[master] 6bf7f3d43 Avoid double panic when a client thread does not own the bo any longer

Nils Goroll nils.goroll at uplex.de
Mon Oct 3 14:46:05 UTC 2022 

commit 6bf7f3d430df30d4ad61d6f7678fa9d75e92657b
Author: Nils Goroll <nils.goroll at uplex.de>
Date:   Mon Oct 3 16:39:51 2022 +0200

    Avoid double panic when a client thread does not own the bo any longer
    
    The panic code would panic again because a backend object which it no
    longer owned was still referenced in thread local storage (don't we
    all love abiguous acronyms?).
    
    Example:
    
     #5  0x0000563d8c20d595 in VAS_Fail (func=0x563d8c23fd13 "vsl_sanity", file=0x563d8c23f9f5 "cache/cache_shmlog.c",
         line=110, cond=0x563d8c23fd1e "(vsl->wlp) != 0", kind=VAS_ASSERT) at vas.c:67
     #6  0x0000563d8c1603e9 in vsl_sanity (vsl=0x7fabd08001f0) at cache/cache_shmlog.c:110
     ...
     #7  0x0000563d8c160298 in VSL_Flush (vsl=0x7fabd08001f0, overflow=0) at cache/cache_shmlog.c:314
     #8  0x0000563d8c14dd44 in pan_ic (func=0x563d8c23c596 "child_signal_handler",
         file=0x563d8c23c1b4 "cache/cache_main.c", line=323,
         cond=0x7fabdf24a590 "Signal 6 (Aborted) received at 0x3e800015528 si_code -6", kind=VAS_WRONG)
         at cache/cache_panic.c:814
     ...
     #19 0x0000563d8c14bc07 in ObjBocDone (wrk=0x7fabdc9e54b8, oc=0x7fabd0024180, boc=0x7fabdc9e4778)
         at cache/cache_obj.c:368
     #20 0x0000563d8c13f25b in HSH_DerefBoc (wrk=0x7fabdc9e54b8, oc=0x7fabd0024180) at cache/cache_hash.c:1014
     #21 0x0000563d8c13158f in VBF_Fetch (wrk=0x7fabdc9e54b8, req=0x7fabd0008b20, oc=0x7fabd0024180, oldoc=0x0,
         mode=VBF_PASS) at cache/cache_fetch.c:1204
     #22 0x0000563d8c158f7d in cnt_pass (wrk=0x7fabdc9e54b8, req=0x7fabd0008b20) at cache/cache_req_fsm.c:742
     #23 0x0000563d8c156f53 in CNT_Request (req=0x7fabd0008b20) at cache/cache_req_fsm.c:1182
     #24 0x0000563d8c198f9a in HTTP1_Session (wrk=0x7fabdc9e54b8, req=0x7fabd0008b20) at http1/cache_http1_fsm.c:390
     #25 0x0000563d8c1984e0 in http1_req (wrk=0x7fabdc9e54b8, arg=0x7fabd0008b20) at http1/cache_http1_fsm.c:88
     #26 0x0000563d8c189592 in Pool_Work_Thread (pp=0x7fabdc400140, wrk=0x7fabdc9e54b8) at cache/cache_wrk.c:487
     #27 0x0000563d8c188ca7 in WRK_Thread (qp=0x7fabdc400140, stacksize=81920, thread_workspace=2048)
         at cache/cache_wrk.c:153

diff --git a/bin/varnishd/cache/cache_fetch.c b/bin/varnishd/cache/cache_fetch.c
index ffbc893fc..154563f75 100644
--- a/bin/varnishd/cache/cache_fetch.c
+++ b/bin/varnishd/cache/cache_fetch.c
@@ -1183,8 +1183,10 @@ VBF_Fetch(struct worker *wrk, struct req *req, struct objcore *oc,
 			(void)HSH_DerefObjCore(wrk, &bo->stale_oc, 0);
 		HSH_DerefBoc(wrk, oc);
 		SES_Rel(bo->sp);
+		THR_SetBusyobj(NULL);
 		VBO_ReleaseBusyObj(wrk, &bo);
 	} else {
+		THR_SetBusyobj(NULL);
 		bo = NULL; /* ref transferred to fetch thread */
 		if (mode == VBF_BACKGROUND) {
 			ObjWaitState(oc, BOS_REQ_DONE);
@@ -1204,5 +1206,4 @@ VBF_Fetch(struct worker *wrk, struct req *req, struct objcore *oc,
 	HSH_DerefBoc(wrk, oc);
 	if (mode == VBF_BACKGROUND)
 		(void)HSH_DerefObjCore(wrk, &oc, HSH_RUSH_POLICY);
-	THR_SetBusyobj(NULL);
 }

More information about the varnish-commit mailing list