Closed Bug 478576 Opened 12 years ago Closed 12 years ago

infinite loop in jemalloc:chunk_recycle_reserve

Categories

(Core :: Memory Allocator, defect, P1)

Product:
Core
Component:
Memory Allocator
Platform:
x86
Windows XP
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.9.2a1

People

(Reporter: vlad, Assigned: jasone)

Details

(Keywords: fixed1.9.1, Whiteboard: [fixed1.9.1b3])

Attachments

(1 file)

Fix infinite loop due to depleted memory reserve [Checkin: Comment 6 & 7]
1.06 KB, patch
pavlov
: review+
Details | Diff | Splinter Review 
I'm in a weird spin in jemalloc, in the loop that starts at line 2521 (while reserve_cur < reserve_min).  chunk_alloc_mmap is returning NULL, and we go into the little do/while loop and call reserve_notify... but there's nothing to receive those notifications.  reserve_cur is 0x00100000, reserve_min is 0x00200000, so the outer loop expression always evaluates to true and we just spin here forever.  Does the outer loop need a similar check to the inner one, to break out if there was nothing to notify that could replenish the reserve?

mozcrt19.dll!chunk_recycle_reserve(unsigned int size=0x0f300000, int zero=0x7813938a)  Line 2535	C
mozcrt19.dll!chunk_alloc(unsigned int size=0x00000000, int zero=0x781394ea, int pagefile=0x781394ea)  Line 2576 + 0x6 bytes	C
mozcrt19.dll!arena_run_alloc(arena_s * arena=0x00000000, arena_bin_s * bin=0x00000000, unsigned int size=0x00080000, int large=0x00000001, int zero=0x00000000)  Line 3334	C
mozcrt19.dll!arena_malloc_large(arena_s * arena=0x00000000, unsigned int size=0x00000000, int zero=0x00000000)  Line 3928 + 0xf bytes	C
mozcrt19.dll!malloc(unsigned int size=0x00080000)  Line 5992 + 0x39 bytes	C
mozcrt19.dll!operator new(unsigned int size=0x00080000)  Line 54 + 0xd bytes	C++
xul.dll!nsDeque::GrowCapacity()  Line 182 + 0x18 bytes	C++
Flags: blocking1.9.1?
Hit this again; same spot.  WinXP task manager said about 1.75gb was used, previous time it was around 1.5gb.
Whiteboard: [needs input jevans and smedberg]
It looks to me like Vlad is totally right about the cause of the infinite loop.  The attached (completely untested) patch is the cleanest fix I can think of.
Flags: blocking1.9.1? → blocking1.9.1+
Priority: -- → P1
Whiteboard: [needs input jevans and smedberg] → [needs review - stuart?]
Attachment #362767 - Flags: review?(pavlov)
Stuart said he'd take a look at the review, and we thank him for it!
Comment on attachment 362767 [details] [diff] [review]
Fix infinite loop due to depleted memory reserve
[Checkin: Comment 6 & 7]

this looks correct, but given how hard this is to hit, going to be hard to test.
Attachment #362767 - Flags: review?(pavlov) → review+
Is there anything else to do here, or could someone land the patch and mark
this fixed?
Keywords: checkin-needed
Whiteboard: [needs review - stuart?] → [needs landing]
Attachment #362767 - Attachment description: Fix infinite loop due to depleted memory reserve → Fix infinite loop due to depleted memory reserve [Checkin: Comment 6]
Comment on attachment 362767 [details] [diff] [review]
Fix infinite loop due to depleted memory reserve
[Checkin: Comment 6 & 7]


http://hg.mozilla.org/mozilla-central/rev/4e454c6a79ce
Assignee: nobody → jasone
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Whiteboard: [needs landing] → [needs 1.9.1 landing]
Target Milestone: --- → mozilla1.9.2a1
Version: 1.9.1 Branch → Trunk
Comment on attachment 362767 [details] [diff] [review]
Fix infinite loop due to depleted memory reserve
[Checkin: Comment 6 & 7]


http://hg.mozilla.org/releases/mozilla-1.9.1/rev/0fcd0d3d84e3
Attachment #362767 - Attachment description: Fix infinite loop due to depleted memory reserve [Checkin: Comment 6] → Fix infinite loop due to depleted memory reserve [Checkin: Comment 6 & 7]
Keywords: checkin-neededfixed1.9.1
Whiteboard: [needs 1.9.1 landing] → [fixed1.9.1b3]
You need to log in before you can comment on or make changes to this bug.