- command: sqlite3 < crash.sql - version: version: 3.37.1 - compile params: Clang-12 with debug enabled PoC (crash.sql): ```sql PRAGMA writable_schema=ON; PRAGMA foreign_keys = ON; CREATE TABLE sqlite_stat1 (tbl INTEGER PRIMARY KEY DESC, idx UNIQUE DEFAULT NULL) WITHOUT ROWID; CREATE TABLE sqlsim4(stat PRIMARY KEY);; CREATE TABLE t1(sqlsim7 REFERENCES sqlite_stat1 ON DELETE CASCADE); DROP table "sqlsim4"; ``` gdb backtrace: ``` sqlite3: sqlite3.c:167969: sqlite3LeaveMutexAndCloseZombie: Assertion `sqlite3LookasideUsed(db,0)==0' failed. Program received signal SIGABRT, Aborted. __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007fddd9ec3859 in __GI_abort () at abort.c:79 #2 0x00007fddd9ec3729 in __assert_fail_base (fmt=0x7fddda059588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x564d47a69932 "sqlite3LookasideUsed(db,0)==0", file=0x564d47a400ba "sqlite3.c", line=167969, function=<optimized out>) at assert.c:92 #3 0x00007fddd9ed4f36 in __GI___assert_fail (assertion=0x564d47a69932 "sqlite3LookasideUsed(db,0)==0", file=0x564d47a400ba "sqlite3.c", line=167969, function=0x564d47a780c0 <__PRETTY_FUNCTION__.42684> "sqlite3LeaveMutexAndCloseZombie") at assert.c:101 #4 0x0000564d479f571a in sqlite3LeaveMutexAndCloseZombie (db=0x564d47cba150) at sqlite3.c:167969 #5 0x0000564d479f51dd in sqlite3Close (db=0x564d47cba150, forceZombie=0) at sqlite3.c:167805 #6 0x0000564d479f52de in sqlite3_close (db=0x564d47cba150) at sqlite3.c:167848 #7 0x0000564d478c70f0 in close_db (db=0x564d47cba150) at shell.c:15853 #8 0x0000564d478d960d in main (argc=1, argv=0x7ffc81b76b98) at shell.c:22844 ``` The failed assertion will occur when the sqlite3 process exits after finishing these statements. However, nothing will happen if sqlite3 is compiled with debug disabled.