We have a TLS server using tokio + openssl + tokio-openssl. Sometimes, the process hangs forever and accept queues become full (confirmed using ss -tulpn
).
The result of strace -fp <pid>
:
futex(0x7fda58001c30, FUTEX_WAIT_BITSET_PRIVATE, 5, NULL, FUTEX_BITSET_MATCH_ANY ... unfinished
futex(0x7fda58001c30, FUTEX_WAIT_BITSET_PRIVATE, 2, NULL, FUTEX_BITSET_MATCH_ANY ... unfinished
futex(0x7fda58001c30, FUTEX_WAIT_BITSET_PRIVATE, 5, NULL, FUTEX_BITSET_MATCH_ANY ... unfinished
...
uname -r
5.15.0-56-generic
cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.1 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.1 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
tokio = {version = "1.26", features = ["rt-multi-thread", "macros", "fs", "sync", "net", "io-util", "time"]}
tokio-openssl = "0.6"
openssl = "0.10"
Openssl 3.1.0 is built and linked statically:
./Configure --prefix=${OPENSSL_DIR} --openssldir=${OPENSSL_DIR} enable-weak-ssl-ciphers no-dtls enable-ssl2 enable-ssl3 enable-tls1 enable-tls1_1 enable-tls1_2 enable-tls1_3 no-shared -DOPENSSL_TLS_SECURITY_LEVEL=0
make -j`nproc`
make install_sw
The process is run as a docker container with --net host
.
docker version
Client: Docker Engine - Community
Version: 20.10.21
API version: 1.41
Go version: go1.18.7
Git commit: baeda1f
Built: Tue Oct 25 18:01:58 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.21
API version: 1.41 (minimum version 1.12)
Go version: go1.18.7
Git commit: 3056208
Built: Tue Oct 25 17:59:49 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.9
GitCommit: 1c90a442489720eec95342e1789ee8a5e1b9536f
runc:
Version: 1.1.4
GitCommit: v1.1.4-0-g5fd4c4d
docker-init:
Version: 0.19.0
GitCommit: de40ad0