From 0db213c05c1fb5df84950159ad991059a40c3d71 Mon Sep 17 00:00:00 2001 From: Anthonin Bonnefoy Date: Tue, 3 Mar 2026 17:42:40 +0100 Subject: Fix stuck shutdown due to unflushed records Shutdown sequence may be stuck indefinitely under the following circumstances: - Data checksums is enabled - A logical replication walsender is running - A select in an explicit transaction tries to prune a full heap page, wrote a FPI_FOR_HINT record which crosses the page boundary - The select is rollbacked (or killed) - 'pg_ctl stop' is sent The FPI_FOR_HINT record is likely going to be a contrecord and starts a new page. However, as the select is rollbacked, XLogSetAsyncXactLSN isn't called to advance the LSN to include this record. When the checkpointer starts ShutdownXLOG(), all walsenders will be notified to stop. However, the logical replication walsender will be stuck in the following infinite loop: - Tries to read the last FPI_FOR_HINT record - The page with the record header is read - tot_len > len, the record needs to be reassembled - Tries to read the next page containing the rest of the record. It fails since this page was never written. - xlog reader state is reset with XLogReaderInvalReadState - It goes back to the start of WalSndLoop's loop There are some attempts done by the walsender to flush the WAL using XLogBackgroundFlush. However, XLogBackgroundFlush only writes completed blocks, or up to the latest known async lsn. Since the select was rollbacked, XLogBackgroundFlush doesn't flush the next partial page. This patch fixes the issue by advancing flushing all records before signaling the walsenders to stop, avoiding the case where the walsenders read a partially written record. --- src/backend/access/transam/xlog.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/backend/access/transam/xlog.c b/src/backend/access/transam/xlog.c index 354ac645bdc..31afb249d5b 100644 --- a/src/backend/access/transam/xlog.c +++ b/src/backend/access/transam/xlog.c @@ -6710,6 +6710,8 @@ GetLastSegSwitchData(XLogRecPtr *lastSwitchLSN) void ShutdownXLOG(int code, Datum arg) { + XLogRecPtr WriteRqstPtr; + /* * We should have an aux process resource owner to use, and we should not * be in a transaction that's installed some other resowner. @@ -6723,6 +6725,15 @@ ShutdownXLOG(int code, Datum arg) ereport(IsPostmasterEnvironment ? LOG : NOTICE, (errmsg("shutting down"))); + /* + * We may have unflushed records, make sure everything is flushed before + * stopping the walsenders. + */ + SpinLockAcquire(&XLogCtl->info_lck); + WriteRqstPtr = XLogCtl->LogwrtRqst.Write; + SpinLockRelease(&XLogCtl->info_lck); + XLogFlush(WriteRqstPtr); + /* * Signal walsenders to move to stopping state. */ -- 2.52.0