[Bug malloc/14581] glibc leaks memory and do not reuse after free (leading to unlimited RSS growth)

public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed

From: "dev at parallels dot com" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sources.redhat.com
Subject: [Bug malloc/14581] glibc leaks memory and do not reuse after free (leading to unlimited RSS growth)
Date: Sun, 16 Sep 2012 09:44:00 -0000	[thread overview]
Message-ID: <bug-14581-131-OCkWxgWPdT@http.sourceware.org/bugzilla/> (raw)
In-Reply-To: <bug-14581-131@http.sourceware.org/bugzilla/>

http://sourceware.org/bugzilla/show_bug.cgi?id=14581

--- Comment #7 from Kirill Korotaev <dev at parallels dot com> 2012-09-16 09:44:02 UTC ---
(In reply to comment #6)
> Could you explain what you mean by "if you print virtual addresses of allocated
> objects and kernel VMAs, i.e. you will find a huge unused memory extents which
> are never reused by glibc"? I'm not aware of any way the kernel VMA data could
> inform you about heap utilization, which is entirely under userspace control.

It's very simple. There is RSS and VSZ in /proc/pid/status.
RSS tells you how much physical memory was really allocated by kernel. If you
add memset() of objects after being allocated you will find that it's really
700MB which corresponds to VSZ as well. i.e. this memory is committed.

> I did a simulation of your test loop with much smaller sizes using pen and
> paper, and 
> 
> With SSIZE=2, ALIGN=8, LSIZE=5, NS=[many], NL=4:
> 
> 3z: SS LLLLLSS LLLLLSS LLLLLSS LLLLL
> 4a: SS      SS LLLLLSS LLLLLSS LLLLL
> 4z: SSSS    SS LLLLLSS LLLLLSS LLLLLLLLLL
> 5a: SSSS    SS      SS LLLLLSS LLLLLLLLLL
> 5z: SSSSSS  SS LLLLLSS LLLLLSS LLLLLLLLLL
> 6a: SSSSSS  SS LLLLLSS      SS LLLLLLLLLL
> 6z: SSSSSSSSSS LLLLLSS LLLLLSS LLLLLLLLLL
> 7a: SSSSSSSSSS LLLLLSS LLLLLSS      LLLLL
> 7z: SSSSSSSSSS LLLLLSS LLLLLSSSS    LLLLLLLLLL
> ...
> 
> where 3z means "at the end of iteration 3" and 4a means "after the free steps
> of iteration 4", etc. I might have gotten some details wrong, but it seems this
> pattern necessarily enforces fragmentation by destroying the alignment
> potential of each LSIZE-sized free range.

First 500 iterations are not interesting that much, cause they do not free any
previously allocated objects.
Have you noticed that array index wraps after NL and NS iterations passed and
then most interesting begins?

> Obviously there are some allocation strategies that avoid the issue, but I
> don't see it being avoidable in dlmalloc-type schemes in general. If you have
> an idea for how to avoid it without destroying the good properties of the
> allocator strategy, please share.

Looks like I start to realize what you mean...

Actually, theoretically any allocator should not ever allocate physical RAM
more then 2*allocated_size due to fragmentation on pattern like this, right?
(it's simple: if you allocated more then 2x times, this means you have unused
holes bigger then any single object and could allocate from it...). In our case
we see about 10x times ratio...

And there are many which behave like that: TCMalloc, buddy etc.
What is not natural in this test is that memalign replaced with malloc() fixes
the problem...

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

next prev parent reply	other threads:[~2012-09-16  9:44 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-09-14  9:41 [Bug malloc/14581] New: " dev at parallels dot com
2012-09-14 19:27 ` [Bug malloc/14581] " bugdal at aerifal dot cx
2012-09-15 10:40 ` dev at parallels dot com
2012-09-15 10:44 ` dev at parallels dot com
2012-09-15 12:39 ` bugdal at aerifal dot cx
2012-09-15 14:08 ` bugdal at aerifal dot cx
2012-09-15 21:00 ` bugdal at aerifal dot cx
2012-09-16  9:44 ` dev at parallels dot com [this message]
2012-09-16 12:46 ` bugdal at aerifal dot cx
2013-05-13  9:30 ` siddhesh at redhat dot com
2013-05-20 15:12 ` ondra at iuuk dot mff.cuni.cz
2013-05-20 15:39 ` siddhesh at redhat dot com
2014-06-17  4:31 ` fweimer at redhat dot com
2020-04-28 20:05 ` [Bug malloc/14581] memalign allocations are often not reused after free mail at nh2 dot me
2021-11-25 18:05 ` carlos at redhat dot com
2022-08-02 22:20 ` mirh at protonmail dot ch
2022-08-10  4:00 ` carlos at redhat dot com
2022-12-08 14:10 ` nsz at gcc dot gnu.org
2022-12-08 14:47 ` acoplan at gcc dot gnu.org
2022-12-08 16:13 ` carlos at redhat dot com
2022-12-14 21:50 ` dj at redhat dot com
2022-12-15 10:29 ` nsz at gcc dot gnu.org
2022-12-15 10:45 ` nsz at gcc dot gnu.org
2022-12-15 21:44 ` dj at redhat dot com

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-14581-131-OCkWxgWPdT@http.sourceware.org/bugzilla/ \
    --to=sourceware-bugzilla@sourceware.org \
    --cc=glibc-bugs@sources.redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).