Bug Report: corrupted double-linked list

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug Report: corrupted double-linked list

Daniel Espinosa
I'm current maintainer of GDA[1], I've updated embbeded version of SQLite
to 3.25.2, but I found an issue with a segfault due to a "corrupted
double-linked list".

In order to reproduce it:

a) Checkout libgda from its respository[1]

b) compile using its meson:
$ meson _build
$ cd _build
$ ninja
$ meson test Virtual --repeat 100 --gdb

Last command runs a unit tests called Virtual, it run it 100 times in a GDB
session, you may need to repeat the operation or increase number upto 200
times.

GDB will stop at segfault.

This is the latest backtrace:

corrupted double-linked list

Thread 1 "check_virtual" received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51    ../sysdeps/unix/sysv/linux/raise.c: No existe el archivo o el
directorio.
Una sesión de depuración está activa.

    Inferior 1 [process 16743] will be killed.

¿Salir de cualquier modo? (y or n) n
No confirmado.
(gdb) bt
#0  0x00007ffff701de97 in __GI_raise (sig=sig@entry=6) at
../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff701f801 in __GI_abort () at abort.c:79
#2  0x00007ffff7068897 in __libc_message (action=action@entry=do_abort,
fmt=fmt@entry=0x7ffff7195b9a "%s\n")
    at ../sysdeps/posix/libc_fatal.c:181
#3  0x00007ffff706f90a in malloc_printerr (str=str@entry=0x7ffff7193cba
"corrupted double-linked list")
    at malloc.c:5350
#4  0x00007ffff706fac4 in malloc_consolidate (av=av@entry=0x7fffe4000020)
at malloc.c:4456
#5  0x00007ffff707703b in _int_free (have_lock=0, p=<optimized out>,
av=0x7fffe4000020) at malloc.c:4362
#6  0x00007ffff707703b in __GI___libc_free (mem=0x7fffe404d000) at
malloc.c:3124
#7  0x00007ffff7a749d3 in sqlite3MemFree (pPrior=0x7fffe404d008)
    at ../libgda/sqlite/sqlite-src/sqlite3.c:22612
#8  0x00007ffff7a755b4 in sqlite3_free (p=0x7fffe404d008) at
../libgda/sqlite/sqlite-src/sqlite3.c:26528
#9  0x00007ffff7a84566 in pcache1EnforceMaxPage (pCache=0x7fffe4082f48)
    at ../libgda/sqlite/sqlite-src/sqlite3.c:48783
#10 0x00007ffff7a84fdc in pcache1Destroy (p=0x7fffe4082f48) at
../libgda/sqlite/sqlite-src/sqlite3.c:49322
#11 0x00007ffff7a83761 in sqlite3PcacheClose (pCache=0x7fffe40085d8)
#12 0x00007ffff7a891ab in sqlite3PagerClose (pPager=0x7fffe40084a8,
db=0x7fffe409a408)
    at ../libgda/sqlite/sqlite-src/sqlite3.c:54278
#13 0x00007ffff7a94fae in sqlite3BtreeClose (p=0x7fffe40775b8) at
../libgda/sqlite/sqlite-src/sqlite3.c:65325
#14 0x00007ffff7b22acb in sqlite3LeaveMutexAndCloseZombie
(db=0x7fffe409a408)
    at ../libgda/sqlite/sqlite-src/sqlite3.c:152945
#15 0x00007ffff7b229eb in sqlite3Close (db=0x7fffe409a408, forceZombie=0)
    at ../libgda/sqlite/sqlite-src/sqlite3.c:152888
#16 0x00007ffff7b22a0f in sqlite3_close (db=0x7fffe409a408) at
../libgda/sqlite/sqlite-src/sqlite3.c:152901
#17 0x00007ffff7a69ff0 in gda_sqlite_free_cnc_data (cdata=0x7fffe407de20)
    at ../libgda/sqlite/gda-sqlite-provider.c:4209
#18 0x00007ffff7a23817 in stage2_close_connection (cnc=0x7fffe40089f0,
result=0x1)
    at ../libgda/gda-server-provider.c:2286
#19 0x00007ffff7a23a33 in _gda_server_provider_close_connection
(provider=0x7fffe40656d0, cnc=0x7fffe40089f0, error=0x0) at
../libgda/gda-server-provider.c:2343
#20 0x00007ffff79a90be in gda_connection_close (cnc=0x7fffe40089f0,
error=0x0)
    at ../libgda/gda-connection.c:1547
#21 0x00007ffff7b26d4c in gda_vconnection_data_model_dispose
(object=0x7fffe40089f0)

--
This electronic message may contain privileged and confidential information
intended only for the use of the addressees named above.  If you are not
the intended recipient of this email, we kindly ask you to delete this
message and any attachment. You are hereby notified that any use,
dissemination, distribution, reproduction of this email is prohibited.  If
you have received this email in error, please notify sender immediately.

Any document, image or any other form of electronic representation of any
work attached to this email, is suitable to be protected by copyright
enforcement by applicable law in your or sender's Country's and
International Legislation

Trabajar, la mejor arma para tu superación
"de grano en grano, se hace la arena" (R) (en trámite, pero para los
cuates: LIBRE)
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Bug Report: corrupted double-linked list

Richard Hipp-3
On 10/9/18, Daniel Espinosa <[hidden email]> wrote:
> I'm current maintainer of GDA[1], I've updated embbeded version of SQLite
> to 3.25.2, but I found an issue with a segfault due to a "corrupted
> double-linked list".

Heap corruption like this is most often the result of bugs in the
application and SQLite just happened to be the unlucky library to
first stumble over it.  Have you tried running your test under
valgrind, or some other memory validator, to locate the origin of the
error?  Does the error originate with SQLite, or in some other part of
the application?


>
> In order to reproduce it:
>
> a) Checkout libgda from its respository[1]
>
> b) compile using its meson:
> $ meson _build
> $ cd _build
> $ ninja
> $ meson test Virtual --repeat 100 --gdb
>
> Last command runs a unit tests called Virtual, it run it 100 times in a GDB
> session, you may need to repeat the operation or increase number upto 200
> times.
>
> GDB will stop at segfault.
>
> This is the latest backtrace:
>
> corrupted double-linked list
>
> Thread 1 "check_virtual" received signal SIGABRT, Aborted.
> __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
> 51    ../sysdeps/unix/sysv/linux/raise.c: No existe el archivo o el
> directorio.
> Una sesión de depuración está activa.
>
>     Inferior 1 [process 16743] will be killed.
>
> ¿Salir de cualquier modo? (y or n) n
> No confirmado.
> (gdb) bt
> #0  0x00007ffff701de97 in __GI_raise (sig=sig@entry=6) at
> ../sysdeps/unix/sysv/linux/raise.c:51
> #1  0x00007ffff701f801 in __GI_abort () at abort.c:79
> #2  0x00007ffff7068897 in __libc_message (action=action@entry=do_abort,
> fmt=fmt@entry=0x7ffff7195b9a "%s\n")
>     at ../sysdeps/posix/libc_fatal.c:181
> #3  0x00007ffff706f90a in malloc_printerr (str=str@entry=0x7ffff7193cba
> "corrupted double-linked list")
>     at malloc.c:5350
> #4  0x00007ffff706fac4 in malloc_consolidate (av=av@entry=0x7fffe4000020)
> at malloc.c:4456
> #5  0x00007ffff707703b in _int_free (have_lock=0, p=<optimized out>,
> av=0x7fffe4000020) at malloc.c:4362
> #6  0x00007ffff707703b in __GI___libc_free (mem=0x7fffe404d000) at
> malloc.c:3124
> #7  0x00007ffff7a749d3 in sqlite3MemFree (pPrior=0x7fffe404d008)
>     at ../libgda/sqlite/sqlite-src/sqlite3.c:22612
> #8  0x00007ffff7a755b4 in sqlite3_free (p=0x7fffe404d008) at
> ../libgda/sqlite/sqlite-src/sqlite3.c:26528
> #9  0x00007ffff7a84566 in pcache1EnforceMaxPage (pCache=0x7fffe4082f48)
>     at ../libgda/sqlite/sqlite-src/sqlite3.c:48783
> #10 0x00007ffff7a84fdc in pcache1Destroy (p=0x7fffe4082f48) at
> ../libgda/sqlite/sqlite-src/sqlite3.c:49322
> #11 0x00007ffff7a83761 in sqlite3PcacheClose (pCache=0x7fffe40085d8)
> #12 0x00007ffff7a891ab in sqlite3PagerClose (pPager=0x7fffe40084a8,
> db=0x7fffe409a408)
>     at ../libgda/sqlite/sqlite-src/sqlite3.c:54278
> #13 0x00007ffff7a94fae in sqlite3BtreeClose (p=0x7fffe40775b8) at
> ../libgda/sqlite/sqlite-src/sqlite3.c:65325
> #14 0x00007ffff7b22acb in sqlite3LeaveMutexAndCloseZombie
> (db=0x7fffe409a408)
>     at ../libgda/sqlite/sqlite-src/sqlite3.c:152945
> #15 0x00007ffff7b229eb in sqlite3Close (db=0x7fffe409a408, forceZombie=0)
>     at ../libgda/sqlite/sqlite-src/sqlite3.c:152888
> #16 0x00007ffff7b22a0f in sqlite3_close (db=0x7fffe409a408) at
> ../libgda/sqlite/sqlite-src/sqlite3.c:152901
> #17 0x00007ffff7a69ff0 in gda_sqlite_free_cnc_data (cdata=0x7fffe407de20)
>     at ../libgda/sqlite/gda-sqlite-provider.c:4209
> #18 0x00007ffff7a23817 in stage2_close_connection (cnc=0x7fffe40089f0,
> result=0x1)
>     at ../libgda/gda-server-provider.c:2286
> #19 0x00007ffff7a23a33 in _gda_server_provider_close_connection
> (provider=0x7fffe40656d0, cnc=0x7fffe40089f0, error=0x0) at
> ../libgda/gda-server-provider.c:2343
> #20 0x00007ffff79a90be in gda_connection_close (cnc=0x7fffe40089f0,
> error=0x0)
>     at ../libgda/gda-connection.c:1547
> #21 0x00007ffff7b26d4c in gda_vconnection_data_model_dispose
> (object=0x7fffe40089f0)
>
> --
> This electronic message may contain privileged and confidential information
> intended only for the use of the addressees named above.  If you are not
> the intended recipient of this email, we kindly ask you to delete this
> message and any attachment. You are hereby notified that any use,
> dissemination, distribution, reproduction of this email is prohibited.  If
> you have received this email in error, please notify sender immediately.
>
> Any document, image or any other form of electronic representation of any
> work attached to this email, is suitable to be protected by copyright
> enforcement by applicable law in your or sender's Country's and
> International Legislation
>
> Trabajar, la mejor arma para tu superación
> "de grano en grano, se hace la arena" (R) (en trámite, pero para los
> cuates: LIBRE)
> _______________________________________________
> sqlite-users mailing list
> [hidden email]
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
>


--
D. Richard Hipp
[hidden email]
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Bug Report: corrupted double-linked list

Daniel Espinosa
Thanks for the response.

Until now I just used GDB, cause is easy on Meson.  I will try with
Valgrind, but I will be slow until I find a way to reproduce the problem.

Just take the desition to report this bug, because just the issue trace the
fault deeply in the SQLite secuence of destruction, but any way, I will
check if the issue is in related on multi-threading destruction in GDA.

El mié., 10 de octubre de 2018 5:46, Richard Hipp <[hidden email]> escribió:

> On 10/9/18, Daniel Espinosa <[hidden email]> wrote:
> > I'm current maintainer of GDA[1], I've updated embbeded version of SQLite
> > to 3.25.2, but I found an issue with a segfault due to a "corrupted
> > double-linked list".
>
> Heap corruption like this is most often the result of bugs in the
> application and SQLite just happened to be the unlucky library to
> first stumble over it.  Have you tried running your test under
> valgrind, or some other memory validator, to locate the origin of the
> error?  Does the error originate with SQLite, or in some other part of
> the application?
>
>
> >
> > In order to reproduce it:
> >
> > a) Checkout libgda from its respository[1]
> >
> > b) compile using its meson:
> > $ meson _build
> > $ cd _build
> > $ ninja
> > $ meson test Virtual --repeat 100 --gdb
> >
> > Last command runs a unit tests called Virtual, it run it 100 times in a
> GDB
> > session, you may need to repeat the operation or increase number upto 200
> > times.
> >
> > GDB will stop at segfault.
> >
> > This is the latest backtrace:
> >
> > corrupted double-linked list
> >
> > Thread 1 "check_virtual" received signal SIGABRT, Aborted.
> > __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
> > 51    ../sysdeps/unix/sysv/linux/raise.c: No existe el archivo o el
> > directorio.
> > Una sesión de depuración está activa.
> >
> >     Inferior 1 [process 16743] will be killed.
> >
> > ¿Salir de cualquier modo? (y or n) n
> > No confirmado.
> > (gdb) bt
> > #0  0x00007ffff701de97 in __GI_raise (sig=sig@entry=6) at
> > ../sysdeps/unix/sysv/linux/raise.c:51
> > #1  0x00007ffff701f801 in __GI_abort () at abort.c:79
> > #2  0x00007ffff7068897 in __libc_message (action=action@entry=do_abort,
> > fmt=fmt@entry=0x7ffff7195b9a "%s\n")
> >     at ../sysdeps/posix/libc_fatal.c:181
> > #3  0x00007ffff706f90a in malloc_printerr (str=str@entry=0x7ffff7193cba
> > "corrupted double-linked list")
> >     at malloc.c:5350
> > #4  0x00007ffff706fac4 in malloc_consolidate (av=av@entry
> =0x7fffe4000020)
> > at malloc.c:4456
> > #5  0x00007ffff707703b in _int_free (have_lock=0, p=<optimized out>,
> > av=0x7fffe4000020) at malloc.c:4362
> > #6  0x00007ffff707703b in __GI___libc_free (mem=0x7fffe404d000) at
> > malloc.c:3124
> > #7  0x00007ffff7a749d3 in sqlite3MemFree (pPrior=0x7fffe404d008)
> >     at ../libgda/sqlite/sqlite-src/sqlite3.c:22612
> > #8  0x00007ffff7a755b4 in sqlite3_free (p=0x7fffe404d008) at
> > ../libgda/sqlite/sqlite-src/sqlite3.c:26528
> > #9  0x00007ffff7a84566 in pcache1EnforceMaxPage (pCache=0x7fffe4082f48)
> >     at ../libgda/sqlite/sqlite-src/sqlite3.c:48783
> > #10 0x00007ffff7a84fdc in pcache1Destroy (p=0x7fffe4082f48) at
> > ../libgda/sqlite/sqlite-src/sqlite3.c:49322
> > #11 0x00007ffff7a83761 in sqlite3PcacheClose (pCache=0x7fffe40085d8)
> > #12 0x00007ffff7a891ab in sqlite3PagerClose (pPager=0x7fffe40084a8,
> > db=0x7fffe409a408)
> >     at ../libgda/sqlite/sqlite-src/sqlite3.c:54278
> > #13 0x00007ffff7a94fae in sqlite3BtreeClose (p=0x7fffe40775b8) at
> > ../libgda/sqlite/sqlite-src/sqlite3.c:65325
> > #14 0x00007ffff7b22acb in sqlite3LeaveMutexAndCloseZombie
> > (db=0x7fffe409a408)
> >     at ../libgda/sqlite/sqlite-src/sqlite3.c:152945
> > #15 0x00007ffff7b229eb in sqlite3Close (db=0x7fffe409a408, forceZombie=0)
> >     at ../libgda/sqlite/sqlite-src/sqlite3.c:152888
> > #16 0x00007ffff7b22a0f in sqlite3_close (db=0x7fffe409a408) at
> > ../libgda/sqlite/sqlite-src/sqlite3.c:152901
> > #17 0x00007ffff7a69ff0 in gda_sqlite_free_cnc_data (cdata=0x7fffe407de20)
> >     at ../libgda/sqlite/gda-sqlite-provider.c:4209
> > #18 0x00007ffff7a23817 in stage2_close_connection (cnc=0x7fffe40089f0,
> > result=0x1)
> >     at ../libgda/gda-server-provider.c:2286
> > #19 0x00007ffff7a23a33 in _gda_server_provider_close_connection
> > (provider=0x7fffe40656d0, cnc=0x7fffe40089f0, error=0x0) at
> > ../libgda/gda-server-provider.c:2343
> > #20 0x00007ffff79a90be in gda_connection_close (cnc=0x7fffe40089f0,
> > error=0x0)
> >     at ../libgda/gda-connection.c:1547
> > #21 0x00007ffff7b26d4c in gda_vconnection_data_model_dispose
> > (object=0x7fffe40089f0)
> >
> > --
> > This electronic message may contain privileged and confidential
> information
> > intended only for the use of the addressees named above.  If you are not
> > the intended recipient of this email, we kindly ask you to delete this
> > message and any attachment. You are hereby notified that any use,
> > dissemination, distribution, reproduction of this email is prohibited.
> If
> > you have received this email in error, please notify sender immediately.
> >
> > Any document, image or any other form of electronic representation of any
> > work attached to this email, is suitable to be protected by copyright
> > enforcement by applicable law in your or sender's Country's and
> > International Legislation
> >
> > Trabajar, la mejor arma para tu superación
> > "de grano en grano, se hace la arena" (R) (en trámite, pero para los
> > cuates: LIBRE)
> > _______________________________________________
> > sqlite-users mailing list
> > [hidden email]
> > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
> >
>
>
> --
> D. Richard Hipp
> [hidden email]
>
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Bug Report: corrupted double-linked list

Dominique Pellé
Daniel Espinosa <[hidden email]> wrote:

> Thanks for the response.
>
> Until now I just used GDB, cause is easy on Meson.  I will try with
> Valgrind, but I will be slow until I find a way to reproduce the problem.
>
> Just take the desition to report this bug, because just the issue trace the
> fault deeply in the SQLite secuence of destruction, but any way, I will
> check if the issue is in related on multi-threading destruction in GDA.

Alternatively to valgrind, build your app and SQLite by adding
-fsanitize=address (assuming you use gcc or clang) and rerun
the test normally. It's likely that it will then pinpoint to the
problem in your application rather than in SQLite.

Dominique
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users