Hi All, I am running sqlite version 3.2.8, on a windriver linux, on a ppc platform. It is linked to PHP 5.1.4, where I have scripts that access the database (both sets and gets). Recently I have been experimenting with simultanious accesses to the sqlite database (meaning mutliple clients requesting information from the database while another client is commiting data to the database). After a while, php crashes with the following error printed to the syslog: *** glibc detected *** double free or corruption (fasttop): 0x10796ca8 *** Running the test again, with debug symbols produces the following backtrace: 0x0fdde324 in raise () from /lib/libc.so.6 (gdb) where #0 0x0fdde324 in raise () from /lib/libc.so.6 #1 0x0fddfd8c in abort () from /lib/libc.so.6 #2 0x0fe14bac in __fsetlocking () from /lib/libc.so.6 #3 0x0fe14bac in __fsetlocking () from /lib/libc.so.6 #4 0x0fe14bac in __fsetlocking () from /lib/libc.so.6 #5 0x0fe14bac in __fsetlocking () from /lib/libc.so.6 . . . Previous frame inner to this frame (corrupt stack?) We have a special script that re-creates the backtrace, and it looks like this:
(gdb) bt_script frame #: stack_frame_ptr backchain_ptr LR_save_word frame 0: 0xXXXXXXXX: 0xXXXXXXXX $1 = 0xfdde324 <raise+92> frame 1: 0x337f5cf0: 0x337f5d10 $2 = 0xfee2f7c <in6addr_any+16688> frame 2: 0x337f5d10: 0x337f5e40 $3 = 0xfddfdf8 <abort+664> frame 3: 0x337f5e40: 0x337f5fe0 $4 = 0xfe14bac <__libc_fatal> frame 4: 0x337f5fe0: 0x337f6040 $5 = 0xfe1c6b4 <malloc_trim+2348> frame 5: 0x337f6040: 0x337f6060 $6 = 0xfe1caac <free+192> frame 6: 0x337f6060: 0x337f6070 $7 = 0xf7f62dc <sqlite3FreeX+24> frame 7: 0x337f6070: 0x337f60c0 $8 = 0xf7de980 <sqlite3OsUnlock+232> frame 8: 0x337f60c0: 0x337f60e0 $9 = 0xf7e2478 <sqlite3pager_unref+260> frame 9: 0x337f60e0: 0x337f6100 $10 = 0xf7b7f84 <sqlite3BtreeCloseCursor+176> frame 10: 0x337f6100: 0x337f61c0 $11 = 0xf7e65cc <sqlite3InitOne+1012> frame 11: 0x337f61c0: 0x337f61f0 $12 = 0xf7e6724 <sqlite3Init+184> frame 12: 0x337f61f0: 0x337f6200 $13 = 0xf7e684c <sqlite3ReadSchema+88> frame 13: 0x337f6200: 0x337f6220 $14 = 0xf7c59a0 <sqlite3LocateTable+64> frame 14: 0x337f6220: 0x337f62a0 $15 = 0xf7ec2ec <prepSelectStmt+396> frame 15: 0x337f62a0: 0x337f6300 $16 = 0xf7eba5c <sqlite3SelectResolve+176> frame 16: 0x337f6300: 0x337f6480 $17 = 0xf7ed428 <sqlite3Select+420> frame 17: 0x337f6480: 0x337f6510 $18 = 0xf80e088 <sqlite3Parser+5208> frame 18: 0x337f6510: 0x337f6560 $19 = 0xf7f1558 <sqlite3RunParser+380> frame 19: 0x337f6560: 0x337f6650 $20 = 0xf7e6910 <sqlite3_prepare+164> frame 20: 0x337f6650: 0x337f6690 $21 = 0xf7b3bf4 <sqlite_handle_preparer+352> frame 21: 0x337f6690: 0x337f66e0 $22 = 0xf7a80c8 <zif_PDO_prepare+784> frame 22: 0x337f66e0: 0x337f6750 $23 = 0xf9acdf4 <zend_do_fcall_common_helper_SPEC+3224> frame 34: 0x337fb470: 0x337fb520 $35 = 0xf96d8ec <zend_call_function+1968> frame 35: 0x337fb520: 0x337fb570 $36 = 0xf96e7ac <call_user_function_ex+68> frame 36: 0x337fb570: 0x337fb5d0 $37 = 0xf96e870 <call_user_function+176> frame 37: 0x337fb5d0: 0x337fb7c0 $38 = 0xf837220 <zif_SoapServer_handle+8472> frame 38: 0x337fb7c0: 0x337fb830 $39 = 0xf9acdf4 <zend_do_fcall_common_helper_SPEC+3224> frame 39: 0x337fb830: 0x337fc040 $40 = 0xf9ac030 <execute+484> frame 40: 0x337fc040: 0x337fc1a0 $41 = 0xf980ae0 <zend_execute_scripts+392> frame 41: 0x337fc1a0: 0x337fe4a0 $42 = 0xf924458 <php_execute_script+688> The question is - why does sqlite reach a condition where it frees a pointer twice? Is there some kind of known race condition that causes a double free? Is this a known issue? Is there more information I can gather to better understand this error? Thanks in advance, Nir.
