Bug #14716: SecureRandom throwing an error in Ruby 2.5.1 - Ruby master - Ruby Issue Tracking System

Actions

Copy link

Bug #14716

open

SecureRandom throwing an error in Ruby 2.5.1

Added by snehavas (sneha vasanth) about 3 years ago. Updated about 2 months ago.

Status:

Feedback

Priority:

Normal

Assignee:

Target version:

ruby -v:

2.6.3

Backport:

2.3: DONTNEED, 2.4: DONTNEED, 2.5: REQUIRED

[ruby-core:86709]

Tags:

ext

Description

Hi,

We recently upgraded from ruby 2.3.6 to 2.5.1.
We use SecureRandom.uuid to generate a random number for our session.
Post the upgrade we have been getting the following error intermittently

app error: failed to get urandom (RuntimeError)
E, [2018-04-27T04:55:08.741859 #16550] ERROR -- : /usr/lib/ruby/2.5.0/securerandom.rb:99:in `urandom'
E, [2018-04-27T04:55:08.741898 #16550] ERROR -- : /usr/lib/ruby/2.5.0/securerandom.rb:99:in `gen_random_urandom'
E, [2018-04-27T04:55:08.741932 #16550] ERROR -- : /usr/lib/ruby/2.5.0/securerandom.rb:129:in `random_bytes'
E, [2018-04-27T04:55:08.741965 #16550] ERROR -- : /usr/lib/ruby/2.5.0/securerandom.rb:219:in `uuid'
E, [2018-04-27T04:55:08.741997 #16550] ERROR -- : /usr/share/nginx/frontend/app/utilities/log.rb:74:in `create_session_info'
E, [2018-04-27T04:55:08.742036 #16550] ERROR -- : /usr/share/nginx/frontend/app/utilities/log.rb:11:in `context'

We understand that there was a change in ruby 2.5.1 where we now look at OS sources as the first point of contact to generate random numbers as opposed to OpenSSL.
Any idea why this could be happening?

Related issues

Actions

Copy link

Updated by nobu (Nobuyoshi Nakada) about 3 years ago

Related to Bug #9569: SecureRandom should try /dev/urandom first added

Actions

Copy link

#2 [ruby-core:86711]

Updated by nobu (Nobuyoshi Nakada) about 3 years ago

Status changed from Open to Feedback
Description updated (diff)

It depends on your OS.
What OS and the kernel version?

Actions

Copy link

#3 [ruby-core:86714]

Updated by snehavas (sneha vasanth) about 3 years ago

We are using Ubuntu 14.04.5 LTS

Actions

Copy link

#4 [ruby-core:86715]

Updated by snehavas (sneha vasanth) about 3 years ago

The Kernel version is 3.13.0-145-generic

Actions

Copy link

#5 [ruby-core:86720]

Updated by naruse (Yui NARUSE) about 3 years ago

Backport changed from 2.3: UNKNOWN, 2.4: UNKNOWN, 2.5: UNKNOWN to 2.3: DONTNEED, 2.4: DONTNEED, 2.5: REQUIRED
Status changed from Feedback to Open

r57307 changed to use __NR_getrandom (kernel header) from SYS_getrandom (glibc header).
But __NR_getrandom is from v3.17.
It needs to check both __NR_getrandom and SYS_getrandom for compatibility.

Actions

Copy link

#6 [ruby-core:86721]

Updated by naruse (Yui NARUSE) about 3 years ago

naruse (Yui NARUSE) wrote:

r57307 changed to use __NR_getrandom (kernel header) from SYS_getrandom (glibc header).
But __NR_getrandom is from v3.17.
It needs to check both __NR_getrandom and SYS_getrandom for compatibility.

genrandom(2) is introduced at v3.17.
On v3.13 kernel, it should fallback to /dev/urandom.
Maybe your environment doesn't have /dev/urandom?

Actions

Copy link

#7 [ruby-core:86722]

Updated by shyouhei (Shyouhei Urabe) about 3 years ago

I can reproduce the situation using this Dockerfile https://github.com/shyouhei/docker-library/blob/master/%2314716/Dockerfile

The key point is to delete /dev/urandom from the image.

2.3.6 used to try openssl first, so if it had enough entropy that was okay. 2.5.1 prefers /dev/urandom (or getrandom(2), for newer kernels).

Actions

Copy link

#8 [ruby-core:86723]

Updated by snehavas (sneha vasanth) about 3 years ago

We checked that by executing 'cat /dev/urandom' and we did see an output.
So dont think thats an issue.

We suspect that this issue occurs when there are many concurrent requests.

Actions

Copy link

#9 [ruby-core:88264]

Updated by patbl (Patrick Brinich-Langlois) almost 3 years ago

We also got this error after upgrading to 2.5.1 (we had been on 2.4.2). We're also on a v3.13 kernel (3.13.0-24-generic). cat /dev/urandom produces output, and the errors are intermittent. Over the past day, failed to get urandom was our most common error, but there were several hours when we didn't get any such errors. So it seems possible that it occurs only when there are large numbers of requests, but I didn't try to see whether the request rate was correlated with the error rate.

Actions

Copy link

#10 [ruby-core:88885]

Updated by patbl (Patrick Brinich-Langlois) over 2 years ago

I worked around this problem by forcing SecureRandom to use the OpenSSL gem:

module SecureRandom
  if RUBY_VERSION == "2.5.1"
    class << self
      def gen_random(n)
        begin
          require 'openssl'
        rescue NoMethodError
          raise NotImplementedError, "No random device"
        else
          @rng_chooser.synchronize do
            class << self
              remove_method :gen_random
              alias gen_random gen_random_openssl
            end
          end
          return gen_random(n)
        end
      end
    end
  else
    raise "check whether this monkey patch is still correct"
  end
end

Actions

Copy link

#11 [ruby-core:91655]

Updated by bruno (Bruno Sutic) about 2 years ago

ruby -v changed from 2.5.1 to 2.5.3

Hi,
we're on "Ubuntu 14.04.5 LTS", kernel version "3.13.0-165".

2019-03-03T05:00:00.798Z 12950 TID-ors73fmw2 WARN: RuntimeError: failed to get urandom
2019-03-03T05:00:00.798Z 12950 TID-ors73fmw2 WARN: /usr/lib/ruby/2.5.0/securerandom.rb:99:in `urandom'
/usr/lib/ruby/2.5.0/securerandom.rb:99:in `gen_random_urandom'
/usr/lib/ruby/2.5.0/securerandom.rb:129:in `random_bytes'
/usr/lib/ruby/2.5.0/securerandom.rb:148:in `hex'
/var/lib/gems/2.5.0/gems/activesupport-5.2.0/lib/active_support/notifications/instrumenter.rb:50:in `unique_id'
/var/lib/gems/2.5.0/gems/activesupport-5.2.0/lib/active_support/notifications/instrumenter.rb:12:in `initialize'
/var/lib/gems/2.5.0/gems/activesupport-5.2.0/lib/active_support/notifications.rb:210:in `new'
/var/lib/gems/2.5.0/gems/activesupport-5.2.0/lib/active_support/notifications.rb:210:in `instrumenter_for'
/var/lib/gems/2.5.0/gems/activesupport-5.2.0/lib/active_support/notifications.rb:190:in `instrumenter'
/var/lib/gems/2.5.0/gems/activerecord-5.2.0/lib/active_record/querying.rb:44:in `find_by_sql'
/var/lib/gems/2.5.0/gems/activerecord-5.2.0/lib/active_record/statement_cache.rb:108:in `execute'
/var/lib/gems/2.5.0/gems/activerecord-5.2.0/lib/active_record/core.rb:175:in `find'
/home/deployer/mios/current/app/workers/lock_status_update_worker.rb:17:in `perform'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/processor.rb:185:in `execute_job'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/processor.rb:167:in `block (2 levels) in process'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/middleware/chain.rb:128:in `block in invoke'
/var/lib/gems/2.5.0/gems/sentry-raven-2.7.4/lib/raven/integrations/sidekiq.rb:9:in `call'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/middleware/chain.rb:130:in `block in invoke'
/var/lib/gems/2.5.0/gems/sidekiq-pro-4.0.4/lib/sidekiq/batch/middleware.rb:29:in `call'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/middleware/chain.rb:130:in `block in invoke'
/var/lib/gems/2.5.0/gems/sidekiq-ent-1.7.2/lib/sidekiq-ent/unique.rb:143:in `call'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/middleware/chain.rb:130:in `block in invoke'
/var/lib/gems/2.5.0/gems/sidekiq-ent-1.7.2/lib/sidekiq-ent/limiter/middleware.rb:40:in `call'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/middleware/chain.rb:130:in `block in invoke'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/middleware/chain.rb:133:in `invoke'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/processor.rb:166:in `block in process'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/processor.rb:137:in `block (6 levels) in dispatch'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/job_retry.rb:108:in `local'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/processor.rb:136:in `block (5 levels) in dispatch'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/rails.rb:42:in `block in call'
/var/lib/gems/2.5.0/gems/activesupport-5.2.0/lib/active_support/execution_wrapper.rb:87:in `wrap'
/var/lib/gems/2.5.0/gems/activesupport-5.2.0/lib/active_support/reloader.rb:73:in `block in wrap'
/var/lib/gems/2.5.0/gems/activesupport-5.2.0/lib/active_support/execution_wrapper.rb:87:in `wrap'
/var/lib/gems/2.5.0/gems/activesupport-5.2.0/lib/active_support/reloader.rb:72:in `wrap'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/rails.rb:41:in `call'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/processor.rb:132:in `block (4 levels) in dispatch'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/processor.rb:243:in `stats'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/processor.rb:127:in `block (3 levels) in dispatch'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/job_logger.rb:8:in `call'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/processor.rb:126:in `block (2 levels) in dispatch'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/job_retry.rb:73:in `global'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/processor.rb:125:in `block in dispatch'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/logging.rb:48:in `with_context'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/logging.rb:42:in `with_job_hash_context'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/processor.rb:124:in `dispatch'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/processor.rb:165:in `process'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/processor.rb:83:in `process_one'
/var/lib/gems/2.5.0/gems/sidekiq-5.2.3/lib/sidekiq/processor.rb:71:in `run'

We're using Ruby 2.5.3 and we can see this issue happening intermittently for one of our applications.

It doesn't happen for weeks, and then it suddenly starts happening.
The process that this happens in is "sidekiq", it runs background jobs.
Interestingly, our server runs our 4 other apps (ruby processes), and these apps don't get this error.
Restarting a process seems to fix the issue from happening.

Actions

Copy link

#12 [ruby-core:94447]

Updated by michalsamluk (Michał Samluk) over 1 year ago

ruby -v changed from 2.5.3 to 2.6.3

Hi,
I am having same issue while running seed data (ruby 2.6.3). I am having it while uplaoding attachments.

/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/core_ext/securerandom.rb:39:in `base36'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activestorage-6.0.0.rc2/app/models/active_storage/blob.rb:89:in `generate_unique_secure_token'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/secure_token.rb:32:in `block in has_secure_token'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:429:in `instance_exec'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:429:in `block in make_lambda'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:201:in `block (2 levels) in halting'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:607:in `block (2 levels) in default_terminator'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:606:in `catch'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:606:in `block in default_terminator'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:202:in `block in halting'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:514:in `block in invoke_before'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:514:in `each'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:514:in `invoke_before'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:134:in `run_callbacks'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:827:in `_run_create_callbacks'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/callbacks.rb:332:in `_create_record'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/timestamp.rb:111:in `_create_record'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/persistence.rb:906:in `create_or_update'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/callbacks.rb:328:in `block in create_or_update'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:135:in `run_callbacks'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:827:in `_run_save_callbacks'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/callbacks.rb:328:in `create_or_update'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/timestamp.rb:129:in `create_or_update'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/persistence.rb:470:in `save'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/validations.rb:46:in `save'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/transactions.rb:315:in `block in save'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/transactions.rb:375:in `block in with_transaction_returning_status'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/connection_adapters/abstract/database_statements.rb:275:in `transaction'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/transactions.rb:212:in `transaction'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/transactions.rb:366:in `with_transaction_returning_status'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/transactions.rb:315:in `save'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/suppressor.rb:44:in `save'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/autosave_association.rb:489:in `save_belongs_to_association'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/autosave_association.rb:204:in `block in add_autosave_association_callbacks'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/autosave_association.rb:159:in `instance_eval'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/autosave_association.rb:159:in `block in define_non_cyclic_method'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:429:in `block in make_lambda'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:201:in `block (2 levels) in halting'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:607:in `block (2 levels) in default_terminator'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:606:in `catch'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:606:in `block in default_terminator'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:202:in `block in halting'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:514:in `block in invoke_before'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:514:in `each'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:514:in `invoke_before'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:134:in `run_callbacks'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:827:in `_run_save_callbacks'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/callbacks.rb:328:in `create_or_update'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/timestamp.rb:129:in `create_or_update'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/persistence.rb:470:in `save'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/validations.rb:46:in `save'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/transactions.rb:315:in `block in save'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/transactions.rb:375:in `block in with_transaction_returning_status'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/connection_adapters/abstract/database_statements.rb:275:in `transaction'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/transactions.rb:212:in `transaction'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/transactions.rb:366:in `with_transaction_returning_status'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/transactions.rb:315:in `save'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/suppressor.rb:44:in `save'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/associations/has_one_association.rb:58:in `block in replace'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/associations/has_one_association.rb:103:in `block in transaction_if'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/connection_adapters/abstract/database_statements.rb:275:in `transaction'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/transactions.rb:212:in `transaction'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/associations/has_one_association.rb:103:in `transaction_if'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/associations/has_one_association.rb:51:in `replace'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/associations/singular_association.rb:17:in `writer'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/associations/builder/association.rb:108:in `media_attachment='
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activestorage-6.0.0.rc2/lib/active_storage/attached/changes/create_one.rb:32:in `public_send'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activestorage-6.0.0.rc2/lib/active_storage/attached/changes/create_one.rb:32:in `save'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activestorage-6.0.0.rc2/lib/active_storage/attached/model.rb:54:in `block in has_one_attached'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:429:in `instance_exec'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:429:in `block in make_lambda'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:239:in `block in halting_and_conditional'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:518:in `block in invoke_after'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:518:in `each'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:518:in `invoke_after'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:136:in `run_callbacks'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activesupport-6.0.0.rc2/lib/active_support/callbacks.rb:827:in `_run_save_callbacks'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/callbacks.rb:328:in `create_or_update'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/timestamp.rb:129:in `create_or_update'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/persistence.rb:503:in `save!'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/validations.rb:52:in `save!'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/transactions.rb:319:in `block in save!'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/transactions.rb:375:in `block in with_transaction_returning_status'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/connection_adapters/abstract/database_statements.rb:275:in `transaction'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/transactions.rb:212:in `transaction'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/transactions.rb:366:in `with_transaction_returning_status'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/transactions.rb:319:in `save!'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/suppressor.rb:48:in `save!'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/associations/collection_association.rb:360:in `insert_record'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/associations/has_many_association.rb:36:in `insert_record'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/associations/collection_association.rb:347:in `block (2 levels) in _create_record'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/associations/collection_association.rb:443:in `replace_on_target'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/associations/collection_association.rb:285:in `add_to_target'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/associations/collection_association.rb:346:in `block in _create_record'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/associations/collection_association.rb:135:in `block in transaction'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/connection_adapters/abstract/database_statements.rb:277:in `block in transaction'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/connection_adapters/abstract/transaction.rb:280:in `block in within_new_transaction'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/connection_adapters/abstract/transaction.rb:278:in `within_new_transaction'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/connection_adapters/abstract/database_statements.rb:277:in `transaction'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/transactions.rb:212:in `transaction'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/associations/collection_association.rb:134:in `transaction'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/associations/collection_association.rb:344:in `_create_record'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/associations/has_many_association.rb:116:in `_create_record'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/associations/association.rb:195:in `create!'
/Users/myuser/.rvm/gems/ruby-2.6.3/gems/activerecord-6.0.0.rc2/lib/active_record/associations/collection_proxy.rb:363:in `create!'

Actions

Copy link

#13 [ruby-core:94479]

Updated by fa11enangel (Konstantin Filtschew) over 1 year ago

I have the same issue running ruby 2.6.3 on MacOS 10.14.6 while using guard on a rails project:

13:43:07 - INFO - Running: spec/features/foo_spec.rb
Running via Spring preloader in process 17829

Randomized with seed 57737
Capybara starting Puma...
* Version 3.12.1 , codename: Llamas in Pajamas
* Min threads: 0, max threads: 4
* Listening on tcp://127.0.0.1:52057
...2019-08-22 11:43:24 +0000: Rack app error handling request { GET /foo/bar }
#<RuntimeError: failed to get urandom>
/Users/me/.asdf/installs/ruby/2.6.3/lib/ruby/2.6.0/securerandom.rb:104:in `urandom'
/Users/me/.asdf/installs/ruby/2.6.3/lib/ruby/2.6.0/securerandom.rb:104:in `gen_random_urandom'
/Users/me/.asdf/installs/ruby/2.6.3/lib/ruby/2.6.0/securerandom.rb:136:in `random_bytes'
/Users/me/.asdf/installs/ruby/2.6.3/lib/ruby/2.6.0/securerandom.rb:234:in `uuid'
/Users/me/.asdf/installs/ruby/2.6.3/lib/ruby/gems/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/middleware/request_id.rb:40:in `internal_request_id'
/Users/me/.asdf/installs/ruby/2.6.3/lib/ruby/gems/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/middleware/request_id.rb:35:in `make_request_id'
/Users/me/.asdf/installs/ruby/2.6.3/lib/ruby/gems/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/middleware/request_id.rb:26:in `call'
/Users/me/.asdf/installs/ruby/2.6.3/lib/ruby/gems/2.6.0/gems/rack-2.0.7/lib/rack/method_override.rb:22:in `call'
/Users/me/.asdf/installs/ruby/2.6.3/lib/ruby/gems/2.6.0/gems/rack-2.0.7/lib/rack/runtime.rb:22:in `call'
/Users/me/.asdf/installs/ruby/2.6.3/lib/ruby/gems/2.6.0/gems/activesupport-5.2.3/lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
/Users/me/.asdf/installs/ruby/2.6.3/lib/ruby/gems/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/middleware/executor.rb:14:in `call'
/Users/me/.asdf/installs/ruby/2.6.3/lib/ruby/gems/2.6.0/gems/actionpack-5.2.3/lib/action_dispatch/middleware/static.rb:127:in `call'
/Users/me/.asdf/installs/ruby/2.6.3/lib/ruby/gems/2.6.0/gems/rack-2.0.7/lib/rack/sendfile.rb:111:in `call'
/Users/me/.asdf/installs/ruby/2.6.3/lib/ruby/gems/2.6.0/gems/rack-heartbeat-1.1.0/lib/rack/heartbeat.rb:45:in `call'
/Users/me/.asdf/installs/ruby/2.6.3/lib/ruby/gems/2.6.0/gems/railties-5.2.3/lib/rails/engine.rb:524:in `call'
/Users/me/.asdf/installs/ruby/2.6.3/lib/ruby/gems/2.6.0/gems/rack-2.0.7/lib/rack/urlmap.rb:68:in `block in call'
/Users/me/.asdf/installs/ruby/2.6.3/lib/ruby/gems/2.6.0/gems/rack-2.0.7/lib/rack/urlmap.rb:53:in `each'
/Users/me/.asdf/installs/ruby/2.6.3/lib/ruby/gems/2.6.0/gems/rack-2.0.7/lib/rack/urlmap.rb:53:in `call'
/Users/me/.asdf/installs/ruby/2.6.3/lib/ruby/gems/2.6.0/gems/capybara-3.26.0/lib/capybara/server/middleware.rb:48:in `call'
/Users/me/.asdf/installs/ruby/2.6.3/lib/ruby/gems/2.6.0/gems/puma-3.12.1/lib/puma/configuration.rb:227:in `call'
/Users/me/.asdf/installs/ruby/2.6.3/lib/ruby/gems/2.6.0/gems/puma-3.12.1/lib/puma/server.rb:660:in `handle_request'
/Users/me/.asdf/installs/ruby/2.6.3/lib/ruby/gems/2.6.0/gems/puma-3.12.1/lib/puma/server.rb:474:in `process_client'
/Users/me/.asdf/installs/ruby/2.6.3/lib/ruby/gems/2.6.0/gems/puma-3.12.1/lib/puma/server.rb:334:in `block in run'
/Users/me/.asdf/installs/ruby/2.6.3/lib/ruby/gems/2.6.0/gems/puma-3.12.1/lib/puma/thread_pool.rb:135:in `block in spawn_thread'

Restarting guard helps to fix it temporarily.

Actions

Copy link

#14 [ruby-core:94684]

Updated by emiltin (Emil Tin) over 1 year ago

I got this when running a ruby script that openened a large number of TCP socket (and thus files). In fact I had to increase the file limit of the shell using ulimit to be able to open enough sockets.

Actions

Copy link

#15 [ruby-core:95034]

Updated by miles.lane@gmail.com (Miles Lane) over 1 year ago

I am encountering this in a project as well. In my case, I see this while running rspec regression tests:

#<ActionView::Template::Error: failed to get urandom>
./.rvm/rubies/ruby-2.6.3/lib/ruby/2.6.0/securerandom.rb:104:in `urandom'
./.rvm/rubies/ruby-2.6.3/lib/ruby/2.6.0/securerandom.rb:104:in `gen_random_urandom'
./.rvm/rubies/ruby-2.6.3/lib/ruby/2.6.0/securerandom.rb:136:in `random_bytes'
./.rvm/rubies/ruby-2.6.3/lib/ruby/2.6.0/securerandom.rb:180:in `base64'
./.rvm/gems/ruby-2.6.3/gems/secure_headers-6.1.1/lib/secure_headers.rb:232:in `content_security_policy_nonce'
./.rvm/gems/ruby-2.6.3/gems/secure_headers-6.1.1/lib/secure_headers.rb:169:in `content_security_policy_script_nonce'
./.rvm/gems/ruby-2.6.3/gems/secure_headers-6.1.1/lib/secure_headers/view_helper.rb:72:in `_content_security_policy_nonce'
./.rvm/gems/ruby-2.6.3/gems/secure_headers-6.1.1/lib/secure_headers/view_helper.rb:156:in `nonced_tag'
./.rvm/gems/ruby-2.6.3/gems/secure_headers-6.1.1/lib/secure_headers/view_helper.rb:32:in `nonced_javascript_tag'
./Projects/app/helpers/ui_helper.rb:17:in `ui_config_html'
./Projects/app/views/layouts/ui.html.haml:26:in `_app_views_layouts_ui_html_haml__1126671116763852577_2479064420'
./.rvm/gems/ruby-2.6.3/gems/actionview-5.2.2.1/lib/action_view/template.rb:159:in `block in render'
./.rvm/gems/ruby-2.6.3/gems/activesupport-5.2.2.1/lib/active_support/notifications.rb:170:in `instrument'
./.rvm/gems/ruby-2.6.3/gems/actionview-5.2.2.1/lib/action_view/template.rb:354:in `instrument_render_template'
./.rvm/gems/ruby-2.6.3/gems/actionview-5.2.2.1/lib/action_view/template.rb:157:in `render'
./.rvm/gems/ruby-2.6.3/gems/actionview-5.2.2.1/lib/action_view/renderer/template_renderer.rb:66:in `render_with_layout'
./.rvm/gems/ruby-2.6.3/gems/actionview-5.2.2.1/lib/action_view/renderer/template_renderer.rb:52:in `render_template'
./.rvm/gems/ruby-2.6.3/gems/actionview-5.2.2.1/lib/action_view/renderer/template_renderer.rb:16:in `render'
./.rvm/gems/ruby-2.6.3/gems/actionview-5.2.2.1/lib/action_view/renderer/renderer.rb:44:in `render_template'
./.rvm/gems/ruby-2.6.3/gems/actionview-5.2.2.1/lib/action_view/renderer/renderer.rb:25:in `render'
./.rvm/gems/ruby-2.6.3/gems/actionview-5.2.2.1/lib/action_view/rendering.rb:103:in `_render_template'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_controller/metal/streaming.rb:219:in `_render_template'
./.rvm/gems/ruby-2.6.3/gems/actionview-5.2.2.1/lib/action_view/rendering.rb:84:in `render_to_body'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_controller/metal/rendering.rb:52:in `render_to_body'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_controller/metal/renderers.rb:142:in `render_to_body'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/abstract_controller/rendering.rb:25:in `render'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_controller/metal/rendering.rb:36:in `render'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_controller/metal/instrumentation.rb:46:in `block (2 levels) in render'
./.rvm/gems/ruby-2.6.3/gems/activesupport-5.2.2.1/lib/active_support/core_ext/benchmark.rb:14:in `block in ms'
./.rvm/rubies/ruby-2.6.3/lib/ruby/2.6.0/benchmark.rb:308:in `realtime'
./.rvm/gems/ruby-2.6.3/gems/activesupport-5.2.2.1/lib/active_support/core_ext/benchmark.rb:14:in `ms'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_controller/metal/instrumentation.rb:46:in `block in render'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_controller/metal/instrumentation.rb:87:in `cleanup_view_runtime'
./.rvm/gems/ruby-2.6.3/gems/activerecord-5.2.2.1/lib/active_record/railties/controller_runtime.rb:31:in `cleanup_view_runtime'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_controller/metal/instrumentation.rb:45:in `render'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_controller/metal/implicit_render.rb:35:in `default_render'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_controller/metal/basic_implicit_render.rb:6:in `block in send_action'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_controller/metal/basic_implicit_render.rb:6:in `tap'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_controller/metal/basic_implicit_render.rb:6:in `send_action'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/abstract_controller/base.rb:194:in `process_action'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_controller/metal/rendering.rb:30:in `process_action'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/abstract_controller/callbacks.rb:42:in `block in process_action'
./.rvm/gems/ruby-2.6.3/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:132:in `run_callbacks'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/abstract_controller/callbacks.rb:41:in `process_action'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_controller/metal/rescue.rb:22:in `process_action'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_controller/metal/instrumentation.rb:34:in `block in process_action'
./.rvm/gems/ruby-2.6.3/gems/activesupport-5.2.2.1/lib/active_support/notifications.rb:168:in `block in instrument'
./.rvm/gems/ruby-2.6.3/gems/activesupport-5.2.2.1/lib/active_support/notifications/instrumenter.rb:23:in `instrument'
./.rvm/gems/ruby-2.6.3/gems/activesupport-5.2.2.1/lib/active_support/notifications.rb:168:in `instrument'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_controller/metal/instrumentation.rb:32:in `process_action'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_controller/metal/params_wrapper.rb:256:in `process_action'
./.rvm/gems/ruby-2.6.3/gems/activerecord-5.2.2.1/lib/active_record/railties/controller_runtime.rb:24:in `process_action'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/abstract_controller/base.rb:134:in `process'
./.rvm/gems/ruby-2.6.3/gems/actionview-5.2.2.1/lib/action_view/rendering.rb:32:in `process'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_controller/metal.rb:191:in `dispatch'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_controller/metal.rb:252:in `dispatch'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_dispatch/routing/route_set.rb:52:in `dispatch'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_dispatch/routing/route_set.rb:34:in `serve'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_dispatch/journey/router.rb:52:in `block in serve'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_dispatch/journey/router.rb:35:in `each'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_dispatch/journey/router.rb:35:in `serve'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_dispatch/routing/route_set.rb:840:in `call'
./.rvm/gems/ruby-2.6.3/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:192:in `call!'
./.rvm/gems/ruby-2.6.3/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in `call'
./.rvm/gems/ruby-2.6.3/gems/warden-1.2.8/lib/warden/manager.rb:36:in `block in call'
./.rvm/gems/ruby-2.6.3/gems/warden-1.2.8/lib/warden/manager.rb:34:in `catch'
./.rvm/gems/ruby-2.6.3/gems/warden-1.2.8/lib/warden/manager.rb:34:in `call'
./.rvm/gems/ruby-2.6.3/gems/rack-2.0.7/lib/rack/tempfile_reaper.rb:15:in `call'
./.rvm/gems/ruby-2.6.3/gems/rack-2.0.7/lib/rack/etag.rb:25:in `call'
./.rvm/gems/ruby-2.6.3/gems/rack-2.0.7/lib/rack/conditional_get.rb:25:in `call'
./.rvm/gems/ruby-2.6.3/gems/rack-2.0.7/lib/rack/head.rb:12:in `call'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_dispatch/http/content_security_policy.rb:18:in `call'
./.rvm/gems/ruby-2.6.3/gems/rack-2.0.7/lib/rack/session/abstract/id.rb:232:in `context'
./.rvm/gems/ruby-2.6.3/gems/rack-2.0.7/lib/rack/session/abstract/id.rb:226:in `call'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/cookies.rb:670:in `call'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
./.rvm/gems/ruby-2.6.3/gems/activesupport-5.2.2.1/lib/active_support/callbacks.rb:98:in `run_callbacks'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/callbacks.rb:26:in `call'
./.rvm/gems/ruby-2.6.3/gems/airbrake-7.3.0/lib/airbrake/rack/middleware.rb:52:in `call'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/debug_exceptions.rb:61:in `call'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
./.rvm/gems/ruby-2.6.3/gems/railties-5.2.2.1/lib/rails/rack/logger.rb:38:in `call_app'
./.rvm/gems/ruby-2.6.3/gems/railties-5.2.2.1/lib/rails/rack/logger.rb:26:in `block in call'
./.rvm/gems/ruby-2.6.3/gems/activesupport-5.2.2.1/lib/active_support/tagged_logging.rb:71:in `block in tagged'
./.rvm/gems/ruby-2.6.3/gems/activesupport-5.2.2.1/lib/active_support/tagged_logging.rb:28:in `tagged'
./.rvm/gems/ruby-2.6.3/gems/activesupport-5.2.2.1/lib/active_support/tagged_logging.rb:71:in `tagged'
./.rvm/gems/ruby-2.6.3/gems/railties-5.2.2.1/lib/rails/rack/logger.rb:26:in `call'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
./.rvm/gems/ruby-2.6.3/gems/request_store-1.4.1/lib/request_store/middleware.rb:19:in `call'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/request_id.rb:27:in `call'
./.rvm/gems/ruby-2.6.3/gems/rack-2.0.7/lib/rack/method_override.rb:22:in `call'
./.rvm/gems/ruby-2.6.3/gems/rack-2.0.7/lib/rack/runtime.rb:22:in `call'
./.rvm/gems/ruby-2.6.3/gems/activesupport-5.2.2.1/lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/executor.rb:14:in `call'
./.rvm/gems/ruby-2.6.3/gems/actionpack-5.2.2.1/lib/action_dispatch/middleware/static.rb:127:in `call'
./Projects/lib/gitlab/testing/request_inspector_middleware.rb:31:in `call'
./Projects/lib/rack_request_blocker.rb:36:in `call'
./.rvm/gems/ruby-2.6.3/gems/rack-2.0.7/lib/rack/sendfile.rb:111:in `call'
./.rvm/gems/ruby-2.6.3/gems/secure_headers-6.1.1/lib/secure_headers/middleware.rb:11:in `call'
./.rvm/gems/ruby-2.6.3/gems/railties-5.2.2.1/lib/rails/engine.rb:524:in `call'
./.rvm/gems/ruby-2.6.3/gems/rack-2.0.7/lib/rack/urlmap.rb:68:in `block in call'
./.rvm/gems/ruby-2.6.3/gems/rack-2.0.7/lib/rack/urlmap.rb:53:in `each'
./.rvm/gems/ruby-2.6.3/gems/rack-2.0.7/lib/rack/urlmap.rb:53:in `call'
./.rvm/gems/ruby-2.6.3/gems/capybara-3.29.0/lib/capybara/server/middleware.rb:48:in `call'
./.rvm/gems/ruby-2.6.3/gems/puma-4.1.1/lib/puma/configuration.rb:228:in `call'
./.rvm/gems/ruby-2.6.3/gems/puma-4.1.1/lib/puma/server.rb:664:in `handle_request'
./.rvm/gems/ruby-2.6.3/gems/puma-4.1.1/lib/puma/server.rb:467:in `process_client'
./.rvm/gems/ruby-2.6.3/gems/puma-4.1.1/lib/puma/server.rb:328:in `block in run'
./.rvm/gems/ruby-2.6.3/gems/puma-4.1.1/lib/puma/thread_pool.rb:135:in `block in spawn_thread'

Actions

Copy link

#16 [ruby-core:102794]

Updated by jeremyevans0 (Jeremy Evans) 2 months ago

Status changed from Open to Feedback

Can anyone prepare a reproducible example of this happening with Ruby 2.7 or 3.0 (Ruby 2.6 goes into security maintenance at the end of the month)? I think many of the reported failures with Ruby 2.5 and 2.6 could be due to the file descriptor limit being hit (assuming SecureRandom is using the /dev/urandom file for entropy), but it is hard to confirm that without a reproducible example.

Actions

Copy link

#17 [ruby-core:102796]

Updated by xtkoba (Tee KOBAYASHI) 2 months ago

I can reproduce this issue with Ruby 3.0.0p0 on my old Android phone by artificially opening a lot of files.

The reproducer code (named bug14716.rb):

require 'securerandom'

a = []
1017.times { a.push File.open '/' }

SecureRandom.hex

In a shell:

$ uname -a
Linux localhost 3.10.49 #7 SMP PREEMPT Mon Jul 25 16:03:30 CST 2016 armv7l GNU/Linux
$ ulimit -n
1024
$ ruby bug14716.rb
/data/data/com.example.ruby/files/lib/ruby/3.0.0/securerandom.rb:92:in `urandom': failed to get urandom (RuntimeError)
        from /data/data/com.example.ruby/files/lib/ruby/3.0.0/securerandom.rb:92:in `gen_random_urandom'
        from /data/data/com.example.ruby/files/lib/ruby/3.0.0/securerandom.rb:139:in `random_bytes'
        from /data/data/com.example.ruby/files/lib/ruby/3.0.0/securerandom.rb:160:in `hex'
        from bug14716.rb:6:in `<main>'

To reproduce this issue in recent Linux systems it will be necessary to modify random.c so that it does not use getrandom (or __NR_getrandom syscall), nor getentropy in recent dev versions, as these functions do not consume any file descriptors.

Actions

Copy link

#18 [ruby-core:102807]

Updated by jeremyevans0 (Jeremy Evans) 2 months ago

If SecureRandom requires a file descriptor to work, I think it should be expected to raise an exception if a file descriptor is not available. After all, it's not a bug when File.open raises an exception because a file descriptor is not available. So absent a reproducer that includes file descriptor exhaustion or the deletion of /dev/urandom, I think this should be closed.

Actions

Copy link

#19 [ruby-core:102808]

Updated by xtkoba (Tee KOBAYASHI) 2 months ago

To my understanding, the problem is that when Random.urandom failed to use /dev/urandom it does not fall back to using an OpenSSL function even if it is available.

However, this issue seems no longer to happen on recent Linux systems, as all the 3.x.y kernel series have now gone to EOL. I am not familiar with *BSD, but it seems that this issue does not happen on *BSD systems on which arc4random_buf is available. I have no idea for the other *nix systems at all.

Actions

Copy link

#20 [ruby-core:102809]

Updated by jeremyevans0 (Jeremy Evans) about 2 months ago

xtkoba (Tee KOBAYASHI) wrote in #note-19:

To my understanding, the problem is that when Random.urandom failed to use /dev/urandom it does not fall back to using an OpenSSL function even if it is available.

Ah, thank you, that is an important insight I missed. However, I think such a fallback is problematic, for two reasons:

1) If openssl has not been required yet, it would have to require openssl, which would require a file descriptor, and we are already out of file descriptors.

2) Even if openssl has already been required, it needs to seed the OpenSSL random generator using /dev/urandom, which would also require a file descriptor (see get_random_openssl).

The only way for this to work would be to have securerandom always require openssl and either preseed the OpenSSL random generator (which would still fail in forked processes) or directly call OpenSSL::Random.random_bytes without seeding the OpenSSL random generator, which sounds like a bad idea from a security perspective. I also think it's undesirable for securerandom to require openssl just to use it for fallback.

In my opinion, if you are using an operating system that uses on /dev/urandom for random data and want randomness to be immune to file descriptor exhaustion, you should use OpenSSL::Random.random_bytes directly.

If we did want a fallback, something like this could work:

diff --git a/lib/securerandom.rb b/lib/securerandom.rb
index 241fde98ce..034f60b468 100644
--- a/lib/securerandom.rb
+++ b/lib/securerandom.rb
@@ -89,7 +89,14 @@ def gen_random_openssl(n)
     end

     def gen_random_urandom(n)
-      ret = Random.urandom(n)
+      begin
+        ret = Random.urandom(n)
+      rescue RuntimeError
+        if defined?(OpenSSL::Random)
+          ret = OpenSSL::Random.random_bytes(n)
+        end
+      end
+
       unless ret
         raise NotImplementedError, "No random device"
       end
@@ -109,6 +116,12 @@ def gen_random_urandom(n)
         alias gen_random gen_random_openssl
       end
     else
+      begin
+        require 'openssl'
+      rescue
+      else
+        SecureRandom.send(:gen_random_openssl, 1)
+      end
       alias gen_random gen_random_urandom
     end

However, as I mentioned, I think this is a bad idea.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Ruby » Ruby master

Custom queries

Bug #14716

SecureRandom throwing an error in Ruby 2.5.1

Updated by nobu (Nobuyoshi Nakada) about 3 years ago

Updated by nobu (Nobuyoshi Nakada) about 3 years ago

Updated by snehavas (sneha vasanth) about 3 years ago

Updated by snehavas (sneha vasanth) about 3 years ago

Updated by naruse (Yui NARUSE) about 3 years ago

Updated by naruse (Yui NARUSE) about 3 years ago

Updated by shyouhei (Shyouhei Urabe) about 3 years ago

Updated by snehavas (sneha vasanth) about 3 years ago

Updated by patbl (Patrick Brinich-Langlois) almost 3 years ago

Updated by patbl (Patrick Brinich-Langlois) over 2 years ago

Updated by bruno (Bruno Sutic) about 2 years ago

Updated by michalsamluk (Michał Samluk) over 1 year ago

Updated by fa11enangel (Konstantin Filtschew) over 1 year ago

Updated by emiltin (Emil Tin) over 1 year ago

Updated by miles.lane@gmail.com (Miles Lane) over 1 year ago

Updated by jeremyevans0 (Jeremy Evans) 2 months ago

Updated by xtkoba (Tee KOBAYASHI) 2 months ago

Updated by jeremyevans0 (Jeremy Evans) 2 months ago

Updated by xtkoba (Tee KOBAYASHI) 2 months ago

Updated by jeremyevans0 (Jeremy Evans) about 2 months ago