Fix stale reference in loadAllPushes() causing stuck push after controller restart#2701
Open
haoxu07 wants to merge 2 commits intolinkedin:mainfrom
Open
Fix stale reference in loadAllPushes() causing stuck push after controller restart#2701haoxu07 wants to merge 2 commits intolinkedin:mainfrom
haoxu07 wants to merge 2 commits intolinkedin:mainfrom
Conversation
END_OF_PUSH_RECEIVED after controller restart
During controller STANDBY→LEADER transition, loadAllPushes() bulk-loads
OfflinePushStatus objects from ZK (snapshot T1), then for each push:
1. Registers ZK watchers for partition status changes
2. Calls updateOfflinePush() which reads fresh data from ZK (snapshot T2)
and replaces the entry in topicToPushMap
3. Calls checkPushStatus() with the **stale** loop variable (T1), not the
refreshed object from topicToPushMap (T2)
If replicas complete between T1 and T2, the stale object has incomplete
partition statuses. checkPushStatus() returns non-terminal, and since no
ZK watcher callbacks fire for already-completed partitions, the push is
stuck at END_OF_PUSH_RECEIVED permanently. This blocks all future batch
pushes for the store ("future version X exists").
Fix: After updateOfflinePush(), re-read the object from topicToPushMap
so checkPushStatus() evaluates the latest partition data from ZK.
Added LoadAllPushesStaleReferenceTest to reproduce the race condition.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Fixes a controller failover race in AbstractPushMonitor.loadAllPushes() where checkPushStatus() could evaluate a stale OfflinePushStatus instance (loaded before watcher registration) instead of the refreshed object after updateOfflinePush(), leaving batch pushes stuck at END_OF_PUSH_RECEIVED after restart.
Changes:
- Refresh the
offlinePushStatusloop variable fromtopicToPushMapimmediately afterupdateOfflinePush()so subsequent status evaluation uses the latest ZK snapshot. - Add
LoadAllPushesStaleReferenceTestto reproduce the stale-reference scenario and verify the push transitions toCOMPLETED.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
services/venice-controller/src/main/java/com/linkedin/venice/pushmonitor/AbstractPushMonitor.java |
Re-reads the refreshed OfflinePushStatus from topicToPushMap after updateOfflinePush() to avoid using stale partition status data. |
services/venice-controller/src/test/java/com/linkedin/venice/pushmonitor/LoadAllPushesStaleReferenceTest.java |
Adds a regression test that simulates stale (T1) vs refreshed (T2) snapshots around watcher subscription and verifies completion + version swap. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
...ontroller/src/test/java/com/linkedin/venice/pushmonitor/LoadAllPushesStaleReferenceTest.java
Outdated
Show resolved
Hide resolved
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
AbstractPushMonitor.loadAllPushes()wherecheckPushStatus()uses a stale loop variable instead of the refreshed object fromtopicToPushMap, causing batch pushes to get permanently stuck atEND_OF_PUSH_RECEIVEDafter a controller restart.LoadAllPushesStaleReferenceTestto reproduce and verify the fix.Problem
During controller STANDBY→LEADER transition,
loadAllPushes():OfflinePushStatuswith partition statuses from ZK (snapshot T1)updateOfflinePush()reads fresh data from ZK (snapshot T2) — all replicas now COMPLETED — and replaces the entry intopicToPushMapcheckPushStatus()is called with the stale loop variable (T1), not the refreshed object (T2)If replicas complete between T1 and T2, the stale object has incomplete partition statuses. Since no ZK watcher callbacks fire for already-completed partitions (their final write happened before watcher registration), the push is stuck at
END_OF_PUSH_RECEIVEDpermanently, blocking all future batch pushes for the store.Evidence
Observed in EI on 2026-04-03:
heartbeat_inc_push_mt-0v2420 on mt-0: all 60 partitions × 3 replicas COMPLETED in ZK, but controller's in-memoryOfflinePushStatus.currentStatus = END_OF_PUSH_RECEIVED(confirmed via heap dump, ODP event 4075972)DeferredVersionSwapService: "Skipping store as parent version 2420 status is PARTIALLY_ONLINE"for 8+ hours--kill-jobto unblockFix
One-line change after
updateOfflinePush():This ensures
checkPushStatus()evaluates the latest partition data from ZK.Test plan
LoadAllPushesStaleReferenceTest.testLoadAllPushesStaleReferenceAfterUpdateOfflinePush— reproduces the race condition (fails without fix, passes with fix)AbstractPushMonitorTestinherited tests pass🤖 Generated with Claude Code