[GH-ISSUE #3529] 0.51.0 panic: runtime error: slice bounds out of range [20:16] #2817

New issue

Closed

opened 2026-05-05 13:49:15 -06:00 by gitea-mirror · 5 comments

gitea-mirror commented 2026-05-05 13:49:15 -06:00

Owner

Copy link

Originally created by @pierre-pretorius on GitHub (Jul 14, 2023).
Original GitHub issue: https://github.com/fatedier/frp/issues/3529

Bug Description

We did get the slice bounds out of range error in the cipher code in previous versions, but we upgraded to the latest 0.51.0 to ensure the bug is present in the latest code. It looks like the stack trace in the log below is too short to determine the root cause?

frpc Version

Various versions from 0.34.0 and upwards

frps Version

0.51.0

System Architecture

linux/amd64

Configurations

Server

[common]
bind_port = 8888
authentication_method = token
token = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
dashboard_port = 2000
dashboard_user = admin
dashboard_pwd = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
log_file = /var/log/frps.log
log_level = warn

[plugin.login]
addr = http://localhost:3000
path = /frps/login
ops = Login

[plugin.proxy]
addr = http://localhost:3000
path = /frps/proxy
ops = NewProxy

Client

[common]
server_addr = xxxxxxxxxxxxxxxxx
server_port = 8888
authentication_method = token
token = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
user = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
meta_sid = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
meta_gid = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

[web]
type = tcp
local_port = 80
remote_port = 30000
use_encryption = true
use_compression = true

Logs

Jul 14 02:43:01 systemd[1]: Started FRPS Service.
Jul 14 11:47:03 frps[1465596]: panic: runtime error: slice bounds out of range [20:16]
Jul 14 11:47:03 frps[1465596]: goroutine 9331955 [running]:
Jul 14 11:47:03 frps[1465596]: crypto/cipher.(*cfb).XORKeyStream(0xc02ea994f0, {0xc0253ca080?, 0x7fba61f785b8?, 0x20?}, {0xc0253ca080?, 0xc009c2a580?, 0x0?})
Jul 14 11:47:03 frps[1465596]:         crypto/cipher/cfb.go:41 +0x31b
Jul 14 11:47:03 frps[1465596]: crypto/cipher.StreamReader.Read({{0xe7f140?, 0xc02ea994f0?}, {0x7fba3a9f10e8?, 0xc00a9f3680?}}, {0xc0253ca080, 0xc00f9ecb88?, 0x12a4e})
Jul 14 11:47:03 frps[1465596]:         crypto/cipher/io.go:21 +0xa3
Jul 14 11:47:03 frps[1465596]: github.com/fatedier/golib/crypto.(*Reader).Read(0xc00338a3c0, {0xc0253ca080?, 0x8000?, 0x0?})
Jul 14 11:47:03 frps[1465596]:         github.com/fatedier/golib@v0.1.1-0.20230628070619-a1a0c648236a/crypto/decode.go:71 +0x1c7
Jul 14 11:47:03 frps[1465596]: github.com/fatedier/golib/io.(*ReadWriteCloser).Read(0xc0170d8398?, {0xc0253ca080?, 0x0?, 0x0?})
Jul 14 11:47:03 frps[1465596]:         github.com/fatedier/golib@v0.1.1-0.20230628070619-a1a0c648236a/io/io.go:93 +0x26
Jul 14 11:47:03 frps[1465596]: io.ReadAtLeast({0x7fba39f5e8f0, 0xc012e0a400}, {0xc0253ca000, 0x69f, 0x12ace}, 0x69f)
Jul 14 11:47:03 frps[1465596]:         io/io.go:332 +0x9a
Jul 14 11:47:03 frps[1465596]: io.ReadFull(...)
Jul 14 11:47:03 frps[1465596]:         io/io.go:351
Jul 14 11:47:03 frps[1465596]: github.com/golang/snappy.(*Reader).readFull(0xc00026b880, {0xc0253ca000?, 0xc0170d8380?, 0xc0315b4000?}, 0x0)
Jul 14 11:47:03 frps[1465596]:         github.com/golang/snappy@v0.0.3/decode.go:112 +0x48
Jul 14 11:47:03 frps[1465596]: github.com/golang/snappy.(*Reader).Read(0xc00026b880, {0xc0315b4000, 0x8000, 0xc0022edc01?})
Jul 14 11:47:03 frps[1465596]:         github.com/golang/snappy@v0.0.3/decode.go:159 +0x2a5
Jul 14 11:47:03 frps[1465596]: github.com/fatedier/golib/io.(*ReadWriteCloser).Read(0xba61f785b8?, {0xc0315b4000?, 0xc0022edc30?, 0x10?})
Jul 14 11:47:03 frps[1465596]:         github.com/fatedier/golib@v0.1.1-0.20230628070619-a1a0c648236a/io/io.go:93 +0x26
Jul 14 11:47:03 frps[1465596]: io.copyBuffer({0xe81360, 0xc0022edc30}, {0x7fba39f5e8f0, 0xc030732380}, {0x0, 0x0, 0x0})
Jul 14 11:47:03 frps[1465596]:         io/io.go:427 +0x1b2
Jul 14 11:47:03 frps[1465596]: io.Copy(...)
Jul 14 11:47:03 frps[1465596]:         io/io.go:386
Jul 14 11:47:03 frps[1465596]: net.genericReadFrom({0xe802c0?, 0xc0073adc80?}, {0x7fba39f5e8f0, 0xc030732380})
Jul 14 11:47:03 frps[1465596]:         net/net.go:675 +0x6a
Jul 14 11:47:03 frps[1465596]: net.(*TCPConn).readFrom(0xc0073adc80, {0x7fba39f5e8f0, 0xc030732380})
Jul 14 11:47:03 frps[1465596]:         net/tcpsock_posix.go:54 +0x78
Jul 14 11:47:03 frps[1465596]: net.(*TCPConn).ReadFrom(0xc0073adc80, {0x7fba39f5e8f0?, 0xc030732380?})
Jul 14 11:47:03 frps[1465596]:         net/tcpsock.go:130 +0x36
Jul 14 11:47:03 frps[1465596]: io.copyBuffer({0xe802c0, 0xc0073adc80}, {0x7fba39f5e8f0, 0xc030732380}, {0xc0096d4000, 0x4000, 0x4000})
Jul 14 11:47:03 frps[1465596]:         io/io.go:413 +0x14b
Jul 14 11:47:03 frps[1465596]: io.CopyBuffer({0xe802c0?, 0xc0073adc80?}, {0x7fba39f5e8f0?, 0xc030732380?}, {0xc0096d4000?, 0x1?, 0xc0097756e0?})
Jul 14 11:47:03 frps[1465596]:         io/io.go:400 +0x3c
Jul 14 11:47:03 frps[1465596]: github.com/fatedier/golib/io.Join.func1(0x1, {0x7fba39f5e930?, 0xc0073adc80}, {0xe84460?, 0xc030732380}, 0xc00e70b8d8)
Jul 14 11:47:03 frps[1465596]:         github.com/fatedier/golib@v0.1.1-0.20230628070619-a1a0c648236a/io/io.go:36 +0x209
Jul 14 11:47:03 frps[1465596]: created by github.com/fatedier/golib/io.Join
Jul 14 11:47:03 frps[1465596]:         github.com/fatedier/golib@v0.1.1-0.20230628070619-a1a0c648236a/io/io.go:41 +0x29b
Jul 14 11:47:04 systemd[1]: frps.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Jul 14 11:47:04 systemd[1]: frps.service: Failed with result 'exit-code'.
Jul 14 11:47:09 systemd[1]: frps.service: Scheduled restart job, restart counter is at 1.
Jul 14 11:47:09 systemd[1]: Stopped FRPS Service.
Jul 14 11:47:09 systemd[1]: Started FRPS Service.

Steps to reproduce

We only see this error on high traffic servers, so it's not easy to reproduce. It happens more or less every day.

Affected area

• Docs
• Installation
• Performance and Scalability
• Security
• User Experience
• Test and Release
• Developer Infrastructure
• Client Plugin
• Server Plugin
• Extensions
• Others

Originally created by @pierre-pretorius on GitHub (Jul 14, 2023). Original GitHub issue: https://github.com/fatedier/frp/issues/3529 ### Bug Description We did get the `slice bounds out of range` error in the `cipher` code in previous versions, but we upgraded to the latest 0.51.0 to ensure the bug is present in the latest code. It looks like the stack trace in the log below is too short to determine the root cause? ### frpc Version Various versions from 0.34.0 and upwards ### frps Version 0.51.0 ### System Architecture linux/amd64 ### Configurations Server ``` [common] bind_port = 8888 authentication_method = token token = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx dashboard_port = 2000 dashboard_user = admin dashboard_pwd = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx log_file = /var/log/frps.log log_level = warn [plugin.login] addr = http://localhost:3000 path = /frps/login ops = Login [plugin.proxy] addr = http://localhost:3000 path = /frps/proxy ops = NewProxy ``` Client ``` [common] server_addr = xxxxxxxxxxxxxxxxx server_port = 8888 authentication_method = token token = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx user = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx meta_sid = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx meta_gid = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx [web] type = tcp local_port = 80 remote_port = 30000 use_encryption = true use_compression = true ``` ### Logs ``` Jul 14 02:43:01 systemd[1]: Started FRPS Service. Jul 14 11:47:03 frps[1465596]: panic: runtime error: slice bounds out of range [20:16] Jul 14 11:47:03 frps[1465596]: goroutine 9331955 [running]: Jul 14 11:47:03 frps[1465596]: crypto/cipher.(*cfb).XORKeyStream(0xc02ea994f0, {0xc0253ca080?, 0x7fba61f785b8?, 0x20?}, {0xc0253ca080?, 0xc009c2a580?, 0x0?}) Jul 14 11:47:03 frps[1465596]: crypto/cipher/cfb.go:41 +0x31b Jul 14 11:47:03 frps[1465596]: crypto/cipher.StreamReader.Read({{0xe7f140?, 0xc02ea994f0?}, {0x7fba3a9f10e8?, 0xc00a9f3680?}}, {0xc0253ca080, 0xc00f9ecb88?, 0x12a4e}) Jul 14 11:47:03 frps[1465596]: crypto/cipher/io.go:21 +0xa3 Jul 14 11:47:03 frps[1465596]: github.com/fatedier/golib/crypto.(*Reader).Read(0xc00338a3c0, {0xc0253ca080?, 0x8000?, 0x0?}) Jul 14 11:47:03 frps[1465596]: github.com/fatedier/golib@v0.1.1-0.20230628070619-a1a0c648236a/crypto/decode.go:71 +0x1c7 Jul 14 11:47:03 frps[1465596]: github.com/fatedier/golib/io.(*ReadWriteCloser).Read(0xc0170d8398?, {0xc0253ca080?, 0x0?, 0x0?}) Jul 14 11:47:03 frps[1465596]: github.com/fatedier/golib@v0.1.1-0.20230628070619-a1a0c648236a/io/io.go:93 +0x26 Jul 14 11:47:03 frps[1465596]: io.ReadAtLeast({0x7fba39f5e8f0, 0xc012e0a400}, {0xc0253ca000, 0x69f, 0x12ace}, 0x69f) Jul 14 11:47:03 frps[1465596]: io/io.go:332 +0x9a Jul 14 11:47:03 frps[1465596]: io.ReadFull(...) Jul 14 11:47:03 frps[1465596]: io/io.go:351 Jul 14 11:47:03 frps[1465596]: github.com/golang/snappy.(*Reader).readFull(0xc00026b880, {0xc0253ca000?, 0xc0170d8380?, 0xc0315b4000?}, 0x0) Jul 14 11:47:03 frps[1465596]: github.com/golang/snappy@v0.0.3/decode.go:112 +0x48 Jul 14 11:47:03 frps[1465596]: github.com/golang/snappy.(*Reader).Read(0xc00026b880, {0xc0315b4000, 0x8000, 0xc0022edc01?}) Jul 14 11:47:03 frps[1465596]: github.com/golang/snappy@v0.0.3/decode.go:159 +0x2a5 Jul 14 11:47:03 frps[1465596]: github.com/fatedier/golib/io.(*ReadWriteCloser).Read(0xba61f785b8?, {0xc0315b4000?, 0xc0022edc30?, 0x10?}) Jul 14 11:47:03 frps[1465596]: github.com/fatedier/golib@v0.1.1-0.20230628070619-a1a0c648236a/io/io.go:93 +0x26 Jul 14 11:47:03 frps[1465596]: io.copyBuffer({0xe81360, 0xc0022edc30}, {0x7fba39f5e8f0, 0xc030732380}, {0x0, 0x0, 0x0}) Jul 14 11:47:03 frps[1465596]: io/io.go:427 +0x1b2 Jul 14 11:47:03 frps[1465596]: io.Copy(...) Jul 14 11:47:03 frps[1465596]: io/io.go:386 Jul 14 11:47:03 frps[1465596]: net.genericReadFrom({0xe802c0?, 0xc0073adc80?}, {0x7fba39f5e8f0, 0xc030732380}) Jul 14 11:47:03 frps[1465596]: net/net.go:675 +0x6a Jul 14 11:47:03 frps[1465596]: net.(*TCPConn).readFrom(0xc0073adc80, {0x7fba39f5e8f0, 0xc030732380}) Jul 14 11:47:03 frps[1465596]: net/tcpsock_posix.go:54 +0x78 Jul 14 11:47:03 frps[1465596]: net.(*TCPConn).ReadFrom(0xc0073adc80, {0x7fba39f5e8f0?, 0xc030732380?}) Jul 14 11:47:03 frps[1465596]: net/tcpsock.go:130 +0x36 Jul 14 11:47:03 frps[1465596]: io.copyBuffer({0xe802c0, 0xc0073adc80}, {0x7fba39f5e8f0, 0xc030732380}, {0xc0096d4000, 0x4000, 0x4000}) Jul 14 11:47:03 frps[1465596]: io/io.go:413 +0x14b Jul 14 11:47:03 frps[1465596]: io.CopyBuffer({0xe802c0?, 0xc0073adc80?}, {0x7fba39f5e8f0?, 0xc030732380?}, {0xc0096d4000?, 0x1?, 0xc0097756e0?}) Jul 14 11:47:03 frps[1465596]: io/io.go:400 +0x3c Jul 14 11:47:03 frps[1465596]: github.com/fatedier/golib/io.Join.func1(0x1, {0x7fba39f5e930?, 0xc0073adc80}, {0xe84460?, 0xc030732380}, 0xc00e70b8d8) Jul 14 11:47:03 frps[1465596]: github.com/fatedier/golib@v0.1.1-0.20230628070619-a1a0c648236a/io/io.go:36 +0x209 Jul 14 11:47:03 frps[1465596]: created by github.com/fatedier/golib/io.Join Jul 14 11:47:03 frps[1465596]: github.com/fatedier/golib@v0.1.1-0.20230628070619-a1a0c648236a/io/io.go:41 +0x29b Jul 14 11:47:04 systemd[1]: frps.service: Main process exited, code=exited, status=2/INVALIDARGUMENT Jul 14 11:47:04 systemd[1]: frps.service: Failed with result 'exit-code'. Jul 14 11:47:09 systemd[1]: frps.service: Scheduled restart job, restart counter is at 1. Jul 14 11:47:09 systemd[1]: Stopped FRPS Service. Jul 14 11:47:09 systemd[1]: Started FRPS Service. ``` ### Steps to reproduce We only see this error on high traffic servers, so it's not easy to reproduce. It happens more or less every day. ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [ ] Security - [ ] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [ ] Server Plugin - [ ] Extensions - [ ] Others

gitea-mirror 2026-05-05 13:49:15 -06:00

• closed this issue
• added the
  lifecycle/stale
  label

gitea-mirror commented 2026-05-05 13:49:18 -06:00

Author

Owner

Copy link

@fatedier commented on GitHub (Jul 17, 2023):

@pierre-pretorius I looked into it, but I couldn't figure out under what circumstances this issue would occur. It's quite strange. Are you using the binary files downloaded from GitHub or did you compile it yourself?

<!-- gh-comment-id:1637350296 --> @fatedier commented on GitHub (Jul 17, 2023): @pierre-pretorius I looked into it, but I couldn't figure out under what circumstances this issue would occur. It's quite strange. Are you using the binary files downloaded from GitHub or did you compile it yourself?

gitea-mirror commented 2026-05-05 13:49:19 -06:00

Author

Owner

Copy link

@fatedier commented on GitHub (Jul 17, 2023):

In addition, starting from version 0.50.0, TLS will be enabled by default. The traffic between frpc and frps will be encrypted, so you no longer need to use use_encryption = true.

<!-- gh-comment-id:1637351228 --> @fatedier commented on GitHub (Jul 17, 2023): In addition, starting from version 0.50.0, TLS will be enabled by default. The traffic between frpc and frps will be encrypted, so you no longer need to use `use_encryption = true`.

gitea-mirror commented 2026-05-05 13:49:20 -06:00

Author

Owner

Copy link

@pierre-pretorius commented on GitHub (Jul 19, 2023):

@pierre-pretorius I looked into it, but I couldn't figure out under what circumstances this issue would occur. It's quite strange. Are you using the binary files downloaded from GitHub or did you compile it yourself?

I'm using the binary from Github

<!-- gh-comment-id:1641306053 --> @pierre-pretorius commented on GitHub (Jul 19, 2023): > @pierre-pretorius I looked into it, but I couldn't figure out under what circumstances this issue would occur. It's quite strange. Are you using the binary files downloaded from GitHub or did you compile it yourself? I'm using the binary from Github

gitea-mirror commented 2026-05-05 13:49:21 -06:00

Author

Owner

Copy link

@fatedier commented on GitHub (Jul 20, 2023):

@pierre-pretorius I have discovered a race condition issue, but I am not sure if it is related to your problem. I will fix this issue and release a minor version.

<!-- gh-comment-id:1643764327 --> @fatedier commented on GitHub (Jul 20, 2023): @pierre-pretorius I have discovered a race condition issue, but I am not sure if it is related to your problem. I will fix this issue and release a minor version.

gitea-mirror commented 2026-05-05 13:49:22 -06:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Apr 6, 2024):

Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

<!-- gh-comment-id:2040825740 --> @github-actions[bot] commented on GitHub (Apr 6, 2024): Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

dev

new

master

copilot/review-pull-request-5198

v0.68.1

v0.68.0

v0.67.0

v0.66.0

v0.65.0

v0.64.0

v0.63.0

v0.62.1

v0.62.0

v0.61.2

v0.61.1

v0.61.0

v0.60.0

v0.59.0

v0.58.1

v0.58.0

v0.57.0

v0.56.0

v0.55.1

v0.55.0

v0.54.0

v0.53.2

v0.53.1

v0.53.0

v0.52.3

v0.52.2

v0.52.1

v0.52.0

v0.51.3

v0.51.2

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.1

v0.46.0

v0.45.0

v0.44.0

v0.43.0

v0.42.0

v0.41.0

v0.40.0

v0.39.1

v0.39.0

v0.38.0

v0.37.1

v0.37.0

v0.36.2

v0.36.1

v0.36.0

v0.35.1

v0.35.0

v0.34.3

v0.34.2

v0.34.1

v0.34.0

v0.33.0

v0.32.1

v0.32.0

v0.31.2

v0.31.1

v0.31.0

v0.30.0

v0.29.1

v0.29.0

v0.28.2

v0.28.1

v0.28.0

v0.27.1

v0.27.0

v0.26.0

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.3

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.0

v0.19.1

v0.19.0

v0.18.0

v0.17.0

v0.16.1

v0.16.0

v0.15.1

v0.15.0

v0.14.1

v0.14.0

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.1

v0.8.0

v0.7.0

v0.6.0

v0.5.0

v0.3.0

v0.2.0

v0.1.0

Labels

Clear labels   

In Progress

  

WIP

  

WaitingForInfo

  

bug

  

doc

  

duplicate

  

easy

  

enhancement

  

future

  

help wanted

  

invalid

  

lifecycle/stale

  

need-issue-template

  

need-usage-help

  

no plan

  

proposal

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

todo

No labels

In Progress

WIP

WaitingForInfo

bug

doc

duplicate

easy

enhancement

future

help wanted

invalid

lifecycle/stale

need-issue-template

need-usage-help

no plan

proposal

pull-request

question

todo

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#2817

No description provided.