Mistral AI Fixes Memory Leak in vLLM, Revealing Heaps Do Lie

Mistral’s engineers soon discovered that the leak was not a simple Python‑level bug but a deep‑seated interaction between the vLLM decoder and the NIXL‑based KV‑cache transfer layer. The problem manifested only when the “Prefill/Decode” disaggregation pipeline was active, a setup that splits a request into a prefill phase (which builds the KV‑cache) and a decode phase (which consumes it). According to the engineering deep‑dive posted on Mistral’s blog, the leak appeared on the decode side, where the KV‑cache is handed off via NIXL, a wrapper around UCX (Unified Communication X) that drives high‑performance data movement over InfiniBand. Because the leak grew at a steady 400 MB per minute, a production‑like workload would exhaust memory after just a few hours, forcing the service into an “out‑of‑memory” state.

The team’s first line of defense—standard Python profilers such as Memray and Guppy 3—showed nothing abnormal, and attempts to attach GDB crashed the entire process. Even heavyweight native tools like Valgrind proved impractical given vLLM’s size and the latency‑sensitive nature of the test harness. Mistral therefore escalated to kernel‑level tracing, instrumenting the UCX stack to watch allocation patterns in real time. What they found was a subtle reference‑count mismatch inside the NIXL driver: each KV‑cache segment received a “retain” call when transferred, but the corresponding “release” was never issued on the decode side. The result was a hidden heap allocation that grew linearly with every token generated, a classic leak that the higher‑level heaps simply could not expose—hence the headline that “heaps do lie.”

Fixing the bug required a two‑pronged approach. First, the Mistral team patched the NIXL driver to correctly balance retain and release calls, ensuring that each KV‑cache fragment is freed once decoding completes. Second, they added a lightweight watchdog in the vLLM decoder that monitors the size of the UCX‑managed memory pool and forces a graceful reset if growth exceeds a configurable threshold. Both changes were merged back into the open‑source vLLM repository after a coordinated review with the vLLM core maintainers, who confirmed that the issue was isolated to the disaggregated serving path and did not affect vanilla vLLM deployments. Mistral’s post‑mortem notes that the fix eliminated the 400 MB‑per‑minute drift, restoring stable memory footprints even under sustained traffic.

The episode underscores a broader lesson for AI infrastructure teams: performance‑optimizing layers—especially those that cross language boundaries or rely on specialized communication stacks—can mask classic memory‑management bugs from conventional observability tools. Mistral’s engineers highlighted the “hidden risks of dependency layers” in modern serving stacks, a point echoed by the company’s own engineering blog. For developers building large‑scale inference pipelines, the takeaway is clear: when a leak refuses to show up in Python‑level metrics, it may be lurking in the kernel or in a third‑party library that the runtime assumes is “well‑behaved.” The deep‑dive also serves as a reminder that open‑source collaborations, like the one between Mistral and the vLLM community, can accelerate both detection and remediation of such low‑level defects.

Beyond the technical fix, Mistral’s handling of the incident reflects its growing maturity as a European AI contender. Forbes recently profiled the company as “widely touted as the European rival to OpenAI,” noting its commitment to open‑source models and rapid iteration cycles. While the leak did not affect any external customers—Mistral says the issue surfaced only in internal pre‑production testing—it did prompt a review of their monitoring stack and a push to embed more granular kernel‑level metrics into their Grafana dashboards. The company’s CEO, who has been vocal about “leak” rumors surrounding a new open‑source model nearing GPT‑4 performance (VentureBeat, 2026), used the episode to illustrate the importance of transparent engineering practices in building trust with the broader AI ecosystem.

In sum, the memory‑leak saga at Mistral AI is a textbook case of how sophisticated serving architectures can conceal classic bugs, and how a disciplined, multi‑layered debugging strategy can bring them to light. By exposing the flaw in the NIXL‑UCX path and sharing the remediation publicly, Mistral not only stabilizes its own disaggregated inference pipeline but also contributes a valuable lesson to the community: when heaps “lie,” you have to look deeper—sometimes all the way down to the kernel.