DATA RACE 3: Found in sqlite3.c
(1) By Zu-Ming Jiang (jiang446079653) on 2020-04-29 03:22:36 [source]
Dear SQLite developers:
I used my fuzz-testing tool, connzer, to detect data race in SQLite. Here is a data race found by connzer. I wish you can help me check whether it is a real race, thanks!!
The following is the race report.
Race report
Version: 3.30.1
Race object: pDbFd->pInode->pShmNode
Thread 1:
Access: pDbFd->pInode->pShmNode = pShmNode;
Line number: sqlite3.c; 37255
Call stack:
unixOpenSharedMemory()
unixShmMap()
sqlite3OsShmMap()
walIndexPageRealloc()
walIndexPage()
walIndexReadHdr()
walTryBeginRead()
sqlite3WalBeginReadTransaction()
pagerBeginReadTransaction()
sqlite3PagerSharedLock()
lockBtree()
sqlite3BtreeBeginTrans()
sqlite3InitOne()
sqlite3Init()
sqlite3ReadSchema()
sqlite3Pragma()
yy_reduce()
sqlite3Parser()
sqlite3RunParser()
sqlite3Prepare()
sqlite3LockAndPrepare()
sqlite3_prepare_v2()
sqlite3_exec()
opendb_x()
walthread1_thread()
launch_thread_main()
Lock: unixEnterMutex();
Thread 2:
Access:
pShmNode = pFile->pInode->pShmNode;
Line number: sqlite3.c, 36994
Call stack:
unixShmSystemLock()
unixShmLock()
sqlite3OsShmLock()
walLockExclusive()
walIndexReadHdr()
walTryBeginRead()
sqlite3WalBeginReadTransaction()
pagerBeginReadTransaction()
sqlite3PagerSharedLock()
lockBtree()
sqlite3BtreeBeginTrans()
sqlite3InitOne()
sqlite3Init()
sqlite3Pragma()
sqlite3ReadSchema()
yy_reduce()
sqlite3Parser()
sqlite3RunParser()
sqlite3Prepare()
sqlite3LockAndPrepare()
sqlite3_prepare_v2()
sqlite3_exec()
opendb_x()
walthread1_ckpt_thread()
launch_thread_main()
Lock: sqlite3_mutex_enter(pShmNode->pShmMutex);
Impact: This race may cause serious consequence: if the race access in thread 2 is executed before the race access in thread 1, pShmNode
in unixShmSystemLock()
in thread 2 will become NULL, and pShmNode->nRef
will cause Null dereference.
My fuzzer finds that these 2 accesses can be executed concurrently, and they are protected by different locks, so my fuzzer report this race.
(2) By Zu-Ming Jiang (jiang446079653) on 2020-05-02 07:30:16 in reply to 1 [link] [source]
What do you think about this data race?
(3) By Richard Hipp (drh) on 2020-05-02 11:38:03 in reply to 2 [link] [source]
I believe the error here is the same as in DATA RACE 2 - namely
your tool fails to recognize that SQLite requires that
the sqlite3GlobalConfig.bCoreMutex
global variable be true
when using multiple theads.