Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nodes crash down after receiving a serial of messages generated by fuzzer, and cannot be recovered #23866

Closed
SecTechTool opened this issue Nov 8, 2021 · 3 comments
Closed

Nodes crash down after receiving a serial of messages generated by fuzzer, and cannot be recovered #23866

SecTechTool opened this issue Nov 8, 2021 · 3 comments
Labels
type:bug

Comments

@SecTechTool
Copy link

System information

Geth version: 1.10.9-unstable-9ada4a2e-20210910
OS & Version: MacOS
Network: Private test net

Expected behaviour

Node sync block in the private net.

Actual behaviour

Node crashed down with "runtime error: invalid memory address or nil pointer dereference"

Steps to reproduce the behaviour

  1. setup a 10-node private geth nodes lcoally
  2. setup a fuzzing node continually sending fuzzed messages to other 10 normal geth nodes.
  3. After more than 24 hours fuzzing experiment, one of the geth node who is run in fast mode crashed down.
    The running command for the node is ./build/bin/geth --identity "ETH-node10" --datadir "node10" --ethash.dagdir "node10" --port "30312" --maxpeers 15 --networkid 10086 --syncmode "fast" --bootnodes "enode://e71bec68f09c4b9567bd4575d855ea61b179b1d64e6f78c861ebddf3783178f95edaaf39647c1f792bc654d0931ad25415d50c25c437787183c0b0a32a76da85@127.0.0.1:0?discport=30301" --mine --miner.etherbase 0xd192415624a039b24ad571f96cb438de9f0556a7 --miner.threads 1 console

Backtrace

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x43195ff]

goroutine 1 [running]:
github.com/syndtr/goleveldb/leveldb/table.(*Reader).newBlockIter(0xc00031b520, 0xc00033c440, 0x0, 0x0, 0x0, 0x1, 0x0)
	github.com/syndtr/[email protected]/leveldb/table/reader.go:734 +0xbf
github.com/syndtr/goleveldb/leveldb/table.NewReader(0x67d22e8, 0xc00038c198, 0x23b, 0x4, 0x8, 0xc000322630, 0xc0001cd180, 0xc0001cd040, 0x0, 0x0, ...)
	github.com/syndtr/[email protected]/leveldb/table/reader.go:1085 +0x648
github.com/syndtr/goleveldb/leveldb.(*tOps).open.func1(0xc000581a70, 0xc0002ee100, 0xc0002ee0c0)
	github.com/syndtr/[email protected]/leveldb/table.go:428 +0x1cb
github.com/syndtr/goleveldb/leveldb/cache.(*Cache).Get(0xc0002ee100, 0x0, 0x8, 0xc000152b90, 0x0)
	github.com/syndtr/[email protected]/leveldb/cache/cache.go:388 +0x28a
github.com/syndtr/goleveldb/leveldb.(*tOps).open(0xc000581b60, 0xc00030c370, 0x437fa69, 0x0, 0x0)
	github.com/syndtr/[email protected]/leveldb/table.go:415 +0x86
github.com/syndtr/goleveldb/leveldb.(*tOps).find(0xc000581b60, 0xc00030c370, 0xc0001a7c08, 0x12, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
	github.com/syndtr/[email protected]/leveldb/table.go:445 +0x90
github.com/syndtr/goleveldb/leveldb.(*version).get.func1(0x0, 0xc00030c370, 0xc0001a7c08)
	github.com/syndtr/[email protected]/leveldb/version.go:180 +0x465
github.com/syndtr/goleveldb/leveldb.(*version).walkOverlapping(0xc0001ae5a0, 0x0, 0x0, 0x0, 0xc0001a7c08, 0x12, 0x12, 0xc000152ed8, 0xc000152ea8)
	github.com/syndtr/[email protected]/leveldb/version.go:119 +0x29d
github.com/syndtr/goleveldb/leveldb.(*version).get(0xc0001ae5a0, 0x0, 0x0, 0x0, 0xc0001a7c08, 0x12, 0x12, 0x0, 0x0, 0x0, ...)
	github.com/syndtr/[email protected]/leveldb/version.go:164 +0x2f1
github.com/syndtr/goleveldb/leveldb.(*DB).get(0xc0001d6000, 0x0, 0x0, 0x0, 0x0, 0xc0002ea6a0, 0xa, 0x10, 0x3e137, 0x0, ...)
	github.com/syndtr/[email protected]/leveldb/db.go:785 +0x385
github.com/syndtr/goleveldb/leveldb.(*DB).Get(0xc0001d6000, 0xc0002ea6a0, 0xa, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
	github.com/syndtr/[email protected]/leveldb/db.go:851 +0x13b
github.com/ethereum/go-ethereum/ethdb/leveldb.(*Database).Get(0xc00064a100, 0xc0002ea6a0, 0xa, 0x10, 0x7735940005e39400, 0xc000195020, 0xc0005921c0, 0x0, 0x0)
	github.com/ethereum/go-ethereum/ethdb/leveldb/leveldb.go:190 +0x5a
github.com/ethereum/go-ethereum/core/rawdb.NewDatabaseWithFreezer(0x54c0b58, 0xc00064a100, 0xc0001aa6c0, 0x34, 0x525effa, 0x11, 0x410e500, 0xc00064a100, 0x0, 0x0, ...)
	github.com/ethereum/go-ethereum/core/rawdb/database.go:159 +0xd5
github.com/ethereum/go-ethereum/core/rawdb.NewLevelDBDatabaseWithFreezer(0xc0000417d0, 0x2c, 0x800, 0x1400, 0xc0001aa6c0, 0x34, 0x525effa, 0x11, 0x0, 0x7b, ...)
	github.com/ethereum/go-ethereum/core/rawdb/database.go:245 +0xf4
github.com/ethereum/go-ethereum/node.(*Node).OpenDatabaseWithFreezer(0xc00047e1a0, 0x5256ae7, 0x9, 0x800, 0x1400, 0x0, 0x0, 0x525effa, 0x11, 0x0, ...)
	github.com/ethereum/go-ethereum/node/node.go:602 +0x33c
github.com/ethereum/go-ethereum/eth.New(0xc00047e1a0, 0xc000355500, 0xc0002d67b8, 0xc000130af0, 0x47c6dd0)
	github.com/ethereum/go-ethereum/eth/backend.go:130 +0x311
github.com/ethereum/go-ethereum/cmd/utils.RegisterEthService(0xc00047e1a0, 0xc000355500, 0xf, 0x0, 0x1)
	github.com/ethereum/go-ethereum/cmd/utils/flags.go:1687 +0x225
main.makeFullNode(0xc0001d22c0, 0x525450d, 0x1, 0xc0001ac010)
	github.com/ethereum/go-ethereum/cmd/geth/config.go:162 +0x14e
main.geth(0xc0001d22c0, 0x0, 0x0)
	github.com/ethereum/go-ethereum/cmd/geth/main.go:311 +0xf4
gopkg.in/urfave/cli%2ev1.HandleAction(0x500f800, 0x5339c80, 0xc0001d22c0, 0xc0000a76e0, 0x0)
	gopkg.in/urfave/[email protected]/app.go:490 +0x82
gopkg.in/urfave/cli%2ev1.(*App).Run(0xc0001981a0, 0xc000194180, 0x3, 0x3, 0x0, 0x0)
	gopkg.in/urfave/[email protected]/app.go:264 +0x5f5
main.main()
	github.com/ethereum/go-ethereum/cmd/geth/main.go:254 +0x55

When submitting logs: please submit them as text and not screenshots.
@rjl493456442
Copy link
Member

Already opened it in leveldb repo syndtr/goleveldb#373

@fgeek
Copy link

fgeek commented Nov 19, 2021

CVE-2021-43668 has been assigned for this issue.

@holiman
Copy link
Contributor

holiman commented Dec 15, 2021

Closing this, without any way to repro it, there's not much action we can take on this.

@holiman holiman closed this as completed Dec 15, 2021
vtermanis added a commit to Iotic-Labs/iotics-identity-go that referenced this issue Jan 5, 2022
@vtermanis
EI-528 - Revert to go-ethereum for secp256k functionality (introduced…
62f1edc 
… in 398057a)

- github.com/fomichev/secp256k1 has negative performance impact
- vulnerability associated with go-ethereum is not relevant (i.e. code not touched)
  See also ethereum/go-ethereum#23866
- Bump github.com/ethereum/go-ethereum to v1.10.14
@vtermanis vtermanis mentioned this issue Jan 5, 2022
Merged
vtermanis added a commit to Iotic-Labs/iotics-identity-go that referenced this issue Jan 7, 2022
@vtermanis
EI-528 - Revert to go-ethereum for secp256k functionality (introduced…
088a185 
… in 398057a)

- github.com/fomichev/secp256k1 has negative performance impact
- vulnerability associated with go-ethereum is not relevant (i.e. code not touched)
  See also ethereum/go-ethereum#23866
- Bump github.com/ethereum/go-ethereum to v1.10.14
@vtermanis vtermanis mentioned this issue Jan 7, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type:bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@holiman @fgeek @rjl493456442 @SecTechTool