Release lock after encountering bogs row in vac_truncate_clog()

When vac_truncate_clog() encounters bogus datfrozenxid / datminmxid values, it
returns early. Unfortunately, until now, it did not release
WrapLimitsVacuumLock. If the backend later tries to acquire
WrapLimitsVacuumLock, the session / autovacuum worker hangs in an
uncancellable way. Similarly, other sessions will hang waiting for the
lock. However, if the backend holding the lock exited or errored out for some
reason, the lock was released.

The bug was introduced as a side effect of 566372b3d643.

It is interesting that there are no production reports of this problem. That
is likely due to a mix of bugs leading to bogus values having gotten less
common, process exit releasing locks and instances of hangs being hard to
debug for "normal" users.

Discussion: https://postgr.es/m/20230621221208.vhsqgduwfpzwxnpg@awork3.anarazel.de

diff --git a/src/backend/commands/vacuum.c b/src/backend/commands/vacuum.c
index e32e7febf9e0501d55664063acc9b63d6f070fa5..fca5b6c855de25706e133a6bea31c7f80c27d5ad 100644 (file)
--- a/src/backend/commands/vacuum.c
+++ b/src/backend/commands/vacuum.c
@@ -1792,12 +1792,16 @@ vac_truncate_clog(TransactionId frozenXID,
        ereport(WARNING,
                (errmsg("some databases have not been vacuumed in over 2 billion transactions"),
                 errdetail("You might have already suffered transaction-wraparound data loss.")));
+       LWLockRelease(WrapLimitsVacuumLock);
        return;
    }
 
    /* chicken out if data is bogus in any other way */
    if (bogus)
+   {
+       LWLockRelease(WrapLimitsVacuumLock);
        return;
+   }
 
    /*
     * Advance the oldest value for commit timestamps before truncating, so