Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Race condition in MDBX bindings #6441

Closed
shekhirin opened this issue Feb 6, 2024 · 0 comments · Fixed by #6850
Closed

Race condition in MDBX bindings #6441

shekhirin opened this issue Feb 6, 2024 · 0 comments · Fixed by #6850
Assignees
@emhane
Labels
A-db Related to the database C-bug An unexpected or incorrect behavior

Comments

@shekhirin
Copy link
Collaborator

shekhirin commented Feb 6, 2024
edited
Loading

Describe the bug

With the introduction of transaction manager, we now have three places where the transaction can be aborted:

  1. Drop implementation when it's a read-only transaction

    reth/crates/storage/libmdbx-rs/src/transaction.rs

    Line 365 in 9d9d7ee

    ffi::mdbx_txn_abort(txn);
  2. Message listener in TxnManager

    reth/crates/storage/libmdbx-rs/src/txn_manager.rs

    Line 98 in 9d9d7ee

    sender.send(mdbx_result(unsafe { ffi::mdbx_txn_abort(tx.0) })).unwrap();
  3. Read transactions monitor in TxnManager

    reth/crates/storage/libmdbx-rs/src/txn_manager.rs

    Line 249 in 9d9d7ee

    let result = mdbx_result(unsafe { ffi::mdbx_txn_abort(ptr) });

Recently, we saw double free or corruption (!prev) and Segmentation fault (core dumped) errors coming from the FFI boundary. Most likely, it's related to the race condition happening somewhere between read transactions monitor and the user-invoked transaction abort (either Drop or message listener).

  1. Segmentation fault is most likely caused by the attempt to use a transaction that was already aborted
  2. Double free is most likely caused by the attempt to abort the transaction twice
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@emhane emhane

Labels
A-db Related to the database C-bug An unexpected or incorrect behavior
Projects
Reth Tracker
Archived in project
Milestone
No milestone
2 participants
@shekhirin @emhane