[2.10] Fix Fork GC potential double-free on error path - [MOD-12521]#7461
Merged
[2.10] Fix Fork GC potential double-free on error path - [MOD-12521]#7461
Conversation
* make FGC_recvBuffer clean * add revents to timeout log * improve polling logs * Nullify tag field name * remove unused variable * add a test * add a stres unit-test * improve test * improve logging * add include (cherry picked from commit 442a75e)
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## 2.10 #7461 +/- ##
==========================================
+ Coverage 89.29% 89.30% +0.01%
==========================================
Files 207 207
Lines 35335 35448 +113
==========================================
+ Hits 31553 31658 +105
- Misses 3782 3790 +8
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
alonre24
previously approved these changes
Nov 22, 2025
alonre24
reviewed
Nov 24, 2025
| // just exit, do not abort(), which will trigger a watchdog on RLEC, causing adverse effects | ||
| RedisModule_Log(fgc->ctx, "warning", "GC fork: broken pipe, exiting"); | ||
| exit(1); | ||
| RedisModule_ExitFromChild(EXIT_FAILURE); |
Collaborator
There was a problem hiding this comment.
In 8.x we already had RedisModule_ExitFromChild ?
Collaborator
Author
There was a problem hiding this comment.
Yes. Not sure why we didn't BP it
| // The GC should have failed, so no bytes should be collected | ||
| // (or at least the operation should complete without crashing) | ||
| ASSERT_EQ(0, fgc->stats.totalCollected); | ||
| } |
Collaborator
There was a problem hiding this comment.
Why not add the test simulating killing the child at different times?
Collaborator
Author
There was a problem hiding this comment.
I can add it back (probably), I think it was too slow because of the exit(1), but now it should be fine
alonre24
approved these changes
Nov 24, 2025
github-merge-queue bot
pushed a commit
that referenced
this pull request
Nov 24, 2025
…7461) * Fix Fork GC potential double-free on error path - [MOD-12521] (#7423) * make FGC_recvBuffer clean * add revents to timeout log * improve polling logs * Nullify tag field name * remove unused variable * add a test * add a stres unit-test * improve test * improve logging * add include (cherry picked from commit 442a75e) * reuse one thread * improvement * remove harsh stress test * fix potential double close * exit from child with RedisModule_ExitFromChild * add heavy test back
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Backport of #7423 to
2.10.Note
Improves ForkGC pipe I/O error handling and buffer receive logic to avoid double-frees and adds tests that simulate pipe failures during GC and apply.
exit(1)withRedisModule_ExitFromChild(EXIT_FAILURE)on child write failure.FGC_recvFixedpolling/error handling: capturepoll_rc, break on non-EINTR read errors, and log detailedrevents/errno diagnostics.FGC_recvBufferto use a temp length, allocate into a local buffer, handleSIZE_MAX/zero-length cases safely, and avoid freeing wrong pointers on failure.fieldName = NULL).testPipeErrorDuringGCandtestPipeErrorDuringApply, including a closer thread to close pipe mid-apply; verify no crashes and no double-free (e.g.,totalCollectedunchanged).<thread>for new concurrency test support.Written by Cursor Bugbot for commit c41f9ee. This will update automatically on new commits. Configure here.