jemalloc out of memory crash 3.5.*

Christopher Pride cpride at cpride.net
Thu Mar 27 18:48:12 PDT 2014 

I believe that is the same crash if you have the debugging asserts turned
on. With the debugging asserts turned off it will crash on the next line
with code in arena_avail_insert.

Chris


On Thu, Mar 27, 2014 at 6:35 PM, Ricardo Nabinger Sanchez <
rnsanchez at wait4.org> wrote:

> Hello Christopher,
>
> On Thu, 27 Mar 2014 12:42:01 -0700
> Christopher Pride <cpride at cpride.net> wrote:
>
> > We hit a jemalloc out of memory crash in the 3.5.* line. It looks like a
> > simple NULL check is missing from a refactor. More information is
> > documented in the pull request for a fix on github here:
> >
> > https://github.com/jemalloc/jemalloc/pull/60
>
> Any chance this crash looks like this one?
>
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7ffff68ed700 (LWP 2213)]
> 0x00007ffff7258498 in je_arena_mapbitsp_read (mapbitsp=0x48) at
> include/jemalloc/internal/arena.h:525
> 525             return (*mapbitsp);
> (gdb) bt f
> #0  0x00007ffff7258498 in je_arena_mapbitsp_read (mapbitsp=0x48) at
> include/jemalloc/internal/arena.h:525
> No locals.
> #1  0x00007ffff72584c8 in je_arena_mapbits_get (chunk=0x0, pageind=8) at
> include/jemalloc/internal/arena.h:532
> No locals.
> #2  0x00007ffff72584ed in je_arena_mapbits_unallocated_size_get
> (chunk=0x0, pageind=8) at include/jemalloc/internal/arena.h:540
>         mapbits = 140737339856325
> #3  0x00007ffff72601fe in arena_avail_insert (arena=0x7ffff64a4d40,
> chunk=0x0, pageind=8, npages=1016, maybe_adjac_pred=false,
>     maybe_adjac_succ=false) at src/arena.c:218
> No locals.
> #4  0x00007ffff72617fd in arena_chunk_alloc (arena=0x7ffff64a4d40) at
> src/arena.c:621
>         chunk = 0x0
> #5  0x00007ffff7261c8a in arena_run_alloc_large (arena=0x7ffff64a4d40,
> size=331776, zero=true) at src/arena.c:699
>         chunk = 0x7ffff68ec0c0
>         run = 0x0
> #6  0x00007ffff7264a83 in je_arena_malloc_large (arena=0x7ffff64a4d40,
> size=331776, zero=true) at src/arena.c:1663
>         ret = 0x7fffe264a03c
>         idump = false
> #7  0x00007ffff7259afa in je_arena_malloc (arena=0x0, size=327704,
> zero=true, try_tcache=true) at include/jemalloc/internal/arena.h:971
>         tcache = 0x7fffe264a020
> #8  0x00007ffff7251ec8 in je_icalloct (size=327704, try_tcache=true,
> arena=0x0) at include/jemalloc/internal/jemalloc_internal.h:788
> No locals.
> #9  0x00007ffff7251f04 in je_icalloc (size=327704) at
> include/jemalloc/internal/jemalloc_internal.h:797
> No locals.
> #10 0x00007ffff72559e6 in calloc (num=1, size=327704) at
> src/jemalloc.c:1158
>         ret = 0x7fffe0c00977
>         num_size = 327704
>         usize = 331776
> <...>
>
> I had saved this backtrace for further inspection a few weeks ago, and it
> is reasonably easy to reproduce.  My scenario matches the OOM mentioned in
> the pull request.
>
> Cheers,
>
> --
> Ricardo Nabinger Sanchez           http://rnsanchez.wait4.org/
>   "Left to themselves, things tend to go from bad to worse."
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jemalloc.net/mailman/jemalloc-discuss/attachments/20140327/74ca7df3/attachment.html>

More information about the jemalloc-discuss mailing list