Skip to content
This repository has been archived by the owner on Jun 4, 2024. It is now read-only.

[FUZZ] Beaconfuzz_v2 crash-8aca1b5ce295f678fb67bd5ea8bb36c13a0d7f20 in struct_proposer_slashing #90

Closed
7 tasks done
Daft-Wullie opened this issue Nov 3, 2020 · 2 comments
Labels
crash confirmed Crash is confirmed and developers are notified teku

Comments

@Daft-Wullie
Copy link

I've done and provided the following:

  • Checked to see if any other [FUZZ] issue already refers to that crasher
  • Attached the crashing input (either attached to the issue as a .zip or .gz, or as a link to a file sharing service)
  • Noted the beacon-fuzz version or commit used.
  • Provided crash output
  • Noted the command or fuzzer used to generate the crash
  • Name of the original crash file
  • (Optional but optimal) Checked if the crash can be consistently replicated by re-running the input.

Info to Reproduce

Crash output and stacktrace

note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Traceback (most recent call last, using override)
/home/nimbus-eth2/vendor/nimbus-build-system/vendor/Nim/lib/system/excpt.nim(614) signalHandler
SIGABRT: Abnormal termination.
==1516179== ERROR: libFuzzer: fuzz target exited
    #0 0x55c3c5eec791  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_proposer_slashing+0xe45791)
    #1 0x55c3c89b7160  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_proposer_slashing+0x3910160)
    #2 0x55c3c89cbecb  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_proposer_slashing+0x3924ecb)
    #3 0x7f996f31ca26  (/lib/x86_64-linux-gnu/libc.so.6+0x49a26)
    #4 0x7f996f31cbdf  (/lib/x86_64-linux-gnu/libc.so.6+0x49bdf)
    #5 0x55c3c678039c  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_proposer_slashing+0x16d939c)
    #6 0x7f996f31920f  (/lib/x86_64-linux-gnu/libc.so.6+0x4620f)
    #7 0x7f996f31918a  (/lib/x86_64-linux-gnu/libc.so.6+0x4618a)
    #8 0x7f996f2f8858  (/lib/x86_64-linux-gnu/libc.so.6+0x25858)
    #9 0x55c3c8a84916  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_proposer_slashing+0x39dd916)
    #10 0x55c3c8a6d455  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_proposer_slashing+0x39c6455)
    #11 0x55c3c89aa6a6  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_proposer_slashing+0x39036a6)
    #12 0x55c3c8a752d5  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_proposer_slashing+0x39ce2d5)
    #13 0x55c3c605bdf4  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_proposer_slashing+0xfb4df4)
    #14 0x55c3c605a4b9  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_proposer_slashing+0xfb34b9)
    #15 0x55c3c605bc94  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_proposer_slashing+0xfb4c94)
    #16 0x55c3c61289d4  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_proposer_slashing+0x10819d4)
    #17 0x55c3c6124b36  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_proposer_slashing+0x107db36)
    #18 0x55c3c600e102  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_proposer_slashing+0xf67102)
    #19 0x55c3c5f91681  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_proposer_slashing+0xeea681)
    #20 0x55c3c89aa6d0  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_proposer_slashing+0x39036d0)
    #21 0x55c3c89aa32f  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_proposer_slashing+0x390332f)
    #22 0x55c3c89cc32c  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_proposer_slashing+0x392532c)
    #23 0x55c3c899d439  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_proposer_slashing+0x38f6439)
    #24 0x55c3c89a7232  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_proposer_slashing+0x3900232)
    #25 0x55c3c5e69346  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_proposer_slashing+0xdc2346)
    #26 0x7f996f2fa0b2  (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #27 0x55c3c5e694ed  (/home/beacon-fuzz/beaconfuzz_v2/fuzz/target/x86_64-unknown-linux-gnu/release/struct_proposer_slashing+0xdc24ed)

SUMMARY: libFuzzer: fuzz target exited
────────────────────────────────────────────────────────────────────────────────

Error: Fuzz target exited with exit code: 77

Your Environment

  • Fuzzer ran: beaconfuzz_v2
  • Version/Commit used: latest
  • Operating System and version: Ubuntu 20.04
@pventuzelo pventuzelo added crash confirmed Crash is confirmed and developers are notified teku labels Nov 4, 2020
@pventuzelo
Copy link
Contributor

pventuzelo commented Nov 4, 2020

FYI, that the same file and issue than #82 but this time it's teku that return a different result than the others.

For analysis, here is a package containing the pre state, the proposerslashing and the post state generated by teku.

issue_90_proposer_slashing.zip

lighthouse reject this proposerslashing processing with the error: ProposalsIdentical
prysm reject the proposerslashing processing
nimbus reject the proposerslashing processing
teku process the proposerslashing processing

You can reproduce with:

../beaconfuzz_v2 debug beacon.ssz propslash.ssz proposerslashing

Thanks @Daft-Wullie

@zedt3ster
Copy link
Member

Confirmed to be the same type of discrepancy described in #82. For its process_proposer_slashings function, Teku compares the SignedBeaconBlockHeaders, instead of the BeaconBlockHeaders.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
crash confirmed Crash is confirmed and developers are notified teku
Projects
None yet
Development

No branches or pull requests

3 participants