Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-bugs-owner+archive@lists.postgresql.org>)
	id 1vvIlS-00Cjcz-1T
	for pgsql-bugs@arkaria.postgresql.org;
	Wed, 25 Feb 2026 17:33:35 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-bugs-owner+archive@lists.postgresql.org>)
	id 1vvIlR-007onr-0g
	for pgsql-bugs@arkaria.postgresql.org;
	Wed, 25 Feb 2026 17:33:33 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <robertmhaas@gmail.com>)
	id 1vvIlQ-007onh-2g
	for pgsql-bugs@lists.postgresql.org;
	Wed, 25 Feb 2026 17:33:32 +0000
Received: from mail-ej1-x635.google.com ([2a00:1450:4864:20::635])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.98.2)
	(envelope-from <robertmhaas@gmail.com>)
	id 1vvIlN-000000019Xp-1nJb
	for pgsql-bugs@lists.postgresql.org;
	Wed, 25 Feb 2026 17:33:31 +0000
Received: by mail-ej1-x635.google.com with SMTP id a640c23a62f3a-b90bc00578cso442220766b.0
        for <pgsql-bugs@lists.postgresql.org>; Wed, 25 Feb 2026 09:33:30 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1772040809; cv=none;
        d=google.com; s=arc-20240605;
        b=OZFnm/9vFbZ2nF/X4gjWrjaOId/eM5r/viiX0LzvpYuZszLY9dtPlvnY/pdMmZkP1l
         TotGmxAU6nULMMIrAd+2haq+cCSQDY38BPZ2s5HA/8FnAmViZ7b7WSw+npiHJqYrUn1S
         lPBGLCwFbDfiQ8WpL+bbeYAFtkx/c098GNEP0jeRqVN/p0HqEBuSkWctMBgG5Fm51E/F
         nBvDqm5KWU2WZfTZ99gBZ2oZ3AizWG934w2lxS8K+U1cg7VP6c5xmrNZQxoO85045BK+
         E58xJB1ya4s9Y/GN+fEkvWeoyeEs07WKcdQiQXOtlgDYAw8PsEmd3yjCjkN0NxiT4JkO
         lBxQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=h1GFJOT56DT45GgmgQEo2Y4HFaeAI4+iuIqrO7wtrIk=;
        fh=fEHYGumV760BwtMtCEgdl3LSmS7Q7yO+kgsjG9Qvn8M=;
        b=ZaO0vwc9/y/dZPOzszugjkVCVAc8QfPP0WUgOmN1i00PqSiGRBRkasARYJeIZRflnb
         cDpath36TrJIIV24Ox525IZHGiYd0OyT3ut+scQUN+zmCqAoSo1JyDMcXFim5sqJwYEh
         7CTXceXmHgGF7wHfvIk/HBOHW5EBHcI7WujVzdv4NsLvj5yLaI3Jd+/sybKK5rlk+fqt
         TH67SgW3chRxp3QvWhaKLmnJDrxFxqsofNcAdYCTqCK60Es8+IgevFB0mWF9b0aULt1D
         LxzCknyJZnya35H3eSSFeFDidEOpcR7Jo823WLdMvmRVIBWmdv7ih6jBMvwxfP1EfT0C
         spoA==;
        darn=lists.postgresql.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1772040809; x=1772645609; darn=lists.postgresql.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=h1GFJOT56DT45GgmgQEo2Y4HFaeAI4+iuIqrO7wtrIk=;
        b=WpaYkRUls7CWEAN0xaJayfZ1J0AXBZXt2ga/wMHFgJMP5dghvMpYWEXvgLc26ryQtz
         JYbqnL+unjvdcPfTwmpNYo12J4ejZH4HoHpQ3Kp957y6VP6rR9cD4T7o0QlkPdU2IO99
         +uyYu1HaYLDlT2IIAIjcE9igrPPTB3Iwl/EHumKB/CECnn7zVP/OCRo1cpy1pyuwq2ew
         fvNqU20RC3HCISDreAQatnUgVXkyCyn32S7/iCPWoxQZEH57aZ5F0rClU9ROvFNgtkD5
         u/oCzQimdCLBOjzs3+9TrkADn7LODWang43FCt2p9XFmzTncdUVlEpKAq7mlIG9OBNx0
         IgcA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1772040809; x=1772645609;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=h1GFJOT56DT45GgmgQEo2Y4HFaeAI4+iuIqrO7wtrIk=;
        b=cuvLqO0txuhw2wBPNdLrOGqISQTClrwqHtgPNkFo577xsk7VJi8XeM+0y439ZkdAYX
         +6hRESgPW372Kcg8O9VEsVpuB+zcaCGb96nf6GXIkRQIfJKHNblQm8+A58STBduGALyZ
         S6GJwibggBwJnzhOJmxrVTMMTf5iJeDSTZjJzVd0krqZYQTBYgWTjLaRNVd8LBCou6Cx
         aS3cGfw4zOixMGrukJ9+Wnc7JQtm9pru2VeHONd75WwNkd+HE2q+n7529InpB8pWjB3l
         +4rlEPEsU1mNxyjQkxreDI2Uag9U7JSoUM2Z1SVYF46sxVPmICredOSdKx88qJMe0fbc
         Xsfg==
X-Forwarded-Encrypted: i=1; AJvYcCUyEKGK3/TYS0z9ojE+1q6Bz5+MjLEnJLsvv5CqQbOf68k+6X9VOGHUBYY9G0WkLJIPat3bXustbB97@lists.postgresql.org
X-Gm-Message-State: AOJu0YycKydh+6avaVEZTEZq857tLHzB4fj+iu+ZN7qzhfSs+R9b6e7Y
	u7yuMW0R+A+Hj+Kwi7GVOhZ/cWjwEiXtaZtaaUvp6UgaWQzQ/aIxA/ND4zOIXOqBMqEkhYc02vk
	2wCXtctmyyPARBaQjrU9PXth5pq2I8zvZpOQo
X-Gm-Gg: ATEYQzzYnoqL7K1BCQn3p5yYeuDzAoIu5EkjecIy4ceeF28mKd3Kk+jKuT/NEd3oKoC
	Ianps0GpLx6tNnUUCizHY0532n4ix61tQpEh2FwSM51xuRIS1vsAJmstm9D2pp9+5JfxN3D8UnM
	wR5GpX8mwTKBPoeNpnd5NJXRb8Wn3J/rVNeRvIdrsXOFkCPBRhnbm4XL2EZprfhmVjQsd5aTmCb
	IBuQPebN+CA1HBvLIxWLCIpFplswXN3hM3JY8MZ8tDhTJtQ/VIP+U3UdpDJpBy7snQIIm2/WZAC
	iufInYhTuEcAAuI8Tv0Tew5O8AJvrsRgpDCa/78=
X-Received: by 2002:a17:907:3e91:b0:b70:b700:df98 with SMTP id
 a640c23a62f3a-b908195110emr1165463166b.5.1772040808979; Wed, 25 Feb 2026
 09:33:28 -0800 (PST)
MIME-Version: 1.0
References: <202502131716.7mgkcnrem2hn@alvherre.pgsql> <2939991.1740089974@sss.pgh.pa.us>
 <CA+TgmoauoiW4ydDhdrseg+DD4Kwha=+TSZp18BrJeHKx3o1Fdw@mail.gmail.com>
 <179448.1772033773@sss.pgh.pa.us> <CA+TgmoYFc1x11Y7AHxn6Jb0mvJ9-aPttmjqezj=YKnHmqVb-Wg@mail.gmail.com>
 <265501.1772038216@sss.pgh.pa.us>
In-Reply-To: <265501.1772038216@sss.pgh.pa.us>
From: Robert Haas <robertmhaas@gmail.com>
Date: Wed, 25 Feb 2026 12:33:17 -0500
X-Gm-Features: AaiRm51lZSAKPrQlTj_FexC7PkOkyv2RiNTL5a40oXGVO36MGwRZsycPgHnukhM
Message-ID: <CA+TgmobNKFc34nj+w6iX0zWJ1=mfYWqQS91PqsJrm4VD4o1yOw@mail.gmail.com>
Subject: Re: Major Version Upgrade failure due to orphan roles entries in catalog
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: =?UTF-8?Q?=C3=81lvaro_Herrera?= <alvherre@alvh.no-ip.org>, 
	Virender Singla <virender.cse@gmail.com>, pgsql-bugs@lists.postgresql.org, 
	Aniket Jha <aniketkumarj@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
List-Id: <pgsql-bugs.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-bugs@lists.postgresql.org>
List-Owner: <mailto:pgsql-bugs-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-bugs>
Archived-At: <https://www.postgresql.org/message-id/CA%2BTgmobNKFc34nj%2Bw6iX0zWJ1%3DmfYWqQS91PqsJrm4VD4o1yOw%40mail.gmail.com>
Precedence: bulk

On Wed, Feb 25, 2026 at 11:50=E2=80=AFAM Tom Lane <tgl@sss.pgh.pa.us> wrote=
:
> I don't entirely agree that it's "business as usual": somebody screwed
> up to get the database into that state.  I'm not here to apportion
> blame for that between the user and the database, but I do think it's
> appropriate for pg_dumpall to complain that it's facing invalid data.
>
> If you're good with pg_dumpall producing a warning and then emitting
> the GRANT with no grantor clause, I will go make that happen.

Well, I guess I don't really see why there should be a warning. I
mean, if you're not here to apportion blame between the user and
database, then allow me to step in: in v15-, it's entirely the
database's fault. It does absolutely zilch to keep that field valid.
As I showed in the earlier example, all the user has to do is create a
role, do something, and drop the role, and that field is no longer
valid. That's about the simplest scenario imaginable, and I don't
think any user would expect it to produce a corrupted database, and I
think the status quo ante prior to this commit was that we did not
consider that to be a corrupted database.

If that feels like the wrong answer to you, I suggest that the reason
is that you're not used to PostgreSQL code being as horrifically bad
as this code was prior to v16. I don't know of anywhere else in the
database where we store an OID and do absolutely nothing to ensure its
validity. Sure, we've found some holes over the years where we didn't
do enough, especially around concurrency, and we've probably all seen
examples of TOAST corruption where a value can't be de-TOASTed due to
some inconsistency. But those are examples of where we had had some
guards in place and they weren't as thorough as they needed to be, or
where the user voided the warranty by doing something stupid, or where
the storage manhandled the data. But before
6566133c5f52771198aca07ed18f84519fac1be7, we didn't just have
inadequate machinery in this area: we had none. I remember being
absolutely gobsmacked at this discovery that it had been this way for
years and apparently nobody was too fussed about it. It seemed to me
then and it seems to me now that such handling was way below our usual
quality standards, even for older code when we weren't as strict as we
are today. But that's nevertheless how it was.

Now, if you go and do as you propose here, and adjust the code so that
the grant is dumped but a warning is produced, my fear is that someone
upgrading from v15- to v16+ will see that warning and think that there
is a problem with their database that needs fixing. But, except for
the fact that they should really upgrade to a newer and better
version, that's not really true. They're just running a version where
no care was put into making that field valid, and so sometimes it
isn't. I suppose that is OK in the end: when such a user files a
support ticket with $EMPLOYER or any other company, somebody can
simply tell that user that the warning requires no corrective action
and can be safely ignored. But of course, they'll have to know that
this is the case, and not everyone will have read this discussion.
Moreover, we'll emit essentially the same warning for the member case,
where the warning does point to a problem that someone might want to
think about correcting, and exactly the same warning against a v16+
database where it indicates that something has actually gone wrong. I
don't know why we would want to do that instead of what I proposed,
but if you're dead-set on it, I can live with it: it will at least
mean people can upgrade without having perfectly good role grants
disappear into the ether.

--=20
Robert Haas
EDB: http://www.enterprisedb.com