DB failover causes hard lockup but I want to fail reads/writes

[mcassaniti]

I am using PostgreSQL with Patroni and HA proxy so that traffic is directed to the primary node at all times. During a cluster fail-over I am getting errors like the one below. Unfortunately this causes a hard lock-up of the file system for any active reads or writes. I don't know how to have errors returned to the client in a case like this to abort the operation.

I know that mount.cifs has a hard and soft mount option. The soft option will "not hang when the server crashes and will return errors to the user application".

Note: localhost below is the HA proxy front-end address.

2025/06/04 09:15:09.218087 juicefs[3928] <ERROR>: error: FATAL: terminating connection due to administrator command (SQLSTATE 57P01)
goroutine 392440 [running]:
runtime/debug.Stack()
        runtime/debug/stack.go:26 +0x5e
github.com/juicedata/juicefs/pkg/meta.errno({0x55e606f696c0, 0xc000ece780})
        github.com/juicedata/juicefs/pkg/meta/utils.go:123 +0xad
github.com/juicedata/juicefs/pkg/meta.(*dbMeta).doRead(0xc0001a4100, {0x7fe6b59d0288?, 0xc000000000?}, 0x55011, 0x0)
        github.com/juicedata/juicefs/pkg/meta/sql.go:2265 +0x79
github.com/juicedata/juicefs/pkg/meta.(*baseMeta).Read(0xc000075908, {0x55e606fa7998, 0xc000d5bc00}, 0x55011, 0x0, 0xc0014e22b8)
        github.com/juicedata/juicefs/pkg/meta/base.go:1407 +0x29a
github.com/juicedata/juicefs/pkg/vfs.(*sliceReader).run(0xc0017c7080)
        github.com/juicedata/juicefs/pkg/vfs/reader.go:173 +0x186
created by github.com/juicedata/juicefs/pkg/vfs.(*fileReader).newSlice in goroutine 325267
        github.com/juicedata/juicefs/pkg/vfs/reader.go:327 +0x2a6 [utils.go:123]
2025/06/04 09:15:12.928007 juicefs[3928] <WARNING>: Read transaction succeeded after 7 tries (3.708595704s), last error: failed to connect to `host=localhost user=juicefs database=juicefs`: failed to receive me
ssage (unexpected EOF) [sql.go:864]

The process attempting a file read is stuck in disk sleep.

cat /proc/4148/status
Name:   image-update
Umask:  0022
State:  D (disk sleep)
Tgid:   4148
Ngid:   0
Pid:    4148
PPid:   4145
...

[jiefenghuang]

The current implementation attempts transactions 50 times, with this value hardcoded in sql.go. If necessary, you can modify it. Pull requests (PRs) are welcome to make this an optional configuration.

[jiefenghuang]

Could you please let me know which version you’re using? (The output of juicefs version). I attempted to replicate the issue through code mocking but couldn’t reproduce it. Could you try using the latest version instead? Also, does juicefs.log contain any additional logs?

[mcassaniti]

# juicefs --version
juicefs version 1.2.3+2025-01-22.4f2aba8f2e62

On another client I get errors like this. The output is a bit longer but you get the idea.

2025/06/04 09:16:30.553007 juicefs[3978] <ERROR>: Refresh session 299: FATAL: terminating connection due to administrator command (SQLSTATE 57P01) [base.go:454]
2025/06/04 09:16:33.906403 juicefs[3978] <WARNING>: checking counter lastCleanupSessions: ERROR: cannot execute SELECT FOR UPDATE in a read-only transaction (SQLSTATE 25006) [base.go:497]
2025/06/04 10:06:03.302389 juicefs[3978] <ERROR>: Refresh session 299: failed to connect to `host=localhost user=juicefs database=juicefs`: dial error (dial tcp 127.0.0.1:5432: connect: connection refused) [bas
e.go:454]
2025/06/04 10:06:15.248474 juicefs[3978] <WARNING>: checking counter lastCleanupFiles: failed to connect to `host=localhost user=juicefs database=juicefs`: dial error (dial tcp 127.0.0.1:5432: connect: connecti
on refused) [base.go:545]
2025/06/04 10:06:37.000150 juicefs[3978] <WARNING>: Already tried 50 times, returning: failed to connect to `host=localhost user=juicefs database=juicefs`: dial error (dial tcp 127.0.0.1:5432: connect: connecti
on refused) [sql.go:868]
2025/06/04 10:06:37.000505 juicefs[3978] <ERROR>: error: failed to connect to `host=localhost user=juicefs database=juicefs`: dial error (dial tcp 127.0.0.1:5432: connect: connection refused)
goroutine 369879 [running]:
runtime/debug.Stack()
        runtime/debug/stack.go:26 +0x5e
github.com/juicedata/juicefs/pkg/meta.errno({0x55b9ad57c680, 0xc00253e8a0})
        github.com/juicedata/juicefs/pkg/meta/utils.go:123 +0xad
github.com/juicedata/juicefs/pkg/meta.(*dbMeta).doGetAttr(0xc001a91c78?, {0x55b9a9cef09d?, 0x55b9a9c938a5?}, 0xc001a91c90?, 0x55b9a9cef09d?)
        github.com/juicedata/juicefs/pkg/meta/sql.go:976 +0x38
github.com/juicedata/juicefs/pkg/meta.(*baseMeta).GetAttr(0xc000126008, {0x55b9ad5b8640, 0xc001af8000}, 0x55b9ad4eb780?, 0xc0008a0300)
        github.com/juicedata/juicefs/pkg/meta/base.go:919 +0x2ba
github.com/juicedata/juicefs/pkg/vfs.(*VFS).GetAttr(0xc001431450, {0x55b9ad5b9e00, 0xc001af8000}, 0x55017, 0x8?)
        github.com/juicedata/juicefs/pkg/vfs/vfs.go:193 +0x14f
github.com/juicedata/juicefs/pkg/fuse.(*fileSystem).GetAttr(0xc0008ecc20, 0x18?, 0xc0000423f8, 0xc000042368)
        github.com/juicedata/juicefs/pkg/fuse/fuse.go:102 +0x9f
github.com/hanwen/go-fuse/v2/fuse.doGetAttr(0x0?, 0xc000042248)
        github.com/hanwen/go-fuse/[email protected]/fuse/opcode.go:301 +0x47
github.com/hanwen/go-fuse/v2/fuse.init.0.func1(0xc000042248?, 0x55b9acf4d680?)
        github.com/hanwen/go-fuse/[email protected]/fuse/opcode.go:774 +0x43
github.com/hanwen/go-fuse/v2/fuse.(*Server).handleRequest(0xc00082e680, 0xc000042248)
        github.com/hanwen/go-fuse/[email protected]/fuse/server.go:708 +0x23c
github.com/hanwen/go-fuse/v2/fuse.(*Server).loop(0xc00082e680, 0x1)
        github.com/hanwen/go-fuse/[email protected]/fuse/server.go:681 +0x110
created by github.com/hanwen/go-fuse/v2/fuse.(*Server).readRequest in goroutine 202519
        github.com/hanwen/go-fuse/[email protected]/fuse/server.go:414 +0x6b1 [utils.go:123]
2025/06/04 10:06:37.000606 juicefs[3978] <INFO>: slow operation: getattr (348183): - input/output error <3087.794843> [accesslog.go:83]
2025/06/04 10:06:37.096931 juicefs[3978] <WARNING>: Already tried 50 times, returning: failed to connect to `host=localhost user=juicefs database=juicefs`: dial error (dial tcp 127.0.0.1:5432: connect: connecti
on refused) [sql.go:868]
2025/06/04 10:06:37.097019 juicefs[3978] <WARNING>: Already tried 50 times, returning: failed to connect to `host=localhost user=juicefs database=juicefs`: dial error (dial tcp 127.0.0.1:5432: connect: connecti
on refused) [sql.go:868]
2025/06/04 10:06:37.097066 juicefs[3978] <ERROR>: error: failed to connect to `host=localhost user=juicefs database=juicefs`: dial error (dial tcp 127.0.0.1:5432: connect: connection refused)
goroutine 390915 [running]:
runtime/debug.Stack()
        runtime/debug/stack.go:26 +0x5e
github.com/juicedata/juicefs/pkg/meta.errno({0x55b9ad57c680, 0xc002680240})
        github.com/juicedata/juicefs/pkg/meta/utils.go:123 +0xad
github.com/juicedata/juicefs/pkg/meta.(*dbMeta).doGetAttr(0xc0014ca798?, {0x55b9a9c882d2?, 0xc0014fc460?}, 0x0?, 0xc0014ca701?)
        github.com/juicedata/juicefs/pkg/meta/sql.go:976 +0x38
github.com/juicedata/juicefs/pkg/meta.(*baseMeta).GetAttr.func1()
        github.com/juicedata/juicefs/pkg/meta/base.go:901 +0x46
github.com/juicedata/juicefs/pkg/utils.WithTimeout.func1()
        github.com/juicedata/juicefs/pkg/utils/utils.go:110 +0x2c
created by github.com/juicedata/juicefs/pkg/utils.WithTimeout in goroutine 370355
        github.com/juicedata/juicefs/pkg/utils/utils.go:109 +0xd8 [utils.go:123]
2025/06/04 10:06:37.097002 juicefs[3978] <WARNING>: Already tried 50 times, returning: failed to connect to `host=localhost user=juicefs database=juicefs`: dial error (dial tcp 127.0.0.1:5432: connect: connecti
on refused) [sql.go:868]
2025/06/04 10:06:37.097022 juicefs[3978] <WARNING>: Already tried 50 times, returning: failed to connect to `host=localhost user=juicefs database=juicefs`: dial error (dial tcp 127.0.0.1:5432: connect: connecti
on refused) [sql.go:868]
2025/06/04 10:06:37.097216 juicefs[3978] <ERROR>: error: failed to connect to `host=localhost user=juicefs database=juicefs`: dial error (dial tcp 127.0.0.1:5432: connect: connection refused)

[jiefenghuang]

According to the logs, JuiceFS is still processing requests—50 database requests take over 40 seconds. For read operations, in addition to database request retries, the external reader.go also retries metadata requests, with a default of 10 times. Therefore, a read request could be blocked for up to 10 * 40 seconds （if your db still not restored）. It seems like the operation is hanging. You might want to adjust these two parameters to see if it helps.

[mcassaniti]

It's hanging for longer that 10 * 40 seconds (about 6 minutes).

[mcassaniti]

So I took a harder look at the code and in all cases the traceback starts at pkg/meta/utils.go:123 which is going to return an EIO (an I/O error) back to the reading/writing process eventually. At least that's what the code shows but my client is not getting an EIO. I really don't understand why but if the client/process did get a proper error I'd be very happy.

Thoughts and feedback?

[frostwind]

@mcassaniti
2025/06/04 09:16:33.906403 juicefs[3978] <WARNING>: checking counter lastCleanupSessions: ERROR: cannot execute SELECT FOR UPDATE in a read-only transaction (SQLSTATE 25006) [base.go:497]
The read-only transaction error may suggest that juicefs is hitting a slave DB?

[mcassaniti]

You're right, but this would've only been for a brief period during fail-over. It's likely either the primary went read-only or HA proxy temporarily pointed to the wrong node. In any case it would've resolved reasonably quickly.

[mcassaniti]

After a bit more digging I found something rather interesting. If I run juicefs status $META_ADDRESS it shows that the session for the locked-up node is missing. I can run ls /jfs without an issue on that node, but I cannot successfully kill off the locked-up processes.

When this situation occurred today I had two nodes that had some locked-up processes. One refreshed its session and the other did not. The one that successfully refreshed its session could have processes killed with kill -SIGKILL $pid.

I'm going to try changing the heartbeat option to mount from the default of 12 seconds to something higher. This won't yet fix the locked-up processes, but it will mean I don't have to reboot to get things working again.

[mcassaniti]

Another testing update. I put juicefs in debug mode and tried the same file copies I do during a cutover. Below you can see at most 5 retries. I don't believe that changing the SQL retries @jiefenghuang would assist based on what I'm seeing below. Strangely one of my nodes has the reading process stuck in disk sleep (state D) while my other nodes have the same process sleeping (state S). If I send a SIGTERM to one of those sleeping processes it becomes stuck on disk sleep and SIGKILL doesn't help.

Reading the code here shows that only the attempt to begin the DB transaction is failing. After the transaction can be successfully started it should succeed and return based on the code flow.

2025/06/11 09:30:00.543801 juicefs[4056] <DEBUG>: GET chunks/1/1459/1459544_0_5 (req_id: "", err: <nil>, cost: 1.714721ms) [cached_store.go:669]
2025/06/11 09:30:00.746629 juicefs[4056] <DEBUG>: GET chunks/1/1459/1459540_0_5 (req_id: "", err: <nil>, cost: 1.653248ms) [cached_store.go:669]
2025/06/11 09:30:02.029784 juicefs[4056] <DEBUG>: GET chunks/1/1459/1459541_0_4194304 (req_id: "", err: <nil>, cost: 1.172772254s) [cached_store.go:669]
2025/06/11 09:30:02.488318 juicefs[4056] <DEBUG>: GET chunks/1/1459/1459541_3_1249495 (req_id: "", err: <nil>, cost: 392.819644ms) [cached_store.go:669]
2025/06/11 09:30:04.369223 juicefs[4056] <DEBUG>: GET chunks/1/1459/1459541_2_4194304 (req_id: "", err: <nil>, cost: 2.273763881s) [cached_store.go:669]
2025/06/11 09:30:05.371917 juicefs[4056] <DEBUG>: GET chunks/1/1459/1459541_1_4194304 (req_id: "", err: <nil>, cost: 4.502952406s) [cached_store.go:669]
2025/06/11 09:30:06.362963 juicefs[4056] <DEBUG>: GET chunks/1/1459/1459539_0_137 (req_id: "", err: <nil>, cost: 1.796466ms) [cached_store.go:669]
2025/06/11 09:30:06.413093 juicefs[4056] <DEBUG>: Start transaction failed, try again (tried 1): failed to connect to `host=localhost user=juicefs database=juicefs`: server error (FATAL: the database system is shutting down (SQLSTATE 57P03)) [sql.go:847]
2025/06/11 09:30:06.414073 juicefs[4056] <DEBUG>: Start transaction failed, try again (tried 1): failed to connect to `host=localhost user=juicefs database=juicefs`: server error (FATAL: the database system is shutting down (SQLSTATE 57P03)) [sql.go:847]
2025/06/11 09:30:06.438337 juicefs[4056] <DEBUG>: Start transaction failed, try again (tried 2): failed to connect to `host=localhost user=juicefs database=juicefs`: server error (FATAL: the database system is shutting down (SQLSTATE 57P03)) [sql.go:847]
2025/06/11 09:30:06.439128 juicefs[4056] <DEBUG>: Start transaction failed, try again (tried 2): failed to connect to `host=localhost user=juicefs database=juicefs`: server error (FATAL: the database system is shutting down (SQLSTATE 57P03)) [sql.go:847]
2025/06/11 09:30:06.466088 juicefs[4056] <DEBUG>: Start transaction failed, try again (tried 3): failed to connect to `host=localhost user=juicefs database=juicefs`: server error (FATAL: the database system is shutting down (SQLSTATE 57P03)) [sql.go:847]
2025/06/11 09:30:06.466343 juicefs[4056] <DEBUG>: Start transaction failed, try again (tried 3): failed to connect to `host=localhost user=juicefs database=juicefs`: server error (FATAL: the database system is shutting down (SQLSTATE 57P03)) [sql.go:847]
2025/06/11 09:30:06.496171 juicefs[4056] <DEBUG>: Start transaction failed, try again (tried 4): failed to connect to `host=localhost user=juicefs database=juicefs`: failed to receive message (unexpected EOF) [sql.go:847]
2025/06/11 09:30:06.496187 juicefs[4056] <DEBUG>: Start transaction failed, try again (tried 4): failed to connect to `host=localhost user=juicefs database=juicefs`: failed to receive message (unexpected EOF) [sql.go:847]
2025/06/11 09:30:09.555456 juicefs[4056] <DEBUG>: Start transaction failed, try again (tried 5): failed to connect to `host=localhost user=juicefs database=juicefs`: failed to receive message (unexpected EOF) [sql.go:847]
2025/06/11 09:30:09.555484 juicefs[4056] <DEBUG>: Start transaction failed, try again (tried 1): failed to connect to `host=localhost user=juicefs database=juicefs`: failed to receive message (unexpected EOF) [sql.go:847]
2025/06/11 09:30:09.559071 juicefs[4056] <DEBUG>: Start transaction failed, try again (tried 5): failed to connect to `host=localhost user=juicefs database=juicefs`: failed to receive message (unexpected EOF) [sql.go:847]
2025/06/11 09:30:10.658093 juicefs[4056] <ERROR>: Refresh session 351: failed to connect to `host=localhost user=juicefs database=juicefs`: failed to receive message (unexpected EOF) [base.go:454]
2025/06/11 09:30:11.452979 juicefs[4056] <DEBUG>: Start transaction failed, try again (tried 1): failed to connect to `host=localhost user=juicefs database=juicefs`: failed to receive message (unexpected EOF) [sql.go:847]
2025/06/11 09:30:11.541258 juicefs[4056] <DEBUG>: Start transaction failed, try again (tried 1): failed to connect to `host=localhost user=juicefs database=juicefs`: failed to receive message (unexpected EOF) [sql.go:847]
2025/06/11 09:30:36.917546 juicefs[4056] <DEBUG>: PUT chunks/1/1470/1470507_0_61 (req_id: "", err: <nil>, cost: 16.471239ms) [cached_store.go:669]

[jiefenghuang]

Could you upload the complete logs? Once the number of failures reaches the limit, it will return EIO to FUSE.
Also, could you paste the client-side code for reading?

[jiefenghuang]

2025/06/04 10:06:37.000606 juicefs[3978] : slow operation: getattr (348183): - input/output error <3087.794843> [accesslog.go:83]

From your logs above, your client should be able to receive EIO.

[mcassaniti]

I would've thought I'd get an EIO too and I'm worried that I'm not getting anything (failure or success) when the retries seem to succeed again.

As for the client side code, below is a cut down version. There's a set of files to transfer and one of them is usually large enough that it can take 30+ seconds to transfer.

def transfer_file(
    src         : pathlib.Path,
    dst_dir     : pathlib.Path,
    target_name : Optional[str] = None
) -> None:

    dst = dst_dir / src.name
    if target_name:
        dst = dst_dir / target_name

    with open(src, "rb") as src_fp, open(dst, "wb") as dst_fp:
        for chunk in iter(lambda: src_fp.read(4096), b""):
            dst_fp.write(chunk)

[mcassaniti]

I tried something different and blocked the SQL traffic (dropping packets) from the JuiceFS client just to see what would show up in the logs. I got a lot of slow operations when I stopped dropping packets but not many failed transactions. I'm guessing that the issue is a hung query that doesn't have a timeout.

Does a simple SQL get inside a read-only transaction have a timeout?

[mcassaniti]

Does PostgreSQL support these too?

[jiefenghuang]

yes

[mcassaniti]

I needed postgres://...?connect_timeout=5&tcp_user_timeout=5 although it mainly seems to be the connect_timeout parameter that is relevant.

While one of my nodes was locked-up I decided to restart HA proxy which will forcefully kill off any existing SQL connections. I suddenly got an I/O error back to the process that was stuck. My suspicion about hung SQL queries seems to be correct.

I'm about to do some more testing with SQL retries set to 10 and connect_timeout=5 to see how it all goes. If that works successfully I'll get a PR organised to make the number of retries configurable.

[mcassaniti]

So, even without the change in SQL retries, the addition of connect_timeout=5 has meant that my JuiceFS mounts are no longer getting stuck and causing processes to block.

At this point I'll leave the SQL retries alone.

Thanks so much for taking the time to work with me on this one.

[jiefenghuang]

check https://github.com/go-sql-driver/mysql#dsn-data-source-name you can set like this db://addr?timeout=1s&readTimeout=1s&writeTimeout=1s

Sorry, I got the driver wrong. The parameter for PostgreSQL is connect_timeout.
https://github.com/jackc/pgx/blob/d2ee7464e8e5c49f0caea95b825b1bb169a47cbc/pgconn/config.go#L300