[#CORE-6338] Embedded server crashing on short connects to database which want to be sweeped

Firebird Core

Embedded server crashing on short connects to database which want to be sweeped

Created: 19/Jun/20 01:47 PM Updated: 09/Jul/20 02:35 PM

Component/s:

Engine

Affects Version/s:

3.0.5, 4.0 RC 1

Fix Version/s:

None

Environment:

linux

Issue Links:

Relate

This issue is related to:

~~CORE-6360~~ Engine may hang due to races when starting crypt thread and simultaneous shutdown

QA Status:

No test

Description

« Hide

In some cases firebird server can craft such database, which crashes embedded server if embedded connection too short to complete sweep.

To reproduce stop firebird, make sure running user will have all permissions to work as embedded and run included script.
Script will emulate database crafting by disabling sweep, inserting data but nor commit nor rollback it and enabling sweep. Next connections CAN crash, but not always. If crafted database will be properly sweeped crashes disappearing.
Stacktraces telling it crashing during exit, but stack with segfault smashed.

Reproducing script:

https://gist.github.com/artyom-smirnov/9f7f3d873f34fc12dcd721cab92818e3

or

#!/bin/bash
rm -f repro.fdb f

ISQL=bin/isql
GFIX=bin/gfix

cat << EOF > create.sql
create database 'repro.fdb';
create table test(test varchar(255));
EOF

cat << EOF > connect.sql
connect 'repro.fdb' user 'sysdba' password 'masterkey';
exit;
EOF

cat << EOF > gdbinit
set \$_exitcode = -1
run
if \$_exitcode != -1
quit
end
EOF

$ISQL -u sysdba -p masterkey -i create.sql
$GFIX -user sysdba -pass masterkey -h 0 repro.fdb

mkfifo f
cat f | $ISQL -u sysdba -p masterkey repro.fdb&
ISQL_PID=$!
exec 3>f
for i in `seq 1 1000`; do
cat << EOF > f
insert into test values('text');
EOF
done

kill -KILL $ISQL_PID

$GFIX -user sysdba -pass masterkey -h 1 repro.fdb

while true; do gdb -x gdbinit --args $ISQL -u sysdba -p masterkey -i connect.sql; done
#while true; do $ISQL -u sysdba -p masterkey -i connect.sql; done

Stack with crash looks smashed:

Thread 6 "isql" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffebfff700 (LWP 90529)]
0x00007ffff53bfd72 in ?? ()
(gdb) bt
#0 0x00007ffff53bfd72 in ?? ()
#1 0x0000000000000010 in ?? ()
#2 0x00007ffff7bc6340 in ?? ()
#3 0x00000000ebffecb0 in ?? ()
#4 0x00007ffff58e60e2 in ?? ()
#5 0x0000000000000001 in ?? ()
#6 0x0000000014000218 in ?? ()
#7 0x0000000000000000 in ?? ()
(gdb)

All

Comments

Change History

Subversion Commits

Sort Order:

[ Permalink | « Hide ]

Artyom Smirnov added a comment - 22/Jun/20 02:56 PM

Looks like libEngine unloaded too early. During debugging gdb shows such error some steps before crash:

Temporarily disabling breakpoints for unloaded shared library "...../gen/Debug/firebird/plugins/libEngine12.so"

[ Permalink | « Hide ]

Artyom Smirnov added a comment - 22/Jun/20 03:05 PM

Also breakpointing on dlclose and then stepping reveals that dlclose called for modules, then engine crashed.

[ Permalink | « Hide ]

Alexander Peshkov added a comment - 24/Jun/20 09:58 AM

Looks like I have an idea why this happens, next step is to fix segfault.

[ Permalink | « Hide ]

Artyom Smirnov added a comment - 08/Jul/20 07:54 AM

CryptoManager affected similar issue:

When CM thread starting it assigns its internal attachment flag "ATT_crypt_thread", but on short connection this attachment and shutdown racing and flag may be never assigned therefore attachment and CM thread can not properly stopped causing server hang.

Reproducing:

#!/bin/bash
set -e

echo Auto = y > plugins/DbCrypt_example.conf

rm tmp.fdb
echo "create database 'tmp.fdb';" | bin/isql -u sysdba -p masterkey

while true; do
cp tmp.fdb repro.fdb; echo 'alter database encrypt with "DbCrypt_example";'| bin/isql -u sysdba -p masterkey repro.fdb
done

[ Permalink | « Hide ]

Alexander Peshkov added a comment - 08/Jul/20 02:51 PM

Confirm, reproduced for crypt thread