#279 Possible double-free crash in nspostgres_v4_r1

aolserver_v45
open
Jim Lynch
5
2007-09-12
2007-09-12
Dossy Shiobara
No

Juan Jose reported a crash on FreeBSD 6.2. The last bit in the server log before the crash was:

----
[12/sep/2007:12:59:56][14336.134800896][-sched:3-] Notice: Ns_PgExec: Trying to reopen database connection
[12/sep/2007:12:59:56][14336.134800896][-sched:3-] Notice: Opening webstats on 127.0.0.1, port 5432
[12/sep/2007:12:59:56][14336.134800896][-sched:3-] Error: Ns_PgOpenDb(postgres_driver): Could not connect to 127.0.0.1:5432:webstats: FATAL: the database system is shutting down

[12/sep/2007:12:59:56][14336.134800896][-sched:3-] Error: dbinit: error(127.0.0.1:5432:webstats,FATAL: terminating connection due to administrator command
CONTEXTO: SQL statement "..."
PL/pgSQL function "refresh_matview" line 9 at execute statement
el servidor ha cerrado la conexi<C3><B3>n inesperadamente,
probablemente porque termin<C3><B3> de manera anormal
antes o durante el procesamiento de la petici<C3><B3>n.
): 'select refresh_matview('...')'
[12/sep/2007:12:59:56][14336.134800896][-sched:3-] Notice: Ns_PgExec: Trying to reopen database connection
nsd in free(): error: chunk is already free
----

gdb backtrace was not very useful:

(gdb) bt
#0 0x281ad537 in pthread_testcancel () from /lib/libpthread.so.2
#1 0x2819688d in pthread_kill () from /lib/libpthread.so.2
#2 0x28196256 in raise () from /lib/libpthread.so.2
#3 0x28271114 in abort () from /lib/libc.so.6
#4 0x2820de2b in _UTF8_init () from /lib/libc.so.6
#5 0xbfbfecc9 in ?? ()
#6 0x282783ef in sys_nsig () from /lib/libc.so.6
#7 0x282782ef in sys_nsig () from /lib/libc.so.6
#8 0x2827834c in sys_nsig () from /lib/libc.so.6
#9 0x00000004 in ?? ()
#10 0x28284700 in ?? () from /lib/libc.so.6
#11 0xbf672a48 in ?? ()
#12 0x2820de59 in _UTF8_init () from /lib/libc.so.6
#13 0x28284700 in ?? () from /lib/libc.so.6
#14 0x28299c64 in _nsyyin () from /lib/libc.so.6
#15 0xbf672af8 in ?? ()
#16 0x2820ebb9 in _UTF8_init () from /lib/libc.so.6
#17 0x0810da08 in ?? ()
#18 0x0810dae0 in ?? ()
#19 0xbf672a78 in ?? ()
#20 0x280d3f27 in NsLockUnset (lock=0x28284700) at pthread.c:369
Previous frame inner to this frame (corrupt stack?)

Discussion