jemallocator
jemallocator copied to clipboard
Published
20 hours ago •
gnzlbg
gnzlbg
crash on macOS 10.15 (Catalina) beta 8 19A558d
trafficstars
cargo run --release will crash when using jemallocator.
I tried on two machines running macOS 10.15 beta, both will produce the same result.
#[global_allocator]
static ALLOC: jemallocator::Jemalloc = jemallocator::Jemalloc;
fn main() {
println!("Hello, world!");
}
got output:
fish: 'cargo run --release' terminated by signal SIGSEGV (Address boundary error)
backtrace is:
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
* frame #0: 0x00000001000328fd hello-jemalloctor`_rjem_je_tcache_bin_flush_small [inlined] atomic_load_p(a=0x0000000000000000, mo=atomic_memory_order_relaxed) at atomic.h:55:1 [
opt]
frame #1: 0x00000001000328fd hello-jemalloctor`_rjem_je_tcache_bin_flush_small [inlined] rtree_leaf_elm_bits_read(tsdn=<unavailable>, rtree=<unavailable>, elm=0x00000000000000
00, dependent=true) at rtree.h:175 [opt]
frame #2: 0x00000001000328fd hello-jemalloctor`_rjem_je_tcache_bin_flush_small [inlined] rtree_leaf_elm_extent_read(tsdn=<unavailable>, rtree=<unavailable>, elm=0x000000000000
0000, dependent=true) at rtree.h:214 [opt]
frame #3: 0x00000001000328fd hello-jemalloctor`_rjem_je_tcache_bin_flush_small [inlined] rtree_extent_read(tsdn=0x0000000100064420, rtree=<unavailable>, rtree_ctx=<unavailable
>, key=<unavailable>, dependent=true) at rtree.h:423 [opt]
frame #4: 0x00000001000328c9 hello-jemalloctor`_rjem_je_tcache_bin_flush_small [inlined] iealloc(tsdn=0x0000000100064420) at jemalloc_internal_inlines_b.h:82 [opt]
frame #5: 0x00000001000328c9 hello-jemalloctor`_rjem_je_tcache_bin_flush_small(tsd=0x0000000100064420, tcache=<unavailable>, tbin=0x00000001000645f0, binind=0, rem=0) at tcach
e.c:117 [opt]
frame #6: 0x0000000100034782 hello-jemalloctor`tcache_flush_cache(tsd=0x0000000100064420, tcache=0x00000001000645e0) at tcache.c:463:3 [opt]
frame #7: 0x0000000100034ba1 hello-jemalloctor`tcache_destroy(tsd=0x0000000100064420, tcache=0x00000001000645e0, tsd_tcache=<unavailable>) at tcache.c:493:2 [opt]
frame #8: 0x0000000100035df1 hello-jemalloctor`_rjem_je_tsd_cleanup [inlined] tsd_do_data_cleanup(tsd=0x0000000100064420) at tsd.c:209:2 [opt]
frame #9: 0x0000000100035dcc hello-jemalloctor`_rjem_je_tsd_cleanup(arg=0x0000000100064420) at tsd.c:234 [opt]
frame #10: 0x0000000100036146 hello-jemalloctor`_rjem_je_malloc_tsd_boot1 [inlined] tsd_boot1 at tsd_generic.h:108:2 [opt]
frame #11: 0x0000000100036114 hello-jemalloctor`_rjem_je_malloc_tsd_boot1 at tsd.c:273 [opt]
frame #12: 0x0000000100008216 hello-jemalloctor`jemalloc_constructor [inlined] malloc_init_hard at jemalloc.c:1552:2 [opt]
frame #13: 0x0000000100007fa1 hello-jemalloctor`jemalloc_constructor [inlined] malloc_init at jemalloc.c:217 [opt]
frame #14: 0x0000000100007fa1 hello-jemalloctor`jemalloc_constructor at jemalloc.c:3184 [opt]
frame #15: 0x00000001002c6615 dyld`ImageLoaderMachO::doModInitFunctions(ImageLoader::LinkContext const&) + 539
frame #16: 0x00000001002c6a3a dyld`ImageLoaderMachO::doInitialization(ImageLoader::LinkContext const&) + 40
frame #17: 0x00000001002c1913 dyld`ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageL
oader::UninitedUpwards&) + 493
frame #18: 0x00000001002c067c dyld`ImageLoader::processInitializers(ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUp
wards&) + 188
frame #19: 0x00000001002c071c dyld`ImageLoader::runInitializers(ImageLoader::LinkContext const&, ImageLoader::InitializerTimingList&) + 82
frame #20: 0x00000001002af4b2 dyld`dyld::initializeMainExecutable() + 199
frame #21: 0x00000001002b4aab dyld`dyld::_main(macho_header const*, unsigned long, int, char const**, char const**, char const**, unsigned long*) + 6760
frame #22: 0x00000001002ae227 dyld`dyldbootstrap::start(dyld3::MachOLoaded const*, int, char const**, dyld3::MachOLoaded const*, unsigned long*) + 453
frame #23: 0x00000001002ae025 dyld`_dyld_start + 37
maybe it's a bug of macOS, I found a similar issue https://bugzilla.mozilla.org/show_bug.cgi?id=1570451#c41
Could you report this as well to jemalloc upstream and link that bug report here? Thanks.
Since none of the relevant code is around in a recent version of jemalloc, perhaps someone who can reproduce the issue should try bumping the version shipped with jemallocator?
I am seeing a segfault on Catalina 10.15.4 when I swap the default allocator out for jemallocator in one of my projects. It only happens though when that project calls into a *-sys crate that binds to a third party DSO.
Hmm, that is strange…would you mind sharing a crash log? I was seeing this in jemalloc's constructor, and I can't reproduce it in your project :(
I never get a crash log.
Steps to repo (just tried):
# Assuming you are on macOS,
# cloned https://github.com/virtualritz/rust-diffusion-limited-aggregation.git
# and downloaded & installed 3Delight (I'm using 2.0.7 since today).
git checkout b3942167a0aa1817e4d44bb1203c606083a3480c
cargo build
target/debug/rdla -p 100 dump test.nsi
[00:00:00] [████████████████████████████████████████] 100/100 (0s)
[1] 93067 segmentation fault target/debug/rdla -p 100 dump test.nsi
Actually, I did get one; in Console:
Date/Time: 2020-05-05 04:38:46.819 +0200
OS Version: Mac OS X 10.15.4 (19E287)
Report Version: 12
Anonymous UUID: 431E6A8B-D8DD-BC8A-E603-DC897D7AAD76
Sleep/Wake UUID: 08FA2E75-CEFB-4C83-883B-1FE9CBD40211
Time Awake Since Boot: 680000 seconds
Time Since Wake: 19000 seconds
System Integrity Protection: enabled
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000797475616562
Exception Note: EXC_CORPSE_NOTIFY
Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [93067]
VM Regions Near 0x797475616562:
Stack 000070000c054000-000070000c0d6000 [ 520K] rw-/rwx SM=COW thread 2
-->
MALLOC_TINY 00007fd35cc00000-00007fd35cd00000 [ 1024K] rw-/rwx SM=PRV
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 lib3delight.dylib 0x00000001072f51c7 0x1070b5000 + 2359751
1 lib3delight.dylib 0x000000010717bac7 0x1070b5000 + 813767
2 lib3delight.dylib 0x000000010717c3d2 0x1070b5000 + 816082
3 lib3delight.dylib 0x000000010718b9d5 NSISetAttribute + 229
4 rdla 0x0000000105f30e7b nsi::Context::set_attribute::hece01fa6af020aae + 1291
5 rdla 0x0000000105ec75e8 rdla::dla::Model::output_scene_nsi::hf4e4db23fecfc048 + 6456 (dla.rs:680)
6 rdla 0x0000000105ec3f98 rdla::dla::Model::write_nsi::he138a2523116eab5 + 504 (dla.rs:214)
7 rdla 0x0000000105f6e29a rdla::run::h68fc195a66728b31 + 2746 (main.rs:189)
8 rdla 0x0000000105f6d377 rdla::main::h07d0073c095b8ae9 + 23 (main.rs:106)
9 rdla 0x0000000105e7342e std::rt::lang_start::_$u7b$$u7b$closure$u7d$$u7d$::h290cdda0e5709f42 + 14 (rt.rs:67)
10 rdla 0x000000010648ca59 std::rt::lang_start_internal::h2d2d7c5f224149f7 + 441 (rt.rs:51)
11 rdla 0x0000000105e73411 std::rt::lang_start::hfedcbb7371f0dcc8 + 65 (rt.rs:67)
12 rdla 0x0000000105f70432 main + 34
13 libdyld.dylib 0x00007fff6aac0cc9 start + 1