[release-4.18] OCPBUGS-61773: UPSTREAM: <carry>: backporting fix for concurrent map iteration and write #2456

[tjungblu]

manual cherry pick from #2456

[openshift-ci-robot]

@tjungblu: This pull request references Jira Issue OCPBUGS-61773, which is invalid:

• expected Jira Issue OCPBUGS-61773 to depend on a bug targeting a version in 4.19.0, 4.19.z and in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but no dependents were found

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

manual cherry pick from #2456

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@tjungblu: the contents of this pull request could not be automatically validated.

The following commits are valid:

• 05f9af2|UPSTREAM: 131725: Avoid encoding in LogResponseObject when we are not going to use it: the upstream PR kubernetes/kubernetes#131725 has merged
• 4e0cd27|UPSTREAM: 129472: Fix API server crash on concurrent map iteration and write: the upstream PR kubernetes/kubernetes#129472 has merged
• ca7d0f5|UPSTREAM: 131694: Eliminate AuditContext`s SetEventLevel: the upstream PR kubernetes/kubernetes#131694 has merged

The following commits could not be validated and must be approved by a top-level approver:

• 824d4bd|UPSTREAM: : Fix tests after backport: does not specify an upstream backport in the commit message

Comment /validate-backports to re-evaluate validity of the upstream PRs, for example when they are merged upstream.

[tjungblu]

/jira refresh

[openshift-ci-robot]

@tjungblu: This pull request references Jira Issue OCPBUGS-61773, which is valid. The bug has been moved to the POST state.

7 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.18.z) matches configured target version for branch (4.18.z)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)
• release note text is set and does not match the template
• dependent bug Jira Issue OCPBUGS-61488 is in the state Closed (Done), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
• dependent Jira Issue OCPBUGS-61488 targets the "4.19.z" version, which is one of the valid target versions: 4.19.0, 4.19.z
• bug has dependents

Requesting review from QA contact:
/cc @wangke19

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[tjungblu]

/cherry-pick release-4.17 release-4.16

[openshift-cherrypick-robot]

@tjungblu: once the present PR merges, I will cherry-pick it on top of release-4.17 in a new PR and assign it to you.

In response to this:

/cherry-pick release-4.17 release-4.16

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci-robot]

@tjungblu: the contents of this pull request could not be automatically validated.

The following commits are valid:

• 05f9af2|UPSTREAM: 131725: Avoid encoding in LogResponseObject when we are not going to use it: the upstream PR kubernetes/kubernetes#131725 has merged
• 4e0cd27|UPSTREAM: 129472: Fix API server crash on concurrent map iteration and write: the upstream PR kubernetes/kubernetes#129472 has merged
• ca7d0f5|UPSTREAM: 131694: Eliminate AuditContext`s SetEventLevel: the upstream PR kubernetes/kubernetes#131694 has merged

The following commits could not be validated and must be approved by a top-level approver:

• 824d4bd|UPSTREAM: : Fix tests after backport: does not specify an upstream backport in the commit message
• e4d7269|UPSTREAM: : Fix import after backporting: does not specify an upstream backport in the commit message

Comment /validate-backports to re-evaluate validity of the upstream PRs, for example when they are merged upstream.

[p0lyn0mial]

/assign @benluddy

@benluddy since you reviewed the original PR please take a look at this backport.

@tjungblu could you point out code/conflicts you had to resolve for this PR?

[openshift-ci-robot]

@tjungblu: the contents of this pull request could not be automatically validated.

The following commits are valid:

• 30f86a7|UPSTREAM: 131725: Avoid encoding in LogResponseObject when we are not going to use it: the upstream PR kubernetes/kubernetes#131725 has merged
• b0653ec|UPSTREAM: 131694: Eliminate AuditContext`s SetEventLevel: the upstream PR kubernetes/kubernetes#131694 has merged
• f8cdcc5|UPSTREAM: 129472: Fix API server crash on concurrent map iteration and write: the upstream PR kubernetes/kubernetes#129472 has merged

The following commits could not be validated and must be approved by a top-level approver:

• 9cba7c9|UPSTREAM: : manually resolve conflict: does not specify an upstream backport in the commit message
• db79b55|UPSTREAM: : Fix tests after backport: does not specify an upstream backport in the commit message

Comment /validate-backports to re-evaluate validity of the upstream PRs, for example when they are merged upstream.

[openshift-ci-robot]

@tjungblu: the contents of this pull request could not be automatically validated.

The following commits are valid:

• 17140b9|UPSTREAM: 131725: Avoid encoding in LogResponseObject when we are not going to use it: the upstream PR kubernetes/kubernetes#131725 has merged
• 81ac17a|UPSTREAM: 131694: Eliminate AuditContext`s SetEventLevel: the upstream PR kubernetes/kubernetes#131694 has merged
• f8cdcc5|UPSTREAM: 129472: Fix API server crash on concurrent map iteration and write: the upstream PR kubernetes/kubernetes#129472 has merged

The following commits could not be validated and must be approved by a top-level approver:

• fe126dd|UPSTREAM: : Fix tests after backport: does not specify an upstream backport in the commit message

Comment /validate-backports to re-evaluate validity of the upstream PRs, for example when they are merged upstream.

[tjungblu]

for future readers, there was only a conflict due to the rename in the import statements in
81ac17a#diff-55552a46d72acba9b3fccf5ab187a900f999b1be776643c3a7f8c4bb5180c510L34

We have squashed this into the same commit.

[p0lyn0mial]

/lgtm
/approve
/label backport-risk-assessed

[p0lyn0mial]

/remove-label backports/unvalidated-commits

[wangke19]

/verified by @wangke19
Checkout the code branch and run unit test TestAuditBackendRaceCondition with the race detector for verification:

 $ go test -race ./staging/src/k8s.io/apiserver/pkg/endpoints/filters -run TestAuditBackendRaceCondition -v 
=== RUN   TestAuditBackendRaceCondition
=== RUN   TestAuditBackendRaceCondition/log_audit_backend
=== RUN   TestAuditBackendRaceCondition/buffered_audit_backend
=== RUN   TestAuditBackendRaceCondition/webhook_audit_backend
=== RUN   TestAuditBackendRaceCondition/union_audit_backend
--- PASS: TestAuditBackendRaceCondition (120.04s)
    --- PASS: TestAuditBackendRaceCondition/log_audit_backend (30.02s)
    --- PASS: TestAuditBackendRaceCondition/buffered_audit_backend (30.00s)
    --- PASS: TestAuditBackendRaceCondition/webhook_audit_backend (30.00s)
    --- PASS: TestAuditBackendRaceCondition/union_audit_backend (30.01s)
PASS
ok  	k8s.io/apiserver/pkg/endpoints/filters	121.124s

[openshift-ci-robot]

@wangke19: This PR has been marked as verified by @wangke19.

In response to this:

/verified by @wangke19
Checkout the code branch and run unit test TestAuditBackendRaceCondition with the race detector for verification:

$ go test -race ./staging/src/k8s.io/apiserver/pkg/endpoints/filters -run TestAuditBackendRaceCondition -v 
=== RUN   TestAuditBackendRaceCondition
=== RUN   TestAuditBackendRaceCondition/log_audit_backend
=== RUN   TestAuditBackendRaceCondition/buffered_audit_backend
=== RUN   TestAuditBackendRaceCondition/webhook_audit_backend
=== RUN   TestAuditBackendRaceCondition/union_audit_backend
--- PASS: TestAuditBackendRaceCondition (120.04s)
   --- PASS: TestAuditBackendRaceCondition/log_audit_backend (30.02s)
   --- PASS: TestAuditBackendRaceCondition/buffered_audit_backend (30.00s)
   --- PASS: TestAuditBackendRaceCondition/webhook_audit_backend (30.00s)
   --- PASS: TestAuditBackendRaceCondition/union_audit_backend (30.01s)
PASS
ok  	k8s.io/apiserver/pkg/endpoints/filters	121.124s

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[wangke19]

It's not too late yet. verify-commits encounters error:

INFO[2025-10-21T13:47:42Z] commitchecker verson v0.0.0-unknown-c3556e1
default options: {Start:main End:HEAD ConfigFile:./commitchecker.yaml FetchMode:https}
post-argument options: {Start:0ee04c7e38c5c04c6ca854ce4a095d58d3ea6c53 End:HEAD ConfigFile:./commitchecker.yaml FetchMode:https}
panic: runtime error: invalid memory address or nil pointer dereference

[wangke19]

/test verify-commits

[openshift-ci]

@tjungblu: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/okd-scos-e2e-aws-ovn	fe126dd	link	false	/test okd-scos-e2e-aws-ovn

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[wangke19]

It's not too late yet. verify-commits encounters error:

INFO[2025-10-21T13:47:42Z] commitchecker verson v0.0.0-unknown-c3556e1
default options: {Start:main End:HEAD ConfigFile:./commitchecker.yaml FetchMode:https}
post-argument options: {Start:0ee04c7e38c5c04c6ca854ce4a095d58d3ea6c53 End:HEAD ConfigFile:./commitchecker.yaml FetchMode:https}
panic: runtime error: invalid memory address or nil pointer dereference

Re-running won't solve the problem, not a falke.

[tjungblu]

oof - do you know who the owner of this commit checker is?

[wangke19]

oof - do you know who the owner of this commit checker is?

They are https://github.com/openshift/build-machinery-go/blob/master/OWNERS

[tjungblu]

@tmshort you seem to be already debugging this somehow:
openshift/build-machinery-go#108

any idea?

debugging it locally, it seems to "work":

commitchecker verson unknown
default options: {Start:main End:HEAD ConfigFile:./commitchecker.yaml FetchMode:https}
post-argument options: {Start:0ee04c7e38c5c04c6ca854ce4a095d58d3ea6c53 End:HEAD ConfigFile:./commitchecker.yaml FetchMode:https}
config: <nil>
running: /usr/bin/git log --no-merges --oneline --ancestry-path 0ee04c7e38c5c04c6ca854ce4a095d58d3ea6c53..HEAD
Validating 0 commits between 0ee04c7e38c5c04c6ca854ce4a095d58d3ea6c53...HEAD

Process finished with the exit code 0

it should probably validate a few commits and there's obviously no config file

[wangke19]

@tmshort you seem to be already debugging this somehow: openshift/build-machinery-go#108

any idea?

debugging it locally, it seems to "work":

commitchecker verson unknown
default options: {Start:main End:HEAD ConfigFile:./commitchecker.yaml FetchMode:https}
post-argument options: {Start:0ee04c7e38c5c04c6ca854ce4a095d58d3ea6c53 End:HEAD ConfigFile:./commitchecker.yaml FetchMode:https}
config: <nil>
running: /usr/bin/git log --no-merges --oneline --ancestry-path 0ee04c7e38c5c04c6ca854ce4a095d58d3ea6c53..HEAD
Validating 0 commits between 0ee04c7e38c5c04c6ca854ce4a095d58d3ea6c53...HEAD

Process finished with the exit code 0

it should probably validate a few commits and there's obviously no config file

Raised one PR to fix it openshift/build-machinery-go#110

[tjungblu]

maybe the question is, where is the config file gone to? 🤣

[wangke19]

/payload-job-with-prs pull-ci-openshift-kubernetes-release-4.18-verify-commits openshift/build-machinery-go#/110

[openshift-ci]

@wangke19: An error was encountered. No known errors were detected, please see the full error message for details.

Full error message.

unable to get additional pr info from string: openshift/build-machinery-go#/110: string: openshift/build-machinery-go#/110 doesn't match expected format: org/repo#number

Please contact an administrator to resolve this issue.

[wangke19]

/payload-job-with-prs pull-ci-openshift-kubernetes-release-4.18-verify-commits openshift/build-machinery-go#110

[openshift-ci]

@wangke19: trigger 0 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

[wangke19]

maybe the question is, where is the config file gone to? 🤣

Yes, Need the repo's owner to take a look.

[wangke19]

/testwith pull-ci-openshift-kubernetes-release-4.18-verify-commits openshift/build-machinery-go#110

[openshift-ci]

@wangke19, testwith: Error processing request. ERROR:

could not determine job runs: requested job is invalid. needs to be formatted like: <org>/<repo>/<branch>/<variant?>/<job>. instead it was: pull-ci-openshift-kubernetes-release-4.18-verify-commits

[wangke19]

/payload-aggregate-with-prs openshift/build-machinery-go#110

[openshift-ci]

@wangke19: it appears that you have attempted to use some version of the payload command, but your comment was incorrectly formatted and cannot be acted upon. See the docs for usage info.

[wangke19]

/payload-job-with-prs verify-commits openshift/build-machinery-go#110

[openshift-ci]

@wangke19: trigger 0 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

[tjungblu]

/retest-required

[openshift-ci-robot]

@tjungblu: Jira Issue Verification Checks: Jira Issue OCPBUGS-61773
✔️ This pull request was pre-merge verified.
✔️ All associated pull requests have merged.
✔️ All associated, merged pull requests were pre-merge verified.

Jira Issue OCPBUGS-61773 has been moved to the MODIFIED state and will move to the VERIFIED state when the change is available in an accepted nightly payload. 🕓

In response to this:

manual cherry pick from #2456

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-cherrypick-robot]

@tjungblu: new pull request created: #2496

In response to this:

/cherry-pick release-4.17 release-4.16

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-merge-robot]

Fix included in accepted release 4.18.0-0.nightly-2025-10-24-003421