Green crash with segmentation fault after unlocking Jade bitcoin singlesig

delta1 commented 1 year ago

Description

Green AppImage crashes with segmentation fault after trying to unlock Jade with PIN

Version

Green version 1.1.4 Appimage from https://github.com/Blockstream/green_qt/releases/tag/release_1.1.4 Jade firmware version 0.1.39

Steps to reproduce

Run Green version 1.1.4 AppImage
Connect Jade to USB
In Green click "unlock" button next to Bitcoin single sig for Jade
On Jade enter correct PIN
Green crashed with segmentation fault (core dumped)

Expected behaviour

Expect Green not to crash and unlock wallet on Jade

Actual behaviour

Green crashed with segfault

Device or machine

[2022-11-07 15:14:27.491491] [app:info] Blockstream Blockstream Green 1.1.4
[2022-11-07 15:14:27.493493] [app:info] System Information:
[2022-11-07 15:14:27.493493] [app:info]   Build ABI: x86_64-little_endian-lp64
[2022-11-07 15:14:27.493493] [app:info]   Build CPU Architecture: x86_64
[2022-11-07 15:14:27.493493] [app:info]   Current CPU Architecture: x86_64
[2022-11-07 15:14:27.493493] [app:info]   Hardware Model: XPS 15 9510
[2022-11-07 15:14:27.493493] [app:info]   Kernel Type: linux
[2022-11-07 15:14:27.493493] [app:info]   Kernel Version: 6.0.2-76060002-generic
[2022-11-07 15:14:27.493493] [app:info]   Product: Pop!_OS 22.04 LTS
[2022-11-07 15:14:27.493493] [app:info]   Product Type: pop
[2022-11-07 15:14:27.493493] [app:info]   Product Version: 22.04
[2022-11-07 15:14:27.493493] [app:info] Build Type: release
[2022-11-07 15:14:27.493493] [app:info] Data directory: "/home/byron/.local/share/Blockstream/Green"

Additional info

Last lines from log:

[2022-11-07 15:19:55.126126] [gdk:debug] 55.126 INFO - GDKRUST_call_session handle_call connect input "redacted"
[2022-11-07 15:19:55.340340] [gdk:debug] 55.340 INFO - connect succesfully ping the electrum server
[2022-11-07 15:19:55.340340] [gdk:debug] 55.340 INFO - push notification: Object({"event": String("network"), "network": Object({"current_state": String("connected"), "next_state": String("connected"), "wait_ms": Number(0)})})
[2022-11-07 15:19:55.340340] [gdk:debug] 55.340 INFO - GDKRUST_call_session connect output "Ok(Null)"
[2022-11-07 15:19:55.340340] [app:debug] unlocking
[2022-11-07 15:20:10.840840] [app:debug] JadeAPI::processResponseMessage() - Jade response 82534 requires http-request
[2022-11-07 15:20:10.860860] [app:warning] Unexpected Type: QCborValue::String and/or error:  0
[2022-11-07 15:20:10.860860] [gdk:info] Error http_request: [json.exception.type_error.302] type must be string, but is null
[2022-11-07 15:20:10.899899] [app:warning] qrc:/JadeView.qml:113:13: QML GListView: Binding loop detected for property "currentIndex"
[2022-11-07 15:20:10.900900] [app:warning] qrc:/JadeView.qml: Writing to "device" broke the binding to the underlying model
[2022-11-07 15:20:10.900900] [app:warning] qrc:/JadeView.qml: Writing to "device" broke the binding to the underlying model
[2022-11-07 15:20:13.726726] [app:warning] JadeAPI::processResponseMessage() - Message ignored - no numeric string 'id' field: QCborMap{{QCborValue("id"), QCborValue("00")}, {QCborValue("error"), QCborValue(QCborMap{{QCborValue("code"), QCborValue(-32600)}, {QCborValue("message"), QCborValue("Invalid RPC Request message")}, {QCborValue("data"), QCborValue(QByteArray("5"))}})}}
[2022-11-07 15:20:13.726726] [app:debug] CBOR incomplete ( 62  bytes present ) - awaiting more data
[2022-11-07 15:20:13.765765] [app:warning] Unexpected Type: QCborValue::Integer and/or error:  0

delta1 commented 1 year ago

Just tried with BlockstreamGreen_Linux_x86_64.tar.gz from same release 1.1.4

Green crashed again. Last lines from log:

[2022-11-07 15:31:19.508508] [app:debug] JadeAPI::processResponseMessage() - Jade response 59999 requires http-request
[2022-11-07 15:31:19.510510] [app:warning] Unexpected Type: QCborValue::String and/or error:  0
[2022-11-07 15:31:19.510510] [gdk:info] Error http_request: [json.exception.type_error.302] type must be string, but is null
[2022-11-07 15:31:19.549549] [app:warning] qrc:/JadeView.qml:113:13: QML GListView: Binding loop detected for property "currentIndex"
[2022-11-07 15:31:19.549549] [app:warning] qrc:/JadeView.qml: Writing to "device" broke the binding to the underlying model
[2022-11-07 15:31:19.549549] [app:warning] qrc:/JadeView.qml: Writing to "device" broke the binding to the underlying model
[2022-11-07 15:31:23.208208] [app:warning] JadeAPI::processResponseMessage() - Message ignored - no numeric string 'id' field: QCborMap{{QCborValue("id"), QCborValue("00")}, {QCborValue("error"), QCborValue(QCborMap{{QCborValue("code"), QCborValue(-32600)}, {QCborValue("message"), QCborValue("Invalid RPC Request message")}, {QCborValue("data"), QCborValue(QByteArray("59"))}})}}
[2022-11-07 15:31:23.208208] [app:debug] CBOR incomplete ( 61  bytes present ) - awaiting more data
[2022-11-07 15:31:23.208208] [app:warning] JadeAPI::processResponseMessage() - Message ignored - no numeric string 'id' field: QCborMap{{QCborValue("id"), QCborValue("00")}, {QCborValue("error"), QCborValue(QCborMap{{QCborValue("code"), QCborValue(-32600)}, {QCborValue("message"), QCborValue("Invalid RPC Request message")}, {QCborValue("data"), QCborValue(QByteArray("8"))}})}}
[2022-11-07 15:31:25.238238] [app:debug] CBOR incomplete ( 1  bytes present ) - awaiting more data
[2022-11-07 15:31:25.250250] [app:warning] JadeAPI::processResponseMessage() - Message ignored - no numeric string 'id' field: QCborMap{{QCborValue("id"), QCborValue("00")}, {QCborValue("error"), QCborValue(QCborMap{{QCborValue("code"), QCborValue(-32600)}, {QCborValue("message"), QCborValue("Invalid RPC Request message")}, {QCborValue("data"), QCborValue(QByteArray("8"))}})}}
[2022-11-07 15:31:25.250250] [app:debug] CBOR incomplete ( 63  bytes present ) - awaiting more data
[2022-11-07 15:31:25.289289] [app:warning] Unexpected Type: QCborValue::Integer and/or error:  0

delta1 commented 1 year ago

Please let me know if there's any other info I can provide

domegabri commented 1 year ago

Thanks for the report. We are investigating. Do you have tor enable or some custom network setting?

delta1 commented 1 year ago

@domegabri no but it’s possible my wifi was flaky. I will test again and let you know

delta1 commented 1 year ago

I stopped the system Tor service, and ensured Green had the Tor toggle switched to off - same issue occurred.

delta1 commented 1 year ago

So I think this might actually be a Jade/USB networking issue. Trying with Sparrow wallet over USB not working in a similar way. But Jade is working via bluetooth with the iOS Green app :man_shrugging:

grubles commented 1 year ago

I think I also ran into this crash. I had a Jade unlocked, disconnected it, connected a separate Jade and unlocked it, and that's when Green segfaulted. The Jade display showed some sort of "network error" in red letters once the desktop app crashed.

OS is Fedora 37 Blockstream Green Version 1.1.5 Jade firmware 0.1.41

dmesg:

[ 2775.196608] AppRun[5692]: segfault at 55fb017ab7e0 ip 000055fb017ab7e0 sp 00007fff64e320d8 error 15
[ 2775.196623] Code: 00 00 00 00 00 00 00 00 00 00 10 03 00 00 00 00 00 00 20 00 00 00 00 00 00 00 50 93 79 01 fb 55 00 00 e0 6c 5f d6 38 7f 00 00 <00> 00 00 00 00 00 00 00 d1 2b 00 00 00 00 00 00 00 ff 0a 01 fb 55

JamieDriver commented 1 year ago

If the app crashes, then Jade may well display 'Network or Server error', as all Jade will know is that it has lost connection to the pinserver (or whatever it was tring to communicate with, via the app).

If we think Jade is causing the crash of the app, we need to find out what values Jade is returning that the app can't handle - then I should be able to tell if it's a bug on Jade or if indeed it's just a (rare) response the app should be handling.

JamieDriver commented 1 year ago

From the log above, it looks like some comms error has occured - and this is odd:
no numeric string 'id' field: QCborMap{{QCborValue("id"), QCborValue("00")},...

I mean it says 'no numeric string 'id' field, but the first field shown is an id - unless it doesn't consider 0 numeric ?
Jade uses 'id: 00' when it wants to send an error response to a message, but has no message-id to populate the response - eg. if jade receives bytes it cannot parse.

grubles commented 1 year ago

I'm not sure if this is related but I cannot unlock my Jade at all now. Looks to be logged as this error?

[2022-12-13 15:53:16.551551] [app:debug] JadeAPI::processResponseMessage() - Jade response 77735 requires http-request
[2022-12-13 15:53:16.553553] [gdk:info] Error http_request: [json.exception.type_error.302] type must be string, but is null
[2022-12-13 15:53:16.604604] [app:debug] CBOR incomplete ( 1  bytes present ) - awaiting more data

bitcoinhelp commented 1 year ago

@JamieDriver any thoughts on this? @grubles any message display on Jade?

I'm not sure if this is related but I cannot unlock my Jade at all now. Looks to be logged as this error?

[2022-12-13 15:53:16.551551] [app:debug] JadeAPI::processResponseMessage() - Jade response 77735 requires http-request
[2022-12-13 15:53:16.553553] [gdk:info] Error http_request: [json.exception.type_error.302] type must be string, but is null
[2022-12-13 15:53:16.604604] [app:debug] CBOR incomplete ( 1  bytes present ) - awaiting more data

grubles commented 1 year ago

Just the Network or Server error. The Green desktop app also flashes an Invalid PIN briefly, even though I'm entering the correct PIN.

Unlocking and logging in works using the F-Droid app, FWIW.

JamieDriver commented 1 year ago

[2022-12-13 15:53:16.551551] [app:debug] JadeAPI::processResponseMessage() - Jade response 77735 requires http-request
[2022-12-13 15:53:16.553553] [gdk:info] Error http_request: [json.exception.type_error.302] type must be string, but is null

This looks like the http request jade is requesting the app make (to the pinserver) isn't being built correctly. (Jade should have passed urls and a json payload to the app, but relies on the app to make that an http call and provide jade the json it gets back). I'm afraid it isn't immediately obvious [to me] what 'type' might be ...

borgbyte commented 1 year ago

@delta1 looks like you are experiencing this issue https://twitter.com/wtogami/status/1624186079594135559, please try the workaround explained in that thread.

delta1 commented 11 months ago

this issue https://twitter.com/wtogami/status/1624186079594135559

Thanks @borgbyte

Confirmed that the fix in the above tweet works for me

Use Powertop to find out which device bus the serial is on ( in this example, 1-4 )

requires root

echo on > /sys/bus/devices/1-4/power/control

jgriffiths commented 11 months ago

@borgbyte The app shouldn't segfault when this occurs, can you LMK if you can reproduce this and if so whether it crashes in gdk or green_qt?

delta1 commented 11 months ago

I believe it’s parsing a corrupted auth_user cbor response from the jade

delta1 commented 11 months ago

https://cbor.nemo157.com/?type=hex&value=a2626964643132333466726573756c74a16c687474705f72657175657374a266706172616d73a46475726c7382782f68747470733a2f2f6a61646570696e2e626e6f636b626d377668356a74366d706a63746e3767677966793577656776626566663378376a727a6e7161776c6d69642e6f6e696f6e2f73746172745f68616e647368616b65666d6574686f6464504f535466616363657074646a736f6e646461746160686f6e2d7265706c796e68616e647368616b655f696e6974

delta1 commented 11 months ago

strangely it looks like it might be a “valid” cbor in that it parses, but obviously those urls are invalid

borgbyte commented 7 months ago

@jgriffiths sorry I missed your request above.

The implementation is now a bit different. I suggest testing with latest release.

Blockstream / green_qt