On Wed, 15 Apr 2026 at 22:21, Heikki Linnakangas <hlinnaka@iki.fi> wrote:
On 15/04/2026 16:57, Ayush Tiwari wrote: > Hi, > > The comment above the PM_STARTUP startup-process-failure case still says > that there are no other processes running yet, so the postmaster can just > exit. > > That no longer matches the current startup flow: PM_STARTUP may already > have auxiliary processes running by that point. The attached patch updates > that comment to describe the current behavior.
Hmm, shouldn't the postmaster kill and wait for the auxiliary processes to exit first in that case? ISTM we need code changes here, not just comments.
- Heikki
Yes, I agree, code change is required here.
The proper thing is to route this through the existing crash-handling path so the postmaster SIGQUITs the aux children and waits for them to exit before terminating.
I think the minimal change is:
1. Replace the ExitPostmaster(1) shortcut in the PM_STARTUP startup-failure case with HandleChildCrash(), which calls TerminateChildren(SIGQUIT) and transitions through the state machine. Set StartupStatus = STARTUP_CRASHED so the state machine does not try to reinitialize.
2. Let HandleFatalError() handle PM_STARTUP by transitioning to PM_WAIT_BACKENDS, instead of the current Assert(false).
The state machine already handles STARTUP_CRASHED at PM_NO_CHILDREN ("shutting down due to startup process failure"), so the exit path is already correct once all children have drained.
This issue was discussed in an older thread by Noah too, so, adding him in cc.
I can send in a proper patch if you think this is the right way to go.
