| From: | Chris Bandy <chris(dot)bandy(at)crunchydata(dot)com> |
|---|---|
| To: | mark(dot)siemers(at)gmail(dot)com, pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: BUG #16041: Error shows up both in pgAdmin and in Ruby (pg gem) - Segmentation fault |
| Date: | 2019-12-03 21:33:28 |
| Message-ID: | 93f7379b-2e2f-db0c-980e-07ebd5de92ff@crunchydata.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Hello,
I am able to reproduce this on macOS 10.14 (Mojave) in multiple versions
of Ruby and in a minimal C program.
Steps to reproduce:
1. Install libpq for PostgreSQL 12:
brew install postgresql(at)12
2. Install the pg gem:
gem install pg
2. Start a PostgreSQL server:
docker run --rm -d -p 127.0.0.1:5432:5432 postgres:12
3. Execute some GSS path before and after fork:
ruby -r pg -e '
PG.connect(host: "localhost")
Process.fork { PG.connect(host: "localhost") }
Process.wait
'
Notice that host must be a TCP address (not Unix) and gssencmode must be
"prefer" (default is "prefer".) The version of the server doesn't appear
to matter; I tested 10, 11, and 12.
This can also happen in `rails console` if an application initializer
interacts with ActiveRecord or a descendant (i.e. opens a database
connection.) Any further interaction with ActiveRecord on the console
segfaults.
This has been reported in a variety of Ruby projects and often dismissed
as "a PostgreSQL issue."
I found a similar trace in a Python package that interacts with the
macOS keychain.[1] There they narrowed it to a single call, raised the
issue upstream, and were told in-short "you can't use keychain after fork."
Based on that report, I crafted a minimal C program to make the same GSS
call as libpq. I compiled (with deprecation warnings) and tested with
the following:
gcc macos-gss-crash.c -o macos-gss-crash -lgssapi_krb5
./macos-gss-crash
It prints:
before gss_acquire_cred in main
after gss_acquire_cred in main
gss complete: true
before gss_acquire_cred in child
child signalled: 11
I've attached the C program and crash reports for it and the above Ruby
snippet.
Thanks!
Chris
[1]: https://github.com/jaraco/keyring/issues/281
On 10/4/19 5:43 PM, PG Bug reporting form wrote:
> The following bug has been logged on the website:
>
> Bug reference: 16041
> Logged by: Mark Siemers
> Email address: mark(dot)siemers(at)gmail(dot)com
> PostgreSQL version: 12.0
> Operating system: Mac OS X Mojave 10.14.6
> Description:
>
> For further details (including crash report) see bugs filed with
> third-parties:
> Ruby - https://bugs.ruby-lang.org/issues/16239
> pgAdmin 4 - https://redmine.postgresql.org/issues/4813
>
> The speculation from a ruby maintainer is there is an issue with GSS
> authentication on OS X.
>
> Snippet of stack trace below:
> 7 ??? 0x0000000200000000 0 + 8589934592
> 8 com.apple.security 0x00007fff3f57c059 invocation function
> for block in
> Security::KeychainCore::StorageManager::tickleKeychain(Security::KeychainCore::KeychainImpl*)
> + 287
> 9 libdispatch.dylib 0x00007fff5fd6d63d
> _dispatch_client_callout + 8
> 10 libdispatch.dylib 0x00007fff5fd79129
> _dispatch_lane_barrier_sync_invoke_and_complete + 60
> 11 com.apple.security 0x00007fff3f57be47
> Security::KeychainCore::StorageManager::tickleKeychain(Security::KeychainCore::KeychainImpl*)
> + 441
> 12 com.apple.security 0x00007fff3f37cae2
> Security::KeychainCore::KCCursorImpl::next(Security::KeychainCore::Item&) +
> 230
> 13 com.apple.security 0x00007fff3f523c98
> Security::KeychainCore::IdentityCursor::next(Security::SecPointer<Security::KeychainCore::Identity>&)
> + 192
> 14 com.apple.security 0x00007fff3f545f2f
> SecIdentitySearchCopyNext + 145
> 15 com.apple.security 0x00007fff3f550956
> SecItemCopyMatching_osx(__CFDictionary const*, void const**) + 238
> 16 com.apple.security 0x00007fff3f553fc5 SecItemCopyMatching +
> 316
> 17 com.apple.Heimdal 0x00007fff4feae830 0x7fff4fe5c000 +
> 337968
> 18 com.apple.Heimdal 0x00007fff4fead35e hx509_certs_find +
> 67
> 19 com.apple.Heimdal 0x00007fff4fe88a6c _krb5_pk_find_cert +
> 246
> 20 com.apple.GSS 0x00007fff364dbd8e
> _gsspku2u_acquire_cred + 386
> 21 com.apple.GSS 0x00007fff364cb0d8 gss_acquire_cred +
> 523
> 22 libpq.5.dylib 0x0000000112b4b77d
> pg_GSS_have_cred_cache + 54
> 23 libpq.5.dylib 0x0000000112b39edf PQconnectPoll +
> 6377
> 24 libpq.5.dylib 0x0000000112b36f8b connectDBComplete +
> 232
> 25 libpq.5.dylib 0x0000000112b37112 PQconnectdb + 36
> 26 pg_ext.bundle 0x000000011157ab01
> gvl_PQconnectdb_skeleton + 17
> 27 ruby 0x000000010f1dfff9 call_without_gvl +
> 185
> 28 pg_ext.bundle 0x000000011157aadd gvl_PQconnectdb +
> 45
> 29 pg_ext.bundle 0x000000011157fcb9 pgconn_init + 121
> 30 ruby 0x000000010f221b1c vm_call0_body + 604
>
| Attachment | Content-Type | Size |
|---|---|---|
| macos-gss-crash.c | text/plain | 1.0 KB |
| macos-gss-crash_2019-12-03-144923.crash | text/plain | 38.7 KB |
| ruby_2019-12-03-123416.crash | text/plain | 43.3 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Chris Bandy | 2019-12-03 23:05:26 | Re: BUG #16041: Error shows up both in pgAdmin and in Ruby (pg gem) - Segmentation fault |
| Previous Message | Stephen Frost | 2019-12-03 20:43:11 | Re: Numeric is not leakproof |