JDK-8048353 : jstack -l crashes VM when a Java mirror for a primitive type is locked
  • Type: Bug
  • Component: hotspot
  • Sub-Component: runtime
  • Affected Version: 9
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2014-06-27
  • Updated: 2016-10-07
  • Resolved: 2015-07-22
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7 JDK 8 JDK 9
6u105Fixed 7u91Fixed 8u66Fixed 9 b77Fixed
Related Reports
Duplicate :  
JDK-8158481 - V [libjvm.so+0x71c8bb] Klass::external_name() const+0x1b
Duplicate :  
JDK-8154981 - JVM Crashed in JDK1.7.0_79 with JBoss EAP6.4.0 server
Duplicate :  
JDK-8069145 - Application crashed with a crash dump
Relates :  
JDK-6300884 - Thread dumps should show actual class locks
Description
This bug affects all versions of HotSpot from JDK6 and above after JDK-6300884.

A crash is reported against JDK6u32 for segfaulting while printing the Java stacks. Its hs_err file is like:

#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007f6bdf6b5982, pid=20936, tid=1110554976
#
# JRE version: 6.0_32-b05
# Java VM: Java HotSpot(TM) 64-Bit Server VM (20.7-b02 mixed mode linux-amd64 )
# Problematic frame:
# V  [libjvm.so+0x62c982]  Klass::external_name() const+0x12
#
# If you would like to submit a bug report, please visit:
#   http://java.sun.com/webapps/bugreport/crash.jsp
#

---------------  T H R E A D  ---------------

Current thread (0x00000000402a1800):  VMThread [stack: 0x000000004221b000,0x000000004231c000] [id=20990]

siginfo:si_signo=SIGSEGV: si_errno=0, si_code=1 (SEGV_MAPERR), si_addr=0x0000000000000018

Registers:
RAX=0x0000000000000000, RBX=0x00007f6bd6972060, RCX=0x00007f6bdfb0e790, RDX=0x0000000000000010
RSP=0x000000004231a790, RBP=0x000000004231a7e0, RSI=0x0000000000000010, RDI=0x0000000000000010
R8 =0x000000000000001f, R9 =0x0000000000000008, R10=0x0000000000000007, R11=0x00007f6bdfb29320
R12=0x00000000402a1d60, R13=0x0000000000000010, R14=0x00007f6bdf961cf2, R15=0x0000000040260020
RIP=0x00007f6bdf6b5982, EFLAGS=0x0000000000010206, CSGSFS=0x0000000000000033, ERR=0x0000000000000004
  TRAPNO=0x000000000000000e

Top of Stack: (sp=0x000000004231a790)
0x000000004231a790:   0000000040260058 0000000040260028
0x000000004231a7a0:   00007f5752022e20 00007f5752022e40
0x000000004231a7b0:   00007f5752022ec0 00007f6bdfc80d60
0x000000004231a7c0:   00007f6bd6972060 00000000402a1d60
0x000000004231a7d0:   0000000000000000 00007f6bdf961cf2
0x000000004231a7e0:   000000004231a860 00007f6bdf8e04c1
0x000000004231a7f0:   010000004231a810 00007f5752022e70
0x000000004231a800:   0000000000000000 000000004352ce90
0x000000004231a810:   00000000402a0d60 000000004025ffd0
0x000000004231a820:   0000000040260380 00000000402603b8
0x000000004231a830:   0000000040260380 00007f6bdfb2cf10
0x000000004231a840:   0000000040260020 0000000000000000
0x000000004231a850:   0000000000000000 000000004352ce90
0x000000004231a860:   000000004231abe0 00007f6bdf8a614d
0x000000004231a870:   0000000000000000 000000004231ab60
0x000000004231a880:   000000004382f850 00007f6bdbc7427e
0x000000004231a890:   00007f6bdbc74210 0000000000000000
0x000000004231a8a0:   0000000000000000 000000004382f850
0x000000004231a8b0:   0000000000000000 0000000000000000
0x000000004231a8c0:   0000000000000000 0000000000000000
0x000000004231a8d0:   0000000000000000 0000000000000000
0x000000004231a8e0:   0000000000000000 0000000000000000
0x000000004231a8f0:   0000000000000000 0000000000000000
0x000000004231a900:   0000000000000000 0000000000000000
0x000000004231a910:   0000000000000000 0000000000000000
0x000000004231a920:   0000000000000000 0000000000000000
0x000000004231a930:   0000000000000000 0000000000000000
0x000000004231a940:   0000000000000000 0000000000000000
0x000000004231a950:   0000000000000000 0000000000000000
0x000000004231a960:   0000000000000000 0000000000000000
0x000000004231a970:   0000000000000000 0000000000000000
0x000000004231a980:   0000000000000000 0000000000000000 

Instructions: (pc=0x00007f6bdf6b5982)
0x00007f6bdf6b5962:   83 ef 10 48 89 e5 ff d6 c9 c3 66 66 66 90 55 48
0x00007f6bdf6b5972:   89 e5 41 56 41 55 49 89 fd 41 54 53 48 83 ec 30
0x00007f6bdf6b5982:   8b 47 08 85 c0 0f 8e f3 00 00 00 48 83 bf f8 00
0x00007f6bdf6b5992:   00 00 00 0f 84 e5 00 00 00 48 8b 7f 60 48 8b 17 

Register to memory mapping:

RAX=0x0000000000000000 is an unknown value
RBX=0x00007f6bd6972060 is an oop
java.lang.Class 
 - klass: 'java/lang/Class'
RCX=0x00007f6bdfb0e790: <offset 0xa85790> in /home/work/hadoop-v2/java6/jre/lib/amd64/server/libjvm.so at 0x00007f6bdf089000
RDX=0x0000000000000010 is an unknown value
RSP=0x000000004231a790 is an unknown value
RBP=0x000000004231a7e0 is an unknown value
RSI=0x0000000000000010 is an unknown value
RDI=0x0000000000000010 is an unknown value
R8 =0x000000000000001f is an unknown value
R9 =0x0000000000000008 is an unknown value
R10=0x0000000000000007 is an unknown value
R11=0x00007f6bdfb29320: <offset 0xaa0320> in /home/work/hadoop-v2/java6/jre/lib/amd64/server/libjvm.so at 0x00007f6bdf089000
R12=0x00000000402a1d60 is an unknown value
R13=0x0000000000000010 is an unknown value
R14=0x00007f6bdf961cf2: <offset 0x8d8cf2> in /home/work/hadoop-v2/java6/jre/lib/amd64/server/libjvm.so at 0x00007f6bdf089000
R15=0x0000000040260020 is an unknown value


Stack: [0x000000004221b000,0x000000004231c000],  sp=0x000000004231a790,  free space=1021k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0x62c982]  Klass::external_name() const+0x12
V  [libjvm.so+0x8574c1]  javaVFrame::print_lock_info_on(outputStream*, int)+0x221
V  [libjvm.so+0x81d14d]  JavaThread::print_stack_on(outputStream*)+0x1dd
V  [libjvm.so+0x81fb7e]  Threads::print_on(outputStream*, bool, bool, bool)+0x21e
V  [libjvm.so+0x86e5d8]  VM_PrintThreads::doit()+0x18
V  [libjvm.so+0x86e29a]  VM_Operation::evaluate()+0x4a
V  [libjvm.so+0x86d862]  VMThread::evaluate_operation(VM_Operation*)+0x82
V  [libjvm.so+0x86dad8]  VMThread::loop()+0x198
V  [libjvm.so+0x86d5de]  VMThread::run()+0x6e
V  [libjvm.so+0x71170f]  java_start(Thread*)+0x13f

VM_Operation (0x000000004352ce20): PrintThreads, mode: safepoint, requested by thread 0x00007f575de76000


On the jstack side, the output is like:

Exception in thread "main" java.io.IOException: Premature EOF
        at sun.tools.attach.HotSpotVirtualMachine.readInt(HotSpotVirtualMachine.java:226)
        at sun.tools.attach.LinuxVirtualMachine.execute(LinuxVirtualMachine.java:175)
        at sun.tools.attach.HotSpotVirtualMachine.executeCommand(HotSpotVirtualMachine.java:195)
        at sun.tools.attach.HotSpotVirtualMachine.remoteDataDump(HotSpotVirtualMachine.java:156)
        at sun.tools.jstack.JStack.runThreadDump(JStack.java:159)
        at sun.tools.jstack.JStack.main(JStack.java:94)


It it caused by print_locked_object_class_name() blindly casting a java.lang.Class oop to its Klass and getting the external name from there. Java mirrors for primitive types do not have a backing Klass, so we should special case for them here.

A proposed fix for current JDK9:


$ hg diff
diff -r 18415052d89c src/share/vm/classfile/javaClasses.cpp
--- a/src/share/vm/classfile/javaClasses.cpp	Tue Jun 24 12:27:51 2014 -0700
+++ b/src/share/vm/classfile/javaClasses.cpp	Thu Jun 26 16:45:58 2014 -0700
@@ -791,6 +791,24 @@
 }
 
 
+// Returns the Java name for this Java mirror (Resource allocated)
+// See Klass::external_name().
+// For primitive type Java mirrors, its type name is returned.
+const char* java_lang_Class::as_external_name(oop java_class) {
+  assert(java_lang_Class::is_instance(java_class), "must be a Class object");
+  const char* name = NULL;
+  if (is_primitive(java_class)) {
+    name = type2name(primitive_type(java_class));
+  } else {
+    name = as_Klass(java_class)->external_name();
+  }
+  if (name == NULL) {
+    name = "<null>";
+  }
+  return name;
+}
+
+
 Klass* java_lang_Class::array_klass(oop java_class) {
   Klass* k = ((Klass*)java_class->metadata_field(_array_klass_offset));
   assert(k == NULL || k->is_klass() && k->oop_is_array(), "should be array klass");
diff -r 18415052d89c src/share/vm/classfile/javaClasses.hpp
--- a/src/share/vm/classfile/javaClasses.hpp	Tue Jun 24 12:27:51 2014 -0700
+++ b/src/share/vm/classfile/javaClasses.hpp	Thu Jun 26 16:45:58 2014 -0700
@@ -270,7 +270,8 @@
     return result;
   }
   static Symbol* as_signature(oop java_class, bool intern_if_not_found, TRAPS);
-  static void print_signature(oop java_class, outputStream *st);
+  static void print_signature(oop java_class, outputStream* st);
+  static const char* as_external_name(oop java_class);
   // Testing
   static bool is_instance(oop obj) {
     return obj != NULL && obj->klass() == SystemDictionary::Class_klass();
diff -r 18415052d89c src/share/vm/runtime/vframe.cpp
--- a/src/share/vm/runtime/vframe.cpp	Tue Jun 24 12:27:51 2014 -0700
+++ b/src/share/vm/runtime/vframe.cpp	Thu Jun 26 16:45:58 2014 -0700
@@ -148,8 +148,7 @@
   if (obj.not_null()) {
     st->print("\t- %s <" INTPTR_FORMAT "> ", lock_state, (address)obj());
     if (obj->klass() == SystemDictionary::Class_klass()) {
-      Klass* target_klass = java_lang_Class::as_Klass(obj());
-      st->print_cr("(a java.lang.Class for %s)", InstanceKlass::cast(target_klass)->external_name());
+      st->print_cr("(a java.lang.Class for %s)", java_lang_Class::as_external_name(obj()));
     } else {
       Klass* k = obj->klass();
       st->print_cr("(a %s)", k->external_name());
Comments
No issues in the recent 7u hotspot nightly. SQE OK to take the fix to PSU15_04.
20-08-2015
(Changed to PSU critical request as this is not needed for the JDK 8 CPU)
17-08-2015