Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1wZMNy-000yZW-31
	for pgsql-hackers@arkaria.postgresql.org;
	Tue, 16 Jun 2026 05:30:55 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1wZMMy-00FOM6-1b
	for pgsql-hackers@arkaria.postgresql.org;
	Tue, 16 Jun 2026 05:29:52 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <xunengzhou@gmail.com>)
	id 1wZMMy-00FOLw-0W
	for pgsql-hackers@lists.postgresql.org;
	Tue, 16 Jun 2026 05:29:52 +0000
Received: from mail-ej1-x632.google.com ([2a00:1450:4864:20::632])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.98.2)
	(envelope-from <xunengzhou@gmail.com>)
	id 1wZMMw-00000000fDv-0qz7
	for pgsql-hackers@lists.postgresql.org;
	Tue, 16 Jun 2026 05:29:51 +0000
Received: by mail-ej1-x632.google.com with SMTP id
 a640c23a62f3a-bec423a5265so751539466b.1
        for <pgsql-hackers@lists.postgresql.org>;
 Mon, 15 Jun 2026 22:29:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1781587788; cv=none;
        d=google.com; s=arc-20240605;
        b=M8/b0BwuFZdpQco4Qdoaopu5oImAZ5nIf5O9QKWeMI0mK1Ny+fX2YYQI5vB/g3QTWY
         UdQgY5NPxexaUY5ZJpq/FEa2ojBMG7l6XusFJouUqeY2DsfeGoXA433maoeeoI3b40lq
         6vTnNuGVSlp4uqGMr+oBhecmYEdQLcrDwd4fJlswm8Ng0PH+neLpD2IZlc0O69UnmnyA
         97XQ1uYpNxnUHsrbWTLGTVLNkQSYBilnGpoS/OgNdhchBeJPkgt8zzmRy2yhES9WQ/F/
         S9hg4c9M7YJlm7e45vRQMsQGkavseTbrC06U7uyJp70CKMRmEWii/JjfYrEPoCwT2GJ4
         G/FA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=XE/Dh87yBtsbBc7NtHlxlrUUvXkmnwPdf8ZG5k8v+bQ=;
        fh=FIpFMCtObxAWCXbwCiuG73JHPTnMtnIPKtYrL9r+xxw=;
        b=aflwBpG50I/FLwxpx+P1wKT+N4nzjHZkYdiA1ep84ue+MoLI6iU9jUjufoXgrUPxos
         dGRZ3FzgdtWkx0C6kaH1xIHBdZ1FuuxDTRH5HK7/4BHHSbx4TgkZ+lw29blUd12k05XN
         +uk7Q8coEBDjW8oG/q4V+YfPoPvqE2siYPk1vRKT3JhIOin309A519nlGJembOrxLEqA
         OKkM4AGQZlaJ1LI5P4PfF7jFqpMyfqViS4UZwbMAzt9SlI8FqQyfMqWphp+wDFamrj6I
         /bFUy7fWaoAYj3AiY+77FiIIYR7fXviL9A9wp+YYsn+aVsMVnwo+3o9yHJYi8VK1hpot
         L/kg==;
        darn=lists.postgresql.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1781587788; x=1782192588;
 darn=lists.postgresql.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=XE/Dh87yBtsbBc7NtHlxlrUUvXkmnwPdf8ZG5k8v+bQ=;
        b=GpHoBYlxgE0uY3kGMoFvGZ8tTBMfBJgDpX4O+dVpTO3Dbz3Mw9Myqv8/IXr2ZIQm8q
         PVLs6WMQ7HPKpGNu1Tdy6KFiR5DAIIIkdtXJnbgSYFkSK/qWVmUsgtrwmZ+mZjTJv8gR
         Y2SfqX2KHm3/2XMh9PyZkzDd45yBz9W8d48b/moOHYsn0VSpHEaezHeusyFZxbuOO7qA
         R5+7Zzwm+tNu27QsfS8QqmaK7Yzgx7EcAXfgRc4srMoS6xwvRBTXqEzGLKJtAoZZNTBm
         EypCwNhtZRl4xvG8cVClcY+EyEU70Il3TJOXwRWasapCi91PmmlXeb8dR64ZOJwRE2oN
         BP6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1781587788; x=1782192588;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=XE/Dh87yBtsbBc7NtHlxlrUUvXkmnwPdf8ZG5k8v+bQ=;
        b=HkyNIzmbnMJcIwls1V/b1t+F2Ll0z7WaTzsiLKG4y613EdjjqodiocbvpVa5TM8O+1
         PAzgFs9wBb7t3cjSYQ70/CN1wm8xwOkrF9hoodDG655YwTIpquqZIP8BfN39z+Oc7nu2
         khwyeeGjDOCvIzfa/KmtKx/MjfkLij51s0lW2fuJVIhIW0LrStMuhUvCMRZX8e7Nl9og
         My41bt5EFoHgahUx0P/LZShH6Zp0QtRgtRbALNEJwdc2bM+JOa0HvWAt4OtZoQgrW/GN
         NX2vz2eQ+NR9KEmIqJ0Xt250UcMJAHihpF5QcBTiY4hg0UJF1+y5V/Ou0vnPdD5/0L/+
         SkGg==
X-Forwarded-Encrypted: i=1;
 AFNElJ8cJLE3tg0XraPv/u7PBpuizIvarXGZ1ucFKtOmMDZOWRNIk/IXhjT376cWKoUlavyu92SfOob6AMQ0aFmD@lists.postgresql.org
X-Gm-Message-State: AOJu0YxeOlk+dlWN94ge72ExqxkPDxDnZ6erR+oV8L7iTVSoLA87pwm0
	Qv33jQHhMUdgNXe9LqMw/qN0E/gO0YUGuwL/zpezCYft4YJbAH2wDplPZjScvOJbXf/Zr9FsKxB
	Goc7u0cyraFTY8UvfG46o255/RoeiZEs=
X-Gm-Gg: Acq92OF49ttrmmsNLnrazPsv7mQq0qAftzab54uXLWvnnTnKvhShq/EyIolWhrJ4mAn
	8mT3GEfoKJjKhzy2UgVSLJ8mm1uFXBoMbSXRpDzxfgdHS3nDW+gZIa+Q5oPyWKHFEzG0QCaA23m
	WtwMcDnwj3zLGKnrp5q/8NbFCMhcZNmKWZULQnJg9fYQxFAeLHMzbpomcxMlonHT7pKbZ739489
	OOUIhia0ZXRaPfLJaFUPTZT1CdvcXOYyLcTCM5v6riFcTlT7nFIA1WMuQxNycoqcjRQlEEPjkiZ
	6VuYa7ONBLGvEKoGaYC8oApPcpW7im38WvscJ/R5caVyVKpsYjeLsqLngvQBkqnvf9bDvHOE6Lu
	wOQ9KnYQDjd4HaX18gyV176brnQFTBmu+Yh1wjA==
X-Received: by 2002:a17:907:3f11:b0:bed:a213:a89b with SMTP id
 a640c23a62f3a-c043d7b4ff6mr98274166b.37.1781587787414; Mon, 15 Jun 2026
 22:29:47 -0700 (PDT)
MIME-Version: 1.0
References: 
 <TY4PR01MB177184FF9EE916F577E1F554194082@TY4PR01MB17718.jpnprd01.prod.outlook.com>
 <CAFC+b6o-hD5VxVLZQovmHSYykF8Qzq3eiuBU-U1F_yR9-y6P_w@mail.gmail.com>
 <TY4PR01MB177180A7CE60BCDF286B1C6F594172@TY4PR01MB17718.jpnprd01.prod.outlook.com>
 <CABPTF7VyH1-W2xnDspECDEzFGQj=WTFpZBCqKfM11OAZa6gQHQ@mail.gmail.com>
 <CAHGQGwE+2WSqiAYgNJRkf_twdB+uRGozjjGhUn76vUKZ8dzbSA@mail.gmail.com>
 <CABPTF7VeA8szPv7LYDVY9_7LftV-HM8NFVQR2natPKmr73JW+A@mail.gmail.com>
 <TY4PR01MB1771887D33612C5A45F7E9CDF941E2@TY4PR01MB17718.jpnprd01.prod.outlook.com>
 <CAA4eK1LqFBKCkX2eoX3iQPxJJnzWTaCpdh9zNotxuoG8BgjdtA@mail.gmail.com>
 <CAA4eK1LkRdbm5XA=qa82Rp_y4rnyJh8pypMWVqOezOZpzy=Oaw@mail.gmail.com>
 <CAHGQGwG_3ff4HciHtTZ_uMvbJgSDWsz4Yawj_zQpDG6Yj=Mjng@mail.gmail.com>
 <CABPTF7WBh_mKi60EYLiueaZ_cdJvnrOrpSt3hQkuZ_uY4w5duA@mail.gmail.com>
 <CAA4eK1LJ9=BJU2oK5aFCfvW=w2muSXNHOPM18wHXHLkRzYxhTQ@mail.gmail.com>
In-Reply-To: 
 <CAA4eK1LJ9=BJU2oK5aFCfvW=w2muSXNHOPM18wHXHLkRzYxhTQ@mail.gmail.com>
From: Xuneng Zhou <xunengzhou@gmail.com>
Date: Tue, 16 Jun 2026 13:29:35 +0800
X-Gm-Features: AVVi8CcbZFk5xommtJ7PnEAtieCCvDHuwvqhIQ-8eXpWqW8KKR9POELPIIoduhM
Message-ID: 
 <CABPTF7VdFwiROsch4T7VbOCqQYpRbh==gAZPM6tJeff5Ou80Qw@mail.gmail.com>
Subject: Re: Fix race in ReplicationSlotRelease for ephemeral slots
To: Amit Kapila <amit.kapila16@gmail.com>
Cc: Fujii Masao <masao.fujii@gmail.com>,
 "Zhijie Hou (Fujitsu)" <houzj.fnst@fujitsu.com>,
	Srinath Reddy Sadipiralla <srinath2133@gmail.com>,
	PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/CABPTF7VdFwiROsch4T7VbOCqQYpRbh%3D%3DgAZPM6tJeff5Ou80Qw%40mail.gmail.com>
Precedence: bulk

On Fri, Jun 12, 2026 at 6:54=E2=80=AFPM Amit Kapila <amit.kapila16@gmail.co=
m> wrote:
>
> On Fri, Jun 12, 2026 at 8:22=E2=80=AFAM Xuneng Zhou <xunengzhou@gmail.com=
> wrote:
> >
> > The issues look real to me and could be dealt with patch v1 partially.
> >
> > On Thu, Jun 11, 2026 at 9:19=E2=80=AFPM Fujii Masao <masao.fujii@gmail.=
com> wrote:
> > >
> > > On Thu, Jun 11, 2026 at 8:18=E2=80=AFPM Amit Kapila <amit.kapila16@gm=
ail.com> wrote:
> > > > 1. Stale name read in local_sync_slot_required(): The reused cell
> > > > holds a different name. local_sync_slot_required() might return fal=
se
> > > > (drop needed). But then the in_use && synced spinlock check sees
> > > > synced =3D false and skips the actual drop. The wrong decision is
> > > > caught.
> > >
> > > Yes, we could skip the actual drop. But then wouldn't we still emit
> > > the log message "dropped replication slot ..." even though no slot wa=
s
> > > actually dropped?
> >
> > With v1, we won't emit the log message unless the log is factually
> > dropped. However it did not prevent the stale read in
> > local_sync_slot_required().
> >
> > > > 2. Wrong database OID read at line 551: The reused cell holds OID_B
> > > > from the new slot. We lock OID_B, then at lines 563=E2=80=93565 we =
see synced
> > > > =3D false, skip the drop, and unlock OID_B at line 579. Since no dr=
op
> > > > occurred, the cell is still the same non-synced slot, so the lock a=
nd
> > > > unlock see the same OID_B. Symmetric =E2=80=94 no lock leak.
> > >
> > > What happens if the slot for OID_B is dropped after we lock
> > > OID_B, and then a new slot for OID_C reuses the same array entry? In
> > > that case, wouldn't the later unlock read OID_C from
> > > local_slot->data.database even though the lock was originally taken o=
n
> > > OID_B?
> >
> > V1 stops doing the venerable second read of local_slot->data.database.
> > So if the copied value was already stale and points to OID_B, v1 is at
> > least symmetric:
> >
> > read OID_B once
> > lock OID_B
> > cell reused as OID_C
> > unlock OID_B
> >
> > But v1 seems not to fully  solve issue 1.
> >
> > It can still do this:
> >
> > cell already reused before slot_database is copied
> > v1 copies OID_B from replacement slot
> > locks OID_B
> > recheck sees synced=3Dfalse
> > skips drop
> > unlocks OID_B
> >
> > That is still a stale read and possibly a wasted/wrong database lock,
> > but it doesn't leak the lock, unlocks the wrong object, logs a false
> > drop, or drops the replacement slot.
> >
> > In an off-list chat with Zhijie, we kinda thought that holding the
> > lock of a wrong db for a brief time doesn't seem to harm a lot. The
> > concurrent dropping-db operation leads to this issue seems rare in
> > practice. He stated that the deletion of the slot seems unavoidable
> > because we have to acquire the database lock after releasing the
> > replication slot lock to avoid the deadlock with the startup/drop db
> > operation. Therefore, he prefered keeping the design simple and
> > avoiding the fatal issue over doing a broader refactoring work.
> >
>
> +1. I also think this change is not worth it.

I am also OK with the scope of change made by patch 1.

> > don't have a strong opinion on this. Still attaching the refactoring
> > patch to do some clean-up in case someone thinks it's worthwhile.
> >
>
> I feel even if there is an argument to do such a refactoring, it can
> be done separately.

Makes sense to me.

--=20
Regards,
Xuneng Zhou
HighGo Software Co., Ltd.