[SERVER-31761] Seg fault in 3.6.0-rc1 (ent) when using an Audit filter Created: 29/Oct/17  Updated: 30/Oct/23  Resolved: 06/Nov/17

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 3.6.0-rc1
Fix Version/s: 3.6.0-rc3

Type: Bug Priority: Critical - P2
Reporter: Paul Done Assignee: Spencer Jackson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: File mongod.log    
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Platforms 2017-11-13
Participants:

 Description   

Just testing 3.6.0-rc1 Enterprise Version with my demo framework https://github.com/pkdone/MongoSecurityPlaypen and I receive a fatal segmentation fault upon mongod server startup, when using auditing with a filter.

$ uname -a
Linux dbnode1.vagrant.dev 3.10.0-514.26.2.el7.x86_64 #1 SMP Tue Jul 4 15:04:05 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
$ cat /etc/redhat-release 
CentOS Linux release 7.3.1611 (Core)
$ rpm -qa | grep mongo
mongodb-enterprise-shell-3.6.0-0.1.rc1.el7.x86_64
mongodb-enterprise-tools-3.6.0-0.1.rc1.el7.x86_64
mongodb-enterprise-server-3.6.0-0.1.rc1.el7.x86_64
mongodb-enterprise-mongos-3.6.0-0.1.rc1.el7.x86_64
mongodb-enterprise-3.6.0-0.1.rc1.el7.x86_64

In "mongod.conf" include:

auditLog:
   destination: file
   format: BSON
   path: /var/lib/mongo/auditLog.bson
   filter: '{atype: "authCheck", "param.command": {$in: ["find", "insert"]}}'
...
...
setParameter:
   auditAuthorizationSuccess: true

Upon starting mongod with this conf file (fork=yes) I get the following output:

$ mongod -f /etc/mongod.conf
about to fork child process, waiting until server is ready for connections.
forked process: 11599
ERROR: child process failed, exited with error number 51
To see additional information in this output, start without the "--fork" option.

In the log file, I see the segmentation fault output:

$ cat /var/log/mongodb/mongod.log
2017-10-29T11:47:20.250+0000 F -        [main] Invalid access at address: 0
2017-10-29T11:47:20.266+0000 F -        [main] Got signal: 11 (Segmentation fault).
 
 0x7f6928b9c291 0x7f6928b9b4a9 0x7f6928b9bb16 0x7f69236b0370 0x7f69288716d8 0x7f692887b166 0x7f692887b639 0x7f692887f619 0x7f692874e83e 0x7f6927220013 0x7f6928b4ea54 0x7f6928b4f132 0x7f692722a8a7 0x7f69271b2ae9 0x7f6923301b35 0x7f692721af0f
----- BEGIN BACKTRACE -----
{"backtrace":[{"b":"7F692686B000","o":"2331291","s":"_ZN5mongo15printStackTraceERSo"},{"b":"7F692686B000","o":"23304A9"},{"b":"7F692686B000","o":"2330B16"},{"b":"7F69236A1000","o":"F370"},{"b":"7F692686B000","o":"20066D8","s":"_ZN5mongo21MatchExpressionParser25parsePathAcceptingKeywordENS_11BSONElementEN5boost8optionalINS_20PathAcceptingKeywordEEE"},{"b":"7F692686B000","o":"2010166"},{"b":"7F692686B000","o":"2010639"},{"b":"7F692686B000","o":"2014619","s":"_ZN5mongo21MatchExpressionParser5parseERKNS_7BSONObjERKN5boost13intrusive_ptrINS_17ExpressionContextEEERKNS_18ExtensionsCallbackEy"},{"b":"7F692686B000","o":"1EE383E","s":"_ZN5mongo5audit54_mongoInitializerFunction_InitializeGlobalAuditManagerEPNS_18InitializerContextE"},{"b":"7F692686B000","o":"9B5013","s":"_ZNSt17_Function_handlerIFN5mongo6StatusEPNS0_18InitializerContextEEPS4_E9_M_invokeERKSt9_Any_dataOS3_"},{"b":"7F692686B000","o":"22E3A54","s":"_ZNK5mongo11Initializer7executeERKSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS7_EERKSt3mapIS7_S7_St4lessIS7_ESaISt4pairIKS7_S7_EEE"},{"b":"7F692686B000","o":"22E4132","s":"_ZN5mongo21runGlobalInitializersEiPKPKcS3_"},{"b":"7F692686B000","o":"9BF8A7","s":"_ZN5mongo11mongoDbMainEiPPcS1_"},{"b":"7F692686B000","o":"947AE9","s":"main"},{"b":"7F69232E0000","o":"21B35","s":"__libc_start_main"},{"b":"7F692686B000","o":"9AFF0F"}]}
 mongod(_ZN5mongo15printStackTraceERSo+0x41) [0x7f6928b9c291]
 mongod(+0x23304A9) [0x7f6928b9b4a9]
 mongod(+0x2330B16) [0x7f6928b9bb16]
 libpthread.so.0(+0xF370) [0x7f69236b0370]
 mongod(_ZN5mongo21MatchExpressionParser25parsePathAcceptingKeywordENS_11BSONElementEN5boost8optionalINS_20PathAcceptingKeywordEEE+0xA8) [0x7f69288716d8]
 mongod(+0x2010166) [0x7f692887b166]
 mongod(+0x2010639) [0x7f692887b639]
 mongod(_ZN5mongo21MatchExpressionParser5parseERKNS_7BSONObjERKN5boost13intrusive_ptrINS_17ExpressionContextEEERKNS_18ExtensionsCallbackEy+0x29) [0x7f692887f619]
 mongod(_ZN5mongo5audit54_mongoInitializerFunction_InitializeGlobalAuditManagerEPNS_18InitializerContextE+0xBE) [0x7f692874e83e]
 mongod(_ZNSt17_Function_handlerIFN5mongo6StatusEPNS0_18InitializerContextEEPS4_E9_M_invokeERKSt9_Any_dataOS3_+0x23) [0x7f6927220013]
 mongod(_ZNK5mongo11Initializer7executeERKSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS7_EERKSt3mapIS7_S7_St4lessIS7_ESaISt4pairIKS7_S7_EEE+0x1E4) [0x7f6928b4ea54]
 mongod(_ZN5mongo21runGlobalInitializersEiPKPKcS3_+0x352) [0x7f6928b4f132]
 mongod(_ZN5mongo11mongoDbMainEiPPcS1_+0xA7) [0x7f692722a8a7]
 mongod(main+0x9) [0x7f69271b2ae9]
 libc.so.6(__libc_start_main+0xF5) [0x7f6923301b35]
 mongod(+0x9AFF0F) [0x7f692721af0f]
-----  END BACKTRACE  -----



 Comments   
Comment by Githook User [ 06/Nov/17 ]

Author:

{'name': 'Spencer Jackson', 'username': 'spencerjackson', 'email': 'spencer.jackson@mongodb.com'}

Message: SERVER-31761: Make auditing initialization depend on query initializer
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/79f974a23b629df000873e87eb77f5b8016a2629

Comment by Paul Done [ 29/Oct/17 ]

I've attached the mongod output log with the segmentation fault backtrace.

Generated at Thu Feb 08 04:28:06 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.