/cppgraphqlgen/include/graphqlservice/GraphQLService.h:515
#23 0x55555790d883 in void std::__invoke_impl<void, graphql::service::AwaitableObject<std::vector<std::shared_ptr<graphql::mine::object::B>, std::allocator<std::shared_ptr<graphql::mine::object::B> > > >::await_suspend(std::__n4861::coroutine_handle<void>) const::{lambda(std::__n4861::coroutine_handle<void>)#1}, std::__n4861::coroutine_handle<void> >(std::__invoke_other, graphql::service::AwaitableObject<std::vector<std::shared_ptr<graphql::mine::object::B>, std::allocator<std::shared_ptr<graphql::mine::object::B> > > >::await_suspend(std::__n4861::coroutine_handle<void>) const::{lambda(std::__n4861::coroutine_handle<void>)#1}&&, std::__n4861::coroutine_handle<void>&&) /usr/include/c++/13/bits/invoke.h:61
#24 0x55555790d883 in std::__invoke_result<graphql::service::AwaitableObject<std::vector<std::shared_ptr<graphql::mine::object::B>, std::allocator<std::shared_ptr<graphql::mine::object::B> > > >::await_suspend(std::__n4861::coroutine_handle<void>) const::{lambda(std::__n4861::coroutine_handle<void>)#1}, std::__n4861::coroutine_handle<void> >::type std::__invoke<graphql::service::AwaitableObject<std::vector<std::shared_ptr<graphql::mine::object::B>, std::allocator<std::shared_ptr<graphql::mine::object::B> > > >::await_suspend(std::__n4861::coroutine_handle<void>) const::{lambda(std::__n4861::coroutine_handle<void>)#1}, std::__n4861::coroutine_handle<void> >(graphql::service::AwaitableObject<std::vector<std::shared_ptr<graphql::mine::object::B>, std::allocator<std::shared_ptr<graphql::mine::object::B> > > >::await_suspend(std::__n4861::coroutine_handle<void>) const::{lambda(std::__n4861::coroutine_handle<void>)#1}&&, std::__n4861::coroutine_handle<void>&&) /usr/include/c++/13/bits/invoke.h:96
#25 0x55555790d883 in void std::thread::_Invoker<std::tuple<graphql::service::AwaitableObject<std::vector<std::shared_ptr<graphql::mine::object::B>, std::allocator<std::shared_ptr<graphql::mine::object::B> > > >::await_suspend(std::__n4861::coroutine_handle<void>) const::{lambda(std::__n4861::coroutine_handle<void>)#1}, std::__n4861::coroutine_handle<void> > >::_M_invoke<0ul, 1ul>(std::_Index_tuple<0ul, 1ul>) /usr/include/c++/13/bits/std_thread.h:292
#26 0x55555790d883 in std::thread::_Invoker<std::tuple<graphql::service::AwaitableObject<std::vector<std::shared_ptr<graphql::mine::object::B>, std::allocator<std::shared_ptr<graphql::mine::object::B> > > >::await_suspend(std::__n4861::coroutine_handle<void>) const::{lambda(std::__n4861::coroutine_handle<void>)#1}, std::__n4861::coroutine_handle<void> > >::operator()() /usr/include/c++/13/bits/std_thread.h:299
#27 0x55555790d883 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<graphql::service::AwaitableObject<std::vector<std::shared_ptr<graphql::mine::object::B>, std::allocator<std::shared_ptr<graphql::mine::object::B> > > >::await_suspend(std::__n4861::coroutine_handle<void>) const::{lambda(std::__n4861::coroutine_handle<void>)#1}, std::__n4861::coroutine_handle<void> > > >::_M_run() /usr/include/c++/13/bits/std_thread.h:244
#28 0x7ffffcae6db3 (/lib/x86_64-linux-gnu/libstdc++.so.6+0xecdb3) (BuildId: ca77dae775ec87540acd7218fa990c40d1c94ab1)
#29 0x7fffff145a41 in asan_thread_start ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
#30 0x7ffffc76baa3 (/lib/x86_64-linux-gnu/libc.so.6+0x9caa3) (BuildId: 42c84c92e6f98126b3e2230ebfdead22c235b667)
#31 0x7ffffc7f8a33 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x129a33) (BuildId: 42c84c92e6f98126b3e2230ebfdead22c235b667)
0x5040008f95d0 is located 0 bytes inside of 40-byte region [0x5040008f95d0,0x5040008f95f8)
freed by thread T456 here:
#0 0x7fffff1e65e8 in operator delete(void*, unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:164
#1 0x7ffffe20ad6d in graphql::service::SelectionVisitor::visitFragmentSpread(graphql::peg::ast_node const&) (/opt/ang/lib/libgraphqlservice.so+0x64d6d) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
previously allocated by thread T456 here:
#0 0x7fffff1e5548 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:95
#1 0x7ffffe1ff10b in graphql::service::SelectionVisitor::SelectionVisitor(graphql::service::SelectionSetParams const&, graphql::internal::sorted_map<std::basic_string_view<char, std::char_traits<char> >, graphql::service::Fragment, graphql::internal::shorter_or_less> const&, graphql::response::Value const&, graphql::internal::sorted_set<std::basic_string_view<char, std::char_traits<char> >, graphql::internal::shorter_or_less> const&, graphql::internal::sorted_map<std::basic_string_view<char, std::char_traits<char> >, std::function<graphql::internal::Awaitable<graphql::service::ResolverResult> (graphql::service::ResolverParams&&)>, graphql::internal::shorter_or_less> const&, unsigned long) (/opt/ang/lib/libgraphqlservice.so+0x5910b) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
Thread T457 created by T8 here:
#0 0x7fffff1dc1f9 in pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:245
#1 0x7ffffcae6eb0 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/lib/x86_64-linux-gnu/libstdc++.so.6+0xeceb0) (BuildId: ca77dae775ec87540acd7218fa990c40d1c94ab1)
#2 0x5555578fec91 in std::thread::thread<graphql::service::AwaitableObject<std::vector<std::shared_ptr<graphql::mine::object::B>, std::allocator<std::shared_ptr<graphql::mine::object::B> > > >::await_suspend(std::__n4861::coroutine_handle<void>) const::{lambda(std::__n4861::coroutine_handle<void>)#1}, std::__n4861::coroutine_handle<void>, void>(graphql::service::AwaitableObject<std::vector<std::shared_ptr<graphql::mine::object::B>, std::allocator<std::shared_ptr<graphql::mine::object::B> > > >::await_suspend(std::__n4861::coroutine_handle<void>) const::{lambda(std::__n4861::coroutine_handle<void>)#1}&&, std::__n4861::coroutine_handle<void>&&) /usr/include/c++/13/bits/std_thread.h:164
#3 0x5555578fec91 in graphql::service::AwaitableObject<std::vector<std::shared_ptr<graphql::mine::object::B>, std::allocator<std::shared_ptr<graphql::mine::object::B> > > >::await_suspend(std::__n4861::coroutine_handle<void>) const /workspace/ext/cppgraphqlgen/include/graphqlservice/GraphQLService.h:512
#4 0x5555578fec91 in convert /workspace/ext/cppgraphqlgen/include/graphqlservice/GraphQLService.h:1156
#5 0x555557904663 in convert<(graphql::service::TypeModifier)2> /workspace/ext/cppgraphqlgen/include/graphqlservice/GraphQLService.h:1131
#6 0x555557904663 in graphql::mine::object::Something::resolveB(graphql::service::ResolverParams&&) const graphql/schema/SomethingObject.cpp:79
#7 0x55555790558f in operator() graphql/schema/SomethingObject.cpp:44
#8 0x55555790558f in __invoke_impl<graphql::internal::Awaitable<graphql::service::ResolverResult>, graphql::mine::object::Something::getResolvers() const::<lambda(graphql::service::ResolverParams&&)>&, graphql::service::ResolverParams> /usr/include/c++/13/bits/invoke.h:61
#9 0x55555790558f in __invoke_r<graphql::internal::Awaitable<graphql::service::ResolverResult>, graphql::mine::object::Something::getResolvers() const::<lambda(graphql::service::ResolverParams&&)>&, graphql::service::ResolverParams> /usr/include/c++/13/bits/invoke.h:116
#10 0x55555790558f in _M_invoke /usr/include/c++/13/bits/std_function.h:291
#11 0x7ffffe209ed3 in graphql::service::SelectionVisitor::visitField(graphql::peg::ast_node const&) (/opt/ang/lib/libgraphqlservice.so+0x63ed3) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
#12 0x7ffffe20cd7d in graphql::service::Object::resolve(graphql::service::Object::resolve(graphql::service::SelectionSetParams const&, graphql::peg::ast_node const&, graphql::internal::sorted_map<std::basic_string_view<char, std::char_traits<char> >, graphql::service::Fragment, graphql::internal::shorter_or_less> const&, graphql::response::Value const&) const::_ZNK7graphql7service6Object7resolveERKNS0_18SelectionSetParamsERKNS_3peg8ast_nodeERKNS_8internal10sorted_mapISt17basic_string_viewIcSt11char_traitsIcEENS0_8FragmentENS9_15shorter_or_lessEEERKNS_8response5ValueE.Frame*) [clone .actor] (/opt/ang/lib/libgraphqlservice.so+0x66d7d) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
#13 0x7ffffe20d584 in graphql::service::Object::resolve(graphql::service::SelectionSetParams const&, graphql::peg::ast_node const&, graphql::internal::sorted_map<std::basic_string_view<char, std::char_traits<char> >, graphql::service::Fragment, graphql::internal::shorter_or_less> const&, graphql::response::Value const&) const (/opt/ang/lib/libgraphqlservice.so+0x67584) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
Thread T8 created by T0 here:
#0 0x7fffff1dc1f9 in pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:245
#1 0x7ffffeeb44cc in boost::thread::start_thread_noexcept() (/opt/ang/lib/libboost_thread.so.1.74.0+0xb4cc) (BuildId: 177c1f92b69dd0927e120cc5771e5e3f2c37a3b1)
#2 0x555555712473 in boost::thread* boost::thread_group::create_thread<boost::_bi::bind_t<void, boost::_mfi::mf0<void, ANG::mpi::detail::shared_io_service_impl>, boost::_bi::list1<boost::_bi::value<ANG::mpi::detail::shared_io_service_impl*> > > >(boost::_bi::bind_t<void, boost::_mfi::mf0<void, ANG::mpi::detail::shared_io_service_impl>, boost::_bi::list1<boost::_bi::value<ANG::mpi::detail::shared_io_service_impl*> > >) /workspace/ext/boost/include/boost/thread/detail/thread_group.hpp:79
#3 0x555555712473 in ANG::mpi::detail::shared_io_service_impl::run() /workspace/base/mpi/src/./detail/shared_io_service_impl.h:50
#4 0x5555556e3da7 in ANG::mpi::basic_task_scheduler<ANG::mpi::detail::shared_io_service_impl>::run() /workspace/base/mpi/src/task_scheduler.h:47
#5 0x5555556e3da7 in main service/mine_ui_backend.cpp:245
#6 0x7ffffc6f91c9 (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 42c84c92e6f98126b3e2230ebfdead22c235b667)
#7 0x7ffffc6f928a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 42c84c92e6f98126b3e2230ebfdead22c235b667)
#8 0x5555556de254 in _start (/workspace/apps/mine_ui_backend/bin/mine_ui_backend+0x18a254) (BuildId: 434d9bebd96445aacc025f45c8ba71d5fa3c8882)
Thread T456 created by T8 here:
#0 0x7fffff1dc1f9 in pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:245
#1 0x7ffffcae6eb0 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/lib/x86_64-linux-gnu/libstdc++.so.6+0xeceb0) (BuildId: ca77dae775ec87540acd7218fa990c40d1c94ab1)
#2 0x5555578f5793 in std::thread::thread<graphql::service::AwaitableObject<std::vector<std::shared_ptr<graphql::mine::object::A>, std::allocator<std::shared_ptr<graphql::mine::object::A> > > >::await_suspend(std::__n4861::coroutine_handle<void>) const::{lambda(std::__n4861::coroutine_handle<void>)#1}, std::__n4861::coroutine_handle<void>, void>(graphql::service::AwaitableObject<std::vector<std::shared_ptr<graphql::mine::object::A>, std::allocator<std::shared_ptr<graphql::mine::object::A> > > >::await_suspend(std::__n4861::coroutine_handle<void>) const::{lambda(std::__n4861::coroutine_handle<void>)#1}&&, std::__n4861::coroutine_handle<void>&&) /usr/include/c++/13/bits/std_thread.h:164
#3 0x5555578f5793 in graphql::service::AwaitableObject<std::vector<std::shared_ptr<graphql::mine::object::A>, std::allocator<std::shared_ptr<graphql::mine::object::A> > > >::await_suspend(std::__n4861::coroutine_handle<void>) const /workspace/ext/cppgraphqlgen/include/graphqlservice/GraphQLService.h:512
#4 0x5555578f5793 in convert /workspace/ext/cppgraphqlgen/include/graphqlservice/GraphQLService.h:1156
#5 0x5555578fb2e3 in convert<(graphql::service::TypeModifier)2> /workspace/ext/cppgraphqlgen/include/graphqlservice/GraphQLService.h:1131
#6 0x5555578fb2e3 in graphql::mine::object::Something::resolveA(graphql::service::ResolverParams&&) const graphql/schema/SomethingObject.cpp:68
#7 0x5555578fc20f in operator() graphql/schema/SomethingObject.cpp:42
#8 0x5555578fc20f in __invoke_impl<graphql::internal::Awaitable<graphql::service::ResolverResult>, graphql::mine::object::Something::getResolvers() const::<lambda(graphql::service::ResolverParams&&)>&, graphql::service::ResolverParams> /usr/include/c++/13/bits/invoke.h:61
#9 0x5555578fc20f in __invoke_r<graphql::internal::Awaitable<graphql::service::ResolverResult>, graphql::mine::object::Something::getResolvers() const::<lambda(graphql::service::ResolverParams&&)>&, graphql::service::ResolverParams> /usr/include/c++/13/bits/invoke.h:116
#10 0x5555578fc20f in _M_invoke /usr/include/c++/13/bits/std_function.h:291
#11 0x7ffffe209ed3 in graphql::service::SelectionVisitor::visitField(graphql::peg::ast_node const&) (/opt/ang/lib/libgraphqlservice.so+0x63ed3) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
#12 0x7ffffe20cd7d in graphql::service::Object::resolve(graphql::service::Object::resolve(graphql::service::SelectionSetParams const&, graphql::peg::ast_node const&, graphql::internal::sorted_map<std::basic_string_view<char, std::char_traits<char> >, graphql::service::Fragment, graphql::internal::shorter_or_less> const&, graphql::response::Value const&) const::_ZNK7graphql7service6Object7resolveERKNS0_18SelectionSetParamsERKNS_3peg8ast_nodeERKNS_8internal10sorted_mapISt17basic_string_viewIcSt11char_traitsIcEENS0_8FragmentENS9_15shorter_or_lessEEERKNS_8response5ValueE.Frame*) [clone .actor] (/opt/ang/lib/libgraphqlservice.so+0x66d7d) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
#13 0x7ffffe20d584 in graphql::service::Object::resolve(graphql::service::SelectionSetParams const&, graphql::peg::ast_node const&, graphql::internal::sorted_map<std::basic_string_view<char, std::char_traits<char> >, graphql::service::Fragment, graphql::internal::shorter_or_less> const&, graphql::response::Value const&) const (/opt/ang/lib/libgraphqlservice.so+0x67584) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
SUMMARY: AddressSanitizer: double-free ../../../../src/libsanitizer/asan/asan_new_delete.cpp:164 in operator delete(void*, unsigned long)
==35122==ABORTING
If I remove A & B from the requests, it seems to work (ran over 100 requests without any issues).
If I remove D, I get sanitizer SEGV crash:
==22148==ERROR: AddressSanitizer: SEGV on unknown address 0x001300003831 (pc 0x7ffffcac9f7e bp 0x5060014108f8 sp 0x7fffe2352168 T20)
==22148==The signal is caused by a WRITE memory access.
#0 0x7ffffcac9f7e in std::__detail::_List_node_base::_M_unhook() (/lib/x86_64-linux-gnu/libstdc++.so.6+0xcff7e) (BuildId: ca77dae775ec87540acd7218fa990c40d1c94ab1)
#1 0x7ffffe20ad57 in graphql::service::SelectionVisitor::visitFragmentSpread(graphql::peg::ast_node const&) (/opt/ang/lib/libgraphqlservice.so+0x64d57) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
#2 0x7ffffe20cd7d in graphql::service::Object::resolve(graphql::service::Object::resolve(graphql::service::SelectionSetParams const&, graphql::peg::ast_node const&, graphql::internal::sorted_map<std::basic_string_view<char, std::char_traits<char> >, graphql::service::Fragment, graphql::internal::shorter_or_less> const&, graphql::response::Value const&) const::_ZNK7graphql7service6Object7resolveERKNS0_18SelectionSetParamsERKNS_3peg8ast_nodeERKNS_8internal10sorted_mapISt17basic_string_viewIcSt11char_traitsIcEENS0_8FragmentENS9_15shorter_or_lessEEERKNS_8response5ValueE.Frame*) [clone .actor] (/opt/ang/lib/libgraphqlservice.so+0x66d7d) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
#3 0x7ffffe20d584 in graphql::service::Object::resolve(graphql::service::SelectionSetParams const&, graphql::peg::ast_node const&, graphql::internal::sorted_map<std::basic_string_view<char, std::char_traits<char> >, graphql::service::Fragment, graphql::internal::shorter_or_less> const&, graphql::response::Value const&) const (/opt/ang/lib/libgraphqlservice.so+0x67584) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
#4 0x7ffffe215103 in graphql::service::Result<graphql::service::Object>::convert(graphql::service::Result<graphql::service::Object>::convert(graphql::service::AwaitableObject<std::shared_ptr<graphql::service::Object const> >, graphql::service::ResolverParams&&)::_ZN7graphql7service6ResultINS0_6ObjectEE7convertENS0_15AwaitableObjectISt10shared_ptrIKS2_EEEONS0_14ResolverParamsE.Frame*) [clone .actor] (/opt/ang/lib/libgraphqlservice.so+0x6f103) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
#5 0x7ffffe2154c2 in graphql::service::Result<graphql::service::Object>::convert(graphql::service::AwaitableObject<std::shared_ptr<graphql::service::Object const> >, graphql::service::ResolverParams&&) (/opt/ang/lib/libgraphqlservice.so+0x6f4c2) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
#6 0x555557905d01 in convert /workspace/ext/cppgraphqlgen/include/graphqlservice/GraphQLService.h:1044
#7 0x555557440a9a in std::__n4861::coroutine_handle<void>::resume() const /usr/include/c++/13/coroutine:135
#8 0x555557440a9a in graphql::service::AwaitableObject<std::shared_ptr<graphql::mine::object::X> >::await_suspend(std::__n4861::coroutine_handle<void>) const::{lambda(std::__n4861::coroutine_handle<void>)#1}::operator()(std::__n4861::coroutine_handle<void>) const /workspace/ext/cppgraphqlgen/include/graphqlservice/GraphQLService.h:515
#9 0x555557440a9a in void std::__invoke_impl<void, graphql::service::AwaitableObject<std::shared_ptr<graphql::mine::object::X> >::await_suspend(std::__n4861::coroutine_handle<void>) const::{lambda(std::__n4861::coroutine_handle<void>)#1}, std::__n4861::coroutine_handle<void> >(std::__invoke_other, graphql::service::AwaitableObject<std::shared_ptr<graphql::mine::object::X> >::await_suspend(std::__n4861::coroutine_handle<void>) const::{lambda(std::__n4861::coroutine_handle<void>)#1}&&, std::__n4861::coroutine_handle<void>&&) /usr/include/c++/13/bits/invoke.h:61
#10 0x555557440a9a in std::__invoke_result<graphql::service::AwaitableObject<std::shared_ptr<graphql::mine::object::X> >::await_suspend(std::__n4861::coroutine_handle<void>) const::{lambda(std::__n4861::coroutine_handle<void>)#1}, std::__n4861::coroutine_handle<void> >::type std::__invoke<graphql::service::AwaitableObject<std::shared_ptr<graphql::mine::object::X> >::await_suspend(std::__n4861::coroutine_handle<void>) const::{lambda(std::__n4861::coroutine_handle<void>)#1}, std::__n4861::coroutine_handle<void> >(graphql::service::AwaitableObject<std::shared_ptr<graphql::mine::object::X> >::await_suspend(std::__n4861::coroutine_handle<void>) const::{lambda(std::__n4861::coroutine_handle<void>)#1}&&, std::__n4861::coroutine_handle<void>&&) /usr/include/c++/13/bits/invoke.h:96
#11 0x555557440a9a in void std::thread::_Invoker<std::tuple<graphql::service::AwaitableObject<std::shared_ptr<graphql::mine::object::X> >::await_suspend(std::__n4861::coroutine_handle<void>) const::{lambda(std::__n4861::coroutine_handle<void>)#1}, std::__n4861::coroutine_handle<void> > >::_M_invoke<0ul, 1ul>(std::_Index_tuple<0ul, 1ul>) /usr/include/c++/13/bits/std_thread.h:292
#12 0x555557440a9a in std::thread::_Invoker<std::tuple<graphql::service::AwaitableObject<std::shared_ptr<graphql::mine::object::X> >::await_suspend(std::__n4861::coroutine_handle<void>) const::{lambda(std::__n4861::coroutine_handle<void>)#1}, std::__n4861::coroutine_handle<void> > >::operator()() /usr/include/c++/13/bits/std_thread.h:299
#13 0x555557440a9a in std::thread::_State_impl<std::thread::_Invoker<std::tuple<graphql::service::AwaitableObject<std::shared_ptr<graphql::mine::object::X> >::await_suspend(std::__n4861::coroutine_handle<void>) const::{lambda(std::__n4861::coroutine_handle<void>)#1}, std::__n4861::coroutine_handle<void> > > >::_M_run() /usr/include/c++/13/bits/std_thread.h:244
#14 0x7ffffcae6db3 (/lib/x86_64-linux-gnu/libstdc++.so.6+0xecdb3) (BuildId: ca77dae775ec87540acd7218fa990c40d1c94ab1)
#15 0x7fffff145a41 in asan_thread_start ../../../../src/libsanitizer/asan/asan_interceptors.cpp:234
#16 0x7ffffc76baa3 (/lib/x86_64-linux-gnu/libc.so.6+0x9caa3) (BuildId: 42c84c92e6f98126b3e2230ebfdead22c235b667)
#17 0x7ffffc7f8a33 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x129a33) (BuildId: 42c84c92e6f98126b3e2230ebfdead22c235b667)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libstdc++.so.6+0xcff7e) (BuildId: ca77dae775ec87540acd7218fa990c40d1c94ab1) in std::__detail::_List_node_base::_M_unhook()
Thread T20 created by T9 here:
#0 0x7fffff1dc1f9 in pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:245
#1 0x7ffffcae6eb0 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/lib/x86_64-linux-gnu/libstdc++.so.6+0xeceb0) (BuildId: ca77dae775ec87540acd7218fa990c40d1c94ab1)
#2 0x555557905f60 in std::thread::thread<graphql::service::AwaitableObject<std::shared_ptr<graphql::mine::object::X> >::await_suspend(std::__n4861::coroutine_handle<void>) const::{lambda(std::__n4861::coroutine_handle<void>)#1}, std::__n4861::coroutine_handle<void>, void>(graphql::service::AwaitableObject<std::shared_ptr<graphql::mine::object::X> >::await_suspend(std::__n4861::coroutine_handle<void>) const::{lambda(std::__n4861::coroutine_handle<void>)#1}&&, std::__n4861::coroutine_handle<void>&&) /usr/include/c++/13/bits/std_thread.h:164
#3 0x555557905f60 in graphql::service::AwaitableObject<std::shared_ptr<graphql::mine::object::X> >::await_suspend(std::__n4861::coroutine_handle<void>) const /workspace/ext/cppgraphqlgen/include/graphqlservice/GraphQLService.h:512
#4 0x555557905f60 in convert /workspace/ext/cppgraphqlgen/include/graphqlservice/GraphQLService.h:1045
#5 0x555557907d95 in convert<> /workspace/ext/cppgraphqlgen/include/graphqlservice/GraphQLService.h:1029
#6 0x55555790907e in graphql::mine::object::Something::resolveC(graphql::service::ResolverParams&&) const graphql/schema/SomethingObject.cpp:90
#7 0x555557909d6d in operator() graphql/schema/SomethingObject.cpp:43
#8 0x555557909d6d in __invoke_impl<graphql::internal::Awaitable<graphql::service::ResolverResult>, graphql::mine::object::Something::getResolvers() const::<lambda(graphql::service::ResolverParams&&)>&, graphql::service::ResolverParams> /usr/include/c++/13/bits/invoke.h:61
#9 0x555557909d6d in __invoke_r<graphql::internal::Awaitable<graphql::service::ResolverResult>, graphql::mine::object::Something::getResolvers() const::<lambda(graphql::service::ResolverParams&&)>&, graphql::service::ResolverParams> /usr/include/c++/13/bits/invoke.h:116
#10 0x555557909d6d in _M_invoke /usr/include/c++/13/bits/std_function.h:291
#11 0x7ffffe209ed3 in graphql::service::SelectionVisitor::visitField(graphql::peg::ast_node const&) (/opt/ang/lib/libgraphqlservice.so+0x63ed3) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
#12 0x7ffffe20cd7d in graphql::service::Object::resolve(graphql::service::Object::resolve(graphql::service::SelectionSetParams const&, graphql::peg::ast_node const&, graphql::internal::sorted_map<std::basic_string_view<char, std::char_traits<char> >, graphql::service::Fragment, graphql::internal::shorter_or_less> const&, graphql::response::Value const&) const::_ZNK7graphql7service6Object7resolveERKNS0_18SelectionSetParamsERKNS_3peg8ast_nodeERKNS_8internal10sorted_mapISt17basic_string_viewIcSt11char_traitsIcEENS0_8FragmentENS9_15shorter_or_lessEEERKNS_8response5ValueE.Frame*) [clone .actor] (/opt/ang/lib/libgraphqlservice.so+0x66d7d) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
#13 0x7ffffe20d584 in graphql::service::Object::resolve(graphql::service::SelectionSetParams const&, graphql::peg::ast_node const&, graphql::internal::sorted_map<std::basic_string_view<char, std::char_traits<char> >, graphql::service::Fragment, graphql::internal::shorter_or_less> const&, graphql::response::Value const&) const (/opt/ang/lib/libgraphqlservice.so+0x67584) (BuildId: 1c7b0b8d0d70e1d2cfc66ecfd68fb8b545ca269d)
Thread T9 created by T0 here:
#0 0x7fffff1dc1f9 in pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:245
#1 0x7ffffeeb44cc in boost::thread::start_thread_noexcept() (/opt/ang/lib/libboost_thread.so.1.74.0+0xb4cc) (BuildId: 177c1f92b69dd0927e120cc5771e5e3f2c37a3b1)
#2 0x555555712473 in boost::thread* boost::thread_group::create_thread<boost::_bi::bind_t<void, boost::_mfi::mf0<void, ANG::mpi::detail::shared_io_service_impl>, boost::_bi::list1<boost::_bi::value<ANG::mpi::detail::shared_io_service_impl*> > > >(boost::_bi::bind_t<void, boost::_mfi::mf0<void, ANG::mpi::detail::shared_io_service_impl>, boost::_bi::list1<boost::_bi::value<ANG::mpi::detail::shared_io_service_impl*> > >) /workspace/ext/boost/include/boost/thread/detail/thread_group.hpp:79
#3 0x555555712473 in ANG::mpi::detail::shared_io_service_impl::run() /workspace/base/mpi/src/./detail/shared_io_service_impl.h:50
#4 0x5555556e3da7 in ANG::mpi::basic_task_scheduler<ANG::mpi::detail::shared_io_service_impl>::run() /workspace/base/mpi/src/task_scheduler.h:47
#5 0x5555556e3da7 in main service/mine_ui_backend.cpp:245
#6 0x7ffffc6f91c9 (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 42c84c92e6f98126b3e2230ebfdead22c235b667)
#7 0x7ffffc6f928a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 42c84c92e6f98126b3e2230ebfdead22c235b667)
#8 0x5555556de254 in _start (/workspace/apps/mine_ui_backend/bin/mine_ui_backend+0x18a254) (BuildId: 434d9bebd96445aacc025f45c8ba71d5fa3c8882)
==22148==ABORTING
If I don't use fragments in the query but just duplicate the field names for every object in request, everything runs perfectly fine (hundreds of requests).