Created attachment 31725 [details] Fix event MPM race condition on connection scoreboard handle In event.c, process_socket(), if a worker thread is put into the lingering close state, it is put into the linger_q (or short_linger_q). Shortly afterward, the scoreboard handle of the connection handled by that thread is set to NULL. Meanwhile, in the listener thread, process_lingering_close() is called on any connections in the linger_q that are closed. This also clears the transaction pool, making it available for other workers to use. Most of the time, this is fine, but in the worst case, this can result in a race condition; the listener thread may assign the pool to another thread between the time the pool is cleared and the time c->sbh is set to NULL. This can be a problem for third-party modules which access the scoreboard using the connection scoreboard handle at arbitrary times. This problem appears to be very close to revision 1538490, but that fix covers every case except for the lingering close fixed here.
Created attachment 31726 [details] Fix event MPM race condition on connection scoreboard handle Wrong patch before - still had some things I was experimenting with
Thanks, committed and proposed for backport.
Created attachment 31747 [details] Move sbh nullification to correct place I just realized that I nulled the sbh out in the wrong place in the last patch - it's supposed to be before the connection is added to the queue, not the pollset. This patch is on top of what was just committed.
Fixed and released in 2.4.10