public inbox for [email protected]
help / color / mirror / Atom feedFrom: Alexander Korotkov <[email protected]>
To: SATYANARAYANA NARLAPURAM <[email protected]>
Cc: PostgreSQL Hackers <[email protected]>
Cc: PostgreSQL-development <[email protected]>
Subject: Re: Bug: WAIT FOR LSN crashes with assertion failure inside PL/pgSQL DO blocks and procedures
Date: Thu, 9 Apr 2026 15:28:16 +0300
Message-ID: <CAPpHfdtJ_oZ3qJvXWAtOV4k02=m1P6AQUgoBofNgytQ3KyotbQ@mail.gmail.com> (raw)
In-Reply-To: <CAHg+QDevycEwWfTMJ6ADZQJR9YSMcsAf=Dg=vH2R8Efcx1NH1w@mail.gmail.com>
References: <CAHg+QDcN-n3NUqgRtj=BQb9fFQmH8-DeEROCr=PDbw_BBRKOYA@mail.gmail.com>
<CAPpHfdsZ6YrzX-5uenwvw1VXuG7mpBXSOT6JFTg6aCCC0SaNEg@mail.gmail.com>
<CAHg+QDevycEwWfTMJ6ADZQJR9YSMcsAf=Dg=vH2R8Efcx1NH1w@mail.gmail.com>
On Thu, Apr 9, 2026 at 10:27 AM SATYANARAYANA NARLAPURAM
<[email protected]> wrote:
> On Wed, Apr 8, 2026 at 11:00 PM Alexander Korotkov <[email protected]> wrote:
>> On Thu, Apr 9, 2026 at 5:03 AM SATYANARAYANA NARLAPURAM
>> <[email protected]> wrote:
>> > An assertion failure (server crash in assert-enabled builds) occurs when WAIT FOR LSN ... INTO is used inside PL/pgSQL DO blocks or within void procedures.
>> >
>> > Repro:
>> >
>> > -- Run this on a standby
>> >
>> > CREATE PROCEDURE test_wait()
>> > LANGUAGE plpgsql AS $$
>> > DECLARE
>> > result text;
>> > BEGIN
>> > WAIT FOR LSN '0/1234' INTO result;
>> > RAISE NOTICE '%', result;
>> > END;
>> > $$;
>> > CALL test_wait();
>> >
>> >
>> > The WAIT FOR itself succeeds, but the very next PL/pgSQL statement that requires a snapshot crashes the backend with:
>> >
>> > TRAP: failed Assert("portal->portalSnapshot == NULL"),
>> > File: "pquery.c", Line: 1776
>> >
>> > Attached patches for both the test case and a potential fix. Please review.
>>
>> Thank you for reporting. But I doubt the fix is correct. Even that
>> this particular might work OK, I don't think it's safe to release
>> snapshots belonging to functions/procedures: it might affect them. I
>> tend to think we must forbid wrapping WAIT FOR LSN with
>> functions/procedures. I'll explore more on this today.
>
>
> Agreed, attached a v2 patch with your suggestion on preventing it running
> from procedures.
Thank you. I've slightly revised your patch. I'm going to push it if
no objections.
------
Regards,
Alexander Korotkov
Supabase
Attachments:
[application/octet-stream] v3-0001-Explicitly-forbid-WAIT-FOR-inside-functions-and-p.patch (5.2K, 2-v3-0001-Explicitly-forbid-WAIT-FOR-inside-functions-and-p.patch)
download | inline diff:
From 0d3b3a12357f65dc6ff0af54aabdaf88dbcd2a9b Mon Sep 17 00:00:00 2001
From: Alexander Korotkov <[email protected]>
Date: Thu, 9 Apr 2026 15:02:32 +0300
Subject: [PATCH v3] Explicitly forbid WAIT FOR inside functions and procedures
Previously we were relying on snapshot-based check to detect such cases.
However, it appears that when WAIT FOR is wrapped into a stored procedure
it could pass this check causing an error elsewhere. This commit implments
an explicit isTopLevel check to reject WAIT FOR when called from within
a function or procedure. The isTopLevel check catches this case early with
a clear error message, matching the pattern used by other utility commands
like VACUUM and REINDEX. The snapshot check is retained for the remaining
case: transactions with isolation level higher than READ COMMITTED.
Also add a test for WAIT FOR LSN wrapped in a procedure, complementing
the existing test that uses a function wrapper.
Reported-by: Satyanarayana Narlapuram <[email protected]>
Discussion: https://postgr.es/m/CAHg%2BQDcN-n3NUqgRtj%3DBQb9fFQmH8-DeEROCr%3DPDbw_BBRKOYA%40mail.gmail.com
Author: Satyanarayana Narlapuram <[email protected]>
Reviewed-by: Alexander Korotkov <[email protected]>
---
src/backend/commands/wait.c | 15 +++++++++++++--
src/backend/tcop/utility.c | 3 ++-
src/include/commands/wait.h | 3 ++-
src/test/recovery/t/049_wait_for_lsn.pl | 21 +++++++++++++++++++--
4 files changed, 36 insertions(+), 6 deletions(-)
diff --git a/src/backend/commands/wait.c b/src/backend/commands/wait.c
index 85fcd463b4c..ec132e125a5 100644
--- a/src/backend/commands/wait.c
+++ b/src/backend/commands/wait.c
@@ -31,7 +31,8 @@
void
-ExecWaitStmt(ParseState *pstate, WaitStmt *stmt, DestReceiver *dest)
+ExecWaitStmt(ParseState *pstate, WaitStmt *stmt, bool isTopLevel,
+ DestReceiver *dest)
{
XLogRecPtr lsn;
int64 timeout = 0;
@@ -135,6 +136,16 @@ ExecWaitStmt(ParseState *pstate, WaitStmt *stmt, DestReceiver *dest)
}
}
+ /*
+ * WAIT FOR must not run inside a function or procedure. Forbid this case
+ * upfront.
+ */
+ if (!isTopLevel)
+ ereport(ERROR,
+ (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
+ errmsg("%s cannot be executed from a function or procedure",
+ "WAIT FOR")));
+
/*
* We are going to wait for the LSN. We should first care that we don't
* hold a snapshot and correspondingly our MyProc->xmin is invalid.
@@ -161,7 +172,7 @@ ExecWaitStmt(ParseState *pstate, WaitStmt *stmt, DestReceiver *dest)
ereport(ERROR,
errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
errmsg("WAIT FOR must be called without an active or registered snapshot"),
- errdetail("WAIT FOR cannot be executed from a function or procedure, nor within a transaction with an isolation level higher than READ COMMITTED."));
+ errdetail("WAIT FOR cannot be executed within a transaction with an isolation level higher than READ COMMITTED."));
/*
* As the result we should hold no snapshot, and correspondingly our xmin
diff --git a/src/backend/tcop/utility.c b/src/backend/tcop/utility.c
index 1d34c19913e..73a56f1df1d 100644
--- a/src/backend/tcop/utility.c
+++ b/src/backend/tcop/utility.c
@@ -1062,7 +1062,8 @@ standard_ProcessUtility(PlannedStmt *pstmt,
case T_WaitStmt:
{
- ExecWaitStmt(pstate, (WaitStmt *) parsetree, dest);
+ ExecWaitStmt(pstate, (WaitStmt *) parsetree, isTopLevel,
+ dest);
}
break;
diff --git a/src/include/commands/wait.h b/src/include/commands/wait.h
index 521a312908d..a563579695c 100644
--- a/src/include/commands/wait.h
+++ b/src/include/commands/wait.h
@@ -16,7 +16,8 @@
#include "parser/parse_node.h"
#include "tcop/dest.h"
-extern void ExecWaitStmt(ParseState *pstate, WaitStmt *stmt, DestReceiver *dest);
+extern void ExecWaitStmt(ParseState *pstate, WaitStmt *stmt, bool isTopLevel,
+ DestReceiver *dest);
extern TupleDesc WaitStmtResultDesc(WaitStmt *stmt);
#endif /* WAIT_H */
diff --git a/src/test/recovery/t/049_wait_for_lsn.pl b/src/test/recovery/t/049_wait_for_lsn.pl
index bf61b8c47cf..e108301ccdb 100644
--- a/src/test/recovery/t/049_wait_for_lsn.pl
+++ b/src/test/recovery/t/049_wait_for_lsn.pl
@@ -215,10 +215,27 @@ $node_standby->psql(
'postgres',
"SELECT pg_wal_replay_wait_wrap('${lsn3}');",
stderr => \$stderr);
-ok( $stderr =~
- /WAIT FOR must be called without an active or registered snapshot/,
+ok($stderr =~ /WAIT FOR cannot be executed from a function or procedure/,
"get an error when running within another function");
+$node_primary->safe_psql(
+ 'postgres', qq[
+CREATE PROCEDURE pg_wal_replay_wait_proc(target_lsn pg_lsn) AS \$\$
+ BEGIN
+ EXECUTE format('WAIT FOR LSN %L;', target_lsn);
+ END
+\$\$
+LANGUAGE plpgsql;
+]);
+
+$node_primary->wait_for_catchup($node_standby);
+$node_standby->psql(
+ 'postgres',
+ "CALL pg_wal_replay_wait_proc('${lsn3}');",
+ stderr => \$stderr);
+ok($stderr =~ /WAIT FOR cannot be executed from a function or procedure/,
+ "get an error when running within a procedure");
+
# 6. Check parameter validation error cases on standby before promotion
my $test_lsn =
$node_primary->safe_psql('postgres', "SELECT pg_current_wal_insert_lsn()");
--
2.39.5 (Apple Git-154)
view thread (11+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: Bug: WAIT FOR LSN crashes with assertion failure inside PL/pgSQL DO blocks and procedures
In-Reply-To: <CAPpHfdtJ_oZ3qJvXWAtOV4k02=m1P6AQUgoBofNgytQ3KyotbQ@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox