Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1q1ub2-0005R1-5Q for pgsql-hackers@arkaria.postgresql.org; Wed, 24 May 2023 19:56:32 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1q1ub0-0007pK-8z for pgsql-hackers@arkaria.postgresql.org; Wed, 24 May 2023 19:56:30 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1q1uaz-0007pB-Vb for pgsql-hackers@lists.postgresql.org; Wed, 24 May 2023 19:56:30 +0000 Received: from mail-ed1-x52f.google.com ([2a00:1450:4864:20::52f]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1q1uav-001vip-OY for pgsql-hackers@lists.postgresql.org; Wed, 24 May 2023 19:56:28 +0000 Received: by mail-ed1-x52f.google.com with SMTP id 4fb4d7f45d1cf-510b56724caso393112a12.1 for ; Wed, 24 May 2023 12:56:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=enterprisedb.com; s=google; t=1684958184; x=1687550184; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=6MKjH3PEBRXnZUA+RRw75Q1luKoSY2yIBTqLG1Noz/I=; b=LZ9JBhu8q9ow0Ocj7N22i4ozS5QEC4zUCWFEkOGH9IKJGsCkxKOHCv+TZfArckSwIb BgXTXMdTQTYtpaMp3bu2YUlZwIWRzmYaL/muSMk55REEkYXQ3OAun7qANE/AiOXKKRnZ rdc1Q7Hhfx1mi1oqFr1r/l1NQD5PAzvxPh9bgOBTBmptiOMt7PTmBLogtXc5zD7qoLCM JSL1sLXdbUmVWetik4PLNSPMiGdI04uJUrTnxEDrP1I8118PkUd64mNkZUlt6wO8XCQf JEVw2Ho9NPqp//yhp4NNFe2JgQptABLXf4iuKqCjLArDuTG2OKZ6ctBSfJ6PF/XgT1Yg OsGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684958184; x=1687550184; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=6MKjH3PEBRXnZUA+RRw75Q1luKoSY2yIBTqLG1Noz/I=; b=ZI2+RyTx3GM/u+o3uhajfdwXcjIcxsZ7alXdvNJX9eOLpRGuWsm96lF1jTtuSf2O5v k7LLBa/doXMrlencN0UIIhy+FXitwvkR8YZvTEpb5AxEoV6mzVWgpWiiemZnoY6a1zky hGBgWIErISksTcpPpqOCLNQ+lPF2HsHSvTAvwtLCkrS51HqCMV+FFy/EFeq9vs3LI0wl NVOkbkG0ggg/4rqd7pO+sKfC0iyzWtLUsBXMCImIWt2G12Vn6QV0J/7DnNC8UCb46yKz FQTQetD05+NqDY3eaGjavFe604ktUF1fiKME97mYKoS4TblYvlo84zChX43VO7MFNgps wcag== X-Gm-Message-State: AC+VfDzZsLaI9BJvu1rHxknRoGzDCVTjSwJ6ilM3cAFyM3mGKpeLYfn1 NdwGPbVASskarP3hETUSsVDsiqWoTN3sIev2OAv9tCvdVt1foX1+OW/sf9WF02LSQTJlmV2JakP SzjSh7+sDnXrYPv365HmLMset82BCd02H4vmM82ZaVLm71TetqNvEy7+bPfUR+6e3vmVilv1djX 0ygUaLni7UscIg402/Mv1jlOFjraCfSVK/SVwqL3gV/inuoqIDgr2d X-Google-Smtp-Source: ACHHUZ72Q9L55KsR8D9UcBCF6DYZ/uNxi9CHPq72dMxi16lV+DIuUiHAhiOGQzq18zvTleDZBXcwVg== X-Received: by 2002:a17:907:7290:b0:932:f88c:c2ff with SMTP id dt16-20020a170907729000b00932f88cc2ffmr382586ejc.34.1684958184109; Wed, 24 May 2023 12:56:24 -0700 (PDT) Received: from [10.137.0.17] (ip-86-49-225-198.bb.vodafone.cz. [86.49.225.198]) by smtp.gmail.com with ESMTPSA id jz24-20020a17090775f800b0094ebc041e20sm6079852ejc.46.2023.05.24.12.56.23 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 24 May 2023 12:56:23 -0700 (PDT) Message-ID: Date: Wed, 24 May 2023 21:56:22 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: memory leak in trigger handling (since PG12) Content-Language: en-US To: Andres Freund Cc: PostgreSQL Hackers References: <222a3442-7f7d-246c-ed9b-a76209d19239@enterprisedb.com> <20230523171433.earidmyzock7fnk4@awork3.anarazel.de> <20230524181408.wlgzhoe7he7h3tjk@awork3.anarazel.de> From: Tomas Vondra In-Reply-To: <20230524181408.wlgzhoe7he7h3tjk@awork3.anarazel.de> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-CLOUD-SEC-AV-Info: enterprisedb,google_mail,monitor X-CLOUD-SEC-AV-Sent: true X-Gm-Spam: 0 X-Gm-Phishy: 0 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 5/24/23 20:14, Andres Freund wrote: > Hi, > > On 2023-05-23 23:26:42 +0200, Tomas Vondra wrote: >> On 5/23/23 19:14, Andres Freund wrote: >>> Hi, >>> >>> On 2023-05-23 18:23:00 +0200, Tomas Vondra wrote: >>>> This means that for an UPDATE with triggers, we may end up calling this >>>> for each row, possibly multiple bitmaps. And those bitmaps are allocated >>>> in ExecutorState, so won't be freed until the end of the query :-( >>> >>> Ugh. >>> >>> >>> I've wondered about some form of instrumentation to detect such issues >>> before. It's obviously a problem that we can have fairly large leaks, like the >>> one you just discovered, without detecting it for a couple years. It's kinda >>> made worse by the memory context infrastructure, because it hides such issues. >>> >>> Could it help to have a mode where the executor shutdown hook checks how much >>> memory is allocated in ExecutorState and warns if its too much? There's IIRC a >>> few places that allocate large things directly in it, but most of those >>> probably should be dedicated contexts anyway. Something similar could be >>> useful for some other long-lived contexts. >>> >> >> Not sure such simple instrumentation would help much, unfortunately :-( >> >> We only discovered this because the user reported OOM crashes, which >> means the executor didn't get to the shutdown hook at all. Yeah, maybe >> if we had such instrumentation it'd get triggered for milder cases, but >> I'd bet the amount of noise is going to be significant. >> >> For example, there's a nearby thread about hashjoin allocating buffiles >> etc. in ExecutorState - we ended up moving that to a separate context, >> but surely there are more such cases (not just for ExecutorState). > > Yes, that's why I said that we would have to more of those into dedicated > contexts - which is a good idea independent of this issue. > Yeah, I think that's a good idea in principle. > >> The really hard thing was determining what causes the memory leak - the >> simple instrumentation doesn't help with that at all. It tells you there >> might be a leak, but you don't know where did the allocations came from. >> >> What I ended up doing is a simple gdb script that sets breakpoints on >> all palloc/pfree variants, and prints info (including the backtrace) for >> each call on ExecutorState. And then a script that aggregate those to >> identify which backtraces allocated most chunks that were not freed. > > FWIW, for things like this I found "heaptrack" to be extremely helpful. > > E.g. for a reproducer of the problem here, it gave me the attach "flame graph" > of the peak memory usage - after attaching to a running backend and running an > UPDATE triggering the leak.. > > Because the view I screenshotted shows the stacks contributing to peak memory > usage, it works nicely to find "temporary leaks", even if memory is actually > freed after all etc. > That's a nice visualization, but isn't that useful only once you determine there's a memory leak? Which I think is the hard problem. > > >>> Hm. Somehow this doesn't seem quite right. Shouldn't we try to use a shorter >>> lived memory context instead? Otherwise we'll just end up with the same >>> problem in a few years. >>> >> >> I agree using a shorter lived memory context would be more elegant, and >> more in line with how we do things. But it's not clear to me why we'd >> end up with the same problem in a few years with what the patch does. > > Because it sets up the pattern of manual memory management and continues to > run the relevant code within a query-lifetime context. > Oh, you mean someone might add new allocations to this code (or into one of the functions executed from it), and that'd leak again? Yeah, true. regards -- Tomas Vondra EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company