We will acquire the procExecutionLock for a procedure when force updating its state to prevent race with PE worker, but this does not work then the procedure is rolling back.
If a procedure is failed, we will mark the root procedure stack as FAILED, and then start to rollback the whole procedure stack. We will pop every procedure in the stack and try to rollback them. So we may change the state of a procedure without holding its procExecutionLock when rolling back.
This means we may persist an intermediate state of a procedure and cause corruption when loading procedures.