Re: [Evolution] [sqlite] Segfault with Evolution and patched SQLite 3.8.7.4 (was: Bus error with Evolution 3.12.9 and SQLite 3.8.7.4)
- From: Richard Hipp <drh sqlite org>
- To: General Discussion of SQLite Database <sqlite-users sqlite org>
- Cc: evolution-list gnome org
- Subject: Re: [Evolution] [sqlite] Segfault with Evolution and patched SQLite 3.8.7.4 (was: Bus error with Evolution 3.12.9 and SQLite 3.8.7.4)
- Date: Fri, 9 Jan 2015 21:04:57 -0500
On 1/9/15, Paul Menzel <paulepanter users sourceforge net> wrote:
Am Dienstag, den 30.12.2014, 16:15 +0100 schrieb Paul Menzel:
With still around 1.3 GB free on the partition mounted to `/var/`,
Evolution crashed with the f received the following segmentation fault
today.
Which build of SQLite are you using. What is SQLITE_SOURCE_ID?
Also, we have some new "sqlite3.c" and "sqlite3.h" files for the
upcoming 3.8.8 release. Can I encourage you to try them out.
0xb3f9af51 in sqlite3Strlen30 (z=0x18 <error: Cannot access memory
at address 0x18>) at sqlite3.c:22902
Thread 53 (Thread 0xa7e04b40 (LWP 3576)):
#0 0xb3f9af51 in sqlite3Strlen30 (z=0x18 <error: Cannot access
memory at address 0x18>) at sqlite3.c:22902
sqlite3Strlen30() is called with an invalid string pointer,
apparently. The sqlite3Strlen30() function is just a strlen()
implementation that returns int instead of size_t. Stack frames 0
through 5 look fine, except for the invalid string pointer, of coruse.
#5 0xb3f9ce21 in unixSync (id=0xacbe7898, flags=2) at
sqlite3.c:28396
dirfd = 668585276
rc = <optimized out>
pFile = 0xacbe7898
isDataOnly = 0
isFullsync = 0
The unixSync routine above calls frame 4 from
(https://www.sqlite.org/src/artifact/949cdedc74dbf3c1?ln=3589).
Apparently, pFile->zPath is an invalid pointer.
#6 0xb7ad33d6 in call_old_file_Sync (flags=<optimized out>,
cFile=<optimized out>) at camel-db.c:66
The pFile object with the invalid zPath field is a parameter to
unixSync(), and hence comes from call_old_file_Sync(), which is not a
part of the SQLite source tree. I don't have the sources to
camel-db.c so I cannot trace this any further. My guess (based on the
name of the function) is that camel-db.c is trying to "sync" an
sqlite3_file object that has been previously destroyed.
This appears to be completely unrelated to the previous issue. The
previous issue was that a file was not being extended correctly
because of a lack of disk space, so that a memcpy() into a mmap() of
that file segfaulted. That does not appear to be what is happening
here, unless I'm missing something.
No locals.
#7 sync_request_thread_cb (task_data=0x860d9d88, null_data=0x0) at
camel-db.c:92
sync_data = 0x860d9d88
done = <optimized out>
#8 0xb52d7e64 in g_thread_pool_thread_proxy (data=0x81a73958) at
/build/glib2.0-EvFudu/glib2.0-2.42.1/./glib/gthreadpool.c:307
task = 0x860d9d88
#9 0xb52d73da in g_thread_proxy (data=0x89118e90) at
/build/glib2.0-EvFudu/glib2.0-2.42.1/./glib/gthread.c:764
No locals.
#10 0xb7caeefb in start_thread (arg=0xa7e04b40) at
pthread_create.c:309
__res = <optimized out>
pd = 0xa7e04b40
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1211363328,
-1478472896, 4001536, -1478475224, -2031767865, -742727961},
mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0,
0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#11 0xb51a6dfe in clone () at
../sysdeps/unix/sysv/linux/i386/clone.S:129
No locals.
Thread 51 (Thread 0x972ffb40 (LWP 3574)):
#0 0xb7fdcd3c in __kernel_vsyscall ()
No symbol table info available.
#1 0xb7cb59fb in read () at ../sysdeps/unix/syscall-template.S:81
No locals.
#2 0xb3f8d76c in seekAndRead (id=0x81e43980, id=0x81e43980,
cnt=1024, pBuf=0x8e6d9ac0, offset=23846912) at sqlite3.c:27963
got = <optimized out>
prior = 0
newOffset = <optimized out>
#3 unixRead (id=0x81e43980, pBuf=0x8e6d9ac0, amt=1024,
offset=<optimized out>) at sqlite3.c:28027
pFile = 0x81e43980
#4 0xb7ad31c2 in camel_sqlite3_file_xRead (pFile=0x81e46b50,
pBuf=0x8e6d9ac0, iAmt=1024, iOfst=23846912) at camel-db.c:211
cFile = 0x81e46b50
#5 0xb3f86517 in sqlite3OsRead (offset=23846912, amt=1024,
pBuf=<optimized out>, id=<optimized out>) at sqlite3.c:15971
No locals.
#6 readDbPage (pPg=pPg entry=0x8e6d9ee0, iFrame=<optimized out>) at
sqlite3.c:43754
iOffset = 23846912
pPager = 0x81e46a48
pgno = 23289
rc = 0
pgsz = 1024
#7 0xb3fa15ab in sqlite3PagerAcquire (pPager=0x81e46a48,
pgno=pgno entry=23289, ppPage=0x972fe8b8, flags=2) at sqlite3.c:46275
rc = <optimized out>
pPg = <optimized out>
iFrame = 0
noContent = 0
bMmapOk = <optimized out>
#8 0xb3fa199f in btreeGetPage (pBt=0x81e43920, pgno=23289,
ppPage=0x972fe908, flags=2) at sqlite3.c:53852
rc = <optimized out>
pDbPage = 0x8e6d9ee0
#9 0xb3fa6f9c in getAndInitPage (pBt=<optimized out>,
pgno=<optimized out>, ppPage=0x972fe908, bReadonly=2) at sqlite3.c:53907
rc = <optimized out>
#10 0xb3fa701d in moveToChild (pCur=pCur entry=0xa1374b90,
newPgno=<optimized out>) at sqlite3.c:56565
rc = <optimized out>
i = 2
pNewPage = 0xb4044cf8
pBt = <optimized out>
#11 0xb3fa7162 in moveToLeftmost (pCur=0xa1374b90) at
sqlite3.c:56738
rc = 0
pPage = <optimized out>
#12 0xb3fc17c4 in btreeNext (pCur=0xa1374b90, pRes=0x972fea98) at
sqlite3.c:57163
rc = <optimized out>
idx = <optimized out>
pPage = <optimized out>
#13 0xb3fe9c5d in sqlite3VdbeExec (p=p entry=0xa11fb160) at
sqlite3.c:73688
pC = 0xa1374b28
res = 0
pc = <optimized out>
aOp = <optimized out>
pOp = <optimized out>
rc = 0
db = <optimized out>
resetSchemaOnFault = <optimized out>
encoding = <optimized out>
iCompare = <optimized out>
nVmStep = <optimized out>
nProgressLimit = <optimized out>
aMem = <optimized out>
pIn1 = <optimized out>
pIn2 = <optimized out>
pIn3 = <optimized out>
pOut = <optimized out>
aPermute = <optimized out>
lastRowid = <optimized out>
#14 0xb3ff146e in sqlite3Step (p=0xa11fb160) at sqlite3.c:67812
db = 0x81e46408
rc = <optimized out>
#15 sqlite3_step (pStmt=0xa11fb160) at sqlite3.c:2342
rc2 = 0
cnt = 0
db = <optimized out>
rc = <optimized out>
pStmt = <optimized out>
v = <optimized out>
#16 0xb3fdf85c in sqlite3_exec (db=0x81e46408, zSql=<optimized out>,
xCallback=0xb7ad3490 <read_uids_to_hash_callback>, pArg=0x88cb78b0,
pzErrMsg=0x972feda8) at sqlite3.c:99420
i = <optimized out>
nCol = 2
azVals = <optimized out>
rc = <optimized out>
zLeftover = 0xa120c97d ""
pStmt = 0xa11fb160
azCols = 0xa1194358
callbackIsInit = 1
#17 0xb7ad2742 in cdb_sql_exec (db=0x81e46408, stmt=0xa120c960
"SELECT uid,flags FROM 'INBOX'",
callback=0xb7ad3490 <read_uids_to_hash_callback>,
data=0x88cb78b0, error=0x972fee78) at camel-db.c:487
errmsg = <optimized out>
ret = -1
retries = 0
#18 0xb7ad46ec in camel_db_select (cdb=0x81afdf68, stmt=0xa120c960
"SELECT uid,flags FROM 'INBOX'",
callback=0xb7ad3490 <read_uids_to_hash_callback>,
data=0x88cb78b0, error=0x972fee78) at camel-db.c:1075
ret = -1591686816
__FUNCTION__ = "camel_db_select"
#19 0xb7ad4877 in camel_db_get_folder_uids (db=0x81afdf68,
folder_name=0xa1385828 "INBOX", sort_by=0x0, collate=0x0, hash=0x88cb78b0,
error=0x972fee78) at camel-db.c:1142
sel_query = 0xa120c960 "SELECT uid,flags FROM 'INBOX'"
ret = <optimized out>
#20 0xb7ae67e0 in camel_folder_summary_load_from_db
(summary=0xa149e470, error=0x972feeb8) at camel-folder-summary.c:2441
parent_store = 0x8e6d9ac0
full_name = 0xa1385828 "INBOX"
local_error = 0x0
__FUNCTION__ = "camel_folder_summary_load_from_db"
#21 0xab8d38fe in camel_imapx_summary_new (folder=0xa149e3a0) at
camel-imapx-summary.c:357
summary = 0xa149e470
local_error = 0x0
#22 0xab8ac1ff in camel_imapx_folder_new (store=0x81b92948,
folder_dir=0xac14eab0
"/home/joey/.cache/evolution/mail/1183830693 4215 64 myasrock-e350m1/folders/INBOX",
folder_name=0xa11943d8 "INBOX",
error=0x972fefd8) at camel-imapx-folder.c:1481
folder = 0xa149e3a0
service = 0x400
settings = 0xa149e3a0
imapx_folder = 0x81b92948
short_name = 0x400 <error: Cannot access memory at address
0x400>
filter_all = 0
filter_inbox = 1
filter_junk = 0
filter_junk_inbox = 0
#23 0xab8cefab in get_folder_offline (flags=<optimized out>,
error=<optimized out>, folder_name=<optimized out>, store=<optimized out>)
at camel-imapx-store.c:907
folder_dir = 0xac14eab0
"/home/joey/.cache/evolution/mail/1183830693 4215 64 myasrock-e350m1/folders/INBOX"
imapx_store = 0x81b92948
si = 0x400
service = 0x400
user_cache_dir = 0xac14eab0
"/home/joey/.cache/evolution/mail/1183830693 4215 64 myasrock-e350m1/folders/INBOX"
#24 imapx_store_get_folder_sync (store=0x81b92948,
folder_name=0xa11943d8 "INBOX", flags=(unknown: 0), cancellable=0xa16f9240,
error=0x972fefd8) at camel-imapx-store.c:1667
settings = 0x81b92948
use_real_junk_path = 1024
#25 0xb7b3c133 in camel_store_get_folder_sync (store=0x81b92948,
folder_name=<optimized out>, flags=<optimized out>,
cancellable=0xa16f9240, error=0x972ff0a8) at camel-store.c:1261
local_error = 0x0
folder = <optimized out>
vjunk = 0x0
vtrash = 0x0
create_folder = <optimized out>
folder_name_is_vjunk = 0
folder_name_is_vtrash = 0
store_uses_vjunk = <optimized out>
store_uses_vtrash = 1
__FUNCTION__ = "camel_store_get_folder_sync"
#26 0xa9b7288f in e_mail_session_uri_to_folder_sync
(session=0x81a5e0e0,
folder_uri=0xa14bd830
"folder://1183830693.4215.64%40myasrock-e350m1/INBOX", flags=(unknown: 0),
cancellable=0xa16f9240, error=0x972ff0a8)
at e-mail-session.c:2172
store = 0x81b92948
folder = 0xa14bd830
folder_name = 0xa11943d8 "INBOX"
success = 1024
__FUNCTION__ = "e_mail_session_uri_to_folder_sync"
#27 0xa99fd7ec in refresh_folders_exec (m=0x88843368,
cancellable=0xa16f9240, error=0xa14bd830) at mail-send-recv.c:1025
folder = 0xa14bd830
i = 0
local_error = 0x0
#28 0xa9b7aa60 in mail_msg_proxy (msg=0x88843368) at mail-mt.c:373
cancellable = 0xa16f9240
#29 0xb52d7e64 in g_thread_pool_thread_proxy (data=0x89112438) at
/build/glib2.0-EvFudu/glib2.0-2.42.1/./glib/gthreadpool.c:307
task = 0x88843368
#30 0xb52d73da in g_thread_proxy (data=0x89118ef0) at
/build/glib2.0-EvFudu/glib2.0-2.42.1/./glib/gthread.c:764
No locals.
#31 0xb7caeefb in start_thread (arg=0x972ffb40) at
pthread_create.c:309
__res = <optimized out>
pd = 0x972ffb40
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1211363328,
-1758463168, 4001536, -1758465496, 428191398, -742727961},
mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0,
0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#32 0xb51a6dfe in clone () at
../sysdeps/unix/sysv/linux/i386/clone.S:129
No locals.
Can you see from the given information, if this is related or a
different issue?
Thanks,
Paul
[1] https://packages.debian.org/corekeeper
[2]
https://www.sqlite.org/src/info/776648412c30dce206f1024ff849c2cb025bb006
--
D. Richard Hipp
drh sqlite org
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
