Page MenuHomePhabricator
Create Task
Maniphest T36156

SiteStatsInit::refresh() triggered inappropriately, caused downtime
Closed, ResolvedPublic
Actions

Description

On pl.wikipedia.org from 05:58:45 onwards, SiteStatsInit::refresh() began to be called several times per second. It's not known at this stage why SiteStats::isSane() returned false.

The binlog shows that the refresh() queries were often executed in autocommit mode, meaning that the DELETE query was committed before the INSERT query began. This would have caused isSane() to return false until the new row insert was committed, leading to a flood of attempted refreshes.

Eventually, a flood of SELECT COUNT(*) queries at around 07:10 caused an overload on all s2 slaves, leading to an overload of the apache pool and site-wide downtime. SiteStatsInit was disabled and all related queries were killed. When the dust settled, the site_stats row was missing, and had to be recovered from binlogs.

I suggest removing the isSane() checks from loadAndLazyInit(), and doing a refresh only from maintenance scripts or web-based upgrade. SiteStats::load() should be able to tolerate a missing site_stats row, and the accessor functions should return false without giving a PHP warning. Additionally, the refresh should be done with REPLACE instead of DELETE and INSERT.

Version: 1.18.x
Severity: normal

Details

Reference
bz34156

Related Objects

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 12:17 AM
bzimport added a project: MediaWiki-libs-Rdbms.
bzimport set Reference to bz34156.
bzimport added a subscriber: Unknown Object (MLST).
tstarling created this task.Feb 2 2012, 11:06 AM
demon unsubscribed.Mar 10 2017, 11:03 PM
Krinkle added projects: Wikimedia-Incident, Performance-Team.Jun 27 2019, 9:17 PM
Krinkle moved this task from Untriaged to Usage problem on the MediaWiki-libs-Rdbms board.
Krinkle removed a subscriber: wikibugs-l-list.
Krinkle subscribed.Jun 27 2019, 10:13 PM

Brief history since 2012:

2012:

2014:

2015:

This effectively disabled use of isSane() for WMF, as suggested by Tim in this task.

2016:

2017:

2018:

Krinkle moved this task from Active investigation to Follow-up prevention on the Wikimedia-Incident board.Jun 27 2019, 10:14 PM
Krinkle added a project: Platform Engineering.

I'm not very familiar with the code myself, but would expect that after all this, the original issue not be possible anymore. But CC-ing Tim to validate just in case :)

Krinkle mentioned this in T201395: SiteStatsInit::doPlaceholderInit() fails when running phpunit with --reuse-db and --use-normal-tables.Jun 27 2019, 10:15 PM
kchapman moved this task from Inbox, needs triage to Radar on the Performance-Team board.Jul 1 2019, 7:58 PM
kchapman edited projects, added Performance-Team (Radar); removed Performance-Team.
Krinkle moved this task from Limbo to Watching on the Performance-Team (Radar) board.Jul 1 2019, 8:01 PM
aaron closed this task as Resolved.Jul 1 2019, 8:27 PM
aaron claimed this task.
aaron subscribed.

The current code will never trigger this path if $wgMiserMode is set, which it is on production.

Krinkle edited projects, added Sustainability (Incident Followup); removed Wikimedia-Incident.Apr 28 2020, 9:50 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL