Bug ID: JDK-6896647 card marks can be deferred too long

JDK-6896647 : card marks can be deferred too long

Type: Bug
Component: hotspot
Sub-Component: gc
Affected Version: hs16,hs17,6u16,6u18

Priority: P2
Status: Closed
Resolution: Fixed
OS:
generic,linux,solaris_10,windows,windows_2003 generic,linux,solaris_10,windows,windows_2003
CPU: generic,x86,sparc

Submitted: 2009-10-30
Updated: 2012-05-22
Resolved: 2011-03-07

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 6	JDK 7	Other
6u18-revFixed	7Fixed	OpenJDK6,hs16.1Fixed

Related Reports

Duplicate :	JDK-6907806 - JVM receives SEGV in PSPromotionManager::copy_to_survivor_space() intermittently
Duplicate :	JDK-6913441 - CMS: SIGSEGV in CompactibleFreeListSpace::compact
Duplicate :	JDK-6899654 - Parallel GC: SIGSEGV in PSPromotionManager::copy_to_survivor_space/StealTask::do_it
Duplicate :	JDK-6952590 - SIGSEGV in GCTaskThread
Duplicate :	JDK-6919845 - VM crashed in PSPromotionManager::copy_to_survivor_space()
Duplicate :	JDK-7004177 - JDK6u18 SIGSEGV: SEGV_ACCERR thrown when executing java.lang.ThreadLocal.get() method
Duplicate :	JDK-6899780 - EXCEPTION_ACCESS_VIOLATION in size_given_klass
Duplicate :	JDK-6895455 - 6.0u16 windows JVM crash in ObjectSynchronizer::inflate
Duplicate :	JDK-6919267 - SIGSEGV thrown when runing BigApp Application
Duplicate :	JDK-6918071 - JVM Crashes under load
Relates :	JDK-6899058 - G1: Internal error in ptrQueue.cpp:201 in nightly tests
Relates :	JDK-6904858 - G1: Disable ReduceInitialCardMarks feature for G1
Relates :	JDK-6916330 - CMS/G1: gc pause latency/scalability concern for flushing deferred card marks single-threaded
Relates :	JDK-6993141 - VMThread receives EXCEPTION_ACCESS_VIOLATION in DefNewGeneration::copy_to_survivor_space
Relates :	JDK-6953483 - Typo related to ReduceInitialCardMarks leaves concurrent collectors vulnerable to heap corruption
Relates :	JDK-6967162 - CMS: 6u18 on Solaris/sparc: crash at void ParScanThreadState::trim_queues
Relates :	JDK-6888898 - CMS: ReduceInitialCardMarks unsafe in the presence of cms precleaning

Description

ParallelGC intermittently crashes with SIGSEGV in PSPromotionManager::copy_to_survivor_space

#
#  SIGSEGV (0xb) at pc=0xb77e3d6e, pid=910, tid=1944603536
#
# JRE version: 7.0-b74
# Java VM: Java HotSpot(TM) Server VM (17.0-b04-2009-10-23-213406.et151817.hs17b04 compiled mode linux-x86 )
# Problematic frame:
# V  [libjvm.so+0x53ed6e]
#
# If you would like to submit a bug report, please visit:
#   http://java.sun.com/webapps/bugreport/crash.jsp
#

---------------  T H R E A D  ---------------

Current thread (0x08059c00):  GCTaskThread [stack: 0x73e04000,0x73e85000] [id=913]

siginfo:si_signo=SIGSEGV: si_errno=0, si_code=1 (SEGV_MAPERR), si_addr=0xf89bf917;; 

Registers:
EAX=0xf89bf90b, EBX=0x9f50a2e8, ECX=0xad68da40, EDX=0xf89bf913
ESP=0x73e83e50, EBP=0x73e83e88, ESI=0xffffffff, EDI=0x9f526ea0EIP=0xb77e3d6e, CR2=0xf89bf917, EFLAGS=0x00010293

Top of Stack: (sp=0x73e83e50)
0x73e83e50:   b419a34c 00000000 00000000 01f1254e
0x73e83e60:   3be56b7d 00e83ea8 0000000a 00000081
0x73e83e70:   b7f178dc ad81c000 00001000 9f50a2e80x73e83e80:   ffffffff 9f526ea0 73e83ed8 b77e5fe1
0x73e83e90:   080aa920 ad68da40 00000001 ffffffff

0x73e83ea0:   b7f13c5c 00000391 004161b0 00000000
0x73e83eb0:   00000001 9f526e9c ffffffff b7968cb0
0x73e83ec0:   08059420 08059428 9f50a2e8 000000ab 

Instructions: (pc=0xb77e3d6e)
0xb77e3d5e:   03 0f 84 1b 01 00 00 8b 4d 0c 8b 41 04 8d 50 08
0xb77e3d6e:   8b 4a 04 83 f9 00 0f 8e 86 00 00 00 c1 f9 02 89 
;; b77e3d5e 03
;; b77e3d5f 0f 84 1b 01 00 00       je     0xb77e3e80
;; b77e3d65 8b 4d 0c                mov    0xc(%ebp),%ecx
;; b77e3d68 8b 41 04                mov    0x4(%ecx),%eax
;; b77e3d6b 8d 50 08                lea    0x8(%eax),%edx
;; ---------------
;; b77e3d6e 8b 4a 04                mov    0x4(%edx),%ecx
;; b77e3d71 83 f9 00                cmp    $0x0,%ecx
;; b77e3d74 0f 8e 86 00 00 00       jle    0xb77e3e00
;; b77e3d7a c1 f9 02                sar    $0x2,%ecx
;; b77e3d7d 89 ff                   mov    %edi,%edi
;; 
Stack: [0x73e04000,0x73e85000],  sp=0x73e83e50,  free space=1ff73e837f4k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0x53ed6e];;  PSPromotionManager::copy_to_survivor_space(oopDesc*, bool)+0x2e
V  [libjvm.so+0x540fe1];;  PSPromotionManager::drain_stacks_depth(bool)+0x601
V  [libjvm.so+0x1e1011];;  CardTableExtension::scavenge_contents_parallel(ObjectStartArray*, MutableSpace*, HeapWord*, P
SPromotionManager*, unsigned int)+0x881
V  [libjvm.so+0x5436ca];;  OldToYoungRootsTask::do_it(GCTaskManager*, unsigned int)+0x3a
V  [libjvm.so+0x30cea5];;  GCTaskThread::run()+0xd5
V  [libjvm.so+0x4f86b9];;  java_start(Thread*)+0xf9
C  [libpthread.so.0+0x61b5]

Comments

EVALUATION http://hg.openjdk.java.net/jdk7/hotspot/hotspot/rev/7b0e9cba0307
17-01-2010
EVALUATION http://hg.openjdk.java.net/jdk7/hotspot-gc/hotspot/rev/7b0e9cba0307
14-01-2010
EVALUATION Copied from an entry in the Comments field: 6888898 deferred the card marks so that they would occur strictly after the initializing stores which they were shadowing. The deferred marks would then be done by the GC worker threads when scanning thread stacks. However, there is no synchronizing barrier between the thread stack scanning (which would apply the deferred card marks) and the subsequent code that does the card-scanning. Thus, card scanning for an arbitrary card whose marking had been deferred could happen before the deferred mark had been written.
16-12-2009
WORK AROUND This bug affects all collectors other than UseSerialGC; see evaluation section.
16-12-2009
EVALUATION Please note that our investigations as to the cause of this bug indicate that it was introduced as a result of some changes in 6888898 and this bug potentially affects all collectors other than UseSerialGC. See workaround section.
16-12-2009
EVALUATION Running with -XX:+VerifyBeforeGC -XX:+VerifyAfterGC hides the problem; 1400+ iterations completed without failure.
15-12-2009
EVALUATION Adding -XX:-ReduceInitialCardMarks works around the problem; a run of the mercurial revision that introduced the problem (39b01ab7035a) with that option passed 500+ iterations.
14-12-2009
WORK AROUND Add the command line option -XX:-ReduceInitialCardMarks
14-12-2009
EVALUATION Bisecting indicates this was introduced with 6888898: CMS: ReduceInitialCardMarks unsafe in the presence of cms precleaning. A build of that mercurial revision (39b01ab7035a) fails regularly in under 20 iterations; a build of the prior revision did not fail after more than 700 iterations.
14-12-2009