[sqlsmith] Crash in mcv_get_match_bitmap

Andreas Seltenreich Wed, 10 Jul 2019 13:38:29 -0700

Hi,

running sqlsmith on the regression database of REL_12_STABLE at
ff597b656f yielded a crash in mcv_get_match_bitmap.  I can reproduce it
with the following query on the regression database:


    select filler1 from mcv_lists where a is not null and (select 42) <= c;

Backtrace below.

regards,
Andreas

Program received signal SIGSEGV, Segmentation fault.
pg_detoast_datum (datum=0x0) at fmgr.c:1741
(gdb) bt
#0  pg_detoast_datum (datum=0x0) at fmgr.c:1741
#1  0x000055b2bbeb2656 in numeric_le (fcinfo=0x7ffceeb2cb90) at numeric.c:2139
#2  0x000055b2bbf3cdca in FunctionCall2Coll 
(flinfo=flinfo@entry=0x7ffceeb2cc30, collation=collation@entry=100,
    arg1=<optimized out>, arg2=<optimized out>) at fmgr.c:1162
#3  0x000055b2bbdd7aec in mcv_get_match_bitmap (root=0x55b2bd2acff0, 
clauses=<optimized out>, keys=0x55b2bd2c4e38,
    mcvlist=0x55b2bd2c44e0, is_or=false) at mcv.c:1638
#4  0x000055b2bbdda581 in mcv_clauselist_selectivity 
(root=root@entry=0x55b2bd2acff0, stat=stat@entry=0x55b2bd2c4e00,
    clauses=clauses@entry=0x55b2bd2c5298, varRelid=varRelid@entry=0, 
jointype=jointype@entry=JOIN_INNER, sjinfo=sjinfo@entry=0x0,
    rel=0x55b2bd2c4158, basesel=0x7ffceeb2cd70, totalsel=0x7ffceeb2cd78) at 
mcv.c:1876
#5  0x000055b2bbdd6064 in statext_mcv_clauselist_selectivity 
(estimatedclauses=0x7ffceeb2cde8, rel=0x55b2bd2c4158,
    sjinfo=<optimized out>, jointype=<optimized out>, varRelid=<optimized out>, 
clauses=0x55b2bd2c4e00, root=<optimized out>)
    at extended_stats.c:1146
#6  statext_clauselist_selectivity (root=root@entry=0x55b2bd2acff0, 
clauses=clauses@entry=0x55b2bd2c5010,
    varRelid=varRelid@entry=0, jointype=jointype@entry=JOIN_INNER, 
sjinfo=sjinfo@entry=0x0, rel=0x55b2bd2c4158,
    estimatedclauses=0x7ffceeb2cde8) at extended_stats.c:1177
#7  0x000055b2bbd27372 in clauselist_selectivity 
(root=root@entry=0x55b2bd2acff0, clauses=0x55b2bd2c5010,
    varRelid=varRelid@entry=0, jointype=jointype@entry=JOIN_INNER, 
sjinfo=sjinfo@entry=0x0) at clausesel.c:94
#8  0x000055b2bbd2d788 in set_baserel_size_estimates 
(root=root@entry=0x55b2bd2acff0, rel=rel@entry=0x55b2bd2c4158)
    at costsize.c:4411
#9  0x000055b2bbd24658 in set_plain_rel_size (rte=0x55b2bd20cf00, 
rel=0x55b2bd2c4158, root=0x55b2bd2acff0) at allpaths.c:583
#10 set_rel_size (root=root@entry=0x55b2bd2acff0, rel=rel@entry=0x55b2bd2c4158, 
rti=rti@entry=1, rte=rte@entry=0x55b2bd20cf00)
    at allpaths.c:412
#11 0x000055b2bbd264a0 in set_base_rel_sizes (root=<optimized out>) at 
allpaths.c:323
#12 make_one_rel (root=root@entry=0x55b2bd2acff0, 
joinlist=joinlist@entry=0x55b2bd2c49c0) at allpaths.c:185
#13 0x000055b2bbd482f8 in query_planner (root=root@entry=0x55b2bd2acff0,
    qp_callback=qp_callback@entry=0x55b2bbd48ed0 <standard_qp_callback>, 
qp_extra=qp_extra@entry=0x7ffceeb2d070) at planmain.c:271
#14 0x000055b2bbd4cb32 in grouping_planner (root=<optimized out>, 
inheritance_update=false, tuple_fraction=<optimized out>)
    at planner.c:2048
#15 0x000055b2bbd4f900 in subquery_planner (glob=glob@entry=0x55b2bd2b1c88, 
parse=parse@entry=0x55b2bd20cd88,
    parent_root=parent_root@entry=0x0, hasRecursion=hasRecursion@entry=false, 
tuple_fraction=tuple_fraction@entry=0)
    at planner.c:1012
#16 0x000055b2bbd509c6 in standard_planner (parse=0x55b2bd20cd88, 
cursorOptions=256, boundParams=<optimized out>) at planner.c:406
#17 0x000055b2bbe13b89 in pg_plan_query 
(querytree=querytree@entry=0x55b2bd20cd88, 
cursorOptions=cursorOptions@entry=256,
    boundParams=boundParams@entry=0x0) at postgres.c:878
[...]

[sqlsmith] Crash in mcv_get_match_bitmap

Reply via email to