[sqlsmith] Crash in GetOldestSnapshot() - Mailing list pgsql-hackers
| From | Andreas Seltenreich |
|---|---|
| Subject | [sqlsmith] Crash in GetOldestSnapshot() |
| Date | |
| Msg-id | 87vazemeda.fsf@credativ.de Whole thread Raw |
| Responses |
Re: [sqlsmith] Crash in GetOldestSnapshot()
(Michael Paquier <michael.paquier@gmail.com>)
Re: [sqlsmith] Crash in GetOldestSnapshot() (Andrew Gierth <andrew@tao11.riddles.org.uk>) |
| List | pgsql-hackers |
Hi,
since updating master from c93d873..fc509cd, I see crashes in
GetOldestSnapshot() on update/delete returning statements.
I reduced the triggering statements down to this:
update clstr_tst set d = d returning d;
Backtrace below.
regards,
Andreas
Program received signal SIGSEGV, Segmentation fault.
(gdb) bt
#0 GetOldestSnapshot () at snapmgr.c:422
#1 0x00000000004b8279 in init_toast_snapshot (toast_snapshot=0x7ffcd824b010) at tuptoaster.c:2314
#2 0x00000000004b83bc in toast_fetch_datum (attr=<optimized out>) at tuptoaster.c:1869
#3 0x00000000004b9ab5 in heap_tuple_untoast_attr (attr=0x18226c8) at tuptoaster.c:179
#4 0x00000000007f71ad in pg_detoast_datum_packed (datum=<optimized out>) at fmgr.c:2266
#5 0x00000000007cfc12 in text_to_cstring (t=0x18226c8) at varlena.c:186
#6 0x00000000007f5735 in FunctionCall1Coll (flinfo=flinfo@entry=0x18221c0, collation=collation@entry=0,
arg1=arg1@entry=25306824)at fmgr.c:1297
#7 0x00000000007f68ee in OutputFunctionCall (flinfo=0x18221c0, val=25306824) at fmgr.c:1946
#8 0x0000000000478bc1 in printtup (slot=0x1821f80, self=0x181ce48) at printtup.c:359
#9 0x00000000006f9c8e in RunFromStore (portal=portal@entry=0x177cbf8, direction=direction@entry=ForwardScanDirection,
count=count@entry=0,dest=0x181ce48) at pquery.c:1117
#10 0x00000000006f9d52 in PortalRunSelect (portal=portal@entry=0x177cbf8, forward=forward@entry=1 '\001', count=0,
count@entry=9223372036854775807,dest=dest@entry=0x181ce48) at pquery.c:942
#11 0x00000000006fb41e in PortalRun (portal=portal@entry=0x177cbf8, count=count@entry=9223372036854775807,
isTopLevel=isTopLevel@entry=1'\001', dest=dest@entry=0x181ce48, altdest=altdest@entry=0x181ce48,
completionTag=completionTag@entry=0x7ffcd824b920"") at pquery.c:787
#12 0x00000000006f822b in exec_simple_query (query_string=0x17db878 "update clstr_tst set d = d returning d;") at
postgres.c:1094
#13 PostgresMain (argc=<optimized out>, argv=argv@entry=0x1781ce0, dbname=0x1781b40 "regression", username=<optimized
out>)at postgres.c:4074
#14 0x000000000046c9bd in BackendRun (port=0x1786920) at postmaster.c:4262
#15 BackendStartup (port=0x1786920) at postmaster.c:3936
#16 ServerLoop () at postmaster.c:1693
#17 0x0000000000693044 in PostmasterMain (argc=argc@entry=3, argv=argv@entry=0x175d5f0) at postmaster.c:1301
#18 0x000000000046dd26 in main (argc=3, argv=0x175d5f0) at main.c:228
(gdb) list
417
418 if (OldestActiveSnapshot != NULL)
419 ActiveLSN = OldestActiveSnapshot->as_snap->lsn;
420
421 if (XLogRecPtrIsInvalid(RegisteredLSN) || RegisteredLSN > ActiveLSN)
422 return OldestActiveSnapshot->as_snap;
423
424 return OldestRegisteredSnapshot;
425 }
426
(gdb) bt full
#0 GetOldestSnapshot () at snapmgr.c:422 OldestRegisteredSnapshot = <optimized out> RegisteredLSN =
<optimizedout> ActiveLSN = <optimized out>
#1 0x00000000004b8279 in init_toast_snapshot (toast_snapshot=0x7ffcd824b010) at tuptoaster.c:2314 snapshot =
<optimizedout>
#2 0x00000000004b83bc in toast_fetch_datum (attr=<optimized out>) at tuptoaster.c:1869 toastrel = 0x7f8b4ca88920
toastidxs = 0x18447c8 toastkey = { sk_flags = 0, sk_attno = 1, sk_strategy = 3,
sk_subtype = 0, sk_collation = 100, sk_func = { fn_addr = 0x77c490 <oideq>,
fn_oid= 184, fn_nargs = 2, fn_strict = 1 '\001', fn_retset = 0 '\000', fn_stats
=2 '\002', fn_extra = 0x0, fn_mcxt = 0x18282a8, fn_expr = 0x0 },
sk_argument= 34491 } toastscan = <optimized out> ttup = <optimized out> toasttupDesc =
0x7f8b4ca88c50 result = 0x18422d8 toast_pointer = <optimized out> ressize = 5735 residx =
<optimizedout> nextidx = 0 numchunks = 3 chunk = <optimized out> isnull = <optimized out>
chunkdata= <optimized out> chunksize = <optimized out> num_indexes = 1 validIndex = 0
SnapshotToast= { satisfies = 0x112, xmin = 3626283536, xmax = 32764, xip = 0xf8ac628,
xcnt = 5221870, subxip = 0x0, subxcnt = 0, suboverflowed = 0 '\000',
takenDuringRecovery= 0 '\000', copied = 0 '\000', curcid = 14, speculativeToken = 0,
active_count= 260753304, regd_count = 0, ph_node = { first_child = 0xf8ac680,
next_sibling= 0xa40000000000112, prev_or_parent = 0x0 }, whenTaken = 274, lsn = 0
} __func__ = "toast_fetch_datum"
#3 0x00000000004b9ab5 in heap_tuple_untoast_attr (attr=0x18226c8) at tuptoaster.c:179
No locals.
#4 0x00000000007f71ad in pg_detoast_datum_packed (datum=<optimized out>) at fmgr.c:2266
No locals.
#5 0x00000000007cfc12 in text_to_cstring (t=0x18226c8) at varlena.c:186 tunpacked = <optimized out> result
=<optimized out>
#6 0x00000000007f5735 in FunctionCall1Coll (flinfo=flinfo@entry=0x18221c0, collation=collation@entry=0,
arg1=arg1@entry=25306824)at fmgr.c:1297 fcinfo = { flinfo = 0x18221c0, context = 0x0,
resultinfo= 0x0, fncollation = 0, isnull = 0 '\000', nargs = 1, arg = {25306824,
6868497,0, 25356976, 1966, 1966, 0, 25207736, 1966, 8470236, 1966, 1966, 140236265213248, 7113528, 0, 4, 1, 25358272,
0,309237645256, 140236281446912, 1966, 25349336, 25207736, 1966, 8470236, 1966, 1966, 140236265213248, 7113605, 47,
148110127398913,25346992, 25358272, 25346992, 1, 25348352, 6188273, 3689292519771913624, 140723934769840,
140723934770607,140723934769840, 0, 10024654, 140723934770200, 0, 140723934770544, 140236311507497, 4222418944,
140723934770544,0, 8226869, 0, 140236263291992, 25, 140723934769968, 24856000, 8232733, 140236263291992, 15294443587,
25,140723934770016, 1125891316908032, 0, 7849104, 281483566645432, 2, 0, 24651624, 0, 25, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
107,8192, 8240, 128, 755914244609, 16, 2, 481036337259, 0, 0, 532575944823, 0, 140236314839840, 8192, 1024, 8192, 0,
25304960,140236311549156}, argnull =
"\000\000\000\000\000\000\000\000\250\202\202\001\000\000\000\000\250\202\202\001\000\000\000\000p\203\202\001\000\000\000\000\000\004\000\000\000\000\000\000\000\004\000\000\000\000\000\000\360\264$\330\374\177\000\000H\316\201\001\000\000\000\000\b\261\200\001\000\000\000\000\002\000\000\000\000\000\000\000\360\264$\330\374\177\000\000\033\314`\000\000\000\000\000\000\000\000"
} result = <optimized out> __func__ = "FunctionCall1Coll"
#7 0x00000000007f68ee in OutputFunctionCall (flinfo=0x18221c0, val=25306824) at fmgr.c:1946 result = <optimized
out> pushed = 0 '\000'
#8 0x0000000000478bc1 in printtup (slot=0x1821f80, self=0x181ce48) at printtup.c:359 outputstr = <optimized out>
thisState = <optimized out> attr = <optimized out> typeinfo = <optimized out> myState =
0x181ce48 oldcontext = 0x180b108 buf = { data = 0x182aac8 "", len = 2, maxlen =
1024, cursor = 68 } natts = 1 i = 0
#9 0x00000000006f9c8e in RunFromStore (portal=portal@entry=0x177cbf8, direction=direction@entry=ForwardScanDirection,
count=count@entry=0,dest=0x181ce48) at pquery.c:1117 oldcontext = 0x180b108 ok = <optimized out>
forward= 1 '\001' current_tuple_count = 14 slot = 0x1821f80
#10 0x00000000006f9d52 in PortalRunSelect (portal=portal@entry=0x177cbf8, forward=forward@entry=1 '\001', count=0,
count@entry=9223372036854775807,dest=dest@entry=0x181ce48) at pquery.c:942 queryDesc = 0x0 direction =
<optimizedout> nprocessed = <optimized out> __func__ = "PortalRunSelect"
#11 0x00000000006fb41e in PortalRun (portal=portal@entry=0x177cbf8, count=count@entry=9223372036854775807,
isTopLevel=isTopLevel@entry=1'\001', dest=dest@entry=0x181ce48, altdest=altdest@entry=0x181ce48,
completionTag=completionTag@entry=0x7ffcd824b920"") at pquery.c:787 save_exception_stack = 0x7ffcd824b9a0
save_context_stack= 0x0 local_sigjmp_buf = {{ __jmpbuf = {25020000, 8117249591578047072, 25020088, 2,
25284168,24503472, -8115502085312499104, 8117247189865575008}, __mask_was_saved = 0, __saved_mask =
{ __val = {8368164, 1, 24911592, 10273694, 2, 1, 2, 140723934771202, 88, 24628216, 25020088, 2, 8459620,
25020000,2, 24628216} } }} result = <optimized out> nprocessed = <optimized out>
saveTopTransactionResourceOwner= 0x1782df8 saveTopTransactionContext = 0x175e4b0 saveActivePortal = 0x0
saveResourceOwner = 0x1782df8 savePortalContext = 0x0 saveMemoryContext = 0x175e4b0 __func__ =
"PortalRun"
#12 0x00000000006f822b in exec_simple_query (query_string=0x17db878 "update clstr_tst set d = d returning d;") at
postgres.c:1094 parsetree = 0x17dc660 portal = 0x177cbf8 snapshot_set = <optimized out>
commandTag= <optimized out> completionTag = "\000ELECT 1\000\377\377\177", '\000' <repeats 12 times>,
"\240\364\272O\213\177\000\000\000\000\000\000\000\000\000\000\"\000\000\000\000\000\000\000\330\367u\001\000\000\000\000\310\327u\001\000\000\000"
querytree_list = <optimized out> plantree_list = <optimized out> receiver = 0x181ce48 format = 0
dest = DestRemote parsetree_list = 0x17dc6e0 save_log_statement_stats = 0 '\000' was_logged = 0
'\000' msec_str = "\310\317$\330\374\177", '\000' <repeats 25 times> parsetree_item = 0x17dc6b8
isTopLevel= 1 '\001'
#13 PostgresMain (argc=<optimized out>, argv=argv@entry=0x1781ce0, dbname=0x1781b40 "regression", username=<optimized
out>)at postgres.c:4074 query_string = 0x17db878 "update clstr_tst set d = d returning d;" firstchar =
25020000 input_message = { data = 0x17db878 "update clstr_tst set d = d returning d;", len = 40,
maxlen = 1024, cursor = 40 } local_sigjmp_buf = {{ __jmpbuf = {24648928,
8117247467474629216,24648480, 0, 0, 24636608, -8115502085385899424, 8117247183479878240}, __mask_was_saved =
1, __saved_mask = { __val = {0, 24648856, 24648480, 24648512, 1024, 140723934771904, 24648928, 0,
8459304,24632953, 8454626, 13256160, 140723934771904, 24648928, 8376332, 24633416} } }}
send_ready_for_query= 0 '\000' disable_idle_in_transaction_timeout = <optimized out> __func__ =
"PostgresMain"
pgsql-hackers by date: