Hi All,

During the testing of parallel query (with force_parallel_mode = regress),
noticed random server crash with the below stack:

#0  0x0000003fc84896d5 in memcpy () from /lib64/libc.so.6
#1  0x0000000000a36867 in SerializeSnapshot (snapshot=0x1e49f40,
start_address=0x7f391e9ec728 <Address 0x7f391e9ec728 out of bounds>) at
#2  0x0000000000522a20 in InitializeParallelDSM (pcxt=0x1e49ce0) at
#3  0x00000000006dd256 in ExecInitParallelPlan (planstate=0x1f012b0,
estate=0x1f00be8, nworkers=1) at execParallel.c:398
#4  0x00000000006f8abb in ExecGather (node=0x1f00d00) at nodeGather.c:160
#5  0x00000000006de42e in ExecProcNode (node=0x1f00d00) at
#6  0x00000000006da4fd in ExecutePlan (estate=0x1f00be8,
planstate=0x1f00d00, use_parallel_mode=1 '\001', operation=CMD_SELECT,
sendTuples=1 '\001', numberTuples=0,
    direction=ForwardScanDirection, dest=0x1e5e118) at execMain.c:1633

So started looking into SerializeSnapshot() and with code reading I found
we ignore copying the SubXID array if it has overflowed, unless the snapshot
was taken during recovey, and for this we mark the
to 0. But later while copying the SubXID array we check then condition
based on
snapshot->subxcnt. We should check serialized_snapshot->subxcnt rather then

I tried hard to come up with individual test but somehow I was unable to
create testcase.

PFA patch to fix the issue.

Rushabh Lathia
diff --git a/src/backend/utils/time/snapmgr.c b/src/backend/utils/time/snapmgr.c
index 63e908d..b88e012 100644
--- a/src/backend/utils/time/snapmgr.c
+++ b/src/backend/utils/time/snapmgr.c
@@ -1515,7 +1515,7 @@ SerializeSnapshot(Snapshot snapshot, char *start_address)
 	 * snapshot taken during recovery; all the top-level XIDs are in subxip as
 	 * well in that case, so we mustn't lose them.
-	if (snapshot->subxcnt > 0)
+	if (serialized_snapshot->subxcnt > 0)
 		Size		subxipoff = sizeof(SerializedSnapshotData) +
 		snapshot->xcnt * sizeof(TransactionId);
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to