Re: [HACKERS] Server Crash while running sqlsmith [TRAP: FailedAssertion("!(keylen < 64)", File: "hashfunc.c", Line: 139) ]

2016-12-23 Thread Tom Lane 
tushar  writes:
> While running sqlsmith against PG v10 , found a crash  . Not sure 
> whether it is reported  earlier or not . Please refer the standalone 
> testcase for the same -

Hmm, so that can be boiled down to

regression=# select has_server_privilege(repeat('x',100),'y');
server closed the connection unexpectedly

which indicates that something is being slothful about identifier
length truncation.  It looks like that's not the only member of
the has_foo_privilege family with that disease, either:

regression=# select has_column_privilege('tenk1',repeat('x',100),'y');
server closed the connection unexpectedly

The majority of those functions truncate putative identifiers before
trying to look them up, and I think these should as well.

regards, tom lane


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

[HACKERS] Server Crash while running sqlsmith [TRAP: FailedAssertion("!(keylen < 64)", File: "hashfunc.c", Line: 139) ]

2016-12-23 Thread tushar 

Hi,

While running sqlsmith against PG v10 , found a crash  . Not sure 
whether it is reported  earlier or not . Please refer the standalone 
testcase for the same -


[centos@tusharcentos7 bin]$ ./psql postgres -p 9000
psql (10devel)
Type "help" for help.

postgres=# select
postgres-#70 as c0,
postgres-#pg_catalog.has_server_privilege(
postgres(# cast(ref_0.indexdef as text),
postgres(# cast(cast(coalesce((select name from 
pg_catalog.pg_settings limit 1 offset 16)

postgres(# ,
postgres(#null) as text) as text)) as c1,
postgres-#pg_catalog.pg_export_snapshot() as c2,
postgres-#ref_0.indexdef as c3,
postgres-#ref_0.indexname as c4
postgres-#  from
postgres-#   pg_catalog.pg_indexes as ref_0
postgres-#  where (ref_0.tablespace = ref_0.tablespace)
postgres-#or (46 = 22)
postgres-#  limit 103;
TRAP: FailedAssertion("!(keylen < 64)", File: "hashfunc.c", Line: 139)
server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.
The connection to the server was lost. Attempting reset: 2016-12-23 
17:46:56.405 IST [16809] LOG:  server process (PID 16817) was terminated 
by signal 6: Aborted
2016-12-23 17:46:56.405 IST [16809] DETAIL:  Failed process was running: 
select

   70 as c0,
   pg_catalog.has_server_privilege(
cast(ref_0.indexdef as text),
cast(cast(coalesce((select name from 
pg_catalog.pg_settings limit 1 offset 16)

,
   null) as text) as text)) as c1,
   pg_catalog.pg_export_snapshot() as c2,
   ref_0.indexdef as c3,
   ref_0.indexname as c4
 from
  pg_catalog.pg_indexes as ref_0
 where (ref_0.tablespace = ref_0.tablespace)
   or (46 = 22)
 limit 103;
2016-12-23 17:46:56.405 IST [16809] LOG:  terminating any other active 
server processes
2016-12-23 17:46:56.407 IST [16814] WARNING:  terminating connection 
because of crash of another server process
2016-12-23 17:46:56.407 IST [16814] DETAIL:  The postmaster has 
commanded this server process to roll back the current transaction and 
exit, because another server process exited abnormally and possibly 
corrupted shared memory.
2016-12-23 17:46:56.407 IST [16814] HINT:  In a moment you should be 
able to reconnect to the database and repeat your command.
2016-12-23 17:46:56.407 IST [16818] FATAL:  the database system is in 
recovery mode

Failed.
!> 2016-12-23 17:46:56.408 IST [16809] LOG:  all server processes 
terminated; reinitializing
2016-12-23 17:46:56.442 IST [16819] LOG:  database system was 
interrupted; last known up at 2016-12-23 17:46:46 IST
2016-12-23 17:46:56.614 IST [16819] LOG:  database system was not 
properly shut down; automatic recovery in progress
2016-12-23 17:46:56.616 IST [16819] LOG:  invalid record length at 
0/155E638: wanted 24, got 0

2016-12-23 17:46:56.616 IST [16819] LOG:  redo is not required
2016-12-23 17:46:56.623 IST [16819] LOG:  MultiXact member wraparound 
protections are now enabled
2016-12-23 17:46:56.626 IST [16809] LOG:  database system is ready to 
accept connections

2016-12-23 17:46:56.626 IST [16823] LOG:  autovacuum launcher started

!> exit
-> \q

Please refer the  stack trace  below -

[centos@tusharcentos7 bin]$ gdb -q -c data/core.16817 
/home/centos/PG10_23Dec/postgresql/edbpsql/bin/postgres
Reading symbols from 
/home/centos/PG10_23Dec/postgresql/edbpsql/bin/postgres...done.

[New LWP 16817]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `postgres: centos postgres [local] 
SELECT   '.

Program terminated with signal 6, Aborted.
#0  0x7fe3b88245f7 in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install 
glibc-2.17-106.el7_2.6.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 
krb5-libs-1.13.2-12.el7_2.x86_64 libcom_err-1.42.9-7.el7.x86_64 
libselinux-2.2.2-6.el7.x86_64 openssl-libs-1.0.1e-51.el7_2.5.x86_64 
pcre-8.32-15.el7_2.1.x86_64 xz-libs-5.1.2-12alpha.el7.x86_64 
zlib-1.2.7-15.el7.x86_64

(gdb) bt
#0  0x7fe3b88245f7 in raise () from /lib64/libc.so.6
#1  0x7fe3b8825ce8 in abort () from /lib64/libc.so.6
#2  0x00977a61 in ExceptionalCondition (conditionName=0x9f66eb 
"!(keylen < 64)", errorType=0x9f66db "FailedAssertion", 
fileName=0x9f66d0 "hashfunc.c", lineNumber=139)

at assert.c:54
#3  0x004b3882 in hashname (fcinfo=0x7ffdfabd0590) at hashfunc.c:139
#4  0x009815f7 in DirectFunctionCall1Coll (func=0x4b383c 
, collation=0, arg1=33238784) at fmgr.c:1026
#5  0x00958221 in CatalogCacheComputeHashValue (cache=0x1e96750, 
nkeys=1, cur_skey=0x7ffdfabd09e0) at catcache.c:209
#6  0x0095a62b in SearchCatCache