Quick Links

[sqlsmith] Crash in mcv_get_match_bitmap

From:	Andreas Seltenreich <seltenreich(at)gmx(dot)de>
To:	pgsql-hackers(at)lists(dot)postgresql(dot)org
Cc:	Tomas Vondra <tomas(dot)vondra(at)postgresql(dot)org>
Subject:	[sqlsmith] Crash in mcv_get_match_bitmap
Date:	2019-07-10 20:37:51
Message-ID:	8736jdhbhc.fsf@ansel.ydns.eu
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Hi,

running sqlsmith on the regression database of REL_12_STABLE at
ff597b656f yielded a crash in mcv_get_match_bitmap. I can reproduce it
with the following query on the regression database:

select filler1 from mcv_lists where a is not null and (select 42) <= c;

Backtrace below.

regards,
Andreas

Program received signal SIGSEGV, Segmentation fault.
pg_detoast_datum (datum=0x0) at fmgr.c:1741
(gdb) bt
#0 pg_detoast_datum (datum=0x0) at fmgr.c:1741
#1 0x000055b2bbeb2656 in numeric_le (fcinfo=0x7ffceeb2cb90) at numeric.c:2139
#2 0x000055b2bbf3cdca in FunctionCall2Coll (flinfo=flinfo(at)entry=0x7ffceeb2cc30, collation=collation(at)entry=100,
arg1=<optimized out>, arg2=<optimized out>) at fmgr.c:1162
#3 0x000055b2bbdd7aec in mcv_get_match_bitmap (root=0x55b2bd2acff0, clauses=<optimized out>, keys=0x55b2bd2c4e38,
mcvlist=0x55b2bd2c44e0, is_or=false) at mcv.c:1638
#4 0x000055b2bbdda581 in mcv_clauselist_selectivity (root=root(at)entry=0x55b2bd2acff0, stat=stat(at)entry=0x55b2bd2c4e00,
clauses=clauses(at)entry=0x55b2bd2c5298, varRelid=varRelid(at)entry=0, jointype=jointype(at)entry=JOIN_INNER, sjinfo=sjinfo(at)entry=0x0,
rel=0x55b2bd2c4158, basesel=0x7ffceeb2cd70, totalsel=0x7ffceeb2cd78) at mcv.c:1876
#5 0x000055b2bbdd6064 in statext_mcv_clauselist_selectivity (estimatedclauses=0x7ffceeb2cde8, rel=0x55b2bd2c4158,
sjinfo=<optimized out>, jointype=<optimized out>, varRelid=<optimized out>, clauses=0x55b2bd2c4e00, root=<optimized out>)
at extended_stats.c:1146
#6 statext_clauselist_selectivity (root=root(at)entry=0x55b2bd2acff0, clauses=clauses(at)entry=0x55b2bd2c5010,
varRelid=varRelid(at)entry=0, jointype=jointype(at)entry=JOIN_INNER, sjinfo=sjinfo(at)entry=0x0, rel=0x55b2bd2c4158,
estimatedclauses=0x7ffceeb2cde8) at extended_stats.c:1177
#7 0x000055b2bbd27372 in clauselist_selectivity (root=root(at)entry=0x55b2bd2acff0, clauses=0x55b2bd2c5010,
varRelid=varRelid(at)entry=0, jointype=jointype(at)entry=JOIN_INNER, sjinfo=sjinfo(at)entry=0x0) at clausesel.c:94
#8 0x000055b2bbd2d788 in set_baserel_size_estimates (root=root(at)entry=0x55b2bd2acff0, rel=rel(at)entry=0x55b2bd2c4158)
at costsize.c:4411
#9 0x000055b2bbd24658 in set_plain_rel_size (rte=0x55b2bd20cf00, rel=0x55b2bd2c4158, root=0x55b2bd2acff0) at allpaths.c:583
#10 set_rel_size (root=root(at)entry=0x55b2bd2acff0, rel=rel(at)entry=0x55b2bd2c4158, rti=rti(at)entry=1, rte=rte(at)entry=0x55b2bd20cf00)
at allpaths.c:412
#11 0x000055b2bbd264a0 in set_base_rel_sizes (root=<optimized out>) at allpaths.c:323
#12 make_one_rel (root=root(at)entry=0x55b2bd2acff0, joinlist=joinlist(at)entry=0x55b2bd2c49c0) at allpaths.c:185
#13 0x000055b2bbd482f8 in query_planner (root=root(at)entry=0x55b2bd2acff0,
qp_callback=qp_callback(at)entry=0x55b2bbd48ed0 <standard_qp_callback>, qp_extra=qp_extra(at)entry=0x7ffceeb2d070) at planmain.c:271
#14 0x000055b2bbd4cb32 in grouping_planner (root=<optimized out>, inheritance_update=false, tuple_fraction=<optimized out>)
at planner.c:2048
#15 0x000055b2bbd4f900 in subquery_planner (glob=glob(at)entry=0x55b2bd2b1c88, parse=parse(at)entry=0x55b2bd20cd88,
parent_root=parent_root(at)entry=0x0, hasRecursion=hasRecursion(at)entry=false, tuple_fraction=tuple_fraction(at)entry=0)
at planner.c:1012
#16 0x000055b2bbd509c6 in standard_planner (parse=0x55b2bd20cd88, cursorOptions=256, boundParams=<optimized out>) at planner.c:406
#17 0x000055b2bbe13b89 in pg_plan_query (querytree=querytree(at)entry=0x55b2bd20cd88, cursorOptions=cursorOptions(at)entry=256,
boundParams=boundParams(at)entry=0x0) at postgres.c:878
[...]

Responses

Re: [sqlsmith] Crash in mcv_get_match_bitmap at 2019-07-10 20:57:54 from Tom Lane

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Andrew Dunstan	2019-07-10 20:40:20	Re: buildfarm's typedefs list has gone completely nutso
Previous Message	Tom Lane	2019-07-10 20:34:01	Re: let's make the list of reportable GUCs configurable (was Re: Add %r substitution for psql prompts to show recovery status)