Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: frequent "connection reset by peer" failures in TestVerifyCertificates and other tests on freebsd/amd64 #68155

Closed
dmitshur opened this issue Jun 24, 2024 · 4 comments
Closed

crypto/tls: frequent "connection reset by peer" failures in TestVerifyCertificates and other tests on freebsd/amd64 #68155

dmitshur opened this issue Jun 24, 2024 · 4 comments
Labels
arch-amd64 NeedsFix The path to resolution is known, but the work has not been done. OS-FreeBSD
Milestone
Go1.23

Comments

@dmitshur
Copy link
Contributor

dmitshur commented Jun 24, 2024
edited by FiloSottile
Loading 

#!watchflakes
default <- pkg == "crypto/tls" && test ~ `^TestVerifyCertificates` && `connection reset by peer` && goos == "freebsd"

The legacy builders freebsd-amd64-13_0 and freebsd-amd64-12_3 are frequently failing with "connection reset by peer":

--- FAIL: TestTLS13OnlyClientHelloCipherSuite (0.00s)
    --- FAIL: TestTLS13OnlyClientHelloCipherSuite/empty (0.00s)
        handshake_test.go:425: failed to call cli.Close: close tcp 127.0.0.1:31660->127.0.0.1:64791: connection reset by peer
FAIL
FAIL	crypto/tls	0.431s

--- FAIL: TestTLS13OnlyClientHelloCipherSuite (0.00s)
    --- FAIL: TestTLS13OnlyClientHelloCipherSuite/empty (0.00s)
        handshake_test.go:425: failed to call cli.Close: close tcp 127.0.0.1:37916->127.0.0.1:34439: connection reset by peer
--- FAIL: TestVerifyCertificates (0.01s)
    --- FAIL: TestVerifyCertificates/TLSv13 (0.00s)
        --- FAIL: TestVerifyCertificates/TLSv13/RequireAndVerifyClientCert (0.01s)
            handshake_test.go:425: failed to call cli.Close: close tcp 127.0.0.1:24047->127.0.0.1:34439: connection reset by peer
FAIL
FAIL	crypto/tls	0.381s

For example, see https://build.golang.org/log/259c9ce4acb3f93875a3adf37010f03a1df21523 and https://build.golang.org/log/c3689aa19c83c931dcc6b89757f258dd3a4856f3.

(A builder for freebsd/amd64 isn't available in LUCI yet, see tracking issues #61094 and #61095.)

CC @golang/freebsd.
@dmitshur dmitshur added OS-FreeBSD NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. arch-amd64 labels Jun 24, 2024
@dmitshur dmitshur added this to the Backlog milestone Jun 24, 2024
@gabyhelp
Copy link

Similar Issues

(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)

@joedian joedian added the NeedsFix The path to resolution is known, but the work has not been done. label Jun 26, 2024
@gopherbot gopherbot removed the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Jun 26, 2024
This was referenced Aug 1, 2024
Closed
Closed
Closed
Closed
Closed
@gopherbot
Copy link
Contributor

Found new dashboard test flakes for:

#!watchflakes
default <- pkg == "crypto/tls" && test ~ `^TestVerifyCertificates` && `connection reset by peer` && goos == "freebsd"
2024-06-21 21:01 gotip-freebsd-riscv64 go@0af2148f crypto/tls.TestVerifyCertificates/TLSv12/RequestClientCert_with_no_certs (log) 
=== RUN   TestVerifyCertificates/TLSv12/RequestClientCert_with_no_certs
=== PAUSE TestVerifyCertificates/TLSv12/RequestClientCert_with_no_certs
=== CONT  TestVerifyCertificates/TLSv12/RequestClientCert_with_no_certs
    handshake_test.go:425: failed to call cli.Close: close tcp 127.0.0.1:64036->127.0.0.1:33107: connection reset by peer
--- FAIL: TestVerifyCertificates/TLSv12/RequestClientCert_with_no_certs (0.02s)
2024-06-25 14:29 gotip-freebsd-riscv64 go@b1fd0475 crypto/tls.TestVerifyCertificates/TLSv12/VerifyClientCertIfGiven_with_certs (log) 
=== RUN   TestVerifyCertificates/TLSv12/VerifyClientCertIfGiven_with_certs
=== PAUSE TestVerifyCertificates/TLSv12/VerifyClientCertIfGiven_with_certs
=== CONT  TestVerifyCertificates/TLSv12/VerifyClientCertIfGiven_with_certs
    handshake_test.go:495: failed to call cli.Close: close tcp 127.0.0.1:65153->127.0.0.1:31884: connection reset by peer
--- FAIL: TestVerifyCertificates/TLSv12/VerifyClientCertIfGiven_with_certs (0.26s)
2024-07-01 13:41 gotip-freebsd-riscv64 go@c33144c4 crypto/tls.TestVerifyCertificates/TLSv13/InsecureSkipVerify (log) 
=== RUN   TestVerifyCertificates/TLSv13/InsecureSkipVerify
=== PAUSE TestVerifyCertificates/TLSv13/InsecureSkipVerify
=== CONT  TestVerifyCertificates/TLSv13/InsecureSkipVerify
    handshake_test.go:495: failed to call cli.Close: close tcp 127.0.0.1:23059->127.0.0.1:11489: connection reset by peer
--- FAIL: TestVerifyCertificates/TLSv13/InsecureSkipVerify (0.05s)
2024-07-03 13:03 gotip-freebsd-riscv64 go@71f9dbb1 crypto/tls.TestVerifyCertificates/TLSv12/RequestClientCert_with_no_certs (log) 
=== RUN   TestVerifyCertificates/TLSv12/RequestClientCert_with_no_certs
=== PAUSE TestVerifyCertificates/TLSv12/RequestClientCert_with_no_certs
=== CONT  TestVerifyCertificates/TLSv12/RequestClientCert_with_no_certs
    handshake_test.go:495: failed to call cli.Close: close tcp 127.0.0.1:39020->127.0.0.1:43674: connection reset by peer
--- FAIL: TestVerifyCertificates/TLSv12/RequestClientCert_with_no_certs (0.04s)

watchflakes

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/602615 mentions this issue: crypto/tls: fix testHandshake close flakes

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/602635 mentions this issue: [release-branch.go1.23] crypto/tls: fix testHandshake close flakes

gopherbot pushed a commit that referenced this issue Aug 2, 2024
@FiloSottile @gopherbot
[release-branch.go1.23] crypto/tls: fix testHandshake close flakes
7adb012 
The flakes were introduced by me in CL 586655. It's unclear why only
FreeBSD seems affected, maybe other TCP stacks handle sending on a
half-closed connection differently, or aren't as quick to propagate the
RST over localhost.

Updates #68155

Change-Id: I32a1b474a7d6531dbab93910c23568b867629e8c
Reviewed-on: https://go-review.googlesource.com/c/go/+/602635
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
@dmitshur dmitshur modified the milestones: Backlog, Go1.23 Aug 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
arch-amd64 NeedsFix The path to resolution is known, but the work has not been done. OS-FreeBSD
Projects
Test Flakes
Archived in project
Milestone
Go1.23
Development

No branches or pull requests
4 participants
@dmitshur @gopherbot @joedian @gabyhelp