Thread

  1. Re: Server crash: Use-after-free in AfterTriggerEndQuery()

    Anthonin Bonnefoy <anthonin.bonnefoy@datadoghq.com> — 2026-05-06T08:13:57Z

    Hi,
    
    On Tue, May 5, 2026 at 8:38 AM Amul Sul <sulamul@gmail.com> wrote:
    > Here is the reproducible test that has an AFTER INSERT trigger on a
    > referenced table that recursively inserts rows into itself:
    >
    > --
    > create table trigger_recursive_pk (id int primary key);
    > create table trigger_recursive_fk (id int references trigger_recursive_pk(id));
    > insert into trigger_recursive_pk select g from generate_series(1, 15) g;
    >
    > create function trigger_recursive_fn() returns trigger language plpgsql as $$
    > begin
    >     if new.id < 10 then
    >         insert into trigger_recursive_fk values (new.id + 1);
    >     end if;
    >     return new;
    > end$$;
    >
    > create trigger trigger_recursive after insert on trigger_recursive_fk
    >     for each row execute function trigger_recursive_fn();
    >
    > insert into trigger_recursive_fk values (1);
    > --
    
    I've managed to reproduce the issue on the current HEAD thanks to the
    script. Doing a git bissect, the failure was introduced with
    34a30786293005 when the batch_callbacks list was added.
    
    > The attached patch fixes the reported issue by recomputing qs
    > immediately before calling FireAfterTriggerBatchCallbacks().
    
    The patch fixes the issue and the change looks reasonable.
    
    Regards,
    Anthonin Bonnefoy