Bad query causes crash running the instruction at: 0x7f173e300611 · Issue #1181 · RedisGraph/RedisGraph · GitHub
Skip to content

Bad query causes crash running the instruction at: 0x7f173e300611 #1181

Description

@ronkrl

Executing a GRAPH.QUERY command from redis-cli that starts with "EXPLAIN MATCH" causes the shard to crash. Bug report below.

Crash caused by running a query in the format:
GRAPH.QUERY us_government "EXPLAIN MATCH (p:president)-[:born]->(:state {name:'Hawaii'}) RETURN p"

I understand it should be a GRAPH.EXPLAIN not GRAPH.QUERY, but it should still not crash the database.

Similar queries with "EXPLAIN" in a different location, or another word besides "EXPLAIN" return an error and do not cause a crash.
Eg., the below queries do not cause any crash.

> GRAPH.QUERY us_government "CRASH MATCH (p:president)-[:born]->(:state {name:'Hawaii'}) RETURN p"
(error) errMsg: Invalid input 'A': expected CREATE UNIQUE, CREATE, CREATE INDEX ON or CREATE CONSTRAINT ON line: 1, column: 3, offset: 2 errCtx: CRASH MATCH (p:president)-[:born]->(:state {name:'Hawaii'}) RETURN p errCtxOffset: 2
> GRAPH.QUERY us_government "MATCH EXPLAIN (p:president)-[:born]->(:state {name:'Hawaii'}) RETURN p"
(error) errMsg: Invalid input '(': expected '=' line: 1, column: 15, offset: 14 errCtx: MATCH EXPLAIN (p:president)-[:born]->(:state {name:'Hawaii'}) RETURN p errCtxOffset: 14
=== REDIS BUG REPORT START: Cut & paste starting from here ===
1:M 29 Jun 2020 16:39:17.354 # Redis 6.0.5 crashed by signal: 11
1:M 29 Jun 2020 16:39:17.354 # Crashed running the instruction at: 0x7f173e300611
1:M 29 Jun 2020 16:39:17.354 # Accessing address: (nil)
1:M 29 Jun 2020 16:39:17.354 # Failed assertion: <no assertion failed> (<no file>:0)

------ STACK TRACE ------
EIP:
/lib/x86_64-linux-gnu/libc.so.6(abort+0x1fd)[0x7f173e300611]

Backtrace:
redis-server *:6379(logStackTrace+0x32)[0x560bf6d2ce02]
redis-server *:6379(sigsegvHandler+0x9e)[0x560bf6d2d4de]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x12730)[0x7f173e4b3730]
/lib/x86_64-linux-gnu/libc.so.6(abort+0x1fd)[0x7f173e300611]
/lib/x86_64-linux-gnu/libc.so.6(+0x2240f)[0x7f173e30040f]
/lib/x86_64-linux-gnu/libc.so.6(+0x30102)[0x7f173e30e102]
/usr/lib/redis/modules/redisgraph.so(cypher_ast_cypher_option_nparams+0x4a)[0x7f173d75b376]
/usr/lib/redis/modules/redisgraph.so(AST_Validate_QueryParams+0x8c)[0x7f173d3187fc]
/usr/lib/redis/modules/redisgraph.so(parse_params+0x48)[0x7f173d31dfa8]
/usr/lib/redis/modules/redisgraph.so(Graph_Query+0x3e)[0x7f173d2f455e]
/usr/lib/redis/modules/redisgraph.so(+0x1ebded)[0x7f173d324ded]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x7fa3)[0x7f173e4a8fa3]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x3f)[0x7f173e3d74cf]

------ INFO OUTPUT ------
# Server
redis_version:6.0.5
redis_git_sha1:00000000
redis_git_dirty:0
redis_build_id:db63ea56716d515f
redis_mode:standalone
os:Linux 4.19.76-linuxkit x86_64
arch_bits:64
multiplexing_api:epoll
atomicvar_api:atomic-builtin
gcc_version:8.3.0
process_id:1
run_id:56f033958c8bd72855d86ca596cd7e56eec80577
tcp_port:6379
uptime_in_seconds:58
uptime_in_days:0
hz:10
configured_hz:10
lru_clock:16390453
executable:/data/redis-server
config_file:

# Clients
connected_clients:1
client_recent_max_input_buffer:2
client_recent_max_output_buffer:0
blocked_clients:1
tracking_clients:0
clients_in_timeout_table:0

# Memory
used_memory:2358328
used_memory_human:2.25M
used_memory_rss:11411456
used_memory_rss_human:10.88M
used_memory_peak:2358328
used_memory_peak_human:2.25M
used_memory_peak_perc:101.89%
used_memory_overhead:854794
used_memory_startup:837736
used_memory_dataset:1503534
used_memory_dataset_perc:98.88%
allocator_allocated:2704152
allocator_active:3043328
allocator_resident:5484544
total_system_memory:8353701888
total_system_memory_human:7.78G
used_memory_lua:37888
used_memory_lua_human:37.00K
used_memory_scripts:0
used_memory_scripts_human:0B
number_of_cached_scripts:0
maxmemory:0
maxmemory_human:0B
maxmemory_policy:noeviction
allocator_frag_ratio:1.13
allocator_frag_bytes:339176
allocator_rss_ratio:1.80
allocator_rss_bytes:2441216
rss_overhead_ratio:2.08
rss_overhead_bytes:5926912
mem_fragmentation_ratio:5.02
mem_fragmentation_bytes:9137920
mem_not_counted_for_evict:0
mem_replication_backlog:0
mem_clients_slaves:0
mem_clients_normal:16986
mem_aof_buffer:0
mem_allocator:jemalloc-5.1.0
active_defrag_running:0
lazyfree_pending_objects:0

# Persistence
loading:0
rdb_changes_since_last_save:0
rdb_bgsave_in_progress:0
rdb_last_save_time:1593448699
rdb_last_bgsave_status:ok
rdb_last_bgsave_time_sec:-1
rdb_current_bgsave_time_sec:-1
rdb_last_cow_size:0
aof_enabled:0
aof_rewrite_in_progress:0
aof_rewrite_scheduled:0
aof_last_rewrite_time_sec:-1
aof_current_rewrite_time_sec:-1
aof_last_bgrewrite_status:ok
aof_last_write_status:ok
aof_last_cow_size:0
module_fork_in_progress:0
module_fork_last_cow_size:0

# Stats
total_connections_received:1
total_commands_processed:3
instantaneous_ops_per_sec:0
total_net_input_bytes:201
total_net_output_bytes:19000
instantaneous_input_kbps:0.00
instantaneous_output_kbps:0.00
rejected_connections:0
sync_full:0
sync_partial_ok:0
sync_partial_err:0
expired_keys:0
expired_stale_perc:0.00
expired_time_cap_reached_count:0
expire_cycle_cpu_milliseconds:0
evicted_keys:0
keyspace_hits:1
keyspace_misses:1
pubsub_channels:0
pubsub_patterns:0
latest_fork_usec:0
migrate_cached_sockets:0
slave_expires_tracked_keys:0
active_defrag_hits:0
active_defrag_misses:0
active_defrag_key_hits:0
active_defrag_key_misses:0
tracking_total_keys:0
tracking_total_items:0
tracking_total_prefixes:0
unexpected_error_replies:0

# Replication
role:master
connected_slaves:0
master_replid:763d0205a7a9063a349833283e859c24281ab82c
master_replid2:0000000000000000000000000000000000000000
master_repl_offset:0
second_repl_offset:-1
repl_backlog_active:0
repl_backlog_size:1048576
repl_backlog_first_byte_offset:0
repl_backlog_histlen:0

# CPU
used_cpu_sys:0.043003
used_cpu_user:0.059944
used_cpu_sys_children:0.001343
used_cpu_user_children:0.000873

# Modules
module:name=graph,ver=20015,api=1,filters=0,usedby=[],using=[],options=[]

# Commandstats
cmdstat_command:calls=1,usec=380,usec_per_call=380.00
cmdstat_graph.EXPLAIN:calls=1,usec=64,usec_per_call=64.00
cmdstat_graph.QUERY:calls=1,usec=39,usec_per_call=39.00

# Cluster
cluster_enabled:0

# Keyspace
db0:keys=1,expires=0,avg_ttl=0

------ CLIENT LIST OUTPUT ------
id=5 addr=127.0.0.1:44664 fd=8 name= age=19 idle=0 flags=b db=0 sub=0 psub=0 multi=-1 qbuf=0 qbuf-free=32768 obl=0 oll=0 omem=0 events=r cmd=graph.QUERY user=default

------ REGISTERS ------
1:M 29 Jun 2020 16:39:17.356 #
RAX:0000000000000000 RBX:0000000000000000
RCX:0000000000000000 RDX:0000000000000000
RDI:0000000000000002 RSI:00007f173c134130
RBP:00007f173e462ee0 RSP:00007f173c134250
R8 :0000000000000000 R9 :00007f173c134130
R10:0000000000000008 R11:0000000000000246
R12:00007f173d8b8ea5 R13:00007f173d8b9008
R14:000000000000007f R15:0000000000000000
RIP:00007f173e300611 EFL:0000000000010246
CSGSFS:002b000000000033
1:M 29 Jun 2020 16:39:17.356 # (00007f173c13425f) -> 0000000000000000
1:M 29 Jun 2020 16:39:17.356 # (00007f173c13425e) -> 0000000000000000
1:M 29 Jun 2020 16:39:17.356 # (00007f173c13425d) -> 0000000000000000
1:M 29 Jun 2020 16:39:17.356 # (00007f173c13425c) -> 0000000000000000
1:M 29 Jun 2020 16:39:17.356 # (00007f173c13425b) -> 0000000000000000
1:M 29 Jun 2020 16:39:17.356 # (00007f173c13425a) -> 0000000000000000
1:M 29 Jun 2020 16:39:17.356 # (00007f173c134259) -> 0000000000000000
1:M 29 Jun 2020 16:39:17.356 # (00007f173c134258) -> 0000000000000000
1:M 29 Jun 2020 16:39:17.356 # (00007f173c134257) -> 0000000000000000
1:M 29 Jun 2020 16:39:17.356 # (00007f173c134256) -> 0000000000000000
1:M 29 Jun 2020 16:39:17.356 # (00007f173c134255) -> 0000000000000000
1:M 29 Jun 2020 16:39:17.356 # (00007f173c134254) -> 0000000000000000
1:M 29 Jun 2020 16:39:17.356 # (00007f173c134253) -> 0000000000000000
1:M 29 Jun 2020 16:39:17.356 # (00007f173c134252) -> 0000000000000000
1:M 29 Jun 2020 16:39:17.356 # (00007f173c134251) -> 0000000000000000
1:M 29 Jun 2020 16:39:17.356 # (00007f173c134250) -> 0000000000000020

------ MODULES INFO OUTPUT ------

------ FAST MEMORY TEST ------
1:M 29 Jun 2020 16:39:17.356 # Bio thread for job type #0 terminated
1:M 29 Jun 2020 16:39:17.356 # Bio thread for job type #1 terminated
1:M 29 Jun 2020 16:39:17.356 # Bio thread for job type #2 terminated
*** Preparing to test memory region 560bf6e78000 (2277376 bytes)
*** Preparing to test memory region 560bf8473000 (270336 bytes)
*** Preparing to test memory region 7f172c000000 (2117632 bytes)
*** Preparing to test memory region 7f1730000000 (2109440 bytes)
*** Preparing to test memory region 7f1734000000 (135168 bytes)
*** Preparing to test memory region 7f1738400000 (4194304 bytes)
*** Preparing to test memory region 7f1738a00000 (8388608 bytes)
*** Preparing to test memory region 7f1739200000 (4194304 bytes)
*** Preparing to test memory region 7f17396b2000 (2621440 bytes)
*** Preparing to test memory region 7f1739933000 (8388608 bytes)
*** Preparing to test memory region 7f173a134000 (8388608 bytes)
*** Preparing to test memory region 7f173a935000 (8388608 bytes)
*** Preparing to test memory region 7f173b136000 (8388608 bytes)
*** Preparing to test memory region 7f173b937000 (8388608 bytes)
*** Preparing to test memory region 7f173c138000 (8388608 bytes)
*** Preparing to test memory region 7f173c939000 (8388608 bytes)
*** Preparing to test memory region 7f173d9fd000 (12288 bytes)
*** Preparing to test memory region 7f173da00000 (8388608 bytes)
*** Preparing to test memory region 7f173e2da000 (16384 bytes)
*** Preparing to test memory region 7f173e49b000 (24576 bytes)
*** Preparing to test memory region 7f173e4be000 (16384 bytes)
*** Preparing to test memory region 7f173e7a7000 (16384 bytes)
*** Preparing to test memory region 7f173e9cf000 (8192 bytes)
*** Preparing to test memory region 7f173e9d2000 (4096 bytes)
*** Preparing to test memory region 7f173e9fc000 (4096 bytes)
.O.O.O.O.O.O.O.O.O.O.O.O.O.

Metadata

Metadata

Assignees

Labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions