Jemalloc bug?

Jason Evans jasone at canonware.com
Tue Jan 26 21:48:18 PST 2016 

On Jan 26, 2016, at 8:08 PM, Roel Van de Paar <roel.vandepaar at percona.com> wrote:
> Crashing mysqld: 
> 
> +bt
> #0  0x00007f01cabf5741 in __pthread_kill (threadid=<optimized out>, signo=11) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:61
> #1  0x0000000000793555 in handle_fatal_signal (sig=11) at /git/PS-5.7_opt/sql/signal_handler.cc:223
> #2  <signal handler called>
> #3  je_bitmap_set (bit=18446744073709551615, binfo=0x7f01cb037a28 <je_arena_bin_info+456>, bitmap=0x7f016b423010) at include/jemalloc/internal/bitmap.h:105
> #4  je_bitmap_sfu (binfo=0x7f01cb037a28 <je_arena_bin_info+456>, bitmap=0x7f016b423010) at include/jemalloc/internal/bitmap.h:140
> #5  arena_run_reg_alloc (bin_info=0x7f01cb037a00 <je_arena_bin_info+416>, run=0x7f016b423000) at src/arena.c:291
> #6  je_arena_tcache_fill_small (arena=0x7f01c721f1c0, tbin=tbin at entry=0x7f016b4060a8, binind=binind at entry=4, prof_accumbytes=prof_accumbytes at entry=0) at src/arena.c:1479
> #7  0x00007f01cae2b6ff in je_tcache_alloc_small_hard (tcache=tcache at entry=0x7f016b406000, tbin=tbin at entry=0x7f016b4060a8, binind=binind at entry=4) at src/tcache.c:72
> #8  0x00007f01cae0b14f in je_tcache_alloc_small (zero=false, size=64, tcache=0x7f016b406000) at include/jemalloc/internal/tcache.h:303
> #9  je_arena_malloc (try_tcache=true, zero=false, size=<optimized out>, arena=0x0) at include/jemalloc/internal/arena.h:957
> #10 je_imalloct (arena=0x0, try_tcache=true, size=<optimized out>) at include/jemalloc/internal/jemalloc_internal.h:771
> #11 je_imalloc (size=<optimized out>) at include/jemalloc/internal/jemalloc_internal.h:780
> #12 malloc (size=<optimized out>) at src/jemalloc.c:929
> #13 0x00000000011ce169 in ut_allocator<unsigned char>::allocate (this=this at entry=0x7f01977f7930, n_elements=32, file=file at entry=0x159f298 "/git/PS-5.7_opt/storage/innobase/fil/fil0fil.cc", throw_on_error=false, set_to_zero=false, hint=0x0) at /git/PS-5.7_opt/storage/innobase/include/ut0new.h:349
> #14 0x00000000011d9e2d in fil_flush_file_spaces (purpose=purpose at entry=FIL_TYPE_TABLESPACE) at /git/PS-5.7_opt/storage/innobase/fil/fil0fil.cc:5946
> #15 0x00000000011685d9 in buf_dblwr_update (bpage=bpage at entry=0x7f019cd07740, flush_type=flush_type at entry=BUF_FLUSH_LIST) at /git/PS-5.7_opt/storage/innobase/buf/buf0dblwr.cc:750
> #16 0x0000000001177506 in buf_flush_write_complete (bpage=bpage at entry=0x7f019cd07740) at /git/PS-5.7_opt/storage/innobase/buf/buf0flu.cc:809
> #17 0x000000000115f511 in buf_page_io_complete (bpage=0x7f019cd07740, evict=evict at entry=false) at /git/PS-5.7_opt/storage/innobase/buf/buf0buf.cc:6030
> #18 0x00000000011d24af in fil_aio_wait (segment=segment at entry=7) at /git/PS-5.7_opt/storage/innobase/fil/fil0fil.cc:5754
> #19 0x00000000010c07b0 in io_handler_thread (arg=<optimized out>) at /git/PS-5.7_opt/storage/innobase/srv/srv0start.cc:330
> #20 0x00007f01cabf0dc5 in start_thread (arg=0x7f01977f8700) at pthread_create.c:308
> #21 0x00007f01c904f21d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
> 
> This looks highly like to be jemalloc bug - agreed?
> 
> Can I provide any other info to report this? Is this list notification sufficient?

No, this is more likely to be an application bug than a jemalloc bug.  The application probably corrupted jemalloc data structures, e.g. by freeing the same object twice.  If you do determine that it's a jemalloc bug, please provide full reproduction steps or a diagnosis/patch so we can get the problem fixed.

Thanks,
Jason

More information about the jemalloc-discuss mailing list