Server crashes when trying to execute select f1()

[nkPit]

Hello!

After building postgres with ASAN in the following way:

export ASAN_OPTIONS=detect_leaks=0:abort_on_error=1:disable_coredump=0:strict_string_checks=1:check_initialization_order=1:strict_init_order=1
CPPFLAGS="-Og -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all -fno-sanitize=nonnull-attribute -fstack-protector" LDFLAGS='-fsanitize=address -fsanitize=undefined -static-libasan' ./configure --enable-tap-tests --enable-debug --enable-cassert >/dev/null && make -j4 -s && make -j4 -s -C contrib && make check

And executing the following query:

create extension plpgsql_check ;
CREATE FUNCTION public.f1() RETURNS integer
    LANGUAGE plpgsql
    AS $$
declare c constant int default 100;
begin
  return c;
end;
$$;

select f1();
create or replace function test_function()
returns void as $$
begin
  perform plpgsql_check_pragma('sequence: xx');
  perform nextval('pg_temp.xy');
  perform nextval('pg_temp.xx');
end
$$ language plpgsql;
select * from plpgsql_check_function('test_function');
drop function test_function();
set plpgsql_check.mode = 'every_start';
select f1();

the server crashes.

coredump:

#0  0x00007f169eafb9fc in pthread_kill () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0  0x00007f169eafb9fc in pthread_kill () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007f169eaa7476 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007f169ea8d7f3 in abort () from /lib/x86_64-linux-gnu/libc.so.6
#3  0x0000556c9be221d1 in ExceptionalCondition (conditionName=conditionName@entry=0x556c9c2e1980 "plan == plansource->gplan",
    fileName=fileName@entry=0x556c9c2e1180 "plancache.c", lineNumber=lineNumber@entry=1329) at assert.c:66
#4  0x0000556c9bddeded in CachedPlanAllowsSimpleValidityCheck (plansource=0x61900002c298, plan=plan@entry=0x619000038b88,
    owner=0x629000021248) at plancache.c:1329
#5  0x00007f16907d871b in exec_eval_simple_expr (estate=estate@entry=0x7ffdea68a210, expr=expr@entry=0x62500005af28,
    result=result@entry=0x7ffdea689e20, isNull=isNull@entry=0x7ffdea689eb0, rettype=rettype@entry=0x7ffdea689ec0,
    rettypmod=rettypmod@entry=0x7ffdea689ed0) at pl_exec.c:6120
#6  0x00007f16907db788 in exec_eval_expr (estate=estate@entry=0x7ffdea68a210, expr=expr@entry=0x62500005af28,
    isNull=isNull@entry=0x7ffdea689eb0, rettype=rettype@entry=0x7ffdea689ec0, rettypmod=rettypmod@entry=0x7ffdea689ed0)
    at pl_exec.c:5702
#7  0x00007f16907e7b18 in exec_assign_expr (estate=estate@entry=0x7ffdea68a210, target=target@entry=0x62500007fae8,
    expr=0x62500005af28) at pl_exec.c:5034
#8  0x00007f16907ebe6b in exec_stmt_block (estate=estate@entry=0x7ffdea68a210, block=block@entry=0x62500005bca0) at pl_exec.c:1710
#9  0x00007f16907ed4cc in exec_toplevel_block (estate=estate@entry=0x7ffdea68a210, block=0x62500005bca0) at pl_exec.c:1633
#10 0x00007f16907ee234 in plpgsql_exec_function (func=func@entry=0x629000020878, fcinfo=fcinfo@entry=0x625000062100,
    simple_eval_estate=simple_eval_estate@entry=0x0, simple_eval_resowner=simple_eval_resowner@entry=0x0,
    procedure_resowner=procedure_resowner@entry=0x0, atomic=<optimized out>) at pl_exec.c:622
#11 0x00007f1690817a3f in plpgsql_call_handler (fcinfo=<optimized out>) at pl_handler.c:277
#12 0x0000556c9be488e9 in fmgr_security_definer (fcinfo=<optimized out>) at fmgr.c:718
#13 0x0000556c9b1fa901 in ExecInterpExpr (state=0x625000062028, econtext=0x625000061d50, isnull=0x7ffdea68a8a0)
    at execExprInterp.c:734
#14 0x0000556c9b1e74df in ExecInterpExprStillValid (state=0x625000062028, econtext=0x625000061d50, isNull=0x7ffdea68a8a0)
    at execExprInterp.c:1870
#15 0x0000556c9b31519b in ExecEvalExprSwitchContext (isNull=0x7ffdea68a8a0, econtext=0x625000061d50, state=0x625000062028)
    at ../../../src/include/executor/executor.h:355
#16 ExecProject (projInfo=0x625000062020) at ../../../src/include/executor/executor.h:389
#17 ExecResult (pstate=<optimized out>) at nodeResult.c:136
#18 0x0000556c9b23704f in ExecProcNodeFirst (node=0x625000061c40) at execProcnode.c:464
#19 0x0000556c9b215146 in ExecProcNode (node=0x625000061c40) at ../../../src/include/executor/executor.h:273
#20 ExecutePlan (estate=estate@entry=0x625000061a18, planstate=0x625000061c40, use_parallel_mode=<optimized out>, use_parallel_mode@entry=false, operation=operation@entry=CMD_SELECT, sendTuples=true, numberTuples=numberTuples@entry=0, direction=ForwardScanDirection, dest=0x6250000b20e8, execute_once=true) at execMain.c:1670
#21 0x0000556c9b215747 in standard_ExecutorRun (queryDesc=0x619000001a98, direction=ForwardScanDirection, count=0, execute_once=execute_once@entry=true) at execMain.c:365
#22 0x0000556c9b2159ab in ExecutorRun (queryDesc=queryDesc@entry=0x619000001a98, direction=direction@entry=ForwardScanDirection, count=count@entry=0, execute_once=execute_once@entry=true) at execMain.c:309
#23 0x0000556c9b9abd95 in PortalRunSelect (portal=portal@entry=0x625000025a18, forward=forward@entry=true, count=0, count@entry=9223372036854775807, dest=dest@entry=0x6250000b20e8) at pquery.c:924
#24 0x0000556c9b9b202c in PortalRun (portal=portal@entry=0x625000025a18, count=count@entry=9223372036854775807, isTopLevel=isTopLevel@entry=true, run_once=run_once@entry=true, dest=dest@entry=0x6250000b20e8, altdest=altdest@entry=0x6250000b20e8, qc=<optimized out>) at pquery.c:768
#25 0x0000556c9b9a5d70 in exec_simple_query (query_string=query_string@entry=0x625000005218 "select f1();") at postgres.c:1274
#26 0x0000556c9b9aab87 in PostgresMain (dbname=dbname@entry=0x6250000020e8 "postgres", username=username@entry=0x62900001b358 "test") at postgres.c:4637
#27 0x0000556c9b74985d in BackendRun (port=port@entry=0x614000001240) at postmaster.c:4464
#28 0x0000556c9b751fe6 in BackendStartup (port=port@entry=0x614000001240) at postmaster.c:4192
#29 0x0000556c9b7525e3 in ServerLoop () at postmaster.c:1782
#30 0x0000556c9b754c0e in PostmasterMain (argc=argc@entry=3, argv=argv@entry=0x6030000002e0) at postmaster.c:1466
#31 0x0000556c9b3a5054 in main (argc=3, argv=0x6030000002e0) at main.c:198

postmaster.log

TRAP: failed Assert("plan == plansource->gplan"), File: "plancache.c", Line: 1329, PID: 286441
postgres: test postgres [local] SELECT(+0x1c3213e)[0x556c9a9ad13e]
postgres: test postgres [local] SELECT(ExceptionalCondition+0xea)[0x556c9be22182]
postgres: test postgres [local] SELECT(CachedPlanAllowsSimpleValidityCheck+0x374)[0x556c9bddeded]
/home/test/test/postgres/tmp_install/usr/local/pgsql/lib/plpgsql.so(+0xaa71b)[0x7f169085a71b]
/home/test/test/postgres/tmp_install/usr/local/pgsql/lib/plpgsql.so(+0xad788)[0x7f169085d788]
/home/test/test/postgres/tmp_install/usr/local/pgsql/lib/plpgsql.so(+0xb9b18)[0x7f1690869b18]
/home/test/test/postgres/tmp_install/usr/local/pgsql/lib/plpgsql.so(+0xbde6b)[0x7f169086de6b]
/home/test/test/postgres/tmp_install/usr/local/pgsql/lib/plpgsql.so(+0xbf4cc)[0x7f169086f4cc]
/home/test/test/postgres/tmp_install/usr/local/pgsql/lib/plpgsql.so(+0xc0234)[0x7f1690870234]
/home/test/test/postgres/tmp_install/usr/local/pgsql/lib/plpgsql.so(plpgsql_call_handler+0x5a8)[0x7f1690899a3f]
postgres: test postgres [local] SELECT(fmgr_security_definer+0x4dd)[0x556c9be488e9]
postgres: test postgres [local] SELECT(+0x247f901)[0x556c9b1fa901]
postgres: test postgres [local] SELECT(ExecInterpExprStillValid+0x65)[0x556c9b1e74df]
postgres: test postgres [local] SELECT(+0x259a19b)[0x556c9b31519b]
postgres: test postgres [local] SELECT(+0x24bc04f)[0x556c9b23704f]
postgres: test postgres [local] SELECT(+0x249a146)[0x556c9b215146]
postgres: test postgres [local] SELECT(+0x24bc04f)[0x556c9b23704f]
postgres: test postgres [local] SELECT(+0x249a146)[0x556c9b215146]
postgres: test postgres [local] SELECT(standard_ExecutorRun+0x4b6)[0x556c9b215747]
postgres: test postgres [local] SELECT(ExecutorRun+0x26)[0x556c9b2159ab]
postgres: test postgres [local] SELECT(+0x2c30d95)[0x556c9b9abd95]
postgres: test postgres [local] SELECT(PortalRun+0x8e5)[0x556c9b9b202c]
postgres: test postgres [local] SELECT(+0x2c2ad70)[0x556c9b9a5d70]
postgres: test postgres [local] SELECT(PostgresMain+0xe58)[0x556c9b9aab87]
postgres: test postgres [local] SELECT(+0x29ce85d)[0x556c9b74985d]
postgres: test postgres [local] SELECT(+0x29d6fe6)[0x556c9b751fe6]
postgres: test postgres [local] SELECT(+0x29d75e3)[0x556c9b7525e3]
postgres: test postgres [local] SELECT(BackgroundWorkerInitializeConnection+0x0)[0x556c9b754c0e]
postgres: test postgres [local] SELECT(main+0x420)[0x556c9b3a5054]
/lib/x86_64-linux-gnu/libc.so.6(+0x29d90)[0x7f169ea8ed90]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80)[0x7f169ea8ee40]
postgres: test postgres [local] SELECT(_start+0x25)[0x556c9a98c045]
2024-06-06 14:07:08.335 UTC [286404] LOG:  server process (PID 286441) was terminated by signal 6: Aborted

Postgres version:

postgres=# select version();
                                                version
-------------------------------------------------------------------------------------------------------
 PostgreSQL 16.3 on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0, 64-bit

plpgsql_check version:

plpgsql_check | 2.7     | public     | extended check for plpgsql functions

commit: a7585cc39b91f294b4720edfcb9fb0e8d921e002

Best regards, Nikita Kalinin Postgres Professional: http://postgrespro.com/

[okbob]

Unfortunately - with your confing I cannot to build postgres

=185360==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 200 byte(s) in 1 object(s) allocated from:
    #0 0x57eb57 in malloc (/usr/local/pgsql/master/bin/postgres+0x57eb57) (BuildId: 28a842ad0bc27bcd1e50f479a8c01a825b2f4ca4)
    #1 0x188e36a in save_ps_display_args /home/pavel/src/postgresql.master/src/backend/utils/misc/ps_status.c:190
    #2 0x7fffd7952550  ([stack]+0x20550)

SUMMARY: AddressSanitizer: 200 byte(s) leaked in 1 allocation(s).
child process exited with exit code 1
initdb: removing contents of data directory "/usr/local/pgsql/master/data"

=================================================================
==185245==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 207 byte(s) in 9 object(s) allocated from:
    #0 0x4c5727 in malloc (/usr/local/pgsql/master/bin/initdb+0x4c5727) (BuildId: 387e1c554812b157f30b4ab0387265565d04a079)
    #1 0x5405b4 in escape_single_quotes_ascii /home/pavel/src/postgresql.master/src/port/quotes.c:38

Direct leak of 76 byte(s) in 1 object(s) allocated from:
    #0 0x4c5727 in malloc (/usr/local/pgsql/master/bin/initdb+0x4c5727) (BuildId: 387e1c554812b157f30b4ab0387265565d04a079)
    #1 0x7fb1b9b57836 in __GI_getaddrinfo (/lib64/libc.so.6+0x144836) (BuildId: 4a92fcedbba6d6d2629ce066a2970017faa9995e)
    #2 0x4898d3 in getaddrinfo.part.0 (/usr/local/pgsql/master/bin/initdb+0x4898d3) (BuildId: 387e1c554812b157f30b4ab0387265565d04a079)
    #3 0x5241ad in setup_config /home/pavel/src/postgresql.master/src/bin/initdb/initdb.c:1424

Direct leak of 67 byte(s) in 5 object(s) allocated from:
    #0 0x4c5727 in malloc (/usr/local/pgsql/master/bin/initdb+0x4c5727) (BuildId: 387e1c554812b157f30b4ab0387265565d04a079)
    #1 0x53befc in pg_malloc_internal /home/pavel/src/postgresql.master/src/common/fe_memutils.c:30

Direct leak of 10 byte(s) in 2 object(s) allocated from:
    #0 0x4bf8b0 in strdup (/usr/local/pgsql/master/bin/initdb+0x4bf8b0) (BuildId: 387e1c554812b157f30b4ab0387265565d04a079)
    #1 0x53c0ea in pg_strdup /home/pavel/src/postgresql.master/src/common/fe_memutils.c:95

Indirect leak of 152 byte(s) in 2 object(s) allocated from:
    #0 0x4c5727 in malloc (/usr/local/pgsql/master/bin/initdb+0x4c5727) (BuildId: 387e1c554812b157f30b4ab0387265565d04a079)
    #1 0x7fb1b9b57836 in __GI_getaddrinfo (/lib64/libc.so.6+0x144836) (BuildId: 4a92fcedbba6d6d2629ce066a2970017faa9995e)
    #2 0x4898d3 in getaddrinfo.part.0 (/usr/local/pgsql/master/bin/initdb+0x4898d3) (BuildId: 387e1c554812b157f30b4ab0387265565d04a079)
    #3 0x5241ad in setup_config /home/pavel/src/postgresql.master/src/bin/initdb/initdb.c:1424

[okbob]

but it crashes just with enabled assertions - ASAN is not necessary

[okbob]

looks so perform plpgsql_check_pragma('sequence: xx'); corrupts in some cases plpgsql memory

minimal test case

select f1();
select * from plpgsql_check_function('test_function');
set plpgsql_check.mode = 'every_start';
select f1();

[nkPit]

Unfortunately - with your confing I cannot to build postgres

This problem remains when building postgres with a CPPFLAGS="-Og"

CPPFLAGS="-Og" ./configure --enable-tap-tests --enable-debug --enable-cassert >/dev/null && make -j4 -s && make -j4 -s -C contrib && make check

[okbob]

I can reproduce this problem, but it looks (without deeper investigation) like hitting PostgreSQL bug. I'll fix it, but it needs more time than I have now.

[okbob]

https://www.postgresql.org/message-id/1694260.1718234686%40sss.pgh.pa.us

[nkPit]

https://www.postgresql.org/message-id/1694260.1718234686%40sss.pgh.pa.us

Yes. This is my bug report. What should I do with this issue, close it?

[okbob]

čt 13. 6. 2024 v 7:58 odesílatel nkPit @.***> napsal:

https://www.postgresql.org/message-id/1694260.1718234686%40sss.pgh.pa.us

Yes. This is my bug report. What should I do with this issue, close it?

I can close it, when it will be fixed in Postgres, and I will be able recheck it.

— Reply to this email directly, view it on GitHub https://github.com/okbob/plpgsql_check/issues/174#issuecomment-2164496003, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAEFO47HOUVCDXM2SXAEHC3ZHEYI3AVCNFSM6AAAAABI43L3DOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNRUGQ4TMMBQGM . You are receiving this because you commented.Message ID: @.***>

[okbob]

It still crashes after 6dfac24401b7143ad5c75f991c18105e1267f88e - it is related to using SPI - but this needs more investigation

[okbob]

should be fixed in 2.7.7