Headline
CVE-2023-30635: fatal about failed to get timestamp from PD · Issue #14516 · tikv/tikv
TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal error) upon an attempt to get a timestamp from the Placement Driver.
Bug Report****What version of TiKV are you using?
v6.1.2
What operating system and CPU are you using?
ubuntu
Steps to reproduce
Run Jepsen test configured with kill, pause and membership nemesis
What did you expect?
No fatal
What happened?
[2023/03/16 15:24:47.529 +00:00] [FATAL] [lib.rs:491] [“failed to get timestamp from PD: Other("[components/pd_client/src/tso.rs:97]: Timestamp channel is dropped”)"] [backtrace=" 0: tikv_util::set_panic_hook::{{closure}}\n at /opt/tikv/components/tikv_util/src/lib.rs:490:18\n 1: std::panicking::rust_panic_with_hook\n at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/panicking.rs:702:17\n 2: std::panicking::begin_panic_handler::{{closure}}\n at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/panicking.rs:588:13\n 3: std::sys_common::backtrace::__rust_end_short_backtrace\n at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/sys_common/backtrace.rs:138:18\n 4: rust_begin_unwind\n at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/panicking.rs:584:5\n 5: core::panicking::panic_fmt\n at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/core/src/panicking.rs:143:14\n 6: core::result::unwrap_failed\n at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/core/src/result.rs:1749:5\n 7: core::result::Result<T,E>::expect\n at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/core/src/result.rs:1022:23\n server::server::TiKvServer<ER>::init\n at /opt/tikv/components/server/src/server.rs:269:25\n 8: server::server::run_impl\n at /opt/tikv/components/server/src/server.rs:116:20\n server::server::run_tikv\n at /opt/tikv/components/server/src/server.rs:163:5\n 9: tikv_server::main\n at /opt/tikv/cmd/tikv-server/src/main.rs:189:5\n 10: core::ops::function::FnOnce::call_once\n at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/core/src/ops/function.rs:227:5\n std::sys_common::backtrace::__rust_begin_short_backtrace\n at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/sys_common/backtrace.rs:122:18\n 11: std::rt::lang_start::{{closure}}\n at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/rt.rs:145:18\n 12: core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once\n at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/core/src/ops/function.rs:259:13\n std::panicking::try::do_call\n at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/panicking.rs:492:40\n std::panicking::try\n at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/panicking.rs:456:19\n std::panic::catch_unwind\n at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/panic.rs:137:14\n std::rt::lang_start_internal::{{closure}}\n at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/rt.rs:128:48\n std::panicking::try::do_call\n at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/panicking.rs:492:40\n std::panicking::try\n at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/panicking.rs:456:19\n std::panic::catch_unwind\n at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/panic.rs:137:14\n std::rt::lang_start_internal\n at /rustc/1e12aef3fab243407f9d71ba9956cb2a1bf105d5/library/std/src/rt.rs:128:20\n 13: main\n 14: __libc_start_main\n at /build/glibc-6iIyft/glibc-2.28/csu/…/csu/libc-start.c:308:16\n 15: _start\n"] [location=components/server/src/server.rs:269] [thread_name=main]