JDK-7167069 : 6 VM flags crash the VM when queried via jinfo
  • Type: Bug
  • Component: hotspot
  • Sub-Component: runtime
  • Affected Version: hs23.2,7
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • OS: generic,linux
  • CPU: generic,x86
  • Submitted: 2012-05-07
  • Updated: 2014-02-04
  • Resolved: 2012-05-16
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7 JDK 8 Other
7u40Fixed 8Fixed hs23.4Resolved
Description
FULL PRODUCT VERSION :
java version "1.7.0_04"
Java(TM) SE Runtime Environment (build 1.7.0_04-b20)
Java HotSpot(TM) 64-Bit Server VM (build 23.0-b21, mixed mode)


FULL OS VERSION :
Linux desktop 3.3.4-3.fc16.x86_64 #1 SMP Thu May 3 14:46:44 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

EXTRA RELEVANT SYSTEM CONFIGURATION :
jdk-7u4-linux-x64.tar.gz downloaded from oracle's website. unpacked on a Fedora 16 system.

SHA1SUM:
46998c8d8baf011ba19fe6a3c19b529e7189b8c7  jdk-7u4-linux-x64.tar.gz

A DESCRIPTION OF THE PROBLEM :
Hi,

I have written a script to extract the default values for every flag in a
running VM, without having access to the source.

while doing so, i have discovered that the following flags, are, when queried
via e.g. 'jinfo -flag $flag $lvmid' crash the VM and produce a core dump.

The flags are :
- CMSLargeCoalSurplusPercent
- CMSLargeSplitSurplusPercent
- CMSSmallCoalSurplusPercent
- CMSSmallSplitSurplusPercent
- FLSLargestBlockCoalesceProximity
- G1ConcMarkStepDurationMillis

It's easy to reproduce, just query a running VM for any of thse flags through
jinfo and you'll get a premature EOF exception from the jinfo side, and a core
dump at the VM side.

I don't think it's therefore necessary to attach the core dump since it's easy
to reproduce. if you need it, let me know.

I am using the jdk-7u4-linux-x64.tar.gz downloaded on Oracle's website, on
Fedora 16.

I have not checked every single JDK6 and JDK7 release, but the problem also
occurs on Java 6 with the same flags, with the exception of
G1ConcMarkStepDurationMillis which does not appear on JDK6.

Regards,
Romain.

THE PROBLEM WAS REPRODUCIBLE WITH -Xint FLAG: Yes

THE PROBLEM WAS REPRODUCIBLE WITH -server FLAG: Yes

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1) Launch any app (a simple dummy class just waiting indefinitely will do)
2) query any of the flags mentionned above (e.g. jinfo -flag $flag $lvmid)
3) vm crashes.

EXPECTED VERSUS ACTUAL BEHAVIOR :
actual behaviour : VM crashes.
expected behaviour : VM does not crash, and jinfo reports the correct value or state for these flags.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
jinfo output :
Exception in thread "main" java.io.IOException: Premature EOF
        at sun.tools.attach.HotSpotVirtualMachine.readInt(HotSpotVirtualMachine.java:248)
        at sun.tools.attach.LinuxVirtualMachine.execute(LinuxVirtualMachine.java:199)
        at sun.tools.attach.HotSpotVirtualMachine.executeCommand(HotSpotVirtualMachine.java:217)
        at sun.tools.attach.HotSpotVirtualMachine.printFlag(HotSpotVirtualMachine.java:195)
        at sun.tools.jinfo.JInfo.flag(JInfo.java:137)
        at sun.tools.jinfo.JInfo.main(JInfo.java:76)

--

shortened hs_err:

Current thread (0x00007fec58001000):  JavaThread "Attach Listener" daemon [_thread_in_vm, id=28865, stack(0x00007fec91ad4000,0x00007fec91bd5000)]

Stack: [0x00007fec91ad4000,0x00007fec91bd5000],  sp=0x00007fec91bd3760,  free space=1021k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0x8a034a]  VMError::report_and_die()+0x2ea
V  [libjvm.so+0x409112]  report_should_not_reach_here(char const*, int)+0x52
V  [libjvm.so+0x4cf961]  Flag::print_as_flag(outputStream*)+0x191
V  [libjvm.so+0x27e578]  print_flag(AttachOperation*, outputStream*)+0x38
V  [libjvm.so+0x27ed27]  attach_listener_thread_entry(JavaThread*, Thread*)+0x117
V  [libjvm.so+0x860228]  JavaThread::thread_main_inner()+0xc8
V  [libjvm.so+0x860378]  JavaThread::run()+0x138
V  [libjvm.so+0x741ff0]  java_start(Thread*)+0x100

Note : it's very simple to reproduce so i don't think attaching the full hs_err / core dump is necessary, considering they'll be easy to recreate. if you do need them, let me know.


REPRODUCIBILITY :
This bug can be reproduced always.

Comments
RULE runtime/7167069/PrintAsFlag.java Crash any
22-10-2012

Adding stacktrace for correct matching: # A fatal error has been detected by the Java Runtime Environment: # # Internal Error (globals.cpp:170), pid=20505, tid=139753978099472 # Error: ShouldNotReachHere() # # JRE version: 7.0_12-b11 # Java VM: Java HotSpot(TM) 64-Bit Server VM (23.6-b03 mixed mode linux-amd64 compressed oops) # Core dump written. Default location: /export/local/113813.JAVASE.NIGHTLY.VM.JFR_Baseline_Weekly.2012-10-21.linux-amd64_javase__server_mixed_JT_HS.runTests/results/workDir/runtime/7167069/PrintAsFlag/core or core.20505 # # An error report file with more information is saved as: # "file" # # If you would like to submit a bug report, please visit: # http://bugreport.sun.com/bugreport/crash.jsp #
22-10-2012

EVALUATION http://hg.openjdk.java.net/lambda/lambda/hotspot/rev/f47478089efc
29-06-2012

EVALUATION http://hg.openjdk.java.net/hsx/hotspot-rt/hotspot/rev/f47478089efc
26-05-2012

EVALUATION http://hg.openjdk.java.net/hsx/hotspot-gc/hotspot/rev/f47478089efc
10-05-2012

SUGGESTED FIX --- a/src/share/vm/runtime/globals.cpp +++ b/src/share/vm/runtime/globals.cpp @@ -148,6 +148,8 @@ st->print("-XX:%s=" UINTX_FORMAT, name, get_uintx()); } else if (is_uint64_t()) { st->print("-XX:%s=" UINT64_FORMAT, name, get_uint64_t()); + } else if (is_double()) { + st->print("-XX:%s=%f", name, get_double()); } else if (is_ccstr()) { st->print("-XX:%s=", name); const char* cp = get_ccstr();
10-05-2012

EVALUATION These flags are doubles, but Flag::print_as_flag() does not handle doubles. It does: if (is_bool()) { ... } else if (is_intx()) { ... } else if (is_uintx()) { ... } else if (is_uint64_t()) { ... } else if (is_ccstr()) { ... } else { ShouldNotReachHere(); }
10-05-2012