From 02e8a63bded29edecffa3e94d6ab71174ef41770 Mon Sep 17 00:00:00 2001 From: Heikki Linnakangas Date: Tue, 6 Jan 2026 13:44:46 +0200 Subject: [PATCH v1 2/2] Add check for invalid offset at multixid truncation If a multixid with zero offset is left behind after a crash, and that multixid later becomes the oldest multixid, truncation might try to look up its offset and read the zero value. In the worst case, we might incorrectly use the zero offset to truncate valid SLRU segments that are still needed. I'm not sure if that can happen in practice, or if there are some other lower-level safeguards or incidental reasons that prevent the caller from passing an unwritten multixid as the oldest multi. But in any case, let's add an explicit check for it. Discussion: https://www.postgresql.org/message-id/37494009-784f-471d-b516-e03c56553d6a@iki.fi Backpatch-through: 14 --- src/backend/access/transam/multixact.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/src/backend/access/transam/multixact.c b/src/backend/access/transam/multixact.c index 39e07d5924f..5150ab1ecbd 100644 --- a/src/backend/access/transam/multixact.c +++ b/src/backend/access/transam/multixact.c @@ -2650,6 +2650,23 @@ TruncateMultiXact(MultiXactId newOldestMulti, Oid newOldestMultiDB) return; } + /* + * On crash, MultiXactIdCreateFromMembers() can leave behind multixids + * that were not yet written out and hence have zero offset on disk. If + * such a multixid becomes oldestMulti, we won't be able to look up its + * offset. That should be rare, so we don't try to do anything smart about + * it. Just skip the truncation, and hope that by the next truncation + * attempt, oldestMulti has advanced to a valid multixid. + */ + if (newOldestOffset == 0) + { + ereport(LOG, + (errmsg("cannot truncate up to MultiXact %u because it has invalid offset, skipping truncation", + newOldestMulti))); + LWLockRelease(MultiXactTruncationLock); + return; + } + elog(DEBUG1, "performing multixact truncation: " "oldestMulti %u (offsets segment %" PRIx64 "), " "oldestOffset %" PRIu64 " (members segment %" PRIx64 ")", -- 2.47.3