Critical Regression Alert: MultiXactOffsetSLRU Deadlock in PostgreSQL 14–16 Minor Releases

The PostgreSQL community is currently navigating a significant technical challenge following the discovery of a regression introduced in the May 14th minor releases. This bug, which affects PostgreSQL versions 14.23, 15.18, and 16.14, manifests as a MultiXactOffsetSLRU deadlock during transaction log (WAL) replay. The issue has caused considerable concern among database administrators, particularly those managing high-availability environments that rely on streaming replication or point-in-time recovery (PITR).
As organizations scramble to assess their infrastructure, this article provides a comprehensive overview of the bug, the current state of investigation, and the recommended strategies for mitigation.
The Technical Core: Understanding the Regression
At the heart of the issue is a failure in the Sub-transaction/Multi-transaction log (SLRU) management during the recovery process. The regression specifically impacts how the system handles MultiXactOffsetSLRU under specific, high-load conditions during WAL replay.
When a PostgreSQL standby node is running a newer minor version than the primary, or when a PITR process encounters logs generated by a combination of mixed-version nodes, the WAL replay mechanism can trigger a circular dependency—a deadlock. In this state, the replay process halts, effectively stalling the standby and rendering it unable to catch up with the primary. For many users, this manifests as a "stuck" standby that reports no progress in replication logs despite the primary continuing to function normally.
Chronology of the Discovery
The timeline of this incident highlights the rapid response of the open-source community to identifying and documenting critical failures.
- May 14th: The PostgreSQL Global Development Group releases minor versions 14.23, 15.18, and 16.14, intended to address various security vulnerabilities and stability fixes.
- May 20th: Radim Marek, a database engineer from BoringSQL, provides the first public report of the deadlock (Bug #19490). Marek’s detailed analysis provided the initial breadcrumbs necessary for other developers to reproduce the issue.
- Late May: As the news permeated the community, reports flooded the
pgsql-bugsandpgsql-adminmailing lists. Simultaneously, thecredativOpen-Source Support Center began receiving urgent inquiries from enterprise clients experiencing identical symptoms. - June: Technical discourse shifted from "What is happening?" to "How do we fix this?" as developers analyzed whether an out-of-band release was necessary.
Detailed Analysis: Who is Affected?
The bug is not universal; it is highly dependent on the deployment architecture of the database cluster. The most common scenario for encountering this deadlock involves an asymmetric upgrade pattern.
The Asymmetric Version Trap
The industry-standard best practice for patching PostgreSQL has long been to upgrade the standby nodes first to ensure they are prepared for a failover, followed by the primary. However, this specific bug turns that best practice into a liability.
If the primary node is running an older minor version and the standby is upgraded to the latest (14.23, 15.18, or 16.14), the standby becomes susceptible to the deadlock. In many enterprise environments, where patching cycles are staggered, this creates a "version gap." Organizations that only perform maintenance every few minor releases are at the highest risk, as they are more likely to have a significant gap between the primary and the standby.
Impact on Recovery
Beyond streaming replication, the issue also plagues Point-in-Time Recovery (PITR). If a database administrator attempts to perform a restore using the latest minor version binaries, but the WAL files originated from a slightly older version, the replay process may hang indefinitely during the recovery phase, making the backup effectively inaccessible until the binary version is matched or the bug is resolved.
Circumventing the Issue: Immediate Mitigation Strategies
For administrators who have already updated their standbys and are now seeing replication lag or deadlocks, the situation requires immediate intervention.
1. Reverting the Standby (The Primary Recommendation)
The most effective, albeit inconvenient, workaround currently available is to downgrade the affected standby nodes to the previous minor version. By aligning the binary version of the standby with the primary, the conditions required to trigger the MultiXactOffsetSLRU deadlock are removed.
2. Avoiding the Upgrade
If your organization has not yet applied the May 14th updates, the most prudent course of action is to delay the upgrade of your standby and PITR infrastructure until a patch or an official fix is released. While security patches are vital, a total replication stall can lead to data loss or significant downtime, which may present a higher immediate risk depending on your threat model and environment.

Official Responses and the Release Dilemma
The PostgreSQL community operates on a strict release cadence. When a critical bug is discovered, the community must weigh the urgency of a "hotfix" against the stability and testing requirements of the PostgreSQL project.
The Case for an Out-of-Band Release
Several contributors, including members of the credativ team, have lobbied for an out-of-band release. The severity of a deadlock that prevents recovery is objectively high; in many cases, this is considered a "showstopper" bug because it breaks the fundamental guarantee of reliable standby synchronization.
The Constraints of the Development Cycle
However, the reality of the release cycle is dictated by the upcoming PostgreSQL 19 Beta 2, scheduled for mid-July. Coordinating an emergency patch for three separate major branches (14, 15, and 16) requires rigorous testing to ensure no further regressions are introduced. Given the proximity to the next scheduled minor release window, the development core has been hesitant to disrupt the current testing cycle.
As it stands, the prevailing consensus among the core developers suggests that an out-of-band release is unlikely. The community is being encouraged to rely on the downgrade method as the official "interim solution."
Implications for Database Architecture
This incident serves as a stark reminder of the complexities involved in managing distributed database systems.
The Illusion of "Minor" Upgrades
The term "minor release" often suggests low-risk, incremental changes. However, as this bug demonstrates, even a minor change to internal SLRU management can have cascading effects on the stability of a cluster. This highlights the critical importance of testing patches in a staging environment that mirrors the production architecture—specifically regarding version asymmetry.
The Evolution of HA Monitoring
For those managing high-availability clusters, this bug underscores the need for proactive monitoring. Standard monitoring tools often alert when replication stops, but they do not always diagnose the reason for the stall. Advanced monitoring that includes WAL replay inspection is no longer a "nice-to-have" but a requirement for modern PostgreSQL operations.
The Role of Community Support
The rapid identification of this bug was only possible due to the collaborative nature of the PostgreSQL ecosystem. From the initial report by Radim Marek to the follow-up discussions on the mailing lists, the transparency of the PostgreSQL development process allowed users to identify, share, and solve the problem long before it could lead to widespread data corruption.
Conclusion: Looking Ahead
While the MultiXactOffsetSLRU deadlock is undoubtedly a source of stress for many DBAs, it is a localized issue that can be managed through careful version control and adherence to the community-suggested workarounds.
As the PostgreSQL project continues to evolve, the lessons learned from this incident will likely influence future testing protocols for WAL replay stability. In the meantime, administrators are advised to:
- Audit their versions: Ensure they know exactly which minor versions are running across their primary and standby nodes.
- Monitor closely: Watch replication status for any unusual hanging patterns.
- Engage with the community: Stay updated on the official PostgreSQL mailing lists for any changes to the release schedule.
The resilience of the PostgreSQL project is rooted in its openness. By documenting these regressions and providing clear paths for mitigation, the community ensures that even in the face of unexpected bugs, the data remains safe and the systems remain manageable.
For further assistance or to report your own findings, please consult the official PostgreSQL Bug Reporting page.
