From da9f25875958757fd1f16b74bd887977e78c8b09 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Sat, 17 Sep 2022 11:07:19 +0200 Subject: [PATCH] BUG/MEDIUM: captures: free() an error capture out of the proxy lock Ed Hein reported in github issue #1856 some occasional watchdog panics in 2.4.18 showing extreme contention on the proxy's lock while the libc was in malloc()/free(). One cause of this problem is that we call free() under the proxy's lock in proxy_capture_error(), which makes no sense since if we can free the object under the lock after it's been detached, we can also free it after releasing the lock (since it's not referenced anymore). This should be backported to all relevant versions, likely all supported ones. --- src/proxy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/proxy.c b/src/proxy.c index 04431de28..7a4857b37 100644 --- a/src/proxy.c +++ b/src/proxy.c @@ -2546,8 +2546,8 @@ void proxy_capture_error(struct proxy *proxy, int is_back, } else { es = HA_ATOMIC_XCHG(&proxy->invalid_req, es); } - free(es); HA_RWLOCK_WRUNLOCK(PROXY_LOCK, &proxy->lock); + ha_free(&es); } /* Configure all proxies which lack a maxconn setting to use the global one by