Fix for unexpected socket closures and data leakage under heavy load #646
Conversation
| # libuv will make socket non-blocking | ||
| tr._open(sock.fileno()) | ||
| tr._open(sockfd) |
There was a problem hiding this comment.
The approach looks correct -- but I'm wondering how vanilla asyncio handles the same thing?
There was a problem hiding this comment.
I think vanilla asyncio has an easier problem in that it can just have python sockets "all the way down", so just let reference counting take care of cleanup, while here we need to manage the disconnect with libuv dealing in file descriptors. I am suspecting there is some error handling path where a file descriptor is closed while the python socket object remains alive and not detached, so when it is finally closed, it messes up any new socket that happens to have the same file descriptor.
e.g. create socket s, call a loop method passing in an explicit socket, <bad error path which will end with sock.close()> overlapping with an .accept. I think the .accept never results in a python socket object being created.
So with the methods accepting sockets and other methods that internally work directly in file descriptors can there be a discrepancy?
|
@todddialpad very nice! Do you know does it help with the other issue #506 which seems to be also related to incorrect sharing of sockets etc? Any possibility to add some test here? |
I am trying to get a stable test. It is tricky because it is a race condition, if my guess is correct. I think it is a race if TLS negotiation during a call to So if this is the case, I don't think this will fix issue #506 , which could be a similar but different root cause. |
Ok I see, the linked issue was also concerning as it looked as it was trying to write data into some incorrect socket. The error was also something we observed at similar time instances when we observed the response data getting leaked to incorrect requests. But we dont know is that issue actually related to the data leakage or just something else. (These RuntimeErrors dont happen with vanilla asyncio) |
I still haven't been able to isolate a standalone, self-contained test. The test environment in which I generated the same error we see in production involves 2 VMs with significant network latency between them. The first of the VMs is just a web server, the second is a web server that accepts requests, and then makes outgoing client requests (using aiohttp) to the first webserver with TLS and a short timeout (around 1 second). With this setup, I quite reliably get a failure within 250 connections. When I run with this patch applied, I have never had a failure in 20,000 connections. We have also run this in our production environment. When we first encountered this failure, we hit it within 1 hour of using aiohttp >= 3.10. Since running with this patch we have been running for 5 days with no failures. |
|
Is accepting this blocked on the tests that are failing? I don't think those failures are related to this change, as they are also failing for PR #644, which is solely a documentation change. I looked at the test logs and I would guess that a dependency is causing the changed results. Related to this, I notice that in the failing tests, and alpha release of Cython 3.1 is being used ( |
|
Hello everyone. Did i think right that this MR fix issues below? "RuntimeError: File descriptor 2877 is used by transport <TCPTransport closed=False reading=True 0x55b8dc9baa90>" |
|
Hello everyone :) Like many other users of this library, I would be happy for this fix to be implemented in one of the upcoming releases. |
|
We added a workaround for this issue in aio-libs/aiohttp#10464 but its causing issues when using with asyncio SelectorEventLoop aio-libs/aiohttp#10617 so we will likely be reverting it and waiting for this PR instead |
…10464 fixes #10617 alternative fix is MagicStack/uvloop#646
…10464 (#10656) Reverts #10464 While this change improved the situation for uvloop users, it caused a regression with `SelectorEventLoop` (issue #10617) The alternative fix is MagicStack/uvloop#646 (not merged at the time of this PR) issue #10617 appears to be very similar to python/cpython@d5aeccf If someone can come up with a working reproducer for #10617 we can revisit this. cc @top-oai Minimal implementation that shows on cancellation the socket is cleaned up without the explicit `close` #10617 (comment) so this should be unneeded unless I've missed something (very possible with all the moving parts here) ## Related issue number fixes #10617
…10464 (#10656) Reverts #10464 While this change improved the situation for uvloop users, it caused a regression with `SelectorEventLoop` (issue #10617) The alternative fix is MagicStack/uvloop#646 (not merged at the time of this PR) issue #10617 appears to be very similar to python/cpython@d5aeccf If someone can come up with a working reproducer for #10617 we can revisit this. cc @top-oai Minimal implementation that shows on cancellation the socket is cleaned up without the explicit `close` #10617 (comment) so this should be unneeded unless I've missed something (very possible with all the moving parts here) ## Related issue number fixes #10617 (cherry picked from commit 06db052)
…10464 (#10656) Reverts #10464 While this change improved the situation for uvloop users, it caused a regression with `SelectorEventLoop` (issue #10617) The alternative fix is MagicStack/uvloop#646 (not merged at the time of this PR) issue #10617 appears to be very similar to python/cpython@d5aeccf If someone can come up with a working reproducer for #10617 we can revisit this. cc @top-oai Minimal implementation that shows on cancellation the socket is cleaned up without the explicit `close` #10617 (comment) so this should be unneeded unless I've missed something (very possible with all the moving parts here) ## Related issue number fixes #10617 (cherry picked from commit 06db052)
…'s a failure in start_connection() #10464 (#10657) **This is a backport of PR #10656 as merged into master (06db052).** Reverts #10464 While this change improved the situation for uvloop users, it caused a regression with `SelectorEventLoop` (issue #10617) The alternative fix is MagicStack/uvloop#646 (not merged at the time of this PR) issue #10617 appears to be very similar to python/cpython@d5aeccf If someone can come up with a working reproducer for #10617 we can revisit this. cc @top-oai Minimal implementation that shows on cancellation the socket is cleaned up without the explicit `close` #10617 (comment) so this should be unneeded unless I've missed something (very possible with all the moving parts here) ## Related issue number fixes #10617 Co-authored-by: J. Nick Koston <[email protected]>
|
Hey! I noticed that |
|
You can pin to a yanked version. |
|
I folks Wonder if their is a fix Our setup |
|
Pinning to |
Just a heads-up: if you're using the default asyncio event loop (typically Ideally, we were hoping this PR would be merged to avoid relying on workarounds in |
|
Can we please prioritize this PR, it seems to be impacting many users |
|
@fantix thanks for having a look at this. I am not sure what to make of the test failures. The failures seem to be all related to Unix transports and subprocess transports. The PR only should affect TCP transports. I'm trying to repro. My dev environment is Ubuntu / py3.12, and the tests that are failing here are passing there. For example: Do you have any ideas on how to proceed? |
|
They are breaking in the debug build, maybe try this: uvloop/.github/workflows/tests.yml Lines 68 to 71 in 96b7ed3 |
Yes, I get the failures with the debug build, good eye. Thanks. I have instrumented the changed code, and in a failing test, the modifications never even run (which makes sense since the test isn't creating any TCP connections). I have built without this patch, and still see the failures with the debug build. So, could an upstream dependency have broken the debug build? |
Since the last successful test run, the following upstream dependencies have changed: I rebuilt using Cython-3.0.12 and the tests passed. Would a manual execution of the tests on the main branch still pass (assuming it will grab Cython 3.1.0)? |
I forked the main branch and tried running the tests. It fails with Cython 3.1.0. I pinned Cython to < 3.1.0 and the tests pass. I included this PR, and with the pinned Cython, all tests pass. So I believe this PR could be merged. I created an issue for Cython 3.1.0 #677 . |
|
Hi checking back on this, any ETA on when it would be merged |
WalkthroughThis update refines the management of socket file descriptors in the Loop class when creating new TCP transports. By detaching the file descriptor from the socket and transferring ownership directly to the transport, the code ensures clearer resource management and eliminates unnecessary references to the original socket object. This change clarifies the lifecycle and responsibility for the socket's file descriptor within the transport implementation. Changes
Sequence DiagramThis diagram shows the interactions between components: sequenceDiagram
title Socket File Descriptor Handling in TCP Transport
participant Client
participant EventLoop as "Event Loop"
participant TCPTransport
participant Socket
participant Protocol
Client->>EventLoop: Create connection
activate EventLoop
EventLoop->>TCPTransport: new(self, protocol, None, waiter, context)
activate TCPTransport
Note over EventLoop,TCPTransport: Before PR: Used sock.fileno() directly
Note over EventLoop,TCPTransport: After PR: Takes ownership of file descriptor
EventLoop->>Socket: detach()
activate Socket
Socket-->>EventLoop: sockfd (file descriptor)
deactivate Socket
EventLoop->>TCPTransport: _open(sockfd)
Note right of TCPTransport: Uses detached file descriptor
TCPTransport->>TCPTransport: _init_protocol()
EventLoop->>EventLoop: await waiter
alt Exception occurs
EventLoop->>TCPTransport: _close()
TCPTransport-->>EventLoop: Exception propagated
else Success
Note over EventLoop,TCPTransport: Before PR: Called _attach_fileobj(sock)
Note over EventLoop,TCPTransport: After PR: This call was removed
alt ssl is True
EventLoop->>Protocol: _get_app_transport(context)
Protocol-->>EventLoop: app_transport
end
end
deactivate TCPTransport
deactivate EventLoop
Note for WindsurfPlease change the default marketplace provider to the following in the windsurf settings:Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts belowEmoji Descriptions:
Interact with the Bot:
Also you can trigger various commands with the bot by doing The current supported commands are
More commands to be added soon. |
This is to address issue #645 and in aiohttp/aiohappyeyeballs#93 and aiohttp/aiohappyeyeballs#112