Context Navigation

← Previous Ticket
Next Ticket →

#3122 closed defect (fixed)

Topology totopgeom crashes on PostgreSQL 9.5

Reported by:	robe	Owned by:	strk
Priority:	blocker	Milestone:	PostGIS PostgreSQL
Component:	topology	Version:	master
Keywords:	pg9.5	Cc:

Description

Just had debbie rebuild latest snapshot of 9.5 and regress on 2.2, and get this:

http://debbie.postgis.net:8080/view/PostGIS/job/PostGIS_Regress_PGDEV_Weekly/149/console

The first crash is in totopogeom. I suspect the others might be just cause postgres didn't restart in time.

 regress/totopogeom .. failed (diff expected obtained: /var/lib/jenkins/workspace/postgis/regress_pgdev/tmp/2_2_pg9.5w64/test_36_diff)
-----------------------------------------------------------------------------
--- regress/totopogeom_expected	2014-04-26 22:51:51.000000000 -0700
+++ /var/lib/jenkins/workspace/postgis/regress_pgdev/tmp/2_2_pg9.5w64/test_36_out	2015-05-19 10:12:46.000000000 -0700
@@ -21,27 +21,7 @@
 POINT(0 0)|t
 LINESTRING(0 10,10 10)|t
 POLYGON((0 20,10 20,5 30,0 20),(2 22,8 22,5 28,2 22))|t
-MULTIPOINT(0 -10,5 -10)|t
-MULTILINESTRING((-1 10,-10 10),(-10 8,-2 9))|t
-MULTIPOLYGON(((100 20,110 20,105 30,100 20),(102 22,108 22,105 28,102 22)),((80 20,90 20,90 60,80 20)))|t
-GEOMETRYCOLLECTION(POINT(-100 -100),LINESTRING(-100 -90,-90 -90),POLYGON((-100 -80,-90 -80,-95 -70,-100 -80),(-98 -78,-92 -78,-95 -72,-98 -78)),MULTIPOINT(-100 -110,-95 -110),LINESTRING EMPTY,MULTILINESTRING((-101 -90,-110 -90),(-110 -92,-102 -91)),MULTIPOLYGON(((0 -80,10 -80,5 -70,0 -80),(2 -78,8 -78,5 -72,2 -78)),((-20 -80,-10 -80,-10 -40,-20 -80))))|GEOMETRYCOLLECTION(MULTIPOLYGON(((-100 -80,-95 -70,-90 -80,-100 -80),(-98 -78,-92 -78,-95 -72,-98 -78)),((0 -80,5 -70,10 -80,0 -80),(2 -78,8 -78,5 -72,2 -78)),((-20 -80,-10 -40,-10 -80,-20 -80))),MULTILINESTRING((-110 -92,-102 -91),(-101 -90,-110 -90),(-100 -90,-90 -90)),MULTIPOINT(-100 -110,-100 -100,-95 -110))
-MULTIPOINT EMPTY
-MULTIPOINT EMPTY
-MULTILINESTRING EMPTY
-MULTILINESTRING EMPTY
-MULTIPOLYGON EMPTY
-MULTIPOLYGON EMPTY
-GEOMETRYCOLLECTION EMPTY
-tolerance_1|0.5
-tolerance_topo_1|0.5
-tolerance_0|0
-custom_search_path|0
-#1790.1|0|0
-#1790.2|0|0
-#1790.3|0|0
-#1968.1|0
-#1968.2|0
-tgup1.1|5|100|1
-tgup1.2|5|200|2
-tgup1.3|5|200|4
-Topology 'tt' dropped
+server closed the connection unexpectedly
+	This probably means the server terminated abnormally
+	before or while processing the request.
+connection to server was lost
-----------------------------------------------------------------------------
 regress/droptopology .. failed (diff expected obtained: /var/lib/jenkins/workspace/postgis/regress_pgdev/tmp/2_2_pg9.5w64/test_37_diff)
-----------------------------------------------------------------------------
--- regress/droptopology_expected	2014-04-26 22:51:51.000000000 -0700
+++ /var/lib/jenkins/workspace/postgis/regress_pgdev/tmp/2_2_pg9.5w64/test_37_out	2015-05-19 10:12:46.000000000 -0700
@@ -1,6 +1 @@
-t
-t
-t
-t
-Topology 't1' dropped
-Topology 't2' dropped
+psql: FATAL:  the database system is in recovery mode
-----------------------------------------------------------------------------
 regress/droptopogeometrycolumn .. failed (diff expected obtained: /var/lib/jenkins/workspace/postgis/regress_pgdev/tmp/2_2_pg9.5w64/test_38_diff)

Change History (4)

comment:1 by robe, 9 years ago

Keywords:	pg9.5 added

Crashes on my development mingw64 machine too running latest PostgreSQL. Interstingly pramsey is getting no crashing on his mac.

I isolated the issue to multigeometries. The crashing starts at

with inp as ( select 'MULTIPOINT((0 -10),(5 -10))' ::geometry as g)
select St_AsText(g), ST_Equals(totopogeom(g, 'tt', 1)::geometry, g) from inp;

Backtrace looks like this:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 4252.0x3cf4]
array_contain_compare (array1=array1@entry=0xdd94200, array2=array2@entry=0xde69db8, collation=<optimized out>, matchall=matchall@entry=1 '\001', fn_extra=0xdeac920) at arrayfuncs.c:4116
4116                            if (isnull2)
(gdb) bt
#0  array_contain_compare (array1=array1@entry=0xdd94200, array2=array2@entry=0xde69db8, collation=<optimized out>, matchall=matchall@entry=1 '\001', fn_extra=0xdeac920) at arrayfuncs.c:4116
#1  0x00000000006ab084 in arraycontains (fcinfo=0xdeac958) at arrayfuncs.c:4181
#2  0x000000000057bf4b in ExecMakeFunctionResultNoSets (fcache=0xdeac8e8, econtext=0x48eef28, isNull=0x273da80 "", isDone=<optimized out>) at execQual.c:2018
#3  0x000000006ab4bcb2 in exec_eval_simple_expr (rettypmod=0x273d99c, rettype=<optimized out>, isNull=0x273da80 "", result=<synthetic pointer>, expr=0xddf5d58, estate=0x273e100) at pl_exec.c:5385
#4  exec_eval_expr (estate=0x273e100, expr=0xddf5d58, isNull=0x273da80 "", rettype=<optimized out>, rettypmod=0x273d99c) at pl_exec.c:4974
#5  0x000000006ab4db50 in exec_eval_boolean (estate=estate@entry=0x273e100, expr=<optimized out>, isNull=isNull@entry=0x273da80 "") at pl_exec.c:4940
#6  0x000000006ab501d3 in exec_stmt_if (stmt=0xddf74d8, estate=0x273e100) at pl_exec.c:1713
#7  exec_stmt (stmt=0xddf74d8, estate=0x273e100) at pl_exec.c:1464
#8  exec_stmts (estate=0x273e100, stmts=<optimized out>) at pl_exec.c:1415
#9  0x000000006ab53812 in exec_for_query (estate=estate@entry=0x273e100, stmt=stmt@entry=0xddf57c8, portal=0x48d8e98, prefetch_ok=prefetch_ok@entry=1 '\001') at pl_exec.c:5158
#10 0x000000006ab4f89f in exec_stmt_fors (stmt=0xddf57c8, estate=0x273e100) at pl_exec.c:2142
#11 exec_stmt (stmt=0xddf57c8, estate=0x273e100) at pl_exec.c:1484
#12 exec_stmts (estate=0x273e100, stmts=<optimized out>) at pl_exec.c:1415
#13 0x000000006ab53812 in exec_for_query (estate=estate@entry=0x273e100, stmt=stmt@entry=0xddf44b0, portal=0x48d8d80, prefetch_ok=prefetch_ok@entry=1 '\001') at pl_exec.c:5158
#14 0x000000006ab4f89f in exec_stmt_fors (stmt=0xddf44b0, estate=0x273e100) at pl_exec.c:2142
#15 exec_stmt (stmt=0xddf44b0, estate=0x273e100) at pl_exec.c:1484
#16 exec_stmts (estate=0x273e100, stmts=<optimized out>) at pl_exec.c:1415
#17 0x000000006ab525e2 in exec_stmt_block (estate=0x0, estate@entry=0x273e100, block=0xa004e0 <error_context_stack>) at pl_exec.c:1353
#18 0x000000006ab52820 in plpgsql_exec_function (func=0x4910510, func@entry=0xddd31c0, fcinfo=0xddd31c0, fcinfo@entry=0x273e358, simple_eval_estate=simple_eval_estate@entry=0x0) at pl_exec.c:402
#19 0x000000006ab4736b in plpgsql_call_handler (fcinfo=0x273e358) at pl_handler.c:253
#20 0x000000000057bf4b in ExecMakeFunctionResultNoSets (fcache=0xddd3150, econtext=0x48eee30, isNull=0x273e4a7 "", isDone=<optimized out>) at execQual.c:2018
#21 0x000000006ab4bcb2 in exec_eval_simple_expr (rettypmod=0x273e4ac, rettype=<optimized out>, isNull=0x273e4a7 "", result=<synthetic pointer>, expr=0x494b270, estate=0x273e850) at pl_exec.c:5385
#22 exec_eval_expr (estate=0x273e850, expr=0x494b270, isNull=0x273e4a7 "", rettype=<optimized out>, rettypmod=0x273e4ac) at pl_exec.c:4974
#23 0x000000006ab4dca6 in exec_assign_expr (estate=estate@entry=0x273e850, target=0x49405f8, expr=0x494b270) at pl_exec.c:4148
#24 0x000000006ab501ac in exec_stmt_assign (stmt=<optimized out>, stmt=<optimized out>, estate=0x273e850) at pl_exec.c:1568
#25 exec_stmt (stmt=0x494b360, estate=0x273e850) at pl_exec.c:1452
#26 exec_stmts (estate=0x273e850, stmts=<optimized out>) at pl_exec.c:1415
#27 0x000000006ab525e2 in exec_stmt_block (estate=0x0, estate@entry=0x273e850, block=0x48eee30) at pl_exec.c:1353
#28 0x000000006ab52820 in plpgsql_exec_function (func=0x283c840, func@entry=0x4930cb8, fcinfo=0x4930cb8, fcinfo@entry=0x273eaa8, simple_eval_estate=simple_eval_estate@entry=0x0) at pl_exec.c:402
#29 0x000000006ab4736b in plpgsql_call_handler (fcinfo=0x273eaa8) at pl_handler.c:253
#30 0x000000000057bf4b in ExecMakeFunctionResultNoSets (fcache=0x4930c48, econtext=0x4926c30, isNull=0x4928200 "", isDone=<optimized out>) at execQual.c:2018
#31 0x000000000057bef1 in ExecMakeFunctionResultNoSets (fcache=0x4927e50, econtext=0x4926c30, isNull=0x49279e8 "", isDone=<optimized out>) at execQual.c:1992
#32 0x000000000057bef1 in ExecMakeFunctionResultNoSets (fcache=0x4927638, econtext=0x4926c30, isNull=0x4931b61 "\177~\177\177\177\177\177\230xƒ\002", isDone=<optimized out>) at execQual.c:1992
#33 0x0000000000581eb0 in ExecTargetList (isDone=0x273ed1c, itemIsDone=0x4931cd8, isnull=0x4931b60 "", values=0x4931b38, econtext=0x4926c30, targetlist=0x4931c78) at execQual.c:5363
#34 ExecProject (projInfo=projInfo@entry=0x4931b80, isDone=isDone@entry=0x273ed1c) at execQual.c:5578
#35 0x0000000000582300 in ExecScan (node=node@entry=0x48e34d8, accessMtd=accessMtd@entry=0x598910 <CteScanNext>, recheckMtd=recheckMtd@entry=0x598900 <CteScanRecheck>) at execScan.c:207
#36 0x0000000000598a53 in ExecCteScan (node=node@entry=0x48e34d8) at nodeCtescan.c:158
#37 0x000000000057ad18 in ExecProcNode (node=node@entry=0x48e34d8) at execProcnode.c:450
#38 0x0000000000577a6e in ExecutePlan (dest=0x49306c8, direction=<optimized out>, numberTuples=0, sendTuples=1 '\001', operation=CMD_SELECT, planstate=0x48e34d8, estate=0x48e2cb8) at execMain.c:1550
#39 standard_ExecutorRun (queryDesc=0x2835098, direction=<optimized out>, count=0) at execMain.c:337
#40 0x000000000068ba68 in PortalRunSelect (portal=portal@entry=0x48d8c68, forward=forward@entry=1 '\001', count=0, count@entry=41153104, dest=dest@entry=0x0) at pquery.c:952
#41 0x000000000068d0c6 in PortalRun (portal=0x273eeb0, portal@entry=0x48d8c68, count=41153104, count@entry=2147483647, isTopLevel=isTopLevel@entry=0 '\000', dest=0x0, dest@entry=0x49306c8, altdest=altdest@entry=0x49306c8, completionTag=0x273f210 "", completionTag@entry=0x40000000093 <error: Cannot access memory at address 0x40000000093>) at pquery.c:796
#42 0x000000000068a964 in exec_simple_query (query_string=0x0) at postgres.c:1104
#43 PostgresMain (argc=<optimized out>, argv=argv@entry=0x3181a8, dbname=0x10000f000e000d <error: Cannot access memory at address 0x10000f000e000d>, username=<optimized out>) at postgres.c:4025
#44 0x000000000062a913 in BackendRun (port=0x273f400) at postmaster.c:4162
#45 SubPostmasterMain (argc=argc@entry=3, argv=argv@entry=0x27a7fa0) at postmaster.c:4649
#46 0x00000000007c6830 in main (argc=3, argv=0x27a7fa0) at main.c:198
(gdb)

comment:2 by robe, 9 years ago

Posted upstream at: http://www.postgresql.org/message-id/20150522181334.24047.38596@wrigleys.postgresql.org

comment:3 by robe, 9 years ago

Just reran debbie, and Tom's fix noted here

> Since May 9th our Debian build bot has been crashing on one of our PostGIS
> regression tests.

> I tried the same exercise on my Mingw-w64 GCC 4.8.3 (with latest PostgreSQL
> 9.5 - (dated 5/22) and also have crashing in same spot.

> I isoloated the offending query in PostGIS to this:

> with inp as ( select 'MULTIPOINT((0 -10),(5 -10))' ::geometry as g)
> select St_AsText(g), ST_Equals(totopogeom(g, 'tt', 1)::geometry, g) from
> inp;

> Which produces a gdb backtrace:

> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 4252.0x3cf4]
> array_contain_compare (array1=array1(at)entry=0xdd94200,
> array2=array2(at)entry=0xde69db8, collation=<optimized out>,
> matchall=matchall(at)entry=1 '\001', fn_extra=0xdeac920) at arrayfuncs.c:4116
> 4116                            if (isnull2)

Hm.  Just guessing from the location of the crash, but I'll bet I
overlooked the case of an expanded array with no nulls, ie should be

-			bool		isnull2 = nulls2[j];
+			bool		isnull2 = nulls2 ? nulls2[j] : false;

I'll commit that in a few minutes, please confirm whether it fixes this
for you.

			regards, tom lane

Fixed the issue.

comment:4 by robe, 9 years ago

Milestone:	PostGIS 2.2.0 → PostGIS PostgreSQL
Resolution:	→ fixed
Status:	new → closed

Note: See TracTickets for help on using tickets.

Download in other formats: