v1.56.102: fix the authed-only whole-daemon self-deadlock. issueDetailPage held the global app.conn_mutex via a function-scoped defer app.unlock() and then called writePublicHtml while still holding it; writePublicHtml→navStateFromRequest→getAccountSessionFromRequest re-acquires app.lock() whenever the request carries a session cookie → the non-reentrant Io.Mutex waits on itself → every worker freezes behind it. Anonymous requests never hit it (getAccountSessionFromRequest returns before locking with no cookie), and repoPage/all other HTML handlers release their lock in a nested block before writePublicHtml — which is why repo pages stayed up and only logged-in users hit it (clicking an issue from /admin/issues or /:repo?panel=issues both land on issueDetailPage). Fix: flag-guarded explicit app.unlock() before writePublicHtml (error paths still unlock via the guarded defer). Audited every writePublicHtml(app, req,...)/renderAdminShell caller — issueDetailPage was the sole function-scoped offender. musl ReleaseSafe build exit 0; zig build test 646 pass / 1 pre-existing team-tier live-PG fail (unchanged).
$ koh steal kepr.uk/kepr@94db68af4512
·
parent: e5330876fd07
discussion
log in to leave a comment.