Skip to content

KAFKA-19831: Improved error handling in DefaultStateUpdater. #20767

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 11 commits into from
Nov 21, 2025
+377 −46
Merged

KAFKA-19831: Improved error handling in DefaultStateUpdater. #20767

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
d549788
KAFKA-19831: Improved error handling in DefaultStateUpdater.
Nikita-Shupletsov Oct 24, 2025
80d297f
Apply suggestion from @mjsax
Nikita-Shupletsov Nov 6, 2025
cf9cf54
Merge branch 'apache:trunk' into KAFKA-19831
Nikita-Shupletsov Nov 6, 2025
f98c083
Merge branch 'trunk' into KAFKA-19831
Nikita-Shupletsov Nov 7, 2025
e6de6cd
Added comments to the test to make it easier to understand what's bei…
Nikita-Shupletsov Nov 7, 2025
bc1737c
Replaced waitForCondition with a CountDownLatch.
Nikita-Shupletsov Nov 13, 2025
d12909c
Reduced the timeouts for state updater and schedulng task manager sho…
Nikita-Shupletsov Nov 14, 2025
4b2e602
Update streams/src/main/java/org/apache/kafka/streams/processor/inter…
Nikita-Shupletsov Nov 19, 2025
f4b27e8
Spottless fix.
Nikita-Shupletsov Nov 20, 2025
cba1d2b
Merge branch 'apache:trunk' into KAFKA-19831
Nikita-Shupletsov Nov 21, 2025
74aa075
Fixed tests.
Nikita-Shupletsov Nov 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
154 changes: 154 additions & 0 deletions ...rc/test/java/org/apache/kafka/streams/integration/StateUpdaterFailureIntegrationTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,154 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.kafka.streams.integration;

import org.apache.kafka.clients.consumer.ConsumerConfig;
import org.apache.kafka.common.serialization.Serdes;
import org.apache.kafka.common.utils.MockTime;
import org.apache.kafka.streams.KafkaStreams;
import org.apache.kafka.streams.StreamsConfig;
import org.apache.kafka.streams.TopologyWrapper;
import org.apache.kafka.streams.errors.ProcessorStateException;
import org.apache.kafka.streams.integration.utils.EmbeddedKafkaCluster;
import org.apache.kafka.streams.processor.StateStore;
import org.apache.kafka.streams.processor.StateStoreContext;
import org.apache.kafka.streams.state.KeyValueStore;
import org.apache.kafka.streams.state.StoreBuilder;
import org.apache.kafka.streams.state.internals.AbstractStoreBuilder;
import org.apache.kafka.test.MockApiProcessorSupplier;
import org.apache.kafka.test.MockKeyValueStore;
import org.apache.kafka.test.TestUtils;

import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestInfo;

import java.io.IOException;
import java.time.Duration;
import java.util.Properties;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.atomic.AtomicInteger;

import static org.apache.kafka.streams.utils.TestUtils.safeUniqueTestName;
import static org.junit.jupiter.api.Assertions.assertTrue;

public class StateUpdaterFailureIntegrationTest {

private static final int NUM_BROKERS = 1;
protected static final String INPUT_TOPIC_NAME = "input-topic";
private static final int NUM_PARTITIONS = 6;

private final EmbeddedKafkaCluster cluster = new EmbeddedKafkaCluster(NUM_BROKERS);

private Properties streamsConfiguration;
private final MockTime mockTime = cluster.time;
private KafkaStreams streams;

@BeforeEach
public void before(final TestInfo testInfo) throws InterruptedException, IOException {
cluster.start();
cluster.createTopic(INPUT_TOPIC_NAME, NUM_PARTITIONS, 1);
streamsConfiguration = new Properties();
final String safeTestName = safeUniqueTestName(testInfo);
streamsConfiguration.put(StreamsConfig.APPLICATION_ID_CONFIG, "app-" + safeTestName);
streamsConfiguration.put(StreamsConfig.BOOTSTRAP_SERVERS_CONFIG, cluster.bootstrapServers());
streamsConfiguration.put(ConsumerConfig.AUTO_OFFSET_RESET_CONFIG, "earliest");
streamsConfiguration.put(StreamsConfig.STATE_DIR_CONFIG, TestUtils.tempDirectory().getPath());
streamsConfiguration.put(StreamsConfig.STATESTORE_CACHE_MAX_BYTES_CONFIG, 0);
streamsConfiguration.put(StreamsConfig.COMMIT_INTERVAL_MS_CONFIG, 100L);
streamsConfiguration.put(StreamsConfig.DEFAULT_KEY_SERDE_CLASS_CONFIG, Serdes.IntegerSerde.class);
streamsConfiguration.put(StreamsConfig.DEFAULT_VALUE_SERDE_CLASS_CONFIG, Serdes.StringSerde.class);
streamsConfiguration.put(StreamsConfig.NUM_STREAM_THREADS_CONFIG, 2);

}

@AfterEach
public void after() {
cluster.stop();
if (streams != null) {
streams.close(Duration.ofSeconds(30));
}
}

/**
* The conditions that we need to meet:
* <p><ul>
* <li>We have an unhandled task in {@link org.apache.kafka.streams.processor.internals.DefaultStateUpdater}</li>
* <li>StreamThread is not running, so {@link org.apache.kafka.streams.processor.internals.TaskManager#handleExceptionsFromStateUpdater} is not called anymore</li>
* <li>The task throws exception in {@link org.apache.kafka.streams.processor.internals.Task#maybeCheckpoint(boolean)} while being processed by {@code DefaultStateUpdater}</li>
* <li>{@link org.apache.kafka.streams.processor.internals.TaskManager#shutdownStateUpdater} tries to clean up all tasks that are left in the {@code DefaultStateUpdater}</li>
* </ul><p>
* If all conditions are met, {@code TaskManager} needs to be able to handle the failed task from the {@code DefaultStateUpdater} correctly and not hang.
*/
@Test
public void correctlyHandleFlushErrorsDuringRebalance() throws Exception {
final AtomicInteger numberOfStoreInits = new AtomicInteger();
final CountDownLatch pendingShutdownLatch = new CountDownLatch(1);

final StoreBuilder<KeyValueStore<Object, Object>> storeBuilder = new AbstractStoreBuilder<>("testStateStore", Serdes.Integer(), Serdes.ByteArray(), new MockTime()) {

@Override
public KeyValueStore<Object, Object> build() {
return new MockKeyValueStore(name, false) {

@Override
public void init(final StateStoreContext stateStoreContext, final StateStore root) {
super.init(stateStoreContext, root);
numberOfStoreInits.incrementAndGet();
}

@Override
public void flush() {
// we want to throw the ProcessorStateException here only when the rebalance finished(we reassigned the 3 tasks from the removed thread to the existing thread)
// we use waitForCondition to wait until the current state is PENDING_SHUTDOWN to make sure the Stream Thread will not handle the exception and we can get to in TaskManager#shutdownStateUpdater
if (numberOfStoreInits.get() == 9) {
try {
pendingShutdownLatch.await();
} catch (final InterruptedException e) {
throw new RuntimeException(e);
}
throw new ProcessorStateException("flush");
}
}
};
}
};

final TopologyWrapper topology = new TopologyWrapper();
topology.addSource("ingest", INPUT_TOPIC_NAME);
topology.addProcessor("my-processor", new MockApiProcessorSupplier<>(), "ingest");
topology.addStateStore(storeBuilder, "my-processor");

streams = new KafkaStreams(topology, streamsConfiguration);
streams.setStateListener((newState, oldState) -> {
if (newState == KafkaStreams.State.PENDING_SHUTDOWN) {
pendingShutdownLatch.countDown();
}
});
streams.start();

TestUtils.waitForCondition(() -> streams.state() == KafkaStreams.State.RUNNING, "Streams never reached RUNNING state");

streams.removeStreamThread();

// Before shutting down, we want the tasks to be reassigned
TestUtils.waitForCondition(() -> numberOfStoreInits.get() == 9, "Streams never reinitialized the store enough times");

assertTrue(streams.close(Duration.ofSeconds(60)));
}
}
58 changes: 37 additions & 21 deletions streams/src/main/java/org/apache/kafka/streams/processor/internals/DefaultStateUpdater.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -345,23 +345,26 @@ private void handleTaskCorruptedException(final TaskCorruptedException taskCorru
// TODO: we can let the exception encode the actual corrupted changelog partitions and only
// mark those instead of marking all changelogs
private void removeCheckpointForCorruptedTask(final Task task) {
task.markChangelogAsCorrupted(task.changelogPartitions());
try {
task.markChangelogAsCorrupted(task.changelogPartitions());

// we need to enforce a checkpoint that removes the corrupted partitions
measureCheckpointLatency(() -> task.maybeCheckpoint(true));
// we need to enforce a checkpoint that removes the corrupted partitions
measureCheckpointLatency(() -> task.maybeCheckpoint(true));
} catch (final StreamsException swallow) {
log.warn("Checkpoint failed for corrupted task {}", task.id(), swallow);
}
}

private void handleStreamsException(final StreamsException streamsException) {
log.info("Encountered streams exception: ", streamsException);
if (streamsException.taskId().isPresent()) {
handleStreamsExceptionWithTask(streamsException);
handleStreamsExceptionWithTask(streamsException, streamsException.taskId().get());
} else {
handleStreamsExceptionWithoutTask(streamsException);
}
}

private void handleStreamsExceptionWithTask(final StreamsException streamsException) {
final TaskId failedTaskId = streamsException.taskId().get();
private void handleStreamsExceptionWithTask(final StreamsException streamsException, final TaskId failedTaskId) {
if (updatingTasks.containsKey(failedTaskId)) {
addToExceptionsAndFailedTasksThenRemoveFromUpdatingTasks(
new ExceptionAndTask(streamsException, updatingTasks.get(failedTaskId))
Expand Down Expand Up @@ -514,7 +517,7 @@ private void removeTask(final TaskId taskId, final CompletableFuture<RemovedTask
+ " own this task.", taskId);
}
} catch (final StreamsException streamsException) {
handleStreamsException(streamsException);
handleStreamsExceptionWithTask(streamsException, taskId);
future.completeExceptionally(streamsException);
} catch (final RuntimeException runtimeException) {
handleRuntimeException(runtimeException);
Expand Down Expand Up @@ -606,14 +609,19 @@ private boolean removeFailedTask(final TaskId taskId, final CompletableFuture<Re
private void pauseTask(final Task task) {
final TaskId taskId = task.id();
// do not need to unregister changelog partitions for paused tasks
measureCheckpointLatency(() -> task.maybeCheckpoint(true));
pausedTasks.put(taskId, task);
updatingTasks.remove(taskId);
if (task.isActive()) {
transitToUpdateStandbysIfOnlyStandbysLeft();
try {
measureCheckpointLatency(() -> task.maybeCheckpoint(true));
pausedTasks.put(taskId, task);
updatingTasks.remove(taskId);
if (task.isActive()) {
transitToUpdateStandbysIfOnlyStandbysLeft();
}
log.info((task.isActive() ? "Active" : "Standby")
+ " task " + task.id() + " was paused from the updating tasks and added to the paused tasks.");

} catch (final StreamsException streamsException) {
Copy link
Member

@mjsax mjsax Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems we are adding a similar try-catch on multiple places. Should we instead add a new catch block to run() method to have it in a single place (and also avoid that this PR might miss some place where it should get added otherwise, too)?

Copy link
Contributor Author

@Nikita-Shupletsov Nikita-Shupletsov Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the idea was to handle one task at a time instead of failing all of them together. so if we have 3 tasks, one fails but the other 2 succeed, we will have only one failed task instead of all 3.
similarly to https://github.com/apache/kafka/blob/trunk/streams/src/main/java/org/apache/kafka/streams/processor/internals/DefaultStateUpdater.java#L363 and https://github.com/apache/kafka/blob/trunk/streams/src/main/java/org/apache/kafka/streams/processor/internals/DefaultStateUpdater.java#L516

Copy link
Member

@mjsax mjsax Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see. Hard to read on the PR, as there is no loop here...

But I am not even sure why we would want to fail a task if we cannot checkpoint for this case? We only pause a task, and it seems to be non-fatal if we fail to checkpoint? Wondering if we should swallow the exception entirely and just keep the task w/o the need to move it into error state and hand back to StreamsThreads?

\cc @lucasbru

Copy link
Member

@lucasbru lucasbru Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, the comment of maybeCheckpoint mentions this:

     * @throws TaskMigratedException recoverable error sending changelog records that would cause the task to be removed
     * @throws StreamsException fatal error when flushing the state store, for example sending changelog records failed
     *                          or flushing state store get IO errors; such error should cause the thread to die

That would actually indicate that we have to treat streams exception fatally here. But I haven't yet tracked down where they come from and if they can happen in the state updater. Maybe that comment should be made more precise? But going by the commen, we actually need to fail here.

Copy link
Contributor Author

@Nikita-Shupletsov Nikita-Shupletsov Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But I haven't yet tracked down where they come from and if they can happen in the state updater

the problem I am trying to address by this PR is pretty much that maybeCheckpoint threw an exception when was called by the state updater. Which caused the state updater thread to die and the stream thread shutdown to hang.
even though it happened during maybeCheckpointTasks not during pauseTasks, but it may as well.

maybeCheckpoint threw an exception because the RockDB failed to flush(I assume due to some issues with the file system)

Copy link
Contributor Author

@Nikita-Shupletsov Nikita-Shupletsov Nov 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where does the TaskMigratedException come from. Can it happen, or should be update the javadoc?

I wasn't able to find a way to receive TaskMigratedException frommaybeCheckpoint, as maybeCheckpoint doesn't really try to produce any messages. however, as it's a child of StreamsException it's possible that a custom implementation of a store may throw one(although I can't think of a reason).

Why does the comment indicate that the thread should die on an I/O error?

it's the default behavior: https://github.com/apache/kafka/blob/trunk/streams/src/main/java/org/apache/kafka/streams/processor/internals/TaskManager.java#L453, it's not unique for maybeCheckpoint

Copy link
Member

@mjsax mjsax Nov 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for reading the JavaDoc comments Lucas. This makes it pretty clear. sending changelog records failed is fatal as it would be data loss, and we cannot proceed. It make sense after the fact -- before we can write the local checkpoint file, we need to flush the producer (missed this point originally).

Why does the comment indicate that the thread should die on an I/O error

For such critical errors, we don't want to have any built-in recovery mechanism (design decision), but let the user opt into auto-recovery via the uncaught exception handler.

As we flush pending producer writes, a TaskMigratedException can originate from this flush. We should still handle this one gracefully, and not let the thread die.

Copy link
Member

@lucasbru lucasbru Nov 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wait, you are saying a StreamsException which is not TaskMigrationException should cause a fatal error, no? Because this is not what the PR is doing now.

Copy link
Contributor Author

@Nikita-Shupletsov Nikita-Shupletsov Nov 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the comment by the thread means the streams thread, not the state updater thread.
because the code I shared above does pretty much that - if we get a StreamsException, we shut down the streams thread

Copy link
Member

@lucasbru lucasbru Nov 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh! Sorry. My fault. You are right, I misremembered what we are doing with the expections downstream. All good!

handleStreamsExceptionWithTask(streamsException, taskId);
}
log.info((task.isActive() ? "Active" : "Standby")
+ " task " + task.id() + " was paused from the updating tasks and added to the paused tasks.");
}

private void resumeTask(final Task task) {
Expand All @@ -640,11 +648,15 @@ private void maybeCompleteRestoration(final StreamTask task,
final Set<TopicPartition> restoredChangelogs) {
final Collection<TopicPartition> changelogPartitions = task.changelogPartitions();
if (restoredChangelogs.containsAll(changelogPartitions)) {
measureCheckpointLatency(() -> task.maybeCheckpoint(true));
changelogReader.unregister(changelogPartitions);
addToRestoredTasks(task);
log.info("Stateful active task " + task.id() + " completed restoration");
transitToUpdateStandbysIfOnlyStandbysLeft();
try {
measureCheckpointLatency(() -> task.maybeCheckpoint(true));
changelogReader.unregister(changelogPartitions);
addToRestoredTasks(task);
log.info("Stateful active task " + task.id() + " completed restoration");
transitToUpdateStandbysIfOnlyStandbysLeft();
} catch (final StreamsException streamsException) {
handleStreamsExceptionWithTask(streamsException, task.id());
}
}
}

Expand Down Expand Up @@ -676,8 +688,12 @@ private void maybeCheckpointTasks(final long now) {

measureCheckpointLatency(() -> {
for (final Task task : updatingTasks.values()) {
// do not enforce checkpointing during restoration if its position has not advanced much
task.maybeCheckpoint(false);
try {
// do not enforce checkpointing during restoration if its position has not advanced much
task.maybeCheckpoint(false);
} catch (final StreamsException streamsException) {
handleStreamsExceptionWithTask(streamsException, task.id());
}
}
});

Expand Down
24 changes: 21 additions & 3 deletions streams/src/main/java/org/apache/kafka/streams/processor/internals/TaskManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@
import java.util.TreeSet;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import java.util.stream.Collectors;
import java.util.stream.Stream;
Expand Down Expand Up @@ -772,7 +773,7 @@ private StateUpdater.RemovedTaskResult waitForFuture(final TaskId taskId,
final CompletableFuture<StateUpdater.RemovedTaskResult> future) {
final StateUpdater.RemovedTaskResult removedTaskResult;
try {
removedTaskResult = future.get();
removedTaskResult = future.get(5, TimeUnit.MINUTES);
if (removedTaskResult == null) {
throw new IllegalStateException("Task " + taskId + " was not found in the state updater. "
+ BUG_ERROR_MESSAGE);
Expand All @@ -787,6 +788,10 @@ private StateUpdater.RemovedTaskResult waitForFuture(final TaskId taskId,
Thread.currentThread().interrupt();
log.error(INTERRUPTED_ERROR_MESSAGE, shouldNotHappen);
throw new IllegalStateException(INTERRUPTED_ERROR_MESSAGE, shouldNotHappen);
} catch (final java.util.concurrent.TimeoutException timeoutException) {
log.warn("The state updater wasn't able to remove task {} in time. The state updater thread may be dead. "
+ BUG_ERROR_MESSAGE, taskId, timeoutException);
return null;
}
}

Expand Down Expand Up @@ -1576,6 +1581,12 @@ void shutdown(final boolean clean) {

private void shutdownStateUpdater() {
if (stateUpdater != null) {
// If there are failed tasks handling them first
for (final StateUpdater.ExceptionAndTask exceptionAndTask : stateUpdater.drainExceptionsAndFailedTasks()) {
final Task failedTask = exceptionAndTask.task();
closeTaskDirty(failedTask, false);
}

final Map<TaskId, CompletableFuture<StateUpdater.RemovedTaskResult>> futures = new LinkedHashMap<>();
for (final Task task : stateUpdater.tasks()) {
final CompletableFuture<StateUpdater.RemovedTaskResult> future = stateUpdater.remove(task.id());
Expand All @@ -1584,24 +1595,31 @@ private void shutdownStateUpdater() {
final Set<Task> tasksToCloseClean = new HashSet<>();
final Set<Task> tasksToCloseDirty = new HashSet<>();
addToTasksToClose(futures, tasksToCloseClean, tasksToCloseDirty);
stateUpdater.shutdown(Duration.ofMillis(Long.MAX_VALUE));
// at this point we removed all tasks, so the shutdown should not take a lot of time
stateUpdater.shutdown(Duration.ofMinutes(1L));

for (final Task task : tasksToCloseClean) {
tasks.addTask(task);
}
for (final Task task : tasksToCloseDirty) {
closeTaskDirty(task, false);
}
// Handling all failures that occurred during the remove process
for (final StateUpdater.ExceptionAndTask exceptionAndTask : stateUpdater.drainExceptionsAndFailedTasks()) {
final Task failedTask = exceptionAndTask.task();
closeTaskDirty(failedTask, false);
}

// If there is anything left unhandled due to timeouts, handling now
for (final Task task : stateUpdater.tasks()) {
closeTaskDirty(task, false);
}
}
}

private void shutdownSchedulingTaskManager() {
if (schedulingTaskManager != null) {
schedulingTaskManager.shutdown(Duration.ofMillis(Long.MAX_VALUE));
schedulingTaskManager.shutdown(Duration.ofMinutes(5L));
}
}

Expand Down
Loading