ElementsProject / lightning

Core Lightning — Lightning Network implementation focusing on spec compliance and performance
Other
2.84k stars 901 forks source link

plugin-pay: SEGV in payment_finished when failcodename missing #7200

Closed ksedgwic closed 2 months ago

ksedgwic commented 6 months ago

Issue and Steps to Reproduce

Running v24.02.1-18-gab4ea8263 (v24.02.1 + VLS mods)

Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004480]: 2024-04-06T21:45:27.167Z DEBUG   plugin-pay: cmd 34 partid 98: Extracted channel_update 0102e851072b83d6b00cba70a518aed7ed50aadde21ea1a281653f347d50b16c0c3329cb48fc1e85ecaa03fa7d032e5acb647e9a28648a97af0fc7f68bc1de4948d043497fd7f826957108f4a30fd9cec3aeba79972084e90ead01ea33090000000027718300007d00006611a04d0100005000000000000003e8000003e800000001000000004995ff58 from onionreply 10070088e851072b83d6b00cba70a518aed7ed50aadde21ea1a281653f347d50b16c0c3329cb48fc1e85ecaa03fa7d032e5acb647e9a28648a97af0fc7f68bc1de4948d043497fd7f826957108f4a30fd9cec3aeba79972084e90ead01ea33090000000027718300007d00006611a04d0100005000000000000003e8000003e800000001000000004995ff58
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004480]: 2024-04-06T21:45:27.167Z DEBUG   lightningd: Calling rpc_command hook of plugin clboss
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004480]: 2024-04-06T21:45:27.174Z DEBUG   plugin-clboss: SendpayResultMonitor: Resolved 6eff528255fa128fbb2a257ed84f4aa6382c70c138042c339e29ef37a71ccb6f part 98 peer 03423cb1bd00c92af9cf91ed64a454cc97362038d549e1297028cf83fd3ea1b6d5: failure, destination not reached, erring_index: 1
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004480]: 2024-04-06T21:45:27.174Z DEBUG   lightningd: Plugin clboss returned from rpc_command hook call
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004480]: 2024-04-06T21:45:27.175Z DEBUG   gossipd: inject_gossip: WIRE_CHANNEL_UPDATE
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004480]: 2024-04-06T21:45:27.175Z DEBUG   gossipd: REPLY WIRE_GOSSIPD_ADDGOSSIP_REPLY with 0 fds
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004490]: pay: FATAL SIGNAL 11 (version v24.02.1-18-gab4ea82)
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004480]: 2024-04-06T21:45:27.177Z DEBUG   03423cb1bd00c92af9cf91ed64a454cc97362038d549e1297028cf83fd3ea1b6d5-channeld-chan#15: Trying commit
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004480]: 2024-04-06T21:45:27.178Z DEBUG   03423cb1bd00c92af9cf91ed64a454cc97362038d549e1297028cf83fd3ea1b6d5-channeld-chan#15: Can't send commit: nothing to send, feechange not wanted ({ SENT_ADD_ACK_REVOCATION:1255 }) blockheight not wanted ({ SENT_ADD_ACK_REVOCATION:0 })
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004490]: 0x5633be937638 send_backtrace
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004490]:         common/daemon.c:33
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004490]: 0x5633be9376cf crashdump
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004490]:         common/daemon.c:75
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004490]: 0x7f38bb04251f ???
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004490]:         ./signal/../sysdeps/unix/sysv/linux/x86_64/libc_sigaction.c:0
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004490]: 0x7f38bb0ba97a ???
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004490]:         ../sysdeps/x86_64/multiarch/strlen-vec.S:126
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004490]: 0x5633bea79f27 json_out_addstr
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004490]:         ccan/ccan/json_out/json_out.c:297
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004490]: 0x5633be93e301 json_add_string
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004490]:         common/json_stream.c:214
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004490]: 0x5633be925796 payment_finished
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004490]:         plugins/libplugin-pay.c:2132
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004490]: 0x5633be925952 payment_child_finished
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004490]:         plugins/libplugin-pay.c:1949
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004490]: 0x5633be92591b payment_finished
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004490]:         plugins/libplugin-pay.c:2189
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004490]: 0x5633be925952 payment_child_finished
Sat 2024-04-06 14:45:27 PDT home3 lightningd[4004490]:         plugins/libplugin-pay.c:1949

Backtrace from corefile:

Core was generated by `/usr/local/libexec/c-lightning/plugins/pay'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000000000000000 in ?? ()
(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x00005633be937659 in send_backtrace (why=why@entry=0x7fffcf5aa5f0 "FATAL SIGNAL 11") at common/daemon.c:36
#2  0x00005633be9376d0 in crashdump (sig=11) at common/daemon.c:75
#3  <signal handler called>
#4  __strlen_sse2 () at ../sysdeps/x86_64/multiarch/strlen-vec.S:126
#5  0x00005633bea79f28 in json_out_addstr (jout=0x5633c017fc48, fieldname=fieldname@entry=0x5633bea8108c "failcodename", str=str@entry=0x0)
    at ccan/ccan/json_out/json_out.c:297
#6  0x00005633be93e302 in json_add_string (js=js@entry=0x5633c13fbed8, fieldname=fieldname@entry=0x5633bea8108c "failcodename", str=0x0) at common/json_stream.c:214
#7  0x00005633be925797 in payment_finished (p=p@entry=0x5633c01386c8) at plugins/libplugin-pay.c:2132
#8  0x00005633be925953 in payment_child_finished (p=0x5633c01386c8, child=child@entry=0x5633c01378f8) at plugins/libplugin-pay.c:1949
#9  0x00005633be92591c in payment_finished (p=p@entry=0x5633c01378f8) at plugins/libplugin-pay.c:2189
#10 0x00005633be925953 in payment_child_finished (p=0x5633c01378f8, child=child@entry=0x5633c0136d58) at plugins/libplugin-pay.c:1949
#11 0x00005633be92591c in payment_finished (p=p@entry=0x5633c0136d58) at plugins/libplugin-pay.c:2189
#12 0x00005633be925953 in payment_child_finished (p=0x5633c0136d58, child=child@entry=0x5633c011c598) at plugins/libplugin-pay.c:1949
#13 0x00005633be92591c in payment_finished (p=p@entry=0x5633c011c598) at plugins/libplugin-pay.c:2189
#14 0x00005633be925953 in payment_child_finished (p=0x5633c011c598, child=child@entry=0x5633c0827038) at plugins/libplugin-pay.c:1949
#15 0x00005633be92591c in payment_finished (p=p@entry=0x5633c0827038) at plugins/libplugin-pay.c:2189
#16 0x00005633be925953 in payment_child_finished (p=0x5633c0827038, child=child@entry=0x5633c082f908) at plugins/libplugin-pay.c:1949
#17 0x00005633be92591c in payment_finished (p=p@entry=0x5633c082f908) at plugins/libplugin-pay.c:2189
#18 0x00005633be925953 in payment_child_finished (p=0x5633c082f908, child=child@entry=0x5633c01e9f08) at plugins/libplugin-pay.c:1949
#19 0x00005633be92591c in payment_finished (p=p@entry=0x5633c01e9f08) at plugins/libplugin-pay.c:2189
#20 0x00005633be925953 in payment_child_finished (p=0x5633c01e9f08, child=child@entry=0x5633c0134bf8) at plugins/libplugin-pay.c:1949
#21 0x00005633be92591c in payment_finished (p=p@entry=0x5633c0134bf8) at plugins/libplugin-pay.c:2189
#22 0x00005633be925953 in payment_child_finished (p=0x5633c0134bf8, child=child@entry=0x5633c01303e8) at plugins/libplugin-pay.c:1949
#23 0x00005633be92591c in payment_finished (p=p@entry=0x5633c01303e8) at plugins/libplugin-pay.c:2189
#24 0x00005633be925953 in payment_child_finished (p=0x5633c01303e8, child=child@entry=0x5633c01e8428) at plugins/libplugin-pay.c:1949
#25 0x00005633be92591c in payment_finished (p=p@entry=0x5633c01e8428) at plugins/libplugin-pay.c:2189
#26 0x00005633be925953 in payment_child_finished (p=0x5633c01e8428, child=child@entry=0x5633c0146278) at plugins/libplugin-pay.c:1949
#27 0x00005633be92591c in payment_finished (p=p@entry=0x5633c0146278) at plugins/libplugin-pay.c:2189
#28 0x00005633be925953 in payment_child_finished (p=0x5633c0146278, child=child@entry=0x5633c01638a8) at plugins/libplugin-pay.c:1949
#29 0x00005633be92591c in payment_finished (p=p@entry=0x5633c01638a8) at plugins/libplugin-pay.c:2189
#30 0x00005633be925953 in payment_child_finished (p=0x5633c01638a8, child=child@entry=0x5633c0122068) at plugins/libplugin-pay.c:1949
#31 0x00005633be92591c in payment_finished (p=p@entry=0x5633c0122068) at plugins/libplugin-pay.c:2189
#32 0x00005633be925953 in payment_child_finished (p=0x5633c0122068, child=child@entry=0x5633c0164f38) at plugins/libplugin-pay.c:1949
#33 0x00005633be92591c in payment_finished (p=p@entry=0x5633c0164f38) at plugins/libplugin-pay.c:2189
#34 0x00005633be925953 in payment_child_finished (p=0x5633c0164f38, child=child@entry=0x5633c08300c8) at plugins/libplugin-pay.c:1949
#35 0x00005633be92591c in payment_finished (p=p@entry=0x5633c08300c8) at plugins/libplugin-pay.c:2189
#36 0x00005633be925953 in payment_child_finished (p=0x5633c08300c8, child=child@entry=0x5633c0831138) at plugins/libplugin-pay.c:1949
#37 0x00005633be92591c in payment_finished (p=p@entry=0x5633c0831138) at plugins/libplugin-pay.c:2189
#38 0x00005633be925953 in payment_child_finished (p=0x5633c0831138, child=child@entry=0x5633c138a208) at plugins/libplugin-pay.c:1949
#39 0x00005633be92591c in payment_finished (p=p@entry=0x5633c138a208) at plugins/libplugin-pay.c:2189
#40 0x00005633be925953 in payment_child_finished (p=0x5633c138a208, child=child@entry=0x5633c01e6a38) at plugins/libplugin-pay.c:1949
#41 0x00005633be92591c in payment_finished (p=p@entry=0x5633c01e6a38) at plugins/libplugin-pay.c:2189
#42 0x00005633be925953 in payment_child_finished (p=0x5633c01e6a38, child=child@entry=0x5633c01406b8) at plugins/libplugin-pay.c:1949
#43 0x00005633be92591c in payment_finished (p=p@entry=0x5633c01406b8) at plugins/libplugin-pay.c:2189
#44 0x00005633be925953 in payment_child_finished (p=0x5633c01406b8, child=child@entry=0x5633c0118428) at plugins/libplugin-pay.c:1949
#45 0x00005633be92591c in payment_finished (p=p@entry=0x5633c0118428) at plugins/libplugin-pay.c:2189
#46 0x00005633be925953 in payment_child_finished (p=0x5633c0118428, child=child@entry=0x5633c13e3b88) at plugins/libplugin-pay.c:1949
#47 0x00005633be92591c in payment_finished (p=p@entry=0x5633c13e3b88) at plugins/libplugin-pay.c:2189
#48 0x00005633be925953 in payment_child_finished (p=0x5633c13e3b88, child=child@entry=0x5633c13f2d58) at plugins/libplugin-pay.c:1949
#49 0x00005633be92591c in payment_finished (p=p@entry=0x5633c13f2d58) at plugins/libplugin-pay.c:2189
#50 0x00005633be925953 in payment_child_finished (p=0x5633c13f2d58, child=child@entry=0x5633c0166dd8) at plugins/libplugin-pay.c:1949
#51 0x00005633be92591c in payment_finished (p=p@entry=0x5633c0166dd8) at plugins/libplugin-pay.c:2189
#52 0x00005633be925953 in payment_child_finished (p=0x5633c0166dd8, child=child@entry=0x5633c0173ef8) at plugins/libplugin-pay.c:1949
#53 0x00005633be92591c in payment_finished (p=p@entry=0x5633c0173ef8) at plugins/libplugin-pay.c:2189
#54 0x00005633be925953 in payment_child_finished (p=0x5633c0173ef8, child=child@entry=0x5633c01823d8) at plugins/libplugin-pay.c:1949
#55 0x00005633be92591c in payment_finished (p=0x5633c01823d8) at plugins/libplugin-pay.c:2189
#56 0x00005633be92608b in payment_continue (p=p@entry=0x5633c01823d8) at plugins/libplugin-pay.c:2237
#57 0x00005633be928b0f in adaptive_splitter_cb (d=0x5633c0138968, p=0x5633c01823d8) at plugins/libplugin-pay.c:3613
#58 0x00005633be926047 in payment_continue (p=p@entry=0x5633c01823d8) at plugins/libplugin-pay.c:2216
#59 0x00005633be9279b9 in retry_step_cb (rd=<optimized out>, p=0x5633c01823d8) at plugins/libplugin-pay.c:2404
#60 0x00005633be926047 in payment_continue (p=p@entry=0x5633c01823d8) at plugins/libplugin-pay.c:2216
#61 0x00005633be926b36 in waitblockheight_cb (d=<optimized out>, p=0x5633c01823d8) at plugins/libplugin-pay.c:3491
#62 0x00005633be926047 in payment_continue (p=p@entry=0x5633c01823d8) at plugins/libplugin-pay.c:2216
#63 0x00005633be926b76 in payee_incoming_limit_step_cb (d=<optimized out>, p=0x5633c01823d8) at plugins/libplugin-pay.c:3807
#64 0x00005633be926047 in payment_continue (p=p@entry=0x5633c01823d8) at plugins/libplugin-pay.c:2216
#65 0x00005633be927d61 in routehint_step_cb (d=0x5633c0172128, p=0x5633c01823d8) at plugins/libplugin-pay.c:2981
#66 0x00005633be926047 in payment_continue (p=p@entry=0x5633c01823d8) at plugins/libplugin-pay.c:2216
#67 0x00005633be9268cf in shadow_route_cb (d=0x5633c0177c88, p=0x5633c01823d8) at plugins/libplugin-pay.c:3286
#68 0x00005633be926047 in payment_continue (p=p@entry=0x5633c01823d8) at plugins/libplugin-pay.c:2216
#69 0x00005633be926959 in direct_pay_cb (d=<optimized out>, p=0x5633c01823d8) at plugins/libplugin-pay.c:3407
#70 0x00005633be926047 in payment_continue (p=p@entry=0x5633c01823d8) at plugins/libplugin-pay.c:2216
#71 0x00005633be926818 in exemptfee_cb (d=<optimized out>, p=0x5633c01823d8) at plugins/libplugin-pay.c:3066
#72 0x00005633be926047 in payment_continue (p=p@entry=0x5633c01823d8) at plugins/libplugin-pay.c:2216
#73 0x00005633be926cf2 in route_exclusions_step_cb (d=<optimized out>, p=0x5633c01823d8) at plugins/libplugin-pay.c:3919
#74 0x00005633be926047 in payment_continue (p=p@entry=0x5633c01823d8) at plugins/libplugin-pay.c:2216
#75 0x00005633be9265cd in local_channel_hints_cb (d=<optimized out>, p=0x5633c01823d8) at plugins/libplugin-pay.c:2511
#76 0x00005633be926047 in payment_continue (p=p@entry=0x5633c01823d8) at plugins/libplugin-pay.c:2216
#77 0x00005633be928f5f in check_preapproveinvoice_start (d=<optimized out>, p=0x5633c01823d8) at plugins/libplugin-pay.c:3869
#78 0x00005633be926047 in payment_continue (p=p@entry=0x5633c01823d8) at plugins/libplugin-pay.c:2216
#79 0x00005633be925c23 in payment_fail (p=p@entry=0x5633c01823d8, fmt=fmt@entry=0x5633bea87639 "%s") at plugins/libplugin-pay.c:2293
#80 0x00005633be9271cc in handle_intermediate_failure (cmd=cmd@entry=0x0, p=p@entry=0x5633c01823d8, errnode=0x5633c0195064, errchan=<optimized out>, 
    failcode=<optimized out>) at plugins/libplugin-pay.c:1429
#81 0x00005633be9273e8 in payment_addgossip_success (cmd=0x0, 
    buffer=0x7f38ba68b038 "\n\n{\"jsonrpc\":\"2.0\",\"id\":\"pay:addgossip#1272\",\"result\":{}}\n\nde\":204,\"message\":\"failed: WIRE_TEMPORARY_CHANNEL_FAILURE (reply from remote)\",\"data\":{\"created_index\":10866,\"id\":10866,\"payment_hash\":\"6eff5"..., toks=0x7f38b90300b0, p=0x5633c01823d8)
    at plugins/libplugin-pay.c:1552
#82 0x00005633be920ad7 in handle_rpc_reply (plugin=plugin@entry=0x5633bfda14c8, toks=0x7f38b9030038) at plugins/libplugin.c:961
#83 0x00005633be920c77 in rpc_read_response_one (plugin=plugin@entry=0x5633bfda14c8) at plugins/libplugin.c:1148
#84 0x00005633be920d28 in rpc_conn_read_response (conn=<optimized out>, plugin=0x5633bfda14c8) at plugins/libplugin.c:1172
#85 0x00005633bea76b8f in next_plan (conn=conn@entry=0x5633bfda2b18, plan=plan@entry=0x5633bfda2b38) at ccan/ccan/io/io.c:59
#86 0x00005633bea7706a in do_plan (conn=conn@entry=0x5633bfda2b18, plan=plan@entry=0x5633bfda2b38, idle_on_epipe=idle_on_epipe@entry=false) at ccan/ccan/io/io.c:407
#87 0x00005633bea77107 in io_ready (conn=conn@entry=0x5633bfda2b18, pollflags=1) at ccan/ccan/io/io.c:417
#88 0x00005633bea78aa4 in io_loop (timers=timers@entry=0x5633bfda1608, expired=expired@entry=0x7fffcf5abe58) at ccan/ccan/io/poll.c:453
#89 0x00005633be9210c0 in plugin_main (argv=argv@entry=0x7fffcf5ac118, init=init@entry=0x5633be91be68 <init>, 
    restartability=restartability@entry=PLUGIN_RESTARTABLE, init_rpc=init_rpc@entry=true, features=features@entry=0x0, 
    commands=commands@entry=0x5633bebd9f80 <commands>, num_commands=3, notif_subs=0x0, num_notif_subs=0, hook_subs=0x0, num_hook_subs=0, 
    notif_topics=0x5633bebdc010 <notification_topics>, num_notif_topics=2) at plugins/libplugin.c:2086
#90 0x00005633be91c670 in main (argc=<optimized out>, argv=0x7fffcf5ac118) at plugins/pay.c:1303

Contents of failure:

(gdb) p *failure
$1 = {id = 10865, partid = 95, state = PAYMENT_PENDING, amount_sent = {millisatoshis = 53042}, payment_preimage = 0x0, code = 204, failcodename = 0x0, 
  failcode = 36871, raw_message = 0x5633c0178f28 "\220\a\346\006\324\351\ar^\207\304]\367Gh\220\351o:d!Kܽ\250a\352Z3\fʶ}<\223\276\063V", 
  message = 0x5633c018bad8 "failed: INVALID 36871 (local failure)", erring_index = 0x5633c0195018, erring_node = 0x5633c018da84, erring_channel = 0x5633c018dab8, 
  erring_direction = 0x5633c018dac0}

Looks like the code doesn't handle missing failcodename for code 204

Lagrang3 commented 2 months ago

36871 = BADONION | UPDATE | 7, is not defined in BOLT04, does this mean that the remote node sent us an invalid failcode?