Skip to content
Andreas Seltenreich edited this page Aug 14, 2019 · 101 revisions


Tips for bug hunting

  • The regression database left behind by postgres’ make installcheck is a good candidate to run against
  • Use libfailmalloc to hunt out-of-memory bugs
  • Starting the postmaster with -T makes it stop processes on a crash instead of doing a crash recovery

Score list

When you find bugs using sqlsmith, don’t hesitate to update the score list!

finding/discussion status when
ERROR: cache lookup failed for index 2619 commit 2015-07-02
FailedAssertion(“!(outer_rel->rows > 0)”, File: “indxpath.c”, Line: 1911) commit 2015-07-26
FailedAssertion(“!(!bms_is_empty(phinfo->ph_eval_at))”, File: “placeholder.c”, Line: 109) commit 2015-07-26
FailedAssertion(“!(key->sk_flags & 0x0080)”, File: “brin_minmax.c”, Line: 177) commit 2015-07-26
FailedAssertion(“!(join_clause_is_movable_into(rinfo, joinrel->relids, join_and_req))”, File: “relnode.c”, Line: 987) commit 2015-07-27
Division by zero in selfuncs.c:estimate_hash_bucketsize() commit 2015-07-30
FailedAssertion(“!(!bms_overlap(joinrelids, sjinfo->min_lefthand))”, File: “joinrels.c”, Line: 500) commit 2015-08-01
ERROR: plan should not reference subplan’s variable commit 2015-08-01
ERROR: failed to assign all NestLoopParams to plan nodes commit 2015-08-01
ERROR: could not find pathkey item to sort commit 2015-08-01
ERROR: could not determine which collation to use for string comparison 2015-08-01
ERROR: could not find RelOptInfo for given relids commit 2015-08-03
FailedAssertion(“!(!bms_is_empty(phinfo->ph_eval_at))”, File: “analyzejoins.c”, Line: 474) commit 2015-08-06
ERROR: too late to create a new PlaceHolderInfo commit 2015-08-07
ERROR: failed to build any %d-way joins commit 2015-08-08
Crash in regexp compiler in memory-starved server commit 2015-08-10
FailedAssertion(“!(pointer != ((void *)0))”, File: “mcxt.c”, Line: 1002) commit 2015-09-20
Failed to generate plan on lateral subqueries commit 2015-12-06
Failing assertions in spgtextproc.c commit 2015-12-18
NULL-Pointer dereference in binary_upgrade_create_empty_extension commit 2016-01-03
Out-of-bound array access in ruleutils.c commit 2016-01-07
CVE-2016-3065: Missing superuser checks in contrib/pageinspect commit 2016-02-18
Two division by 0 errors in optimizer/plan/planner.c and optimizer/path/costsize.c commit 2016-03-26
Clamp adjusted ndistinct to positive integer in estimate_hash_bucketsize(). commit 2016-03-27
Guard against zero vardata.rel->tuples in estimate_hash_bucketsize(). commit 2016-03-27
Crash in apply_projection_to_path commit 2016-04-28
Failed assertions due to acl.c using text for syscache lookup (another report, discussion) commit 2016-04-29
Failed assertion in parallel worker (ExecInitSubPlan) commit, commit, commit 2016-05-05
PANIC: failed to add BRIN tuple commit 2016-05-22
Failed assertions on parallel worker shutdown commit 2016-05-22
Failed assertion in postgres_fdw/deparse.c:1116 commit, commit 2016-06-05
ERRORs due to missing parallel unsafety tagging commit 2016-06-14
OOM crash in plpgsql_extra_checks_check_hook commit 2016-06-20
Failed to generate CTE plan commit 2016-07-01
Crash in Hot Standby commit 2016-07-01
NULL-pointer dereference on close_ps(NaN) commit 2016-07-16
FailedAssertion(“!(XLogCtl->Insert.exclusiveBackup)”, File: “xlog.c”, Line: 10200) commit 2016-08-03
FailedAssertion(“!(k == indices_count)”, File: “tsvector_op.c”, Line: 511) commit, commit 2016-08-03
Crash in GetOldestSnapshot() commit 2016-08-06
Crash in pg_get_viewdef_name_ext() commit 2016-08-06
Failed assertion in numeric aggregate commit 2016-09-04
Infinite recursion in bitshift commit 2016-10-15
Backend stuck in tsquery_rewrite commit, commit 2016-10-30
Crash on GUC serialization commit 2016-11-19
Parallel worker crash on seqscan commit 2016-11-20
Failed assertion in parallel worker in ExecInitSubPlan commit 2016-11-20
Failed assertion in parallel worker in ExecInitSubPlan commit 2016-11-24
Failed assertion in _hash_splitbucket_guts commit 2016-12-02
Crash in gather_readnext commit 2016-12-05
Crash in tsquery_rewrite/QTNBinary commit 2016-12-07
Crash reading pg_stat_activity commit 2016-12-28
Failed assertion in make_restrictinfo commit 2017-01-19
Failed assertion in _hash_kill_items/MarkBufferDirtyHint commit 2017-03-26
Unpinning error in parallel worker commit 2017-03-26
Planner crash on foreign table join commit 2017-04-08
ERROR: badly formatted node string “RESTRICTINFO… commit 2017-04-09
FailedAssertion(“!(portal->cleanup == ((void *)0))”, File: “portalmem.c”, Line: 846) commit 2017-08-13
Failed assertion in initsplan.c commit 2017-09-16
stuck spinlock in pg_stat_get_wal_receiver after OOM commit 2017-10-02
Failed assertion in adjust_appendrel_attrs_mutator commit 2017-10-22
pg_control_checkpoint() returning invalid tuples commit 2017-11-11
insufficient argument checking in satisfies_hash_partition() commit 2017-11-11
Parallel worker executor crash on master commit 2017-12-15
Segfault in expand_tuple commit 2018-04-07
Failed assertion in create_gather_path commit 2018-04-07
Failed assertion on pfree() via perform_pruning_combine_step commit 2018-04-07
FailedAssertion on partprune commit 2018-07-24
ERROR: partition missing from subplans commit 2018-08-11
ERROR: plan should not reference subplan’s variable commit 2018-08-11
Assert failed in snprintf.c commit 2018-10-01
Planner crash in mcv_get_match_bitmap commit 2019-07-10
FailedAssertion(“!(rel->reloptkind == RELOPT_BASEREL)”, File: “equivclass.c”, Line: 764) commit 2019-07-21
CVE-2019-10209: Type confusion in hashed subplans commit 2019-07-21

Libraries and extensions

Score list

Extension/Library finding/discussion status when
pg_qualstats Segfault when qual on view using expressions commit 2016-05-31
unit Crash when unit_reset() runs into an OOM error commit 2017-06-13
pg_dirtyread Failed assertion on hot standby commit 2017-08-05
orafce Crashes due to insufficent argument checking commit 2017-08-27
powa Crash on pg_reload_conf() commit 2017-09-10
glibc NULL pointer dereference in dlopen on out-of-memory commit 2017-10-03


Score list

finding/discussion status when
whereLoopFindLesser: Assertion `p->rSetup>=pTemplate->rSetup’ failed commit 2016-06-23
applyNumericAffinity: Assertion `(pRec->flags & (0x0002¦0x0004¦0x0008))==0x0002’ failed commit 2016-06-23
sqlite3ExprCacheStore: Assertion `pParse->db->mallocFailed ¦¦ cacheIsValid(pParse)’ failed 2016-06-24

MonetDB (via ssmonetdb)

Score list

bugzilla date
6075: gdk_calc.c:13113: BATcalcifthenelse_intern: Assertion `col2 != NULL’ failed. 2016-12-21
6076: rel_optimizer.c:5426: rel_push_project_up: Assertion `e’ failed. 2016-12-21
6077: mserver5: rel_optimizer.c:5444: rel_push_project_up: Assertion `e’ failed. 2016-12-21
6078: rel_bin.c:2402: rel2bin_project: Assertion `0’ failed. 2016-12-21
6080: mserver5: rel_bin.c:2391: rel2bin_project: Assertion `0’ failed. 2017-03-03
6081: Segmentation fault (core dumped) 2017-03-03
6177: Server crashes 2017-03-03
6213: SQLsmith causes server to crash 2017-03-03
6215: Bulk operators missing 2017-02-16
6216: Assertion raised (sqlsmith) 2017-03-15
6217: Segfault in rel_optimizer (sqlsmith) 2017-03-03
6219: Crash in rel_optimizer (sqlsmith) 2017-03-02
6220: Segfault in sql_ref_inc (sqlsmith) 2017-03-15
6242: Crash on rel_reduce_groupby_exps (sqlsmith) 2017-03-15
6247: Type analysis issue (sqlsmith) 2017-03-22
6249: DEFAULT in row-values missing (sqlsmith) 2017-03-22
6300: Protect against missing BATs (sqlsmith) 2017-05-11
6310: Name resolution error (sqlsmith) 2017-05-13
6312: Object not found in LIMIT clause (sqlsmith) 2017-05-13
6313: Null type resolution in disjunction fails (sqlsmith) 2017-05-13
6314: Lateral crash report (sqlsmith) 2017-05-14
6315: Exist operator on type bigint missing (sqlsmith) 2017-05-14
6316: Coalesc and limit error (sqlsmith) 2017-05-14
6319: Server crash on LATERAL (sqlsmith) 2017-05-31
6322: Crash on disjunction with LIMIT (sqlsmith) 2017-06-07
6344: Spurious errors and assertions (SQLsmith) 2017-07-12
6352: Scope resolution problem (sqlsmith) 2017-07-28
6417: Segfault encountered (sqlsmith) 2017-10-14
6418: Segfault in renaming (sqlsmith) 2017-10-14
6419: segfault in rel_optimizer (sqlsmith) 2017-10-14
6420: Assertion error in mergetable task (sqlsmith) 2017-10-14
6421: Assertion error in sql_ref_dec (sqlsmith) 2017-10-15
6422: Another assertion error in rel_or (sqlsmith) 2017-10-15
6423: Dereference null pointer (sqlsmith) 2017-10-15
6424: Assertion error in rel_rename_expr (sqlsmith) 2017-10-16
6425: Assertion error in exp_bin (sqlsmith) 2017-10-16
6426: Assertion error in rel_find_exp_ (sqlsmith) 2017-10-16
6427: Assertion error in eq_typeswitchloop (sqlsmith) 2017-10-17
6430: Assertion raised in another eq_typeswitch error (sqlsmith) 2017-10-17
6432: Assertion error in exp_bin (sqlsmith) 2017-10-18
6449: Assertion error in rel_dce_refs (sqlsmith) 2017-10-29
6450: Assertion error in exp_bin (sqlsmith) 2017-10-30
6451: Assertion error in sql_ref_dec (sqlsmith) 2017-11-01
6453: Assertion error in rel_rename_exps (sqlsmith) 2017-11-01
6455: Assertion error in rel_apply_rewrite (sqlsmith) 2017-11-01
6459: Assertion error in exp_bin (sqlsmith) 2017-11-08
6472: Assertion failure in rel_rename (Sqlsmith) 2017-12-14
6474: Assertion error in exp_bin (sqlsmith) 2017-11-22
6477: assertion eror rel_push_project_up (sqlsmith) 2017-12-14
6480: Segfault in mvc_find_subexp (sqlsmith) 2017-12-10
Clone this wiki locally
You can’t perform that action at this time.