Bug 1201823

Summary: [abrt] devhelp: sqlite3_initialize(): devhelp killed by SIGSEGV
Product: [Fedora] Fedora Reporter: Bastien Nocera <bnocera>
Component: sqlite3Assignee: Paul Nasrat <nobody+pnasrat>
Status: CLOSED EOL QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 22CC: baptiste.millemathias, bochecha, debarshir, fedora, ifoolb, jan.steffens, jstanek, kalevlember, mbarnes, mcatanzaro, philip, scampa.giovanni, shawnx, thughes, tpopela, wilmer5
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/c7b8436b095f97f93744a94236a9a77860fdabef
Whiteboard: abrt_hash:7eaf99e0fd5a23139a060523ce503a881355311d
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-07-19 13:01:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: dso_list
none
File: environ
none
File: limits
none
File: maps
none
File: open_fds
none
File: proc_pid_status
none
File: var_log_messages none

Description Bastien Nocera 2015-03-13 15:06:03 UTC 
Description of problem:
Launched it.

Version-Release number of selected component:
devhelp-3.15.91-1.fc22

Additional info:
reporter:       libreport-2.4.0
backtrace_rating: 4
cmdline:        devhelp
crash_function: sqlite3_initialize
executable:     /usr/bin/devhelp
kernel:         4.0.0-0.rc2.git0.1.fc22.x86_64
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #1 sqlite3_initialize at sqlite3.c:126557
 #2 openDatabase at sqlite3.c:129030
 #3 WebCore::SQLiteFileSystem::openDatabase(WTF::String const&, sqlite3**, bool) at /lib64/libwebkit2gtk-4.0.so.37
 #4 WebCore::SQLiteDatabase::open(WTF::String const&, bool) at /lib64/libwebkit2gtk-4.0.so.37
 #5 WebKit::LocalStorageDatabaseTracker::openTrackerDatabase(WebKit::LocalStorageDatabaseTracker::DatabaseOpeningStrategy) at /lib64/libwebkit2gtk-4.0.so.37
 #6 WebKit::LocalStorageDatabaseTracker::importOriginIdentifiers() at /lib64/libwebkit2gtk-4.0.so.37
 #7 WTF::GMainLoopSource::voidCallback() at /lib64/libjavascriptcoregtk-4.0.so.18
 #8 WTF::GMainLoopSource::voidSourceCallback(WTF::GMainLoopSource*) at /lib64/libjavascriptcoregtk-4.0.so.18
 #13 WTF::threadEntryPoint(void*) at /lib64/libjavascriptcoregtk-4.0.so.18
 #14 WTF::wtfThreadEntryPoint(void*) at /lib64/libjavascriptcoregtk-4.0.so.18
Comment 1 Bastien Nocera 2015-03-13 15:06:06 UTC 
Created attachment 1001406 [details]
File: backtrace
Comment 2 Bastien Nocera 2015-03-13 15:06:07 UTC 
Created attachment 1001407 [details]
File: cgroup
Comment 3 Bastien Nocera 2015-03-13 15:06:08 UTC 
Created attachment 1001408 [details]
File: core_backtrace
Comment 4 Bastien Nocera 2015-03-13 15:06:10 UTC 
Created attachment 1001409 [details]
File: dso_list
Comment 5 Bastien Nocera 2015-03-13 15:06:11 UTC 
Created attachment 1001410 [details]
File: environ
Comment 6 Bastien Nocera 2015-03-13 15:06:12 UTC 
Created attachment 1001411 [details]
File: limits
Comment 7 Bastien Nocera 2015-03-13 15:06:14 UTC 
Created attachment 1001412 [details]
File: maps
Comment 8 Bastien Nocera 2015-03-13 15:06:15 UTC 
Created attachment 1001413 [details]
File: open_fds
Comment 9 Bastien Nocera 2015-03-13 15:06:16 UTC 
Created attachment 1001414 [details]
File: proc_pid_status
Comment 10 Bastien Nocera 2015-03-13 15:06:17 UTC 
Created attachment 1001415 [details]
File: var_log_messages
Comment 11 Michael Catanzaro 2015-03-13 16:53:46 UTC 
I've filed https://bugzilla.gnome.org/show_bug.cgi?id=746166 to disable local storage in devhelp.

Anyway, since the crash is inside sqlite3_initialize, I think this should be assigned to the sqlite maintainers to investigate. Or, it could be assigned to the ABRT developers as a reminder that ABRT needs to update debuginfo before filing bug reports.
Comment 12 Michael Catanzaro 2015-03-31 01:28:13 UTC 
*** Bug 1207221 has been marked as a duplicate of this bug. ***
Comment 13 Michael Catanzaro 2015-04-04 19:51:58 UTC 
I'm assigning this bug to sqlite because:

a) The crash is deep in sqlite.
b) I don't think we're misusing sqlite's thread-safety guarantees (see WebKit bug #143245).
Comment 14 Michael Catanzaro 2015-06-05 15:59:22 UTC 
*** Bug 1217952 has been marked as a duplicate of this bug. ***
Comment 15 Michael Catanzaro 2015-06-05 15:59:24 UTC 
*** Bug 1228391 has been marked as a duplicate of this bug. ***
Comment 16 Michael Catanzaro 2015-06-06 13:53:47 UTC 
Let's explicitly open all databases in serialized mode, just in case another library is misbehaving and changing the default mode for the entire process. Then if that doesn't fix the bug, we know for sure it is an SQLite bug.
Comment 17 Fedora Update System 2015-06-12 16:33:26 UTC 
webkitgtk4-2.8.3-3.fc22 has been submitted as an update for Fedora 22.
https://admin.fedoraproject.org/updates/webkitgtk4-2.8.3-3.fc22
Comment 18 Michael Catanzaro 2015-06-15 15:27:54 UTC 
OK, the patch does not work. This must be an SQLite bug after all. We're opening the database in serialized mode, and SQLite promises that this is completely thread-safe, but crashes anyway when used from multiple threads.
Comment 19 Michael Catanzaro 2015-06-15 15:30:45 UTC 
Oh, that's why nobody responded to the bug report last time, I picked the wrong sqlite package. :D
Comment 20 Jan Alexander Steffens 2015-07-27 07:20:28 UTC 
I think this is because the sqlite3_initialize function is not thread-safe, in violation of the documentation.

The backtraces I have from crashing devhelp all point at sqlite3_initialize -> sqlite3MutexInit attempting to call a null pointer while there is a concurrent sqlite3_initialize -> sqlite3MutexAlloc.

Thread 1 (Thread 0x7ff2ed7fe700 (LWP 7573)):
#0  0x0000000000000000 in ?? ()
#1  0x00007ff2fe695612 in sqlite3MutexInit () at sqlite3.c:19158
#2  sqlite3_initialize () at sqlite3.c:62618
#3  0x00007ff2fe733769 in openDatabase (zFilename=0x7ff2ee7da0b0 "/home/jan/.local/share/webkitgtk/localstorage/StorageTracker.db", ppDb=0x7ff2ee7ed0f8, flags=6, zVfs=0x0) at sqlite3.c:130644
#4  0x00007ff305375ca5 in ?? () from /usr/lib/libwebkit2gtk-4.0.so.37

Thread 3 (Thread 0x7ff2edfff700 (LWP 7572)):
#0  sqlite3MemMalloc (nByte=40) at sqlite3.c:17137
#1  0x00007ff2fe6792a8 in mallocWithAlarm (pp=<synthetic pointer>, n=<optimized out>) at sqlite3.c:20801
#2  sqlite3Malloc (n=<optimized out>) at sqlite3.c:20832
#3  0x00007ff2fe6833aa in sqlite3MallocZero (n=40) at sqlite3.c:21130
#4  pthreadMutexAlloc (iType=<optimized out>) at sqlite3.c:19627
#5  0x00007ff2fe695de7 in sqlite3MutexAlloc (id=1) at sqlite3.c:19200
#6  sqlite3_initialize () at sqlite3.c:62637
#7  0x00007ff2fe733769 in openDatabase (zFilename=0x7ff2ee7dc0b0 "/home/jan/.local/share/webkitgtk/localstorage/StorageTracker.db", ppDb=0x7ff2ee7ed018, flags=6, zVfs=0x0) at sqlite3.c:130644
#8  0x00007ff305375ca5 in ?? () from /usr/lib/libwebkit2gtk-4.0.so.37

So I guess a workaround would be to call sqlite3_initialize early, before spawning any other database-using threads.
Comment 21 Michael Catanzaro 2015-08-28 00:18:42 UTC 
Thanks Jan. I agree with your assessment. For WebKit, I will work around this with an explicit call to sqlite3_initialize, protected by std::call_once. I will leave this bug open since that is only a workaround.
Comment 22 Michael Catanzaro 2015-09-06 14:24:06 UTC 
This has apparently been fixed upstream: http://news.gmane.org/gmane.comp.db.sqlite.general
Comment 23 Michael Catanzaro 2015-09-06 14:26:20 UTC 
Specifically: https://www.sqlite.org/src/info/11a9a786ec06403a
Comment 24 Fedora End Of Life 2016-07-19 13:01:50 UTC 
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.