There is no execution-time budget for Lua scripts (lua_sethook is never installed) and no SCRIPT KILL subcommand. An infinite or pathologically long EVAL runs forever on its brpc worker bthread, holding the script transaction's locks plus a pooled interpreter, with no way to interrupt it.

Evidence

• No lua_sethook/instruction budget anywhere in src/lua_interpreter.cpp / include/lua_interpreter.h.
• The only kill subcommand (src/redis_command.cpp:11017) is CLIENT KILL; there is no SCRIPT KILL handler.
• A script runs as one transaction (RepeatableRead + OCC), so its acquired locks are held for the whole run.

Impact

EVAL "while true do end" 0 pins a worker bthread permanently. Enough concurrent runaway scripts exhaust all workers → the node stops serving. Even one holds its locked keys against all other transactions. This is a denial-of-service / operability gap relative to Redis (which has lua-time-limit + SCRIPT KILL).

Fix: add an instruction/time hook that aborts (or makes killable) long-running scripts, and implement SCRIPT KILL.

Found during a code audit (docs PR #492). Verified absence of the hook and subcommand against source.

🤖 Found with Claude Code