[sqlsmith] Failed assertion in numeric aggregate

From: Andreas Seltenreich <seltenreich(at)gmx(dot)de>
To: pgsql-hackers(at)postgresql(dot)org
Subject: [sqlsmith] Failed assertion in numeric aggregate
Date: 2016-09-03 13:19:49
Message-ID: 87oa45qfwq.fsf@credativ.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Hi,

updating master from be7f7ee..39b691f, the following assertion is
triggered frequently by sqlsmith:

TRAP: BadArgument("!(((context) != ((void *)0) && (((((const Node*)((context)))->type) == T_AllocSetContext))))", File: "mcxt.c", Line: 1010)

Digging in the coredumps, it looks like set_var_from_num() is invoked on
an uninitialized NumericVar. Sample gdb session below.

Below is also one of the generated queries that eventually triggers it
for me when invoked a dozen times or so.

regards,
Andreas

--8<---------------cut here---------------start------------->8---
select
subq_0.c0 as c0,
subq_0.c0 as c1,
5 as c2,
(select pg_catalog.min(class) from public.f_star)
as c3
from
(select
sample_2.cc as c0
from
public.shoelace_arrive as ref_0
inner join public.hub as sample_1
right join public.e_star as sample_2
on (sample_1.name = sample_2.class )
on (ref_0.arr_name = sample_2.class )
limit 63) as subq_0
where ((subq_0.c0 is not NULL)
and ((select pg_catalog.var_pop(enumsortorder) from pg_catalog.pg_enum)
is not NULL))
and (((select pg_catalog.var_samp(random) from public.bt_txt_heap)
is NULL)
or ((select m from public.money_data limit 1 offset 1)
<> (select pg_catalog.min(salary) from public.rtest_empmass)
));
--8<---------------cut here---------------end--------------->8---

(gdb) bt
#0 0x00007ff011f221c8 in __GI_raise (sig=sig(at)entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1 0x00007ff011f2364a in __GI_abort () at abort.c:89
#2 0x00000000007ef1b1 in ExceptionalCondition (conditionName=conditionName(at)entry=0x9d26c8 "!(((context) != ((void *)0) && (((((const Node*)((context)))->type) == T_AllocSetContext))))", errorType=errorType(at)entry=0x835c25 "BadArgument", fileName=fileName(at)entry=0x9d2640 "mcxt.c", lineNumber=lineNumber(at)entry=1010) at assert.c:54
#3 0x0000000000813561 in pfree (pointer=<optimized out>) at mcxt.c:1010
#4 0x0000000000773169 in alloc_var (var=var(at)entry=0x7ffe3a6d18d0, ndigits=ndigits(at)entry=6) at numeric.c:5387
#5 0x0000000000774230 in set_var_from_num (num=0x1e49180, dest=0x7ffe3a6d18d0) at numeric.c:5608
#6 0x000000000077be2c in numeric_poly_deserialize (fcinfo=<optimized out>) at numeric.c:4196
#7 0x00000000005ec48c in combine_aggregates (aggstate=0x1e255d8, pergroup=<optimized out>) at nodeAgg.c:986
#8 0x00000000005edcc5 in agg_retrieve_direct (aggstate=0x1e255d8) at nodeAgg.c:2095
#9 ExecAgg (node=node(at)entry=0x1e255d8) at nodeAgg.c:1837
#10 0x00000000005e0078 in ExecProcNode (node=node(at)entry=0x1e255d8) at execProcnode.c:503
#11 0x000000000060173c in ExecSetParamPlan (node=<optimized out>, econtext=0x1e2e710) at nodeSubplan.c:995
#12 0x00000000005e4f75 in ExecEvalParamExec (exprstate=<optimized out>, econtext=<optimized out>, isNull=0x7ffe3a6d1b3f "", isDone=<optimized out>) at execQual.c:1140
#13 0x00000000005e14c6 in ExecEvalNullTest (nstate=0x1e2ec50, econtext=0x1e2e710, isNull=0x7ffe3a6d1b3f "", isDone=0x0) at execQual.c:3902
#14 0x00000000005e0656 in ExecEvalOr (orExpr=<optimized out>, econtext=0x1e2e710, isNull=0x7ffe3a6d1b3f "", isDone=<optimized out>) at execQual.c:2809
#15 0x00000000005e7089 in ExecQual (qual=<optimized out>, econtext=econtext(at)entry=0x1e2e710, resultForNull=resultForNull(at)entry=0 '\000') at execQual.c:5379
#16 0x00000000005fd6b1 in ExecResult (node=node(at)entry=0x1e2e5f8) at nodeResult.c:82
#17 0x00000000005e01f8 in ExecProcNode (node=node(at)entry=0x1e2e5f8) at execProcnode.c:392
#18 0x00000000005dc27e in ExecutePlan (dest=0x7ff0129e22b0, direction=<optimized out>, numberTuples=0, sendTuples=<optimized out>, operation=CMD_SELECT, use_parallel_mode=<optimized out>, planstate=0x1e2e5f8, estate=0x1e1aba8) at execMain.c:1567
#19 standard_ExecutorRun (queryDesc=0x1d563b8, direction=<optimized out>, count=0) at execMain.c:338
#20 0x00000000006faad8 in PortalRunSelect (portal=portal(at)entry=0x1def878, forward=forward(at)entry=1 '\001', count=0, count(at)entry=9223372036854775807, dest=dest(at)entry=0x7ff0129e22b0) at pquery.c:948
#21 0x00000000006fc04e in PortalRun (portal=portal(at)entry=0x1def878, count=count(at)entry=9223372036854775807, isTopLevel=isTopLevel(at)entry=1 '\001', dest=dest(at)entry=0x7ff0129e22b0, altdest=altdest(at)entry=0x7ff0129e22b0, completionTag=completionTag(at)entry=0x7ffe3a6d1fa0 "") at pquery.c:789
#22 0x00000000006f8deb in exec_simple_query (query_string=0x1dc2e58 "select \n subq_0.c0 as c0, \n subq_0.c0 as c1, \n 5 as c2, \n (select pg_catalog.min(class) from public.f_star)\n as c3\nfrom \n (select \n sample_2.cc as c0\n from \n public.shoel"...) at postgres.c:1094
#23 PostgresMain (argc=<optimized out>, argv=argv(at)entry=0x1d64730, dbname=0x1d64590 "regression", username=<optimized out>) at postgres.c:4070
#24 0x000000000046cf81 in BackendRun (port=0x1d4ffd0) at postmaster.c:4260
#25 BackendStartup (port=0x1d4ffd0) at postmaster.c:3934
#26 ServerLoop () at postmaster.c:1691
#27 0x0000000000693634 in PostmasterMain (argc=argc(at)entry=3, argv=argv(at)entry=0x1d2c5d0) at postmaster.c:1299
#28 0x000000000046e0d6 in main (argc=3, argv=0x1d2c5d0) at main.c:228
(gdb) frame 5
#5 0x0000000000774230 in set_var_from_num (num=0x1e49180, dest=0x7ffe3a6d18d0) at numeric.c:5608
(gdb) p *dest
$14 = {ndigits = 30883864, weight = 0, sign = 31626200, dscale = 0, buf = 0x1e2a3f0, digits = 0x0}
(gdb)

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Michael Paquier 2016-09-03 13:21:15 Re: pg_basebackup, pg_receivexlog and data durability (was: silent data loss with ext4 / all current versions)
Previous Message Michael Paquier 2016-09-03 12:36:59 Re: Password identifiers, protocol aging and SCRAM protocol