Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-31761

Seg fault in 3.6.0-rc1 (ent) when using an Audit filter

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Critical - P2 Critical - P2
    • 3.6.0-rc3
    • Affects Version/s: 3.6.0-rc1
    • Component/s: Security
    • None
    • Fully Compatible
    • ALL
    • Platforms 2017-11-13

      Just testing 3.6.0-rc1 Enterprise Version with my demo framework https://github.com/pkdone/MongoSecurityPlaypen and I receive a fatal segmentation fault upon mongod server startup, when using auditing with a filter.

      $ uname -a
      Linux dbnode1.vagrant.dev 3.10.0-514.26.2.el7.x86_64 #1 SMP Tue Jul 4 15:04:05 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
      $ cat /etc/redhat-release 
      CentOS Linux release 7.3.1611 (Core)
      $ rpm -qa | grep mongo
      mongodb-enterprise-shell-3.6.0-0.1.rc1.el7.x86_64
      mongodb-enterprise-tools-3.6.0-0.1.rc1.el7.x86_64
      mongodb-enterprise-server-3.6.0-0.1.rc1.el7.x86_64
      mongodb-enterprise-mongos-3.6.0-0.1.rc1.el7.x86_64
      mongodb-enterprise-3.6.0-0.1.rc1.el7.x86_64
      

      In "mongod.conf" include:

      auditLog:
         destination: file
         format: BSON
         path: /var/lib/mongo/auditLog.bson
         filter: '{atype: "authCheck", "param.command": {$in: ["find", "insert"]}}'
      ...
      ...
      setParameter:
         auditAuthorizationSuccess: true
      

      Upon starting mongod with this conf file (fork=yes) I get the following output:

      $ mongod -f /etc/mongod.conf
      about to fork child process, waiting until server is ready for connections.
      forked process: 11599
      ERROR: child process failed, exited with error number 51
      To see additional information in this output, start without the "--fork" option.
      

      In the log file, I see the segmentation fault output:

      $ cat /var/log/mongodb/mongod.log
      2017-10-29T11:47:20.250+0000 F -        [main] Invalid access at address: 0
      2017-10-29T11:47:20.266+0000 F -        [main] Got signal: 11 (Segmentation fault).
      
       0x7f6928b9c291 0x7f6928b9b4a9 0x7f6928b9bb16 0x7f69236b0370 0x7f69288716d8 0x7f692887b166 0x7f692887b639 0x7f692887f619 0x7f692874e83e 0x7f6927220013 0x7f6928b4ea54 0x7f6928b4f132 0x7f692722a8a7 0x7f69271b2ae9 0x7f6923301b35 0x7f692721af0f
      ----- BEGIN BACKTRACE -----
      {"backtrace":[{"b":"7F692686B000","o":"2331291","s":"_ZN5mongo15printStackTraceERSo"},{"b":"7F692686B000","o":"23304A9"},{"b":"7F692686B000","o":"2330B16"},{"b":"7F69236A1000","o":"F370"},{"b":"7F692686B000","o":"20066D8","s":"_ZN5mongo21MatchExpressionParser25parsePathAcceptingKeywordENS_11BSONElementEN5boost8optionalINS_20PathAcceptingKeywordEEE"},{"b":"7F692686B000","o":"2010166"},{"b":"7F692686B000","o":"2010639"},{"b":"7F692686B000","o":"2014619","s":"_ZN5mongo21MatchExpressionParser5parseERKNS_7BSONObjERKN5boost13intrusive_ptrINS_17ExpressionContextEEERKNS_18ExtensionsCallbackEy"},{"b":"7F692686B000","o":"1EE383E","s":"_ZN5mongo5audit54_mongoInitializerFunction_InitializeGlobalAuditManagerEPNS_18InitializerContextE"},{"b":"7F692686B000","o":"9B5013","s":"_ZNSt17_Function_handlerIFN5mongo6StatusEPNS0_18InitializerContextEEPS4_E9_M_invokeERKSt9_Any_dataOS3_"},{"b":"7F692686B000","o":"22E3A54","s":"_ZNK5mongo11Initializer7executeERKSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS7_EERKSt3mapIS7_S7_St4lessIS7_ESaISt4pairIKS7_S7_EEE"},{"b":"7F692686B000","o":"22E4132","s":"_ZN5mongo21runGlobalInitializersEiPKPKcS3_"},{"b":"7F692686B000","o":"9BF8A7","s":"_ZN5mongo11mongoDbMainEiPPcS1_"},{"b":"7F692686B000","o":"947AE9","s":"main"},{"b":"7F69232E0000","o":"21B35","s":"__libc_start_main"},{"b":"7F692686B000","o":"9AFF0F"}]}
       mongod(_ZN5mongo15printStackTraceERSo+0x41) [0x7f6928b9c291]
       mongod(+0x23304A9) [0x7f6928b9b4a9]
       mongod(+0x2330B16) [0x7f6928b9bb16]
       libpthread.so.0(+0xF370) [0x7f69236b0370]
       mongod(_ZN5mongo21MatchExpressionParser25parsePathAcceptingKeywordENS_11BSONElementEN5boost8optionalINS_20PathAcceptingKeywordEEE+0xA8) [0x7f69288716d8]
       mongod(+0x2010166) [0x7f692887b166]
       mongod(+0x2010639) [0x7f692887b639]
       mongod(_ZN5mongo21MatchExpressionParser5parseERKNS_7BSONObjERKN5boost13intrusive_ptrINS_17ExpressionContextEEERKNS_18ExtensionsCallbackEy+0x29) [0x7f692887f619]
       mongod(_ZN5mongo5audit54_mongoInitializerFunction_InitializeGlobalAuditManagerEPNS_18InitializerContextE+0xBE) [0x7f692874e83e]
       mongod(_ZNSt17_Function_handlerIFN5mongo6StatusEPNS0_18InitializerContextEEPS4_E9_M_invokeERKSt9_Any_dataOS3_+0x23) [0x7f6927220013]
       mongod(_ZNK5mongo11Initializer7executeERKSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS7_EERKSt3mapIS7_S7_St4lessIS7_ESaISt4pairIKS7_S7_EEE+0x1E4) [0x7f6928b4ea54]
       mongod(_ZN5mongo21runGlobalInitializersEiPKPKcS3_+0x352) [0x7f6928b4f132]
       mongod(_ZN5mongo11mongoDbMainEiPPcS1_+0xA7) [0x7f692722a8a7]
       mongod(main+0x9) [0x7f69271b2ae9]
       libc.so.6(__libc_start_main+0xF5) [0x7f6923301b35]
       mongod(+0x9AFF0F) [0x7f692721af0f]
      -----  END BACKTRACE  -----
      

            Assignee:
            spencer.jackson@mongodb.com Spencer Jackson
            Reporter:
            paul.done@mongodb.com Paul Done
            Votes:
            0 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated:
              Resolved: