| From: | Andres Freund <andres(at)anarazel(dot)de> |
|---|---|
| To: | Noah Misch <noah(at)leadboat(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, Tomas Vondra <tv(at)fuzzy(dot)cz>, Peter Geoghegan <pg(at)bowt(dot)ie> |
| Subject: | Re: gistGetFakeLSN() can return incorrect LSNs |
| Date: | 2026-03-05 20:25:25 |
| Message-ID: | 2nctrio6nf4efkumjp77nx2hs5poi7vvg6avq3ftb6ssprtcog@wzuehzrfisez |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
On 2026-03-05 10:52:03 -0800, Noah Misch wrote:
> On Thu, Mar 05, 2026 at 12:10:11PM -0500, Andres Freund wrote:
> > Tomas encountered a crash with the index prefetching patchset. One of the
> > patches included therein is a generalization of the gistGetFakeLSN()
> > mechanism, which is then used by other indexes as well. That triggered an
> > occasional, hard to locally reproduce, ERROR or PANIC in CI, about
> >
> > ERROR: xlog flush request 0/01BD2018 is not satisfied --- flushed only to 0/01BD2000
>
> > To be safe, this code would need to use a version of GetXLogInsertRecPtr()
> > that does use XLogBytePosToEndRecPtr() instead of XLogBytePosToRecPtr().
>
> I agree. Thanks for diagnosing it. Feel free to move forward with that
> strategy, or let me know if you'd like me to do it.
I'd appreciate if you could do it.
> > However, if I put an XLogFlush() into gistGetFakeLSN() and use
> > wal_level=minimal, it's a lot easier.
> >
> >
> > It looks like this was introduced in
> >
> > commit c6b92041d38
> > Author: Noah Misch <noah(at)leadboat(dot)com>
> > Date: 2020-04-04 12:25:34 -0700
> >
> > Skip WAL for new relfilenodes, under wal_level=minimal.
>
> Combining that XLogFlush() with wal_level=minimal (your recipe) does make
> predicate-gist.spec fail, both at that commit and today.
Good.
I've been thinking that we really need to do more verification of LSNs in a
bunch of places.
When reading in a page outside of recovery, we should probably complain about
LSNs that are not from the past, instead of reading them into the buffer pool
and then complaining when a hint bit is set on the buffer and the buffer needs
to be flushed.
When WAL logging of hint bits is enabled and we are writing out a dirty
permanent page (leaving aside the FSM), we probably should assert that the
page has an LSN that's recent enough to be plausible.
It's too bad that PageSetLSN() doesn't have a reference to the buffer, so it's
nontrivial to see if the buffer is permanent and thus should always have a
valid LSN. I guess we could check if the page is within (BufferBlocks,
BLCKSZ*NBlocks) and only do additional verification in that case, but brrr.
Greetings,
Andres Freund
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2026-03-05 20:38:24 | Re: Why clearing the VM doesn't require registering vm buffer in wal record |
| Previous Message | Matthias van de Meent | 2026-03-05 20:23:12 | Re: Why clearing the VM doesn't require registering vm buffer in wal record |