Server Crash while running sqlsmith [TRAP: FailedAssertion("!(keylen < 64)", File: "hashfunc.c", Line: 139) ]

Hi,

While running sqlsmith against PG v10 , found a crash . Not sure
whether it is reported earlier or not . Please refer the standalone
testcase for the same -

[centos(at)tusharcentos7 bin]$ ./psql postgres -p 9000
psql (10devel)
Type "help" for help.

postgres=# select
postgres-# 70 as c0,
postgres-# pg_catalog.has_server_privilege(
postgres(# cast(ref_0.indexdef as text),
postgres(# cast(cast(coalesce((select name from
pg_catalog.pg_settings limit 1 offset 16)
postgres(# ,
postgres(# null) as text) as text)) as c1,
postgres-# pg_catalog.pg_export_snapshot() as c2,
postgres-# ref_0.indexdef as c3,
postgres-# ref_0.indexname as c4
postgres-# from
postgres-# pg_catalog.pg_indexes as ref_0
postgres-# where (ref_0.tablespace = ref_0.tablespace)
postgres-# or (46 = 22)
postgres-# limit 103;
TRAP: FailedAssertion("!(keylen < 64)", File: "hashfunc.c", Line: 139)
server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.
The connection to the server was lost. Attempting reset: 2016-12-23
17:46:56.405 IST [16809] LOG: server process (PID 16817) was terminated
by signal 6: Aborted
2016-12-23 17:46:56.405 IST [16809] DETAIL: Failed process was running:
select
70 as c0,
pg_catalog.has_server_privilege(
cast(ref_0.indexdef as text),
cast(cast(coalesce((select name from
pg_catalog.pg_settings limit 1 offset 16)
,
null) as text) as text)) as c1,
pg_catalog.pg_export_snapshot() as c2,
ref_0.indexdef as c3,
ref_0.indexname as c4
from
pg_catalog.pg_indexes as ref_0
where (ref_0.tablespace = ref_0.tablespace)
or (46 = 22)
limit 103;
2016-12-23 17:46:56.405 IST [16809] LOG: terminating any other active
server processes
2016-12-23 17:46:56.407 IST [16814] WARNING: terminating connection
because of crash of another server process
2016-12-23 17:46:56.407 IST [16814] DETAIL: The postmaster has
commanded this server process to roll back the current transaction and
exit, because another server process exited abnormally and possibly
corrupted shared memory.
2016-12-23 17:46:56.407 IST [16814] HINT: In a moment you should be
able to reconnect to the database and repeat your command.
2016-12-23 17:46:56.407 IST [16818] FATAL: the database system is in
recovery mode
Failed.
!> 2016-12-23 17:46:56.408 IST [16809] LOG: all server processes
terminated; reinitializing
2016-12-23 17:46:56.442 IST [16819] LOG: database system was
interrupted; last known up at 2016-12-23 17:46:46 IST
2016-12-23 17:46:56.614 IST [16819] LOG: database system was not
properly shut down; automatic recovery in progress
2016-12-23 17:46:56.616 IST [16819] LOG: invalid record length at
0/155E638: wanted 24, got 0
2016-12-23 17:46:56.616 IST [16819] LOG: redo is not required
2016-12-23 17:46:56.623 IST [16819] LOG: MultiXact member wraparound
protections are now enabled
2016-12-23 17:46:56.626 IST [16809] LOG: database system is ready to
accept connections
2016-12-23 17:46:56.626 IST [16823] LOG: autovacuum launcher started

!> exit
-> \q

Please refer the stack trace below -

[centos(at)tusharcentos7 bin]$ gdb -q -c data/core.16817
/home/centos/PG10_23Dec/postgresql/edbpsql/bin/postgres
Reading symbols from
/home/centos/PG10_23Dec/postgresql/edbpsql/bin/postgres...done.
[New LWP 16817]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `postgres: centos postgres [local]
SELECT '.
Program terminated with signal 6, Aborted.
#0 0x00007fe3b88245f7 in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install
glibc-2.17-106.el7_2.6.x86_64 keyutils-libs-1.5.8-3.el7.x86_64
krb5-libs-1.13.2-12.el7_2.x86_64 libcom_err-1.42.9-7.el7.x86_64
libselinux-2.2.2-6.el7.x86_64 openssl-libs-1.0.1e-51.el7_2.5.x86_64
pcre-8.32-15.el7_2.1.x86_64 xz-libs-5.1.2-12alpha.el7.x86_64
zlib-1.2.7-15.el7.x86_64
(gdb) bt
#0 0x00007fe3b88245f7 in raise () from /lib64/libc.so.6
#1 0x00007fe3b8825ce8 in abort () from /lib64/libc.so.6
#2 0x0000000000977a61 in ExceptionalCondition (conditionName=0x9f66eb
"!(keylen < 64)", errorType=0x9f66db "FailedAssertion",
fileName=0x9f66d0 "hashfunc.c", lineNumber=139)
at assert.c:54
#3 0x00000000004b3882 in hashname (fcinfo=0x7ffdfabd0590) at hashfunc.c:139
#4 0x00000000009815f7 in DirectFunctionCall1Coll (func=0x4b383c
<hashname>, collation=0, arg1=33238784) at fmgr.c:1026
#5 0x0000000000958221 in CatalogCacheComputeHashValue (cache=0x1e96750,
nkeys=1, cur_skey=0x7ffdfabd09e0) at catcache.c:209
#6 0x000000000095a62b in SearchCatCache (cache=0x1e96750, v1=33238784,
v2=0, v3=0, v4=0) at catcache.c:1144
#7 0x000000000096ebac in SearchSysCache (cacheId=29, key1=33238784,
key2=0, key3=0, key4=0) at syscache.c:1006
#8 0x000000000096ecc8 in GetSysCacheOid (cacheId=29, key1=33238784,
key2=0, key3=0, key4=0) at syscache.c:1084
#9 0x00000000006c7ab0 in get_foreign_server_oid (servername=0x1fb2f00
"CREATE UNIQUE INDEX pg_authid_rolname_index ON pg_authid USING btree
(rolname)", missing_ok=0 '\000')
at foreign.c:688
#10 0x00000000008453cc in convert_server_name (servername=0x1fb2e68) at
acl.c:3995
#11 0x0000000000845187 in has_server_privilege_name (fcinfo=0x1f76fe8)
at acl.c:3885
#12 0x000000000068aef0 in ExecMakeFunctionResultNoSets
(fcache=0x1f76f78, econtext=0x1f7b178, isNull=0x1f8cac1 "",
isDone=0x1f8ccac) at execQual.c:2046
#13 0x000000000068b7f1 in ExecEvalFunc (fcache=0x1f76f78,
econtext=0x1f7b178, isNull=0x1f8cac1 "", isDone=0x1f8ccac) at
execQual.c:2442
#14 0x0000000000691f39 in ExecTargetList (targetlist=0x1f8cbf8,
tupdesc=0x1f7b340, econtext=0x1f7b178, values=0x1f8ca68,
isnull=0x1f8cac0 "", itemIsDone=0x1f8cca8,
isDone=0x7ffdfabd0f0c) at execQual.c:5501
#15 0x00000000006926b5 in ExecProject (projInfo=0x1f8cae0,
isDone=0x7ffdfabd0f0c) at execQual.c:5725
#16 0x00000000006b1624 in ExecNestLoop (node=0x1f7b060) at
nodeNestloop.c:267
#17 0x0000000000687571 in ExecProcNode (node=0x1f7b060) at
execProcnode.c:476
#18 0x00000000006a9bac in ExecLimit (node=0x1f7ae28) at nodeLimit.c:91
#19 0x0000000000687676 in ExecProcNode (node=0x1f7ae28) at
execProcnode.c:531
#20 0x0000000000683101 in ExecutePlan (estate=0x1f757f8,
planstate=0x1f7ae28, use_parallel_mode=0 '\000', operation=CMD_SELECT,
sendTuples=1 '\001', numberTuples=0,
direction=ForwardScanDirection, dest=0x7fe3b9ccafe8) at execMain.c:1580
#21 0x00000000006811da in standard_ExecutorRun (queryDesc=0x1f11d68,
direction=ForwardScanDirection, count=0) at execMain.c:340
#22 0x000000000068105e in ExecutorRun (queryDesc=0x1f11d68,
direction=ForwardScanDirection, count=0) at execMain.c:288
#23 0x00000000008253ea in PortalRunSelect (portal=0x1f737e8, forward=1
'\001', count=0, dest=0x7fe3b9ccafe8) at pquery.c:946
#24 0x000000000082507d in PortalRun (portal=0x1f737e8,
count=9223372036854775807, isTopLevel=1 '\001', dest=0x7fe3b9ccafe8,
altdest=0x7fe3b9ccafe8,
completionTag=0x7ffdfabd1300 "") at pquery.c:787
#25 0x000000000081f37f in exec_simple_query (
query_string=0x1ec5978 "select\n", ' ' <repeats 11 times>, "70 as
c0,\n", ' ' <repeats 11 times>, "pg_catalog.has_server_privilege(\n", '
' <repeats 12 times>, "cast(ref_0.indexdef as text),\n", ' ' <repeats 12
times>, "cast(cast(coalesce((select name from pg_catalog.pg_settings
limit 1 offset"...) at postgres.c:1094
#26 0x0000000000823433 in PostgresMain (argc=1, argv=0x1e71eb8,
dbname=0x1e47de8 "postgres", username=0x1e71d20 "centos") at postgres.c:4072
#27 0x000000000079718f in BackendRun (port=0x1e69730) at postmaster.c:4275
#28 0x0000000000796917 in BackendStartup (port=0x1e69730) at
postmaster.c:3947
#29 0x000000000079302e in ServerLoop () at postmaster.c:1704
#30 0x000000000079266d in PostmasterMain (argc=3, argv=0x1e45c60) at
postmaster.c:1312
#31 0x00000000006db982 in main (argc=3, argv=0x1e45c60) at main.c:228
(gdb) ^CQuit
(gdb)

--
regards,tushar