Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-45931

Go 1.22 built binaries fail to load OpenSSL in FIPS mode

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-9.5
    • golang
    • None
    • sst_pt_llvm_rust_go
    • ssg_platform_tools
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      aws-e2e-fips jobs are failing in OpenShift 4.17 CI which uses golang-1.22.4-2.el9 for all builds

       I0702 12:59:08.463495 918 exec_util.go:62] ExecWithOptions: Clientset creation
  I0702 12:59:08.463584 918 exec_util.go:79] ExecWithOptions: execute(POST https://api.ci-op-2f9tt8hz-c09c5.aws-2.ci.openshift.org:6443/api/v1/namespaces/e2e-nettest-4149/pods/test-container-pod/exec?command=%2Fbin%2Fsh&command=-c&command=curl+-g+-q+-s+%27http%3A%2F%2F10.131.2.46%3A9080%2Fdial%3Frequest%3Dhostname%26protocol%3Dhttp%26host%3D172.30.174.197%26port%3D80%26tries%3D1%27&container=webserver&container=webserver&stderr=true&stdout=true)
  I0702 12:59:09.115444 918 utils.go:322] GetResponseFromContainer: failed to execute "curl -g -q -s 'http://10.131.2.46:9080/dial?request=hostname&protocol=http&host=172.30.174.197&port=80&tries=1'": command terminated with exit code 255, stdout: "", stderr: "panic: opensslcrypto: can't initialize OpenSSL : openssl: can't retrieve OpenSSL version\n\ngoroutine 1 gp=0xc0000061c0 m=0 mp=0x5624967521e0 [running]:\npanic({0x562496366800?, 0xc00002ee10?})\n\t/usr/lib/golang/src/runtime/panic.go:779 +0x158 fp=0xc0000ffce0 sp=0xc0000ffc30 pc=0x562495ea2598\ncrypto/internal/backend.init.0()\n\t/usr/lib/golang/src/crypto/internal/backend/openssl.go:66 +0x29a fp=0xc0000ffe20 sp=0xc0000ffce0 pc=0x5624960af4fa\nruntime.doInit1(0x56249673a310)\n\t/usr/lib/golang/src/runtime/proc.go:7176 +0xea fp=0xc0000fff50 sp=0xc0000ffe20 pc=0x562495eb452a\nruntime.doInit(...)\n\t/usr/lib/golang/src/runtime/proc.go:7143\nruntime.main()\n\t/usr/lib/golang/src/runtime/proc.go:253 +0x357 fp=0xc0000fffe0 sp=0xc0000fff50 pc=0x562495ea5c77\nruntime.goexit({})\n\t/usr/lib/golang/src/runtime/asm_amd64.s:1695 +0x1 fp=0xc0000fffe8 sp=0xc0000fffe0 pc=0x562495ed8ec1\n\ngoroutine 2 gp=0xc000006c40 m=nil [force gc (idle)]:\nruntime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?)\n\t/usr/lib/golang/src/runtime/proc.go:402 +0xce fp=0xc00004afa8 sp=0xc00004af88 pc=0x562495ea5fee\nruntime.goparkunlock(...)\n\t/usr/lib/golang/src/runtime/proc.go:408\nruntime.forcegchelper()\n\t/usr/lib/golang/src/runtime/proc.go:326 +0xb8 fp=0xc00004afe0 sp=0xc00004afa8 pc=0x562495ea5e78\nruntime.goexit({})\n\t/usr/lib/golang/src/runtime/asm_amd64.s:1695 +0x1 fp=0xc00004afe8 sp=0xc00004afe0 pc=0x562495ed8ec1\ncreated by runtime.init.7 in goroutine 1\n\t/usr/lib/golang/src/runtime/proc.go:314 +0x1a\n\ngoroutine 3 gp=0xc000007180 m=nil [GC sweep wait]:\nruntime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?)\n\t/usr/lib/golang/src/runtime/proc.go:402 +0xce fp=0xc00004b780 sp=0xc00004b760 pc=0x562495ea5fee\nruntime.goparkunlock(...)\n\t/usr/lib/golang/src/runtime/proc.go:408\nruntime.bgsweep(0xc00002a070)\n\t/usr/lib/golang/src/runtime/mgcsweep.go:278 +0x94 fp=0xc00004b7c8 sp=0xc00004b780 pc=0x562495e91774\nruntime.gcenable.gowrap1()\n\t/usr/lib/golang/src/runtime/mgc.go:203 +0x25 fp=0xc00004b7e0 sp=0xc00004b7c8 pc=0x562495e860a5\nruntime.goexit({})\n\t/usr/lib/golang/src/runtime/asm_amd64.s:1695 +0x1 fp=0xc00004b7e8 sp=0xc00004b7e0 pc=0x562495ed8ec1\ncreated by runtime.gcenable in goroutine 1\n\t/usr/lib/golang/src/runtime/mgc.go:203 +0x66\n\ngoroutine 4 gp=0xc000007340 m=nil [GC scavenge wait]:\nruntime.gopark(0xc00002a070?, 0x562496316d40?, 0x1?, 0x0?, 0xc000007340?)\n\t/usr/lib/golang/src/runtime/proc.go:402 +0xce fp=0xc00004bf78 sp=0xc00004bf58 pc=0x562495ea5fee\nruntime.goparkunlock(...)\n\t/usr/lib/golang/src/runtime/proc.go:408\nruntime.(*scavengerState).park(0x562496751700)\n\t/usr/lib/golang/src/runtime/mgcscavenge.go:425 +0x49 fp=0xc00004bfa8 sp=0xc00004bf78 pc=0x562495e8f169\nruntime.bgscavenge(0xc00002a070)\n\t/usr/lib/golang/src/runtime/mgcscavenge.go:653 +0x3c fp=0xc00004bfc8 sp=0xc00004bfa8 pc=0x562495e8f6fc\nruntime.gcenable.gowrap2()\n\t/usr/lib/golang/src/runtime/mgc.go:204 +0x25 fp=0xc00004bfe0 sp=0xc00004bfc8 pc=0x562495e86045\nruntime.goexit({})\n\t/usr/lib/golang/src/runtime/asm_amd64.s:1695 +0x1 fp=0xc00004bfe8 sp=0xc00004bfe0 pc=0x562495ed8ec1\ncreated by runtime.gcenable in goroutine 1\n\t/usr/lib/golang/src/runtime/mgc.go:204 +0xa5\n\ngoroutine 5 gp=0xc00009c000 m=nil [finalizer wait]:\nruntime.gopark(0xc00004a648?, 0x562495e79745?, 0xa8?, 0x1?, 0xc0000061c0?)\n\t/usr/lib/golang/src/runtime/proc.go:402 +0xce fp=0xc00004a620 sp=0xc00004a600 pc=0x562495ea5fee\nruntime.runfinq()\n\t/usr/lib/golang/src/runtime/mfinal.go:194 +0x107 fp=0xc00004a7e0 sp=0xc00004a620 pc=0x562495e850e7\nruntime.goexit({})\n\t/usr/lib/golang/src/runtime/asm_amd64.s:1695 +0x1 fp=0xc00004a7e8 sp=0xc00004a7e0 pc=0x562495ed8ec1\ncreated by runtime.createfing in goroutine 1\n\t/usr/lib/golang/src/runtime/mfinal.go:164 +0x3d\ntime=\"2024-07-02T12:59:09Z\" level=error msg=\"exec failed: unable to start container process: error writing config to pipe: write init-p: broken pipe\""
  I0702 12:59:09.191064 918 exec_util.go:55] ExecWithOptions {Command:[/bin/sh -c curl -g -q -s 'http://10.131.2.46:9080/dial?request=hostname&protocol=http&host=172.30.174.197&port=80&tries=1'] Namespace:e2e-nettest-4149 PodName:test-container-pod ContainerName:webserver Stdin:<nil> CaptureStdout:true CaptureStderr:true PreserveWhitespace:false Quiet:false}
  I0702 12:59:09.192147 918 exec_util.go:62] ExecWithOptions: Clientset creation
  I0702 12:59:09.192243 918 exec_util.go:79] ExecWithOptions: execute(POST https://api.ci-op-2f9tt8hz-c09c5.aws-2.ci.openshift.org:6443/api/v1/namespaces/e2e-nettest-4149/pods/test-container-pod/exec?command=%2Fbin%2Fsh&command=-c&command=curl+-g+-q+-s+%27http%3A%2F%2F10.131.2.46%3A9080%2Fdial%3Frequest%3Dhostname%26protocol%3Dhttp%26host%3D172.30.174.197%26port%3D80%26tries%3D1%27&container=webserver&container=webserver&stderr=true&stdout=true)

      Initial review by pehunt@redhat.com is that this is likely runc exhibiting a Go bug when FIPS mode is in use. There was also the other reported issue w/ Ignition but the error from that one seemed different.

      Relevant CI job https://prow.ci.openshift.org/view/gs/test-platform-results/logs/periodic-ci-openshift-release-master-nightly-4.17-e2e-aws-ovn-fips/1808149333892141056

      Errors show up in the buildlog https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/test-platform-results/logs/periodic-ci-openshift-release-master-nightly-4.17-e2e-aws-ovn-fips/1808149333892141056/build-log.txt

       

            dbenoit@redhat.com David Benoit
            rhn-support-sdodson Scott Dodson
            David Benoit David Benoit
            qe-baseos-tools-bugs@redhat.com qe-baseos-tools-bugs@redhat.com qe-baseos-tools-bugs@redhat.com qe-baseos-tools-bugs@redhat.com
            Votes:
            0 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated: