fix(actions): deadlock between `PrepareRunAndInsert` and `UpdateTaskByState` by Zettat123 · Pull Request #37692 · go-gitea/gitea

Zettat123 · 2026-05-13T17:51:55Z

Bug

Logs show PrepareRunAndInsert: InsertRun: Error 1213: Deadlock found, which handleWorkflows silently swallows via log.Error + continue, so the triggered run is dropped.

Root cause

The path UpdateRun -> UpdateRepoRunsNumbers runs the following SQL inside every status-changing transaction:

UPDATE repository
SET num_action_runs        = (SELECT count(*) FROM action_run WHERE repo_id = N),
    num_closed_action_runs = (SELECT count(*) FROM action_run WHERE repo_id = N AND status IN (...))
WHERE id = N;

On any DB that treats subqueries inside an UPDATE as locking reads, this statement takes locks in two steps:

The outer UPDATE acquires an X lock on repository[id=N]
The embedded SELECT subqueries are evaluated as locking reads, taking S locks on every action_run row matching repo_id = N

Two such concurrent transactions form a cycle via repository[N]:

Tx	Holds	Wants	Blocked by
A: `PrepareRunAndInsert` (push trigger)	X on inserted `action_run` row R_A; X on `repository[N]` (outer UPDATE already through step 1)	S on `action_run` rows for repo N (subquery, step 2)	B's X lock on R_B
B: `UpdateTaskByState` (runner callback)	X on `action_run` row R_B (from `UpdateRun`)	X on `repository[N]` (outer UPDATE, step 1)	A's X lock on `repository[N]`
Cycle	A waits for R_B; B waits for `repository[N]`		deadlock error -> `handleWorkflows` swallows -> run lost

PostgreSQL's MVCC reads do not take these locks and SQLite serializes writers, so the symptom only surfaces on MySQL/MSSQL.

Fix

Split UpdateRepoRunsNumbers into small SQLs to avoid locking reads and move it out of DB transactions.

Zettat123 · 2026-05-13T20:14:41Z

Test failure due to the deadlock:

MySQL:
https://github.com/go-gitea/gitea/actions/runs/25822443469/job/75867108596?pr=37692#step:10:97

MSSQL:
https://github.com/go-gitea/gitea/actions/runs/25822443469/job/75867108876?pr=37692#step:10:97

wxiaoguang · 2026-05-13T23:00:29Z

I don't think the test is really related or should be kept.

wxiaoguang · 2026-05-13T23:08:17Z

I think you can simply move the "update number" SQL out of the "UpdateTaskByState" transaction.

And split it into small SQLs (two single SELECTs + one single UPDATE)

No need to introduce the cron

wxiaoguang · 2026-05-13T23:52:26Z

It also needs to move "UpdateRepoRunsNumbers" out of the transaction

Zettat123 · 2026-05-14T01:25:19Z

I think you can simply move the "update number" SQL out of the "UpdateTaskByState" transaction.

And split it into small SQLs (two single SELECTs + one single UPDATE)

No need to introduce the cron

Addressed

I don't think the test is really related or should be kept.

This test was for reproducing the deadlock bug, but I think it’s worth keeping to detect cases where UpdateRepoRunsNumbers is mistakenly placed inside a transaction.

wxiaoguang · 2026-05-14T07:46:15Z

I don't think the test is really related or should be kept.

This test was for reproducing the deadlock bug, but I think it’s worth keeping to detect cases where UpdateRepoRunsNumbers is mistakenly placed inside a transaction.

if InTransaction {
  setting.PanicInDevOrTesting(...)
}

Zettat123 · 2026-05-14T17:04:31Z

I don't think the test is really related or should be kept.

This test was for reproducing the deadlock bug, but I think it’s worth keeping to detect cases where UpdateRepoRunsNumbers is mistakenly placed inside a transaction.
if InTransaction {
  setting.PanicInDevOrTesting(...)
}

Addressed by 7106acd

bircni · 2026-05-15T07:24:02Z

@wxiaoguang are you also fine with this?

wxiaoguang · 2026-05-15T07:27:11Z

@wxiaoguang are you also fine with this?

Yes, it looks good to me.

Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>

GiteaBot · 2026-05-15T14:26:42Z

I was unable to create a backport for 1.26. @Zettat123, please send one manually. 🍵

go run ./contrib/backport 37692
...  // fix git conflicts if any
go run ./contrib/backport --continue

Zettat123 · 2026-05-15T21:59:47Z

I was unable to create a backport for 1.26. @Zettat123, please send one manually. 🍵
go run ./contrib/backport 37692
...  // fix git conflicts if any
go run ./contrib/backport --continue

#37718

…yState` (#37692) (#37718)

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [code.gitea.io/gitea](https://github.com/go-gitea/gitea) | `v1.26.1` → `v1.26.2` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.gitea.io%2fgitea/v1.26.2?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.gitea.io%2fgitea/v1.26.1/v1.26.2?slim=true) | --- ### Release Notes <details> <summary>go-gitea/gitea (code.gitea.io/gitea)</summary> ### [`v1.26.2`](https://github.com/go-gitea/gitea/releases/tag/v1.26.2) [Compare Source](go-gitea/gitea@v1.26.1...v1.26.2) - SECURITY - fix(permissions): Fix reading permission ([#37769](go-gitea/gitea#37769)) - fix(actions): make artifact signature payloads unambiguous ([#37707](go-gitea/gitea#37707)) - fix: Unify public-only token filtering in API queries and repo access checks ([#37118](go-gitea/gitea#37118)) - fix: Add missed token scope checking ([#37735](go-gitea/gitea#37735)) - fix(oauth): bind token exchanges to the original client request ([#37704](go-gitea/gitea#37704)) - fix(oauth): strengthen PKCE validation and refresh token replay protection ([#37706](go-gitea/gitea#37706)) - fix(web): enforce token scopes on raw, media, and attachment downloads ([#37698](go-gitea/gitea#37698)) - fix(security): enforce wiki git writes and LFS token access at request time ([#37695](go-gitea/gitea#37695)) - feat(api): encrypt AWS creds ([#37679](go-gitea/gitea#37679)) - fix(deps): update dependency mermaid to v11.15.0 \[security], add e2e test - fix(packages): Add label for private and internal package and fix composor package source permission check ([#37610](go-gitea/gitea#37610)) - fix(git): Fix smart http request scope bug ([#37583](go-gitea/gitea#37583)) - Fix basic auth bug ([#37503](go-gitea/gitea#37503)) - Fix allow maintainer edit permission check ([#37479](go-gitea/gitea#37479)) ([#37484](go-gitea/gitea#37484)) - Fix URL sanitization to handle schemeless credentials ([#37440](go-gitea/gitea#37440)) ([#37471](go-gitea/gitea#37471)) - Fix attachment Content-Security-Policy ([#37455](go-gitea/gitea#37455)) ([#37464](go-gitea/gitea#37464)) - chore(deps): bump go-git/go-git/v5 to 5.19.0 ([#37608](go-gitea/gitea#37608)) - BUGFIXES - fix(pull): handle empty pull request files view to allow reviews ([#37783](go-gitea/gitea#37783)) - fix(markup): make RenderString never fail ([#37779](go-gitea/gitea#37779)) - fix: add natural sort to sortTreeViewNodes ([#37772](go-gitea/gitea#37772)) - fix: package creation unique conflict ([#37774](go-gitea/gitea#37774)) - fix!: add DEFAULT\_TITLE\_SOURCE setting for pull request title default behavior ([#37465](go-gitea/gitea#37465)) - fix: Allow direct commits for unprotected files with push restrictions ([#37657](go-gitea/gitea#37657)) - fix(actions): wrong assumption that run id always >= job id ([#37737](go-gitea/gitea#37737)) - fix(auth): set User-Agent on avatar fetch and sync avatar on link-account register ([#37564](go-gitea/gitea#37564)) ([#37588](go-gitea/gitea#37588)) - fix(actions): deadlock between PrepareRunAndInsert and UpdateTaskByState ([#37692](go-gitea/gitea#37692)) - fix(repo): /generate must sync the branch table for the new repo ([#37693](go-gitea/gitea#37693)) - build: Fix snap build (1.26) - fix(actions): run TransferLogs on UpdateLog{Rows:\[], NoMore:true} ([#37631](go-gitea/gitea#37631)) - fix show correct mergebase - fix: make clone URL respect public URL detection setting ([#37615](go-gitea/gitea#37615)) - fix: "run as root" check ([#37622](go-gitea/gitea#37622)) - chore(deps): update dependency go to v1.26.3 ([#37601](go-gitea/gitea#37601)) - Compare dropdown fails when selecting branch with no common merge-base ([#37470](go-gitea/gitea#37470)) - fix: treat email addresses case-insensitively ([#37600](go-gitea/gitea#37600)) - fix(actions): fix blank lines after ::endgroup:: ([#37597](go-gitea/gitea#37597)) - fix(actions): report individual step status in workflow job API response ([#37592](go-gitea/gitea#37592)) - fix: Invalid UTF-8 commit messages in JSON API responses ([#37542](go-gitea/gitea#37542)) - fix: use consistent GetUser family functions ([#37553](go-gitea/gitea#37553)) - fix(api): return 409 message instead of empty JSON for wrong commit id ([#37572](go-gitea/gitea#37572)) - fix(actions): prevent panic when workflow contains null jobs ([#37570](go-gitea/gitea#37570)) - Make ServeSetHeaders default to download attachment if filename exists ([#37552](go-gitea/gitea#37552)) ([#37555](go-gitea/gitea#37555)) - Fix(actions): validate workflow param to prevent 500 error ([#37546](go-gitea/gitea#37546)) ([#37554](go-gitea/gitea#37554)) - Don't unblock run-level-concurrency-blocked runs in the resolver ([#37461](go-gitea/gitea#37461)) ([#37538](go-gitea/gitea#37538)) - Fix(packages): use file names for generic web downloads ([#37514](go-gitea/gitea#37514)) ([#37520](go-gitea/gitea#37520)) - Fix merge autodetect can't close other PRs but only the last one when multiple PRs are pushed at once ([#37512](go-gitea/gitea#37512)) ([#37516](go-gitea/gitea#37516)) - Fix update branch protection order ([#37508](go-gitea/gitea#37508)) ([#37513](go-gitea/gitea#37513)) - Fix mCaptcha broken after Vite migration ([#37492](go-gitea/gitea#37492)) ([#37509](go-gitea/gitea#37509)) - Fix review submission from single-commit PR view ([#37475](go-gitea/gitea#37475)) ([#37485](go-gitea/gitea#37485)) - Fix scheduled action panic with null event payload ([#37459](go-gitea/gitea#37459)) ([#37466](go-gitea/gitea#37466)) - Make GetPossibleUserByID can handle deleted user ([#37430](go-gitea/gitea#37430)) ([#37431](go-gitea/gitea#37431)) - Remove excessive quote from terraform instructions ([#37424](go-gitea/gitea#37424)) ([#37426](go-gitea/gitea#37426)) - Fix color regressions, add `priority` color ([#37417](go-gitea/gitea#37417)) ([#37421](go-gitea/gitea#37421)) - MISC - Add CurrentURL template variable back ([#37444](go-gitea/gitea#37444)) ([#37449](go-gitea/gitea#37449)) Instances on **[Gitea Cloud](https://cloud.gitea.com)** will be automatically upgraded to this version during the specified maintenance window. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: https://git.erwanleboucher.dev/eleboucher/apoci/pulls/47

add deadlock test

e4e8b7c

GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label May 13, 2026

Zettat123 added 4 commits May 13, 2026 12:29

lint

66d8cd3

Merge branch 'main' into bugfix/issue-36234

58a9053

update test

394b63b

fix test

8520651

Zettat123 added 2 commits May 13, 2026 14:22

fix deadlock

408392d

fix cron count

874b356

Zettat123 marked this pull request as ready for review May 13, 2026 21:07

Zettat123 added topic/gitea-actions related to the actions of Gitea backport/v1.26 This PR should be backported to Gitea 1.26 labels May 13, 2026

Zettat123 marked this pull request as draft May 13, 2026 23:22

Zettat123 added 2 commits May 13, 2026 17:22

revert

d96c92a

fix UpdateRepoRunsNumbers

0936204

Zettat123 added 3 commits May 13, 2026 18:46

move UpdateRepoRunsNumbers out of tx

070377c

Merge branch 'main' into bugfix/issue-36234

72cf30d

Merge branch 'main' into bugfix/issue-36234

4886769

Zettat123 marked this pull request as ready for review May 14, 2026 01:25

lunny reviewed May 14, 2026

View reviewed changes

Comment thread models/actions/run.go Outdated

Zettat123 added 3 commits May 14, 2026 10:40

Merge branch 'main' into bugfix/issue-36234

5cd4cde

check InTransaction

7106acd

remove test

b1b7b92

lunny approved these changes May 14, 2026

View reviewed changes

GiteaBot removed the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label May 14, 2026

GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label May 14, 2026

bircni approved these changes May 15, 2026

View reviewed changes

GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels May 15, 2026

wxiaoguang reviewed May 15, 2026

View reviewed changes

Comment thread models/actions/run.go Outdated

wxiaoguang and others added 2 commits May 15, 2026 15:27

Apply suggestion from @wxiaoguang

10b9f16

Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>

Merge branch 'main' into bugfix/issue-36234

805a880

bircni added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label May 15, 2026

bircni enabled auto-merge (squash) May 15, 2026 07:29

Merge branch 'main' into bugfix/issue-36234

2b53749

bircni merged commit cf0f25b into go-gitea:main May 15, 2026
21 checks passed

GiteaBot added this to the 1.27.0 milestone May 15, 2026

GiteaBot removed the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label May 15, 2026

wxiaoguang deleted the bugfix/issue-36234 branch May 15, 2026 14:06

GiteaBot added the backport/manual No power to the bots! Create your backport yourself! label May 15, 2026

Zettat123 mentioned this pull request May 15, 2026

fix(actions): deadlock between PrepareRunAndInsert and UpdateTaskByState (#37692) #37718

Merged

Zettat123 added backport/done All backports for this PR have been created and removed backport/manual No power to the bots! Create your backport yourself! labels May 15, 2026

bircni pushed a commit that referenced this pull request May 16, 2026

fix(actions): deadlock between PrepareRunAndInsert and `UpdateTaskB…

7b82ded

…yState` (#37692) (#37718)

Uh oh!

Conversation

Zettat123 commented May 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Bug

Root cause

Fix

Uh oh!

Zettat123 commented May 13, 2026

Uh oh!

wxiaoguang commented May 13, 2026

Uh oh!

wxiaoguang commented May 13, 2026

Uh oh!

wxiaoguang commented May 13, 2026

Uh oh!

Zettat123 commented May 14, 2026

Uh oh!

Uh oh!

wxiaoguang commented May 14, 2026

Uh oh!

Zettat123 commented May 14, 2026

Uh oh!

bircni commented May 15, 2026

Uh oh!

wxiaoguang commented May 15, 2026

Uh oh!

Uh oh!

Uh oh!

GiteaBot commented May 15, 2026

Uh oh!

Zettat123 commented May 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Zettat123 commented May 13, 2026 •

edited

Loading