JEMALLOC memory profiling with static executable crashes or deadlocks

[neunhoef]

I have a tiny program:

#include <jemalloc/jemalloc.h>

#include <chrono>
#include <cstdlib>
#include <string>
#include <thread>

int main(int argc, char* argv[]) {
  char* buf[1000];
  for (size_t i = 0; i < 1000; ++i) {
    buf[i] = (char*)malloc(1024);
  }
  std::this_thread::sleep_for(std::chrono::seconds(1));
  char const* f = "filename.heap";
  mallctl("prof.dump", NULL, NULL, &f, sizeof(const char*));
  for (size_t i = 0; i < 1000; ++i) {
    free((void*)buf[i]);
  }
  return 0;
}

If I compile this with the following command:

g++ jemalloctest.cpp -o jemalloctest -Wall -O0 -std=c++17 -l jemalloc -static -g

(I used Ubuntu 22.04 and the g++ compiler version 11.2.0-19ubuntu-1).

The resulting executable immediately crashes with this stack trace (provided I set export MALLOC_CONF="prof:true" to activate JEMALLOC heap profiling):

(gdb) bt
#0  0x000000000031453c in pthread_kill ()
#1  0x00000000002ed176 in raise ()
#2  0x00000000002ed520 in abort ()
#3  0x00000000002d3de0 in uw_init_context_1[cold] ()
#4  0x00000000002d3cec in _Unwind_Backtrace ()
#5  0x00000000002ae51e in je_prof_boot2 ()
#6  0x000000000024460b in malloc_init_hard ()
#7  0x000000000024611d in je_malloc_default ()
#8  0x000000000036ebbb in _dl_get_origin ()
#9  0x0000000000377ad7 in _dl_non_dynamic_init ()
#10 0x00000000002d64da in __libc_init_first ()
#11 0x00000000002d80da in __libc_start_main_impl ()
#12 0x000000000023e925 in _start ()

The test program is almost certainly not minimal, since the code in main is not even run, we are in the initialization code before main. I have another, larger example, where we build a whole application using alpine linux and libmusl with static executables. There it does not crash but gets into a deadlock in pretty much the same situation, since malloc_init_hard calls the libunwind initialization routines, which in turn seems to call malloc, which tries again to initialize using malloc_init_hard.

[interwq]

Can you please try if this still happens with the current jemalloc dev branch? We made some tweaks to the init ordering to help tolerate reentrant mallocs, although it's still far from fully supported.

[everschen]

I am lucky to reproduce this issue in the latest code, I will try to fix it.

evers@xiaomi:~/jemalloc$ gdb ./jemalloctest /var/lib/apport/coredump/core._home_evers_jemalloc_jemalloctest.1000.94c05190-5c1d-43dd-a74c-a05ca8ab5451.2435825.217536364
GNU gdb (Ubuntu 13.1-2ubuntu2) 13.1
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
https://www.gnu.org/software/gdb/bugs/.
Find the GDB manual and other documentation resources online at:
http://www.gnu.org/software/gdb/documentation/.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./jemalloctest...
[New LWP 2435825]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `./jemalloctest'.
Program terminated with signal SIGABRT, Aborted.
#0 0x00000000004f55db in pthread_kill ()
(gdb) bt
#0 0x00000000004f55db in pthread_kill ()
#1 0x00000000004e86a6 in raise ()
#2 0x0000000000410b36 in abort ()
#3 0x0000000000410a0c in uw_init_context_1[cold] ()
#4 0x00000000004b81fc in _Unwind_Backtrace ()
#5 0x00000000004a29e2 in je_prof_unwind_init () at src/prof_sys.c:445
#6 0x0000000000495542 in je_prof_boot2 (tsd=tsd@entry=0x1cc0358, base=) at src/prof.c:753
#7 0x0000000000418436 in malloc_init_hard () at src/jemalloc.c:2223
#8 0x000000000041d845 in malloc_init () at src/jemalloc.c:301
#9 imalloc_init_check (dopts=, sopts=) at src/jemalloc.c:2689
#10 imalloc (dopts=, sopts=) at src/jemalloc.c:2720
#11 je_malloc_default (size=22) at src/jemalloc.c:2753
#12 0x00000000004ddaeb in _dl_get_origin ()
#13 0x00000000004e09a7 in _dl_non_dynamic_init ()
#14 0x00000000004e2739 in __libc_init_first ()
#15 0x00000000004bb957 in __libc_start_main_impl ()
#16 0x0000000000410e55 in _start ()
(gdb)

[everschen]

it looks it works if you reset MALLOC_CONF to "" and enable it through ./configure --enable-prof, so it likes something conflict with MALLOC_CONF.

[interwq]

@everschen that MALLOC_CONF is needed to enable heap profiling. The compile time option only makes the binary profiling capable, not enabling it. This is likely an init order issue.

[everschen]

got it, thanks for the information.

[everschen]

this issue is much like below two mentions:
golang/go#38742
gperftools/gperftools#1184

hope it could be helpful for further investigation, I have tried to change init order, it looks it doesn't work.

[han-ian]

any update? I have encountered the same issue.