MAME sqlite3 is crashing again

[katananja]

Debian 9 x64, mame0193-566-g8f18a047fb-dirty
Build command:
make clean && make VERBOSE=1 OVERRIDE_CC=/usr/bin/clang-3.9 OVERRIDE_CXX=/usr/bin/clang++-3.9 REGENIE=1 DEBUG=1 SYMBOLS=1 SYMLEVEL=1 SANITIZE=address -j7

1. mame crash at start
2. delete all databases:
   for f in $(find . -name *.db); do rm -f $f; done
3. With all databases deleted, mame starts fine, but it crashes back if you close and start again.

find . -name *.db
./timer/timer.db
ls -all ./timer/timer.db
-rw-r--r-- 1 mame mame 12288 jan 15 15:22 ./timer/timer.db
chmod 666 ./timer/timer.db
ls -all ./timer/timer.db
-rw-rw-rw- 1 mame mame 12288 jan 15 15:22 ./timer/timer.db

5. Still crashes
6. Deleting the database and start over with -plugin -console.

[MAME]> db:errmsg() 
error: 	[string "db:errmsg() "]:1: attempt to index a nil value (global 'db')

Until yesterday it was fine, it was fixed.

It doesn't crash if you set plugin to zero at your mame.ini, or if you manually delete the database and start with ./mame64d -plugin -console

plugin.ini

#
# PLUGINS OPTIONS
#
data                      1
cheat                     0
layout                    0
timer                     0
gdbstub                   0
console                   0
dummy                     0
cheatfind                 0
hiscore                   0

./mame64d -verbose -plugin -console

Available videodrivers: x11 wayland dummy 
Current Videodriver: x11
	Display #0
		Renderdrivers:
			    opengl (0x0)
			 opengles2 (0x0)
			  software (0x0)
Available audio drivers: 
	pulseaudio          
	alsa                
	sndio               
	dsp                 
	disk                
	dummy               
Build version:      0.193 (mame0193-566-g8f18a047fb-dirty)
Build architecure:  
Build defines 1:    SDLMAME_UNIX=1 SDLMAME_X11=1 SDLMAME_LINUX=1 
Build defines 1:    LSB_FIRST=1 PTR64=1 MAME_DEBUG=1 
SDL/OpenGL defines: SDL_COMPILEDVERSION=2005 USE_OPENGL=1 
Compiler defines A: __GNUC__=4 __GNUC_MINOR__=2 __GNUC_PATCHLEVEL__=1 __VERSION__="4.2.1 Compatible Clang 3.9.1 (tags/RELEASE_391/rc2)" 
Compiler defines B: __amd64__=1 __x86_64__=1 __unix__=1 
Compiler defines C: __USE_FORTIFY_LEVEL=0 
Enter init_monitors
Adding monitor screen0 (1920 x 1080)
Leave init_monitors
Enter sdlwindow_init
Using SDL multi-window soft driver (SDL 2.0+)

Hints:
	SDL_FRAMEBUFFER_ACCELERATION             (null)
	SDL_RENDER_DRIVER                        (null)
	SDL_RENDER_OPENGL_SHADERS                (null)
	SDL_RENDER_SCALE_QUALITY                 (null)
	SDL_RENDER_VSYNC                         (null)
	SDL_VIDEO_X11_XVIDMODE                   (null)
	SDL_VIDEO_X11_XINERAMA                   (null)
	SDL_VIDEO_X11_XRANDR                     (null)
	SDL_GRAB_KEYBOARD                        (null)
	SDL_VIDEO_MINIMIZE_ON_FOCUS_LOSS         (null)
	SDL_IOS_IDLE_TIMER_DISABLED              (null)
	SDL_IOS_ORIENTATIONS                     (null)
	SDL_XINPUT_ENABLED                       (null)
	SDL_GAMECONTROLLERCONFIG                 (null)
	SDL_JOYSTICK_ALLOW_BACKGROUND_EVENTS     (null)
	SDL_ALLOW_TOPMOST                        (null)
	SDL_TIMER_RESOLUTION                     (null)
	SDL_RENDER_DIRECT3D_THREADSAFE           (null)
	SDL_VIDEO_ALLOW_SCREENSAVER              (null)
	SDL_ACCELEROMETER_AS_JOYSTICK            (null)
	SDL_MAC_CTRL_CLICK_EMULATE_RIGHT_CLICK   (null)
	SDL_VIDEO_WIN_D3DCOMPILER                (null)
	SDL_VIDEO_WINDOW_SHARE_PIXEL_FORMAT      (null)
	SDL_VIDEO_MAC_FULLSCREEN_SPACES          (null)
	SDL_MOUSE_RELATIVE_MODE_WARP             (null)
	SDL_RENDER_DIRECT3D11_DEBUG              (null)
	SDL_VIDEO_HIGHDPI_DISABLED               (null)
	SDL_WINRT_PRIVACY_POLICY_URL             (null)
	SDL_WINRT_PRIVACY_POLICY_LABEL           (null)
	SDL_WINRT_HANDLE_BACK_BUTTON             (null)
Leave sdlwindow_init
Enter sdl_info::create
window: using renderer opengl
renderer: flag SDL_RENDERER_PRESENTVSYNC
renderer: flag SDL_RENDERER_ACCELERATED
Leave renderer_sdl2::create
Audio: Start initialization
Audio: Driver is pulseaudio
Audio: frequency: 48000, channels: 2, samples: 256
sdl_create_buffers: creating stream buffer of 25600 bytes
Audio: End initialization
Keyboard: Start initialization
Input: Adding keyboard #0: System keyboard (device id: System keyboard)
Keyboard: Registered System keyboard
Keyboard: End initialization
Mouse: Start initialization
Input: Adding mouse #0: System mouse (device id: System mouse)
Mouse: Registered System mouse
Mouse: End initialization
Joystick: Start initialization
Input: Adding joystick #0: GreenAsiaInc.USBJoystick (device id: GreenAsiaInc.USBJoystick)
Joystick: GreenAsia Inc.    USB Joystick     
Joystick:   ...  5 axes, 12 buttons 1 hats 0 balls
Joystick:   ...  Physical id 0 mapped to logical id 1
Joystick: End initialization
Searching font Liberation Sans in -. path/s
Matching font: /usr/share/fonts/truetype/liberation/LiberationSans-Regular.ttf
Region ':user1' created
Starting No Driver Loaded ':'
  (missing dependencies; rescheduling)
Starting Video Screen ':screen'
Starting No Driver Loaded ':'
Attempting to parse: default.cfg
Attempting to parse: ___empty.cfg
=================================================================
==6521==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffd0e072270 at pc 0x00000b45432c bp 0x7ffd0e0712f0 sp 0x7ffd0e0712e8
WRITE of size 4 at 0x7ffd0e072270 thread T0
    #0 0xb45432b in sqlite3VdbeExec /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../3rdparty/sqlite3/sqlite3.c:82289:7
    #1 0xb38ab7d in sqlite3Step /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../3rdparty/sqlite3/sqlite3.c:75719:10
    #2 0xb38ab7d in sqlite3_step /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../3rdparty/sqlite3/sqlite3.c:75780
    #3 0xb3a4b0b in sqlite3_exec /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../3rdparty/sqlite3/sqlite3.c:109623:12
    #4 0xb2872fd in db_exec /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../3rdparty/lsqlite3/lsqlite3.c:1810:18
    #5 0xb21fb69 in luaD_precall /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../3rdparty/lua/src/ldo.c:434:11
    #6 0xb263fc2 in luaV_execute /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../3rdparty/lua/src/lvm.c:1134:13
    #7 0xb22097f in luaD_call /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../3rdparty/lua/src/ldo.c:499:5
    #8 0xb22097f in luaD_callnoyield /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../3rdparty/lua/src/ldo.c:509
    #9 0xb2134d5 in f_call /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../3rdparty/lua/src/lapi.c:942:3
    #10 0xb21e142 in luaD_rawrunprotected /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../3rdparty/lua/src/ldo.c:142:3
    #11 0xb2223f6 in luaD_pcall /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../3rdparty/lua/src/ldo.c:729:12
    #12 0xb213061 in lua_pcallk /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../3rdparty/lua/src/lapi.c:968:14
    #13 0x6716640 in luacall /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../3rdparty/sol2/sol/protected_function.hpp:73:36
    #14 0x6716640 in sol::basic_protected_function<sol::reference>::invoke(sol::types<>, std::integer_sequence<unsigned long>, long, sol::detail::handler&) const /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../3rdparty/sol2/sol/protected_function.hpp:114
    #15 0x671624e in decltype(auto) sol::basic_protected_function<sol::reference>::call<>() const /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../3rdparty/sol2/sol/protected_function.hpp:193:11
    #16 0x65b0712 in operator()<> /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../3rdparty/sol2/sol/protected_function.hpp:180:11
    #17 0x65b0712 in lua_engine::execute_function(char const*) /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../src/frontend/mame/luaengine.cpp:646
    #18 0x65b1b4d in lua_engine::on_machine_start() /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../src/frontend/mame/luaengine.cpp:675:2
    #19 0xa6b3103 in operator() /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../src/lib/util/delegate.h:544:11
    #20 0xa6b3103 in call_notifiers /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../src/emu/machine.cpp:879
    #21 0xa6b3103 in soft_reset /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../src/emu/machine.cpp:982
    #22 0xa6b3103 in running_machine::run(bool) /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../src/emu/machine.cpp:328
    #23 0x6424177 in mame_machine_manager::execute() /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:236:19
    #24 0x6577671 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:257:22
    #25 0x6579fcf in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:273:3
    #26 0x6426679 in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:336:18
    #27 0x6212279 in main /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:216:9
    #28 0x7f95fc68b2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
    #29 0x1211459 in _start (/home/wellington/mame/mame64d+0x1211459)

Address 0x7ffd0e072270 is located in stack of thread T0 at offset 3952 in frame
    #0 0xb41c03f in sqlite3VdbeExec /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../3rdparty/sqlite3/sqlite3.c:77870

  This frame has 92 object(s):
    [32, 40) 'rValue.i10144'
    [64, 72) 'iValue.i10145'
    [96, 104) 'rValue.i9851'
    [128, 136) 'iValue.i9852'
    [160, 168) 'rValue.i9820'
    [192, 200) 'iValue.i9821'
    [224, 232) 'rValue.i9789'
    [256, 264) 'iValue.i9790'
    [288, 360) 'b.i.i'
    [400, 408) 'nByte.i.i'
    [432, 440) 'value.i.i9126'
    [464, 472) 'value.i9037'
    [496, 504) 'rValue.i9022'
    [528, 536) 'iValue.i9023'
    [560, 568) 'value.i.i8849'
    [592, 600) 'v64.i8310'
    [624, 632) 'v64.i'
    [656, 664) 'val.i8241'
    [688, 696) 'value.i8220'
    [720, 728) 'value.i8195'
    [752, 760) 'value.i8170'
    [784, 792) 'value.i8149'
    [816, 824) 'rValue.i8134'
    [848, 856) 'iValue.i8135'
    [880, 888) 'rValue.i'
    [912, 920) 'iValue.i'
    [944, 952) 'val.i.i'
    [976, 984) 'value.i.i8063'
    [1008, 1016) 'value.i8042'
    [1040, 1048) 'value.i'
    [1072, 1080) 'y.i'
    [1104, 1112) 'z.i7928'
    [1136, 1144) 'val.i7910'
    [1168, 1176) 'val.i'
    [1200, 1208) 'v64.i.i7323'
    [1232, 1240) 'v64.i59.i'
    [1264, 1272) 'v64.i.i'
    [1296, 1352) 'm.i7271'
    [1392, 1448) 'v.i7272'
    [1488, 1544) 'm.i'
    [1584, 1592) 'pDbPage.i150.i.i'
    [1616, 1624) 'pDbPage.i102.i.i'
    [1648, 1656) 'pDbPage.i.i.i'
    [1680, 1681) 'ePtrmapType.i.i'
    [1696, 1700) 'iPtrmapParent.i.i'
    [1712, 1816) 'sCheck.i'
    [1856, 1956) 'zErr.i'
    [2000, 2008) 'notUsed.i'
    [2032, 2056) 'head.i.i6875'
    [2096, 2120) 'head.i.i.i6876'
    [2160, 2184) 'head.i98.i'
    [2224, 2232) 'pList.addr.i82.i'
    [2256, 2264) 'pList.addr.i.i'
    [2288, 2312) 'head.i.i'
    [2352, 2376) 'head.i.i.i'
    [2416, 2736) 'aBucket.i.i'
    [2800, 2808) 'pAux.i'
    [2832, 2840) 'pTail.i'
    [2864, 2872) 'value.i.i6754'
    [2896, 2904) 'value.i.i'
    [2928, 2984) 'ctx.i'
    [3024, 3080) 't.i'
    [3120, 3128) 'sz.i.i6607'
    [3152, 3156) 'logexists.i'
    [3168, 3224) 'sMem'
    [3264, 3268) 'pgno'
    [3280, 3284) 'res1959'
    [3296, 3320) 'r1961'
    [3360, 3364) 'res2077'
    [3376, 3400) 'r2078'
    [3440, 3695) 'aTempRec'
    [3760, 3764) 'res2150'
    [3776, 3784) 'v'
    [3808, 3812) 'res2200'
    [3824, 3856) 'x'
    [3888, 3896) 'v2514'
    [3920, 3924) 'res2563'
    [3936, 3940) 'res2588'
    [3952, 3956) 'res2609' <== Memory access at offset 3952 is inside this variable
    [3968, 4000) 'x2643'
    [4032, 4036) 'res2689'
    [4048, 4072) 'r2690'
    [4112, 4136) 'r2753'
    [4176, 4180) 'nChange2812'
    [4192, 4196) 'pgno2854'
    [4208, 4232) 'initData'
    [4272, 4328) 't3289'
    [4368, 4380) 'aRes'
    [4400, 4456) 'sMem3493'
    [4496, 4504) 'pVCur3516'
    [4528, 4584) 'sContext'
    [4624, 4632) 'rowid3662'
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-scope /mame/build/projects/sdl/mamearcade/gmake-linux-clang/../../../../../3rdparty/sqlite3/sqlite3.c:82289:7 in sqlite3VdbeExec
Shadow bytes around the buggy address:
  0x100021c063f0: f8 f8 f8 f2 f2 f2 f2 f2 04 f2 04 f2 00 00 00 f2
  0x100021c06400: f2 f2 f2 f2 04 f2 00 00 00 f2 f2 f2 f2 f2 00 00
  0x100021c06410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100021c06420: 00 00 00 00 00 00 00 00 00 00 00 00 00 07 f2 f2
  0x100021c06430: f2 f2 f2 f2 f2 f2 04 f2 00 f2 f2 f2 04 f2 00 00
=>0x100021c06440: 00 00 f2 f2 f2 f2 00 f2 f2 f2 04 f2 04 f2[f8]f2
  0x100021c06450: 00 00 00 00 f2 f2 f2 f2 04 f2 00 00 00 f2 f2 f2
  0x100021c06460: f2 f2 00 00 00 f2 f2 f2 f2 f2 04 f2 04 f2 00 00
  0x100021c06470: 00 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 f2 f2 f2
  0x100021c06480: f2 f2 00 04 f2 f2 00 00 00 00 00 00 00 f2 f2 f2
  0x100021c06490: f2 f2 00 f2 f2 f2 00 00 00 00 00 00 00 f2 f2 f2
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb

[cracyc]

This isn't unique to mame http://sqlite.1065341.n5.nabble.com/gnu-gcc-address-sanitizer-finds-stack-use-after-scope-in-sqlite3VdbeExec-td95428.html and should be reported upsteam. Maybe a later release fixes it but the link suggests it's a bug in gcc's sanitizer.

[katananja]

What cause this in mame was something related with permission and something else that I didn't follow after a preview fix #3022. Can you share some basic commands to test?
I can post here if it returns an error.

[firewave]

I have not been able to reproduce this on my side using clang 5.0.1. It didn't come to my mind, that it might be a bug in the sanitizer, so since you are using an earlier version that might explain that.

[katananja]

I'll move to another distro then.

Thank you @firewave