release-25.3: pkg/util/log: Implement handling for oversized log messages in bufferedSink #158259
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…edSink Previously, when a single log message exceeded the configured max-buffer-size for a buffered sink with exit-on-error enabled, the error would propagate up and trigger process termination. This was overly aggressive for what amounts to a logging configuration issue - a single oversized SQL query (e.g., with a multi-megabyte string literal) could crash an entire CockroachDB node. This commit modifies bufferedSink.output() to detect the errMsgTooLarge error and handle it gracefully. When an oversized message is encountered, instead of propagating the error, we drop the message and log a warning via Ops.Warningf() indicating that the message exceeded the buffer size limit. This allows the node to continue operating normally while still providing visibility into the issue through logged warnings. The implementation uses a two-phase approach to avoid deadlock: first, while holding the sink's mutex, we detect the oversized message and set a flag with the relevant information; then, after releasing the lock, we emit the warning. This is necessary because calling Ops.Warningf() while holding the mutex would cause the warning message to attempt re-entry into the same sink, resulting in a deadlock when it tries to acquire the already-held lock. Part of: CRDB-53951 Epic: CRDB-56325 Release note: None
blathers-crl
bot
force-pushed
the
blathers/backport-release-25.3-157964
branch
from
950651d to
5df6d3b
Compare
blathers-crl
bot
added
blathers-backport
blathers-crl
bot
requested review from
angles-n-daemons
and removed request for
a team
blathers-crl
bot
requested review from
Abhinav1299,
aa-joshi and
arjunmahishi
and removed request for
a team
Author
|
Thanks for opening a backport. Before merging, please confirm that the change does not break backwards compatibility and otherwise complies with the backport policy. Include a brief release justification in the PR description explaining why the backport is appropriate. All backports must be reviewed by the TL for the owning area. While the stricter LTS policy does not yet apply, please exercise judgment and consider gating non-critical changes behind a disabled-by-default feature flag when appropriate. |
blathers-crl
bot
added
backport
Member
|
This change is |
dhartunian
approved these changes
Nov 26, 2025
Collaborator
dhartunian
left a comment
dhartunian
left a comment
There was a problem hiding this comment.
Release justification: this is a low risk improvement to our error behavior for critical log sinks that can cause unnecessary node crashes.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport 1/1 commits from #157964 on behalf of @Abhinav1299.
Previously, when a single log message exceeded the configured max-buffer-size
for a buffered sink with exit-on-error enabled, the error would propagate up
and trigger process termination. This was overly aggressive for what amounts
to a logging configuration issue - a single oversized SQL query (e.g., with a
multi-megabyte string literal) could crash an entire CockroachDB node.
This commit modifies bufferedSink.output() to detect the errMsgTooLarge error
and handle it gracefully. When an oversized message is encountered, instead of
propagating the error, we drop the message and log a warning via Ops.Warningf()
indicating that the message exceeded the buffer size limit. This allows the
node to continue operating normally while still providing visibility into the
issue through logged warnings.
The implementation uses a two-phase approach to avoid deadlock: first, while
holding the sink's mutex, we detect the oversized message and set a flag with
the relevant information; then, after releasing the lock, we emit the warning.
This is necessary because calling Ops.Warningf() while holding the mutex would
cause the warning message to attempt re-entry into the same sink, resulting in
a deadlock when it tries to acquire the already-held lock.
This resolves #152635
Part of: CRDB-53951
Epic: CRDB-56325
Release note: None
Release justification: This PR fixes the CRDB process termination when a log message greater than
max-buffer-sizeof a sink is encountered whenexit-on-errorflag is enabled.