[bug]: panic inside btcwire's WriteMessageWithEncodingN

[Kamillaova]

Background

After several hours of running the lnd node in Neutrino mode, a crash occurred inside btcwire internals.

2025-02-11 07:10:40.493 [INF] LNWL: Web API returning 1012 sat/kvb for min relay feerate
2025-02-11 07:10:40.493 [INF] UTXN: Attempting to graduate height=883256: num_kids=0, num_babies=0
2025-02-11 07:17:59.065 [INF] GRPH: Examining channel graph for zombie channels
2025-02-11 07:17:59.087 [INF] GRPH: Pruning 1 zombie channels
2025-02-11 07:33:07.226 [ERR] BTCN: Can't read message from 134.209.198.36:8333 (outbound): read tcp 10.134.163.1:50507->134.209.198.36:8333: read: operation timed out
2025-02-11 07:33:07.254 [INF] BTCN: Lost peer 134.209.198.36:8333 (outbound)
panic: runtime error: slice bounds out of range [12:8]

goroutine 704327 [running]:
internal/poll.(*FD).Write(0x140010d4080, {0x14000f04180, 0x8, 0x40})
  internal/poll/fd_unix.go:380 +0x3ac
net.(*netFD).Write(0x140010d4080, {0x14000f04180?, 0x4?, 0x106cb1300?})
  net/fd_posix.go:96 +0x28
net.(*conn).Write(0x14003c74028, {0x14000f04180?, 0x1084ddee0?, 0x14000000008?})
  net/net.go:197 +0x34
github.com/btcsuite/btcd/wire.WriteMessageWithEncodingN({0x10f70e598, 0x14003c74028}, {0x1071566d0, 0x14000c94350}, 0x11180, 0xd9b4bef9, 0x1)
  github.com/btcsuite/[email protected]/wire/message.go:342 +0x590
github.com/btcsuite/btcd/peer.(*Peer).writeMessage(0x14000a48008, {0x1071566d0, 0x14000c94350}, 0x1)
  github.com/btcsuite/[email protected]/peer/peer.go:1133 +0x2f8
github.com/btcsuite/btcd/peer.(*Peer).outHandler(0x14000a48008)
  github.com/btcsuite/[email protected]/peer/peer.go:1816 +0x174
created by github.com/btcsuite/btcd/peer.(*Peer).start in goroutine 704321
  github.com/btcsuite/[email protected]/peer/peer.go:2313 +0x2dc

Your environment

• version of lnd — lnd version 0.18.4-beta commit=v0.18.4-beta
• which operating system (uname -a on *Nix) — Darwin host.local 23.5.0 Darwin Kernel Version 23.5.0: Wed May 1 20:12:58 PDT 2024; root:xnu-10063.121.3~5/RELEASE_ARM64_T6000 arm64
• version of btcd, bitcoind, or other backend — Neutrino mode
• any other relevant environment details — -

Steps to reproduce

I don't know how it happened, but it probably crashed after the (macbook) lid was opened.
Unfortunately, I was unable to reproduce this.

Expected behaviour

The lnd doesn't crash.

Actual behaviour

It crashes.

[guggero]

Thanks for the report. This looks very weird to me. I looked at the code path and it looks like this crashed somewhere in the Golang standard library. Looks like the variable nn is larger than the length of the slice here: https://github.com/golang/go/blob/go1.22.6/src/internal/poll/fd_unix.go#L380

I think it might be worth opening this as a bug in the Golang issue tracker: https://github.com/golang/go/issues
Especially the detail about MacOS waking up from sleep mode (opening the lid) might be relevant.

Not sure what to tell you in the meantime other than updating to lnd v0.18.5-beta which uses a newer Golang version that might have fixed the bug (although from looking through the latest release notes I didn't find anything that would match).

[Kamillaova]

Yea, I read the stdlib code and it really looks like this is indeed a stdlib issue since the only input argument is a slice.

And AFAIU racing is not possible here, since slice shrinking will always copy it.

I'll try to reproduce it on the latest lnd version and with different go versions, thanks

[guggero]

Going to close the issue in the meantime, since I'm not sure we can do anything. Feel free to re-open if you disagree.