Re: PostgreSQL crashes with SIGSEGV

From: Peter Geoghegan <pg(at)bowt(dot)ie>
To: Andreas Seltenreich <andreas(dot)seltenreich(at)credativ(dot)de>
Cc: Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Bernd Helmle <mailings(at)oopsware(dot)de>, PostgreSQL mailing lists <pgsql-bugs(at)postgresql(dot)org>
Subject: Re: PostgreSQL crashes with SIGSEGV
Date: 2017-12-14 20:06:26
Message-ID: CAH2-Wzn-bfz5EfQhH84vsNSKr-=TACdGPSfRRiOYQv8f=yJoKg@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs pgsql-hackers

On Thu, Dec 14, 2017 at 10:47 AM, Andreas Seltenreich
<andreas(dot)seltenreich(at)credativ(dot)de> wrote:
> We did some more reducing work on the original query and data. The
> following testcase reproduces the double free reported by valgrind for
> me when run against a vanilla REL9_6_STABLE build.

> --8<---------------cut here---------------start------------->8---
> drop table if exists bug;
> create table bug (n text, v text, b text, t text);
> insert into bug
> select i%9, i%9, i%16 ,i%4096 from generate_series(1,100000) g(i);
> analyze bug;
>
> explain select * from (
> select thecube.nv
> from ( select
> (n || ' ') || coalesce(v, '') as nv
> from bug
> group by ((n || ' ') || coalesce(v, '')) ,cube(b, t)
> ) thecube
> where nv = '8 8'
> ) sub limit 7000;
> --8<---------------cut here---------------end--------------->8---

I can reproduce this against REL9_6_STABLE, once work_mem is set to
4MB, and replacement_sort_tuples is set to 150000.

--
Peter Geoghegan

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message winter2019 2017-12-14 21:49:17 BUG #14977: Unable to download
Previous Message David G. Johnston 2017-12-14 19:35:28 Re: BUG #14976: Connect to server

Browse pgsql-hackers by date

  From Date Subject
Next Message Andres Freund 2017-12-14 20:26:26 Re: pgbench's expression parsing & negative numbers
Previous Message Robert Haas 2017-12-14 19:26:40 Re: [HACKERS] Surjective functional indexes