cnspec panic scanning Ubuntu 1604

scottford-io commented 4 months ago

Describe the bug

ubuntu@ip-10-0-101-62:~$ uname -a
Linux ip-10-0-101-62 4.4.0-1163-aws #178-Ubuntu SMP Mon Nov 27 17:59:45 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

sudo cnspec scan local panics

ubuntu@ip-10-0-101-62:~$ sudo cnspec scan local
→ loaded configuration from /etc/opt/mondoo/mondoo.yml using source default
→ using service account credentials
→ discover related assets for 1 asset(s)
→ synchronize assets

 i-0e1ae5cfb95fddbc3 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━──────────────────────────────────────────────────────────────────────  34%

panic: runtime error: index out of range [0] with length 0

goroutine 820 [running]:
go.mondoo.com/cnquery/v11/types.Type.Underlying(...)
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/types/types.go:190
go.mondoo.com/cnquery/v11/llx.isSuccess({0x1ae4340?, 0xc02117ff10?}, {0x2593b88?, 0xc004a4d6ec?})
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/rawdata.go:360 +0x2a7
go.mondoo.com/cnquery/v11/llx.isSuccess({0x1ab7fa0, 0xc01cae86c0}, {0x2593b88, 0x1})
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/rawdata.go:390 +0x25c
go.mondoo.com/cnquery/v11/llx.isSuccess({0x1df5840, 0xc0211d2ab0}, {0x25936f0, 0x1})
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/rawdata.go:366 +0x18f
go.mondoo.com/cnquery/v11/llx.(*RawData).IsSuccess(0xc004a4d798?)
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/rawdata.go:351 +0x36
go.mondoo.com/cnquery/v11/llx.arrayBlockCallResult.isSuccess({0xc004d887b0?, 0xc004d887e0?})
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/llx.go:448 +0xd4
go.mondoo.com/cnquery/v11/llx.arrayBlockCallResult.toRawData({0xc004d887b0?, 0xc004d887e0?})
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/llx.go:409 +0x27e
go.mondoo.com/cnquery/v11/llx.arrayBlockListV2.func1({0xc004d7c008, 0x1e3, 0xc007927aa0?}, {0xc0211d8200, 0x1d, 0x4?})
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/builtin_array.go:156 +0x1cb
go.mondoo.com/cnquery/v11/llx.(*arrayBlockCallResults).update(0xc004d5c5b0, 0x1e2, 0xc0211da480)
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/llx.go:491 +0x3ff
go.mondoo.com/cnquery/v11/llx.(*blockExecutor).runFunctionBlocks.func1(0x0?)
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/llx.go:557 +0x25
go.mondoo.com/cnquery/v11/llx.(*blockExecutor).runFunctionBlock.reportSync.func1(0xc0211da480)
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/llx.go:373 +0x77
go.mondoo.com/cnquery/v11/llx.(*blockExecutor).runChain(0xc0211c9570, 0x1ed9355?)
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/llx.go:902 +0x1e3
go.mondoo.com/cnquery/v11/llx.(*blockExecutor).run(0xc0211c9570)
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/llx.go:354 +0x2d7
go.mondoo.com/cnquery/v11/llx.(*blockExecutor).runFunctionBlock(0xc004d2acb0, {0xc004caf7f8, 0x1, 0xc004d7b080?}, 0x200000000, 0xc01cae8798)
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/llx.go:585 +0x17c
go.mondoo.com/cnquery/v11/llx.(*blockExecutor).runFunctionBlocks(0xc004d2acb0, {0xc004d70008, 0x1e3, 0x7f68d361d898?}, 0x200000000, 0xc0006f3b60?)
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/llx.go:556 +0x107
go.mondoo.com/cnquery/v11/llx.arrayBlockListV2(0xc004d2acb0, 0xc004d6b3e0, 0xc0079211d0, 0x100000003)
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/builtin_array.go:146 +0x579
go.mondoo.com/cnquery/v11/llx.(*blockExecutor).runBoundFunction(0xc004d2acb0, 0xc004d6b3e0, 0xc0079211d0, 0x100000003)
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/builtin.go:857 +0x108
go.mondoo.com/cnquery/v11/llx.(*blockExecutor).runFunction(0xc004d2acb0, 0xc0079211d0, 0x100000003)
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/llx.go:810 +0x173
go.mondoo.com/cnquery/v11/llx.(*blockExecutor).runChunk(0xc004d2acb0, 0x1bb2a80?, 0x100000003)
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/llx.go:827 +0x225
go.mondoo.com/cnquery/v11/llx.(*blockExecutor).runRef(0xc004d24fd0?, 0xc004a4df80?)
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/llx.go:852 +0xd9
go.mondoo.com/cnquery/v11/llx.(*blockExecutor).runChain(0xc004d2acb0, 0xc004d2c5a0?)
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/llx.go:884 +0x9c
go.mondoo.com/cnquery/v11/llx.(*blockExecutor).triggerChain(0xc004d2acb0, 0x100000002, 0xc004d6b3e0)
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/llx.go:956 +0x365
go.mondoo.com/cnquery/v11/llx.runResourceFunction.func1({0x1ab7fa0, 0xc004d09de8}, {0x0, 0x0})
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/builtin.go:815 +0x219
go.mondoo.com/cnquery/v11/providers.(*Runtime).WatchAndUpdate(0xc0017b7900, {0x25ae498, 0xc004d1e280}, {0xc00792c2a8, 0x4}, {0xc004cf6a40, 0x31}, 0xc004d2d3b0)
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/providers/runtime.go:341 +0xe2
go.mondoo.com/cnquery/v11/llx.runResourceFunction(0xc004d2acb0, 0x9?, 0xc007921180, 0x100000002)
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/builtin.go:796 +0x26d
go.mondoo.com/cnquery/v11/llx.(*blockExecutor).runBoundFunction(0xc004d2acb0, 0xc004d2d320, 0xc007921180, 0x100000002)
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/builtin.go:870 +0xe5
go.mondoo.com/cnquery/v11/llx.(*blockExecutor).runFunction(0xc004d2acb0, 0xc007921180, 0x100000002)
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/llx.go:810 +0x173
go.mondoo.com/cnquery/v11/llx.(*blockExecutor).runChunk(0xc004d2acb0, 0x1bb2a80?, 0x100000002)
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/llx.go:827 +0x225
go.mondoo.com/cnquery/v11/llx.(*blockExecutor).runRef(0xc004d24fd0?, 0xc004d2c5a0?)
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/llx.go:852 +0xd9
go.mondoo.com/cnquery/v11/llx.(*blockExecutor).runChain(0xc004d2acb0, 0x1ed9355?)
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/llx.go:884 +0x9c
go.mondoo.com/cnquery/v11/llx.(*blockExecutor).run(0xc004d2acb0)
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/llx.go:354 +0x2d7
go.mondoo.com/cnquery/v11/llx.(*MQLExecutorV2).Run(0xc00792a300?)
        /home/runner/go/pkg/mod/go.mondoo.com/cnquery/v11@v11.0.0/llx/llx.go:286 +0x53
go.mondoo.com/cnspec/v11/policy/executor/internal.(*executionManager).executeCodeBundle(0xc007bf6780, 0xc007928140, 0xc004d2c4e0, {0x0, 0x0})
        /home/runner/_work/cnspec/cnspec/policy/executor/internal/execution_manager.go:178 +0x551
go.mondoo.com/cnspec/v11/policy/executor/internal.(*executionManager).Start.func1()
        /home/runner/_work/cnspec/cnspec/policy/executor/internal/execution_manager.go:95 +0x1cb
created by go.mondoo.com/cnspec/v11/policy/executor/internal.(*executionManager).Start in goroutine 62
        /home/runner/_work/cnspec/cnspec/policy/executor/internal/execution_manager.go:64 +0x65

vjeffrey commented 4 months ago

interesting, i'm getting a slightly diff error:

DBG marketplace> fetched policy bundle from upstream policy=//assets.api.mondoo.app/spaces/beautiful-wiles-231755/assets/2fEbnpshR0sNpdZHMnbP8GbHnbC req-id=global
DBG client> got policy bundle
fatal error: runtime: out of memory

runtime stack:
runtime.throw({0x1ef6839?, 0x20300b?})

vjeffrey commented 4 months ago

which means we hit this first log message, but not the next

        log.Debug().Msg("client> got policy bundle")
        logger.TraceJSON(assetBundle)
        logger.DebugDumpYAML("assetBundle", assetBundle)
    }

    rawFilters, err := hub.GetPolicyFilters(s.job.Ctx, &policy.Mrn{Mrn: s.job.Asset.Mrn})
    if err != nil {
        return nil, err
    }
    log.Debug().Str("asset", s.job.Asset.Mrn).Msg("client> got policy filters")
    logger.TraceJSON(rawFilters)
    logger.DebugDumpYAML("policyFilters", rawFilters)

vjeffrey commented 4 months ago

this line appears to be the one i'm hitting: logger.DebugDumpYAML("assetBundle", assetBundle

but when i run without debug, it runs through just fine 🤔

scottford-io commented 4 months ago

@vjeffrey this was a t2.micro instance. Do you want me to try it with a t2.small or medium as well?

mondoohq / cnspec

cnspec panic scanning Ubuntu 1604 #1264