Opened 2 years ago

Closed 2 years ago

#5224 closed defect (fixed)

Segmentation fault in ST_Covers

Reported by: klette Owned by: pramsey
Priority: medium Milestone: PostGIS GEOS
Component: postgis Version: 3.2.x
Keywords: Cc:

Description

Hi, we've been experiencing segmentation faults (signal 11) in production lately, so I have been trying to debug what's going on.

The production query (ORM generated, so not the prettiest thing):

SELECT "installercost_costmodelcoveredarea"."id",
       "installercost_costmodelcoveredarea"."name",
       "installercost_costmodelcoveredarea"."code",
       EXISTS(
        SELECT (1) AS "a"
          FROM "installercost_costmodelcoveredarea" U0
         INNER JOIN "installercost_costmodel_covered_areas" U1
            ON (U0."id" = U1."costmodelcoveredarea_id")
         WHERE (U1."costmodel_id" = 'eddcec87-ae8c-4312-bb52-fac52c5c6ffe'::uuid AND NOT (U0."id" = "installercost_costmodelcoveredarea"."id") AND ST_Covers(ST_MakeValid(CAST(U0."geometry" AS geometry(GEOMETRY,4326))), ST_MakeValid(CAST("installercost_costmodelcoveredarea"."geometry" AS geometry(GEOMETRY,4326)))))
         LIMIT 1
       ) AS "has_encapsulating_parent"
  FROM "installercost_costmodelcoveredarea"
 INNER JOIN "installercost_costmodel_covered_areas"
    ON ("installercost_costmodelcoveredarea"."id" = "installercost_costmodel_covered_areas"."costmodelcoveredarea_id")
 WHERE "installercost_costmodel_covered_areas"."costmodel_id" = 'eddcec87-ae8c-4312-bb52-fac52c5c6ffe'::uuid 
 ORDER BY "installercost_costmodelcoveredarea"."code" ASC;

As mentioned this crashes the server, but only on some input.

I was able to reproduce the error locally using the production dataset, but I've not been able to create a minimal case.

I created a stack trace in GDB with symbols, but I don't have a debug build available:

Program received signal SIGSEGV, Segmentation fault.
geos::geom::Envelope::intersects (this=0x55752ba7f550, other=...) at /usr/src/debug/geos-3.10.2-4.fc36.x86_64/include/geos/geom/Envelope.inl:237
237	    return (other.x <= maxx && other.x >= minx &&
Missing separate debuginfos, use: dnf debuginfo-install libbrotli-1.0.9-7.fc36.x86_64 libnghttp2-1.46.0-2.fc36.x86_64
#0  geos::geom::Envelope::intersects (this=0x55752ba7f550, other=...) at /usr/src/debug/geos-3.10.2-4.fc36.x86_64/include/geos/geom/Envelope.inl:237
No locals.
#1  0x00007fcd06f13a64 in geos::algorithm::locate::SimplePointInAreaLocator::locate (p=..., geom=0x55752ba63cd0) at /usr/src/debug/geos-3.10.2-4.fc36.x86_64/src/algorithm/locate/SimplePointInAreaLocator.cpp:50
No locals.
#2  0x00007fcd06f3149c in geos::algorithm::locate::SimplePointInAreaLocator::locate (p=<optimized out>, this=<synthetic pointer>) at /usr/src/debug/geos-3.10.2-4.fc36.x86_64/include/geos/algorithm/locate/SimplePointInAreaLocator.h:98
No locals.
#3  geos::geom::prep::PreparedPolygonPredicate::isAnyTargetComponentInAreaTest (this=this@entry=0x7ffc73004da0, testGeom=testGeom@entry=0x55752ba63cd0, targetRepPts=0x55752ba7f860)
    at /usr/src/debug/geos-3.10.2-4.fc36.x86_64/src/geom/prep/PreparedPolygonPredicate.cpp:164
        pt = <optimized out>
        loc = <optimized out>
        i = <optimized out>
        ni = 2
        piaLoc = <optimized out>
#4  0x00007fcd06f354fb in geos::geom::prep::AbstractPreparedPolygonContains::eval (this=0x7ffc73004da0, geom=0x55752ba63cd0) at /usr/src/debug/geos-3.10.2-4.fc36.x86_64/src/geom/prep/AbstractPreparedPolygonContains.cpp:173
        isTargetInTestArea = <optimized out>
        outermostLoc = <optimized out>
        properIntersectionImpliesNotContained = true
#5  0x00007fcd06f35627 in geos::geom::prep::PreparedPolygonCovers::covers (geom=0x55752ba63cd0, this=0x7ffc73004da0) at /usr/src/debug/geos-3.10.2-4.fc36.x86_64/include/geos/geom/prep/PreparedPolygonCovers.h:101
No locals.
#6  geos::geom::prep::PreparedPolygonCovers::covers (geom=0x55752ba63cd0, prep=0x55752ba7f850) at /usr/src/debug/geos-3.10.2-4.fc36.x86_64/include/geos/geom/prep/PreparedPolygonCovers.h:80
        polyInt = {<geos::geom::prep::AbstractPreparedPolygonContains> = {<geos::geom::prep::PreparedPolygonPredicate> = {_vptr.PreparedPolygonPredicate = 0x7fcd07085478 <vtable for geos::geom::prep::PreparedPolygonCovers+16>, 
              prepPoly = 0x55752ba7f850}, hasSegmentIntersection = false, hasProperIntersection = false, hasNonProperIntersection = false, requireSomePointInInterior = false}, <No data fields>}
#7  geos::geom::prep::PreparedPolygon::covers (g=0x55752ba63cd0, this=0x55752ba7f850) at /usr/src/debug/geos-3.10.2-4.fc36.x86_64/src/geom/prep/PreparedPolygon.cpp:124
No locals.
#8  geos::geom::prep::PreparedPolygon::covers (this=0x55752ba7f850, g=0x55752ba63cd0) at /usr/src/debug/geos-3.10.2-4.fc36.x86_64/src/geom/prep/PreparedPolygon.cpp:111
No locals.
#9  0x00007fcd07471a6b in operator() (__closure=<optimized out>) at /usr/src/debug/geos-3.10.2-4.fc36.x86_64/capi/geos_ts_c.cpp:3204
        pg = <optimized out>
        g = <optimized out>
        pg = <optimized out>
        g = <optimized out>
#10 execute<GEOSPreparedCovers_r(GEOSContextHandle_t, const geos::geom::prep::PreparedGeometry*, const geos::geom::Geometry*)::<lambda()> > (errval=2 '\002', f=..., extHandle=0x55752ba214a0)
    at /usr/src/debug/geos-3.10.2-4.fc36.x86_64/capi/geos_ts_c.cpp:384
        handle = 0x55752ba214a0
        handle = <optimized out>
        e = <optimized out>
#11 GEOSPreparedCovers_r (extHandle=0x55752ba214a0, pg=<optimized out>, g=<optimized out>) at /usr/src/debug/geos-3.10.2-4.fc36.x86_64/capi/geos_ts_c.cpp:3203
No locals.
#12 0x00007fcd074db879 in covers (fcinfo=0x55752ba99948) at /usr/src/debug/postgis-3.2.2-1.fc36.x86_64/postgis/lwgeom_geos.c:2036
        g1 = 0x55752ba63cd0
        __errno_location = <optimized out>
        shared_geom1 = <optimized out>
        shared_geom2 = 0x55752ba96d50
        geom1 = <optimized out>
        geom2 = 0x55752bb63208
        result = <optimized out>
        box1 = {flags = 4, xmin = 20.858917236328125, xmax = 23.246383666992188, ymin = 50.534378051757812, ymax = 51.923946380615234, zmin = 6.9425600579334835e-310, zmax = 4.9406564584124654e-324, mmin = 6.9425397015962754e-310, 
          mmax = 6.7501224797414468e-319}
        box2 = {flags = 4, xmin = 21.325468063354492, xmax = 21.860111236572266, ymin = 51.220718383789062, ymax = 51.500843048095703, zmin = 4.6423264247249451e-310, zmax = 4.64232637123226e-310, mmin = -1.3236840153589345e-282, 
          mmax = 21.860111236572266}
        prep_cache = 0x55752baad0f0
        __func__ = "covers"
#13 0x000055752983b55b in ExecInterpExpr (state=0x55752ba99008, econtext=0x55752ba5ac28, isnull=<optimized out>) at executor/execExprInterp.c:1260
        eqresult = <optimized out>
        fcinfo = <optimized out>
        op = <optimized out>
        resultslot = 0x0
        innerslot = <optimized out>
        outerslot = <optimized out>
        scanslot = 0x55752ba5acb8
        dispatch_table = {0x55752983b2cc <ExecInterpExpr+268>, 0x55752983b750 <ExecInterpExpr+1424>, 0x55752983b728 <ExecInterpExpr+1384>, 0x55752983b700 <ExecInterpExpr+1344>, 0x55752983b6d0 <ExecInterpExpr+1296>, 
          0x55752983c2f0 <ExecInterpExpr+4400>, 0x55752983b6a0 <ExecInterpExpr+1248>, 0x55752983b660 <ExecInterpExpr+1184>, 0x55752983c2e0 <ExecInterpExpr+4384>, 0x55752983b680 <ExecInterpExpr+1216>, 
          0x55752983b640 <ExecInterpExpr+1152>, 0x55752983b600 <ExecInterpExpr+1088>, 0x55752983c2c8 <ExecInterpExpr+4360>, 0x55752983c2a0 <ExecInterpExpr+4320>, 0x55752983b5d8 <ExecInterpExpr+1048>, 0x55752983b5a0 <ExecInterpExpr+992>, 
          0x55752983b578 <ExecInterpExpr+952>, 0x55752983b548 <ExecInterpExpr+904>, 0x55752983b510 <ExecInterpExpr+848>, 0x55752983b4f0 <ExecInterpExpr+816>, 0x55752983b4d0 <ExecInterpExpr+784>, 0x55752983b240 <ExecInterpExpr+128>, 
          0x55752983b24b <ExecInterpExpr+139>, 0x55752983b490 <ExecInterpExpr+720>, 0x55752983b280 <ExecInterpExpr+192>, 0x55752983b28b <ExecInterpExpr+203>, 0x55752983c268 <ExecInterpExpr+4264>, 0x55752983c220 <ExecInterpExpr+4192>, 
          0x55752983c230 <ExecInterpExpr+4208>, 0x55752983b3a0 <ExecInterpExpr+480>, 0x55752983c200 <ExecInterpExpr+4160>, 0x55752983c1e8 <ExecInterpExpr+4136>, 0x55752983c1c0 <ExecInterpExpr+4096>, 0x55752983c198 <ExecInterpExpr+4056>, 
          0x55752983c170 <ExecInterpExpr+4016>, 0x55752983c158 <ExecInterpExpr+3992>, 0x55752983c140 <ExecInterpExpr+3968>, 0x55752983c120 <ExecInterpExpr+3936>, 0x55752983c0d0 <ExecInterpExpr+3856>, 
          0x55752983c0a0 <ExecInterpExpr+3808>, 0x55752983c100 <ExecInterpExpr+3904>, 0x55752983c060 <ExecInterpExpr+3744>, 0x55752983c040 <ExecInterpExpr+3712>, 0x55752983c030 <ExecInterpExpr+3696>, 
          0x55752983c000 <ExecInterpExpr+3648>, 0x55752983bfb0 <ExecInterpExpr+3568>, 0x55752983bf60 <ExecInterpExpr+3488>, 0x55752983bf20 <ExecInterpExpr+3424>, 0x55752983bee8 <ExecInterpExpr+3368>, 
          0x55752983be68 <ExecInterpExpr+3240>, 0x55752983bed0 <ExecInterpExpr+3344>, 0x557529634864 <ExecInterpExpr-2124124>, 0x55752983bdf8 <ExecInterpExpr+3128>, 0x55752983bde0 <ExecInterpExpr+3104>, 
          0x55752983be10 <ExecInterpExpr+3152>, 0x55752983be50 <ExecInterpExpr+3216>, 0x55752983bda8 <ExecInterpExpr+3048>, 0x55752983bd58 <ExecInterpExpr+2968>, 0x55752983bd40 <ExecInterpExpr+2944>, 
          0x55752983bd20 <ExecInterpExpr+2912>, 0x55752983bce0 <ExecInterpExpr+2848>, 0x55752983bd00 <ExecInterpExpr+2880>, 0x55752983bcc0 <ExecInterpExpr+2816>, 0x55752983bcb0 <ExecInterpExpr+2800>, 0x55752983b220 <ExecInterpExpr+96>, 
          0x55752983b224 <ExecInterpExpr+100>, 0x55752983bfd0 <ExecInterpExpr+3600>, 0x55752983bba0 <ExecInterpExpr+2528>, 0x55752983bb78 <ExecInterpExpr+2488>, 0x55752983bc98 <ExecInterpExpr+2776>, 0x55752983bc80 <ExecInterpExpr+2752>, 
          0x55752983bc48 <ExecInterpExpr+2696>, 0x55752983bb60 <ExecInterpExpr+2464>, 0x55752983bc60 <ExecInterpExpr+2720>, 0x55752983bb48 <ExecInterpExpr+2440>, 0x55752983bc10 <ExecInterpExpr+2640>, 
          0x55752983bbc0 <ExecInterpExpr+2560>, 0x55752983b308 <ExecInterpExpr+328>, 0x55752983b316 <ExecInterpExpr+342>, 0x55752983bb10 <ExecInterpExpr+2384>, 0x55752983baa0 <ExecInterpExpr+2272>, 0x55752983bae0 <ExecInterpExpr+2336>, 
          0x55752983b3b0 <ExecInterpExpr+496>, 0x55752983ba70 <ExecInterpExpr+2224>, 0x55752983b9c0 <ExecInterpExpr+2048>, 0x55752983b8c8 <ExecInterpExpr+1800>, 0x55752983b890 <ExecInterpExpr+1744>, 0x55752983b7b0 <ExecInterpExpr+1520>, 
          0x55752983b780 <ExecInterpExpr+1472>, 0x55752983b470 <ExecInterpExpr+688>, 0x55752983b2c8 <ExecInterpExpr+264>}
#14 0x000055752984cc27 in ExecEvalExprSwitchContext (isNull=0x7ffc73004f87, econtext=0x55752ba5ac28, state=0x55752ba99008) at access/heap/../../../../src/include/executor/executor.h:339
        retDatum = <optimized out>
        oldContext = 0x55752ba58e20
#15 ExecQual (econtext=0x55752ba5ac28, state=0x55752ba99008) at access/heap/../../../../src/include/executor/executor.h:408
        ret = <optimized out>
        isnull = false
#16 ExecScan (node=0x55752ba5aa18, accessMtd=0x5575298667d0 <IndexNext>, recheckMtd=0x55752985f050 <IndexRecheck>) at executor/execScan.c:227
        slot = 0x55752ba5acb8
        econtext = 0x55752ba5ac28
        qual = 0x55752ba99008
        projInfo = 0x55752ba98768
#17 0x0000557529845e7c in ExecProcNodeInstr (node=0x55752ba5aa18) at executor/execProcnode.c:479
        result = <optimized out>
#18 0x000055752986bca5 in ExecProcNode (node=0x55752ba5aa18) at executor/../../../src/include/executor/executor.h:257
No locals.
#19 ExecMemoize (pstate=0x55752ba5a778) at executor/nodeMemoize.c:743
        entry = <optimized out>
        outerslot = <optimized out>
        found = <optimized out>
        node = 0x55752ba5a778
        outerNode = 0x55752ba5aa18
        slot = <optimized out>
        __func__ = "ExecMemoize"
#20 0x0000557529845e7c in ExecProcNodeInstr (node=0x55752ba5a778) at executor/execProcnode.c:479
        result = <optimized out>
#21 0x00005575298733f8 in ExecProcNode (node=0x55752ba5a778) at executor/../../../src/include/executor/executor.h:257
No locals.
#22 ExecNestLoop (pstate=<optimized out>) at executor/nodeNestloop.c:160
        node = <optimized out>
        nl = 0x55752ba76918
        innerPlan = 0x55752ba5a778
        outerPlan = 0x55752ba59418
        outerTupleSlot = <optimized out>
        innerTupleSlot = <optimized out>
        joinqual = 0x0
        otherqual = <optimized out>
        econtext = 0x55752ba59338
        lc = <optimized out>
#23 0x0000557529845e7c in ExecProcNodeInstr (node=0x55752ba59228) at executor/execProcnode.c:479
        result = <optimized out>
#24 0x0000557529877b53 in ExecProcNode (node=0x55752ba59228) at executor/../../../src/include/executor/executor.h:257
No locals.
#25 ExecScanSubPlan (isNull=0x55752baa9c7d, econtext=0x55752ba9e160, node=<optimized out>) at executor/nodeSubplan.c:323
        found = false
        astate = 0x0
        subplan = 0x55752ba8eeb8
        subLinkType = <optimized out>
        slot = <optimized out>
        planstate = 0x55752ba59228
        oldcontext = 0x55752baa25d0
        result = 0
        pvar = <optimized out>
        l = <optimized out>
        subplan = <optimized out>
        planstate = <optimized out>
        subLinkType = <optimized out>
        oldcontext = <optimized out>
        slot = <optimized out>
        result = <optimized out>
        found = <optimized out>
        pvar = <optimized out>
        l = <optimized out>
        astate = <optimized out>
        __func__ = <optimized out>
        estate = <optimized out>
        l__state = <optimized out>
        paramid = <optimized out>
        prm = <optimized out>
        l__state = <optimized out>
        paramid = <optimized out>
        prm = <optimized out>
        tdesc = <optimized out>
        rowresult = <optimized out>
        rownull = <optimized out>
        col = <optimized out>
        plst = <optimized out>
        __errno_location = <optimized out>
        dvalue = <optimized out>
        disnull = <optimized out>
        __errno_location = <optimized out>
        plst__state = <optimized out>
        paramid = <optimized out>
        prmdata = <optimized out>
#26 ExecSubPlan (node=<optimized out>, econtext=0x55752ba9e160, isNull=0x55752baa9c7d) at executor/nodeSubplan.c:89
        subplan = <optimized out>
        estate = 0x55752ba58f38
        dir = ForwardScanDirection
        retval = <optimized out>
        __func__ = "ExecSubPlan"
#27 0x000055752983bc0a in ExecEvalSubPlan (econtext=0x55752ba9e160, op=<optimized out>, state=0x55752baa9c78) at executor/execExprInterp.c:3932
        sstate = <optimized out>
        sstate = <optimized out>
#28 ExecInterpExpr (state=0x55752baa9c78, econtext=0x55752ba9e160, isnull=<optimized out>) at executor/execExprInterp.c:1564
        op = <optimized out>
        resultslot = 0x55752baa9be0
        innerslot = <optimized out>
        outerslot = <optimized out>
        scanslot = 0x0
        dispatch_table = {0x55752983b2cc <ExecInterpExpr+268>, 0x55752983b750 <ExecInterpExpr+1424>, 0x55752983b728 <ExecInterpExpr+1384>, 0x55752983b700 <ExecInterpExpr+1344>, 0x55752983b6d0 <ExecInterpExpr+1296>, 
          0x55752983c2f0 <ExecInterpExpr+4400>, 0x55752983b6a0 <ExecInterpExpr+1248>, 0x55752983b660 <ExecInterpExpr+1184>, 0x55752983c2e0 <ExecInterpExpr+4384>, 0x55752983b680 <ExecInterpExpr+1216>, 
          0x55752983b640 <ExecInterpExpr+1152>, 0x55752983b600 <ExecInterpExpr+1088>, 0x55752983c2c8 <ExecInterpExpr+4360>, 0x55752983c2a0 <ExecInterpExpr+4320>, 0x55752983b5d8 <ExecInterpExpr+1048>, 0x55752983b5a0 <ExecInterpExpr+992>, 
          0x55752983b578 <ExecInterpExpr+952>, 0x55752983b548 <ExecInterpExpr+904>, 0x55752983b510 <ExecInterpExpr+848>, 0x55752983b4f0 <ExecInterpExpr+816>, 0x55752983b4d0 <ExecInterpExpr+784>, 0x55752983b240 <ExecInterpExpr+128>, 
          0x55752983b24b <ExecInterpExpr+139>, 0x55752983b490 <ExecInterpExpr+720>, 0x55752983b280 <ExecInterpExpr+192>, 0x55752983b28b <ExecInterpExpr+203>, 0x55752983c268 <ExecInterpExpr+4264>, 0x55752983c220 <ExecInterpExpr+4192>, 
          0x55752983c230 <ExecInterpExpr+4208>, 0x55752983b3a0 <ExecInterpExpr+480>, 0x55752983c200 <ExecInterpExpr+4160>, 0x55752983c1e8 <ExecInterpExpr+4136>, 0x55752983c1c0 <ExecInterpExpr+4096>, 0x55752983c198 <ExecInterpExpr+4056>, 
          0x55752983c170 <ExecInterpExpr+4016>, 0x55752983c158 <ExecInterpExpr+3992>, 0x55752983c140 <ExecInterpExpr+3968>, 0x55752983c120 <ExecInterpExpr+3936>, 0x55752983c0d0 <ExecInterpExpr+3856>, 
          0x55752983c0a0 <ExecInterpExpr+3808>, 0x55752983c100 <ExecInterpExpr+3904>, 0x55752983c060 <ExecInterpExpr+3744>, 0x55752983c040 <ExecInterpExpr+3712>, 0x55752983c030 <ExecInterpExpr+3696>, 
          0x55752983c000 <ExecInterpExpr+3648>, 0x55752983bfb0 <ExecInterpExpr+3568>, 0x55752983bf60 <ExecInterpExpr+3488>, 0x55752983bf20 <ExecInterpExpr+3424>, 0x55752983bee8 <ExecInterpExpr+3368>, 
          0x55752983be68 <ExecInterpExpr+3240>, 0x55752983bed0 <ExecInterpExpr+3344>, 0x557529634864 <ExecInterpExpr-2124124>, 0x55752983bdf8 <ExecInterpExpr+3128>, 0x55752983bde0 <ExecInterpExpr+3104>, 
          0x55752983be10 <ExecInterpExpr+3152>, 0x55752983be50 <ExecInterpExpr+3216>, 0x55752983bda8 <ExecInterpExpr+3048>, 0x55752983bd58 <ExecInterpExpr+2968>, 0x55752983bd40 <ExecInterpExpr+2944>, 
          0x55752983bd20 <ExecInterpExpr+2912>, 0x55752983bce0 <ExecInterpExpr+2848>, 0x55752983bd00 <ExecInterpExpr+2880>, 0x55752983bcc0 <ExecInterpExpr+2816>, 0x55752983bcb0 <ExecInterpExpr+2800>, 0x55752983b220 <ExecInterpExpr+96>, 
          0x55752983b224 <ExecInterpExpr+100>, 0x55752983bfd0 <ExecInterpExpr+3600>, 0x55752983bba0 <ExecInterpExpr+2528>, 0x55752983bb78 <ExecInterpExpr+2488>, 0x55752983bc98 <ExecInterpExpr+2776>, 0x55752983bc80 <ExecInterpExpr+2752>, 
          0x55752983bc48 <ExecInterpExpr+2696>, 0x55752983bb60 <ExecInterpExpr+2464>, 0x55752983bc60 <ExecInterpExpr+2720>, 0x55752983bb48 <ExecInterpExpr+2440>, 0x55752983bc10 <ExecInterpExpr+2640>, 
          0x55752983bbc0 <ExecInterpExpr+2560>, 0x55752983b308 <ExecInterpExpr+328>, 0x55752983b316 <ExecInterpExpr+342>, 0x55752983bb10 <ExecInterpExpr+2384>, 0x55752983baa0 <ExecInterpExpr+2272>, 0x55752983bae0 <ExecInterpExpr+2336>, 
          0x55752983b3b0 <ExecInterpExpr+496>, 0x55752983ba70 <ExecInterpExpr+2224>, 0x55752983b9c0 <ExecInterpExpr+2048>, 0x55752983b8c8 <ExecInterpExpr+1800>, 0x55752983b890 <ExecInterpExpr+1744>, 0x55752983b7b0 <ExecInterpExpr+1520>, 
          0x55752983b780 <ExecInterpExpr+1472>, 0x55752983b470 <ExecInterpExpr+688>, 0x55752983b2c8 <ExecInterpExpr+264>}
#29 0x0000557529873699 in ExecEvalExprSwitchContext (isNull=0x7ffc73005297, econtext=0x55752ba9e160, state=0x55752baa9c78) at executor/../../../src/include/executor/executor.h:339
        retDatum = <optimized out>
        oldContext = 0x55752ba58e20
        retDatum = <optimized out>
        oldContext = <optimized out>
#30 ExecProject (projInfo=0x55752baa9c70) at executor/../../../src/include/executor/executor.h:373
        econtext = 0x55752ba9e160
        state = 0x55752baa9c78
        slot = 0x55752baa9be0
        isnull = false
#31 ExecNestLoop (pstate=<optimized out>) at executor/nodeNestloop.c:241
        node = <optimized out>
        nl = 0x55752ba8de18
        innerPlan = <optimized out>
        outerPlan = 0x55752ba9e280
        outerTupleSlot = <optimized out>
        innerTupleSlot = <optimized out>
        joinqual = 0x0
        otherqual = <optimized out>
        econtext = <optimized out>
        lc = <optimized out>
#32 0x0000557529845e7c in ExecProcNodeInstr (node=0x55752ba9e050) at executor/execProcnode.c:479
        result = <optimized out>
#33 0x0000557529876b88 in ExecProcNode (node=0x55752ba9e050) at executor/../../../src/include/executor/executor.h:257
No locals.
#34 ExecSort (pstate=0x55752ba9de40) at executor/nodeSort.c:108
        plannode = <optimized out>
        outerNode = 0x55752ba9e050
        tupDesc = <optimized out>
        si = <optimized out>
        node = <optimized out>
        estate = 0x55752ba58f38
        dir = ForwardScanDirection
        tuplesortstate = 0x55752bab9248
        slot = <optimized out>
#35 0x0000557529845e7c in ExecProcNodeInstr (node=0x55752ba9de40) at executor/execProcnode.c:479
        result = <optimized out>
#36 0x000055752983f262 in ExecProcNode (node=0x55752ba9de40) at executor/../../../src/include/executor/executor.h:257
No locals.
#37 ExecutePlan (execute_once=<optimized out>, dest=0x557529e0f820 <donothingDR.lto_priv.0>, direction=<optimized out>, numberTuples=0, sendTuples=true, operation=CMD_SELECT, use_parallel_mode=<optimized out>, planstate=0x55752ba9de40, 
    estate=0x55752ba58f38) at executor/execMain.c:1551
        slot = <optimized out>
        current_tuple_count = 0
        slot = <optimized out>
        current_tuple_count = <optimized out>
#38 standard_ExecutorRun (queryDesc=0x55752ba90b48, direction=<optimized out>, count=0, execute_once=<optimized out>) at executor/execMain.c:361
        estate = 0x55752ba58f38
        operation = CMD_SELECT
        dest = 0x557529e0f820 <donothingDR.lto_priv.0>
        sendTuples = <optimized out>
        oldcontext = 0x55752b911960
        __func__ = "standard_ExecutorRun"
#39 0x00005575297d3395 in ExecutorRun (execute_once=true, count=0, direction=<optimized out>, queryDesc=0x55752ba90b48) at executor/execMain.c:305
No locals.
#40 ExplainOnePlan (plannedstmt=plannedstmt@entry=0x55752ba90ab8, into=into@entry=0x0, es=es@entry=0x55752ba368b8, 
    queryString=queryString@entry=0x55752b94ffb8 "explain analyze SELECT \"installercost_costmodelcoveredarea\".\"id\",\n       \"installercost_costmodelcoveredarea\".\"name\",\n       \"installercost_costmodelcoveredarea\".\"code\",\n       EXISTS(\n        SELECT "..., params=params@entry=0x0, queryEnv=queryEnv@entry=0x0, planduration=0x7ffc730054a0, bufusage=0x0) at commands/explain.c:593
        dir = <optimized out>
        dest = <optimized out>
        queryDesc = 0x55752ba90b48
        starttime = {tv_sec = 193212, tv_nsec = 771271060}
        totaltime = 0
        eflags = <optimized out>
        instrument_option = <optimized out>
#41 0x00005575297d3502 in ExplainOneQuery (query=<optimized out>, cursorOptions=<optimized out>, into=0x0, es=0x55752ba368b8, 
    queryString=0x55752b94ffb8 "explain analyze SELECT \"installercost_costmodelcoveredarea\".\"id\",\n       \"installercost_costmodelcoveredarea\".\"name\",\n       \"installercost_costmodelcoveredarea\".\"code\",\n       EXISTS(\n        SELECT "..., params=0x0, queryEnv=0x0) at commands/explain.c:410
        planstart = {tv_sec = 193212, tv_nsec = 769857899}
        bufusage = {shared_blks_hit = 140518568650264, shared_blks_read = 140722237887724, shared_blks_dirtied = 93961731534232, shared_blks_written = 93961699012838, local_blks_hit = 3, local_blks_read = 140518568650264, 
          local_blks_dirtied = 140518568650264, local_blks_written = 93961730936936, temp_blks_read = 93961731534232, temp_blks_written = 140518568650264, blk_read_time = {tv_sec = 93961731539864, tv_nsec = 93961698978814}, 
          blk_write_time = {tv_sec = 93961731535928, tv_nsec = 2}}
        plan = 0x55752ba90ab8
        planduration = {tv_sec = 0, tv_nsec = 1413018}
        bufusage_start = {shared_blks_hit = 0, shared_blks_read = 93961697415532, shared_blks_dirtied = 140722237887862, shared_blks_written = 140722237887864, local_blks_hit = 127, local_blks_read = 4294967096, local_blks_dirtied = 64, 
          local_blks_written = 93961730464096, temp_blks_read = 0, temp_blks_written = 93961731534232, blk_read_time = {tv_sec = 93961731774216, tv_nsec = 93961699241537}, blk_write_time = {tv_sec = 2048, tv_nsec = 0}}
#42 0x00005575297d3921 in ExplainQuery (pstate=<optimized out>, stmt=0x55752ba16b38, params=0x0, dest=0x55752b911ba0) at commands/explain.c:281
        l__state = {l = <optimized out>, i = 0}
        l = 0x55752ba51770
        es = 0x55752ba368b8
        tstate = <optimized out>
        jstate = <optimized out>
        query = <optimized out>
        rewritten = 0x55752ba51758
        lc = <optimized out>
        timing_set = <optimized out>
        summary_set = <optimized out>
        __func__ = "ExplainQuery"
#43 0x00005575299da03b in standard_ProcessUtility (pstmt=0x55752ba28030, 
    queryString=0x55752b94ffb8 "explain analyze SELECT \"installercost_costmodelcoveredarea\".\"id\",\n       \"installercost_costmodelcoveredarea\".\"name\",\n       \"installercost_costmodelcoveredarea\".\"code\",\n       EXISTS(\n        SELECT "..., readOnlyTree=<optimized out>, context=PROCESS_UTILITY_TOPLEVEL, params=0x0, queryEnv=0x0, dest=0x55752b911ba0, qc=0x7ffc73005760) at tcop/utility.c:862
        parsetree = 0x55752ba16b38
        isTopLevel = <optimized out>
        isAtomicContext = false
        pstate = 0x55752b911c30
        readonly_flags = <optimized out>
        __func__ = "standard_ProcessUtility"
#44 0x00005575299da65c in ProcessUtility (qc=0x7ffc73005760, dest=0x55752b911ba0, queryEnv=<optimized out>, params=<optimized out>, context=PROCESS_UTILITY_TOPLEVEL, readOnlyTree=<optimized out>, queryString=<optimized out>, 
    pstmt=0x55752ba28030) at tcop/utility.c:527
No locals.
#45 PortalRunUtility (portal=portal@entry=0x55752b9bdb48, pstmt=0x55752ba28030, isTopLevel=isTopLevel@entry=true, setHoldSnapshot=setHoldSnapshot@entry=true, dest=dest@entry=0x55752b911ba0, qc=qc@entry=0x7ffc73005760)
    at tcop/pquery.c:1155
No locals.
#46 0x00005575299daa67 in FillPortalStore (portal=0x55752b9bdb48, isTopLevel=<optimized out>) at tcop/pquery.c:1028
        treceiver = 0x55752b911ba0
        qc = {commandTag = CMDTAG_UNKNOWN, nprocessed = 0}
        __func__ = "FillPortalStore"
#47 0x00005575299dad9d in PortalRun (portal=0x55752b9bdb48, count=9223372036854775807, isTopLevel=<optimized out>, run_once=<optimized out>, dest=0x55752ba28c00, altdest=0x55752ba28c00, qc=0x7ffc73005940) at tcop/pquery.c:760
        _save_exception_stack = 0x7ffc73005d20
        _save_context_stack = 0x0
        _local_sigjmp_buf = {{__jmpbuf = {1, 6863867129712395464, 93961731169096, 0, 93961731607552, 93961731533880, 6863867130152797384, 744202186752050376}, __mask_was_saved = 0, __saved_mask = {__val = {93960999534592, 1, 1, 1, 
                93961699240471, 1, 93961731169096, 93961700891012, 93961731177304, 112, 93961730717312, 93961731169096, 0, 0, 93961699242721, 0}}}}
        __errno_location = <optimized out>
        _do_rethrow = <optimized out>
        result = <optimized out>
        nprocessed = <optimized out>
        saveTopTransactionResourceOwner = 0x55752b97f270
        saveTopTransactionContext = 0x55752b9fbba0
        saveActivePortal = 0x0
        saveResourceOwner = 0x55752b97f270
        savePortalContext = 0x0
        saveMemoryContext = 0x55752b9fbba0
        __func__ = "PortalRun"
#48 0x00005575299d2fe5 in exec_simple_query (
    query_string=0x55752b94ffb8 "explain analyze SELECT \"installercost_costmodelcoveredarea\".\"id\",\n       \"installercost_costmodelcoveredarea\".\"name\",\n       \"installercost_costmodelcoveredarea\".\"code\",\n       EXISTS(\n        SELECT "...) at tcop/postgres.c:1214
        __errno_location = <optimized out>
        fportal = <optimized out>
        snapshot_set = <optimized out>
        per_parsetree_context = 0x0
        plantree_list = 0x55752ba295a0
        stmt = <optimized out>
        parsetree = 0x55752ba16c08
        commandTag = <optimized out>
        qc = {commandTag = CMDTAG_UNKNOWN, nprocessed = 0}
        querytree_list = <optimized out>
        portal = 0x55752b9bdb48
        receiver = 0x55752ba28c00
        format = <optimized out>
        parsetree_item__state = {l = 0x55752ba16c38, i = 0}
        dest = <optimized out>
        oldcontext = 0x55752b9fbba0
        parsetree_list = 0x55752ba16c38
        parsetree_item = <optimized out>
        save_log_statement_stats = false
        was_logged = false
        use_implicit_block = false
        msec_str = "\000\000\000\000\002\000\000\000\v\000\000\000\260\232h\205\000\000\000\000\000\000\000\000\265\227\ts\374\177\000"
        __func__ = "exec_simple_query"
#49 0x00005575299d5b69 in PostgresMain (argc=<optimized out>, argv=<optimized out>, dbname=<optimized out>, username=<optimized out>) at tcop/postgres.c:4496
        query_string = 0x55752b94ffb8 "explain analyze SELECT \"installercost_costmodelcoveredarea\".\"id\",\n       \"installercost_costmodelcoveredarea\".\"name\",\n       \"installercost_costmodelcoveredarea\".\"code\",\n       EXISTS(\n        SELECT "...
        firstchar = <optimized out>
        input_message = {
          data = 0x55752b94ffb8 "explain analyze SELECT \"installercost_costmodelcoveredarea\".\"id\",\n       \"installercost_costmodelcoveredarea\".\"name\",\n       \"installercost_costmodelcoveredarea\".\"code\",\n       EXISTS(\n        SELECT "..., len = 1141, maxlen = 2048, cursor = 1141}
        local_sigjmp_buf = {{__jmpbuf = {140722237889472, 744197743274935496, 0, 140722237890432, 93961702288928, 243, 6863867129695618248, 744202194557125832}, __mask_was_saved = 1, __saved_mask = {__val = {4194304, 74, 93961730722392, 
                93961730722392, 1, 5, 93961697153692, 93961730880016, 0, 844424930132128, 93961730717312, 714642157761220, 343597383680, 140722237890432, 93961702288928, 1024}}}}
        send_ready_for_query = false
        idle_in_transaction_timeout_enabled = false
        idle_session_timeout_enabled = false
        __func__ = "PostgresMain"
#50 0x00005575299520c8 in BackendRun (port=0x55752b977210) at postmaster/postmaster.c:4530
        av = {0x557529ba754a "postgres", 0x0}
        ac = 1
        av = <optimized out>
        ac = <optimized out>
#51 BackendStartup (port=0x55752b977210) at postmaster/postmaster.c:4252
        bn = <optimized out>
        pid = 0
        bn = <optimized out>
        pid = <optimized out>
        __func__ = <optimized out>
        __errno_location = <optimized out>
        __errno_location = <optimized out>
        save_errno = <optimized out>
        __errno_location = <optimized out>
        __errno_location = <optimized out>
#52 ServerLoop () at postmaster/postmaster.c:1745
        port = 0x55752b977210
        i = <optimized out>
        rmask = {fds_bits = {256, 0 <repeats 15 times>}}
        selres = <optimized out>
        now = <optimized out>
        readmask = {fds_bits = {960, 0 <repeats 15 times>}}
        nSockets = <optimized out>
        last_lockfile_recheck_time = 1661326898
        last_touch_time = 1661324618
        __func__ = "ServerLoop"
#53 0x0000557529952df1 in PostmasterMain (argc=<optimized out>, argv=0x55752b90a810) at postmaster/postmaster.c:1417
        opt = <optimized out>
        status = <optimized out>
        userDoption = <optimized out>
        listen_addr_saved = <optimized out>
        i = <optimized out>
        output_config_variable = <optimized out>
        __func__ = "PostmasterMain"
#54 0x000055752967ae6e in main (argc=3, argv=0x55752b90a810) at main/main.c:209
        do_check_root = <optimized out>

Inspecting the memory I've extracted the two geometries (MultiPolygons). I have attached them, as one of the is quite large.

The only, maybe, smoking gun is that the last MultiPolygon has it's last element as EMPTY. So that might be something.

I've tried all combinations of ST_Cover-calls using these two geometries, but I'm not able to reproduce the crash outside of the query posted above. So maybe some optimization passing in a nullptr?

I've tried disabling both JIT and parallel workers, but to no avail.

Attachments (3)

area1.wkt (341.8 KB ) - added by klette 2 years ago.
area2.wkt (722 bytes ) - added by klette 2 years ago.
gdb.txt (28.7 KB ) - added by klette 2 years ago.

Download all attachments as: .zip

Change History (6)

by klette, 2 years ago

Attachment: area1.wkt added

by klette, 2 years ago

Attachment: area2.wkt added

by klette, 2 years ago

Attachment: gdb.txt added

comment:1 by robe, 2 years ago

Milestone: PostGIS 3.2.4PostGIS GEOS

hmm someone mentioned a similar issue to me and couldn't track down what was causing it and had the same issue of not being able to replicate outside of a production environment. But they were running GEOS 3.7 and similar issues have been fixed since then. As I recall the trace looked very similar involving geos::geom::prep::PreparedPolygonPredicate.

I noticed you are running GEOS 3.10.2. Any chance you can upgrade to GEOS 3.10.3 to rule out the issue has already been fixed? Looking at the issue list in 3.10.3, https://libgeos.org/posts/2022-06-03-geos-3-10-3-released/ I doubt your issue has been fixed though.

I've flipped this to PostGIS GEOS, since it sounds like a GEOS issue. If upgrading to 3.10.3 still doesn't fix it, then you should report to the GEOS issue tracker over here -- https://github.com/libgeos/geos/issues or report anyway if you can't upgrade

comment:2 by mdavis, 2 years ago

This is a GEOS issue, and is present in main (3.12). The area2 geometry is a MultiPolygon with an EMPTY element. It seems the prepared covers operation crashes on empty elements.

This is a JTS issue as well. I'll fix it there, and then in GEOS.

Last edited 2 years ago by mdavis (previous) (diff)

comment:3 by robe, 2 years ago

Resolution: fixed
Status: newclosed

@mdavis has fixed this upstream - related GEOS ticket - https://github.com/libgeos/geos/pull/678

Note: See TracTickets for help on using tickets.