[HACKERS] Server Crash while running sqlsmith [TRAP: FailedAssertion("!(keylen< 64)", File: "hashfunc.c", Line: 139) ]

Hi,

While running sqlsmith against PG v10 , found a crash  . Not sure 
whether it is reported  earlier or not . Please refer the standalone 
testcase for the same -

[centos@tusharcentos7 bin]$ ./psql postgres -p 9000
psql (10devel)
Type "help" for help.

postgres=# select
postgres-#            70 as c0,
postgres-#            pg_catalog.has_server_privilege(
postgres(#             cast(ref_0.indexdef as text),
postgres(#             cast(cast(coalesce((select name from 
pg_catalog.pg_settings limit 1 offset 16)
postgres(#         ,
postgres(#                null) as text) as text)) as c1,
postgres-#            pg_catalog.pg_export_snapshot() as c2,
postgres-#            ref_0.indexdef as c3,
postgres-#            ref_0.indexname as c4
postgres-#          from
postgres-#           pg_catalog.pg_indexes as ref_0
postgres-#          where (ref_0.tablespace = ref_0.tablespace)
postgres-#            or (46 = 22)
postgres-#          limit 103;
TRAP: FailedAssertion("!(keylen < 64)", File: "hashfunc.c", Line: 139)
server closed the connection unexpectedly    This probably means the server terminated abnormally    before or while
processingthe request.
 
The connection to the server was lost. Attempting reset: 2016-12-23 
17:46:56.405 IST [16809] LOG:  server process (PID 16817) was terminated 
by signal 6: Aborted
2016-12-23 17:46:56.405 IST [16809] DETAIL:  Failed process was running: 
select               70 as c0,               pg_catalog.has_server_privilege(                cast(ref_0.indexdef as
text),               cast(cast(coalesce((select name from 
 
pg_catalog.pg_settings limit 1 offset 16)            ,                   null) as text) as text)) as c1,
pg_catalog.pg_export_snapshot()as c2,               ref_0.indexdef as c3,               ref_0.indexname as c4
 from              pg_catalog.pg_indexes as ref_0             where (ref_0.tablespace = ref_0.tablespace)
or(46 = 22)             limit 103;
 
2016-12-23 17:46:56.405 IST [16809] LOG:  terminating any other active 
server processes
2016-12-23 17:46:56.407 IST [16814] WARNING:  terminating connection 
because of crash of another server process
2016-12-23 17:46:56.407 IST [16814] DETAIL:  The postmaster has 
commanded this server process to roll back the current transaction and 
exit, because another server process exited abnormally and possibly 
corrupted shared memory.
2016-12-23 17:46:56.407 IST [16814] HINT:  In a moment you should be 
able to reconnect to the database and repeat your command.
2016-12-23 17:46:56.407 IST [16818] FATAL:  the database system is in 
recovery mode
Failed.
!> 2016-12-23 17:46:56.408 IST [16809] LOG:  all server processes 
terminated; reinitializing
2016-12-23 17:46:56.442 IST [16819] LOG:  database system was 
interrupted; last known up at 2016-12-23 17:46:46 IST
2016-12-23 17:46:56.614 IST [16819] LOG:  database system was not 
properly shut down; automatic recovery in progress
2016-12-23 17:46:56.616 IST [16819] LOG:  invalid record length at 
0/155E638: wanted 24, got 0
2016-12-23 17:46:56.616 IST [16819] LOG:  redo is not required
2016-12-23 17:46:56.623 IST [16819] LOG:  MultiXact member wraparound 
protections are now enabled
2016-12-23 17:46:56.626 IST [16809] LOG:  database system is ready to 
accept connections
2016-12-23 17:46:56.626 IST [16823] LOG:  autovacuum launcher started

!> exit
-> \q

Please refer the  stack trace  below -

[centos@tusharcentos7 bin]$ gdb -q -c data/core.16817 
/home/centos/PG10_23Dec/postgresql/edbpsql/bin/postgres
Reading symbols from 
/home/centos/PG10_23Dec/postgresql/edbpsql/bin/postgres...done.
[New LWP 16817]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `postgres: centos postgres [local] 
SELECT                       '.
Program terminated with signal 6, Aborted.
#0  0x00007fe3b88245f7 in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install 
glibc-2.17-106.el7_2.6.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 
krb5-libs-1.13.2-12.el7_2.x86_64 libcom_err-1.42.9-7.el7.x86_64 
libselinux-2.2.2-6.el7.x86_64 openssl-libs-1.0.1e-51.el7_2.5.x86_64 
pcre-8.32-15.el7_2.1.x86_64 xz-libs-5.1.2-12alpha.el7.x86_64 
zlib-1.2.7-15.el7.x86_64
(gdb) bt
#0  0x00007fe3b88245f7 in raise () from /lib64/libc.so.6
#1  0x00007fe3b8825ce8 in abort () from /lib64/libc.so.6
#2  0x0000000000977a61 in ExceptionalCondition (conditionName=0x9f66eb 
"!(keylen < 64)", errorType=0x9f66db "FailedAssertion", 
fileName=0x9f66d0 "hashfunc.c", lineNumber=139)    at assert.c:54
#3  0x00000000004b3882 in hashname (fcinfo=0x7ffdfabd0590) at hashfunc.c:139
#4  0x00000000009815f7 in DirectFunctionCall1Coll (func=0x4b383c 
<hashname>, collation=0, arg1=33238784) at fmgr.c:1026
#5  0x0000000000958221 in CatalogCacheComputeHashValue (cache=0x1e96750, 
nkeys=1, cur_skey=0x7ffdfabd09e0) at catcache.c:209
#6  0x000000000095a62b in SearchCatCache (cache=0x1e96750, v1=33238784, 
v2=0, v3=0, v4=0) at catcache.c:1144
#7  0x000000000096ebac in SearchSysCache (cacheId=29, key1=33238784, 
key2=0, key3=0, key4=0) at syscache.c:1006
#8  0x000000000096ecc8 in GetSysCacheOid (cacheId=29, key1=33238784, 
key2=0, key3=0, key4=0) at syscache.c:1084
#9  0x00000000006c7ab0 in get_foreign_server_oid (servername=0x1fb2f00 
"CREATE UNIQUE INDEX pg_authid_rolname_index ON pg_authid USING btree 
(rolname)", missing_ok=0 '\000')    at foreign.c:688
#10 0x00000000008453cc in convert_server_name (servername=0x1fb2e68) at 
acl.c:3995
#11 0x0000000000845187 in has_server_privilege_name (fcinfo=0x1f76fe8) 
at acl.c:3885
#12 0x000000000068aef0 in ExecMakeFunctionResultNoSets 
(fcache=0x1f76f78, econtext=0x1f7b178, isNull=0x1f8cac1 "", 
isDone=0x1f8ccac) at execQual.c:2046
#13 0x000000000068b7f1 in ExecEvalFunc (fcache=0x1f76f78, 
econtext=0x1f7b178, isNull=0x1f8cac1 "", isDone=0x1f8ccac) at 
execQual.c:2442
#14 0x0000000000691f39 in ExecTargetList (targetlist=0x1f8cbf8, 
tupdesc=0x1f7b340, econtext=0x1f7b178, values=0x1f8ca68, 
isnull=0x1f8cac0 "", itemIsDone=0x1f8cca8,    isDone=0x7ffdfabd0f0c) at execQual.c:5501
#15 0x00000000006926b5 in ExecProject (projInfo=0x1f8cae0, 
isDone=0x7ffdfabd0f0c) at execQual.c:5725
#16 0x00000000006b1624 in ExecNestLoop (node=0x1f7b060) at 
nodeNestloop.c:267
#17 0x0000000000687571 in ExecProcNode (node=0x1f7b060) at 
execProcnode.c:476
#18 0x00000000006a9bac in ExecLimit (node=0x1f7ae28) at nodeLimit.c:91
#19 0x0000000000687676 in ExecProcNode (node=0x1f7ae28) at 
execProcnode.c:531
#20 0x0000000000683101 in ExecutePlan (estate=0x1f757f8, 
planstate=0x1f7ae28, use_parallel_mode=0 '\000', operation=CMD_SELECT, 
sendTuples=1 '\001', numberTuples=0,    direction=ForwardScanDirection, dest=0x7fe3b9ccafe8) at execMain.c:1580
#21 0x00000000006811da in standard_ExecutorRun (queryDesc=0x1f11d68, 
direction=ForwardScanDirection, count=0) at execMain.c:340
#22 0x000000000068105e in ExecutorRun (queryDesc=0x1f11d68, 
direction=ForwardScanDirection, count=0) at execMain.c:288
#23 0x00000000008253ea in PortalRunSelect (portal=0x1f737e8, forward=1 
'\001', count=0, dest=0x7fe3b9ccafe8) at pquery.c:946
#24 0x000000000082507d in PortalRun (portal=0x1f737e8, 
count=9223372036854775807, isTopLevel=1 '\001', dest=0x7fe3b9ccafe8, 
altdest=0x7fe3b9ccafe8,    completionTag=0x7ffdfabd1300 "") at pquery.c:787
#25 0x000000000081f37f in exec_simple_query (    query_string=0x1ec5978 "select\n", ' ' <repeats 11 times>, "70 as 
c0,\n", ' ' <repeats 11 times>, "pg_catalog.has_server_privilege(\n", ' 
' <repeats 12 times>, "cast(ref_0.indexdef as text),\n", ' ' <repeats 12 
times>, "cast(cast(coalesce((select name from pg_catalog.pg_settings 
limit 1 offset"...) at postgres.c:1094
#26 0x0000000000823433 in PostgresMain (argc=1, argv=0x1e71eb8, 
dbname=0x1e47de8 "postgres", username=0x1e71d20 "centos") at postgres.c:4072
#27 0x000000000079718f in BackendRun (port=0x1e69730) at postmaster.c:4275
#28 0x0000000000796917 in BackendStartup (port=0x1e69730) at
postmaster.c:3947
#29 0x000000000079302e in ServerLoop () at postmaster.c:1704
#30 0x000000000079266d in PostmasterMain (argc=3, argv=0x1e45c60) at 
postmaster.c:1312
#31 0x00000000006db982 in main (argc=3, argv=0x1e45c60) at main.c:228
(gdb) ^CQuit
(gdb)

-- 
regards,tushar