Re: add assertion for palloc in signal handlers

On Wed, 18 Feb 2026 at 03:25, Nathan Bossart <nathandbossart(at)gmail(dot)com> wrote:
>
> (new thread)
>
> On Tue, Feb 17, 2026 at 03:30:57PM -0600, Nathan Bossart wrote:
> > On Tue, Feb 17, 2026 at 11:18:00PM +0200, Heikki Linnakangas wrote:
> >> On 14/02/2026 23:56, Andres Freund wrote:
> >>> We really need some instrumentation that fails if we do allocations in signal
> >>> handlers etc.
> >>
> >> Yeah, that would be nice..
> >
> > In theory we could pretty easily add assertions for that, given the
> > wrapper_handler business added a couple of years ago. I'll put together a
> > patch...
>
> As promised... Fortunately, check-world didn't uncover any existing
> issues. I was able to manually verify the assertion by switching a
> background worker to use bgworker_die() and sending it SIGTERM. Probably
> could use some additional commentary, which I'll add if the idea seems
> reasonable to you.
>
> --
> nathan

Hi! I tested patch under --single (single user mode), and ISTM that we
can reach palloc from ProcessInterrups here?
Maybe we should not elog in single user mode inside sighandler...

```
(gdb)
1398 Assert(!InSignalHandler);
(gdb) p InSignalHandler
$11 = 1
(gdb) bt
#0 palloc (size=size(at)entry=1024) at mcxt.c:1398
#1 0x0000555555c85a42 in initStringInfoInternal (initsize=1024,
str=0x7fffffffcdc0) at stringinfo.c:45
#2 initStringInfo (str=str(at)entry=0x7fffffffcdc0) at stringinfo.c:99
#3 0x0000555555c34923 in errmsg (fmt=fmt(at)entry=0x555555d45c28
"terminating connection due to administrator command") at elog.c:1091
#4 0x00005555556b0b92 in ProcessInterrupts () at postgres.c:3393
#5 0x0000555555c90622 in wrapper_handler (postgres_signal_arg=15) at
pqsignal.c:116
#6 <signal handler called>
#7 0x00007ffff731ba8f in __GI___libc_read (fd=0, buf=0x55555615d5d0,
nbytes=1024) at ../sysdeps/unix/sysv/linux/read.c:26
#8 0x00007ffff72927a5 in _IO_new_file_underflow (fp=0x7ffff74038e0
<_IO_2_1_stdin_>) at ./libio/libioP.h:1030
#9 0x00007ffff72955d2 in __GI__IO_default_uflow (fp=0x7ffff74038e0
<_IO_2_1_stdin_>) at ./libio/libioP.h:1030
#10 0x0000555555ad6c3f in interactive_getc () at postgres.c:336
#11 InteractiveBackend (inBuf=0x7fffffffde10) at postgres.c:251
#12 ReadCommand (inBuf=0x7fffffffde10) at postgres.c:487
#13 PostgresMain (dbname=<optimized out>,
username=username(at)entry=0x5555560949f0 "reshke") at postgres.c:4741
#14 0x0000555555ad8eba in PostgresSingleUserMain (argc=argc(at)entry=4,
argv=argv(at)entry=0x55555608e150, username=0x5555560949f0 "reshke") at
postgres.c:4211
#15 0x00005555556dcd5d in main (argc=4, argv=0x55555608e150) at main.c:227
(gdb)

```

and then

```
(gdb) n
TRAP: failed Assert("!InSignalHandler"), File: "mcxt.c", Line: 1398,
PID: 1437985
/home/reshke/cpg/bin/bin/postgres(ExceptionalCondition+0x70)[0x555555c2ecb0]
/home/reshke/cpg/bin/bin/postgres(+0x70c616)[0x555555c60616]
/home/reshke/cpg/bin/bin/postgres(initStringInfo+0x12)[0x555555c85a42]
/home/reshke/cpg/bin/bin/postgres(errmsg+0xe3)[0x555555c34923]
/home/reshke/cpg/bin/bin/postgres(+0x15cb92)[0x5555556b0b92]
/home/reshke/cpg/bin/bin/postgres(+0x73c622)[0x555555c90622]
/lib/x86_64-linux-gnu/libc.so.6(+0x45330)[0x7ffff7245330]
/lib/x86_64-linux-gnu/libc.so.6(read+0xf)[0x7ffff731ba8f]
/lib/x86_64-linux-gnu/libc.so.6(_IO_file_underflow+0x165)[0x7ffff72927a5]
/lib/x86_64-linux-gnu/libc.so.6(_IO_default_uflow+0x32)[0x7ffff72955d2]
/home/reshke/cpg/bin/bin/postgres(PostgresMain+0x3ff)[0x555555ad6c3f]
/home/reshke/cpg/bin/bin/postgres(PostgresSingleUserMain+0xfa)[0x555555ad8eba]
/home/reshke/cpg/bin/bin/postgres(main+0x4ad)[0x5555556dcd5d]
/lib/x86_64-linux-gnu/libc.so.6(+0x2a1ca)[0x7ffff722a1ca]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x8b)[0x7ffff722a28b]
/home/reshke/cpg/bin/bin/postgres(_start+0x25)[0x5555556dcdf5]

Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized
out>) at ./nptl/pthread_kill.c:44
warning: 44 ./nptl/pthread_kill.c: No such file or directory
(gdb)

```

--
Best regards,
Kirill Reshke