Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Segfault in mvc_find_subexp (sqlsmith) #6480

Closed
monetdb-team opened this issue Nov 30, 2020 · 0 comments
Closed

Segfault in mvc_find_subexp (sqlsmith) #6480

monetdb-team opened this issue Nov 30, 2020 · 0 comments
Labels
bug Something isn't working major SQL

Comments

@monetdb-team
Copy link

Date: 2017-12-01 15:22:18 +0100
From: @mlkersten
To: SQL devs <>
Version: -- development
CC: @njnes

Last updated: 2019-12-09 15:38:11 +0100

Comment 25931

Date: 2017-12-01 15:22:18 +0100
From: @mlkersten

User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0
Build Identifier:

Thread 2913 "mserver5" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f9dcd0ff700 (LWP 12788)]
0x00007f9dee6b6bae in __strcmp_sse2_unaligned () from /lib64/libc.so.6
(gdb) where
0 0x00007f9dee6b6bae in __strcmp_sse2_unaligned () from /lib64/libc.so.6
1 0x00007f9de8ffdb80 in mvc_find_subexp (m=0x7f9d9c00c220, rname=0x0, name=0x0)
at /export/scratch1/home/mk/default//package/sql/server/sql_mvc.c:1859
2 0x00007f9de9041a1f in exp_rename (sql=0x7f9d9c00c220, e=0x0,
f=0x7f9d9c6d2db0, t=0x7f9d9c6d2850)
at /export/scratch1/home/mk/default//package/sql/server/rel_optimizer.c:1208
3 0x00007f9de904174c in exps_rename (sql=0x7f9d9c00c220, l=0x7f9d9c6d4320,
f=0x7f9d9c6d2db0, t=0x7f9d9c6d2850)
at /export/scratch1/home/mk/default//package/sql/server/rel_optimizer.c:1173
4 0x00007f9de9041f57 in exp_rename (sql=0x7f9d9c00c220, e=0x7f9d9c6d43c0,
f=0x7f9d9c6d2db0, t=0x7f9d9c6d2850)
at /export/scratch1/home/mk/default//package/sql/server/rel_optimizer.c:1256
5 0x00007f9de9041d63 in exp_rename (sql=0x7f9d9c00c220, e=0x7f9d9c6d44d0,
f=0x7f9d9c6d2db0, t=0x7f9d9c6d2850)
at /export/scratch1/home/mk/default//package/sql/server/rel_optimizer.c:1233
6 0x00007f9de9056afa in rel_push_project_up (changes=0x7f9dcd0fe764,
sql=0x7f9d9c00c220, rel=0x7f9d9c6d4530)

Reproducible: Always

Steps to Reproduce:

select
subq_0.c5 as c0,
case when subq_0.c4 is not NULL then subq_0.c1 else subq_0.c1 end
as c1,
subq_0.c0 as c2,
subq_0.c5 as c3,
subq_0.c5 as c4,
subq_0.c3 as c5,
subq_0.c1 as c6,
subq_0.c4 as c7,
subq_0.c4 as c8,
subq_0.c5 as c9,
subq_0.c4 as c10,
subq_0.c5 as c11,
cast(coalesce(case when cast(coalesce(subq_0.c4,
subq_0.c0) as int) is NULL then subq_0.c2 else subq_0.c2 end
,
subq_0.c4) as int) as c12,
subq_0.c5 as c13,
subq_0.c5 as c14,
subq_0.c3 as c15,
subq_0.c5 as c16,
subq_0.c1 as c17,
subq_0.c0 as c18,
subq_0.c1 as c19,
case when subq_0.c3 is NULL then subq_0.c2 else subq_0.c2 end
as c20,
subq_0.c0 as c21,
subq_0.c2 as c22,
subq_0.c5 as c23,
subq_0.c2 as c24,
case when subq_0.c5 is not NULL then case when EXISTS (
select
ref_4.srid as c0
from
sys.db_user_info as ref_3
right join sys.spatial_ref_sys as ref_4
on (ref_3.fullname = ref_4.auth_name )
inner join sys.tablestoragemodel as ref_6
on (ref_3.name is not NULL)
where true) then subq_0.c3 else subq_0.c3 end
else case when EXISTS (
select
ref_4.srid as c0
from
sys.db_user_info as ref_3
right join sys.spatial_ref_sys as ref_4
on (ref_3.fullname = ref_4.auth_name )
inner join sys.tablestoragemodel as ref_6
on (ref_3.name is not NULL)
where true) then subq_0.c3 else subq_0.c3 end
end
as c25,
case when false then subq_0.c5 else subq_0.c5 end
as c26,
case when false then subq_0.c3 else subq_0.c3 end
as c27,
subq_0.c0 as c28
from
(select
ref_1.owner as c0,
ref_0.minvalue as c1,
ref_1.authorization as c2,
ref_0.id as c3,
37 as c4,
ref_1.id as c5
from
sys.sequences as ref_0
inner join sys.schemas as ref_1
on (ref_1.authorization is NULL)
where ref_0.increment is NULL) as subq_0
where subq_0.c4 is NULL
limit 176;

Comment 25934

Date: 2017-12-02 15:23:04 +0100
From: @njnes

crash is fixed (ie only lookup names of e_columns)

Comment 25966

Date: 2017-12-07 11:43:12 +0100
From: @mlkersten

select
64 as c0,
ref_12.y as c1,
ref_12.y as c2,
case when true then ref_12.z else ref_12.z end
as c3,
cast(coalesce(ref_12.b,
ref_12.b) as boolean) as c4,
ref_12.x as c5
from
sys.s as ref_12
where EXISTS (
select
ref_17.keyword as c0,
subq_0.c5 as c1,
ref_12.x as c2,
subq_0.c1 as c3,
ref_17.keyword as c4,
subq_0.c6 as c5,
ref_17.keyword as c6,
subq_0.c9 as c7,
ref_12.z as c8,
ref_12.y as c9,
23 as c10,
subq_0.c1 as c11
from
sys.keywords as ref_17
left join (select
ref_19.y as c0,
ref_12.x as c1,
ref_19.z as c2,
ref_19.y as c3,
ref_12.z as c4,
ref_12.y as c5,
ref_19.y as c6,
24 as c7,
ref_12.b as c8,
ref_12.z as c9
from
sys.r2 as ref_19
where false
limit 79) as subq_0
on ((subq_0.c4 is NULL)
or (subq_0.c2 is NULL))
where false)
limit 123;

4 0x00007f7a5775c21d in exp_bin (be=0x7f7a0c001990, e=0x7f7a0de266b0,
left=0x7f7a0dbac880, right=0x7f7a0dbac9b0, grp=0x0, ext=0x0, cnt=0x0,
sel=0x0)
at /export/scratch1/home/mk/default//package/sql/backends/monet5/rel_bin.c:575
5 0x00007f7a57765512 in rel2bin_project (be=0x7f7a0c001990,
rel=0x7f7a0de26ac0, refs=0x7f7a0db8af60, topn=0x0)
at /export/scratch1/home/mk/default//package/sql/backends/monet5/rel_bin.c:2479
6 0x00007f7a57770351 in subrel_bin (be=0x7f7a0c001990, rel=0x7f7a0de26ac0,
refs=0x7f7a0db8af60)
at /export/scratch1/home/mk/default//package/sql/backends/monet5/rel_bin.c:4856
7 0x00007f7a5776543f in rel2bin_project (be=0x7f7a0c001990,
rel=0x7f7a0de20b50, refs=0x7f7a0db8af60, topn=0x0)
at /export/scratch1/home/mk/default//package/sql/backends/monet5/rel_bin.c:2467
8 0x00007f7a57770351 in subrel_bin (be=0x7f7a0c001990, rel=0x7f7a0de20b50,
refs=0x7f7a0db8af60)
at /export/scratch1/home/mk/default//package/sql/backends/monet5/rel_bin.c:4856
9 0x00007f7a57765e93 in rel2bin_select (be=0x7f7a0c001990, rel=0x7f7a0de27950,
refs=0x7f7a0db8af60)
at /export/scratch1/home/mk/default//package/sql/backends/monet5/rel_bin.c:2603

Comment 25977

Date: 2017-12-10 16:53:55 +0100
From: @njnes

on which schema was this tested

Comment 27465

Date: 2019-12-09 15:38:11 +0100
From: MonetDB Mercurial Repository <>

Changeset 5fbc87474be2 made by Pedro Ferreira pedro.ferreira@monetdbsolutions.com in the MonetDB repo, refers to this bug.

For complete details, see https//devmonetdborg/hg/MonetDB?cmd=changeset;node=5fbc87474be2

Changeset description:

Test sqlsmith.Bug-6480.sql requires mergedb_create
@monetdb-team monetdb-team added bug Something isn't working major SQL labels Nov 30, 2020
@sjoerdmullender sjoerdmullender added this to the Ancient Release milestone Feb 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working major SQL
Projects
None yet
Development

No branches or pull requests

2 participants