Could not move output artifacts from sandboxed execution

[AustinSchuh]

Description of the bug:

I'm getting the following error:

ERROR: /home/austin/local/971-Robot-Code/BUILD:8:22: Extracting npm package pngjs@5.0.0 failed: I/O exception during sandboxed execution: Could not move output artifacts from sandboxed execution

The command which is failing is:

SUBCOMMAND: # //:.aspect_rules_js/node_modules/pngjs@5.0.0/pkg [action 'Extracting npm package pngjs@5.0.0', configuration: 49e96f04a0aa88743eaf8768eee2a9ade7e65a49fe5db58df8a940a3a0f9a35b, execution platform: //tools/platforms:linux_x86, mnemonic: NpmPackageExtract]
(cd /media/austin/a7ea7e92-b2f9-4e20-8134-54e7a3d73a5c/home/austin/.cache/bazel/_bazel_austin/8f2824674f275a56b96be13cdc66e9a4/execroot/org_frc971 && \
  exec env - \
  external/bsd_tar_linux_amd64/tar --extract --no-same-owner --no-same-permissions --strip-components 1 --file external/npm__pngjs__5.0.0/package.tgz --directory bazel-out/k8-opt/bin/node_modules/.aspect_rules_js/pngjs@5.0.0/node_modules/pngjs)

Digging in:

austin[231573] aschuh-3950x /dev/shm/bazel-sandbox.8aaf1503237d2b46ad4a0e5c8239c8c7048fb0dbbee040c344aefd94a2f1a91d/linux-sandbox/20665/execroot/org_frc971
$ tar tvf external/npm__pngjs__5.0.0/package.tgz
drw-rw-rw- 0/0               0 2020-04-15 12:14 package
-rw-rw-rw- 0/0              31 2020-04-15 12:11 package/.eslintignore
-rw-rw-rw- 0/0             320 2020-04-15 12:11 package/.eslintrc.json
-rw-rw-rw- 0/0              43 2020-04-15 12:11 package/.prettierignore
-rw-rw-rw- 0/0          480994 2020-04-15 12:16 package/browser.js
drw-rw-rw- 0/0               0 2020-04-10 04:53 package/coverage
drw-rw-rw- 0/0               0 2020-04-15 12:11 package/lib
-rw-rw-rw- 0/0            1151 2017-04-30 02:34 package/LICENSE
-rw-rw-rw- 0/0            1805 2020-04-15 12:14 package/package.json
-rw-rw-rw- 0/0           13396 2020-04-15 12:13 package/README.md
drw-rw-rw- 0/0               0 2020-04-10 04:53 package/coverage/lcov-report
-rw-rw-rw- 0/0           28336 2020-04-10 04:53 package/coverage/lcov.info
-rw-rw-rw- 0/0            6477 2020-04-15 12:11 package/lib/bitmapper.js
-rw-rw-rw- 0/0            4670 2020-04-15 12:11 package/lib/bitpacker.js
-rw-rw-rw- 0/0            4249 2020-04-15 12:11 package/lib/chunkstream.js
-rw-rw-rw- 0/0             662 2020-04-15 12:11 package/lib/constants.js
-rw-rw-rw- 0/0             853 2020-04-15 12:11 package/lib/crc.js
-rw-rw-rw- 0/0            4279 2020-04-15 12:11 package/lib/filter-pack.js
-rw-rw-rw- 0/0             558 2020-04-15 12:11 package/lib/filter-parse-async.js
-rw-rw-rw- 0/0             483 2020-04-15 12:11 package/lib/filter-parse-sync.js
-rw-rw-rw- 0/0            4798 2020-04-15 12:11 package/lib/filter-parse.js
-rw-rw-rw- 0/0            2329 2020-04-15 12:11 package/lib/format-normaliser.js
-rw-rw-rw- 0/0            2004 2020-04-15 12:11 package/lib/interlace.js

A simple reproducer is:

load("@aspect_bazel_lib//lib:run_binary.bzl", "run_binary")

sh_binary(
    name = "foo_gen",
    srcs = [ 
        "foo_gen.sh",
    ],
)

run_binary(
    name = "foo",
    args = ["$(RULEDIR)"],
    out_dirs = ["pkg"],
    tool = ":foo_gen",
)

with foo_gen.sh being:

OUT="$@/pkg"

rm -rf $OUT

mkdir $OUT
touch $OUT/bar
chmod a-x $OUT

Which category does this issue belong to?

Core

What's the simplest, easiest way to reproduce this bug? Please provide a minimal example if possible.

See above

Which operating system are you running Bazel on?

Debian Bookworm

What is the output of bazel info release?

release 7.1.2rc1

If bazel info release returns development version or (@non-git), tell us how you built Bazel.

No response

What's the output of git remote get-url origin; git rev-parse HEAD ?

No response

Is this a regression? If yes, please try to identify the Bazel commit where the bug was introduced.

I don't know. With bazel 6, the Aspect javascript rules worked, and I'm unable to use them in bazel 7.

Have you found anything relevant by searching the web?

No response

Any other information, logs, or outputs that you want to share?

No response

[AustinSchuh]

FYI, @alexeagle . I don't know if this should be fixed in rules_js or in Bazel (or in both, the error message is pretty unhelpful).

[fmeum]

Could you check whether --noincompatible_sandbox_hermetic_tmp fixes this?

[AustinSchuh]

noincompatible_sandbox_hermetic_tmp

Unfortunately, no.

$ bazel test -c opt //... --noincompatible_sandbox_hermetic_tmp
INFO: Invocation ID: c3732082-ecf0-4c68-b7e6-b398ae21fd07
INFO: Analyzed 5080 targets (0 packages loaded, 0 targets configured).
ERROR: /home/austin/local/971-Robot-Code/BUILD:8:22: Extracting npm package pngjs@5.0.0 failed: I/O exception during sandboxed execution: Could not move output artifacts from sandboxed execution
Use --verbose_failures to see the command lines of failed build steps.

[rahul-roy-glean]

@AustinSchuh Were you able to find a workaround for this ? I'm encountering the same

[AustinSchuh]

I applied the following diff to rules_js: https://github.com/frc971/971-Robot-Code/blob/master/third_party/rules_js/0001-Fix-package-permissions.patch

[tjgq]

@bazel-io fork 7.3.0

[fmeum]

@bazel-io fork 7.2.1

[iancha1992]

A fix for this issue has been included in Bazel 7.2.1 RC2. Please test out the release candidate and report any issues as soon as possible.
If you're using Bazelisk, you can point to the latest RC by setting USE_BAZEL_VERSION=7.2.1rc2. Thanks!