JDK-8141420 : Compiler runtime entries don't hold Klass* from being GCed
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 8u101,9
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2015-11-04
  • Updated: 2017-07-26
  • Resolved: 2016-03-14
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 JDK 9
8u102Fixed 9 b112Fixed
Related Reports
Duplicate :  
JDK-8130261 - G1 SEGV in MarkSweep::mark_and_push()
Relates :  
JDK-8130261 - G1 SEGV in MarkSweep::mark_and_push()
Relates :  
JDK-8151620 - Compiler runtime entries should use OOPs instead of raw Klass*
Relates :  
JDK-8151256 - JVM crash in CompactibleSpace::adjust_pointers(), intermittently
Description
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x0000000064551e65, pid=1101368, tid=489908
#
# JRE version: Java(TM) SE Runtime Environment (9.0) (build 1.9.0-internal-fastdebug-20151030220705.amurillo.jdk9-hs-2015-10--b00)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (1.9.0-internal-20151030220705.amurillo.jdk9-hs-2015-10--b00, compiled mode, tiered, compressed oops, g1 gc, windows-amd64)
# Problematic frame:
# V  [jvm.dll+0x651e65]  MarkAndPushClosure::do_klass+0x25
#
# Core dump will be written. Default location: C:\users\aurora\sandbox\results\ResultDir\jck90013_copy_1\hs_err_pid1101368.mdmp
#
# If you would like to submit a bug report, please visit:
#   http://bugreport.java.com/bugreport/crash.jsp
#

Broken oopmap?
Comments
verified by nightly testing
26-07-2017
These have similar symptom but thought to be bad oops on the interpreter stack.
10-03-2016
Thanks for the clarifications, [~coleenp]. [~dlong], sure, I'll fix jvmciRuntime.cpp as well.
09-03-2016
Yes, in order to pass the Klass* you should have a reference to the mirror, right? The mirror will prevent class unloading not the Klass*. That's why KlassHandle does nothing. The only reason it's still there is that I thought it might be useful for a future redefinition project.
07-03-2016
[~vlivanov], can you fix the allocations in jvmciRuntime.cpp along with your C1 and C2 changes?
07-03-2016
new_instance_C relies on KlassHandles to avoid Klass unloading: JRT_BLOCK_ENTRY(void, OptoRuntime::new_instance_C(Klass* klass, JavaThread* thread)) ... if (Klass::layout_helper_needs_slow_path(lh) || !InstanceKlass::cast(klass)->is_initialized()) { KlassHandle kh(THREAD, klass); kh->check_valid_for_instantiation(false, THREAD); if (!HAS_PENDING_EXCEPTION) { InstanceKlass::cast(kh())->initialize(THREAD); } instanceOop InstanceKlass::allocate_instance(TRAPS) { ... KlassHandle h_k(THREAD, this); but KlassHandle constructor doesn't do anything: KlassHandle(Thread* thread, const Klass* obj) : _value(const_cast<Klass *>(obj)) {}; It was changed as part of PermGen removal: http://hg.openjdk.java.net/jdk9/hs-comp/hotspot/rev/da91efe96a93
04-03-2016
[852.601s][info ][classload ] sun.reflect.GeneratedSerializationConstructorAccessor140 source: __JVM_DefineClass__ [852.784s][info ][gc ] GC(3956) Pause Full (System.gc()) 29M->29M(98M) (852.604s, 852.784s) 180.875ms [852.967s][info ][gc ] GC(3957) Pause Full (System.gc()) 29M->29M(98M) (852.788s, 852.967s) 178.321ms [853.196s][info ][gc ] GC(3958) Pause Full (System.gc()) 29M->29M(98M) (852.971s, 853.196s) 224.783ms [853.362s][info ][gc ] GC(3959) Pause Full (System.gc()) 29M->29M(98M) (853.201s, 853.362s) 160.529ms [853.546s][info ][gc ] GC(3960) Pause Full (System.gc()) 29M->29M(98M) (853.363s, 853.546s) 183.602ms [853.726s][info ][gc ] GC(3961) Pause Full (System.gc()) 29M->29M(98M) (853.550s, 853.726s) 176.463ms [853.906s][info ][gc ] GC(3962) Pause Full (System.gc()) 29M->29M(98M) (853.727s, 853.906s) 179.059ms [853.907s][info ][gc,start ] GC(3963) Pause Full (System.gc()) (853.907s) [853.926s][info ][classunload ] unloading class sun.reflect.GeneratedSerializationConstructorAccessor140 0x0000000103ffec30 [854.122s][info ][gc,metaspace] GC(3963) Metaspace: 14245K->14241K(96256K) [854.122s][info ][gc ] GC(3963) Pause Full (System.gc()) 29M->29M(98M) (853.907s, 854.122s) 215.767ms [854.282s][info ][gc ] GC(3964) Pause Full (System.gc()) 29M->29M(98M) (854.123s, 854.282s) 159.150ms [854.287s][info ][gc,start ] GC(3965) Pause Full (System.gc()) (854.287s) ... crash happens ...
04-03-2016
When erroneous class unloading happens, the thread has the following call stack: sun.reflect.GeneratedSerializationConstructorAccessor140 Java frames: (J=compiled Java code, j=interpreted, Vv=VM code) v ~RuntimeStub::_new_instance_Java J 2354 C2 sun.reflect.BootstrapConstructorAccessorImpl.newInstance([Ljava/lang/Object;)Ljava/lang/Object; (24 bytes) @ 0x0000000006b8b158 [0x0000000006b8b080+0x00000000000000d8] J 1329 C2 java.lang.reflect.Constructor.newInstance([Ljava/lang/Object;)Ljava/lang/Object; (87 bytes) @ 0x000000000699aaf0 [0x000000000699aa60+0x0000000000000090] J 2351 C2 java.lang.Class.newInstance()Ljava/lang/Object; (155 bytes) @ 0x0000000006bb27c8 [0x0000000006bb2720+0x00000000000000a8] J 2364 C2 sun.reflect.MethodAccessorGenerator$1.run()Lsun/reflect/MagicAccessorImpl; (41 bytes) @ 0x0000000006bba040 [0x0000000006bb9d80+0x00000000000002c0] GeneratedSerializationConstructorAccessor140 is a freshly loaded class which is being instantiated: return AccessController.doPrivileged( new PrivilegedAction<MagicAccessorImpl>() { public MagicAccessorImpl run() { try { return (MagicAccessorImpl) ClassDefiner.defineClass (generatedName, bytes, 0, bytes.length, declaringClass.getClassLoader()).newInstance(); } catch (InstantiationException | IllegalAccessException e) { throw new InternalError(e); } } });
04-03-2016
The rule with '"nsk/stress/metaspace/jck90/jck90013" Crash EXCEPTION_ACCESS_VIOLATION' is unfortunately too generic. JDK-8150514 is also known to appear with the same symptoms.
02-03-2016
Another failure: http://aurora.ru.oracle.com/functional/faces/RunDetails.xhtml?names=1281472.JAVASE.NIGHTLY.TEST.Unstable_Baseline.2016-01-19.test-800#nsk.stress.jck%20[%28!to_be_deleted_in_JDK9%29&&%28!exclude%29&&%28!quarantine%29&&%28!quarantine_zero_failures_project%29&&%28!quarantine_sa_project%29&&%28!desktop%29]%20%28tonga%29_nsk/stress/metaspace/jck90/jck90013 JavaThread 0x0000000025a27000 (nid = 5320) was being processed Java frames: (J=compiled Java code, j=interpreted, Vv=VM code) jvm.dll!os::PlatformEvent::park() jvm.dll!Monitor::IWait(Thread * Self=0x0000000025a27000, __int64 timo=0) jvm.dll!Monitor::wait(bool no_safepoint_check, long timeout=0, bool as_suspend_equivalent=false) jvm.dll!CompileBroker::wait_for_completion(CompileTask * task=0x00000000226d0540) jvm.dll!CompileBroker::compile_method_base(const methodHandle & method={...}, int osr_bci, int comp_level=3, const methodHandle & hot_method={...}, int hot_count=0, const char * comment=0x000000006fea2b98, Thread * thread=0x0000000025a27000) jvm.dll!CompileBroker::compile_method(const methodHandle & method={...}, int osr_bci=-1, int comp_level=3, const methodHandle & hot_method={...}, int hot_count=0, const char * comment=0x000000006fea2b98, Thread * __the_thread__=0x0000000025a27000) jvm.dll!CallInfo::set_common(KlassHandle resolved_klass={...}, KlassHandle selected_klass={...}, const methodHandle & resolved_method={...}, const methodHandle & selected_method={...}, CallInfo::CallKind kind=vtable_call, int index=1, Thread * __the_thread__=0x0000000025a27000) jvm.dll!CallInfo::set_virtual(KlassHandle resolved_klass={...}, KlassHandle selected_klass={...}, const methodHandle & resolved_method={...}, const methodHandle & selected_method={...}, int vtable_index=1, Thread * __the_thread__=0x0000000025a27000) jvm.dll!LinkResolver::runtime_resolve_virtual_method(CallInfo & result={...}, const methodHandle & resolved_method={...}, KlassHandle resolved_klass={...}, Handle recv={...}, KlassHandle recv_klass={...}, bool check_null_and_abstract=true, Thread * __the_thread__=0x0000000025a27000) jvm.dll!LinkResolver::resolve_invokevirtual(CallInfo & result={...}, Handle recv={...}, const constantPoolHandle & pool={...}, int index=65560, Thread * __the_thread__=0x0000000025a27000) jvm.dll!LinkResolver::resolve_invoke(CallInfo & result={...}, Handle recv={...}, const constantPoolHandle & pool={...}, int index=65560, Bytecodes::Code byte=_invokevirtual, Thread * __the_thread__=0x0000000025a27000) jvm.dll!SharedRuntime::find_callee_info_helper(JavaThread * thread=0x0000000025a27000, vframeStream & vfst={...}, Bytecodes::Code & bc=_invokevirtual, CallInfo & callinfo={...}, Thread * __the_thread__=0x0000000025a27000) jvm.dll!SharedRuntime::resolve_sub_helper(JavaThread * thread=0x0000000025a27000, bool is_virtual=true, bool is_optimized=false, Thread * __the_thread__=0x0000000025a27000) jvm.dll!SharedRuntime::resolve_helper(JavaThread * thread=0x0000000025a27000, bool is_virtual, bool is_optimized, Thread * __the_thread__=0x0000000025a27000) jvm.dll!SharedRuntime::resolve_virtual_call_C(JavaThread * thread=0x0000000025a27000) v ~RuntimeStub::resolve_virtual_call J 5970 C2 java.util.concurrent.ConcurrentHashMap.get(Ljava/lang/Object;)Ljava/lang/Object; (162 bytes) @ 0x000000000e404f98 [0x000000000e404c20+0x0000000000000378] j java.io.ObjectStreamClass.getReflector([Ljava/io/ObjectStreamField;Ljava/io/ObjectStreamClass;)Ljava/io/ObjectStreamClass$FieldReflector;+44 J 4784 C2 java.io.ObjectStreamClass.lookup(Ljava/lang/Class;Z)Ljava/io/ObjectStreamClass; (335 bytes) @ 0x000000000e463f2c [0x000000000e462ca0+0x000000000000128c] J 4955 C1 java.io.ObjectOutputStream.writeObject0(Ljava/lang/Object;Z)V (619 bytes) @ 0x00000000076dc694 [0x00000000076dbd00+0x0000000000000994] J 4945 C2 java.io.ObjectOutputStream.writeObject(Ljava/lang/Object;)V (38 bytes) @ 0x000000000e46e5c4 [0x000000000e46e580+0x0000000000000044] j javasoft.sqe.serial.util.Convert.writeObjectToByteArray(Ljava/lang/Object;)[B+19 j javasoft.sqe.serial.util.Convert.objectToStreamObject(Ljava/lang/Object;)Ljavasoft/sqe/serial/StreamObject;+1 j javasoft.sqe.tests.api.java.io.StreamCorruptedException.serial.ConstructorTests.ConstructorTest0001()Ljavasoft/sqe/javatest/Status;+56 VMThread: jvm.dll!MarkAndPushClosure::do_klass(Klass * k=0x0000000100d67030) jvm.dll!InstanceKlass::oop_oop_iterate_nv(oopDesc * obj=0x00000000e5d3b880, MarkAndPushClosure * closure=0x00000000700e0228) jvm.dll!MarkSweep::follow_stack() jvm.dll!InterpreterFrameClosure::offset_do(int offset=0x00000001) jvm.dll!InterpreterOopMap::iterate_oop(OffsetClosure * oop_closure=0x000000001b49db50) jvm.dll!frame::oops_interpreted_do(OopClosure * f=0x00000000700e01f8, CLDClosure * cld_f=0x00000000700e0238, const RegisterMap * map=0x000000001b49dd18, bool query_oop_map_cache=true) jvm.dll!JavaThread::oops_do(OopClosure * f=0x00000000700e01f8, CLDClosure * cld_f=0x00000000700e0238, CodeBlobClosure * cf=0x000000001b49f1c0) jvm.dll!Threads::possibly_parallel_oops_do(bool is_par, OopClosure * f=0x00000000700e01f8, CLDClosure * cld_f=0x00000000700e0238, CodeBlobClosure * cf=0x000000001b49f1c0) jvm.dll!G1RootProcessor::process_java_roots(G1RootClosures * closures=0x000000001b49f0c0, G1GCPhaseTimes * phase_times=0x0000000000000000, unsigned int worker_i=0x00000000) jvm.dll!G1RootProcessor::process_strong_roots(OopClosure * oops=0x00000000700e01f8, CLDClosure * clds=0x00000000700e0238, CodeBlobClosure * blobs=0x000000001b49f1c0) jvm.dll!G1MarkSweep::mark_sweep_phase1(bool & marked_for_unloading=0xe0, bool clear_all_softrefs=false) jvm.dll!G1MarkSweep::invoke_at_safepoint(ReferenceProcessor * rp=0x000000001aeccb80, bool clear_all_softrefs=false) jvm.dll!G1CollectedHeap::do_full_collection(bool explicit_gc=true, bool clear_all_soft_refs=false) jvm.dll!VM_G1CollectFull::doit() jvm.dll!VM_Operation::evaluate() jvm.dll!VMThread::evaluate_operation(VM_Operation * op=0x0000000027dbf2f0) jvm.dll!VMThread::loop() jvm.dll!VMThread::run() jvm.dll!java_start(Thread * thread=0x000000001af69800) Iterating over an interpreter frame: j java.io.ObjectStreamClass.getReflector([Ljava/io/ObjectStreamField;Ljava/io/ObjectStreamClass;)Ljava/io/ObjectStreamClass$FieldReflector;+44 Root (local #1) being processed: 0x00000000e1cbdc80 (instance of java.io.ObjectSteamClass) 0x00000000e1cbdc80 0x0000000000000003 0x200190e5 0xe1b8c188 = cl: j.l.Class (klass=0x100026b00) (java/io/StreamCorruptedException) 0xe1b71c80 = name: String (0x200002f3 = 0x100001798) (java/lang/String) 0xe1cbde30 = suid: Long (0x2000246d = 0x100012368) (java/lang/Long) 0xe1bc6020 = fields: ObjectStreamField[] (0x20003166 = 0x100018b30) ([Ljava/io/ObjectStreamField;) 0xe5d3b8b0 = cons: Constructor (0x20001224 = 0x100009120) (java/lang/reflect/Constructor) 0xe1b94160 = clazz : Class (java/lang/Object) 0xe5d3b890 = ? 0xe5d3b8a0 = ? 0xe1c25e70 = ? 0xe5d3b880 = sun.reflect.GeneratedSerializationConstructorAccessor80 <=== oop w/ broken klass ptr (unloaded) 0xe1cbdc80 = localDesc (0x200190e5 = 0x1000c8728) (java/io/ObjectStreamClass) 0xe1c70620 = superDesc (0x200190e5 = 0x1000c8728) (java/io/ObjectStreamClass) GeneratedSerializationConstructorAccessor80 instantiates java.io.StreamCorruptedException and runs Object::<init> on it. Crashes trying to mark the following oop: 0x00000000e5d3b880 (OSC.getReflector(...,OSC localDesc): localDesc.cons.constructorAccessor) sun.reflect.GeneratedSerializationConstructorAccessor80 - klass: 0x0000000100d67030 'sun/reflect/GeneratedSerializationConstructorAccessor80' _layout_helper 0x00000010 int _super_check_offset 0x00000050 unsigned int _name 0x0000000021084a20 {_length=0x0037 _refcount=0x0000 _identity_hash=0xe7e7 ...} Symbol * _secondary_super_cache 0x0000000000000000 <NULL> Klass * _secondary_supers 0x000000001a56b2c0 {_length=0x00000001 _data=0x000000001a56b2c8 {0x0000000100009ba0 {_layout_helper=...}} } Array<Klass *> * _primary_supers 0x0000000100d67060 {0x0000000100000fb0 {_layout_helper=0x00000010 _super_check_offset=0x00000030 _name=...}, ...} Klass *[0x00000008] _java_mirror 0x00000000e1cbe880 {_mark=0x00000000e1cbe888 {...} _metadata={_klass=0x0000000000000003 {_layout_helper=...} ...} } oopDesc * _super 0x0000000103fac5f8 {_annotations=0x0000000000000000 <NULL> _array_klasses=0x0000000000000000 <NULL> ...} Klass * _subklass 0x0000000000000000 <NULL> Klass * _next_sibling 0x0000000100ae6030 {_annotations=0x0000000000000000 <NULL> _array_klasses=0x0000000000000000 <NULL> ...} Klass * _next_link 0x0000000000000000 <NULL> Klass * _class_loader_data 0x000000001b0cbcc0 {_class_loader=0xbabababababababa {_mark=??? _metadata={_klass=??? _compressed_klass=...} } ...} ClassLoaderData * _modifier_flags 0x00000001 int _access_flags {_flags=0x20000001 } AccessFlags _last_biased_lock_bulk_revocation_time 0x0000000000000000 __int64 _prototype_header 0x0000000000000005 {...} markOopDesc * _biased_lock_revocation_count 0x00000000 int _trace_id 0x00000001f51d0000 unsigned __int64 _modified_oops 0x01 '\x1' char _accumulated_modified_oops 0x00 '\0' char _class_loader_data is overwritten with '0xba's. Test log: [612.622s][info ][gc ] GC(1133) Pause Full (System.gc()) 29M->28M(95M) (612.233s, 612.622s) 388.437ms [612.622s][info ][gc,heap ] GC(1133) Eden: 1024K->0K(56320K) [612.622s][info ][gc,heap ] GC(1133) Survivor: 0K->0K(7168K) [612.622s][info ][gc,heap ] GC(1133) Old: 3072K->3072K [612.622s][info ][gc,heap ] GC(1133) Humongous: 26624K->26624K [612.622s][info ][gc,metaspace] GC(1133) Metaspace: 11612K->11612K(96256K) [612.622s][info ][gc,cpu ] GC(1133) User=0.42s Sys=0.00s Real=0.39s >> Trying to interrupt threadTestThread #1 ... >> Trying to interrupt threadTestThread #99 [612.628s][info ][gc,start ] GC(1134) Pause Full (System.gc()) (612.628s) [613.016s][info ][gc ] GC(1134) Pause Full (System.gc()) 31M->28M(95M) (612.628s, 613.016s) 387.257ms [613.016s][info ][gc,heap ] GC(1134) Eden: 3072K->0K(56320K) [613.016s][info ][gc,heap ] GC(1134) Survivor: 0K->0K(7168K) [613.016s][info ][gc,heap ] GC(1134) Old: 3072K->3072K [613.016s][info ][gc,heap ] GC(1134) Humongous: 26624K->26624K [613.016s][info ][gc,metaspace] GC(1134) Metaspace: 11618K->11618K(96256K) [613.016s][info ][gc,cpu ] GC(1134) User=0.39s Sys=0.00s Real=0.39s [613.017s][info ][gc,start ] GC(1135) Pause Full (System.gc()) (613.017s) [613.406s][info ][gc ] GC(1135) Pause Full (System.gc()) 29M->28M(95M) (613.017s, 613.406s) 388.926ms [613.406s][info ][gc,heap ] GC(1135) Eden: 1024K->0K(56320K) [613.406s][info ][gc,heap ] GC(1135) Survivor: 0K->0K(7168K) [613.406s][info ][gc,heap ] GC(1135) Old: 3072K->3072K [613.406s][info ][gc,heap ] GC(1135) Humongous: 26624K->26624K [613.406s][info ][gc,metaspace] GC(1135) Metaspace: 11618K->11618K(96256K) [613.407s][info ][gc,cpu ] GC(1135) User=0.39s Sys=0.00s Real=0.39s [613.408s][info ][gc,start ] GC(1136) Pause Full (System.gc()) (613.408s) [613.804s][info ][gc ] GC(1136) Pause Full (System.gc()) 28M->28M(95M) (613.408s, 613.804s) 396.142ms [613.804s][info ][gc,heap ] GC(1136) Eden: 1024K->0K(56320K) [613.804s][info ][gc,heap ] GC(1136) Survivor: 0K->0K(7168K) [613.804s][info ][gc,heap ] GC(1136) Old: 3072K->3072K [613.804s][info ][gc,heap ] GC(1136) Humongous: 26624K->26624K [613.804s][info ][gc,metaspace] GC(1136) Metaspace: 11618K->11614K(96256K) [613.804s][info ][gc,cpu ] GC(1136) User=0.42s Sys=0.00s Real=0.40s [613.808s][info ][gc,start ] GC(1137) Pause Full (System.gc()) (613.808s) # # A fatal error has been detected by the Java Runtime Environment: # # EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x000000006fa7fc55, pid=3476, tid=9104
22-01-2016
I was able to reproduce the crash locally with -verbose:class. The problematic GeneratedSerializationConstructorAccessor is unloaded on the last FullGC before the crash. Every GeneratedSerializationConstructorAccessor is loaded in a dedicated class loader: sun.reflect.ClassDefiner: static Class<?> defineClass(String name, byte[] bytes, int off, int len, final ClassLoader parentClassLoader) { ClassLoader newLoader = AccessController.doPrivileged( new PrivilegedAction<ClassLoader>() { public ClassLoader run() { return new DelegatingClassLoader(parentClassLoader); } }); return unsafe.defineClass(name, bytes, off, len, newLoader, null); } So, a missing oop in an oopmap can lead to that. ObjectStreamClass creates a fresh GeneratedSerializationConstructorAccessor class and then calls getReflector on it: private ObjectStreamClass(final Class<?> cl) { ... if (serializable) { ... if (externalizable) { cons = getExternalizableConstructor(cl); } else { cons = getSerializableConstructor(cl); try { fieldRefl = getReflector(fields, this); ...
22-01-2016
Some GC logs show that during last Full GC metaspace and class space occupancy didn't change [1] (there are cases when it did [2] though). It means the class was alive at that point. Not sure that no changes in class space occupancy means no classes were unloaded. [1] 795.580: #2542: [Full GC (System.gc()) 2541K->2461K(8192K), 0.2754479 secs] [Eden: 1024.0K(3072.0K)->0.0B(3072.0K) Survivors: 0.0B->0.0B Heap: 2541.6K(8192.0K)->2461.7K(8192.0K)], [Metaspace: 11477K->11477K(86016K)] Heap after GC invocations=2522 (full 2481): garbage-first heap total 8192K, used 2461K [0x00000000e0000000, 0x00000000e0100040, 0x0000000100000000) region size 1024K, 0 young (0K), 0 survivors (0K) Metaspace used 11477K, capacity 11710K, committed 85248K, reserved 86016K class space used 1236K, capacity 1317K, committed 65536K, reserved 65536K } [Times: user=0.30 sys=0.00 real=0.28 secs] {Heap before GC invocations=2522 (full 2481): garbage-first heap total 8192K, used 2461K [0x00000000e0000000, 0x00000000e0100040, 0x0000000100000000) region size 1024K, 1 young (1024K), 0 survivors (0K) Metaspace used 11477K, capacity 11710K, committed 85248K, reserved 86016K class space used 1236K, capacity 1317K, committed 65536K, reserved 65536K 795.857: #2543: [Full GC (System.gc()) # # A fatal error has been detected by the Java Runtime Environment: # # EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x0000000064551e65, pid=1101368, tid=489908 [2] [303.922s][info ][gc,start ] GC(449) Pause Full (System.gc()) (303.922s) [304.191s][info ][gc ] GC(449) Pause Full (System.gc()) 29M->29M(96M) (303.922s, 304.191s) 269.225ms [304.191s][info ][gc,heap ] GC(449) Eden: 1024K->0K(56320K) [304.191s][info ][gc,heap ] GC(449) Survivor: 0K->0K(11264K) [304.191s][info ][gc,heap ] GC(449) Old: 4096K->4096K [304.191s][info ][gc,heap ] GC(449) Humongous: 26624K->26624K [304.192s][info ][gc,metaspace] GC(449) Metaspace: 11178K->11174K(94208K) [304.192s][info ][gc,cpu ] GC(449) User=0.28s Sys=0.00s Real=0.27s [304.238s][info ][gc,start ] GC(450) Pause Full (System.gc()) (304.238s) # # A fatal error has been detected by the Java Runtime Environment: # # EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x0000000076ee0b95, pid=323828, tid=73212
20-01-2016
The frame being processed is: j java.io.ObjectStreamClass.getReflector([Ljava/io/ObjectStreamField;Ljava/io/ObjectStreamClass;)Ljava/io/ObjectStreamClass$FieldReflector;+44 private static java.io.ObjectStreamClass$FieldReflector getReflector(java.io.ObjectStreamField[], java.io.ObjectStreamClass) throws java.io.InvalidClassException; descriptor: ([Ljava/io/ObjectStreamField;Ljava/io/ObjectStreamClass;)Ljava/io/ObjectStreamClass$FieldReflector; flags: ACC_PRIVATE, ACC_STATIC Code: stack=5, locals=9, args_size=2 0: aload_1 1: ifnull 16 4: aload_0 5: arraylength 6: ifle 16 9: aload_1 10: getfield #799 // Field cl:Ljava/lang/Class; 13: goto 17 16: aconst_null 17: astore_2 18: invokestatic #885 // Method java/io/ObjectStreamClass$Caches.access$2600:()Ljava/lang/ref/ReferenceQueue; 21: getstatic #811 // Field java/io/ObjectStreamClass$Caches.reflectors:Ljava/util/concurrent/ConcurrentMap; 24: invokestatic #870 // Method processQueue:(Ljava/lang/ref/ReferenceQueue;Ljava/util/concurrent/ConcurrentMap;)V 27: new #429 // class java/io/ObjectStreamClass$FieldReflectorKey 30: dup 31: aload_2 32: aload_0 33: invokestatic #885 // Method java/io/ObjectStreamClass$Caches.access$2600:()Ljava/lang/ref/ReferenceQueue; 36: invokespecial #899 // Method java/io/ObjectStreamClass$FieldReflectorKey."<init>":(Ljava/lang/Class;[Ljava/io/ObjectStreamField;Ljava/lang/ref/ReferenceQueue;)V 39: astore_3 40: getstatic #811 // Field java/io/ObjectStreamClass$Caches.reflectors:Ljava/util/concurrent/ConcurrentMap; 43: aload_3 44: invokeinterface #996, 2 // InterfaceMethod java/util/concurrent/ConcurrentMap.get:(Ljava/lang/Object;)Ljava/lang/Object;
19-01-2016
05 jvm!InstanceKlass::oop_oop_iterate_nv(class oopDesc * obj = 0x00000000`e5f3aac8, class MarkAndPushClosure * closure = 0x00000029`4cb34578)+0x83 obj->_compressed_klass = 0x2001ba06 0xe5f3aac8: 03 00 00 00 00 00 00 00 06 ba 01 20 > x jvm!Universe::_narrow_klass [+0x000] _base : 0x0 [Type: unsigned char *] [+0x008] _shift : 3 [+0x00c] _use_implicit_null_checks : true _klass = 0x1000dd030
19-01-2016
The oop being processed: 05 jvm!InstanceKlass::oop_oop_iterate_nv(class oopDesc * obj = 0x00000000`e5f3aac8, class MarkAndPushClosure * closure = 0x00000029`4cb34578)+0x83 RDI=0x00000000e5f3aac8 is an oop sun.reflect.GeneratedSerializationConstructorAccessor85 - klass: 'sun/reflect/GeneratedSerializationConstructorAccessor85' - ---- fields (total size 2 words):
19-01-2016
Indeed, the klass has been unloaded: k = 0x00000001000dd030 and k->_class_loader_data = 0x00000029404fedd0, which is overwritten with 0xba. 00 jvm!MarkSweep::mark_and_push+0x5 01 jvm!MarkSweep::follow_klass+0x16 02 jvm!MarkAndPushClosure::do_klass_nv+0x16 03 jvm!Devirtualizer<1>::do_klass<MarkAndPushClosure>(class MarkAndPushClosure * closure = 0x00000000`663db108, class Klass * k = 0x00000001`000dd030)+0x25 04 jvm!InstanceKlass::oop_oop_iterate+0x68 05 jvm!InstanceKlass::oop_oop_iterate_nv(class oopDesc * obj = 0x00000000`e5f3aac8, class MarkAndPushClosure * closure = 0x00000029`4cb34578)+0x83 06 jvm!oopDesc::oop_iterate+0x9a 07 jvm!MarkSweep::follow_object+0x19d 08 jvm!MarkSweep::follow_stack(void)+0x22a 09 jvm!InterpreterFrameClosure::offset_do(int offset = 0n1)+0x9f 0a jvm!InterpreterOopMap::iterate_oop(class OffsetClosure * oop_closure = 0x00000029`4150da00)+0x6b 0b jvm!frame::oops_interpreted_do(class OopClosure * f = 0x00000000`663db0d8, class CLDClosure * cld_f = 0x00000000`663db118, class RegisterMap * map = 0x00000029`4150dbc8, bool query_oop_map_cache = true)+0x688 0c jvm!frame::oops_do+0x21 0d jvm!JavaThread::oops_do(class OopClosure * f = 0x00000000`663db0d8, class CLDClosure * cld_f = 0x00000000`663db118, class CodeBlobClosure * cf = 0x00000029`4150f070)+0x277 0e jvm!Threads::possibly_parallel_oops_do(bool is_par = false, class OopClosure * f = 0x00000000`663db0d8, class CLDClosure * cld_f = 0x00000000`663db118, class CodeBlobClosure * cf = 0x00000029`4150f070)+0x5e 0f jvm!G1RootProcessor::process_java_roots(class G1RootClosures * closures = 0x00000029`4150ef70, class G1GCPhaseTimes * phase_times = 0x00000000`00000000, unsigned int worker_i = 0)+0x118 10 jvm!G1RootProcessor::process_strong_roots(class OopClosure * oops = 0x00000000`663db0d8, class CLDClosure * clds = 0x00000000`663db118, class CodeBlobClosure * blobs = 0x00000029`4150f070)+0x4a 11 jvm!G1MarkSweep::mark_sweep_phase1(bool * marked_for_unloading = 0x00000029`4150f230, bool clear_all_softrefs = false)+0x11e 12 jvm!G1MarkSweep::invoke_at_safepoint(class ReferenceProcessor * rp = 0x00000029`4105cda0, bool clear_all_softrefs = false)+0x161 13 jvm!G1CollectedHeap::do_full_collection(bool explicit_gc = true, bool clear_all_soft_refs = false)+0x802 14 jvm!VM_G1CollectFull::doit(void)+0x6e
19-01-2016
Stale Klass ptr? const int freeBlockPad = 0xBA; // value used to pad freed blocks.
18-01-2016
RCX=0x00000001000dd030 is pointing into metadata mov 0x38(%rsp),%rcx 0x38(%rsp) = 0x294150d858 Top of Stack: (sp=0x000000294150d820) ... 0x000000294150d850: 00000000663db108 00000001000dd030 callq *0xb0(%rax) RAX = 0xbabababababababa ...
18-01-2016
# Problematic frame: # V [jvm.dll+0x8418f5] Devirtualizer<1>::do_klass<MarkAndPushClosure>+0x25 Instructions: (pc=0x0000000065d818f5) 0x0000000065d818d5: 48 89 4c 24 08 53 48 83 ec 20 48 8b 4c 24 38 48 0x0000000065d818e5: 8b 01 ff 90 b0 00 00 00 48 8b d8 48 85 c0 74 3c 0x0000000065d818f5: 48 8b 08 80 e1 03 80 f9 03 74 31 80 3d 01 7c 6f 0x0000000065d81905: 00 00 74 0c 48 8b c8 e8 7f 55 d0 ff 84 c0 75 1c 48 89 4c 24 08 mov %rcx,0x8(%rsp) 53 push %rbx 48 83 ec 20 sub $0x20,%rsp 48 8b 4c 24 38 mov 0x38(%rsp),%rcx 48 8b 01 mov (%rcx),%rax ff 90 b0 00 00 00 callq *0xb0(%rax) 48 8b d8 mov %rax,%rbx 48 85 c0 test %rax,%rax 74 3c je 0x0000005c 48 8b 08 mov (%rax),%rcx <==== 80 e1 03 and $0x3,%cl 80 f9 03 cmp $0x3,%cl 74 31 je 0x0000005c 80 3d 39 7e 8c 00 00 cmpb $0x0,0x8c7e39(%rip) # 0x008c7e6b 74 0c je 0x00000040 48 8b c8 mov %rax,%rcx e8 ff d4 f7 ff callq 0xfffffffffff7d53b 84 c0 test %al,%al 75 1c jne 0x0000005c
18-01-2016
Current thread (0x00000029410e2800): VMThread VM_Operation (0x000000294db8ef50): G1CollectFull, mode: safepoint, requested by thread 0x00000029495fd800 siginfo: EXCEPTION_ACCESS_VIOLATION (0xc0000005), reading address 0xffffffffffffffff;; JavaThread 0x00000029470bc000 (nid = 103380) was being processed Java frames: (J=compiled Java code, j=interpreted, Vv=VM code) v ~RuntimeStub::resolve_virtual_call J 63 C2 java.util.concurrent.ConcurrentHashMap.get(Ljava/lang/Object;)Ljava/lang/Object; (162 bytes) @ 0x0000002934666534 [0x00000029346661a0+0x0000000000000394] j java.io.ObjectStreamClass.getReflector([Ljava/io/ObjectStreamField;Ljava/io/ObjectStreamClass;)Ljava/io/ObjectStreamClass$FieldReflector;+44 J 3977 C1 java.io.ObjectStreamClass.<init>(Ljava/lang/Class;)V (260 bytes) @ 0x000000292dafb2c4 [0x000000292dafa680+0x0000000000000c44] J 4178 C1 java.io.ObjectStreamClass.lookup(Ljava/lang/Class;Z)Ljava/io/ObjectStreamClass; (335 bytes) @ 0x000000292db05adc [0x000000292db04d00+0x0000000000000ddc] J 3977 C1 java.io.ObjectStreamClass.<init>(Ljava/lang/Class;)V (260 bytes) @ 0x000000292dafaccc [0x000000292dafa680+0x000000000000064c] J 4178 C1 java.io.ObjectStreamClass.lookup(Ljava/lang/Class;Z)Ljava/io/ObjectStreamClass; (335 bytes) @ 0x000000292db05adc [0x000000292db04d00+0x0000000000000ddc] J 3977 C1 java.io.ObjectStreamClass.<init>(Ljava/lang/Class;)V (260 bytes) @ 0x000000292dafaccc [0x000000292dafa680+0x000000000000064c] J 4178 C1 java.io.ObjectStreamClass.lookup(Ljava/lang/Class;Z)Ljava/io/ObjectStreamClass; (335 bytes) @ 0x000000292db05adc [0x000000292db04d00+0x0000000000000ddc] J 3635 C1 java.io.ObjectOutputStream.writeObject0(Ljava/lang/Object;Z)V (619 bytes) @ 0x000000292dad213c [0x000000292dad17c0+0x000000000000097c] j java.io.ObjectOutputStream.writeFatalException(Ljava/io/IOException;)V+25 J 3761 C2 java.io.ObjectOutputStream.writeObject(Ljava/lang/Object;)V (38 bytes) @ 0x000000293483391c [0x0000002934833880+0x000000000000009c] j javasoft.sqe.tests.api.java.io.Serialization.ObjectOutputStream.NotSerialTest.run([Ljava/lang/String;Ljava/io/PrintWriter;Ljava/io/PrintWriter;)Ljavasoft/sqe/javatest/Status;+42 v ~StubRoutines::call_stub J 446 sun.reflect.NativeMethodAccessorImpl.invoke0(Ljava/lang/reflect/Method;Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object; (0 bytes) @ 0x000000293468f12e [0x000000293468f020+0x000000000000010e] J 4241 C1 sun.reflect.NativeMethodAccessorImpl.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object; (104 bytes) @ 0x000000292db0eeec [0x000000292db0e280+0x0000000000000c6c] J 443 C2 sun.reflect.DelegatingMethodAccessorImpl.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object; (10 bytes) @ 0x000000293468e758 [0x000000293468e680+0x00000000000000d8] J 434 C1 java.lang.reflect.Method.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object; (62 bytes) @ 0x000000292d28e144 [0x000000292d28de80+0x00000000000002c4] j nsk.stress.share.MetaspaceTestRunner$TestThread.run()V+226 v ~StubRoutines::call_stub
18-01-2016
RULE "nsk/stress/metaspace/jck90/jck90013" Crash EXCEPTION_ACCESS_VIOLATION RULE "nsk/stress/metaspace/jck90/jck90013" ExitCode 1
04-11-2015