jemalloc out of memory crash 3.5.*

Ricardo Nabinger Sanchez rnsanchez at wait4.org
Thu Mar 27 18:35:25 PDT 2014 

Hello Christopher,

On Thu, 27 Mar 2014 12:42:01 -0700
Christopher Pride <cpride at cpride.net> wrote:

> We hit a jemalloc out of memory crash in the 3.5.* line. It looks like a
> simple NULL check is missing from a refactor. More information is
> documented in the pull request for a fix on github here:
> 
> https://github.com/jemalloc/jemalloc/pull/60

Any chance this crash looks like this one?

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff68ed700 (LWP 2213)]
0x00007ffff7258498 in je_arena_mapbitsp_read (mapbitsp=0x48) at include/jemalloc/internal/arena.h:525
525             return (*mapbitsp);
(gdb) bt f
#0  0x00007ffff7258498 in je_arena_mapbitsp_read (mapbitsp=0x48) at include/jemalloc/internal/arena.h:525
No locals.
#1  0x00007ffff72584c8 in je_arena_mapbits_get (chunk=0x0, pageind=8) at include/jemalloc/internal/arena.h:532
No locals.
#2  0x00007ffff72584ed in je_arena_mapbits_unallocated_size_get (chunk=0x0, pageind=8) at include/jemalloc/internal/arena.h:540
        mapbits = 140737339856325
#3  0x00007ffff72601fe in arena_avail_insert (arena=0x7ffff64a4d40, chunk=0x0, pageind=8, npages=1016, maybe_adjac_pred=false, 
    maybe_adjac_succ=false) at src/arena.c:218
No locals.
#4  0x00007ffff72617fd in arena_chunk_alloc (arena=0x7ffff64a4d40) at src/arena.c:621
        chunk = 0x0
#5  0x00007ffff7261c8a in arena_run_alloc_large (arena=0x7ffff64a4d40, size=331776, zero=true) at src/arena.c:699
        chunk = 0x7ffff68ec0c0
        run = 0x0
#6  0x00007ffff7264a83 in je_arena_malloc_large (arena=0x7ffff64a4d40, size=331776, zero=true) at src/arena.c:1663
        ret = 0x7fffe264a03c
        idump = false
#7  0x00007ffff7259afa in je_arena_malloc (arena=0x0, size=327704, zero=true, try_tcache=true) at include/jemalloc/internal/arena.h:971
        tcache = 0x7fffe264a020
#8  0x00007ffff7251ec8 in je_icalloct (size=327704, try_tcache=true, arena=0x0) at include/jemalloc/internal/jemalloc_internal.h:788
No locals.
#9  0x00007ffff7251f04 in je_icalloc (size=327704) at include/jemalloc/internal/jemalloc_internal.h:797
No locals.
#10 0x00007ffff72559e6 in calloc (num=1, size=327704) at src/jemalloc.c:1158
        ret = 0x7fffe0c00977
        num_size = 327704
        usize = 331776
<...>

I had saved this backtrace for further inspection a few weeks ago, and it
is reasonably easy to reproduce.  My scenario matches the OOM mentioned in
the pull request.

Cheers,

-- 
Ricardo Nabinger Sanchez           http://rnsanchez.wait4.org/
  "Left to themselves, things tend to go from bad to worse."

More information about the jemalloc-discuss mailing list