sql/importer: fix duplicated row count and lost update for progress #152397
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This change is |
ZhouXing19
force-pushed
the
import-job-summary-entrycounts
branch
14 times, most recently
from
52fc6f2 to
9ab713e
Compare
…lication
Previously, the accumulated bulk summary was initialized using
`getLastImportSummary(job)`, which could carry over stats from previous
import attempts. This caused duplication of bulk operation statistics
across different attempts of the same import statement execution.
Now initialize `accumulatedBulkSummary` with an empty `kvpb.BulkOpSummary{}`
to ensure each import attempt starts with a clean state and prevents
duplicate entry counts in the job progress summary.
Release note (bug fix): deduplicate import job bulk op summaries in case of import retries.
Previously, concurrent job updates (e.g., progress updates and
pause/cancel requests) could result in lost updates due to
read-then-write race conditions. Both operations would SELECT job data,
modify it in memory, then UPDATE back to the database using separate
transactions, causing the later transaction to overwrite changes from
the earlier one.
This was particularly problematic for import jobs where: 1. A progress
update routine periodically updates job progress every 10 seconds 2.
Pause/cancel requests can occur concurrently during job execution Both
use job.NoTxn() which creates independent transactions that can
interfere.
An example timeline would be:
```
-- Transaction 1 (Progress) -- Transaction 2 (Pause)
BEGIN;
SELECT progress WHERE job_id=123;
-- reads ResumePos[0] = 10
BEGIN;
SELECT progress WHERE job_id=123;
-- reads ResumePos[0] = 10
UPDATE progress
SET ResumePos[0] = 20
WHERE job_id=123;
COMMIT;
UPDATE jobs
SET status='pause', progress=old_progress
WHERE job_id=123;
-- overwrites with ResumePos[0] = 10
COMMIT;
-- Result: Progress update (20) LOST!
```
The race condition was reproducible by stress testing
TestImportDefaultWithResume.
This commit fixes it by changing the job selection query to a
`SELECT FOR UPDATE` statement in Updater.update(), ensuring that
concurrent transactions serialize access to job records. While this
introduces some performance overhead due to row-level locking, it
prevents silent data corruption and ensures job progress accuracy.
Release notes (bug fix): change job selection query to a SELECT FOR UPDATE statementin Updater.update(), ensuring that concurrent transactions serialize access to job records. While this introduces some performance overhead due to row-level locking, it prevents silent data corruption and ensures job progress accuracy.
…rations The test was hanging when schema change jobs used FOR UPDATE locks because of a circular dependency: the intercepted schema job held database locks while the test tried to cancel it through the beforeUpdate hook mechanism. This change reorders the operations to resume the schema job (releasing FOR UPDATE locks) before attempting cancellation, preventing the deadlock where cancelJob's database operations would block waiting for locks held by the job update query. Fixes the timeout in TestMigrationWithFailures/fail_adding_columns and other test cases that use cancelSchemaJob: true. Release note: None
…ting When FOR UPDATE locks are used in job update queries, the timing of context cancellation changes, which can cause statement timeouts to be reported as generic "query execution canceled" errors instead of the expected "query execution canceled due to statement timeout" message. The issue occurs because FOR UPDATE locks can block the polling queries in WaitForJobs longer, changing when and how context cancellation is detected. This results in cancelchecker.QueryCanceledError being returned instead of the timeout-specific error path being taken. Release note: None
ZhouXing19
force-pushed
the
import-job-summary-entrycounts
branch
from
1cb018e to
f39dc36
Compare
ZhouXing19
changed the title
ZhouXing19
requested review from
mw5h,
yuzefovich and
michae2
and removed request for
mw5h
|
I feel like I'm missing something wrt to the timelines in the SFU commit; can you help me understand how the second transaction doesn't just get txn restart? I would expect it to hit the intent for the first one if it hasn't committed, or a write too old if it has, and then fail to refresh its (now stale) read when it tries to move its ts past the first txn, and then do a full restart? |
|
Ah, nevermind, I see there is more detail over on #152519. I'll review its thread and comment there if I'm still not following. |
|
Do these transactions updating the jobs progress ever run under Read Committed isolation? Or always under Serializable? |
|
I believe the internal executor only support serializable. |
|
We met on Friday to dig into what was going on here together; there is a summary on slack but TL;DR is we don’t have an SSI violation as originally suggested, just some buggy IMPORT code that has side-effects (0’ing a buffer) in a txn that only becomes visible on retry. |
|
Closing in favour of #152745 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
sql/importer: initialize bulk summary with empty state to prevent duplication
Fixes #152543
Previously, the accumulated bulk summary was initialized using
getLastImportSummary(job), which could carry over stats from previous import attempts (i.e. resuming the same import job). This caused duplication of bulk operation statistics across different attempts of the same import statement execution.Now initialize
accumulatedBulkSummarywith an emptykvpb.BulkOpSummary{}to ensure each import attempt starts with a clean state and prevents duplicate entry counts in the job progress summary.Release note (bug fix): deduplicate import job bulk op summaries in case of import retries.
jobs: add SELECT FOR UPDATE to prevent race conditions in job updates
Fixes #152519
Previously, concurrent job updates (e.g., progress updates and pause/cancel requests) could result in lost updates due to
read-then-write race conditions. Both operations would SELECT job data, modify it in memory, then UPDATE back to the database using separate transactions, causing the later transaction to overwrite changes from the earlier one.
This was particularly problematic for import jobs where:
Both use
job.NoTxn()which creates independent transactions that can interfere.An example timeline would be:
The race condition was reproducible by stress testing
TestImportDefaultWithResume.This commit fixes it by changing the job selection query to a
SELECT FOR UPDATEstatement in Updater.update(), ensuring that concurrent transactions serialize access to job records. While this introduces some performance overhead due to row-level locking, it prevents silent data corruption and ensures job progress accuracy.Release notes (bug fix): change job selection query to a SELECT FOR UPDATE statementin Updater.update(), ensuring that concurrent transactions serialize access to job records. While this introduces some performance overhead due to row-level locking, it prevents silent data corruption and ensures job progress accuracy.