mirrors/core-lightning
1
0
Fork 0
mirror of https://github.com/ElementsProject/lightning.git synced 2025-03-15 11:59:16 +01:00
Code Issues Projects Releases Wiki Activity

connectd: fix subd tal parents.

Browse source 
This came out in a later patch: freeing the peer->subds doesn't actually
free the subds, because they're reparented onto subd->conn, which is
a child of peer itself.


This breaks because when the peer is finally freed, destroy_subd is
called, and expects to find itself in peer->subds (but we made that
NULL when we manually freed it!).

Fix this, and make it obvious that we tal_steal it.

```
ightning_connectd: FATAL SIGNAL 11 (version v0.11.0.1-25-gbf025aa-modded)
0x55de2a1b8b94 send_backtrace
	common/daemon.c:33
0x55de2a1b8c3e crashdump
	common/daemon.c:46
0x7fe2be2fc08f ???
	/build/glibc-SzIz7B/glibc-2.31/signal/../sysdeps/unix/sysv/linux/x86_64/sigaction.c:0
0x55de2a1af41e destroy_subd
	connectd/multiplex.c:1119
0x55de2a217686 notify
	ccan/ccan/tal/tal.c:240
0x55de2a217b9d del_tree
	ccan/ccan/tal/tal.c:402
0x55de2a217bef del_tree
	ccan/ccan/tal/tal.c:412
0x55de2a217bef del_tree
	ccan/ccan/tal/tal.c:412
0x55de2a217f39 tal_free
	ccan/ccan/tal/tal.c:486
0x55de2a1aa116 peer_discard
	connectd/connectd.c:1834
0x55de2a1aa38d recv_req
	connectd/connectd.c:1903
0x55de2a1b9121 handle_read
	common/daemon_conn.c:31
0x55de2a205a35 next_plan
	ccan/ccan/io/io.c:59
0x55de2a20663d do_plan
	ccan/ccan/io/io.c:407
0x55de2a20667f io_ready
	ccan/ccan/io/io.c:417
0x55de2a208972 io_loop
	ccan/ccan/io/poll.c:453
0x55de2a1aa736 main
	connectd/connectd.c:2042
0x7fe2be2dd082 __libc_start_main
	../csu/libc-start.c:308
0x55de2a1a085d ???
	???:0
0xffffffffffffffff ???
	???:0
```

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This commit is contained in:
Rusty Russell 2022-07-16 14:19:29 +09:30 committed by neil saitug
parent 912ac25270
commit 37ff013c2c
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
connectd/multiplex.c
View file

@ -1205,14 +1205,14 @@ static struct subd *multiplex_subd_setup(struct peer *peer,
return NULL;
}
subd = tal(peer->subds, struct subd);
subd = tal(NULL, struct subd);
subd->peer = peer;
subd->outq = msg_queue_new(subd, false);
subd->channel_id = *channel_id;
subd->temporary_channel_id = NULL;
subd->opener_revocation_basepoint = NULL;
/* This sets subd->conn inside subd_conn_init */
io_new_conn(peer, fds[0], subd_conn_init, subd);
io_new_conn(peer->subds, fds[0], subd_conn_init, subd);
/* When conn dies, subd is freed. */
tal_steal(subd->conn, subd);