Re: [Evolution] [sqlite] Segfault with Evolution and patched SQLite 3.8.7.4 (was: Bus error with Evolution 3.12.9 and SQLite 3.8.7.4)



Am Dienstag, den 30.12.2014, 16:15 +0100 schrieb Paul Menzel:
Am Dienstag, den 30.12.2014, 08:21 -0500 schrieb Richard Hipp:
On Mon, Dec 29, 2014 at 10:37 AM, László Böszörményi (GCS) wrote:

it’s not obvious that these might cause such a regression.

I'm the maintainer of SQLite3 in Debian and can't reproduce it on
AMD64. Even if I've a local mailbox, normal IMAP4 ones and some from
GMail. OK, other than the updated SQLite3 library I run on a clean
Jessie.

Our latest theory is that the problem only arises when /var/tmp runs out of
space.

That seems to be a reasonable theory. Looking at `~/.bash_history` I
indeed cleaned up `/var/crash/1300`, where my core dump files are stored
by corekeeper [1], and only downgraded to SQLite 3.8.7.1 afterward.

Upgrading to SQLite 3.8.7.4 again I am unable to reproduce the crash
with 2 GB free space on the partition `/var`.

I’ll rebuild SQLite now with the fix applied [2] and try to reproduce
the issue by filling up `/var` intentionally.

With still around 1.3 GB free on the partition mounted to `/var/`,
Evolution crashed with the f received the following segmentation fault
today.

        0xb3f9af51 in sqlite3Strlen30 (z=0x18 <error: Cannot access memory at address 0x18>) at 
sqlite3.c:22902

Here is part of the backtrace.

        Thread 54 (Thread 0xa24feb40 (LWP 3581)):
        #0  0xb7fdcd3c in __kernel_vsyscall ()
        No symbol table info available.
        #1  0xb7cb5fdf in fsync () at ../sysdeps/unix/syscall-template.S:81
        No locals.
        #2  0xb3f9cde9 in full_fsync (fullSync=0, dataOnly=0, fd=<optimized out>) at sqlite3.c:28292
                rc = <optimized out>
        #3  unixSync (id=0xa14e4b00, flags=2) at sqlite3.c:28381
                rc = <optimized out>
                pFile = 0xa14e4b00
                isDataOnly = 0
                isFullsync = 0
        #4  0xb7ad33d6 in call_old_file_Sync (flags=<optimized out>, cFile=<optimized out>) at camel-db.c:66
        No locals.
        #5  sync_request_thread_cb (task_data=0xa132c4d8, null_data=0x0) at camel-db.c:92
                sync_data = 0xa132c4d8
                done = <optimized out>
        #6  0xb52d7e64 in g_thread_pool_thread_proxy (data=0x81a73958) at 
/build/glib2.0-EvFudu/glib2.0-2.42.1/./glib/gthreadpool.c:307
                task = 0xa132c4d8
        #7  0xb52d73da in g_thread_proxy (data=0x890b0230) at 
/build/glib2.0-EvFudu/glib2.0-2.42.1/./glib/gthread.c:764
        No locals.
        #8  0xb7caeefb in start_thread (arg=0xa24feb40) at pthread_create.c:309
                __res = <optimized out>
                pd = 0xa24feb40
                now = <optimized out>
                unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1211363328, -1571820736, 4001536, -1571823064, 
-643453236, -742727961}, 
                      mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 
0x0, canceltype = 0}}}
                not_first_call = <optimized out>
                pagesize_m1 = <optimized out>
                sp = <optimized out>
                freesize = <optimized out>
                __PRETTY_FUNCTION__ = "start_thread"
        #9  0xb51a6dfe in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:129
        No locals.

        Thread 53 (Thread 0xa7e04b40 (LWP 3576)):
        #0  0xb3f9af51 in sqlite3Strlen30 (z=0x18 <error: Cannot access memory at address 0x18>) at 
sqlite3.c:22902
                z2 = 0x18 <error: Cannot access memory at address 0x18>
        #1  sqlite3VXPrintf (pAccum=pAccum entry=0xa7e03e30, bFlags=bFlags entry=0, fmt=0xb400f0f8 "s", 
ap=0xa7e03e90 "\003") at sqlite3.c:21385
                c = <optimized out>
                bufpt = 0x18 <error: Cannot access memory at address 0x18>
                precision = <optimized out>
                length = <optimized out>
                idx = <optimized out>
                width = <optimized out>
                flag_leftjustify = 0 '\000'
                flag_plussign = 24 '\030'
                flag_blanksign = 0 '\000'
                flag_alternateform = 0 '\000'
                flag_altform2 = 0 '\000'
                flag_zeropad = 0 '\000'
                flag_long = 0 '\000'
                flag_longlong = 0 '\000'
                done = <optimized out>
                xtype = 6 '\006'
                bArgList = 0 '\000'
                useIntern = 0 '\000'
                prefix = <optimized out>
                longvalue = <optimized out>
                realvalue = <optimized out>
                infop = <optimized out>
                zOut = <optimized out>
                nOut = <optimized out>
                zExtra = 0x0
                exp = <optimized out>
                e2 = <optimized out>
                nsd = <optimized out>
                rounder = <optimized out>
                flag_dp = <optimized out>
                flag_rtz = <optimized out>
                pArgList = 0x0
                buf = 
"\203\210,\000\000\000\066W+\265\001\000\000\000$\000\000\000\271\231\264\267\234\361)\265\003\000\000\000(\034\021\254\020\000\020\254\000@&\265\020\000\020\254\220\302\021\254\210(\253\201\214\022\023\265\310W\247\201E\n\270\251\371M(\265"
        #2  0xb3f9b7d5 in sqlite3_vsnprintf (n=512, zBuf=0xa7e03e9b "\265", zFormat=0xb400f0f7 "%s", 
ap=0xa7e03e8c "\030") at sqlite3.c:21731
                acc = {db = 0x0, zBase = 0xa7e03e9b "\265", zText = 0xa7e03e9b "\265", nChar = 0, nAlloc = 
512, mxAlloc = 0, useMalloc = 0 '\000', 
                  accError = 0 '\000'}
                ap = 0xa7e03e8c "\030"
                zFormat = 0xb400f0f7 "%s"
                zBuf = 0xa7e03e9b "\265"
                n = 512
        #3  0xb3f9b825 in sqlite3_snprintf (n=512, zBuf=0xa7e03e9b "\265", zFormat=0xb400f0f7 "%s") at 
sqlite3.c:21738
                z = 0x18 <error: Cannot access memory at address 0x18>
                ap = 0xa7e03e8c "\030"
        #4  0xb3f9c387 in openDirectory (zFilename=0x18 <error: Cannot access memory at address 0x18>, 
pFd=0xa7e040c8) at sqlite3.c:28334
                ii = <optimized out>
                fd = -1
                zDirname = 
"\265\000\000\071\265\210\005\071\265\001\000\000\000\240?ȟ\037\322,\265\210\005\071\265x\000\000\000\000\000\000\000K\324,\265\000\000\071\265\000\000\000\000\b\000\000\000\230\022i\216\240\000\000\000:;˷\000\000\071\265\330\345)\265\b\v\264\254\344L\260T;\321,\265x\026\274\267\016}\003\000\000\000\000\000\211`/\265\b\v\264\254\b\v\264\254\000\000\000\000\000\000\000\000t\v\000\000\210\005\071\265\000\000\000\000\271\345)\265\000\340>\265\000\000\000\000\b\v\264\254\062?\000\000\025\006\023\265p\256\000\200\b\v\264\254\204\305\a\000t\v\000\000W\354*\265\000\000\071\265\002\000\000\000\020\000\000\000\003\000\000\000\250\372\017\211
 D&\265 2:\265\360\265\020\211:"...
        #5  0xb3f9ce21 in unixSync (id=0xacbe7898, flags=2) at sqlite3.c:28396
                dirfd = 668585276
                rc = <optimized out>
                pFile = 0xacbe7898
                isDataOnly = 0
                isFullsync = 0
        #6  0xb7ad33d6 in call_old_file_Sync (flags=<optimized out>, cFile=<optimized out>) at camel-db.c:66
        No locals.
        #7  sync_request_thread_cb (task_data=0x860d9d88, null_data=0x0) at camel-db.c:92
                sync_data = 0x860d9d88
                done = <optimized out>
        #8  0xb52d7e64 in g_thread_pool_thread_proxy (data=0x81a73958) at 
/build/glib2.0-EvFudu/glib2.0-2.42.1/./glib/gthreadpool.c:307
                task = 0x860d9d88
        #9  0xb52d73da in g_thread_proxy (data=0x89118e90) at 
/build/glib2.0-EvFudu/glib2.0-2.42.1/./glib/gthread.c:764
        No locals.
        #10 0xb7caeefb in start_thread (arg=0xa7e04b40) at pthread_create.c:309
                __res = <optimized out>
                pd = 0xa7e04b40
                now = <optimized out>
                unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1211363328, -1478472896, 4001536, -1478475224, 
-2031767865, -742727961}, 
                      mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 
0x0, canceltype = 0}}}
                not_first_call = <optimized out>
                pagesize_m1 = <optimized out>
                sp = <optimized out>
                freesize = <optimized out>
                __PRETTY_FUNCTION__ = "start_thread"
        #11 0xb51a6dfe in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:129
        No locals.
        
        Thread 51 (Thread 0x972ffb40 (LWP 3574)):
        #0  0xb7fdcd3c in __kernel_vsyscall ()
        No symbol table info available.
        #1  0xb7cb59fb in read () at ../sysdeps/unix/syscall-template.S:81
        No locals.
        #2  0xb3f8d76c in seekAndRead (id=0x81e43980, id=0x81e43980, cnt=1024, pBuf=0x8e6d9ac0, 
offset=23846912) at sqlite3.c:27963
                got = <optimized out>
                prior = 0
                newOffset = <optimized out>
        #3  unixRead (id=0x81e43980, pBuf=0x8e6d9ac0, amt=1024, offset=<optimized out>) at sqlite3.c:28027
                pFile = 0x81e43980
        #4  0xb7ad31c2 in camel_sqlite3_file_xRead (pFile=0x81e46b50, pBuf=0x8e6d9ac0, iAmt=1024, 
iOfst=23846912) at camel-db.c:211
                cFile = 0x81e46b50
        #5  0xb3f86517 in sqlite3OsRead (offset=23846912, amt=1024, pBuf=<optimized out>, id=<optimized out>) 
at sqlite3.c:15971
        No locals.
        #6  readDbPage (pPg=pPg entry=0x8e6d9ee0, iFrame=<optimized out>) at sqlite3.c:43754
                iOffset = 23846912
                pPager = 0x81e46a48
                pgno = 23289
                rc = 0
                pgsz = 1024
        #7  0xb3fa15ab in sqlite3PagerAcquire (pPager=0x81e46a48, pgno=pgno entry=23289, ppPage=0x972fe8b8, 
flags=2) at sqlite3.c:46275
                rc = <optimized out>
                pPg = <optimized out>
                iFrame = 0
                noContent = 0
                bMmapOk = <optimized out>
        #8  0xb3fa199f in btreeGetPage (pBt=0x81e43920, pgno=23289, ppPage=0x972fe908, flags=2) at 
sqlite3.c:53852
                rc = <optimized out>
                pDbPage = 0x8e6d9ee0
        #9  0xb3fa6f9c in getAndInitPage (pBt=<optimized out>, pgno=<optimized out>, ppPage=0x972fe908, 
bReadonly=2) at sqlite3.c:53907
                rc = <optimized out>
        #10 0xb3fa701d in moveToChild (pCur=pCur entry=0xa1374b90, newPgno=<optimized out>) at sqlite3.c:56565
                rc = <optimized out>
                i = 2
                pNewPage = 0xb4044cf8
                pBt = <optimized out>
        #11 0xb3fa7162 in moveToLeftmost (pCur=0xa1374b90) at sqlite3.c:56738
                rc = 0
                pPage = <optimized out>
        #12 0xb3fc17c4 in btreeNext (pCur=0xa1374b90, pRes=0x972fea98) at sqlite3.c:57163
                rc = <optimized out>
                idx = <optimized out>
                pPage = <optimized out>
        #13 0xb3fe9c5d in sqlite3VdbeExec (p=p entry=0xa11fb160) at sqlite3.c:73688
                pC = 0xa1374b28
                res = 0
                pc = <optimized out>
                aOp = <optimized out>
                pOp = <optimized out>
                rc = 0
                db = <optimized out>
                resetSchemaOnFault = <optimized out>
                encoding = <optimized out>
                iCompare = <optimized out>
                nVmStep = <optimized out>
                nProgressLimit = <optimized out>
                aMem = <optimized out>
                pIn1 = <optimized out>
                pIn2 = <optimized out>
                pIn3 = <optimized out>
                pOut = <optimized out>
                aPermute = <optimized out>
                lastRowid = <optimized out>
        #14 0xb3ff146e in sqlite3Step (p=0xa11fb160) at sqlite3.c:67812
                db = 0x81e46408
                rc = <optimized out>
        #15 sqlite3_step (pStmt=0xa11fb160) at sqlite3.c:2342
                rc2 = 0
                cnt = 0
                db = <optimized out>
                rc = <optimized out>
                pStmt = <optimized out>
                v = <optimized out>
        #16 0xb3fdf85c in sqlite3_exec (db=0x81e46408, zSql=<optimized out>, xCallback=0xb7ad3490 
<read_uids_to_hash_callback>, pArg=0x88cb78b0, 
            pzErrMsg=0x972feda8) at sqlite3.c:99420
                i = <optimized out>
                nCol = 2
                azVals = <optimized out>
                rc = <optimized out>
                zLeftover = 0xa120c97d ""
                pStmt = 0xa11fb160
                azCols = 0xa1194358
                callbackIsInit = 1
        #17 0xb7ad2742 in cdb_sql_exec (db=0x81e46408, stmt=0xa120c960 "SELECT uid,flags FROM 'INBOX'", 
            callback=0xb7ad3490 <read_uids_to_hash_callback>, data=0x88cb78b0, error=0x972fee78) at 
camel-db.c:487
                errmsg = <optimized out>
                ret = -1
                retries = 0
        #18 0xb7ad46ec in camel_db_select (cdb=0x81afdf68, stmt=0xa120c960 "SELECT uid,flags FROM 'INBOX'", 
            callback=0xb7ad3490 <read_uids_to_hash_callback>, data=0x88cb78b0, error=0x972fee78) at 
camel-db.c:1075
                ret = -1591686816
                __FUNCTION__ = "camel_db_select"
        #19 0xb7ad4877 in camel_db_get_folder_uids (db=0x81afdf68, folder_name=0xa1385828 "INBOX", 
sort_by=0x0, collate=0x0, hash=0x88cb78b0, 
            error=0x972fee78) at camel-db.c:1142
                sel_query = 0xa120c960 "SELECT uid,flags FROM 'INBOX'"
                ret = <optimized out>
        #20 0xb7ae67e0 in camel_folder_summary_load_from_db (summary=0xa149e470, error=0x972feeb8) at 
camel-folder-summary.c:2441
                parent_store = 0x8e6d9ac0
                full_name = 0xa1385828 "INBOX"
                local_error = 0x0
                __FUNCTION__ = "camel_folder_summary_load_from_db"
        #21 0xab8d38fe in camel_imapx_summary_new (folder=0xa149e3a0) at camel-imapx-summary.c:357
                summary = 0xa149e470
                local_error = 0x0
        #22 0xab8ac1ff in camel_imapx_folder_new (store=0x81b92948, 
            folder_dir=0xac14eab0 "/home/joey/.cache/evolution/mail/1183830693 4215 64 
myasrock-e350m1/folders/INBOX", folder_name=0xa11943d8 "INBOX", 
            error=0x972fefd8) at camel-imapx-folder.c:1481
                folder = 0xa149e3a0
                service = 0x400
                settings = 0xa149e3a0
                imapx_folder = 0x81b92948
                short_name = 0x400 <error: Cannot access memory at address 0x400>
                filter_all = 0
                filter_inbox = 1
                filter_junk = 0
                filter_junk_inbox = 0
        #23 0xab8cefab in get_folder_offline (flags=<optimized out>, error=<optimized out>, 
folder_name=<optimized out>, store=<optimized out>)
            at camel-imapx-store.c:907
                folder_dir = 0xac14eab0 "/home/joey/.cache/evolution/mail/1183830693 4215 64 
myasrock-e350m1/folders/INBOX"
                imapx_store = 0x81b92948
                si = 0x400
                service = 0x400
                user_cache_dir = 0xac14eab0 "/home/joey/.cache/evolution/mail/1183830693 4215 64 
myasrock-e350m1/folders/INBOX"
        #24 imapx_store_get_folder_sync (store=0x81b92948, folder_name=0xa11943d8 "INBOX", flags=(unknown: 
0), cancellable=0xa16f9240, 
            error=0x972fefd8) at camel-imapx-store.c:1667
                settings = 0x81b92948
                use_real_junk_path = 1024
        #25 0xb7b3c133 in camel_store_get_folder_sync (store=0x81b92948, folder_name=<optimized out>, 
flags=<optimized out>, 
            cancellable=0xa16f9240, error=0x972ff0a8) at camel-store.c:1261
                local_error = 0x0
                folder = <optimized out>
                vjunk = 0x0
                vtrash = 0x0
                create_folder = <optimized out>
                folder_name_is_vjunk = 0
                folder_name_is_vtrash = 0
                store_uses_vjunk = <optimized out>
                store_uses_vtrash = 1
                __FUNCTION__ = "camel_store_get_folder_sync"
        #26 0xa9b7288f in e_mail_session_uri_to_folder_sync (session=0x81a5e0e0, 
            folder_uri=0xa14bd830 "folder://1183830693.4215.64%40myasrock-e350m1/INBOX", flags=(unknown: 0), 
cancellable=0xa16f9240, error=0x972ff0a8)
            at e-mail-session.c:2172
                store = 0x81b92948
                folder = 0xa14bd830
                folder_name = 0xa11943d8 "INBOX"
                success = 1024
                __FUNCTION__ = "e_mail_session_uri_to_folder_sync"
        #27 0xa99fd7ec in refresh_folders_exec (m=0x88843368, cancellable=0xa16f9240, error=0xa14bd830) at 
mail-send-recv.c:1025
                folder = 0xa14bd830
                i = 0
                local_error = 0x0
        #28 0xa9b7aa60 in mail_msg_proxy (msg=0x88843368) at mail-mt.c:373
                cancellable = 0xa16f9240
        #29 0xb52d7e64 in g_thread_pool_thread_proxy (data=0x89112438) at 
/build/glib2.0-EvFudu/glib2.0-2.42.1/./glib/gthreadpool.c:307
                task = 0x88843368
        #30 0xb52d73da in g_thread_proxy (data=0x89118ef0) at 
/build/glib2.0-EvFudu/glib2.0-2.42.1/./glib/gthread.c:764
        No locals.
        #31 0xb7caeefb in start_thread (arg=0x972ffb40) at pthread_create.c:309
                __res = <optimized out>
                pd = 0x972ffb40
                now = <optimized out>
                unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1211363328, -1758463168, 4001536, -1758465496, 
428191398, -742727961}, 
                      mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 
0x0, canceltype = 0}}}
                not_first_call = <optimized out>
                pagesize_m1 = <optimized out>
                sp = <optimized out>
                freesize = <optimized out>
                __PRETTY_FUNCTION__ = "start_thread"
        #32 0xb51a6dfe in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:129
        No locals.

Can you see from the given information, if this is related or a
different issue?


Thanks,

Paul


[1] https://packages.debian.org/corekeeper
[2] https://www.sqlite.org/src/info/776648412c30dce206f1024ff849c2cb025bb006

Attachment: signature.asc
Description: This is a digitally signed message part



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]