Page MenuHomePhabricator
Create Task
Maniphest T328043

Wikimedia\Rdbms\DBUnexpectedError: Cannot execute Wikimedia\Rdbms\Database::selectDomain critical section while session state is out of sync.
Closed, ResolvedPublicPRODUCTION ERROR
Actions

Description

Error
normalized_message
[{reqId}] {exception_url}   Wikimedia\Rdbms\DBUnexpectedError: Cannot execute Wikimedia\Rdbms\Database::selectDomain critical section while session state is out of sync.

A critical section from Wikimedia\Rdbms\Database::executeQuery has failed
#0 /srv/me
exception.trace
from /srv/mediawiki/php-1.40.0-wmf.19/includes/libs/rdbms/database/Database.php(3390)
#0 /srv/mediawiki/php-1.40.0-wmf.19/includes/libs/rdbms/database/Database.php(1779): Wikimedia\Rdbms\Database->commenceCriticalSection(string)
#1 /srv/mediawiki/php-1.40.0-wmf.19/includes/libs/rdbms/loadbalancer/LoadBalancer.php(1077): Wikimedia\Rdbms\Database->selectDomain(Wikimedia\Rdbms\DatabaseDomain)
#2 /srv/mediawiki/php-1.40.0-wmf.19/includes/libs/rdbms/loadbalancer/LoadBalancer.php(935): Wikimedia\Rdbms\LoadBalancer->reuseOrOpenConnectionForNewRef(integer, Wikimedia\Rdbms\DatabaseDomain, integer)
#3 /srv/mediawiki/php-1.40.0-wmf.19/includes/libs/rdbms/loadbalancer/LoadBalancer.php(912): Wikimedia\Rdbms\LoadBalancer->getServerConnection(integer, string, integer)
#4 /srv/mediawiki/php-1.40.0-wmf.19/includes/libs/rdbms/database/DBConnRef.php(103): Wikimedia\Rdbms\LoadBalancer->getConnectionInternal(integer, array, string, integer)
#5 /srv/mediawiki/php-1.40.0-wmf.19/includes/libs/rdbms/database/DBConnRef.php(117): Wikimedia\Rdbms\DBConnRef->ensureConnection()
#6 /srv/mediawiki/php-1.40.0-wmf.19/includes/libs/rdbms/database/DBConnRef.php(698): Wikimedia\Rdbms\DBConnRef->__call(string, array)
#7 /srv/mediawiki/php-1.40.0-wmf.19/includes/Revision/RevisionStore.php(2699): Wikimedia\Rdbms\DBConnRef->timestamp(string)
#8 /srv/mediawiki/php-1.40.0-wmf.19/includes/Revision/RevisionStore.php(2732): MediaWiki\Revision\RevisionStore->getRelativeRevision(MediaWiki\Revision\RevisionStoreRecord, integer, string)
#9 /srv/mediawiki/php-1.40.0-wmf.19/extensions/Echo/includes/DiscussionParser.php(34): MediaWiki\Revision\RevisionStore->getPreviousRevision(MediaWiki\Revision\RevisionStoreRecord)
#10 /srv/mediawiki/php-1.40.0-wmf.19/extensions/Echo/includes/Hooks.php(659): EchoDiscussionParser::generateEventsForRevision(MediaWiki\Revision\RevisionStoreRecord, boolean)
#11 /srv/mediawiki/php-1.40.0-wmf.19/includes/deferred/MWCallableUpdate.php(38): MediaWiki\Extension\Notifications\Hooks::MediaWiki\Extension\Notifications\{closure}()
#12 /srv/mediawiki/php-1.40.0-wmf.19/includes/deferred/DeferredUpdates.php(473): MWCallableUpdate->doUpdate()
#13 /srv/mediawiki/php-1.40.0-wmf.19/includes/deferred/DeferredUpdates.php(398): DeferredUpdates::attemptUpdate(MWCallableUpdate, Wikimedia\Rdbms\LBFactoryMulti)
#14 /srv/mediawiki/php-1.40.0-wmf.19/includes/deferred/DeferredUpdates.php(213): DeferredUpdates::run(MWCallableUpdate, Wikimedia\Rdbms\LBFactoryMulti, Monolog\Logger, BufferingStatsdDataFactory, MediaWiki\JobQueue\JobQueueGroupFactory, string)
#15 /srv/mediawiki/php-1.40.0-wmf.19/includes/deferred/DeferredUpdatesScope.php(267): DeferredUpdates::{closure}(MWCallableUpdate, integer)
#16 /srv/mediawiki/php-1.40.0-wmf.19/includes/deferred/DeferredUpdatesScope.php(196): DeferredUpdatesScope->processStageQueue(integer, integer, Closure)
#17 /srv/mediawiki/php-1.40.0-wmf.19/includes/deferred/DeferredUpdates.php(234): DeferredUpdatesScope->processUpdates(integer, Closure)
#18 /srv/mediawiki/php-1.40.0-wmf.19/includes/MediaWiki.php(1115): DeferredUpdates::doUpdates()
#19 /srv/mediawiki/php-1.40.0-wmf.19/includes/MediaWiki.php(846): MediaWiki->restInPeace()
#20 /srv/mediawiki/php-1.40.0-wmf.19/api.php(125): MediaWiki->doPostOutputShutdown()
#21 /srv/mediawiki/php-1.40.0-wmf.19/api.php(45): wfApiMain()
#22 /srv/mediawiki/w/api.php(3): require(string)
#23 {main}
Impact

Unclear.

Notes

~160 of these in the last 2 weeks, seems to have increased somewhat in 1.40.0-wmf.19, although that may be coincidental.

Details

Request URL
https://en.wikipedia.org/w/api.php
SubjectRepoBranchLines +/-
rdbms: make Database::flushSession() handle critical section errorsmediawiki/coremaster+83 -14
Customize query in gerrit

Related Objects

Event Timeline

brennen created this task.Jan 26 2023, 4:42 PM
Restricted Application added a project: Performance-Team. · View Herald TranscriptJan 26 2023, 4:42 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
brennen renamed this task from Wikimedia\Rdbms\DBUnexpectedError: Cannot execute Wikimedia\Rdbms\Database::selectDomain critical section while session state is out of sync.A critical section from Wikimedia\Rdbms\Database::executeQuery has failed to Wikimedia\Rdbms\DBUnexpectedError: Cannot execute Wikimedia\Rdbms\Database::selectDomain critical section while session state is out of sync..Jan 26 2023, 4:42 PM
brennen moved this task from Untriaged to Jan 2023 on the Wikimedia-production-error board.Jan 26 2023, 4:57 PM
Krinkle triaged this task as High priority.Jan 30 2023, 7:44 PM
Krinkle moved this task from Untriaged to Rdbms library on the MediaWiki-libs-Rdbms board.Jan 30 2023, 7:55 PM
larissagaulia assigned this task to aaron.Jan 30 2023, 7:56 PM
larissagaulia moved this task from Inbox, needs triage to Doing: Prio Interrupt on the Performance-Team board.
aaron added a comment.Jan 31 2023, 7:50 PM

I don't see a problem with selectDomain() itself. It looks like a query in EchoUserLocator::locateArticleCreator was really slow and triggered an excimer timeout.

This happened within DeferredUpdates, which tries to catch errors and move on to other updates, which included more database updates. TimeoutExceptions should probably make DeferredUpdates abort the remaining updates so things can shutdown. The main point of the excimer timeouts is to limit run time, give a chance to log, and maybe give a clean error to the client. Catching/ignoring them undermines some of that and runs the risk of hitting uglier fpm/apache timeouts.

Krinkle subscribed.Feb 1 2023, 1:21 AM
In T328043#8576032, @aaron wrote:

I don't see a problem with selectDomain() itself. It looks like a query in EchoUserLocator::locateArticleCreator was really slow and triggered an excimer timeout.

This happened within DeferredUpdates, which tries to catch errors and move on to other updates, […]. The main point of the excimer timeouts is to limit run time, give a chance to log, and maybe give a clean error to the client. Catching/ignoring them undermines some of that and runs the risk of hitting uglier fpm/apache timeouts.

I think if the main response portion, pre-send update, or earlier post-send update times out, we should still let try to let other updates run, especially ones that might run hooks and/or queue jobs. However, I could be convinced otherwise if that's the only benefit left.

As it stands though, I lean toward not changing it because it seems orthogonal to the observed problem.

  • Even if we stop forego most updates after a timeout in the main portion, there may still be a trivial Rdbms query triggered by the skin or as part of processing a late hook or Job creation that needs some basic data for its parameters. This data is typically cachable in Memcached, but can just as well cache-miss.
  • The problem here seems first and foremost that the Rdbms object is corrupting its state and thus not fulfilling its contract. As part of a related production error task we developed (not insignificant) complexity in the form of RequestTimeout and critical sections, to prevent this. Do we want to make that actually work or should we consider removing that if it isn't working? If remove it, how do we mitigate the production error?
aaron added a comment.EditedFeb 2 2023, 3:28 AM

The advantage of excimer timers is that they can happen at anytime in PHP code. It's tricky to avoid corrupting the state of objects though. We really should just be cleaning up and shutting down. If we want to handle it more gracefully in Database, one could:

  • Rely on the fact that Zend C wrapper methods do not get preempted by excimer. DatabaseMysli::doSingleStatementQuery could catch the error, stage it, and have it rethrown (this gets more complicated with nested critical sections and/or when a section include several queries). It seems too messy.
  • DeferredUpdates could use some LBFactory method to discard all DB connections when a timeout exceptions are caught.
  • MWExceptionHandler::rollbackPrimaryChanges could discard such DB connections.

It could also help to:

  • set max_statement_time on the session level (different for web vs job vs cli).
  • set MYSQLI_OPT_READ_TIMEOUT for regular DB connections (different for web vs job vs cli). This would match the idea in CommonSettings.php for $wgHTTPMaxTimeout /$wgHTTPMaxConnectTimeout and $wgRequestTimeLimit;
Krinkle added a comment.Feb 13 2023, 8:05 PM

MWExceptionHandler::rollbackPrimaryChanges could discard such DB connections.

Per todays triage meeting, let's go with this one.

Krinkle mentioned this in T277150: Cannot execute query from CategoryMembershipChangeJob::run while transaction status is ERROR.Feb 13 2023, 8:18 PM
aaron closed this task as a duplicate of T277150: Cannot execute query from CategoryMembershipChangeJob::run while transaction status is ERROR.Feb 13 2023, 8:19 PM
aaron reopened this task as Open.Apr 5 2023, 4:18 AM

This turns out to be a separate issue.

gerritbot added a comment.Apr 6 2023, 6:26 AM

Change 906451 had a related patch set uploaded (by Aaron Schulz; author: Aaron Schulz):

[mediawiki/core@master] rdbms: make Database::flushSession() handle critical section errors

https://gerrit.wikimedia.org/r/906451

gerritbot added a project: Patch-For-Review.Apr 6 2023, 6:26 AM
gerritbot added a comment.Apr 20 2023, 6:26 PM

Change 906451 merged by jenkins-bot:

[mediawiki/core@master] rdbms: make Database::flushSession() handle critical section errors

https://gerrit.wikimedia.org/r/906451

Maintenance_bot removed a project: Patch-For-Review.Apr 20 2023, 6:29 PM
Krinkle closed this task as Resolved.May 1 2023, 6:38 PM
Krinkle removed a project: Platform Engineering.
ReleaseTaggerBot added a project: MW-1.41-notes (1.41.0-wmf.9; 2023-05-15).May 15 2023, 5:01 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL