Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nLvJX-0001Im-3o for pgsql-hackers@arkaria.postgresql.org; Sun, 20 Feb 2022 23:08:23 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1nLvJU-000608-50 for pgsql-hackers@arkaria.postgresql.org; Sun, 20 Feb 2022 23:08:20 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nLvJT-0005zs-Fm for pgsql-hackers@lists.postgresql.org; Sun, 20 Feb 2022 23:08:19 +0000 Received: from mail-qv1-xf34.google.com ([2607:f8b0:4864:20::f34]) by makus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1nLvJO-0005VH-89 for pgsql-hackers@lists.postgresql.org; Sun, 20 Feb 2022 23:08:17 +0000 Received: by mail-qv1-xf34.google.com with SMTP id a19so27411855qvm.4 for ; Sun, 20 Feb 2022 15:08:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leadboat.com; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=c/M58Nbdfr3y8FRYey+N2VUOYVNhgzyF9mY6wkU0hKc=; b=RoIBseU7ypcrUIsbKL/PHyrDpi0EhyNDbviViDpoHF20h7E4GTm3Xc8CBSROzCo0Rp xRwySFaAj72bShJZ3MmpVAtdvazu+yam+ldm+4VNCLoXn4JHrvCenVsEv8Dx0RvrIIxq Sueg3QcK7MjmNc92Y5jvKGjfFtslhZkSv2rw4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=c/M58Nbdfr3y8FRYey+N2VUOYVNhgzyF9mY6wkU0hKc=; b=dlvpfDZM3IsXTC4lOt+URuzYc6G25bNezB912eJA237uEDQNDf87f4WhQ+kQCUmLly 15NoNPotC+Q85fHmShZZH9BH9+qRh/oGPxQeEVIiMxEZWqA5J22gRHjEi7wXFd3hiwSj h8adPbFb6J4WJXjsAu6fxg1GUMA/o6dFC56NbXXcL0K3zz/p7IzxmIAIT8WzAf7Me3vN oAAo9Upj/9+FQILWavlITKMncVVMnSgbm9y9n4RignUXkgNrArZsZACTMoVS0syhapmj sVe4ZB/lcpt7I8yYf6K4ZPkjapmxRWIpwcsTMDidQqt2heL1ElyCIeuvsrbPaTV2hfPb HkUQ== X-Gm-Message-State: AOAM531QhMUorrKFHZ+lEzEzW1Rh8J3UZigAEA7oF7yfaU7sZ5IyAIP3 HQovFHulL8yHRBjTtD9TolTdYw== X-Google-Smtp-Source: ABdhPJwGpEzEBpKvo8C50RVN1IOBu3AD5bwXezkGckUHcJsvIDICJmGxe/jV0dacKGQ0KGVOUH3dXQ== X-Received: by 2002:a0c:f9d2:0:b0:42d:f821:66fd with SMTP id j18-20020a0cf9d2000000b0042df82166fdmr13535546qvo.12.1645398493311; Sun, 20 Feb 2022 15:08:13 -0800 (PST) Received: from rfd.leadboat.com ([2600:1702:a20:5750::2e]) by smtp.gmail.com with ESMTPSA id ay41sm15812770qkb.127.2022.02.20.15.08.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 20 Feb 2022 15:08:12 -0800 (PST) Date: Sun, 20 Feb 2022 15:08:10 -0800 From: Noah Misch To: Andres Freund Cc: John Naylor , Peter Geoghegan , Robert Haas , PostgreSQL Hackers Subject: Re: do only critical work during single-user vacuum? Message-ID: <20220220230810.GB3754799@rfd.leadboat.com> References: <20220203215048.rmwjzixdzaetedxq@alap3.anarazel.de> <20220220045757.GA3733812@rfd.leadboat.com> <20220220221537.bziglqyxo5nm46ll@alap3.anarazel.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220220221537.bziglqyxo5nm46ll@alap3.anarazel.de> User-Agent: Mutt/1.5.24 (2015-08-30) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Sun, Feb 20, 2022 at 02:15:37PM -0800, Andres Freund wrote: > On 2022-02-19 20:57:57 -0800, Noah Misch wrote: > > On Wed, Feb 16, 2022 at 03:43:12PM +0700, John Naylor wrote: > > > On Wed, Feb 16, 2022 at 6:17 AM Peter Geoghegan wrote: > > > > On Tue, Feb 15, 2022 at 9:28 AM Peter Geoghegan wrote: > > > > > > > > I did notice from my own testing of the failsafe (by artificially > > > > > inducing wraparound failure using an XID burning C function) that > > > > > autovacuum seemed to totally correct the problem, even when the system > > > > > had already crossed xidStopLimit - it came back on its own. I wasn't > > > > > completely sure of how robust this effect was, though. > > > > > > I'll put some effort in finding any way that it might not be robust. > > > > A VACUUM may create a not-trivially-bounded number of multixacts via > > FreezeMultiXactId(). In a cluster at multiStopLimit, completing VACUUM > > without error needs preparation something like: > > > > 1. Kill each XID that might appear in a multixact. > > 2. Resolve each prepared transaction that might appear in a multixact. > > 3. Run VACUUM. At this point, multiStopLimit is blocking new multixacts from > > other commands, and the lack of running multixact members removes the need > > for FreezeMultiXactId() to create multixacts. > > > > Adding to the badness of single-user mode so well described upthread, one can > > enter it without doing (2) and then wrap the nextMXact counter. > > If we collected the information along the lines of I proposed in the second half of > https://www.postgresql.org/message-id/20220204013539.qdegpqzvayq3d4y2%40alap3.anarazel.de > we should be able to handle such cases more intelligently, I think? > > We could e.g. add an error if FreezeMultiXactId() needs to create a new > multixact for a far-in-the-past xid. That's not great, of course, but if we > include the precise cause (pid of backend / prepared xact name / slot name / > ...) necessitating creating a new multi, it'd still be a significant > improvement over the status quo. Yes, exactly.