Skip to content

Home

Jump to bottom Edit New page
Dennis Felsing edited this page Apr 6, 2023 · 112 revisions

PostgreSQL

Tips for bug hunting

  • The regression database left behind by postgres’ make installcheck is a good candidate to run against
  • Use libfailmalloc to hunt out-of-memory bugs
  • Starting the postmaster with -T makes it stop processes on a crash instead of doing a crash recovery

Score list

When you find bugs using sqlsmith, don’t hesitate to update the score list!

finding/discussion status when
ERROR: cache lookup failed for index 2619 commit 2015-07-02
FailedAssertion(“!(outer_rel->rows > 0)”, File: “indxpath.c”, Line: 1911) commit 2015-07-26
FailedAssertion(“!(!bms_is_empty(phinfo->ph_eval_at))”, File: “placeholder.c”, Line: 109) commit 2015-07-26
FailedAssertion(“!(key->sk_flags & 0x0080)”, File: “brin_minmax.c”, Line: 177) commit 2015-07-26
FailedAssertion(“!(join_clause_is_movable_into(rinfo, joinrel->relids, join_and_req))”, File: “relnode.c”, Line: 987) commit 2015-07-27
Division by zero in selfuncs.c:estimate_hash_bucketsize() commit 2015-07-30
FailedAssertion(“!(!bms_overlap(joinrelids, sjinfo->min_lefthand))”, File: “joinrels.c”, Line: 500) commit 2015-08-01
ERROR: plan should not reference subplan’s variable commit 2015-08-01
ERROR: failed to assign all NestLoopParams to plan nodes commit 2015-08-01
ERROR: could not find pathkey item to sort commit 2015-08-01
ERROR: could not determine which collation to use for string comparison 2015-08-01
ERROR: could not find RelOptInfo for given relids commit 2015-08-03
FailedAssertion(“!(!bms_is_empty(phinfo->ph_eval_at))”, File: “analyzejoins.c”, Line: 474) commit 2015-08-06
ERROR: too late to create a new PlaceHolderInfo commit 2015-08-07
ERROR: failed to build any %d-way joins commit 2015-08-08
Crash in regexp compiler in memory-starved server commit 2015-08-10
FailedAssertion(“!(pointer != ((void *)0))”, File: “mcxt.c”, Line: 1002) commit 2015-09-20
Failed to generate plan on lateral subqueries commit 2015-12-06
Failing assertions in spgtextproc.c commit 2015-12-18
NULL-Pointer dereference in binary_upgrade_create_empty_extension commit 2016-01-03
Out-of-bound array access in ruleutils.c commit 2016-01-07
CVE-2016-3065: Missing superuser checks in contrib/pageinspect commit 2016-02-18
Two division by 0 errors in optimizer/plan/planner.c and optimizer/path/costsize.c commit 2016-03-26
Clamp adjusted ndistinct to positive integer in estimate_hash_bucketsize(). commit 2016-03-27
Guard against zero vardata.rel->tuples in estimate_hash_bucketsize(). commit 2016-03-27
Crash in apply_projection_to_path commit 2016-04-28
Failed assertions due to acl.c using text for syscache lookup (another report, discussion) commit 2016-04-29
Failed assertion in parallel worker (ExecInitSubPlan) commit, commit, commit 2016-05-05
PANIC: failed to add BRIN tuple commit 2016-05-22
Failed assertions on parallel worker shutdown commit 2016-05-22
Failed assertion in postgres_fdw/deparse.c:1116 commit, commit 2016-06-05
ERRORs due to missing parallel unsafety tagging commit 2016-06-14
OOM crash in plpgsql_extra_checks_check_hook commit 2016-06-20
Failed to generate CTE plan commit 2016-07-01
Crash in Hot Standby commit 2016-07-01
NULL-pointer dereference on close_ps(NaN) commit 2016-07-16
FailedAssertion(“!(XLogCtl->Insert.exclusiveBackup)”, File: “xlog.c”, Line: 10200) commit 2016-08-03
FailedAssertion(“!(k == indices_count)”, File: “tsvector_op.c”, Line: 511) commit, commit 2016-08-03
Crash in GetOldestSnapshot() commit 2016-08-06
Crash in pg_get_viewdef_name_ext() commit 2016-08-06
Failed assertion in numeric aggregate commit 2016-09-04
Infinite recursion in bitshift commit 2016-10-15
Backend stuck in tsquery_rewrite commit, commit 2016-10-30
Crash on GUC serialization commit 2016-11-19
Parallel worker crash on seqscan commit 2016-11-20
Failed assertion in parallel worker in ExecInitSubPlan commit 2016-11-20
Failed assertion in parallel worker in ExecInitSubPlan commit 2016-11-24
Failed assertion in _hash_splitbucket_guts commit 2016-12-02
Crash in gather_readnext commit 2016-12-05
Crash in tsquery_rewrite/QTNBinary commit 2016-12-07
Crash reading pg_stat_activity commit 2016-12-28
Failed assertion in make_restrictinfo commit 2017-01-19
Failed assertion in _hash_kill_items/MarkBufferDirtyHint commit 2017-03-26
Unpinning error in parallel worker commit 2017-03-26
Planner crash on foreign table join commit 2017-04-08
ERROR: badly formatted node string “RESTRICTINFO… commit 2017-04-09
FailedAssertion(“!(portal->cleanup == ((void *)0))”, File: “portalmem.c”, Line: 846) commit 2017-08-13
Failed assertion in initsplan.c commit 2017-09-16
stuck spinlock in pg_stat_get_wal_receiver after OOM commit 2017-10-02
Failed assertion in adjust_appendrel_attrs_mutator commit 2017-10-22
pg_control_checkpoint() returning invalid tuples commit 2017-11-11
insufficient argument checking in satisfies_hash_partition() commit 2017-11-11
Parallel worker executor crash on master commit 2017-12-15
Segfault in expand_tuple commit 2018-04-07
Failed assertion in create_gather_path commit 2018-04-07
Failed assertion on pfree() via perform_pruning_combine_step commit 2018-04-07
FailedAssertion on partprune commit 2018-07-24
ERROR: partition missing from subplans commit 2018-08-11
ERROR: plan should not reference subplan’s variable commit 2018-08-11
Assert failed in snprintf.c commit 2018-10-01
Planner crash in mcv_get_match_bitmap commit 2019-07-10
FailedAssertion(“!(rel->reloptkind == RELOPT_BASEREL)”, File: “equivclass.c”, Line: 764) commit 2019-07-21
CVE-2019-10209: Type confusion in hashed subplans commit 2019-07-21
Failed Assertion about PolymorphicType commit 2020-04-04
segmentation fault using currtid and partitioned tables commit 2020-04-05
enable_incremental_sort changes query behavior 2020-09-26
Failed assertion during partition pruning commit 2020-11-28
Planner error on lateral joins commit 2020-11-29
parallel worker errors “subplan … was not initialized” commit 2020-11-29
pg_filenode_relation(0,0) elog commit 2021-06-12
right join with partitioned table crash commit 2021-09-15
Fix contrib/seg to be more wary of long input numbers. commit 2022-12-21
Multiple (6) Planner Asserts fixed commit, commit, commit, commit, commit, commit 2023-02-04

Libraries and extensions

Score list

Extension/Library finding/discussion status when
pg_qualstats Segfault when qual on view using expressions commit 2016-05-31
unit Crash when unit_reset() runs into an OOM error commit 2017-06-13
pg_dirtyread Failed assertion on hot standby commit 2017-08-05
orafce Crashes due to insufficent argument checking commit 2017-08-27
powa Crash on pg_reload_conf() commit 2017-09-10
glibc NULL pointer dereference in dlopen on out-of-memory commit 2017-10-03

SQLite3

Score list

finding/discussion status when
whereLoopFindLesser: Assertion `p->rSetup>=pTemplate->rSetup’ failed commit 2016-06-23
applyNumericAffinity: Assertion `(pRec->flags & (0x0002¦0x0004¦0x0008))==0x0002’ failed commit 2016-06-23
sqlite3ExprCacheStore: Assertion `pParse->db->mallocFailed ¦¦ cacheIsValid(pParse)’ failed 2016-06-24

MonetDB (via ssmonetdb)

Score list

bugzilla date
6075: gdk_calc.c:13113: BATcalcifthenelse_intern: Assertion `col2 != NULL’ failed. 2016-12-21
6076: rel_optimizer.c:5426: rel_push_project_up: Assertion `e’ failed. 2016-12-21
6077: mserver5: rel_optimizer.c:5444: rel_push_project_up: Assertion `e’ failed. 2016-12-21
6078: rel_bin.c:2402: rel2bin_project: Assertion `0’ failed. 2016-12-21
6080: mserver5: rel_bin.c:2391: rel2bin_project: Assertion `0’ failed. 2017-03-03
6081: Segmentation fault (core dumped) 2017-03-03
6177: Server crashes 2017-03-03
6213: SQLsmith causes server to crash 2017-03-03
6215: Bulk operators missing 2017-02-16
6216: Assertion raised (sqlsmith) 2017-03-15
6217: Segfault in rel_optimizer (sqlsmith) 2017-03-03
6219: Crash in rel_optimizer (sqlsmith) 2017-03-02
6220: Segfault in sql_ref_inc (sqlsmith) 2017-03-15
6242: Crash on rel_reduce_groupby_exps (sqlsmith) 2017-03-15
6247: Type analysis issue (sqlsmith) 2017-03-22
6249: DEFAULT in row-values missing (sqlsmith) 2017-03-22
6300: Protect against missing BATs (sqlsmith) 2017-05-11
6310: Name resolution error (sqlsmith) 2017-05-13
6312: Object not found in LIMIT clause (sqlsmith) 2017-05-13
6313: Null type resolution in disjunction fails (sqlsmith) 2017-05-13
6314: Lateral crash report (sqlsmith) 2017-05-14
6315: Exist operator on type bigint missing (sqlsmith) 2017-05-14
6316: Coalesc and limit error (sqlsmith) 2017-05-14
6319: Server crash on LATERAL (sqlsmith) 2017-05-31
6322: Crash on disjunction with LIMIT (sqlsmith) 2017-06-07
6344: Spurious errors and assertions (SQLsmith) 2017-07-12
6352: Scope resolution problem (sqlsmith) 2017-07-28
6417: Segfault encountered (sqlsmith) 2017-10-14
6418: Segfault in renaming (sqlsmith) 2017-10-14
6419: segfault in rel_optimizer (sqlsmith) 2017-10-14
6420: Assertion error in mergetable task (sqlsmith) 2017-10-14
6421: Assertion error in sql_ref_dec (sqlsmith) 2017-10-15
6422: Another assertion error in rel_or (sqlsmith) 2017-10-15
6423: Dereference null pointer (sqlsmith) 2017-10-15
6424: Assertion error in rel_rename_expr (sqlsmith) 2017-10-16
6425: Assertion error in exp_bin (sqlsmith) 2017-10-16
6426: Assertion error in rel_find_exp_ (sqlsmith) 2017-10-16
6427: Assertion error in eq_typeswitchloop (sqlsmith) 2017-10-17
6430: Assertion raised in another eq_typeswitch error (sqlsmith) 2017-10-17
6432: Assertion error in exp_bin (sqlsmith) 2017-10-18
6449: Assertion error in rel_dce_refs (sqlsmith) 2017-10-29
6450: Assertion error in exp_bin (sqlsmith) 2017-10-30
6451: Assertion error in sql_ref_dec (sqlsmith) 2017-11-01
6453: Assertion error in rel_rename_exps (sqlsmith) 2017-11-01
6455: Assertion error in rel_apply_rewrite (sqlsmith) 2017-11-01
6459: Assertion error in exp_bin (sqlsmith) 2017-11-08
6472: Assertion failure in rel_rename (Sqlsmith) 2017-12-14
6474: Assertion error in exp_bin (sqlsmith) 2017-11-22
6477: assertion eror rel_push_project_up (sqlsmith) 2017-12-14
6480: Segfault in mvc_find_subexp (sqlsmith) 2017-12-10

TimescaleDB

https://github.com/timescale/timescaledb/search?q=SQLSmith&type=commits

Score list

finding status when
Fix time_bucket comparison transformation commit 2021-11-08
Fix assertion failure in cursor_fetcher_rewind commit 2021-12-13

YugabyteDB (via def-/sqlsmith)

https://github.com/yugabyte/yugabyte-db/issues?q=is%3Aissue+in%3Atitle+sqlsmith

Score list

github issue date
DocDB SQLsmith ERROR: errstart was not called / Already marked as completed 2022-01-26
YSQL SQLsmith Stuck query in ReplicationSlotAllocationLock, can’t be cancelled 2022-01-26
YSQL SQLsmith ERROR: Illegal state: Transaction for catalog table write operation ‘sql_features’ not found 2022-01-26
YSQL SQLsmith ERROR: Remote error: Illegal state (yb/client/transaction.cc:678): Attempt to release transaction in the wrong state: kAborted 2022-01-26
YSQL SQLsmith ERROR: unexpected duplicate for tablespace 0, relfilenode 0 2022-01-26
YSQL SQLsmith ERROR: cache lookup failed for type 12227 2022-01-26
YSQL SQLsmith ERROR: could not open relation with OID 1 2022-01-26
YSQL SQLsmith ERROR: Operation failed. Try again: Operation failed. Try again (yb/tablet/transaction_participant.cc:296): Unknown transaction, could be recently aborted (pgsql error 40001) 2022-01-26
YSQL SQLsmith Internal error (yb/common/ql_expr.cc:702): Unable to initialize catalog manager: Failed to initialize sys tables async: Failed log replay. Reason: Column unexpectedly not found in cache 2022-01-26
YSQL SQLsmith TRAP: FailedAssertion(“!(bms_is_subset(appendrel->lateral_relids, required_outer))”, File: “../../../../../../../src/postgres/src/backend/optimizer/util/relnode.c”, Line: 1543) 2022-01-26
YSQL SQLsmith TRAP: FailedAssertion(“!(!((allPgXactproc->pgprocno.xid) != ((TransactionId) 0)))”, File: “../../../../../../../src/postgres/src/backend/storage/ipc/procarray.c”, Line: 440) 2022-01-26
DocDB SQLsmith ERROR: transaction ID is in the future 2022-01-26
YSQL SQLsmith TRAP: BadArgument(“!(((context) != ((void*)0) && (((((const Node*)((context)))->type) == T_AllocSetContext) ((((const Node*)((context)))->type) == T_SlabContext) ((((const Node*)((context)))->type) == T_GenerationContext))))”, File: 2022-01-26
YSQL SQLsmith TRAP: FailedAssertion(“!(buflen - 1 == ‘\0’)”, File: “../../../../../src/postgres/src/common/psprintf.c”, Line: 123) 2022-01-26
YSQL SQLsmith TRAP: FailedAssertion(“!(IsSearchNull(ybScan->keyi.sk_flags))”, File: “../../../../../../../src/postgres/src/backend/access/yb_access/yb_scan.c”, Line: 838) 2022-01-26
YSQL SQLsmith AddressSanitizer: heap-use-after-free in yb::pggate::PgMemctx::Clear() 2022-01-27
YSQL SQLsmith AddressSanitizer: SEGV on unknown address 0x000000000408 in yb::PgsqlResponsePB::SharedCtor() 2022-01-27
YSQL SQLsmith TRAP: FailedAssertion(“!(tuple != ((void*)0))”, File: “../../../../../../src/postgres/src/backend/executor/execTuples.c”, Line: 355) 2022-02-01
YSQL SQLsmith ../../src/yb/rpc/outbound_call.cc:183 Check failed: IsFinished() 2022-02-01
YSQL SQLsmith ../../src/yb/rpc/proxy.cc:112 Timeout to wait resolve to complete 2022-02-01
YSQL SQLsmith Delete statement involving triggers fails assertion in debug build for invalid tupleid 2022-02-01
YSQL SQLsmith ../../src/yb/client/meta_cache.cc:2159 Destructing LookupDataGroup(0x00000001236314f8), running_request_number: 7 with non empty lookups: 0x0000000123631520 -> deadline: partition_start: 2022-02-01
YSQL SQLsmith AddressSanitizer: heap-use-after-free in yb::client::internal::Batcher::FlushAsync() 2022-02-03
YSQL SQLsmith Segmentation fault in YbDatumToText() 2022-02-04
YSQL SQLsmith Segmentation fault in YBCPgFlushBufferedOperations() 2022-02-04
YSQL SQLsmith Segmentation fault in quickdie() after <signal handler> 2022-02-04
YSQL PostGIS SQLsmith Segmentation fault in getPostgisConstants() 2022-02-05
YSQL SQLsmith Segmentation fault in yb::pggate::YBCPgResetOperationsBuffering() 2022-02-05
YSQL SQLsmith Segmentation fault after infinite loop in sigusr1_handler() 2022-02-09
YSQL SQLsmith Segmentation fault in yb::rpc::Proxy::DoAsyncRequest() during ANALYZE 2022-02-09
DocDB SQLsmith util/uuid: ERROR: Corruption: Invalid length of binary data with TransactionId ”: 0 (expected 16) 2022-02-22

Materialize (via def-/sqlsmith/tree/materialize)

https://github.com/MaterializeInc/materialize/issues?q=is%3Aissue+in%3Atitle+sqlsmith+label%3AC-bug+

Score list

github issue date
thread ‘coordinator’ panicked at ‘called Result::unwrap() on an Err value: Can’t union types: Oid and String’ 2023-02-10
Cancellations not propagated to clusterd, can’t run other queries on cluster until clusterd process killed 2023-02-13
mz_transform: Optimizer::optimize(): internal transform error: scalar types do not match 2023-02-21
mz_repr::row::encoding: protobuf decoding found Dummy datum 2023-02-21
ERROR: Evaluation error: internal error: invalid input type 2023-02-23
ERROR: cannot reference pseudo type pg_catalog.list 2023-02-28
ERROR: operator is not unique: “char” = character 2023-02-28
Invalid data in source, saw retractions 2023-02-28
ERROR: internal error: unimplemented join 2023-03-02
thread ‘tokio:work-2’ panicked at ‘capacity overflow’ 2023-03-02
ERROR: coalesce could not convert type character to “char” 2023-03-02
thread ‘coordinator’ panicked at ‘Datum::unwrap_int32 called on Int16(0)’ 2023-03-07
Evaluation error: unit ‘…’ not recognized 2023-03-07
thread ‘timely:work-0’ panicked at ‘can not convert float seconds to Duration: value is negative’ 2023-03-07
thread ‘coordinator’ panicked at ‘Expression in join plan is not bound at time of use’ 2023-03-07
thread ‘timely:work-0’ panicked at ‘internal error: invalid encoded state: couldn’t decode batch at key …: External format error: File out of specification: A parquet file must containt a header and footer with at least 12 bytes 2023-03-08
thread ‘coordinator’ panicked at ‘internal error: entered unreachable code: Float8 is not a range element type’ 2023-03-09
ERROR: internal transform error: scalar types do not match: 2023-03-09
thread ‘timely:work-0’ panicked at ‘Datum::unwrap_string called on Null’ 2023-03-09
thread ‘timely:work-0’ panicked at ‘batch fetcher could not fetch batch part: unexpected missing blob: … for shard: …’ 2023-03-10
ERROR: WHERE clause error: sum(interval) not yet supported 2023-03-10
ERROR: array_agg on arrays not yet supported 2023-03-10
thread ‘coordinator’ panicked at ‘assertion failed: !self.expressions.iter().any(e e.contains_temporal())’ 2023-03-10
ERROR: Unsupported temporal predicate. Note: mz_now() must be directly compared to a mz_timestamp-castable expression. Expression found: (mz_now() < mz_now()) 2023-03-10
thread ‘timely:work-0’ panicked at ‘Invalid argument to AggregateFunc::Any: Int64(43)’ 2023-03-10
thread ‘coordinator’ panicked at ‘into_element called on collection with more than one element’ 2023-03-15
ERROR: unexpected ScalarExpr in uncorrelated plan 2023-03-16
Add a custom footer
Add a custom sidebar
Clone this wiki locally