Two sweet crashes in the sql front-end

Dean De Leo D.De.Leo at cwi.nl
Tue Nov 8 19:42:33 CET 2016


Dear MonetDB developers,

I would like to report a crash due to a null pointer using the attached 
schema.sql and query1a.sql, see backtrace1.txt.

Eventually in the process of simplyfying the query to make this report, 
I stumbled upon a second assertion, see query2_crash_repro.sql and 
backtrace2.txt

On Linux, tip of the default branch, debug build, empty tables.


Dean


-------------- next part --------------
* thread #5: tid = 27249, 0x00007fd22159bccb lib_sql.so`rel_crossproduct(sa=0x00007fd21061fc50, l=0x00007fd2106a6780, r=0x0000000000000000, join=op_join) + 128 at rel_rel.c:371, name = 'mserver5', stop reason = signal SIGSEGV: invalid address (fault address: 0x20)
    frame #0: 0x00007fd22159bccb lib_sql.so`rel_crossproduct(sa=0x00007fd21061fc50, l=0x00007fd2106a6780, r=0x0000000000000000, join=op_join) + 128 at rel_rel.c:371
   368         rel->op = join;
   369         rel->exps = NULL;
   370         rel->card = CARD_MULTI;
-> 371         rel->nrcols = l->nrcols + r->nrcols;
   372         return rel;
   373     }
   374    
(lldb) bt
* thread #5: tid = 27249, 0x00007fd22159bccb lib_sql.so`rel_crossproduct(sa=0x00007fd21061fc50, l=0x00007fd2106a6780, r=0x0000000000000000, join=op_join) + 128 at rel_rel.c:371, name = 'mserver5', stop reason = signal SIGSEGV: invalid address (fault address: 0x20)
  * frame #0: 0x00007fd22159bccb lib_sql.so`rel_crossproduct(sa=0x00007fd21061fc50, l=0x00007fd2106a6780, r=0x0000000000000000, join=op_join) + 128 at rel_rel.c:371
    frame #1: 0x00007fd2215a1c91 lib_sql.so`order_joins(sql=0x00007fd210130050, rels=0x00007fd2106a5b20, exps=0x00007fd21069e180) + 1365 at rel_optimizer.c:861
    frame #2: 0x00007fd2215a2586 lib_sql.so`reorder_join(sql=0x00007fd210130050, rel=0x00007fd21069e150) + 429 at rel_optimizer.c:1042
    frame #3: 0x00007fd2215a27b0 lib_sql.so`rel_join_order(sql=0x00007fd210130050, rel=0x00007fd21069e150) + 499 at rel_optimizer.c:1100
    frame #4: 0x00007fd2215a2686 lib_sql.so`rel_join_order(sql=0x00007fd210130050, rel=0x00007fd210618cb0) + 201 at rel_optimizer.c:1084
    frame #5: 0x00007fd2215a2686 lib_sql.so`rel_join_order(sql=0x00007fd210130050, rel=0x00007fd210689350) + 201 at rel_optimizer.c:1084
    frame #6: 0x00007fd2215a2686 lib_sql.so`rel_join_order(sql=0x00007fd210130050, rel=0x00007fd21061c8e0) + 201 at rel_optimizer.c:1084
    frame #7: 0x00007fd2215a2686 lib_sql.so`rel_join_order(sql=0x00007fd210130050, rel=0x00007fd210673990) + 201 at rel_optimizer.c:1084
    frame #8: 0x00007fd2215a263d lib_sql.so`rel_join_order(sql=0x00007fd210130050, rel=0x00007fd2106739f0) + 128 at rel_optimizer.c:1076
    frame #9: 0x00007fd2215a2686 lib_sql.so`rel_join_order(sql=0x00007fd210130050, rel=0x00007fd210674710) + 201 at rel_optimizer.c:1084
    frame #10: 0x00007fd2215a263d lib_sql.so`rel_join_order(sql=0x00007fd210130050, rel=0x00007fd210674df0) + 128 at rel_optimizer.c:1076
    frame #11: 0x00007fd2215a2686 lib_sql.so`rel_join_order(sql=0x00007fd210130050, rel=0x00007fd21068a2f0) + 201 at rel_optimizer.c:1084
    frame #12: 0x00007fd2215a2686 lib_sql.so`rel_join_order(sql=0x00007fd210130050, rel=0x00007fd210674f90) + 201 at rel_optimizer.c:1084
    frame #13: 0x00007fd2215a263d lib_sql.so`rel_join_order(sql=0x00007fd210130050, rel=0x00007fd21067fe70) + 128 at rel_optimizer.c:1076
    frame #14: 0x00007fd2215a2686 lib_sql.so`rel_join_order(sql=0x00007fd210130050, rel=0x00007fd210680b90) + 201 at rel_optimizer.c:1084
    frame #15: 0x00007fd2215a263d lib_sql.so`rel_join_order(sql=0x00007fd210130050, rel=0x00007fd210681270) + 128 at rel_optimizer.c:1076
    frame #16: 0x00007fd2215a2686 lib_sql.so`rel_join_order(sql=0x00007fd210130050, rel=0x00007fd2106827d0) + 201 at rel_optimizer.c:1084
    frame #17: 0x00007fd2215a2686 lib_sql.so`rel_join_order(sql=0x00007fd210130050, rel=0x00007fd210682900) + 201 at rel_optimizer.c:1084
    frame #18: 0x00007fd2215c2c24 lib_sql.so`_rel_optimizer(sql=0x00007fd210130050, rel=0x00007fd210682900, level=1) + 1673 at rel_optimizer.c:8476
    frame #19: 0x00007fd2215c2ed5 lib_sql.so`_rel_optimizer(sql=0x00007fd210130050, rel=0x00007fd210682900, level=1) + 2362 at rel_optimizer.c:8522
    frame #20: 0x00007fd2215c2f28 lib_sql.so`rel_optimizer(sql=0x00007fd210130050, rel=0x00007fd210682900) + 55 at rel_optimizer.c:8530
    frame #21: 0x00007fd2214b2df4 lib_sql.so`sql_symbol2relation(c=0x00007fd210130050, sym=0x00007fd210616880) + 94 at sql.c:121
    frame #22: 0x00007fd2214d7efa lib_sql.so`SQLparser(c=0x00007fd221b30328) + 3677 at sql_scenario.c:1077
    frame #23: 0x00007fd2262e6c65 libmonetdb5.so.21`runPhase(c=0x00007fd221b30328, phase=1) + 122 at mal_scenario.c:517
    frame #24: 0x00007fd2262e6da9 libmonetdb5.so.21`runScenarioBody(c=0x00007fd221b30328) + 288 at mal_scenario.c:550
    frame #25: 0x00007fd2262e6f4c libmonetdb5.so.21`runScenario(c=0x00007fd221b30328) + 76 at mal_scenario.c:579
    frame #26: 0x00007fd2262e8a92 libmonetdb5.so.21`MSserveClient(dummy=0x00007fd221b30328) + 488 at mal_session.c:448
    frame #27: 0x00007fd2262e853c libmonetdb5.so.21`MSscheduleClient(command="p�e\x10�", challenge="3NNyYthKh", fin=0x00007fd2105e6280, fout=0x00007fd20c000b10) + 3472 at mal_session.c:339
    frame #28: 0x00007fd226387e60 libmonetdb5.so.21`doChallenge(data=0x00007fd20c0008d0) + 1209 at mal_mapi.c:197
    frame #29: 0x00007fd225de9d36 libbat.so.13`thread_starter(arg=0x00007fd20c004c50) + 68 at gdk_system.c:485
    frame #30: 0x00007fd223595454 libpthread.so.0`start_thread + 196
    frame #31: 0x00007fd2232d67df libc.so.6`__GI___clone + 95
-------------- next part --------------
A non-text attachment was scrubbed...
Name: query1a.sql
Type: application/sql
Size: 1393 bytes
Desc: not available
URL: <http://www.monetdb.org/pipermail/developers-list/attachments/20161108/62c2c522/attachment-0003.sql>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: schema.sql
Type: application/sql
Size: 7731 bytes
Desc: not available
URL: <http://www.monetdb.org/pipermail/developers-list/attachments/20161108/62c2c522/attachment-0004.sql>
-------------- next part --------------
* thread #5: tid = 27483, 0x00007fa802f5104f libc.so.6`__GI_raise + 207, name = 'mserver5', stop reason = signal SIGABRT
    frame #0: 0x00007fa802f5104f libc.so.6`__GI_raise + 207
libc.so.6`__GI_raise:
->  0x7fa802f5104f <+207>: addq   $0x88, %rsp
    0x7fa802f51056 <+214>: movl   %r8d, %eax
    0x7fa802f51059 <+217>: popq   %rbx
    0x7fa802f5105a <+218>: retq
(lldb) bt
* thread #5: tid = 27483, 0x00007fa802f5104f libc.so.6`__GI_raise + 207, name = 'mserver5', stop reason = signal SIGABRT
  * frame #0: 0x00007fa802f5104f libc.so.6`__GI_raise + 207
    frame #1: 0x00007fa802f5247a libc.so.6`__GI_abort + 362
    frame #2: 0x00007fa802f49ea7 libc.so.6`__assert_fail_base + 279
    frame #3: 0x00007fa802f49f52 libc.so.6`__GI___assert_fail + 66
    frame #4: 0x00007fa80121803f lib_sql.so`exp_bin(be=0x00007fa7f00b1a70, e=0x00007fa7f018f810, left=0x00007fa7f01b8da0, right=0x0000000000000000, grp=0x0000000000000000, ext=0x0000000000000000, cnt=0x0000000000000000, sel=0x00007fa7f01b8f00) + 9109 at rel_bin.c:662
    frame #5: 0x00007fa80121cd2c lib_sql.so`rel2bin_join(be=0x00007fa7f00b1a70, rel=0x00007fa7f01b6ab0, refs=0x00007fa7f01b6d90) + 3149 at rel_bin.c:1792
    frame #6: 0x00007fa80122a018 lib_sql.so`subrel_bin(be=0x00007fa7f00b1a70, rel=0x00007fa7f01b6ab0, refs=0x00007fa7f01b6d90) + 302 at rel_bin.c:4717
    frame #7: 0x00007fa80121fb6c lib_sql.so`rel2bin_project(be=0x00007fa7f00b1a70, rel=0x00007fa7f0175f00, refs=0x00007fa7f01b6d90, topn=0x0000000000000000) + 635 at rel_bin.c:2382
    frame #8: 0x00007fa80122a11f lib_sql.so`subrel_bin(be=0x00007fa7f00b1a70, rel=0x00007fa7f0175f00, refs=0x00007fa7f01b6d90) + 565 at rel_bin.c:4740
    frame #9: 0x00007fa80121fb6c lib_sql.so`rel2bin_project(be=0x00007fa7f00b1a70, rel=0x00007fa7f018db20, refs=0x00007fa7f01b6d90, topn=0x0000000000000000) + 635 at rel_bin.c:2382
    frame #10: 0x00007fa80122a11f lib_sql.so`subrel_bin(be=0x00007fa7f00b1a70, rel=0x00007fa7f018db20, refs=0x00007fa7f01b6d90) + 565 at rel_bin.c:4740
    frame #11: 0x00007fa801220ae0 lib_sql.so`rel2bin_groupby(be=0x00007fa7f00b1a70, rel=0x00007fa7f0177140, refs=0x00007fa7f01b6d90) + 193 at rel_bin.c:2599
    frame #12: 0x00007fa80122a17b lib_sql.so`subrel_bin(be=0x00007fa7f00b1a70, rel=0x00007fa7f0177140, refs=0x00007fa7f01b6d90) + 657 at rel_bin.c:4748
    frame #13: 0x00007fa80121fb6c lib_sql.so`rel2bin_project(be=0x00007fa7f00b1a70, rel=0x00007fa7f017c190, refs=0x00007fa7f01b6d90, topn=0x0000000000000000) + 635 at rel_bin.c:2382
    frame #14: 0x00007fa80122a11f lib_sql.so`subrel_bin(be=0x00007fa7f00b1a70, rel=0x00007fa7f017c190, refs=0x00007fa7f01b6d90) + 565 at rel_bin.c:4740
    frame #15: 0x00007fa80121e2ff lib_sql.so`rel2bin_union(be=0x00007fa7f00b1a70, rel=0x00007fa7f017c1f0, refs=0x00007fa7f01b6d90) + 112 at rel_bin.c:2071
    frame #16: 0x00007fa80122a093 lib_sql.so`subrel_bin(be=0x00007fa7f00b1a70, rel=0x00007fa7f017c1f0, refs=0x00007fa7f01b6d90) + 425 at rel_bin.c:4728
    frame #17: 0x00007fa80121fb6c lib_sql.so`rel2bin_project(be=0x00007fa7f00b1a70, rel=0x00007fa7f017c6f0, refs=0x00007fa7f01b6d90, topn=0x0000000000000000) + 635 at rel_bin.c:2382
    frame #18: 0x00007fa80122a11f lib_sql.so`subrel_bin(be=0x00007fa7f00b1a70, rel=0x00007fa7f017c6f0, refs=0x00007fa7f01b6d90) + 565 at rel_bin.c:4740
    frame #19: 0x00007fa80121d52c lib_sql.so`rel2bin_semijoin(be=0x00007fa7f00b1a70, rel=0x00007fa7f017cbb0, refs=0x00007fa7f01b6d90) + 161 at rel_bin.c:1869
    frame #20: 0x00007fa80122a065 lib_sql.so`subrel_bin(be=0x00007fa7f00b1a70, rel=0x00007fa7f017cbb0, refs=0x00007fa7f01b6d90) + 379 at rel_bin.c:4724
    frame #21: 0x00007fa80121fb6c lib_sql.so`rel2bin_project(be=0x00007fa7f00b1a70, rel=0x00007fa7f018e190, refs=0x00007fa7f01b6d90, topn=0x0000000000000000) + 635 at rel_bin.c:2382
    frame #22: 0x00007fa80122a11f lib_sql.so`subrel_bin(be=0x00007fa7f00b1a70, rel=0x00007fa7f018e190, refs=0x00007fa7f01b6d90) + 565 at rel_bin.c:4740
    frame #23: 0x00007fa801220ae0 lib_sql.so`rel2bin_groupby(be=0x00007fa7f00b1a70, rel=0x00007fa7f017cd50, refs=0x00007fa7f01b6d90) + 193 at rel_bin.c:2599
    frame #24: 0x00007fa80122a17b lib_sql.so`subrel_bin(be=0x00007fa7f00b1a70, rel=0x00007fa7f017cd50, refs=0x00007fa7f01b6d90) + 657 at rel_bin.c:4748
    frame #25: 0x00007fa80121e2ff lib_sql.so`rel2bin_union(be=0x00007fa7f00b1a70, rel=0x00007fa7f0187740, refs=0x00007fa7f01b6d90) + 112 at rel_bin.c:2071
    frame #26: 0x00007fa80122a093 lib_sql.so`subrel_bin(be=0x00007fa7f00b1a70, rel=0x00007fa7f0187740, refs=0x00007fa7f01b6d90) + 425 at rel_bin.c:4728
    frame #27: 0x00007fa80121fb6c lib_sql.so`rel2bin_project(be=0x00007fa7f00b1a70, rel=0x00007fa7f0187c40, refs=0x00007fa7f01b6d90, topn=0x0000000000000000) + 635 at rel_bin.c:2382
    frame #28: 0x00007fa80122a11f lib_sql.so`subrel_bin(be=0x00007fa7f00b1a70, rel=0x00007fa7f0187c40, refs=0x00007fa7f01b6d90) + 565 at rel_bin.c:4740
    frame #29: 0x00007fa80121d52c lib_sql.so`rel2bin_semijoin(be=0x00007fa7f00b1a70, rel=0x00007fa7f0188100, refs=0x00007fa7f01b6d90) + 161 at rel_bin.c:1869
    frame #30: 0x00007fa80122a065 lib_sql.so`subrel_bin(be=0x00007fa7f00b1a70, rel=0x00007fa7f0188100, refs=0x00007fa7f01b6d90) + 379 at rel_bin.c:4724
    frame #31: 0x00007fa80121fb6c lib_sql.so`rel2bin_project(be=0x00007fa7f00b1a70, rel=0x00007fa7f0188a60, refs=0x00007fa7f01b6d90, topn=0x0000000000000000) + 635 at rel_bin.c:2382
    frame #32: 0x00007fa80122a11f lib_sql.so`subrel_bin(be=0x00007fa7f00b1a70, rel=0x00007fa7f0188a60, refs=0x00007fa7f01b6d90) + 565 at rel_bin.c:4740
    frame #33: 0x00007fa80121fb6c lib_sql.so`rel2bin_project(be=0x00007fa7f00b1a70, rel=0x00007fa7f0188b30, refs=0x00007fa7f01b6d90, topn=0x0000000000000000) + 635 at rel_bin.c:2382
    frame #34: 0x00007fa80122a11f lib_sql.so`subrel_bin(be=0x00007fa7f00b1a70, rel=0x00007fa7f0188b30, refs=0x00007fa7f01b6d90) + 565 at rel_bin.c:4740
    frame #35: 0x00007fa80122a416 lib_sql.so`output_rel_bin(be=0x00007fa7f00b1a70, rel=0x00007fa7f0188b30) + 102 at rel_bin.c:4805
    frame #36: 0x00007fa80123b390 lib_sql.so`sql_relation2stmt(be=0x00007fa7f00b1a70, r=0x00007fa7f0188b30) + 125 at sql_gencode.c:467
    frame #37: 0x00007fa80123b489 lib_sql.so`backend_dumpstmt(be=0x00007fa7f00b1a70, mb=0x00007fa7f00f00b0, r=0x00007fa7f0188b30, top=1, add_end=1) + 219 at sql_gencode.c:488
    frame #38: 0x00007fa80123bff2 lib_sql.so`backend_dumpproc(be=0x00007fa7f00b1a70, c=0x00007fa801860328, cq=0x00007fa7f012cb20, r=0x00007fa7f0188b30) + 1246 at sql_gencode.c:637
    frame #39: 0x00007fa801208297 lib_sql.so`SQLparser(c=0x00007fa801860328) + 4602 at sql_scenario.c:1113
    frame #40: 0x00007fa806016c65 libmonetdb5.so.21`runPhase(c=0x00007fa801860328, phase=1) + 122 at mal_scenario.c:517
    frame #41: 0x00007fa806016da9 libmonetdb5.so.21`runScenarioBody(c=0x00007fa801860328) + 288 at mal_scenario.c:550
    frame #42: 0x00007fa806016f4c libmonetdb5.so.21`runScenario(c=0x00007fa801860328) + 76 at mal_scenario.c:579
    frame #43: 0x00007fa806018a92 libmonetdb5.so.21`MSserveClient(dummy=0x00007fa801860328) + 488 at mal_session.c:448
    frame #44: 0x00007fa80601853c libmonetdb5.so.21`MSscheduleClient(command="\x90\xb9\n��, challenge="YBEXhHL3FbR", fin=0x00007fa7f0002980, fout=0x00007fa7ec002b60) + 3472 at mal_session.c:339
    frame #45: 0x00007fa8060b7e60 libmonetdb5.so.21`doChallenge(data=0x00007fa7ec0008d0) + 1209 at mal_mapi.c:197
    frame #46: 0x00007fa805b19d36 libbat.so.13`thread_starter(arg=0x00007fa7ec004c50) + 68 at gdk_system.c:485
    frame #47: 0x00007fa8032c5454 libpthread.so.0`start_thread + 196
    frame #48: 0x00007fa8030067df libc.so.6`__GI___clone + 95
-------------- next part --------------
A non-text attachment was scrubbed...
Name: query2_crash_repro.sql
Type: application/sql
Size: 1396 bytes
Desc: not available
URL: <http://www.monetdb.org/pipermail/developers-list/attachments/20161108/62c2c522/attachment-0005.sql>


More information about the developers-list mailing list