public inbox for [email protected]
help / color / mirror / Atom feedFrom: Tender Wang <[email protected]>
To: PostgreSQL Hackers <[email protected]>
Subject: Fix "detected double pfree in PgStat Snapshot 0x557d9926b400" error
Date: Wed, 8 Apr 2026 15:56:46 +0800
Message-ID: <CAHewXNkJKdwb3D5OnksrdOqzqUnXUEMpDam1TPW0vfUkW=7jUw@mail.gmail.com> (raw)
Hi,
In my recent SQLSmith test on HEAD, I found $SUBJECT.
The original query is too large and complex, and after reducing, I
found that the following short query can reproduce:
psql (19devel)
Type "help" for help.
postgres=# select NULLIF((SELECT score FROM pg_stat_autovacuum_scores LIMIT 1),
(SELECT score FROM pg_stat_autovacuum_scores LIMIT 1));
ERROR: detected double pfree in PgStat Snapshot 0x557d9926b400
Thanks to commit 095555d, this error can be surfaced. Before 095555d,
the above query succeeded.
I did research on this issue, and I found that after 5891c7a, the
PgStat_EntryRef can be cached if
stats_fetch_consistency > none.
If the value of stats_fetch_consistency is set to none, the query will
not report an error.
postgres=# set stats_fetch_consistency = none;
SET
postgres=# select NULLIF((SELECT score FROM pg_stat_autovacuum_scores LIMIT 1),
(SELECT score FROM pg_stat_autovacuum_scores LIMIT 1));
nullif
--------
(1 row)
If stats_fetch_consistency is cache or snapshot, when calling
pgstat_fetch_entry(),
the PgStat_EntryRef will be inserted into hash-table if it doesn't exist.
In relation_needs_vacanalyze(), at the end, the tabentry will be free if it
is not null.
In this case, we may get the same PgStat_EntryRef entry again from the
hash table, but it was pfree when it first appeared.
So, detected double pfree will be reported when pfree is called at the
end of relation_needs_vacanalyze().
If the pgstat_fetch_consistency > PGSTAT_FETCH_CONSISTENCY_NONE, we
should not free the entry.
I wrote a patch to fix this issue. Please see the attached patch.
--
Thanks,
Tender Wang
Attachments:
[application/octet-stream] 0001-Fix-double-pfree-for-PgStat_StatTabEntry.patch (827B, 2-0001-Fix-double-pfree-for-PgStat_StatTabEntry.patch)
download | inline diff:
From 7f99c6937445481473c084bbbb9add8c918d8e00 Mon Sep 17 00:00:00 2001
From: Tender Wang <[email protected]>
Date: Wed, 8 Apr 2026 15:18:00 +0800
Subject: [PATCH] Fix double pfree for PgStat_StatTabEntry
---
src/backend/postmaster/autovacuum.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/backend/postmaster/autovacuum.c b/src/backend/postmaster/autovacuum.c
index bd626a16363..9df82a4bb6a 100644
--- a/src/backend/postmaster/autovacuum.c
+++ b/src/backend/postmaster/autovacuum.c
@@ -3327,7 +3327,9 @@ relation_needs_vacanalyze(Oid relid,
anltuples, anlthresh, scores->anl,
scores->xid, scores->mxid);
- pfree(tabentry);
+ /* We can free the entry if we're not caching it */
+ if (pgstat_fetch_consistency == PGSTAT_FETCH_CONSISTENCY_NONE)
+ pfree(tabentry);
}
/*
--
2.34.1
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: Fix "detected double pfree in PgStat Snapshot 0x557d9926b400" error
In-Reply-To: <CAHewXNkJKdwb3D5OnksrdOqzqUnXUEMpDam1TPW0vfUkW=7jUw@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox