crash in connectd due to bad gossip_store #5572

rustyrussell · 2022-09-05T06:35:44Z

We hit an assert as we try to send a giant status message (> 128MB), but the reason we're sending it is because a gossip_store entry fails checksum. I accessed the gossip_store shortly after this, and it seemed fine.

The most likely explanation is that connectd somehow got a bogus offset, and was reading junk from the store.

lightning_connectd: FATAL SIGNAL (version v0.12.0)
0x414a56 send_backtrace
        common/daemon.c:33
0x41d10a status_failed
        common/status.c:221
0x41d1fc status_backtrace_exit
        common/subdaemon.c:18
0x414ada crashdump
        common/daemon.c:49
0x7f2a8063c31f ???
        ???:0
0x7f2a8063c2a2 ???
        ???:0
0x7f2a806258a3 ???
        ???:0
0x7f2a80625788 ???
        ???:0
0x7f2a80634a15 ???
        ???:0
0x42d90d wire_sync_write
        wire/wire_sync.c:13
0x414d75 daemon_conn_sync_flush
        common/daemon_conn.c:114
0x41cb31 flush_and_exit
        common/status.c:189
0x41d01a status_send_fatal
        common/status.c:206
0x41d102 status_failed
        common/status.c:223
0x416f16 gossip_store_next
        common/gossip_store.c:156
0x40d138 maybe_from_gossip_store
        connectd/multiplex.c:530
0x40d3fe write_to_peer
        connectd/multiplex.c:966
0x4aee10 next_plan
        ccan/ccan/io/io.c:59
0x4af210 io_do_always
        ccan/ccan/io/io.c:435
0x4aff02 handle_always
        ccan/ccan/io/poll.c:304
0x4b0229 io_loop
        ccan/ccan/io/poll.c:385
0x40b1db main
        connectd/connectd.c:2063
0x7f2a80626b74 ???
        ???:0
0x40481d ???
        ???:0
0xffffffffffffffff ???
        ???:0
lightning_connectd: wire/wire_sync.c:13: wire_sync_write: Assertion `tal_bytelen(msg) < WIRE_LEN_LIMIT' failed.
Lost connection to the RPC socket.Lost connection to the RPC socket.

The text was updated successfully, but these errors were encountered:

Should help diagnose ElementsProject#5572 which hit the invalid csum on a >64MB entry, if it happens again. Signed-off-by: Rusty Russell <[email protected]>

Should help diagnose #5572 which hit the invalid csum on a >64MB entry, if it happens again. Signed-off-by: Rusty Russell <[email protected]>

Working on diagnosing #5565, #5572 and preventing a crash.

Work in progress to help diagnose #5572

Should help diagnose ElementsProject#5572 which hit the invalid csum on a >64MB entry, if it happens again. Signed-off-by: Rusty Russell <[email protected]>

The gossip_store version byte was unaccounted for in the initial traversal of gossip_store_end. This lead to an offset and a bogus message length field. As a result, an early portion of the gossip_store could have been skipped, potentially leading to gossip propagation issues downstream. Fixes ElementsProject#5572 ElementsProject#5565 Changelog-fixed: proper gossip_store operation may resolve some previous gossip propagation issues

The gossip_store version byte was unaccounted for in the initial traversal of gossip_store_end. This lead to an offset and a bogus message length field. As a result, an early portion of the gossip_store could have been skipped, potentially leading to gossip propagation issues downstream. Fixes #5572 #5565 Changelog-fixed: proper gossip_store operation may resolve some previous gossip propagation issues

Should help diagnose ElementsProject#5572 which hit the invalid csum on a >64MB entry, if it happens again. Signed-off-by: Rusty Russell <[email protected]>

The gossip_store version byte was unaccounted for in the initial traversal of gossip_store_end. This lead to an offset and a bogus message length field. As a result, an early portion of the gossip_store could have been skipped, potentially leading to gossip propagation issues downstream. Fixes ElementsProject#5572 ElementsProject#5565 Changelog-fixed: proper gossip_store operation may resolve some previous gossip propagation issues

Should help diagnose ElementsProject#5572 which hit the invalid csum on a >64MB entry, if it happens again. Signed-off-by: Rusty Russell <[email protected]>

The gossip_store version byte was unaccounted for in the initial traversal of gossip_store_end. This lead to an offset and a bogus message length field. As a result, an early portion of the gossip_store could have been skipped, potentially leading to gossip propagation issues downstream. Fixes ElementsProject#5572 ElementsProject#5565 Changelog-fixed: proper gossip_store operation may resolve some previous gossip propagation issues

rustyrussell added bug gossip crash labels Sep 5, 2022

This was referenced Sep 5, 2022

connectd: better diagnostics on invalid gossip_store entries. #5573

Merged

**BROKEN** connectd: gossip_store: bad checksum at offset 218892226: #5565

Closed

niftynei pushed a commit that referenced this issue Sep 7, 2022

connectd: better diagnostics on invalid gossip_store entries.

dc56b2a

Should help diagnose #5572 which hit the invalid csum on a >64MB entry, if it happens again. Signed-off-by: Rusty Russell <[email protected]>

endothermicdev added a commit that referenced this issue Sep 9, 2022

gossip_store: additional offset validation and recovery

5c19d4b

Working on diagnosing #5565, #5572 and preventing a crash.

endothermicdev added a commit that referenced this issue Sep 9, 2022

gossip_store: debugging function for gossip offsets

3547c5f

Work in progress to help diagnose #5572

cdecker closed this as completed in 4167fe8 Sep 14, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

crash in connectd due to bad gossip_store #5572

crash in connectd due to bad gossip_store #5572

rustyrussell commented Sep 5, 2022

crash in connectd due to bad gossip_store #5572

crash in connectd due to bad gossip_store #5572

Comments

rustyrussell commented Sep 5, 2022