Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1q1oNQ-0006Pe-Gp for pgsql-hackers@arkaria.postgresql.org; Wed, 24 May 2023 13:18:04 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1q1oNP-0007XB-F6 for pgsql-hackers@arkaria.postgresql.org; Wed, 24 May 2023 13:18:03 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1q1oNP-0007X2-1E for pgsql-hackers@lists.postgresql.org; Wed, 24 May 2023 13:18:03 +0000 Received: from mail-ej1-x629.google.com ([2a00:1450:4864:20::629]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1q1oNL-001dzt-AW for pgsql-hackers@lists.postgresql.org; Wed, 24 May 2023 13:18:01 +0000 Received: by mail-ej1-x629.google.com with SMTP id a640c23a62f3a-96fa4a6a79bso136807466b.3 for ; Wed, 24 May 2023 06:17:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=enterprisedb.com; s=google; t=1684934278; x=1687526278; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=8dINF/9gqYL3sjkA7h4yekqlGgllRap2tFT+BIbnUoo=; b=dmBYZJ/WAYSBJDVgYN2nn3YJJ2ggT15HDw1+HhEkwlF1cgbmrpAHOZRdv52mFA9sp6 2A7oxLR3btwCWgI2unniRnKcWz+DDIcgrdsis1ZrER5VAMwEGN4dutC1SGPPhTMtJEVj rcqmidqF4F8WnaHjhLZgoJIHu6tsBNgt2/7k4f0FRxmoExOl8+Fax+af6yXlecWg0s03 BMJMl7OZa5MWhIa1zz0wKcPl4lJTHu0RmezqeLOiOXmKiCfNa5peBwerFDVh6uEVo86r fgJufGIr6pdmdzs6m2avFKi/YCxHhTqbCcjXGEqhC9m4eD4phT1ZKaRkWFuBONteg/8r Yi5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684934278; x=1687526278; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=8dINF/9gqYL3sjkA7h4yekqlGgllRap2tFT+BIbnUoo=; b=CzxHU0UwnoccxrdOH574cWbdh7R+Itfpg/sN8z0DEHmP/P57fx8svgBviFCO5ClNTP nKOx4edGIBdiH6pnIxlNm5iJ1CSlMUbZeDa52wWg1HPC2SzmQHj7JzqueN8knv8wxAqi P8o0VkbcjvZdasJvYdpr/v2tpmIRdrKq4xzuzWjkIzDsM+mcMzpCSatleT06He6h299K 9oN6WRDM6oOHq0saT3bA5xDbeaTcp67fHQCQhrER2MPZscl4x0vjMkT014CfVrTL9d2s hsYNKhJIJB790qvMV51OVQfraAnDmmA7C9KmJiAzgKxwY2zigugGBxGaei9mN8J5CMEF +DKQ== X-Gm-Message-State: AC+VfDxbYec48Cu7opDYEbSWq/rhFDvzr9P2LRVwGkj3RWQIYnZEVzDq A7hMQQh3wpgihdpcWJ8Z9rOcKaQIXhh+ly68jR+ODHKMb/MvEP5wy/MJosavm/HCAP20AkNWOJY sdaS/xuSrS3/kl34HsubXW58iEeIyA7maP4UGfv3B6O4Oe8nttey7omt82zQ2VHw3hrKzHVWSKH H2ej9m8dHUyd+dX2czYawbduEMUA+33f7JMLV/iVkEPC0aXHXVaf0m X-Google-Smtp-Source: ACHHUZ5yVkHbXAzGZ+Sdd1VNjx972vhPyxtvO7GuSGJTRazEt3QizouWhdGImH5ZHDvYHDkwpDRYvg== X-Received: by 2002:a17:907:7e8b:b0:960:d9d:ffb5 with SMTP id qb11-20020a1709077e8b00b009600d9dffb5mr18524460ejc.41.1684934273072; Wed, 24 May 2023 06:17:53 -0700 (PDT) Received: from [10.137.0.17] (static-84-42-175-93.bb.vodafone.cz. [84.42.175.93]) by smtp.gmail.com with ESMTPSA id ja8-20020a170907988800b0096f272206b3sm5726200ejc.125.2023.05.24.06.17.52 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 24 May 2023 06:17:52 -0700 (PDT) Message-ID: <9574e4b6-3334-777b-4287-29d81151963a@enterprisedb.com> Date: Wed, 24 May 2023 15:17:52 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: memory leak in trigger handling (since PG12) Content-Language: en-US To: Jakub Wartak , Andres Freund Cc: Tom Lane , PostgreSQL Hackers References: <222a3442-7f7d-246c-ed9b-a76209d19239@enterprisedb.com> <20230523171433.earidmyzock7fnk4@awork3.anarazel.de> <965727.1684862910@sss.pgh.pa.us> <20230523180113.3qqpbnvndbyyqrcr@awork3.anarazel.de> From: Tomas Vondra In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-CLOUD-SEC-AV-Info: enterprisedb,google_mail,monitor X-CLOUD-SEC-AV-Sent: true X-Gm-Spam: 0 X-Gm-Phishy: 0 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 5/24/23 10:19, Jakub Wartak wrote: > Hi, just two cents: > > On Tue, May 23, 2023 at 8:01 PM Andres Freund wrote: >> >> Hi, >> >> On 2023-05-23 13:28:30 -0400, Tom Lane wrote: >>> Andres Freund writes: >>>> Could it help to have a mode where the executor shutdown hook checks how much >>>> memory is allocated in ExecutorState and warns if its too much? >>> >>> It'd be very hard to set a limit for what's "too much", since the amount >>> of stuff created initially will depend on the plan size. >> >> I was thinking of some limit that should really never be reached outside of a >> leak or work_mem based allocations, say 2GB or so. > > RE: instrumentation subthread: > if that helps then below technique can work somewhat good on normal > binaries for end users (given there are debug symbols installed), so > maybe we don't need that much infrastructure added in to see the hot > code path: > > perf probe -x /path/to/postgres 'palloc' 'size=%di:u64' # RDI on > x86_64(palloc size arg0) > perf record -avg --call-graph dwarf -e probe_postgres:palloc -aR -p > sleep 3 # cannot be longer, huge overhead (~3s=~2GB) > > it produces: > 50.27% (563d0e380670) size=24 > | > ---palloc > bms_copy > ExecUpdateLockMode > ExecBRUpdateTriggers > ExecUpdate > [..] > > 49.73% (563d0e380670) size=16 > | > ---palloc > bms_copy > RelationGetIndexAttrBitmap > ExecUpdateLockMode > ExecBRUpdateTriggers > ExecUpdate > [..] > > Now we know that those small palloc() are guilty, but we didn't know > at the time with Tomas. The problem here is that we do not know in > palloc() - via its own arguments for which MemoryContext this is going > to be allocated for. This is problematic for perf, because on RHEL8, I > was not able to generate an uprobe that was capable of reaching a > global variable (CurrentMemoryContext) at that time. > I think there are a couple even bigger issues: (a) There are other methods that allocate memory - repalloc, palloc0, MemoryContextAlloc, ... and so on. But presumably we can trace all of them at once? We'd have to trace reset/deletes too. (b) This doesn't say if/when the allocated chunks get freed - even with a fix, we'll still do exactly the same number of allocations, except that we'll free the memory shortly after that. I wonder if we could print a bit more info for each probe, to match the alloc/free requests. > Additionally what was even more frustrating on diagnosing that case on > the customer end system, was that such OOMs were crashing other > PostgreSQL clusters on the same OS. Even knowing the exact guilty > statement it was impossible to limit RSS memory usage of that > particular backend. So, what you are proposing makes a lot of sense. > Also it got me thinking of implementing safety-memory-net-GUC > debug_query_limit_backend_memory=X MB that would inject > setrlimit(RLIMIT_DATA) through external extension via hook(s) and > un-set it later, but the man page states it works for mmap() only > after Linux 4.7+ so it is future proof but won't work e.g. on RHEL7 - > maybe that's still good enough?; Or, well maybe try to hack a palloc() > a little, but that has probably too big overhead, right? (just > thinking loud). > Not sure about setting a hard limit - that seems pretty tricky and may easily backfire. It's already possible to set such memory limit using e.g. cgroups, or even better use VMs to isolate the instances. I certainly agree it's annoying that when OOM hits, we end up with no information about what used the memory. Maybe we could have a threshold triggering a call to MemoryContextStats? So that we have at least some memory usage info in the log in case the OOM killer intervenes. regards -- Tomas Vondra EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company