On 15/04/2026 16:57, Ayush Tiwari wrote:
> Hi,
>
> The comment above the PM_STARTUP startup-process-failure case still says
> that there are no other processes running yet, so the postmaster can just
> exit.
>
> That no longer matches the current startup flow: PM_STARTUP may already
> have auxiliary processes running by that point. The attached patch updates
> that comment to describe the current behavior.
Hmm, shouldn't the postmaster kill and wait for the auxiliary processes
to exit first in that case? ISTM we need code changes here, not just
comments.
- Heikki
Yes, I agree, code change is required here.
The proper thing is to
route this through the existing crash-handling path so the postmaster
SIGQUITs the aux children and waits for them to exit before terminating.
I think the minimal change is:
1. Replace the ExitPostmaster(1) shortcut in the PM_STARTUP
startup-failure case with HandleChildCrash(), which calls
TerminateChildren(SIGQUIT) and transitions through the state
machine. Set StartupStatus = STARTUP_CRASHED so the state
machine does not try to reinitialize.
2. Let HandleFatalError() handle PM_STARTUP by transitioning to
PM_WAIT_BACKENDS, instead of the current Assert(false).
The state machine already handles STARTUP_CRASHED at PM_NO_CHILDREN
("shutting down due to startup process failure"), so the exit path is
already correct once all children have drained.
This issue was discussed in an older thread by Noah too, so, adding him in cc.
I can send in a proper patch if you think this is the right way to go.
Regards,
Ayush