lib: Fix a shutdown crash with "clustering = yes"

This is a bit confusing now, sorry for that:

register_msg_pool_usage() in the ctdb case uses
messaging_ctdb_register_tevent_context(), which talloc_reference()s
the central struct messaging_ctdb_fde_ev of the
messaging_ctdb_context. In messaging_reinit(), we talloc_free only one
of those references and allocate a new messaging_ctdb_fde_ev. The
remaining messaging_ctdb_fde_ev should have been deleted as well, but
due to the second reference this does not happen. When doing the
shutdown messaging_ctdb_fde_ev_destructor() is called twice, once on
the properly reinitialized fde_ev, and once much later on the leftover
one which references invalid data structures.

By the way, this is not a problem with talloc_reference(), this would
have happened with explicit refcounting too.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14281

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Tue Feb 18 13:05:53 UTC 2020 on sn-devel-184

diff --git a/source3/lib/messages.c b/source3/lib/messages.c
index b29df0a44f9c00fadf764c131b0ec4c3db5028b8..63d6362e0c975c7edad8ed69596e5a0a1d5a8ef1 100644 (file)
--- a/source3/lib/messages.c
+++ b/source3/lib/messages.c
@@ -602,7 +602,7 @@ static NTSTATUS messaging_init_internal(TALLOC_CTX *mem_ctx,
 
        /* Register some debugging related messages */
 
-       register_msg_pool_usage(ctx, ctx);
+       register_msg_pool_usage(ctx->per_process_talloc_ctx, ctx);
        register_dmalloc_msgs(ctx);
        debug_register_msgs(ctx);
 
@@ -699,6 +699,7 @@ NTSTATUS messaging_reinit(struct messaging_context *msg_ctx)
        }
 
        server_id_db_reinit(msg_ctx->names_db, msg_ctx->id);
+       register_msg_pool_usage(msg_ctx->per_process_talloc_ctx, msg_ctx);
 
        return NT_STATUS_OK;
 }