BUG #19438: segfault with temp_file_limit inside cursor - Mailing list pgsql-bugs
| From | PG Bug reporting form |
|---|---|
| Subject | BUG #19438: segfault with temp_file_limit inside cursor |
| Date | |
| Msg-id | 19438-9d37b179c56d43aa@postgresql.org Whole thread Raw |
| List | pgsql-bugs |
The following bug has been logged on the website: Bug reference: 19438 Logged by: Dmitriy Kuzmin Email address: kuzmin.db4@gmail.com PostgreSQL version: 14.22 Operating system: Rocky Linux 8.10 (Green Obsidian) Description: Greetings I experimented with setting temp_file_limit within a cursor and discovered a segmentation fault under certain circumstances. The issue exist in the current minors of 14 and 15 (14.22 and 15.17), but I was unable to reproduce it in version 16 or higher. To reproduce, simply run the following code. begin; declare cur1 cursor for select c, c c2 from generate_series(0, 1000000) x(c) order by c; \o /dev/null fetch all from cur1; set temp_file_limit TO '1MB'; fetch backward all from cur1; rollback ; Logs: 2026-03-25 16:24:58.264 MSK [3321241] ERROR: temporary file size exceeds temp_file_limit (1024kB) 2026-03-25 16:24:58.264 MSK [3321241] STATEMENT: fetch backward all from cur1; 2026-03-25 16:24:58.338 MSK [3320934] LOG: server process (PID 3321241) was terminated by signal 11: Segmentation fault 2026-03-25 16:24:58.338 MSK [3320934] DETAIL: Failed process was running: rollback ; 2026-03-25 16:24:58.338 MSK [3320934] LOG: terminating any other active server processes Backtrace on pastebin(postgresql 14.22): https://pastebin.com/2srPbzhN Backtrace(postgresql 14.22) [New LWP 3320966] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Core was generated by `postgres: postgres postgres [local]'. Program terminated with signal SIGSEGV, Segmentation fault. #0 pfree (pointer=0x2d81538) at mcxt.c:1202 1202 context->methods->free_p(context, pointer); #0 pfree (pointer=0x2d81538) at mcxt.c:1202 context = 0x0 #1 0x000000000095399f in tuplestore_end (state=0x2d81318) at tuplestore.c:462 i = 0 #2 0x0000000000946920 in PortalDrop (portal=0x2ccf7f8, isTopCommit=<optimized out>) at portalmem.c:585 oldcontext = 0x2c6c930 __func__ = "PortalDrop" #3 0x0000000000946a50 in CreatePortal (name=name@entry=0xaa970d "", allowDup=allowDup@entry=true, dupSilent=dupSilent@entry=true) at portalmem.c:193 portal = 0x2ccf7f8 __func__ = "CreatePortal" #4 0x0000000000801116 in exec_simple_query (query_string=0x2c6ca48 "rollback ;") at postgres.c:1124 snapshot_set = false per_parsetree_context = 0x0 plantree_list = 0x2c6d7d0 parsetree = 0x2c6d450 commandTag = CMDTAG_ROLLBACK qc = {commandTag = CMDTAG_UNKNOWN, nprocessed = 1064392740122972416} querytree_list = <optimized out> portal = <optimized out> receiver = <optimized out> format = 0 parsetree_item__state = {l = 0x2c6d480, i = 0} dest = DestRemote oldcontext = 0x2d22810 parsetree_list = 0x2c6d480 parsetree_item = <optimized out> save_log_statement_stats = false was_logged = false use_implicit_block = false msec_str = "Z\000\000\000\000\000\000\000Q\000\000\000\000\000\000\000\370\227\311\002\000\000\000\000\267\360\222\000\000\000\000" __func__ = "exec_simple_query" #5 0x0000000000802a6d in PostgresMain (argc=argc@entry=1, argv=argv@entry=0x7ffcd5351a90, dbname=<optimized out>, username=<optimized out>) at postgres.c:4571 query_string = 0x2c6ca48 "rollback ;" firstchar = <optimized out> input_message = {data = 0x2c6ca48 "rollback ;", len = 11, maxlen = 1024, cursor = 11} local_sigjmp_buf = {{__jmpbuf = {140723885512688, 7291976700258799160, 46766072, 0, 3, 582, -7292484179921744328, 7291977799450480184}, __mask_was_saved = 1, __saved_mask = {__val = {4194304, 140723885518811, 0, 0, 140723885513328, 140321394626256, 1064392740122972416, 206158430232, 9872339, 206158430240, 140723885513248, 140723885513056, 1064392740122972416, 46728512, 0, 11180896}}}} send_ready_for_query = false idle_in_transaction_timeout_enabled = false idle_session_timeout_enabled = false __func__ = "PostgresMain" #6 0x00000000007816ca in BackendRun (port=<optimized out>, port=<optimized out>) at postmaster.c:4543 av = {0x972bd4 "postgres", 0x0} ac = 1 av = <optimized out> ac = <optimized out> #7 BackendStartup (port=<optimized out>) at postmaster.c:4265 bn = <optimized out> pid = <optimized out> bn = <optimized out> pid = <optimized out> __func__ = "BackendStartup" __errno_location = <optimized out> __errno_location = <optimized out> save_errno = <optimized out> __errno_location = <optimized out> __errno_location = <optimized out> #8 ServerLoop () at postmaster.c:1752 port = <optimized out> i = <optimized out> rmask = {fds_bits = {256, 0 <repeats 15 times>}} selres = <optimized out> now = <optimized out> readmask = {fds_bits = {960, 0 <repeats 15 times>}} nSockets = <optimized out> last_lockfile_recheck_time = 1774444257 last_touch_time = 1774444257 __func__ = "ServerLoop" #9 0x0000000000782539 in PostmasterMain (argc=argc@entry=3, argv=argv@entry=0x2c65120) at postmaster.c:1424 opt = <optimized out> status = <optimized out> userDoption = <optimized out> listen_addr_saved = true i = <optimized out> output_config_variable = <optimized out> __func__ = "PostmasterMain" #10 0x0000000000500bde in main (argc=3, argv=0x2c65120) at main.c:211 No locals.
pgsql-bugs by date: