Re: Server crash: Use-after-free in AfterTriggerEndQuery()
Anthonin Bonnefoy <anthonin.bonnefoy@datadoghq.com>
From: Anthonin Bonnefoy <anthonin.bonnefoy@datadoghq.com>
To: Amit Langote <amitlangote09@gmail.com>
Cc: Amul Sul <sulamul@gmail.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2026-05-06T08:13:57Z
Lists: pgsql-hackers
Hi, On Tue, May 5, 2026 at 8:38 AM Amul Sul <sulamul@gmail.com> wrote: > Here is the reproducible test that has an AFTER INSERT trigger on a > referenced table that recursively inserts rows into itself: > > -- > create table trigger_recursive_pk (id int primary key); > create table trigger_recursive_fk (id int references trigger_recursive_pk(id)); > insert into trigger_recursive_pk select g from generate_series(1, 15) g; > > create function trigger_recursive_fn() returns trigger language plpgsql as $$ > begin > if new.id < 10 then > insert into trigger_recursive_fk values (new.id + 1); > end if; > return new; > end$$; > > create trigger trigger_recursive after insert on trigger_recursive_fk > for each row execute function trigger_recursive_fn(); > > insert into trigger_recursive_fk values (1); > -- I've managed to reproduce the issue on the current HEAD thanks to the script. Doing a git bissect, the failure was introduced with 34a30786293005 when the batch_callbacks list was added. > The attached patch fixes the reported issue by recomputing qs > immediately before calling FireAfterTriggerBatchCallbacks(). The patch fixes the issue and the change looks reasonable. Regards, Anthonin Bonnefoy