Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UBSAN: applying an offset to null pointer in postgres sort #10295

Closed
mbautin opened this issue Oct 14, 2021 · 0 comments
Closed

UBSAN: applying an offset to null pointer in postgres sort #10295

mbautin opened this issue Oct 14, 2021 · 0 comments
Assignees
@mbautin

Comments

@mbautin
Copy link
Collaborator

mbautin commented Oct 14, 2021 

ts1|pid64391|:10316 ../../../../../../../src/postgres/src/backend/utils/sort/logtape.c:293:33: runtime error: applying zero offset to null pointer
ts1|pid64391|:10316     #0 0x14572b0 in ltsReadFillBuffer src/postgres/src/backend/utils/sort/../../../../../../../src/postgres/src/backend/utils/sort/logtape.c:293:33
ts1|pid64391|:10316     #1 0x1456d39 in LogicalTapeRewindForRead src/postgres/src/backend/utils/sort/../../../../../../../src/postgres/src/backend/utils/sort/logtape.c:784:2
ts1|pid64391|:10316     #2 0x1475042 in mergeruns src/postgres/src/backend/utils/sort/../../../../../../../src/postgres/src/backend/utils/sort/tuplesort.c:2674:3
ts1|pid64391|:10316     #3 0x14721b5 in tuplesort_performsort src/postgres/src/backend/utils/sort/../../../../../../../src/postgres/src/backend/utils/sort/tuplesort.c:1867:4
ts1|pid64391|:10316     #8 0xae946f in standard_ExecutorRun src/postgres/src/backend/executor/../../../../../../src/postgres/src/backend/executor/execMain.c:367:3
ts1|pid64391|:10316     #9 0x7fcee256fb74 in pgss_ExecutorRun src/postgres/contrib/pg_stat_statements/../../../../../src/postgres/contrib/pg_stat_statements/pg_stat_statements.c:947:4
ts1|pid64391|:10316     #10 0x7fcee2359a1f in ybpgm_ExecutorRun src/postgres/contrib/yb_pg_metrics/../../../../../src/postgres/contrib/yb_pg_metrics/yb_pg_metrics.c:492:7
ts1|pid64391|:10316     #12 0xff235a in PortalRunSelect src/postgres/src/backend/tcop/../../../../../../src/postgres/src/backend/tcop/pquery.c:955:4
ts1|pid64391|:10316     #13 0xff3b99 in DoPortalRunFetch src/postgres/src/backend/tcop/../../../../../../src/postgres/src/backend/tcop/pquery.c
ts1|pid64391|:10316     #14 0xff3468 in PortalRunFetch src/postgres/src/backend/tcop/../../../../../../src/postgres/src/backend/tcop/pquery.c
ts1|pid64391|:10316     #15 0x9c157d in PerformPortalFetch src/postgres/src/backend/commands/../../../../../../src/postgres/src/backend/commands/portalcmds.c:198:15
ts1|pid64391|:10316     #16 0xff5d43 in standard_ProcessUtility src/postgres/src/backend/tcop/../../../../../../src/postgres/src/backend/tcop/utility.c:542:4
ts1|pid64391|:10316     #17 0xff4d48 in YBProcessUtilityDefaultHook src/postgres/src/backend/tcop/../../../../../../src/postgres/src/backend/tcop/utility.c:3591:3
ts1|pid64391|:10316     #18 0x7fcee2570842 in pgss_ProcessUtility src/postgres/contrib/pg_stat_statements/../../../../../src/postgres/contrib/pg_stat_statements/pg_stat_statements.c:1056:5
ts1|pid64391|:10316     #19 0x7fcee235a6b8 in ybpgm_ProcessUtility src/postgres/contrib/yb_pg_metrics/../../../../../src/postgres/contrib/yb_pg_metrics/yb_pg_metrics.c:666:9
ts1|pid64391|:10316     #20 0x7fcee2145c0d in pgaudit_NextProcessUtility_hook src/postgres/contrib/pgaudit/../../../../../src/postgres/contrib/pgaudit/pgaudit.c:1225:5
ts1|pid64391|:10316     #21 0x7fcee21435e1 in pgaudit_ProcessUtility_hook src/postgres/contrib/pgaudit/../../../../../src/postgres/contrib/pgaudit/pgaudit.c:1253:5
ts1|pid64391|:10316     #22 0x7fcee1ef413d in pg_hint_plan_ProcessUtility src/postgres/third-party-extensions/pg_hint_plan/../../../../../src/postgres/third-party-extensions/pg_hint_plan/pg_hint_plan.c:3033:3
ts1|pid64391|:10316     #23 0x142f1f7 in YBTxnDdlProcessUtility src/postgres/src/backend/utils/misc/../../../../../../../src/postgres/src/backend/utils/misc/pg_yb_utils.c:1294:4
ts1|pid64391|:10316     #24 0xff5258 in ProcessUtility src/postgres/src/backend/tcop/../../../../../../src/postgres/src/backend/tcop/utility.c:375:3
ts1|pid64391|:10316     #25 0xff44eb in PortalRunUtility src/postgres/src/backend/tcop/../../../../../../src/postgres/src/backend/tcop/pquery.c:1201:2
ts1|pid64391|:10316     #27 0xff15aa in PortalRun src/postgres/src/backend/tcop/../../../../../../src/postgres/src/backend/tcop/pquery.c:779:6
ts1|pid64391|:10316     #28 0xfec684 in exec_simple_query src/postgres/src/backend/tcop/../../../../../../src/postgres/src/backend/tcop/postgres.c:1161:10
ts1|pid64391|:10316     #29 0xfea378 in yb_exec_simple_query_impl src/postgres/src/backend/tcop/../../../../../../src/postgres/src/backend/tcop/postgres.c:4373:2
ts1|pid64391|:10316     #30 0xfea258 in yb_exec_query_wrapper src/postgres/src/backend/tcop/../../../../../../src/postgres/src/backend/tcop/postgres.c:4358:4
ts1|pid64391|:10316     #31 0xfe4ad1 in yb_exec_simple_query src/postgres/src/backend/tcop/../../../../../../src/postgres/src/backend/tcop/postgres.c:4388:2
ts1|pid64391|:10316     #32 0xfe2dc0 in PostgresMain src/postgres/src/backend/tcop/../../../../../../src/postgres/src/backend/tcop/postgres.c:4996:23
ts1|pid64391|:10316     #33 0xe3252c in BackendRun src/postgres/src/backend/postmaster/../../../../../../src/postgres/src/backend/postmaster/postmaster.c:4442:2
ts1|pid64391|:10316     #34 0xe313d5 in BackendStartup src/postgres/src/backend/postmaster/../../../../../../src/postgres/src/backend/postmaster/postmaster.c:4108:3
ts1|pid64391|:10316     #35 0xe2f195 in ServerLoop src/postgres/src/backend/postmaster/../../../../../../src/postgres/src/backend/postmaster/postmaster.c:1750:7
ts1|pid64391|:10316     #36 0xe2b7d8 in PostmasterMain src/postgres/src/backend/postmaster/../../../../../../src/postgres/src/backend/postmaster/postmaster.c:1413:11
ts1|pid64391|:10316     #37 0xc1df29 in PostgresServerProcessMain src/postgres/src/backend/main/../../../../../../src/postgres/src/backend/main/main.c:234:3
ts1|pid64391|:10316     #38 0xc1e411 in main (build/asan-clang12-dynamic-ninja/postgres/bin/postgres+0xc1e411)
ts1|pid64391|:10316     #39 0x7fcefedf3492 in __libc_start_main (/lib64/libc.so.6+0x23492)
ts1|pid64391|:10316     #40 0x49882d in _start (build/asan-clang12-dynamic-ninja/postgres/bin/postgres+0x49882d)
ts1|pid64391|:10316
@mbautin mbautin self-assigned this Oct 14, 2021
mbautin added a commit to mbautin/yugabyte-db that referenced this issue Oct 30, 2021
@mbautin
[yugabyte#7092] [yugabyte#10046] [yugabyte#10222] [yugabyte#10224] [y…
36ff7e2 
…ugabyte#10230] [yugabyte#10251] [yugabyte#10295] Enable Clang 12 ASAN build on AlmaLinux 8 and fix relevant bugs

Summary:
Enabling the Clang 12 ASAN build on AlmaLinux 8 and fixing these bugs from that build:
- yugabyte#7092 - pick up an updated version of LLVM where libunwind has been patched to work around crashing with an unknown x86_64 register error.
- yugabyte#10046 - suppress harmless undefined behavior in gflags.cc.
- yugabyte#10222 - increase the timeout for waiting for tablet server registration in mini cluster.
- yugabyte#10224 - when looping to wait for leader/follower of a tablet in TestUpdateLagMetrics, reset tablet server pointers to nullptr at every iteration.
- yugabyte#10230, yugabyte#10251 - use posix_spawn on Linux to create subprocesses to avoid getting stuck in the child process when allocating memory when setting environment variables because some memory allocation lock is already held by the parent process. On macOS, we still use fork+exec because posix_spawnp throws errors related to closing file descriptors. Making sure all files in our code are opened with FD_CLOEXEC is out of scope of this revision, and will be addressed by yugabyte#10321.
- yugabyte#10295 - fix undefined behavior (adding to a null pointer) in a Postgres sorting function.

Also removing Clang 7 ASAN build on CentOS 7 from Jenkins (we don't need two ASAN builds).

Test Plan: Jenkins

Reviewers: bogdan, steve.varnau, sergei

Reviewed By: sergei

Subscribers: ybase

Differential Revision: https://phabricator.dev.yugabyte.com/D13301
mbautin added a commit that referenced this issue Oct 30, 2021
@mbautin
[#7092] [#10046] [#10222] [#10224] [#10230] [#10251] [#10295] Enable …
3a45d71 
…Clang 12 ASAN build on AlmaLinux 8 and fix relevant bugs

Summary:
Updating third-party dependencies from 44ba3719652858e1f7816df87b25101e09527c88 to 2d282c38cfcbc10af7bdc1c86bf1e8af88f36efd (updating the LLVM toolchain with a bug fix, and also picking up the program_options Boost library addition by @mikhpolitov, commit yugabyte/yugabyte-db-thirdparty@2d282c3).

yugabyte-db-thirdparty diff link:
https://github.com/yugabyte/yugabyte-db-thirdparty/compare/44ba3719652858e1f7816df87b25101e09527c88..2d282c38cfcbc10af7bdc1c86bf1e8af88f36efd

Enabling the Clang 12 ASAN build on AlmaLinux 8 and fixing these bugs from that build:
- #7092 - pick up an updated version of LLVM where libunwind has been patched to work around crashing with an unknown x86_64 register error.
- #10046 - suppress harmless undefined behavior in gflags.cc.
- #10222 - increase the timeout for waiting for tablet server registration in mini cluster.
- #10224 - when looping to wait for leader/follower of a tablet in TestUpdateLagMetrics, reset tablet server pointers to nullptr at every iteration.
- #10230, #10251 - use posix_spawn on Linux to create subprocesses to avoid getting stuck in the child process when allocating memory when setting environment variables because some memory allocation lock is already held by the parent process. On macOS, we still use fork+exec because posix_spawnp throws errors related to closing file descriptors. Making sure all files in our code are opened with FD_CLOEXEC is out of scope of this revision, and will be addressed by #10321.
- #10295 - fix undefined behavior (adding to a null pointer) in a Postgres sorting function.
- Fix HostPort& field type in ysql_upgrade.h (make it HostPort). Otherwise there is an ASAN issue accessing a deallocated stack value. (No separate GitHub issue for this bug.)

Also consolidating Status generation from a C standard library error number in errno.h and errno.c, and adding a few utility macros for convenient invocation of C functions that either return an errno as the return value, or return zero vs. non zero depending on whether there is an error, and set errno as a side effect.

As part of this diff, we are removing Clang 7 ASAN build on CentOS 7 from Jenkins (we don't need two different ASAN builds).

Test Plan: Jenkins

Reviewers: bogdan, steve.varnau, sergei

Reviewed By: sergei

Subscribers: ybase

Differential Revision: https://phabricator.dev.yugabyte.com/D13301
@mbautin mbautin closed this as completed Oct 31, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mbautin mbautin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mbautin