Fix linux-sandbox actions being killed prematurely when using virtual threads#29007
Open
jjudd wants to merge 1 commit intobazelbuild:masterfrom
Open
Fix linux-sandbox actions being killed prematurely when using virtual threads#29007jjudd wants to merge 1 commit intobazelbuild:masterfrom
jjudd wants to merge 1 commit intobazelbuild:masterfrom
Conversation
github-actions
bot
added
the
awaiting-review
Contributor
Author
|
I didn't add a test with this change becauase I wasn't certain how to test this without the test taking 30+ seconds. Even if folks are open to a 30 second test, that 30 second constant is controlled by the JDK, so the test could be broken by a JDK update that changes it from 30 seconds to some other value. If folks have any idea on how to test this effectively, please let me know and I can add a test for it. |
jjudd
force-pushed
the
jjudd-virtual-thread-linux-sandbox-fix
branch
from
e4aff0e to
ee9c89e
Compare
Collaborator
|
Nice catch! |
Member
|
Nice catch indeed! Would it possible / does it make sense to add a unit test that asserts the ProcessBuilder is called from a platform thread, even the JavaSubprocessFactory.create is called from virtual thread? |
Contributor
Author
|
Good idea. I'll go poke around at that today and see what I can come up with. |
iancha1992
added
the
team-Remote-Exec
… threads This change fixes a bug where linux-sandbox actions that take longer than 30 seconds can be killed prematurely and cause the build to fail. There are two things that contribute to this bug: Part one: When using virtual threads with the JavaSubprocessFactory, the process is forked from the currently running virtual thread's carrier thread. The virtual thread then waits for the subprocess to complete, which causes the carrier thread to detach. If there is no other work for the carrier thread to perform, it becomes idle. If it is idle for long enough it can be killed by the ForkJoinPool it is a member of. The default virtual thread scheduler in JDK 25 uses a ForkJoinPool with an idle TTL of 30 seconds. Part two: The linux-sandbox process sends SIGKILL to the child process when its parent dies. This is setup like so: `prctl(PR_SET_PDEATHSIG, SIGKILL)`. These two things combined cause problems for Bazel builds if you: * Use the linux-sandbox strategy * Use virtual threads via --experimental_async_execution * Have an action which takes longer than 30 seconds to complete If the Bazel server isn't very busy while that 30 second action is running, the parent carrier thread can be killed due to inactivity, which causes the linux-sandbox process to die, which causes the build to fail. This is only an issue if you're using virtual threads. When using platform threads they directly wait on the subprocess to complete. The thread is considered busy while waiting, which prevents it from being killed. This change fixes the issue by always forking from a long-lived platform thread. That way there is no risk of the platform thread being killed prematurely. The fix does so while still enabling the linux-sandbox processes to be properly killed when the Bazel server is killed.
jjudd
force-pushed
the
jjudd-virtual-thread-linux-sandbox-fix
branch
from
ee9c89e to
a414f28
Compare
Contributor
Author
|
I added a test to this PR that asserts the process builder is called from a virtual thread and the forking happens from the correct long-lived platform thread. I think this should be ready for folks to take another look. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This change fixes a bug where
linux-sandboxactions that take longer than 30 seconds can be killed prematurely and cause the build to fail.I created a minimal repro case with instructions for this bug here: https://github.com/lucidsoftware/bazel_virtual_thread_repro
There are two things that contribute to this bug:
Part one:
When using virtual threads with the
JavaSubprocessFactory, the process is forked from the currently running virtual thread's carrier thread. The virtual thread then waits for the subprocess to complete, which causes the carrier thread to detach. If there is no other work for the carrier thread to perform, it becomes idle. If it is idle for long enough it can be killed by theForkJoinPoolit is a member of. The default virtual thread scheduler in JDK 25 uses aForkJoinPoolwith an idle TTL of 30 seconds.Part two:
The
linux-sandboxprocess sendsSIGKILLto the child process when its parent dies. This is setup like so:prctl(PR_SET_PDEATHSIG, SIGKILL).These two things combined cause problems for Bazel builds if you:
linux-sandboxstrategy--experimental_async_executionIf the Bazel server isn't very busy while that 30 second action is running, the parent carrier thread can be killed due to inactivity, which causes the
linux-sandboxprocess to die, which causes the build to fail.This is only an issue if you're using virtual threads. When using platform threads they directly wait on the subprocess to complete. The thread is considered busy while waiting, which prevents it from being killed.
This change fixes the issue by always forking from a long-lived platform thread. That way there is no risk of the platform thread being killed prematurely. The fix does so while still enabling the
linux-sandboxprocesses to be properly killed when the Bazel server is killed.