track: `withdraw` can lock up the node

[cdecker]

This has been reported for CLN v24.02. Calling withdraw under some circumstances causes the node to fully lock up, despite having a signer attached.

Debugging

Thanks to a relai user helping out we were able to take a snapshot of the call stacks:

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
0x00007f7f933af392 in __libc_read (fd=34, buf=0x7ffe00d1218c, nbytes=4) at ../sysdeps/unix/sysv/linux/read.c:26

Thread 1 (Thread 0x7f7f92214980 (LWP 440004)):
#0  0x00007f7f933af392 in __libc_read (fd=34, buf=0x7ffe00d1218c, nbytes=4) at ../sysdeps/unix/sysv/linux/read.c:26
#1  0x0000000000725799 in read_all (fd=34, data=0x7ffe00d1218c, size=4) at ccan/ccan/read_write_all/read_write_all.c:28
#2  0x00000000004a56fa in wire_sync_read (ctx=0x2183b8b8, fd=34) at wire/wire_sync.c:27
#3  0x00000000004781e1 in json_signpsbt (cmd=0x2183b8b8, buffer=<optimized out>, obj=<optimized out>, params=<optimized out>) at wallet/walletrpc.c:776
#4  0x0000000000430931 in command_exec (jcon=0x217edcb8, cmd=0x2183b8b8, buffer=0x7ffe00d1218c "", request=0x4, params=0x7f7f933af392 <__libc_read+18>) at lightningd/jsonrpc.c:846
#5  0x000000000042efba in rpc_command_hook_final (p=0x20c13548) at lightningd/jsonrpc.c:989
#6  0x000000000045be76 in plugin_hook_call_ (ld=0x20bc7ef8, hook=0x951930 <rpc_command_hook_gen>, cmd_id=0x217e4a08 "\"1/cln:withdraw#46/txprepare:signpsbt#2\"", cb_arg=0x20c13548) at lightningd/plugin_hook.c:247
#7  0x00000000004314f1 in plugin_hook_call_rpc_command (ld=0x22, cmd_id=0x4 <error: Cannot access memory at address 0x4>, cb_arg=0x7f7f933af392 <__libc_read+18>) at lightningd/jsonrpc.c:1077
#8  0x0000000000431369 in parse_request (jcon=0x217edcb8, tok=0x20bd0908) at lightningd/jsonrpc.c:1196
#9  0x0000000000430d03 in read_json (conn=0x217cc3e8, jcon=0x217edcb8) at lightningd/jsonrpc.c:1302
#10 0x000000000071f2b7 in next_plan (conn=0x217cc3e8, plan=<optimized out>) at ccan/ccan/io/io.c:59
#11 0x000000000071f9c1 in do_plan (conn=0x217cc3e8, plan=0x217cc408, idle_on_epipe=false) at ccan/ccan/io/io.c:407
#12 0x000000000071f92c in io_ready (conn=0x217cc3e8, pollflags=1) at ccan/ccan/io/io.c:417
#13 0x0000000000720b32 in io_loop (timers=<optimized out>, expired=<optimized out>) at ccan/ccan/io/poll.c:453
#14 0x000000000042e3a4 in io_loop_with_timers (ld=0x20bc7ef8) at lightningd/io_loop_with_timers.c:22
#15 0x00000000004325a2 in main (argc=<optimized out>, argv=<optimized out>) at lightningd/lightningd.c:1433
[Inferior 1 (process 440004) detached]

--- GDB Errors ---
26      ../sysdeps/unix/sysv/linux/read.c: No such file or directory.

This indicates that we are waiting on the signer to respond, which it does not. The signer is not reporting a rejection, which was my first intuition, since withdraw resulting in a signpsbt call and the E2E verification not allowing it sounds like a logical issue.

I will need to repro this locally.

Instances

• [ ]