Bug: database fails and stop on attempt to delete namespace

[kotolex]

Describe the bug

When I am trying to delete namespace Surreal stops with error
Not sure it is about namespace or deleting...
By the way its not fail via /sql CLI

logs:
`2024-05-18T06:07:31.636598Z TRACE tungstenite::protocol: Sending frame: Frame { header: FrameHeader { is_final: true, rsv1: false, rsv2: false, rsv3: false, opcode: Data(Text), mask: None }, payload: [123, 34, 105, 100, 34, 58, 34, 48, 52, 51, 100, 52, 57, 102, 48, 45, 97, 56, 101, 50, 45, 52, 50, 57, 57, 45, 57, 98, 98, 48, 45, 55, 49, 56, 56, 55, 51, 49, 100, 56, 52, 57, 57, 34, 44, 34, 114, 101, 115, 117, 108, 116, 34, 58, 34, 101, 121, 74, 48, 101, 88, 65, 105, 79, 105, 74, 75, 86, 49, 81, 105, 76, 67, 74, 104, 98, 71, 99, 105, 79, 105, 74, 73, 85, 122, 85, 120, 77, 105, 74, 57, 46, 101, 121, 74, 112, 89, 88, 81, 105, 79, 106, 69, 51, 77, 84, 89, 119, 77, 84, 73, 48, 78, 84, 69, 115, 73, 109, 53, 105, 90, 105, 73, 54, 77, 84, 99, 120, 78, 106, 65, 120, 77, 106, 81, 49, 77, 83, 119, 105, 90, 88, 104, 119, 73, 106, 111, 120, 78, 122, 69, 50, 77, 68, 69, 50, 77, 68, 85, 120, 76, 67, 74, 112, 99, 51, 77, 105, 79, 105, 74, 84, 100, 88, 74, 121, 90, 87, 70, 115, 82, 69, 73, 105, 76, 67, 74, 113, 100, 71, 107, 105, 79, 105, 74, 109, 78, 109, 81, 122, 78, 87, 78, 106, 78, 105, 48, 120, 90, 68, 103, 53, 76, 84, 81, 49, 78, 109, 85, 116, 79, 87, 73, 52, 90, 83, 49, 106, 79, 87, 85, 51, 79, 68, 65, 120, 90, 87, 85, 52, 78, 68, 99, 105, 76, 67, 74, 74, 82, 67, 73, 54, 73, 110, 74, 118, 98, 51, 81, 105, 102, 81, 46, 54, 109, 65, 107, 122, 118, 90, 76, 81, 107, 120, 69, 48, 71, 68, 117, 82, 65, 79, 52, 101, 69, 86, 112, 75, 119, 113, 69, 89, 53, 106, 105, 56, 45, 79, 86, 89, 117, 110, 120, 74, 57, 78, 57, 118, 56, 119, 83, 67, 54, 111, 66, 88, 48, 66, 49, 105, 120, 70, 114, 119, 76, 86, 57, 86, 76, 45, 90, 74, 115, 89, 109, 78, 52, 65, 120, 84, 97, 45, 76, 52, 113, 103, 88, 74, 119, 34, 125] }
2024-05-18T06:07:31.636764Z TRACE tungstenite::protocol::frame: writing frame

final: true reserved: false false false opcode: TEXT length: 355 payload length: 351 payload: 0x7b226964223a2230343364343966302d613865322d343239392d396262302d373138383733316438343939222c22726573756c74223a2265794a30655841694f694a4b563151694c434a68624763694f694a49557a55784d694a392e65794a70595851694f6a45334d5459774d5449304e544573496d35695a6949364d5463784e6a41784d6a51314d5377695a586877496a6f784e7a45324d4445324d4455784c434a7063334d694f694a5464584a795a574673524549694c434a7164476b694f694a6d4e6d517a4e574e6a4e6930785a4467354c5451314e6d55744f5749345a53316a4f5755334f4441785a5755344e4463694c434a4a52434936496e4a766233516966512e366d416b7a765a4c516b78453047447552414f34654556704b77714559356a69382d4f5659756e784a394e397638775343366f425830423169784672774c5639564c2d5a4a73596d4e34417854612d4c347167584a77227d

2024-05-18T06:07:31.636927Z TRACE tokio_tungstenite: C:\Users\runneradmin/.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-tungstenite-0.20.1\src\lib.rs:243 WebSocketStream.with_context
2024-05-18T06:07:31.636983Z TRACE tokio_tungstenite::compat: C:\Users\runneradmin/.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-tungstenite-0.20.1\src\compat.rs:167 Write.write
2024-05-18T06:07:31.637033Z TRACE tokio_tungstenite::compat: C:\Users\runneradmin/.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-tungstenite-0.20.1\src\compat.rs:126 AllowStd.with_context
2024-05-18T06:07:31.637084Z TRACE tokio_tungstenite::compat: C:\Users\runneradmin/.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-tungstenite-0.20.1\src\compat.rs:169 Write.with_context write -> poll_write
2024-05-18T06:07:31.637221Z TRACE tokio_tungstenite::compat: C:\Users\runneradmin/.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-tungstenite-0.20.1\src\compat.rs:178 Write.flush
2024-05-18T06:07:31.637273Z TRACE tokio_tungstenite::compat: C:\Users\runneradmin/.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-tungstenite-0.20.1\src\compat.rs:126 AllowStd.with_context
2024-05-18T06:07:31.637328Z TRACE tokio_tungstenite::compat: C:\Users\runneradmin/.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-tungstenite-0.20.1\src\compat.rs:180 Write.with_context flush -> poll_flush
2024-05-18T06:07:31.645679Z TRACE tokio_tungstenite: C:\Users\runneradmin/.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-tungstenite-0.20.1\src\lib.rs:288 Stream.poll_next
2024-05-18T06:07:31.645831Z TRACE tokio_tungstenite: C:\Users\runneradmin/.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-tungstenite-0.20.1\src\lib.rs:243 WebSocketStream.with_context
2024-05-18T06:07:31.645898Z TRACE tokio_tungstenite: C:\Users\runneradmin/.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-tungstenite-0.20.1\src\lib.rs:298 Stream.with_context poll_next -> read()
2024-05-18T06:07:31.645954Z TRACE tokio_tungstenite::compat: C:\Users\runneradmin/.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-tungstenite-0.20.1\src\compat.rs:149 Read.read
2024-05-18T06:07:31.646009Z TRACE tokio_tungstenite::compat: C:\Users\runneradmin/.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-tungstenite-0.20.1\src\compat.rs:126 AllowStd.with_context
2024-05-18T06:07:31.646063Z TRACE tokio_tungstenite::compat: C:\Users\runneradmin/.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-tungstenite-0.20.1\src\compat.rs:152 Read.with_context read -> poll_read
2024-05-18T06:07:31.646126Z TRACE tungstenite::protocol::frame::frame: Parsed headers [129, 246]
2024-05-18T06:07:31.646172Z TRACE tungstenite::protocol::frame::frame: First: 10000001
2024-05-18T06:07:31.646242Z TRACE tungstenite::protocol::frame::frame: Second: 11110110
2024-05-18T06:07:31.646312Z TRACE tungstenite::protocol::frame::frame: Opcode: Data(Text)
2024-05-18T06:07:31.646357Z TRACE tungstenite::protocol::frame::frame: Masked: true
2024-05-18T06:07:31.646407Z TRACE tungstenite::protocol::frame: received frame

final: true reserved: false false false opcode: TEXT length: 124 payload length: 118 payload: 0x5b47f661025fbf271152fe641856ac3d0d5dfe344348ab301500b23c4407ae284255ab661855ac344456a7310249bf274d00eb6d4f01bd3f0047ee704517e6270c45bd754117fe685347a5257b47cd406d2ac940002bde486536cf446320bf4c6645da5d6936cb560016ea775200fe694407a4277d18

2024-05-18T06:07:31.646533Z TRACE tungstenite::protocol: Received message {"id": "17aa8338-8a1c-455e-9db1-b04c8031d384", "method": "query", "params": ["REMOVE NAMESPACE IF EXISTS surrealdb;"]}
2024-05-18T06:07:31.646593Z TRACE tokio_tungstenite: C:\Users\runneradmin/.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-tungstenite-0.20.1\src\lib.rs:288 Stream.poll_next
2024-05-18T06:07:31.646649Z TRACE tokio_tungstenite: C:\Users\runneradmin/.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-tungstenite-0.20.1\src\lib.rs:243 WebSocketStream.with_context
2024-05-18T06:07:31.646733Z TRACE tokio_tungstenite: C:\Users\runneradmin/.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-tungstenite-0.20.1\src\lib.rs:298 Stream.with_context poll_next -> read()
2024-05-18T06:07:31.646812Z TRACE tokio_tungstenite::compat: C:\Users\runneradmin/.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-tungstenite-0.20.1\src\compat.rs:149 Read.read
2024-05-18T06:07:31.646870Z TRACE tokio_tungstenite::compat: C:\Users\runneradmin/.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-tungstenite-0.20.1\src\compat.rs:126 AllowStd.with_context
2024-05-18T06:07:31.646925Z TRACE tokio_tungstenite::compat: C:\Users\runneradmin/.cargo\registry\src\index.crates.io-6f17d22bba15001f\tokio-tungstenite-0.20.1\src\compat.rs:152 Read.with_context read -> poll_read
2024-05-18T06:07:31.646983Z TRACE tokio_tungstenite::compat: WouldBlock
2024-05-18T06:07:31.647089Z DEBUG rpc/call: surreal::rpc::connection: Process RPC request otel.kind="server" ws.id=af543211-ba32-4089-b454-a9deb4bb0cc1 rpc.service="surrealdb" rpc.method="query" otel.name="surrealdb.rpc/query" rpc.request_id="17aa8338-8a1c-455e-9db1-b04c8031d384"
2024-05-18T06:07:31.647238Z DEBUG rpc/call:execute:process:executor: surrealdb_core::dbs::executor: Executing: REMOVE NAMESPACE IF EXISTS surrealdb otel.kind="server" ws.id=af543211-ba32-4089-b454-a9deb4bb0cc1 rpc.service="surrealdb" rpc.method="query" otel.name="surrealdb.rpc/query" rpc.request_id="17aa8338-8a1c-455e-9db1-b04c8031d384"
thread 'surrealdb-worker' panicked at core\src\dbs\options.rs:357:45:
called Option::unwrap() on a None value
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace`

Steps to reproduce

1. start DB
2. via websocket use command REMOVE NAMESPACE IF EXISTS surrealdb;

Expected behaviour

Not sure, maybe just info - no such namespace

SurrealDB version

1.5.0 for windows on x86_64

Contact Details

lexman2@yandex.ru

Is there an existing issue for this?

• I have searched the existing issues

Code of Conduct

• I agree to follow this project's Code of Conduct

[alt-jero]

Can confirm same issue with 1.5.0 for macos on aarch64.

Server side:

% RUST_BACKTRACE=full surreal start --auth -u root -p toor

 .d8888b.                                             888 8888888b.  888888b.
d88P  Y88b                                            888 888  'Y88b 888  '88b
Y88b.                                                 888 888    888 888  .88P
 'Y888b.   888  888 888d888 888d888  .d88b.   8888b.  888 888    888 8888888K.
    'Y88b. 888  888 888P'   888P'   d8P  Y8b     '88b 888 888    888 888  'Y88b
      '888 888  888 888     888     88888888 .d888888 888 888    888 888    888
Y88b  d88P Y88b 888 888     888     Y8b.     888  888 888 888  .d88P 888   d88P
 'Y8888P'   'Y88888 888     888      'Y8888  'Y888888 888 8888888P'  8888888P'


2024-05-19T01:55:40.184573Z  INFO surreal::env: Running 1.5.0 for macos on aarch64
2024-05-19T01:55:40.184697Z  INFO surreal::dbs: ✅🔒 Authentication is enabled 🔒✅
2024-05-19T01:55:40.184761Z  INFO surrealdb_core::kvs::ds: Starting kvs store in memory
2024-05-19T01:55:40.184807Z  INFO surrealdb_core::kvs::ds: Started kvs store in memory
2024-05-19T01:55:40.185135Z  INFO surrealdb_core::kvs::ds: Credentials were provided, and no root users were found. The root user 'root' will be created
2024-05-19T01:55:40.221613Z  INFO surrealdb::net: Started web server on 0.0.0.0:8000
thread 'surrealdb-worker' panicked at core/src/dbs/options.rs:357:45:
called `Option::unwrap()` on a `None` value
stack backtrace:
   0:        0x1014415b8 - __mh_execute_header
   1:        0x1010b91d8 - __mh_execute_header
   2:        0x101417d58 - __mh_execute_header
   3:        0x101442680 - __mh_execute_header
   4:        0x1014422d4 - __mh_execute_header
   5:        0x101443338 - __mh_execute_header
   6:        0x101442dd4 - __mh_execute_header
   7:        0x101442d64 - __mh_execute_header
   8:        0x101442d58 - __mh_execute_header
   9:        0x1023ba1e4 - __ZN7rocksdb6ribbon6detail34BandingConfigHelper1MaybeSupportedILNS0_25ConstructionFailureChanceE1ELy128ELb0ELb0ELb1EE11GetNumSlotsEj
  10:        0x1023ba30c - __ZN7rocksdb6ribbon6detail34BandingConfigHelper1MaybeSupportedILNS0_25ConstructionFailureChanceE1ELy128ELb0ELb0ELb1EE11GetNumSlotsEj
  11:        0x1023ba5b4 - __ZN7rocksdb6ribbon6detail34BandingConfigHelper1MaybeSupportedILNS0_25ConstructionFailureChanceE1ELy128ELb0ELb0ELb1EE11GetNumSlotsEj
  12:        0x100cbbc6c - __mh_execute_header
  13:        0x100ce10ac - __mh_execute_header
  14:        0x100bf3b04 - __mh_execute_header
  15:        0x100c44270 - __mh_execute_header
  16:        0x100c43428 - __mh_execute_header
  17:        0x100c6c6ec - __mh_execute_header
  18:        0x100c6fe10 - __mh_execute_header
  19:        0x100f7f670 - __mh_execute_header
  20:        0x100e3787c - __mh_execute_header
  21:        0x101dd637c - __mh_execute_header
  22:        0x101dd9ad4 - __mh_execute_header
  23:        0x101dc95ac - __mh_execute_header
  24:        0x101dc9338 - __mh_execute_header
  25:        0x101445294 - __mh_execute_header
  26:        0x182a6ef94 - __pthread_joiner_wake
zsh: abort      RUST_BACKTRACE=full surreal start --auth -u root -p toor

Client side:

% surreal sql -u root -p toor --pretty

#
#  Welcome to the SurrealDB SQL shell
#
#  How to use this shell:
#    - Different statements within a query should be separated by a (;) semicolon.
#    - To create a multi-line query, end your lines with a (\) backslash, and press enter.
#    - To exit, send a SIGTERM or press CTRL+C
#
#  Consult https://surrealdb.com/docs/cli/sql for further instructions
#
#  SurrealDB version: 1.5.0
#

> define ns foo

-- Query 1 (execution time: 540.708µs)
NONE

> remove ns foo

There was a problem with the database: Internal error: receiving on a closed channel

Additional Info:

1. The issue also happens when using http REST method /sql
2. The root user with role EDITOR is able to crash the server
3. The root user with role VIEWER is unable to trigger the bug
4. An NS user with role OWNER is unable to trigger the bug

Therefore the security implications are minor, as only someone with root access as either OWNER or EDITOR can trigger the bug, and creating a denial of service with root access doesn't require a bug.

---

Illustration 1: The issue also happens when using http REST method /sql

Step 1. Attempt to remove namespace (existing one or not)

% curl -X POST http://localhost:8000/sql -H "Accept: application/json" -d 'remove ns foo' -u 'root:toor'

curl: (52) Empty reply from server

Result: SurrealDB crashes

---

Illustration 2: The root user with role EDITOR is able to crash the server

Step 1. Create a root user with role EDITOR

% curl -X POST http://localhost:8000/sql -H "Accept: application/json" -d 'define user be on root password "eb" roles editor;' -u 'root:toor'

[{"result":null,"status":"OK","time":"142.792µs"}]%

Step 2. Use that user to attempt to remove a namespace (existing namespace or not)

% curl -X POST http://localhost:8000/sql -H "Accept: application/json" -d 'remove ns foo' -u 'be:eb'

curl: (52) Empty reply from server

Result: SurrealDB crashes

---

Illustration 3: The root user with role VIEWER is unable to trigger the bug

Step 1. Create a root user with role VIEWER

% curl -X POST http://localhost:8000/sql -H "Accept: application/json" -d 'define user we on root password "ew" roles viewer;' -u 'root:toor'

[{"result":null,"status":"OK","time":"158.917µs"}]%

Step 2. Use that user to attempt to remove a namespace (existing namespace or not)

% curl -X POST http://localhost:8000/sql -H "Accept: application/json" -d 'remove ns foo' -u 'we:ew'

[{"result":"IAM error: Not enough permissions to perform this action","status":"ERR","time":"144.25µs"}]%

Result: SurrealDB rejects attempt

---

Illustration 4: An NS user with role OWNER is unable to trigger the bug

Step 1. Create a namespace

% curl -X POST http://localhost:8000/sql -H "Accept: application/json" -H "NS: foo" -d 'define ns foo' -u 'root:toor'

[{"result":null,"status":"OK","time":"193.542µs"}]%

Step 2. Create a namespace user with role OWNER

 % curl -X POST http://localhost:8000/sql -H "Accept: application/json" -H "NS: foo" -d 'define user me on ns password "em" roles owner;' -u 'root:toor'

[{"result":null,"status":"OK","time":"167.125µs"}]%

Step 3. Use that user to attempt to remove a namespace (existing namespace or not)

% curl -X POST http://localhost:8000/sql -H "Accept: application/json" -H "NS: foo" -d 'remove ns foo' -u 'me:em'

[{"result":"IAM error: Not enough permissions to perform this action","status":"ERR","time":"110.417µs"}]%

Result: SurrealDB rejects attempt