New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
double free (fasttop) crashes on python 3.11 #10368
Comments
Is this a multi-threaded program? This, unfortunately (and frustratingly) looks like it may be a product of: openssl/openssl#17490 Where effectively the main thread runs its exit handles concurrently with OpenSSL usage by another thread. |
openssl/openssl#17469 is a more involved description of the atexit issue |
And python/cpython#114653 is a cpython thread with a simiilar crash/cause. |
@alex
|
If you're able to wait for other threads to complete before exiting main, that's likely your best bet. Once openssl/openssl@99fb31c is in an OpenSSL release, I think we'll build with it which will solve this issue. Unfortunately I don't have a great suggestion beyond that. |
That feature looks like it’ll be in 3.3, which is scheduled for April. We could conceivably ship it in a hypothetical May release. |
A call to |
We could call the init function, but it's not clear what happens if OpenSSL
has already been initialized when it's called -- this will happen in
basically any case where we're using a system OpenSSL.
…On Sun, Mar 10, 2024 at 5:14 PM Theo Buehler ***@***.***> wrote:
A call to OPENSSL_init_ssl()
<https://www.openssl.org/docs/man3.2/man3/OPENSSL_init_crypto.html>
(which is exposed in rust-openssl) with OPENSSL_INIT_NO_ATEXIT could
solve this. Not sure if it would be acceptable for cryptography to expose
this function or to add it to its init handlers.
—
Reply to this email directly, view it on GitHub
<#10368 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAAGBAVMKD3PDBK5OBDGDLYXTEMPAVCNFSM6AAAAABDADHKR6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSOBXGM3DIOBQGQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
--
All that is necessary for evil to succeed is for good people to do nothing.
|
I don't follow. Automatic library initialization is supposed to happen during the first API call that needs it. Why is that different for a system OpenSSL? Once the atexit handler is registered, it won't be unregistered by subsequent init calls. |
If we're linked against system OpenSSL then Python or other things in process may init before we do. |
@alex |
For us to take advantage of this, it needs to be in an openssl release, not
merely in git.
Our installation documentation describes how to build against an openssl
…On Tue, Mar 19, 2024, 9:13 AM rahulgharpinde ***@***.***> wrote:
@alex <https://github.com/alex>
***@***.***
<openssl/openssl@99fb31c>
to consume this fix, what all dependent packages need to update. And is
there any documentation, which will help us to manually build package to
test fix.
—
Reply to this email directly, view it on GitHub
<#10368 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAAGBGTLOKSOYA3ITV6LNTYZA2XPAVCNFSM6AAAAABDADHKR6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMBXGE2DGNZWGQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Observe multiple crash on python 3.11 environment with cryptography module. We have a cluster environment on which multiple process and monitoring scripts are keep running in a interval. From traceback it is not clear which python code causing this issue intermittently. Need help to debug this issue in detail.
backtrace 1:
backtrace 2:
backtrace 3:
Versions of Python,
cryptography
,pip
, andsetuptools
/opt/VRTSnas/python/venv/bin/pip -V
pip 23.2.1 from /opt/VRTSnas/python/venv/lib64/python3.11/site-packages/pip (python 3.11)
/opt/VRTSnas/python/venv/bin/pip show cryptography
Name: cryptography
Version: 41.0.7
Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Home-page:
Author:
Author-email: The Python Cryptographic Authority and individual contributors cryptography-dev@python.org
License: Apache-2.0 OR BSD-3-Clause
Location: /opt/VRTSnas/python/venv/lib64/python3.11/site-packages
Requires: cffi
Required-by: paramiko, pyOpenSSL
/opt/VRTSnas/python/venv/bin/pip show setuptools
Name: setuptools
Version: 65.5.1
Summary: Easily download, build, install, upgrade, and uninstall Python packages
Home-page: https://github.com/pypa/setuptools
Author: Python Packaging Authority
Author-email: distutils-sig@python.org
License:
Location: /opt/VRTSnas/python/venv/lib64/python3.11/site-packages
Requires:
Required-by:
OpenSSL 1.1.1k FIPS 25 Mar 2021
Red Hat Enterprise Linux release 8.8 (Ootpa)
How you installed
cryptography
:pip install -r requirements.txt
Steps for reproducing your bug :
There are no exact steps to reproduce this issue. Facing this issue intermittently and also not getting exact trace from where this is getting dump.
The text was updated successfully, but these errors were encountered: