Prevent starvation bug if using scaling EsThreadPoolExecutor with core pool size = 0 #124732
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
…sk and TimestampFieldMapperService#updateTask
…ToZero if core = 0 / max = 1
| Pinging @elastic/es-core-infra (Team:Core/Infra) |
| Hi @mosche, I've created a changelog YAML for you. Note that since this PR is labelled |
mosche added auto-backport 
DaveCTurner reviewed Mar 13, 2025
There was a problem hiding this comment.
This area just gets more and more mysterious tbh. I'm sure I could reason through it again, given enough time, but still I'd rather we put some effort into describing the overall design and the constraints that mean we cannot just use standard JDK stuff here throughout.
server/src/main/java/org/elasticsearch/threadpool/ScalingExecutorBuilder.java Outdated Show resolved Hide resolved
server/src/main/java/org/elasticsearch/common/util/concurrent/EsExecutors.java Outdated Show resolved Hide resolved
server/src/main/java/org/elasticsearch/common/util/concurrent/EsExecutors.java Show resolved Hide resolved
|
|
| Hi @mosche, I've updated the changelog YAML for you. |
mosche commented Mar 16, 2025
Comment on lines -266 to +271
| return Settings.builder().put("search.default_search_timeout", "5s").build(); | ||
| return Settings.builder() | ||
| .put("search.default_search_timeout", "5s") | ||
| .put("thread_pool.search.size", SEARCH_POOL_SIZE) // customized search pool size, reconfiguring at runtime is unsupported | ||
| .build(); |
There was a problem hiding this comment.
I think that without adjusting the max pool size, we may not be testing what we want to test here, because the creation of slices to parallelize search execution depends on max pool size (as well as other details)
@javanna max (=core) pool size is adjusted by means of above. This is now done deterministically for all tests, previously the change applied to all tests running after testSlicingBehaviourForParallelCollection.
mosche added a commit to mosche/elasticsearch that referenced this pull request Mar 16, 2025
…h core pool size = 0 (elastic#124732) When `ExecutorScalingQueue` rejects work to make the worker pool scale up while already being at max pool size (and a new worker consequently cannot be added), available workers might timeout just about at the same time as the task is then force queued by `ForceQueuePolicy`. This has caused starvation of work as observed for `masterService#updateTask` in elastic#124667 where max pool size 1 is used. This configuration is most likely to expose the bug. This PR changes `EsExecutors.newScaling` to not use `ExecutorScalingQueue` if max pool size is 1 (and core pool size is 0). A regular `LinkedTransferQueue` works perfectly fine in this case. If max pool size > 1, a probing approach is used to ensure the worker pool is adequately scaled to at least 1 worker after force queueing work in `ForceQueuePolicy`. Fixes elastic#124667 Relates to elastic#18613
💔 Backport failed
You can use sqren/backport to manually backport by running |
elasticsearchmachine pushed a commit that referenced this pull request Mar 16, 2025
…h core pool size = 0 (#124732) (#124965) When `ExecutorScalingQueue` rejects work to make the worker pool scale up while already being at max pool size (and a new worker consequently cannot be added), available workers might timeout just about at the same time as the task is then force queued by `ForceQueuePolicy`. This has caused starvation of work as observed for `masterService#updateTask` in #124667 where max pool size 1 is used. This configuration is most likely to expose the bug. This PR changes `EsExecutors.newScaling` to not use `ExecutorScalingQueue` if max pool size is 1 (and core pool size is 0). A regular `LinkedTransferQueue` works perfectly fine in this case. If max pool size > 1, a probing approach is used to ensure the worker pool is adequately scaled to at least 1 worker after force queueing work in `ForceQueuePolicy`. Fixes #124667 Relates to #18613
weizijun added a commit to weizijun/elasticsearch that referenced this pull request Mar 17, 2025
* main: (95 commits) Mute org.elasticsearch.datastreams.lifecycle.DataStreamLifecycleServiceIT testLifecycleAppliedToFailureStore elastic#124999 Merge template mappings properly during validation (elastic#124784) [Build] Rework internal build plugin plugin to work with Isolated Projects (elastic#123461) [Build] Require reason for usesDefaultDistribution (elastic#124707) Mute org.elasticsearch.packaging.test.DockerTests test011SecurityEnabledStatus elastic#124990 Mute org.elasticsearch.xpack.ilm.TimeSeriesDataStreamsIT testRolloverAction elastic#124987 Mute org.elasticsearch.packaging.test.BootstrapCheckTests test10Install elastic#124957 Mute org.elasticsearch.integration.DataStreamLifecycleServiceRuntimeSecurityIT testRolloverLifecycleAndForceMergeAuthorized elastic#124978 Mute org.elasticsearch.xpack.esql.action.CrossClusterAsyncQueryStopIT testStopQuery elastic#124977 Mute org.elasticsearch.xpack.esql.action.CrossClusterAsyncQueryStopIT testStopQueryLocal elastic#121672 Mention zero-window state in networking docs (elastic#124967) Remove remoteAddress field from TransportResponse (elastic#120016) Include failures in partial response (elastic#124929) Prevent work starvation bug if using scaling EsThreadPoolExecutor with core pool size = 0 (elastic#124732) Re-enable analysis stemmer test (elastic#124961) Mute org.elasticsearch.xpack.esql.action.CrossClusterAsyncQueryStopIT testStopQueryLocalNoRemotes elastic#124959 ESQL: Catch parsing exception (elastic#124958) ESQL: Improve error message for ( and [ (elastic#124177) Mute org.elasticsearch.xpack.esql.qa.single_node.EsqlSpecIT test {lookup-join.MvJoinKeyFromRow SYNC} elastic#124951 Mute org.elasticsearch.datastreams.lifecycle.DataStreamLifecycleServiceIT testErrorRecordingOnRetention elastic#124950 ... # Conflicts: # server/src/main/java/org/elasticsearch/index/mapper/vectors/DenseVectorFieldMapper.java # server/src/test/java/org/elasticsearch/index/mapper/vectors/DenseVectorFieldTypeTests.java
| @rjernst for how far back should this be backported? |
| If we can get it to 8.18/8.19 that would be good for long term maintainability. |
mosche added a commit to mosche/elasticsearch that referenced this pull request Mar 18, 2025
…h core pool size = 0 (elastic#124732) When `ExecutorScalingQueue` rejects work to make the worker pool scale up while already being at max pool size (and a new worker consequently cannot be added), available workers might timeout just about at the same time as the task is then force queued by `ForceQueuePolicy`. This has caused starvation of work as observed for `masterService#updateTask` in elastic#124667 where max pool size 1 is used. This configuration is most likely to expose the bug. This PR changes `EsExecutors.newScaling` to not use `ExecutorScalingQueue` if max pool size is 1 (and core pool size is 0). A regular `LinkedTransferQueue` works perfectly fine in this case. If max pool size > 1, a probing approach is used to ensure the worker pool is adequately scaled to at least 1 worker after force queueing work in `ForceQueuePolicy`. Fixes elastic#124667 Relates to elastic#18613 (cherry picked from commit 36874e8) # Conflicts: # test/framework/src/main/java/org/elasticsearch/test/transport/MockTransportService.java
💚 All backports created successfully
Questions ?Please refer to the Backport tool documentation |
mosche added a commit to mosche/elasticsearch that referenced this pull request Mar 18, 2025
…h core pool size = 0 (elastic#124732) When `ExecutorScalingQueue` rejects work to make the worker pool scale up while already being at max pool size (and a new worker consequently cannot be added), available workers might timeout just about at the same time as the task is then force queued by `ForceQueuePolicy`. This has caused starvation of work as observed for `masterService#updateTask` in elastic#124667 where max pool size 1 is used. This configuration is most likely to expose the bug. This PR changes `EsExecutors.newScaling` to not use `ExecutorScalingQueue` if max pool size is 1 (and core pool size is 0). A regular `LinkedTransferQueue` works perfectly fine in this case. If max pool size > 1, a probing approach is used to ensure the worker pool is adequately scaled to at least 1 worker after force queueing work in `ForceQueuePolicy`. Fixes elastic#124667 Relates to elastic#18613 (cherry picked from commit 36874e8) # Conflicts: # test/framework/src/main/java/org/elasticsearch/test/transport/MockTransportService.java
mosche added a commit to mosche/elasticsearch that referenced this pull request Mar 18, 2025
…h core pool size = 0 (elastic#124732) When `ExecutorScalingQueue` rejects work to make the worker pool scale up while already being at max pool size (and a new worker consequently cannot be added), available workers might timeout just about at the same time as the task is then force queued by `ForceQueuePolicy`. This has caused starvation of work as observed for `masterService#updateTask` in elastic#124667 where max pool size 1 is used. This configuration is most likely to expose the bug. This PR changes `EsExecutors.newScaling` to not use `ExecutorScalingQueue` if max pool size is 1 (and core pool size is 0). A regular `LinkedTransferQueue` works perfectly fine in this case. If max pool size > 1, a probing approach is used to ensure the worker pool is adequately scaled to at least 1 worker after force queueing work in `ForceQueuePolicy`. Fixes elastic#124667 Relates to elastic#18613 (cherry picked from commit 36874e8) # Conflicts: # test/framework/src/main/java/org/elasticsearch/test/transport/MockTransportService.java
💚 All backports created successfully
Questions ?Please refer to the Backport tool documentation |
mosche added a commit to mosche/elasticsearch that referenced this pull request Mar 18, 2025
…h core pool size = 0 (elastic#124732) When `ExecutorScalingQueue` rejects work to make the worker pool scale up while already being at max pool size (and a new worker consequently cannot be added), available workers might timeout just about at the same time as the task is then force queued by `ForceQueuePolicy`. This has caused starvation of work as observed for `masterService#updateTask` in elastic#124667 where max pool size 1 is used. This configuration is most likely to expose the bug. This PR changes `EsExecutors.newScaling` to not use `ExecutorScalingQueue` if max pool size is 1 (and core pool size is 0). A regular `LinkedTransferQueue` works perfectly fine in this case. If max pool size > 1, a probing approach is used to ensure the worker pool is adequately scaled to at least 1 worker after force queueing work in `ForceQueuePolicy`. Fixes elastic#124667 Relates to elastic#18613 (cherry picked from commit 36874e8) # Conflicts: # server/src/main/java/org/elasticsearch/threadpool/ScalingExecutorBuilder.java # test/framework/src/main/java/org/elasticsearch/test/transport/MockTransportService.java
elasticsearchmachine pushed a commit that referenced this pull request Mar 18, 2025
…h core pool size = 0 (#124732) (#125066) When `ExecutorScalingQueue` rejects work to make the worker pool scale up while already being at max pool size (and a new worker consequently cannot be added), available workers might timeout just about at the same time as the task is then force queued by `ForceQueuePolicy`. This has caused starvation of work as observed for `masterService#updateTask` in #124667 where max pool size 1 is used. This configuration is most likely to expose the bug. This PR changes `EsExecutors.newScaling` to not use `ExecutorScalingQueue` if max pool size is 1 (and core pool size is 0). A regular `LinkedTransferQueue` works perfectly fine in this case. If max pool size > 1, a probing approach is used to ensure the worker pool is adequately scaled to at least 1 worker after force queueing work in `ForceQueuePolicy`. Fixes #124667 Relates to #18613 (cherry picked from commit 36874e8) # Conflicts: # test/framework/src/main/java/org/elasticsearch/test/transport/MockTransportService.java
mosche added a commit that referenced this pull request Mar 18, 2025
…h core pool size = 0 (#124732) (#125067) When `ExecutorScalingQueue` rejects work to make the worker pool scale up while already being at max pool size (and a new worker consequently cannot be added), available workers might timeout just about at the same time as the task is then force queued by `ForceQueuePolicy`. This has caused starvation of work as observed for `masterService#updateTask` in #124667 where max pool size 1 is used. This configuration is most likely to expose the bug. This PR changes `EsExecutors.newScaling` to not use `ExecutorScalingQueue` if max pool size is 1 (and core pool size is 0). A regular `LinkedTransferQueue` works perfectly fine in this case. If max pool size > 1, a probing approach is used to ensure the worker pool is adequately scaled to at least 1 worker after force queueing work in `ForceQueuePolicy`. Fixes #124667 Relates to #18613 (cherry picked from commit 36874e8) # Conflicts: # test/framework/src/main/java/org/elasticsearch/test/transport/MockTransportService.java
elasticsearchmachine pushed a commit that referenced this pull request Mar 18, 2025
…tor with core pool size = 0 (#124732) (#125069) * Prevent work starvation bug if using scaling EsThreadPoolExecutor with core pool size = 0 (#124732) When `ExecutorScalingQueue` rejects work to make the worker pool scale up while already being at max pool size (and a new worker consequently cannot be added), available workers might timeout just about at the same time as the task is then force queued by `ForceQueuePolicy`. This has caused starvation of work as observed for `masterService#updateTask` in #124667 where max pool size 1 is used. This configuration is most likely to expose the bug. This PR changes `EsExecutors.newScaling` to not use `ExecutorScalingQueue` if max pool size is 1 (and core pool size is 0). A regular `LinkedTransferQueue` works perfectly fine in this case. If max pool size > 1, a probing approach is used to ensure the worker pool is adequately scaled to at least 1 worker after force queueing work in `ForceQueuePolicy`. Fixes #124667 Relates to #18613 (cherry picked from commit 36874e8) # Conflicts: # server/src/main/java/org/elasticsearch/threadpool/ScalingExecutorBuilder.java # test/framework/src/main/java/org/elasticsearch/test/transport/MockTransportService.java * remove timeout * [CI] Auto commit changes from spotless --------- Co-authored-by: elasticsearchmachine <infra-root+elasticsearchmachine@elastic.co>
mosche added a commit that referenced this pull request Mar 18, 2025
…tor with core pool size = 0 (#124732) (#125068) When `ExecutorScalingQueue` rejects work to make the worker pool scale up while already being at max pool size (and a new worker consequently cannot be added), available workers might timeout just about at the same time as the task is then force queued by `ForceQueuePolicy`. This has caused starvation of work as observed for `masterService#updateTask` in #124667 where max pool size 1 is used. This configuration is most likely to expose the bug. This PR changes `EsExecutors.newScaling` to not use `ExecutorScalingQueue` if max pool size is 1 (and core pool size is 0). A regular `LinkedTransferQueue` works perfectly fine in this case. If max pool size > 1, a probing approach is used to ensure the worker pool is adequately scaled to at least 1 worker after force queueing work in `ForceQueuePolicy`. Fixes #124667 Relates to #18613
DaveCTurner added a commit to DaveCTurner/elasticsearch that referenced this pull request Mar 24, 2025
…utor with core pool size = 0 (elastic#124732)" This reverts commit 36874e8.
omricohenn pushed a commit to omricohenn/elasticsearch that referenced this pull request Mar 28, 2025
…h core pool size = 0 (elastic#124732) When `ExecutorScalingQueue` rejects work to make the worker pool scale up while already being at max pool size (and a new worker consequently cannot be added), available workers might timeout just about at the same time as the task is then force queued by `ForceQueuePolicy`. This has caused starvation of work as observed for `masterService#updateTask` in elastic#124667 where max pool size 1 is used. This configuration is most likely to expose the bug. This PR changes `EsExecutors.newScaling` to not use `ExecutorScalingQueue` if max pool size is 1 (and core pool size is 0). A regular `LinkedTransferQueue` works perfectly fine in this case. If max pool size > 1, a probing approach is used to ensure the worker pool is adequately scaled to at least 1 worker after force queueing work in `ForceQueuePolicy`. Fixes elastic#124667 Relates to elastic#18613
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
This PR changes
EsExecutors.newScalingto not useExecutorScalingQueueif max pool size is 1 or equals core pool size and rather use a regularLinkedTransferQueue. This fixes the known cases of #124667.The critical configuration having caused Scaling EsExecutors with core size 0 might starve work due to missing workers #124667 in
masterService#updateTask(and similar) is core pool size = 0 and max pool size = 1. After rejecting a task offer inExecutorScalingQueuewhile being at max pool size (of 1) so that a new worker cannot be added. This worker might timeout just about at the same time the task is then force queued viaForceQueuePolicy, causing it to starve on the queue until forever (or another task is submitted).If core pool size = max pool size,
ExecutorScalingQueuebehaves the same as a regularLinkedTransferQueue. While this isn't affected by the bug, we shouldn't be usingExecutorScalingQueueunless explicitly required to scale up until max pool size.If max pool size > 1, a probing approach is used to ensure the worker pool is adequately scaled to at least 1 worker after force queueing work in
ForceQueuePolicy.Note, at the core this issue arises from using unbounded queues with scaling executors. As explained in further details in the Javadocs this requires error-prone customizations rather than relying on solid and proven JDK impls. #18613 captures necessary, but long outstanding improvements.
Additionally, validation of
thread_poolsettings was improved inScalingExecutorBuilder, enforcing:These are non-breaking improvements. Invalid values previously resulted in a cryptic
IllegalArgumentExceptionwhen initializing the thread pool and prevented a node to start.Relates to ES-10640