Closed
Bug 478576
Opened 14 years ago
Closed 14 years ago
infinite loop in jemalloc:chunk_recycle_reserve
Categories
(Core :: Memory Allocator, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla1.9.2a1
People
(Reporter: vlad, Assigned: jasone)
Details
(Keywords: fixed1.9.1, Whiteboard: [fixed1.9.1b3])
Attachments
(1 file)
1.06 KB,
patch
|
pavlov
:
review+
|
Details | Diff | Splinter Review |
I'm in a weird spin in jemalloc, in the loop that starts at line 2521 (while reserve_cur < reserve_min). chunk_alloc_mmap is returning NULL, and we go into the little do/while loop and call reserve_notify... but there's nothing to receive those notifications. reserve_cur is 0x00100000, reserve_min is 0x00200000, so the outer loop expression always evaluates to true and we just spin here forever. Does the outer loop need a similar check to the inner one, to break out if there was nothing to notify that could replenish the reserve? mozcrt19.dll!chunk_recycle_reserve(unsigned int size=0x0f300000, int zero=0x7813938a) Line 2535 C mozcrt19.dll!chunk_alloc(unsigned int size=0x00000000, int zero=0x781394ea, int pagefile=0x781394ea) Line 2576 + 0x6 bytes C mozcrt19.dll!arena_run_alloc(arena_s * arena=0x00000000, arena_bin_s * bin=0x00000000, unsigned int size=0x00080000, int large=0x00000001, int zero=0x00000000) Line 3334 C mozcrt19.dll!arena_malloc_large(arena_s * arena=0x00000000, unsigned int size=0x00000000, int zero=0x00000000) Line 3928 + 0xf bytes C mozcrt19.dll!malloc(unsigned int size=0x00080000) Line 5992 + 0x39 bytes C mozcrt19.dll!operator new(unsigned int size=0x00080000) Line 54 + 0xd bytes C++ xul.dll!nsDeque::GrowCapacity() Line 182 + 0x18 bytes C++
Flags: blocking1.9.1?
Reporter | ||
Comment 1•14 years ago
|
||
Hit this again; same spot. WinXP task manager said about 1.75gb was used, previous time it was around 1.5gb.
Updated•14 years ago
|
Whiteboard: [needs input jevans and smedberg]
Assignee | ||
Comment 2•14 years ago
|
||
It looks to me like Vlad is totally right about the cause of the infinite loop. The attached (completely untested) patch is the cleanest fix I can think of.
Updated•14 years ago
|
Flags: blocking1.9.1? → blocking1.9.1+
Priority: -- → P1
Whiteboard: [needs input jevans and smedberg] → [needs review - stuart?]
Updated•14 years ago
|
Attachment #362767 -
Flags: review?(pavlov)
Comment 3•14 years ago
|
||
Stuart said he'd take a look at the review, and we thank him for it!
Comment 4•14 years ago
|
||
Comment on attachment 362767 [details] [diff] [review] Fix infinite loop due to depleted memory reserve [Checkin: Comment 6 & 7] this looks correct, but given how hard this is to hit, going to be hard to test.
Attachment #362767 -
Flags: review?(pavlov) → review+
Comment 5•14 years ago
|
||
Is there anything else to do here, or could someone land the patch and mark this fixed?
Updated•14 years ago
|
Keywords: checkin-needed
Whiteboard: [needs review - stuart?] → [needs landing]
Updated•14 years ago
|
Attachment #362767 -
Attachment description: Fix infinite loop due to depleted memory reserve → Fix infinite loop due to depleted memory reserve
[Checkin: Comment 6]
Comment 6•14 years ago
|
||
Comment on attachment 362767 [details] [diff] [review] Fix infinite loop due to depleted memory reserve [Checkin: Comment 6 & 7] http://hg.mozilla.org/mozilla-central/rev/4e454c6a79ce
Updated•14 years ago
|
Assignee: nobody → jasone
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Whiteboard: [needs landing] → [needs 1.9.1 landing]
Target Milestone: --- → mozilla1.9.2a1
Version: 1.9.1 Branch → Trunk
Comment 7•14 years ago
|
||
Comment on attachment 362767 [details] [diff] [review] Fix infinite loop due to depleted memory reserve [Checkin: Comment 6 & 7] http://hg.mozilla.org/releases/mozilla-1.9.1/rev/0fcd0d3d84e3
Attachment #362767 -
Attachment description: Fix infinite loop due to depleted memory reserve
[Checkin: Comment 6] → Fix infinite loop due to depleted memory reserve
[Checkin: Comment 6 & 7]
Updated•14 years ago
|
Keywords: checkin-needed → fixed1.9.1
Whiteboard: [needs 1.9.1 landing] → [fixed1.9.1b3]
You need to log in
before you can comment on or make changes to this bug.
Description
•