On Thu, Mar 19, 2026 at 11:56:13PM +0900, Etsuro Fujita wrote:
> I got an offline report from my colleague Zhibai Song that
> close_cursor() is called for a freed PGconn, leading to a server
> crash. Here is a reproducer (the original reproducer he provided is a
> bit complex, so I simplified it):
Hmm. We have one isolation test with a pg_terminate_backend() that
checks for a backend terminating, see temp-schema-cleanup.
Do you think that it would be worth having a test for this scenario,
where we could terminate a remote connection? An isolation test may
work, I hope, providing some insurance with the order of the
operations able to trigger the use-after-free behavior.
> I think the root cause is that it is too early to free the PGconn in
> pgfdw_reject_incomplete_xact_state_change() even if the connection is
> in a state where we cannot use it any further; I think we should delay
> that until abort cleanup (ie, pgfdw_xact_callback()). Attached is a
> patch for that.
Removing the early disconnect() means that we should try to cover our
tracks in all the existing ,code paths where we finish the
top-transaction. Looking at the locations of
pgfdw_reset_xact_state(), it looks like you are getting yourself
covered.
--
Michael
