Fix listener publication race in socket driver

That commit fixed the close-time double-unlink/use-after-free race in
generic_unix listener teardown. This change addresses a separate race in
listener registration, where a listener could become visible to the
event loop before socket_data published the corresponding pointer. Both
fixes are needed; this patch complements the earlier teardown fix rather
than replacing it.

Fix a race in the generic_unix socket driver where newly created
listeners were registered in the global listener list before the
corresponding socket_data->{active,passive}_listener pointer was
published.

If the event loop processed the listener in that window, the callback
could consume, free, or replace the listener before the socket driver
stored the pointer. The later assignment then left socket_data
pointing at stale listener memory, which could surface as random hangs
or corruption in gen_tcp tests, including timeouts waiting for the
server helper process to start.

Publish the listener pointer before calling sys_register_listener
in all affected paths:

active UDP receive listener setup
active TCP receive listener setup
passive recv/recvfrom listener setup
accept listener setup
This complements the earlier close-path fix by removing another
generic_unix listener lifecycle race.

Signed-off-by: Peter M <petermm@gmail.com>

Author: petermm

src/platforms/generic_unix/lib/socket_driver.c

@@ -255,8 +255,10 @@ static term init_udp_socket(Context *ctx, SocketDriverData *socket_data, term pa
             listener->base.handler = active_recvfrom_callback;
             listener->buf_size = socket_data->buffer;
             listener->process_id = ctx->process_id;
-            sys_register_listener(glb, &listener->base);
+            // Publish the pointer before registering so callbacks cannot win
+            // the race and leave socket_data pointing at a stale listener.
             socket_data->active_listener = listener;
+            sys_register_listener(glb, &listener->base);
         }
     }
     return ret;
@@ -340,8 +342,10 @@ static term init_client_tcp_socket(Context *ctx, SocketDriverData *socket_data,
             listener->base.handler = active_recv_callback;
             listener->buf_size = socket_data->buffer;
             listener->process_id = ctx->process_id;
-            sys_register_listener(glb, &listener->base);
+            // Publish the pointer before registering so callbacks cannot win
+            // the race and leave socket_data pointing at a stale listener.
             socket_data->active_listener = listener;
+            sys_register_listener(glb, &listener->base);
         }
     }
     return ret;
@@ -1017,8 +1021,10 @@ static void do_recv(Context *ctx, term pid, term ref, term length, term timeout,
     listener->length = term_to_int(length);
     listener->buffer = socket_data->buffer;
     listener->ref_ticks = term_to_ref_ticks(ref);
-    sys_register_listener(glb, &listener->base);
+    // Publish the pointer before registering so callbacks cannot win
+    // the race and leave socket_data pointing at a stale listener.
     socket_data->passive_listener = listener;
+    sys_register_listener(glb, &listener->base);
 }
 
 void socket_driver_do_recvfrom(Context *ctx, term pid, term ref, term length, term timeout)
@@ -1119,8 +1125,10 @@ void socket_driver_do_accept(Context *ctx, term pid, term ref, term timeout)
     listener->length = 0;
     listener->buffer = 0;
     listener->ref_ticks = term_to_ref_ticks(ref);
-    sys_register_listener(glb, &listener->base);
+    // Publish the pointer before registering so callbacks cannot win
+    // the race and leave socket_data pointing at a stale listener.
     socket_data->passive_listener = listener;
+    sys_register_listener(glb, &listener->base);
 }
 
 static NativeHandlerResult socket_consume_mailbox(Context *ctx)