Issue Details (XML | Word | Printable)

Key: CORE-4676
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Dmitry Yemanov
Reporter: Artyom Smirnov
Votes: 0
Watchers: 2

If you were logged in you would be able to see more operations.
Firebird Core

Regression: crash on unexpected client disconnection with opened transaction

Created: 29/Jan/15 02:46 PM   Updated: 23/Sep/15 12:21 PM
Component/s: Engine
Affects Version/s: 2.5.4
Fix Version/s: 2.5.4

QA Status: Cannot be tested

 Description  « Hide
Only snapshot builds 26824 and 26825 are affected.


Run isql and execute:
create database 'a';
create table a(id int);
insert into a values(1);

Do not commit anything. Then do:
killall -9 isql

Server will crash.

Bug probably introduced with commit 11366: This should fix CORE-4558: SuperServer dies when client is disconnected abnormally during the index navigational scan.
Commit slightly changed attachment release order so now all attachment requests released before dsql_dbb instance destroying which have pointers to already destroyed requests. On second releasing of requests server crashing.

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Artyom Smirnov added a comment - 29/Jan/15 02:49 PM

#0 Firebird::MemoryPool::internal_deallocate (this=this@entry=0x7ffff7e3f020, block=block@entry=0x7ffff4454ff0) at ../src/common/classes/alloc.cpp:1845
#1 0x0000000000759cbd in Firebird::MemoryPool::deallocate (this=this@entry=0x7ffff7e3f020, block=0x7ffff4454ff0) at ../src/common/classes/alloc.cpp:2044
#2 0x000000000075a064 in Firebird::MemoryPool::deletePool (pool=<optimized out>) at ../src/common/classes/alloc.cpp:1444
#3 0x000000000067dbf2 in release_request (tdbb=0x7ffff4271090, request=0x7ffff4469040, drop=<optimized out>) at ../src/dsql/dsql.cpp:2895
#4 0x00000000006805cc in Jrd::dsql_dbb::~dsql_dbb (this=0x7ffff45363d0, __in_chrg=<optimized out>) at ../src/dsql/dsql.cpp:165
#5 0x000000000058d437 in release_attachment (tdbb=tdbb@entry=0x7ffff4271090, attachment=attachment@entry=0x7ffff7e46380) at ../src/jrd/jrd.cpp:5527
#6 0x0000000000590142 in purge_attachment (tdbb=tdbb@entry=0x7ffff4271090, attachment=attachment@entry=0x7ffff7e46380, force_flag=<optimized out>) at ../src/jrd/jrd.cpp:6393
#7 0x0000000000590cd6 in jrd8_detach_database (user_status=0x7ffff42712e0, handle=0x7ffff7e892c0) at ../src/jrd/jrd.cpp:2458
#8 0x000000000043e909 in detach_or_drop_database (user_status=<optimized out>, handle=0x7ffff7e88c60, proc=<optimized out>, specCode=0) at ../src/jrd/why.cpp:2261
#9 0x0000000000411ef8 in rem_port::disconnect (this=this@entry=0x7ffff7e882b8, sendL=sendL@entry=0x7ffff7e84768, receiveL=receiveL@entry=0x7ffff7e84b78)
    at ../src/remote/server.cpp:1769
#10 0x000000000041c769 in process_packet (port=0x7ffff7e882b8, sendL=sendL@entry=0x7ffff7e84768, receive=receive@entry=0x7ffff7e84b78, result=result@entry=0x7ffff4271dd8)
    at ../src/remote/server.cpp:3391
#11 0x000000000041e055 in loopThread () at ../src/remote/server.cpp:5261
#12 0x00000000004311b9 in run (this=<synthetic pointer>) at ../src/jrd/ThreadStart.cpp:128
#13 (anonymous namespace)::threadStart (arg=0x7ffff7fe8b90) at ../src/jrd/ThreadStart.cpp:139
#14 0x00007ffff6ea60a5 in start_thread (arg=0x7ffff4272700) at pthread_create.c:309
#15 0x00007ffff6bd377d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111