SegFault - LuaJIT unable to initialize state due to mmap exhaustion #10865
Description
Description:
The current LuaJIT version used by envoy will, by default, pass in the MAP_32BIT flag to all of it's mmap calls. This restricts the LuaJIT's mmap allocations to 1gb of memory. When running with several lua scripts at a high enough concurrency, mmap will exhause the set of usable memory and error. This results in a NULL lua state object and results in a segfault.
We have witnessed this behavior when running without the --concurrency option on a machine with 36 cores. We were able to work around the issue by limiting our concurrency to 16. I have reproduced the crash easily by setting --concurrency to a reasonably high value and monitored the process's use of memory-maps with pmap -X <PID>.
My research has led me to believe that, on modern CPUs, there isn't a good reason to use MAP_32BIT for performance or otherwise. (fun read on MAP_32BIT). There is a flag within the LuaJIT Makefile to control this behavior and I have confirmed that setting it works around the problem.
@@ -111,7 +111,7 @@ XCFLAGS=
#XCFLAGS+= -DLUAJIT_NUMMODE=2
#
# Enable GC64 mode for x64.
-#XCFLAGS+= -DLUAJIT_ENABLE_GC64
+XCFLAGS+= -DLUAJIT_ENABLE_GC64
#
##############################################################################
Tested running with 2.5k threads (I realize a ridiculous number) and consuming >3gb via mmap. I would be willing to make a PR, but I am unsure if this is desired universally. It may be worth pointing out that in LuaJIT master, this is the default behavior and the flag flips to optionally turn MAP_32BIT back on.
Repro steps:
- Configure to use several Lua scripts
- Launch with high
--concurrencyvalue - Process should crash when launching worker threads (monitor anonymous mmap usage with
pmap -X <PID>
Call Stack:
azel-out/k8-opt/bin/external/envoy/source/server/_virtual_includes/backtrace_lib/server/backtrace.h:75] #0: __restore_rt [0x7f461107a390]
azel-out/k8-opt/bin/external/envoy/source/server/_virtual_includes/backtrace_lib/server/backtrace.h:75] #1: luaL_openlibs [0x56521a4f71be]
azel-out/k8-opt/bin/external/envoy/source/server/_virtual_includes/backtrace_lib/server/backtrace.h:75] #2: Envoy::Extensions::Filters::Common::Lua::ThreadLocalState::LuaThreadLocal::LuaThreadLocal() [0x56521a4dc35f]
azel-out/k8-opt/bin/external/envoy/source/server/_virtual_includes/backtrace_lib/server/backtrace.h:75] #3: std::_Function_handler<>::_M_invoke() [0x56521a4dc3eb]
azel-out/k8-opt/bin/external/envoy/source/server/_virtual_includes/backtrace_lib/server/backtrace.h:75] #4: std::_Function_handler<>::_M_invoke() [0x56521ac4c6fc]
azel-out/k8-opt/bin/external/envoy/source/server/_virtual_includes/backtrace_lib/server/backtrace.h:75] #5: std::_Function_handler<>::_M_invoke() [0x56521ac50e4b]