go-ethereum: add freezer safety margin to prevent data loss after unclean shutdown

joshuacolvin0 · claude · joshuacolvin0 · commit 4e09ccdc8ba3 · 2026-03-16T13:36:14.000-07:00
After an unclean shutdown, repair() may truncate the freezer head to
restore cross-table consistency. Previously, blocks were deleted from
the key-value store immediately after freezing, so truncated blocks
could end up missing from both stores — making the node unable to
start (especially for L2 nodes that cannot re-sync pruned blocks from
peers).

Introduce a safety margin (freezerCleanupMargin = freezerBatchLimit)
that retains the most recently frozen blocks in the key-value store.
Since freezeRange reads via nofreezedb (which bypasses the ancient
store), retained blocks can be re-frozen after repair() truncation.

Key changes:
- Add cleanupMargin field on chainFreezer with persisted cleanup tail
  (freezerCleanupTailKey) so progress resumes across restarts
- Replace immediate post-freeze deletion with incremental cleanup over
  [cleanupStart, cleanupLimit) using Has()+Get() to distinguish missing
  keys from I/O errors, with backoff on failure
- Add startup validation in Open(): detect unrecoverable data gaps
  where the freezer has been truncated below the cleanup tail
- Handle upgrade path (skip-ahead when no tail but frozen &gt;
  FullImmutabilityThreshold) and fresh installs (clean from block 1)
- Cap per-cycle cleanup to freezerBatchLimit to prevent stalling
- Bound dangling side chain chase to freezerBatchLimit iterations
- Add ReadFreezerCleanupTail/WriteFreezerCleanupTail accessors and a
  strict variant for startup/runtime error propagation
- Surface cleanup tail in ReadChainMetadata diagnostics
- Add comprehensive test suite (21 tests) covering margin behavior,
  crash recovery, side chain cleanup, boundary conditions, corruption
  detection, upgrade path, and regression guard

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/changelog/freezer-safety-margin.md b/changelog/freezer-safety-margin.md
@@ -0,0 +1,2 @@
+### Fixed
+- Add safety margin before deleting frozen blocks from LevelDB to prevent unrecoverable data loss after unclean shutdown
diff --git a/go-ethereum b/go-ethereum
@@ -1 +1 @@
-Subproject commit a4edc802e0497eab31cde74e1a8f3c27ae201f2b
+Subproject commit 62ab752a5205e0eb3460d194f8447328c202fa90

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+### Fixed`
	`2`	`+- Add safety margin before deleting frozen blocks from LevelDB to prevent unrecoverable data loss after unclean shutdown`