JDK-6943926 : G1: Integer overflow during heap region verification
  • Type: Bug
  • Component: hotspot
  • Sub-Component: gc
  • Affected Version: 6u21
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2010-04-14
  • Updated: 2013-09-18
  • Resolved: 2011-03-08
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7 Other
6u21pFixed 7Fixed hs18Fixed
Description
During ad-hoc testing the following failure was observed with the except001 test case:


;; Using jvm: "/export/local/common/jdk/baseline/linux-amd64/jre/lib/amd64/server/libjvm.so"
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  Internal Error (/tmp/jprt/P1/B/211824.ap31282/source/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp:2396), pid=12771, tid=140039998716240
#  Error: guarantee(!failures,"there should not have been any failures")
#
# JRE version: 7.0-b88
# Java VM: OpenJDK 64-Bit Server VM (18.0-b02-2010-04-12-211824.ap31282.hotspot-g1-leonid-fastdebug compiled mode linux-amd64 )
# If you would like to submit a bug report, please visit:
#   http://java.sun.com/webapps/bugreport/crash.jsp
#

The stack trace, from the hs_err file is:

Stack: [0x00007f5d9a50b000,0x00007f5d9a60c000],  sp=0x00007f5d9a60a230,  free space=3fc0000000000000018k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0xa342cf];;  _ZN7VMError6reportEP12outputStream+0x138f
V  [libjvm.so+0xa3466a];;  _ZN7VMError14report_and_dieEv+0x2da
V  [libjvm.so+0x488ade];;  _Z12report_fatalPKciS0_+0x6e
V  [libjvm.so+0x51d18a];;  _ZN15G1CollectedHeap6verifyEbbb+0x3ea
V  [libjvm.so+0xa0225b];;  _ZN8Universe6verifyEbbb+0x26b
V  [libjvm.so+0x43ecd8];;  _ZN14ConcurrentMark7cleanupEv+0x958
V  [libjvm.so+0xa50a6f];;  _ZN16VM_CGC_Operation4doitEv+0xcf
V  [libjvm.so+0xa4fb9f];;  _ZN12VM_Operation8evaluateEv+0x8f
V  [libjvm.so+0xa4dd40];;  _ZN8VMThread18evaluate_operationEP12VM_Operation+0xc0
V  [libjvm.so+0xa4e9a5];;  _ZN8VMThread4loopEv+0x515
V  [libjvm.so+0xa4ebbe];;  _ZN8VMThread3runEv+0xae
V  [libjvm.so+0x864fb0];;  _ZL10java_startP6Thread+0xf0

VM_Operation (0x00007f5d9af28ed0): CGC_Operation, mode: safepoint, requested by thread 0x00007f5d9c04e800

A link to the test can be found at:

http://sqeweb.sfbay.sun.com/nfs/tools/gtee/results/JDK6/ADHOC/VM/2010-04-13_05/vm/linux-amd64/server/comp/linux-amd64_server_comp_nsk.stress.testlist/analysis.html

The test directory (including log files and re-run scripts):

http://sqeweb.sfbay.sun.com/nfs/tools/gtee/results/JDK6/ADHOC/VM/2010-04-13_05/vm/linux-amd64/server/comp/linux-amd64_server_comp_nsk.stress.testlist/ResultDir/except001/

The machine name is vm-x2250-04.

Comments
EVALUATION http://hg.openjdk.java.net/jdk7/hotspot-gc/hotspot/rev/5dbd9300cf9c
16-04-2010

SUGGESTED FIX Cast the result of the size() method to a size_t or cache the result in a sufficently sized local variable.
15-04-2010

EVALUATION Integer overflow in live bytes calculation in VerifyObjsInRegionClosure when the region is sufficently humongous.
15-04-2010