Merge branch '966-resume-qmin-shuttingdown' into 'master'

Fix high load race crash in resolver code

Closes #966

See merge request isc-projects/bind9!1757

CHANGES

@@ -1,3 +1,7 @@
+5198.	[bug]		If a fetch context was being shut down and, at the same
+			time, we returned from qname minimization, an INSIST
+			could be hit. [GL #966]
+
 5197.	[bug]		dig could die in best effort mode on multiple SIG(0)
 			records. Similarly on multiple OPT and multiple TSIG
 			records. [GL #920]

lib/dns/resolver.c

@@ -4102,7 +4102,6 @@ resume_qmin(isc_task_t *task, isc_event_t *event) {
 	fetchctx_t *fctx;
 	isc_result_t result;
 	bool bucket_empty;
-	bool locked = false;
 	unsigned int bucketnum;
 	unsigned int findoptions = 0;
 	dns_name_t *fname, *dcname;
@@ -4135,6 +4134,11 @@ resume_qmin(isc_task_t *task, isc_event_t *event) {
 
 	dns_resolver_destroyfetch(&fctx->qminfetch);
 
+	if (SHUTTINGDOWN(fctx)) {
+		maybe_destroy(fctx, false);
+		goto cleanup;
+	}
+
 	/*
 	 * Note: fevent->rdataset must be disassociated and
 	 * isc_event_free(&event) be called before resuming
@@ -4217,8 +4221,7 @@ resume_qmin(isc_task_t *task, isc_event_t *event) {
  cleanup:
 	INSIST(event == NULL);
 	INSIST(fevent == NULL);
-	if (!locked)
-		LOCK(&res->buckets[bucketnum].lock);
+	LOCK(&res->buckets[bucketnum].lock);
 	bucket_empty = fctx_decreference(fctx);
 	UNLOCK(&res->buckets[bucketnum].lock);
 	if (bucket_empty)