From eb706fde8302c32267518663032905556db21f57 Mon Sep 17 00:00:00 2001
From: David Rowley <drowley@postgresql.org>
Date: Thu, 22 Dec 2022 09:57:49 +1300
Subject: [PATCH] Fix newly introduced bug in slab.c

d21ded75f changed the way slab.c works but introduced a bug that meant we
could end up with the slab's curBlocklistIndex pointing to the wrong list.
The condition which was checking for this was failing to account for two
things:

1. The curBlocklistIndex could be 0 as we've currently got no non-full
blocks to put chunks on.  In this case, the dlist_is_empty() check cannot
be performed as there can be any number of completely full blocks at that
index.

2. The curBlocklistIndex may be greater than the index we just moved the
block onto.  Since we need to ensure we fill up fuller blocks first, we
must reset curBlocklistIndex when changing any blocklist element that's
less than the curBlocklistIndex too.

Reported-by: Takamichi Osumi
Discussion: https://postgr.es/m/TYCPR01MB8373329C6329768D7E093D68EDEB9@TYCPR01MB8373.jpnprd01.prod.outlook.com
---
 src/backend/utils/mmgr/slab.c | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/src/backend/utils/mmgr/slab.c b/src/backend/utils/mmgr/slab.c
index c366febdcc..784fe2b0fc 100644
--- a/src/backend/utils/mmgr/slab.c
+++ b/src/backend/utils/mmgr/slab.c
@@ -691,16 +691,20 @@ SlabFree(void *pointer)
 		dlist_push_head(&slab->blocklist[newBlocklistIdx], &block->node);
 
 		/*
-		 * It's possible that we've no blocks in the blocklist at the
-		 * curBlocklistIndex position.  When this happens we must find the
-		 * next blocklist index which contains blocks.  We can be certain
-		 * we'll find a block as at least one must exist for the chunk we're
-		 * currently freeing.
+		 * The blocklist[curBlocklistIdx] may now be empty or we may now be
+		 * able to use a lower-element blocklist.  We'll need to redetermine
+		 * what the slab->curBlocklistIndex is if the current blocklist was
+		 * changed or if a lower element one was changed.  We must ensure we
+		 * use the list with the fullest block(s).
 		 */
-		if (slab->curBlocklistIndex == curBlocklistIdx &&
-			dlist_is_empty(&slab->blocklist[curBlocklistIdx]))
+		if (slab->curBlocklistIndex >= curBlocklistIdx)
 		{
 			slab->curBlocklistIndex = SlabFindNextBlockListIndex(slab);
+
+			/*
+			 * We know there must be a block with at least 1 unused chunk as
+			 * we just pfree'd one.  Ensure curBlocklistIndex reflects this.
+			 */
 			Assert(slab->curBlocklistIndex > 0);
 		}
 	}
-- 
2.39.5