Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Unresolved
Priority: Blocker - P1
Fix Version/s: None
Affects Version/s: 8.2.3, 8.2.5
Component/s: None
Labels:
None
Environment:

Hide
Validated using docker:
- mongodb/mongodb-community-server:8.2.3
- mongodb/mongodb-community-server:8.2.5
- mongo:8.2.3
- mongo:8.2.5

Host kernel 6.19.0-6-generic

Host CPU
$ tail -29 /proc/cpuinfo

processor : 31
vendor_id : AuthenticAMD
cpu family : 26
model : 112
model name : AMD RYZEN AI MAX+ PRO 395 w/ Radeon 8060S
stepping : 0
microcode : 0xb700037
cpu MHz : 2000.000
cache size : 1024 KB
physical id : 0
siblings : 32
core id : 15
cpu cores : 16
apicid : 31
initial apicid : 31
fpu : yes
fpu_exception : yes
cpuid level : 16
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good amd_lbr_v2 nopl xtopology nonstop_tsc cpuid extd_apicid aperfmperf rapl pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpuid_fault cpb cat_l3 cdp_l3 hw_pstate ssbd mba perfmon_v2 ibrs ibpb stibp ibrs_enhanced vmmcall fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid cqm rdt_a avx512f avx512dq rdseed adx smap avx512ifma clflushopt clwb avx512cd sha_ni avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local user_shstk avx_vnni avx512_bf16 clzero irperf xsaveerptr rdpru wbnoinvd cppc arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif x2avic v_spec_ctrl vnmi avx512vbmi umip pku ospke avx512_vbmi2 gfni vaes vpclmulqdq avx512_vnni avx512_bitalg avx512_vpopcntdq rdpid bus_lock_detect movdiri movdir64b overflow_recov succor smca fsrm avx512_vp2intersect flush_l1d amd_lbr_pmc_freeze
bugs : sysret_ss_attrs spectre_v1 spectre_v2 spec_store_bypass srso spectre_v2_user vmscape
bogomips : 5988.44
TLB size : 192 4K pages
clflush size : 64
cache_alignment : 64
address sizes : 48 bits physical, 48 bits virtual
power management: ts ttp tm hwpstate cpb eff_freq_ro [13] [14]

Show
Validated using docker: - mongodb/mongodb-community-server:8.2.3 - mongodb/mongodb-community-server:8.2.5 - mongo:8.2.3 - mongo:8.2.5 Host kernel 6.19.0-6-generic Host CPU $ tail -29 /proc/cpuinfo processor : 31 vendor_id : AuthenticAMD cpu family : 26 model : 112 model name : AMD RYZEN AI MAX+ PRO 395 w/ Radeon 8060S stepping : 0 microcode : 0xb700037 cpu MHz : 2000.000 cache size : 1024 KB physical id : 0 siblings : 32 core id : 15 cpu cores : 16 apicid : 31 initial apicid : 31 fpu : yes fpu_exception : yes cpuid level : 16 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good amd_lbr_v2 nopl xtopology nonstop_tsc cpuid extd_apicid aperfmperf rapl pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpuid_fault cpb cat_l3 cdp_l3 hw_pstate ssbd mba perfmon_v2 ibrs ibpb stibp ibrs_enhanced vmmcall fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid cqm rdt_a avx512f avx512dq rdseed adx smap avx512ifma clflushopt clwb avx512cd sha_ni avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local user_shstk avx_vnni avx512_bf16 clzero irperf xsaveerptr rdpru wbnoinvd cppc arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif x2avic v_spec_ctrl vnmi avx512vbmi umip pku ospke avx512_vbmi2 gfni vaes vpclmulqdq avx512_vnni avx512_bitalg avx512_vpopcntdq rdpid bus_lock_detect movdiri movdir64b overflow_recov succor smca fsrm avx512_vp2intersect flush_l1d amd_lbr_pmc_freeze bugs : sysret_ss_attrs spectre_v1 spectre_v2 spec_store_bypass srso spectre_v2_user vmscape bogomips : 5988.44 TLB size : 192 4K pages clflush size : 64 cache_alignment : 64 address sizes : 48 bits physical, 48 bits virtual power management: ts ttp tm hwpstate cpb eff_freq_ro [13] [14]

Operating System:
ALL
Steps To Reproduce:
Hide

Provision an AMD Zen 4/Zen 5 machine with user_shstk enabled in the kernel (e.g., Ubuntu 24.04/26.04, Kernel 6.8+). I'm using a Ryzen 395 with 6.19.0-6-generic

Run mongod from either mongo or mongodb/mongodb-community-server:
docker run --name mongo -d mongo:8.2.5

Wait ~30-35 seconds.

`docker inspect` will show the container Exited (139).

I've only validated this issue on docker so far, if anyone else has a modern CPU and kernel they should re-validate from a native source build of mongod. I might test this later if I get some more spare time.

Workaround:
The crash can be prevented by passing an environment variable to disable Shadow Stacks in glibc before mongod boots:

docker run -d \ --env GLIBC_TUNABLES="glibc.cpu.hwcaps=-SHSTK" \ mongo:8.2.5

With -SHSTK applied, the container remains perfectly stable. (Note: using glibc.pthread.rseq=0 does not fix this issue, proving it is a CET/Shadow Stack fault, not a TCMalloc rseq fault).

Note for docker maintainers

The mongodb/mongodb-community-server image masks this exit code due to a flawed Python entrypoint wrapper returning 0, but the community mongo image correctly propagates the 139 exit code via its exec gosu implementation).

Short term fix

Update the official Dockerfiles to permanently inject ENV GLIBC_TUNABLES="glibc.cpu.hwcaps=-SHSTK" into the environment to SIGSEGV/CET on modern hardware.

Long term fix

Refactor MongoDB's C++ coroutine context-switching logic to be CET-compliant (utilizing incsspq / rstorssp instructions) so it does not trigger Shadow Stack hardware faults. Yep... easy huh
Show
Provision an AMD Zen 4/Zen 5 machine with user_shstk enabled in the kernel (e.g., Ubuntu 24.04/26.04, Kernel 6.8+). I'm using a Ryzen 395 with 6.19.0-6-generic Run mongod from either mongo or mongodb/mongodb-community-server: docker run --name mongo -d mongo:8.2.5 Wait ~30-35 seconds. `docker inspect` will show the container Exited (139). I've only validated this issue on docker so far, if anyone else has a modern CPU and kernel they should re-validate from a native source build of mongod. I might test this later if I get some more spare time. Workaround: The crash can be prevented by passing an environment variable to disable Shadow Stacks in glibc before mongod boots: docker run -d \ --env GLIBC_TUNABLES= "glibc.cpu.hwcaps=-SHSTK" \ mongo:8.2.5 With -SHSTK applied, the container remains perfectly stable. (Note: using glibc.pthread.rseq=0 does not fix this issue, proving it is a CET/Shadow Stack fault, not a TCMalloc rseq fault). Note for docker maintainers The mongodb/mongodb-community-server image masks this exit code due to a flawed Python entrypoint wrapper returning 0 , but the community mongo image correctly propagates the 139 exit code via its exec gosu implementation). Short term fix Update the official Dockerfiles to permanently inject ENV GLIBC_TUNABLES="glibc.cpu.hwcaps=-SHSTK" into the environment to SIGSEGV/CET on modern hardware. Long term fix Refactor MongoDB's C++ coroutine context-switching logic to be CET-compliant (utilizing incsspq / rstorssp instructions) so it does not trigger Shadow Stack hardware faults. Yep... easy huh
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

When running the mongodb/mongodb-community-server and mongo 8.x Docker images on AMD strix halo with a 6.19.0-6-generic kernel, the mongod process boots successfully but silently crashes with Exit Code 139 (SIGSEGV) exactly ~30 seconds later.

There is no stack trace printed to the MongoDB logs, and the host dmesg / journalctl ring buffer is entirely empty. The process simply vanishes.

The crash is caused by a hardware-enforced Control-flow Enforcement Technology (CET) trap, specifically AMD's Shadow Stacks (user_shstk).

The host CPU supports user_shstk.

The container's userland (Ubuntu 24.04) has a glibc that enables Shadow Stacks by default if the underlying hardware supports it.

At the ~30-second mark, MongoDB spins up background threads (likely LogicalSessionCacheReap / LogicalSessionCacheRefresh).

The C++ coroutines used by MongoDB perform a context switch (stack pivoting).

The CPU detects the stack pointer jump, assumes it is a Return-Oriented Programming (ROP) attack, and executes a hardware-level SIGSEGV.

Because the hardware locks the stack, MongoDB's internal C++ crash handler double-faults and fails to print a stack trace, resulting in a completely silent death.

Assignee:: Unassigned
Reporter:: Joe Bennett
Participants:: Joe Bennett, Julian Thanner, Maurus Spieler
Votes:: 0 Vote for this issue
Watchers:: 5 Start watching this issue

Created:: Feb 24 2026 01:18:01 PM UTC
Updated:: Feb 25 2026 09:24:27 PM UTC

Details

Description

Attachments

Activity

People

Dates