fix(taskprocessing): claim tasks atomically with SKIP LOCKED + composite index

Replace the worker retry/ignore-list claim-loop with a single atomic
SELECT ... FOR UPDATE SKIP LOCKED claim (SQLite bounded-retry fallback),
preserving the no-duplicate guarantee while removing the thundering-herd
contention that throttled backlog draining. Add a (status,type,last_updated)
index via the table-creating migration + db:add-missing-indices listener.

Signed-off-by: Yoan Bozhilov <bygadd@gmail.com>
Assisted-by: Claude Code:claude-opus-4-8

Author: bygadd

core/Command/TaskProcessing/WorkerCommand.php

@@ -14,7 +14,6 @@
 use OCP\AppFramework\Utility\ITimeFactory;
 use OCP\IAppConfig;
 use OCP\TaskProcessing\Exception\Exception;
-use OCP\TaskProcessing\Exception\NotFoundException;
 use OCP\TaskProcessing\IManager;
 use OCP\TaskProcessing\ISynchronousProvider;
 use Psr\Log\LoggerInterface;
@@ -118,9 +117,10 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 	 * Attempt to process one task across all preferred synchronous providers.
 	 *
 	 * To avoid starvation, all eligible task types are first collected and then
-	 * the oldest scheduled task across all of them is fetched in a single query.
-	 * This ensures that tasks are processed in the order they were scheduled,
-	 * regardless of which provider handles them.
+	 * the oldest scheduled task across all of them is claimed in a single atomic
+	 * query (FOR UPDATE SKIP LOCKED, with a SQLite fallback). This ensures tasks
+	 * are processed in the order they were scheduled, regardless of which provider
+	 * handles them, and guarantees no two workers ever claim the same task.
 	 *
 	 * @param list<string> $taskTypes When non-empty, only providers for these task type IDs are considered.
 	 * @return bool True if a task was processed, false if no task was found
@@ -162,15 +162,21 @@ private function processNextTask(OutputInterface $output, array $taskTypes = [])
 			return false;
 		}
 
-		// Fetch the oldest scheduled task across all eligible task types in one query.
-		// This naturally prevents starvation: regardless of how many tasks one provider
-		// has queued, another provider's older tasks will be picked up first.
+		// Atomically claim the oldest scheduled task across all eligible task types in
+		// one query. SELECT ... FOR UPDATE SKIP LOCKED (with a SQLite fallback) both
+		// fetches and marks the task RUNNING, so multiple workers never claim the same
+		// task and no per-worker ignore-list / retry loop is needed. This also naturally
+		// prevents starvation: regardless of how many tasks one provider has queued,
+		// another provider's older tasks are picked up first.
 		try {
-			$task = $this->taskProcessingManager->getNextScheduledTask(array_keys($eligibleProviders));
-		} catch (NotFoundException) {
-			return false;
+			$task = $this->taskProcessingManager->claimNextScheduledTask(array_keys($eligibleProviders));
 		} catch (Exception $e) {
-			$this->logger->error('Unknown error while retrieving scheduled TaskProcessing tasks', ['exception' => $e]);
+			$this->logger->error('Unknown error while claiming scheduled TaskProcessing tasks', ['exception' => $e]);
+			return false;
+		}
+
+		if ($task === null) {
+			// No schedulable task available right now.
 			return false;
 		}
 

core/Listener/AddMissingIndicesListener.php

@@ -223,5 +223,11 @@ public function handle(Event $event): void {
 			['user', 'mountpoint'],
 			['lengths' => [null, 128]]
 		);
+
+		$event->addMissingIndex(
+			'taskprocessing_tasks',
+			'taskp_status_type_upd',
+			['status', 'type', 'last_updated']
+		);
 	}
 }

core/Migrations/Version30000Date20240429122720.php

@@ -98,6 +98,7 @@ public function changeSchema(IOutput $output, Closure $schemaClosure, array $opt
 			$table->addIndex(['status', 'type'], 'taskp_tasks_status_type');
 			$table->addIndex(['last_updated'], 'taskp_tasks_updated');
 			$table->addIndex(['user_id', 'app_id', 'custom_id'], 'taskp_tasks_uid_appid_cid');
+			$table->addIndex(['status', 'type', 'last_updated'], 'taskp_status_type_upd');
 
 			return $schema;
 		}

lib/private/TaskProcessing/Db/TaskMapper.php

@@ -15,6 +15,7 @@
 use OCP\AppFramework\Db\QBMapper;
 use OCP\AppFramework\Utility\ITimeFactory;
 use OCP\DB\Exception;
+use OCP\DB\QueryBuilder\ConflictResolutionMode;
 use OCP\DB\QueryBuilder\IQueryBuilder;
 use OCP\IDBConnection;
 
@@ -75,6 +76,160 @@ public function findOldestScheduledByType(array $taskTypes, array $taskIdsToIgno
 		return $this->findEntity($qb);
 	}
 
+	/**
+	 * Atomically claim the oldest scheduled task of the given task types and mark it RUNNING.
+	 *
+	 * This is the structural fix for the worker "claim loop": instead of every worker
+	 * racing for the single oldest task (a thundering herd that grows a per-worker
+	 * `id NOT IN (...)` ignore list and slows the SELECT), each worker claims a
+	 * *distinct* task in one round trip.
+	 *
+	 * On databases that support row-level locking with SKIP LOCKED
+	 * (MySQL/MariaDB/PostgreSQL) the claim is a single transaction:
+	 *   SELECT ... WHERE status = SCHEDULED [AND type IN (...)]
+	 *   ORDER BY last_updated ASC LIMIT 1 FOR UPDATE SKIP LOCKED
+	 * followed by a guarded UPDATE to RUNNING. Concurrent workers skip rows already
+	 * locked by another transaction, so no two workers ever claim the same task.
+	 *
+	 * SQLite does not support SKIP LOCKED (verified: Doctrine throws "Operation
+	 * 'SKIP LOCKED' is not supported by platform"), so we feature-detect via the DB
+	 * provider and fall back to the existing bounded {@see lockTask} retry, which is
+	 * still safe because the UPDATE ... WHERE status = SCHEDULED is itself atomic and
+	 * SQLite serialises writers.
+	 *
+	 * A task is only ever transitioned SCHEDULED -> RUNNING here; it is never marked
+	 * FAILED by claiming. If the task cannot be claimed (none scheduled, or it was
+	 * taken by another worker between SELECT and UPDATE) this returns null.
+	 *
+	 * @param list<string> $taskTypes When non-empty, only tasks of these task type IDs are considered.
+	 * @return Task|null The claimed task (status RUNNING), or null if nothing could be claimed.
+	 * @throws Exception
+	 */
+	public function claimOldestScheduledTask(array $taskTypes): ?Task {
+		if ($this->db->getDatabaseProvider() === IDBConnection::PLATFORM_SQLITE) {
+			// SKIP LOCKED is unsupported on SQLite: fall back to the bounded lock-and-retry claim.
+			return $this->claimWithBoundedRetry($taskTypes);
+		}
+
+		return $this->claimWithSkipLocked($taskTypes);
+	}
+
+	/**
+	 * Atomic claim using FOR UPDATE SKIP LOCKED in a single transaction.
+	 *
+	 * @param list<string> $taskTypes
+	 * @return Task|null
+	 * @throws Exception
+	 */
+	private function claimWithSkipLocked(array $taskTypes): ?Task {
+		$this->db->beginTransaction();
+		try {
+			$qb = $this->db->getQueryBuilder();
+			$qb->select(Task::COLUMNS)
+				->from($this->tableName)
+				->where($qb->expr()->eq('status', $qb->createPositionalParameter(\OCP\TaskProcessing\Task::STATUS_SCHEDULED, IQueryBuilder::PARAM_INT)))
+				->orderBy('last_updated', 'ASC')
+				->setMaxResults(1)
+				->forUpdate(ConflictResolutionMode::SkipLocked);
+
+			if (!empty($taskTypes)) {
+				$filter = [];
+				foreach ($taskTypes as $taskType) {
+					$filter[] = $qb->expr()->eq('type', $qb->createPositionalParameter($taskType));
+				}
+				$qb->andWhere($qb->expr()->orX(...$filter));
+			}
+
+			$result = $qb->executeQuery();
+			$row = $result->fetch();
+			$result->closeCursor();
+
+			if ($row === false) {
+				// Nothing schedulable (or every candidate is locked by another worker).
+				$this->db->commit();
+				return null;
+			}
+
+			/** @var Task $task */
+			$task = $this->mapRowToEntity($row);
+
+			// Record the start time at claim time: because the worker receives the task
+			// already in status RUNNING, the later SCHEDULED -> RUNNING transition in
+			// Manager::setTaskStatus is skipped and would otherwise never persist started_at.
+			$startedAt = $this->timeFactory->now()->getTimestamp();
+
+			// Guarded transition SCHEDULED -> RUNNING. The row is locked for this
+			// transaction, so the guard is belt-and-braces rather than strictly required.
+			$update = $this->db->getQueryBuilder();
+			$update->update($this->tableName)
+				->set('status', $update->createPositionalParameter(\OCP\TaskProcessing\Task::STATUS_RUNNING, IQueryBuilder::PARAM_INT))
+				->set('started_at', $update->createPositionalParameter($startedAt, IQueryBuilder::PARAM_INT))
+				->where($update->expr()->eq('id', $update->createPositionalParameter($task->getId(), IQueryBuilder::PARAM_INT)))
+				->andWhere($update->expr()->eq('status', $update->createPositionalParameter(\OCP\TaskProcessing\Task::STATUS_SCHEDULED, IQueryBuilder::PARAM_INT)));
+			$affected = $update->executeStatement();
+
+			$this->db->commit();
+
+			if ($affected === 0) {
+				// Lost the race (should not happen under SKIP LOCKED); leave the task SCHEDULED.
+				return null;
+			}
+
+			$task->setStatus(\OCP\TaskProcessing\Task::STATUS_RUNNING);
+			$task->setStartedAt($startedAt);
+			return $task;
+		} catch (\Throwable $e) {
+			$this->db->rollBack();
+			throw $e;
+		}
+	}
+
+	/**
+	 * Fallback claim for databases without SKIP LOCKED (SQLite).
+	 *
+	 * Repeatedly fetches the oldest scheduled task and attempts the atomic
+	 * UPDATE ... WHERE status = SCHEDULED. Tasks lost to another worker are added to a
+	 * short ignore list so the next iteration moves on. Bounded to avoid unbounded
+	 * looping under contention.
+	 *
+	 * @param list<string> $taskTypes
+	 * @return Task|null
+	 * @throws Exception
+	 */
+	private function claimWithBoundedRetry(array $taskTypes): ?Task {
+		$taskIdsToIgnore = [];
+		// A handful of attempts is plenty: on SQLite writers are serialised, so at most
+		// a few rows can be claimed out from under us before we either win or run dry.
+		for ($attempt = 0; $attempt < 10; $attempt++) {
+			try {
+				$task = $this->findOldestScheduledByType($taskTypes, $taskIdsToIgnore);
+			} catch (DoesNotExistException) {
+				return null;
+			}
+
+			if ($this->lockTask($task) !== 0) {
+				$task->setStatus(\OCP\TaskProcessing\Task::STATUS_RUNNING);
+				// Record the start time at claim time. lockTask only flips the status (and is
+				// shared with other callers), so persist started_at with a targeted follow-up
+				// UPDATE rather than changing lockTask's behaviour. The worker receives the task
+				// already RUNNING, so Manager::setTaskStatus would otherwise never write it.
+				$startedAt = $this->timeFactory->now()->getTimestamp();
+				$update = $this->db->getQueryBuilder();
+				$update->update($this->tableName)
+					->set('started_at', $update->createPositionalParameter($startedAt, IQueryBuilder::PARAM_INT))
+					->where($update->expr()->eq('id', $update->createPositionalParameter($task->getId(), IQueryBuilder::PARAM_INT)));
+				$update->executeStatement();
+				$task->setStartedAt($startedAt);
+				return $task;
+			}
+
+			// Another worker took it; skip this id and try the next oldest.
+			$taskIdsToIgnore[] = $task->getId();
+		}
+
+		return null;
+	}
+
 	/**
 	 * @param int $id
 	 * @param string|null $userId

lib/private/TaskProcessing/Manager.php

@@ -1341,6 +1341,21 @@ public function getNextScheduledTasks(array $taskTypeIds = [], array $taskIdsToI
 		}
 	}
 
+	#[\Override]
+	public function claimNextScheduledTask(array $taskTypeIds = []): ?Task {
+		try {
+			$taskEntity = $this->taskMapper->claimOldestScheduledTask($taskTypeIds);
+			if ($taskEntity === null) {
+				return null;
+			}
+			return $taskEntity->toPublicTask();
+		} catch (\OCP\DB\Exception $e) {
+			throw new \OCP\TaskProcessing\Exception\Exception('There was a problem claiming the task', previous: $e);
+		} catch (\JsonException $e) {
+			throw new \OCP\TaskProcessing\Exception\Exception('There was a problem parsing JSON after claiming the task', previous: $e);
+		}
+	}
+
 	/**
 	 * Takes task input data and replaces fileIds with File objects
 	 *

lib/public/TaskProcessing/IManager.php

@@ -173,6 +173,22 @@ public function getNextScheduledTask(array $taskTypeIds = [], array $taskIdsToIg
 	 */
 	public function getNextScheduledTasks(array $taskTypeIds = [], array $taskIdsToIgnore = [], int $numberOfTasks = 1): array;
 
+	/**
+	 * Atomically claim the oldest scheduled task of the given task types and mark it RUNNING.
+	 *
+	 * Unlike {@see getNextScheduledTask} (which only fetches) this both selects and
+	 * locks the task in one step, so concurrent workers never claim the same task.
+	 * On databases supporting it this uses SELECT ... FOR UPDATE SKIP LOCKED; on
+	 * SQLite it falls back to a bounded lock-and-retry. The task is only ever
+	 * transitioned SCHEDULED -> RUNNING; it is never marked FAILED by claiming.
+	 *
+	 * @param list<string> $taskTypeIds When non-empty, only tasks of these task type IDs are considered.
+	 * @return Task|null The claimed task (status RUNNING), or null if nothing could be claimed.
+	 * @throws Exception If the query failed
+	 * @since 34.0.0
+	 */
+	public function claimNextScheduledTask(array $taskTypeIds = []): ?Task;
+
 	/**
 	 * @param int $id The id of the task
 	 * @param string|null $userId The user id that scheduled the task

tests/Core/Command/TaskProcessing/WorkerCommandTest.php

@@ -13,7 +13,6 @@
 use OCP\AppFramework\Utility\ITimeFactory;
 use OCP\IAppConfig;
 use OCP\TaskProcessing\Exception\Exception;
-use OCP\TaskProcessing\Exception\NotFoundException;
 use OCP\TaskProcessing\IManager;
 use OCP\TaskProcessing\ISynchronousProvider;
 use OCP\TaskProcessing\Task;
@@ -89,7 +88,7 @@ public function testOnceProcessesOneTask(): void {
 			->willReturn($provider);
 
 		$this->manager->expects($this->once())
-			->method('getNextScheduledTask')
+			->method('claimNextScheduledTask')
 			->with([$taskTypeId])
 			->willReturn($task);
 
@@ -120,7 +119,7 @@ public function testSkipsNonSynchronousProviders(): void {
 			->method('getPreferredProvider');
 
 		$this->manager->expects($this->never())
-			->method('getNextScheduledTask');
+			->method('claimNextScheduledTask');
 
 		$input = new ArrayInput(['--once' => true], $this->command->getDefinition());
 		$output = new NullOutput();
@@ -144,9 +143,9 @@ public function testSkipsNonPreferredProviders(): void {
 			->with($taskTypeId)
 			->willReturn($preferredProvider);
 
-		// provider_a is not preferred (provider_b is), so getNextScheduledTask is never called
+		// provider_a is not preferred (provider_b is), so claimNextScheduledTask is never called
 		$this->manager->expects($this->never())
-			->method('getNextScheduledTask');
+			->method('claimNextScheduledTask');
 
 		$input = new ArrayInput(['--once' => true], $this->command->getDefinition());
 		$output = new NullOutput();
@@ -169,10 +168,11 @@ public function testContinuesWhenNoTaskFound(): void {
 			->with($taskTypeId)
 			->willReturn($provider);
 
+		// The no-task path is now claimNextScheduledTask returning null (not an exception).
 		$this->manager->expects($this->once())
-			->method('getNextScheduledTask')
+			->method('claimNextScheduledTask')
 			->with([$taskTypeId])
-			->willThrowException(new NotFoundException());
+			->willReturn(null);
 
 		$this->manager->expects($this->never())
 			->method('processTask');
@@ -200,13 +200,13 @@ public function testLogsErrorAndContinuesOnException(): void {
 
 		$exception = new Exception('DB error');
 		$this->manager->expects($this->once())
-			->method('getNextScheduledTask')
+			->method('claimNextScheduledTask')
 			->with([$taskTypeId])
 			->willThrowException($exception);
 
 		$this->logger->expects($this->once())
 			->method('error')
-			->with('Unknown error while retrieving scheduled TaskProcessing tasks', ['exception' => $exception]);
+			->with('Unknown error while claiming scheduled TaskProcessing tasks', ['exception' => $exception]);
 
 		$this->manager->expects($this->never())
 			->method('processTask');
@@ -256,9 +256,9 @@ public function testProcessesCorrectProviderForReturnedTaskType(): void {
 				[$taskTypeId2, $provider2],
 			]);
 
-		// All eligible task types are passed in a single query
+		// All eligible task types are passed in a single atomic claim
 		$this->manager->expects($this->once())
-			->method('getNextScheduledTask')
+			->method('claimNextScheduledTask')
 			->with($this->equalTo([$taskTypeId1, $taskTypeId2]))
 			->willReturn($task);
 
@@ -294,7 +294,7 @@ public function testTaskTypesWhitelistFiltersProviders(): void {
 			->willReturn($provider2);
 
 		$this->manager->expects($this->once())
-			->method('getNextScheduledTask')
+			->method('claimNextScheduledTask')
 			->with([$taskTypeId2])
 			->willReturn($task);
 
@@ -323,7 +323,7 @@ public function testTaskTypesWhitelistWithNoMatchingProviders(): void {
 			->method('getPreferredProvider');
 
 		$this->manager->expects($this->never())
-			->method('getNextScheduledTask');
+			->method('claimNextScheduledTask');
 
 		$input = new ArrayInput(['--once' => true, '--taskTypes' => ['type_b']], $this->command->getDefinition());
 		$output = new NullOutput();
@@ -348,7 +348,7 @@ public function testEmptyTaskTypesAllowsAllProviders(): void {
 			->willReturn($provider);
 
 		$this->manager->expects($this->once())
-			->method('getNextScheduledTask')
+			->method('claimNextScheduledTask')
 			->with([$taskTypeId])
 			->willReturn($task);