Postgres Pro
Downloads
Home   >   mailing lists

BUG #18374: Printing memory contexts on OOM condition might lead to segmentation fault - Mailing list pgsql-bugs

From PG Bug reporting form
Subject BUG #18374: Printing memory contexts on OOM condition might lead to segmentation fault
Date
Msg-id 18374-ebb8113ce4d02f0d@postgresql.org
Whole thread Raw
Responses Re: BUG #18374: Printing memory contexts on OOM condition might lead to segmentation fault  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-bugs
Tree view 
The following bug has been logged on the website:

Bug reference:      18374
Logged by:          Alexander Lakhin
Email address:      exclusion@gmail.com
PostgreSQL version: 16.2
Operating system:   Ubuntu 22.04
Description:

When a backend with deeply nested memory contexts hits out-of-memory
condition and logs the contexts, it might lead to a segmentation fault
(due to the lack of free memory again). For example:
$ ulimit -Sv 300000; TESTS=infinite_recurse make -s check-tests
(on 64-bit Ubuntu 22.04)

fails:
# +++ regress check in src/test/regress +++
# using temp instance on port 61698 with PID 809399
not ok 1     - infinite_recurse                          286 ms
# (test process exited with exit code 2)

with the following stack trace:
Core was generated by `postgres: law regression [local] SELECT
                        '.
Program terminated with signal SIGSEGV, Segmentation fault.

warning: Section `.reg-xstate/809680' in core file too small.
#0  0x00005643d12ecd50 in dostr (str=str@entry=0x5643d145b137 "  ", slen=2,
target=target@entry=0x7ffdafcb6290) at snprintf.c:1378
1378    {
(gdb) bt
#0  0x00005643d12ecd50 in dostr (str=str@entry=0x5643d145b137 "  ", slen=2,
target=target@entry=0x7ffdafcb6290) at snprintf.c:1378
#1  0x00005643d12ed54a in dopr (...) at snprintf.c:417
#2  0x00005643d12edec2 in pg_vfprintf (...) at snprintf.c:257
#3  0x00005643d12edfa7 in pg_fprintf (...) at snprintf.c:270
#4  0x00005643d12c086e in MemoryContextStatsPrint (...,
stats_string=stats_string@entry=0x7ffdafcb68c0 "8192 total in 1 blocks; 5072
free (0 chunks); 3120 used", 
    print_to_stderr=print_to_stderr@entry=true) at mcxt.c:909
#5  0x00005643d12b9604 in AllocSetStats (...) at aset.c:1508
#6  0x00005643d12c0553 in MemoryContextStatsInternal (...) at mcxt.c:770
...
#675 0x00005643d12c05ee in MemoryContextStatsInternal (...) at mcxt.c:786
#676 0x00005643d12c1030 in MemoryContextStatsDetail (...) at mcxt.c:721
#677 0x00005643d12c1111 in MemoryContextStats (...) at mcxt.c:702
#678 0x00005643d12c19d9 in palloc (size=size@entry=16384) at mcxt.c:1243
#679 0x00005643d12d2ed8 in tuplestore_begin_common (eflags=4,
interXact=interXact@entry=false, maxKBytes=4096) at tuplestore.c:281
#680 0x00005643d12d37c9 in tuplestore_begin_heap (...) at tuplestore.c:331
#681 0x00005643d0f72099 in fmgr_sql (...) at functions.c:1142
...
#20980 0x00005643d0f5fd44 in ExecProcNode (...) at
../../../src/include/executor/executor.h:273
#20981 ExecutePlan (...) at execMain.c:1670
#20982 0x00005643d0f5ff07 in standard_ExecutorRun (...) at execMain.c:365
#20983 0x00005643d0f5ffe1 in ExecutorRun (...) at execMain.c:309
#20984 0x00005643d0f701e9 in postquel_getnext (...) at functions.c:895
#20985 0x00005643d0f71ffa in fmgr_sql (...) at functions.c:1196
#20986 0x00005643d0f5a6db in ExecInterpExpr (...) at execExprInterp.c:734
#20987 0x00005643d0f56aec in ExecInterpExprStillValid (...) at
execExprInterp.c:1870
#20988 0x00005643d0f98075 in ExecEvalExprSwitchContext (...) at
../../../src/include/executor/executor.h:355
#20989 ExecProject (...) at ../../../src/include/executor/executor.h:389
#20990 ExecResult (...) at nodeResult.c:136
#20991 0x00005643d0f67781 in ExecProcNodeFirst (...) at execProcnode.c:464
#20992 0x00005643d0f5fd44 in ExecProcNode (...) at execMain.c:1670
#20994 0x00005643d0f5ff07 in standard_ExecutorRun (...) at execMain.c:365
#20995 0x00005643d0f5ffe1 in ExecutorRun (...) at execMain.c:309
#20996 0x00005643d0f701e9 in postquel_getnext (...) at functions.c:895
#20997 0x00005643d0f71ffa in fmgr_sql (fcinfo=0x5643d3614430) at
functions.c:1196
#20998 0x00005643d0f5a6db in ExecInterpExpr (...) at execExprInterp.c:734
#20999 0x00005643d0f56aec in ExecInterpExprStillValid (...) at
execExprInterp.c:1870
#21000 0x00005643d0f98075 in ExecEvalExprSwitchContext (...) at
../../../src/include/executor/executor.h:355
#21001 ExecProject (...) at ../../../src/include/executor/executor.h:389
#21002 ExecResult (...) at nodeResult.c:136
#21003 0x00005643d0f67781 in ExecProcNodeFirst (...) at execProcnode.c:464
#21004 0x00005643d0f5fd44 in ExecProcNode (...) at
../../../src/include/executor/executor.h:273
...
(gdb) p $rsp
$1 = (void *) 0x7ffdafcb6000
(gdb) x $rsp
0x7ffdafcb6000: 0xe92636c0
(gdb) x $rsp - 8
0x7ffdafcb5ff8: Cannot access memory at address 0x7ffdafcb5ff8

postmaster.log contains:
TopMemoryContext: 196064 total in 7 blocks; 45920 free (17 chunks); 150144
used
...
  TopPortalContext: 8192 total in 1 blocks; 7656 free (0 chunks); 536 used
    PortalContext: 1024 total in 1 blocks; 592 free (0 chunks); 432 used:
<unnamed>
      ExecutorState: 8192 total in 1 blocks; 4032 free (0 chunks); 4160
used
        SQL function: 32832 total in 3 blocks; 5136 free (1 chunks); 27696
used: infinite_recurse
          ExecutorState: 8192 total in 1 blocks; 5072 free (0 chunks); 3120
used
            SQL function: 32832 total in 3 blocks; 5136 free (1 chunks);
27696 used: infinite_recurse
...

(Initially observed with the natural restrictions on 32-bit OS.)

pgsql-bugs by date:

Previous
From: Tom Lane
Date:
Subject: Re: Record returning function accept not matched columns declaration
Next
From: Tom Lane
Date:
Subject: Re: BUG #18374: Printing memory contexts on OOM condition might lead to segmentation fault