Major Description
Memory allocated for the daemon (i.e., not for a specific bucket) is not limited, and has no mechanism to avoid exceeding the service quota.
Bugs occurring in non-bucket contexts (e.g., MB-56972) can then cause memory usage to grow without limit, eventually leading to OOM.
Such bugs occurring in a bucket context would eventually lead to the bucket quota being entirely consumed, and further frontend ops would be failed (of course, if the bug is not driven by a frontend op, mem_used could still continue to grow).
Applying backpressure/limits in every possible situation may not be practical, but it would be valuable to apply where possible for significant memory users (e.g., bufferevents buffers). Such memory usage should be made more visible (extra stats) and unusual occurrences should be noted (perhaps UI/Capella alerting).