Skip to content

fix(marker): stop state leakage from aggregation groups #4438

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
SuperQ merged 1 commit into from
Oct 19, 2025
Merged

fix(marker): stop state leakage from aggregation groups #4438

SuperQ merged 1 commit into from
Oct 19, 2025

Conversation

@siavashs
Copy link
Contributor

@siavashs siavashs commented Jun 23, 2025
edited by SuperQ
Loading

This change makes aggregation groups to delete resolved alerts from marker, therefore avoiding the leakage of ghost states mentioned in #4402.

Fixes: #4402

@siavashs siavashs marked this pull request as draft June 23, 2025 15:30
OGKevin
OGKevin reviewed Aug 7, 2025
View reviewed changes
@siavashs siavashs force-pushed the marker-gc branch 3 times, most recently from 20c2483 to cdff2d7 Compare August 27, 2025 08:43
@siavashs siavashs marked this pull request as ready for review August 27, 2025 08:55
@siavashs siavashs force-pushed the marker-gc branch 2 times, most recently from 101e444 to 83a127e Compare August 27, 2025 11:37
@siavashs siavashs changed the title feat(marker): add gc fix(marker): stop state leakage from aggregation groups Aug 27, 2025
SuperQ
SuperQ reviewed Oct 17, 2025
View reviewed changes
Copy link
Member

@SuperQ SuperQ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking at the test changes, it doesn't seem like this exercises the problem behavior. Would you mind including some additional testing to make sure we don't break in the future?

@siavashs siavashs requested a review from SuperQ October 18, 2025 22:25
@siavashs
fix(marker): stop state leakage from aggregation groups
d7f2c92 
This change makes aggregation groups to delete resolved alerts from marker,
therefore avoiding the leakage of ghost states mentioned in prometheus#4402.

Signed-off-by: Siavash Safi <siavash@cloudflare.com>
@siavashs
Copy link
Contributor Author

siavashs commented Oct 18, 2025

Looking at the test changes, it doesn't seem like this exercises the problem behavior. Would you mind including some additional testing to make sure we don't break in the future?

Done, added 3 scenarios. The code is change to make sure that we don't accidentally delete a marker due to a race condition. Please have a look and let me know if we should add more.

But while adding these I noticed the whole Marker setup to be a week point in terms of consistency, we need to come up with a better solution at some point.

SuperQ
SuperQ approved these changes Oct 19, 2025
View reviewed changes
Copy link
Member

@SuperQ SuperQ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, thanks!

@SuperQ SuperQ merged commit f7a0d01 into prometheus:main Oct 19, 2025
11 checks passed
@siavashs siavashs deleted the marker-gc branch October 19, 2025 15:52
grobinson-grafana
grobinson-grafana reviewed Nov 6, 2025
View reviewed changes
dispatch/dispatch.go
ag.logger.Error("error on delete alerts", "err", err)
} else {
// Delete markers for resolved alerts that are not in the store.
for _, alert := range resolvedSlice {
Copy link
Collaborator

@grobinson-grafana grobinson-grafana Nov 6, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just heads up this is a race condition for the same reason we had to implement DeleteIfNotModified. There is a missing check to make sure the deleted alert is the same alert returned from ag.alerts.Get(alert.Fingerprint()).

Without this check what can happen is we delete the alert in between DeletedIfNotModified and then before we call Get a new alert is received. What happens then is we delete the marker of the new alert by mistake.

Copy link
Contributor Author

@siavashs siavashs Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As we discussed on Slack, this is safe since even if we delete the marker the alert status would then be unprocessed:

alertmanager/types/types.go

Lines 261 to 274 in 52eb1fc

// Status implements AlertMarker.
func (m *MemMarker) Status(alert model.Fingerprint) AlertStatus {
m.mtx.RLock()
defer m.mtx.RUnlock()
if s, found := m.alerts[alert]; found {
return *s
}
return AlertStatus{
State: AlertStateUnprocessed,
SilencedBy: []string{},
InhibitedBy: []string{},
}
}

@SoloJacobs SoloJacobs mentioned this pull request Nov 24, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@grobinson-grafana grobinson-grafana grobinson-grafana left review comments

@SuperQ SuperQ SuperQ approved these changes

+1 more reviewer

@OGKevin OGKevin OGKevin left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Alert marker fills up with deleted alerts' states

4 participants

@siavashs @SuperQ @OGKevin @grobinson-grafana