JDK-8158373 : SIGSEGV: Metadata::mark_on_stack
  • Type: Bug
  • Component: hotspot
  • Sub-Component: runtime
  • Affected Version: 8u112
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2016-06-01
  • Updated: 2016-10-13
  • Resolved: 2016-06-22
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
8u112 b02Fixed
Related Reports
Relates :  
The hs_err head is:
# A fatal error has been detected by the Java Runtime Environment:
#  SIGSEGV (0xb) at pc=0x00007feef03cc58c, pid=16624, tid=0x00007feeb26e6700
# JRE version: Java(TM) SE Runtime Environment (8.0_112-b01) (build 1.8.0_112-ea-fastdebug-langtools-nightly-h8723-20160526-b01)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (25.112-b01-fastdebug mixed mode linux-amd64 compressed oops)
# Problematic frame:
# V  [libjvm.so+0xcd758c]  Metadata::mark_on_stack(Metadata*)+0xc
# Core dump written. Default location: /export/local/aurora/sandbox/results/ResultDir/anonymous-simple/core or core.16624
# If you would like to submit a bug report, please visit:
#   http://bugreport.java.com/bugreport/crash.jsp

---------------  T H R E A D  ---------------

Current thread (0x00007feee813b000):  VMThread [stack: 0x00007feeb25e6000,0x00007feeb26e7000] [id=16715]

siginfo: si_signo: 11 (SIGSEGV), si_code: 1 (SEGV_MAPERR), si_addr: 0x0000000000000073

RAX=0x000000000000002b, RBX=0x0000000000000000, RCX=0x0000000000000000, RDX=0x00007feed95887a0
RSP=0x00007feeb26e4da0, RBP=0x00007feeb26e4da0, RSI=0x0000000000000001, RDI=0x00007feea9257e08
R8 =0x00007feed95885ed, R9 =0x00007feef078dd80, R10=0x0000000000000000, R11=0x00007feef03e4020
R12=0x00007feeb26e4e28, R13=0x00007feed9588450, R14=0x00007feef03cc580, R15=0x00007feeb26e4db0
RIP=0x00007feef03cc58c, EFLAGS=0x0000000000010282, CSGSFS=0x0000000000000033, ERR=0x0000000000000004

Top of Stack: (sp=0x00007feeb26e4da0)
0x00007feeb26e4da0:   00007feeb26e4e80 00007feef043674b
0x00007feeb26e4db0:   00007feef0d2e850 0000000000000000
0x00007feeb26e4dc0:   00007feed9588582 00007feed95885b0
0x00007feeb26e4dd0:   00007feed9588450 00007feed95885ec
0x00007feeb26e4de0:   0000000000000060 0000000000000000
0x00007feeb26e4df0:   0000000000000000 00007feed95885c0
0x00007feeb26e4e00:   00007feed95885c0 00007feed95886e0
0x00007feeb26e4e10:   00007feed95885c0 00007feed95886e0
0x00007feeb26e4e20:   00007feed9588798 00007feef0d65210
0x00007feeb26e4e30:   00007feeb26e4db0 0000000000000000
0x00007feeb26e4e40:   0000000000000000 00007feee800b000
0x00007feeb26e4e50:   00007fedc8003001 00007feed9588450
0x00007feeb26e4e60:   00007feed9588450 00007feef0e0b678
0x00007feeb26e4e70:   00007feef03cc620 0000000000000001
0x00007feeb26e4e80:   00007feeb26e4eb0 00007feeefd60db9
0x00007feeb26e4e90:   0000000000000001 00007feee80577c0
0x00007feeb26e4ea0:   00007feeb26e4ee0 00007feee80577c0
0x00007feeb26e4eb0:   00007feeb26e4ed0 00007feef03cc308
0x00007feeb26e4ec0:   000000008023ee90 0000000000000001
0x00007feeb26e4ed0:   00007feeb26e4f10 00007feeefd36566
0x00007feeb26e4ee0:   00007feef0d5fb50 00007feef0dfa8d4
0x00007feeb26e4ef0:   00007feef0dfa8d4 0000000000000000
0x00007feeb26e4f00:   00007feee80577c0 0000000000040001
0x00007feeb26e4f10:   00007feeb26e4f80 00007feeefd38255
0x00007feeb26e4f20:   00007feeb26e4f50 00007feeb26e4f40
0x00007feeb26e4f30:   010000052b724b02 00007feef0e11430
0x00007feeb26e4f40:   000000008023ee90 00007feef0491caf
0x00007feeb26e4f50:   00000000002ca8d9 00007feef0e11430
0x00007feeb26e4f60:   00007feeb26e515c 00007feeb26e5030
0x00007feeb26e4f70:   0000000000000017 00007feee812eb50
0x00007feeb26e4f80:   00007feeb26e4fc0 00007feef063a307
0x00007feeb26e4f90:   00007f0500000007 00007feeb26e5060 

Instructions: (pc=0x00007feef03cc58c)
0x00007feef03cc56c:   a6 02 00 00 e8 5b d2 a5 ff e8 d6 a0 0b 00 e9 d2
0x00007feef03cc57c:   fe ff ff 90 55 48 8b 07 be 01 00 00 00 48 89 e5
0x00007feef03cc58c:   4c 8b 58 48 c9 41 ff e3 90 90 90 90 90 90 90 90
0x00007feef03cc59c:   90 90 90 90 55 48 8d 47 08 48 89 e5 48 89 5d f0 

Register to memory mapping:

RAX=0x000000000000002b is an unknown value
RBX=0x0000000000000000 is an unknown value
RCX=0x0000000000000000 is an unknown value
RDX=0x00007feed95887a0 is at entry_point+480 in (nmethod*)0x00007feed9588450

[error occurred during error reporting (printing register info), id 0xb]

Stack: [0x00007feeb25e6000,0x00007feeb26e7000],  sp=0x00007feeb26e4da0,  free space=1019k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0xcd758c]  Metadata::mark_on_stack(Metadata*)+0xc
V  [libjvm.so+0xd4174b]  nmethod::metadata_do(void (*)(Metadata*))+0x23b
V  [libjvm.so+0x66bdb9]  CodeCache::alive_nmethods_do(void (*)(nmethod*))+0xa9
V  [libjvm.so+0xcd7308]  MetadataOnStackMark::MetadataOnStackMark(bool)+0x98
V  [libjvm.so+0x641566]  ClassLoaderDataGraph::clean_metaspaces()+0x26
V  [libjvm.so+0x643255]  ClassLoaderDataGraph::do_unloading(BoolObjectClosure*, bool)+0x195
V  [libjvm.so+0xf45307]  SystemDictionary::do_unloading(BoolObjectClosure*, bool)+0x17
V  [libjvm.so+0xe31ed6]  PSParallelCompact::marking_phase(ParCompactionManager*, bool, ParallelOldTracer*)+0x5c6
V  [libjvm.so+0xe3de2e]  PSParallelCompact::invoke_no_policy(bool)+0x5be
V  [libjvm.so+0xe3ee3b]  PSParallelCompact::invoke(bool)+0xfb
V  [libjvm.so+0x66e39f]  CollectedHeap::collect_as_vm_thread(GCCause::Cause)+0x1df
V  [libjvm.so+0x101a02d]  VM_CollectForMetadataAllocation::doit()+0x1cd
V  [libjvm.so+0x1045b65]  VM_Operation::evaluate()+0xa5
V  [libjvm.so+0x1043457]  VMThread::evaluate_operation(VM_Operation*)+0x137
V  [libjvm.so+0x1043f40]  VMThread::loop()+0x660
V  [libjvm.so+0x1044170]  VMThread::run()+0xb0
V  [libjvm.so+0xd9b8e8]  java_start(Thread*)+0x108

VM_Operation (0x00007feeef6f1cf0): CollectForMetadataAllocation, mode: safepoint, requested by thread 0x00007feee800b000
[~dcubed] All the older comment are marked as 'confidential' so I keep my comment as 'confidential'. I am removing the 'confidential' tag.

[~shshahma] - Thanks for fixing some of your entries. Comments that contain Oracle internal URLs or hostnames have to be confidential. Some folks mark comments that contain RULE entries as confidential (but I never understood why). Your evaluation comment above is still marked confidential, but I don't see anything there that requires it. [~bmoloden] - Thanks for fixing your entries.

With the current code change free_deallocate_list is getting called twice for some nodes of list ClassLoaderDataGraph::_head in method ClassLoaderDataGraph::do_unloading(). First inside method ClassLoaderData::unload() and second inside method ClassLoaderDataGraph::clean_metaspaces ->free_deallocate_lists(). Even in the current code there are some nodes in list ClassLoaderDataGraph::_head which becomes a part of list ClassLoaderDataGraph ::_unloading are not getting freed at all. The current regression looks due the call of free_deallocate_lists() more than once for same node. The original problem can be solved by adding a call of free_deallocate_lists() for all nodes of list ClassLoaderDataGraph ::_unloading similar to ClassLoaderDataGraph::_head.

Yes, this is a regression caused by JDK-8135322

Issue is not reproduced with JDK9.

Looks like regression is caused by JDK-8135322

[~shshahma] and [~bmoloden] - You have some comments marked as 'confidential' in this bug for reasons that are not clear (to me anyway).

hm, maybe they're not taken off the list. I'll have a look.