JDK-8276696 : ParallelObjectIterator freed at the wrong time in VM_HeapDumper
  • Type: Bug
  • Component: hotspot
  • Sub-Component: gc
  • Affected Version: 17,18
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: linux
  • CPU: x86_64
  • Submitted: 2021-11-05
  • Updated: 2023-08-22
  • Resolved: 2021-11-23
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 17 JDK 18
17.0.9Fixed 18 b26Fixed
Related Reports
Blocks :  
JDK-8307348 - Parallelize heap walk for ObjectCount(AfterGC) JFR event collection
Relates :  
JDK-8252842 - Extend JMap to support parallel heap dump
Description
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007f8326824e0a, pid=2139, tid=2160
#
# JRE version: OpenJDK Runtime Environment (18.0+23) (build 18-ea+23-1443)
# Java VM: OpenJDK 64-Bit Server VM (18-ea+23-1443, mixed mode, sharing, tiered, compressed class ptrs, z gc, linux-amd64)
# Problematic frame:
# V  [libjvm.so+0xd51e0a]  SafeThreadsListPtr::acquire_stable_list_nested_path()+0x3a
#
# Core dump will be written. Default location: Core dumps may be processed with "/opt/core.sh %p" (or dumping to .../scratch/1/core.2139)
#
# If you would like to submit a bug report, please visit:
#   https://bugreport.java.com/bugreport/crash.jsp
#

---------------  T H R E A D  ---------------

Current thread (0x00007f8320097750):  VMThread "VM Thread" [stack: 0x00007f830824e000,0x00007f830834e000] [id=2160]
[error occurred during error reporting (printing current thread), id 0xb, SIGSEGV (0xb) at pc=0x00007f83268247af]

Stack: [0x00007f830824e000,0x00007f830834e000],  sp=0x00007f830834c820,  free space=1018k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0xd51e0a]  SafeThreadsListPtr::acquire_stable_list_nested_path()+0x3a
V  [libjvm.so+0xd51fad]  ThreadsListHandle::ThreadsListHandle(Thread*)+0x4d
V  [libjvm.so+0xe3311f]  ZRootsIterator::ZRootsIterator(int)+0x15f
V  [libjvm.so+0xe0bfe6]  ZHeapIterator::ZHeapIterator(unsigned int, bool)+0x146
V  [libjvm.so+0xe0ad89]  ZHeap::parallel_object_iterator(unsigned int, bool)+0x39
V  [libjvm.so+0x7606a7]  VM_HeapDumper::doit()+0x257
V  [libjvm.so+0xdc900a]  VM_Operation::evaluate()+0xea
V  [libjvm.so+0xdca9b8]  VMThread::evaluate_operation(VM_Operation*)+0xb8
V  [libjvm.so+0xdcb037]  VMThread::inner_execute(VM_Operation*)+0x377
V  [libjvm.so+0xdcb24f]  VMThread::run()+0xbf
V  [libjvm.so+0xd4a190]  Thread::call_run()+0xc0
V  [libjvm.so+0xbafd61]  thread_native_entry(Thread*)+0xe1


siginfo: si_signo: 11 (SIGSEGV), si_code: 1 (SEGV_MAPERR), si_addr: 0x0000000000000018
Comments
Fix Request (17u) Improves the code clarity for ParallelObjectIterator usage. Serves as the pre-requisite for JDK-8307348 backport. Does not apply cleanly due to a number of contextual differences, see JDK 17u PR. Testing passes.
03-07-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk17u-dev/pull/1440 Date: 2023-06-15 08:52:39 +0000
15-06-2023
Historical perspective for backports: This issue improves the ParallelObjectIterator lifecycle, and fixes the issue introduced by JDK-8252842.
15-06-2023
The fix for this bug is in jdk-18+25-1689.
29-11-2021
Changeset: f4dc03ea Author: Erik Ă–sterlund <eosterlund@openjdk.org> Date: 2021-11-23 14:34:21 +0000 URL: https://git.openjdk.java.net/jdk/commit/f4dc03ea6de327425ff265c3d2ec16ea7b0e1634
23-11-2021
[~eosterlund] - sending this one your way since this sounds like a ZGC problem.
09-11-2021
ILW = HLM = P3
09-11-2021
The ThreadsListHandle was designed to be used as a StackObj, so that they could be pushed and popped in a balanced fashion. However, the new ParallelObjectIterator object contains a ThreadListHandle embedded inside of it, when using ZGC. This is a CHeapObj, so we must be very careful about allocating and deleting these objects, in a local scoped fashion. But in VM_HeapDumper, the _poi member (a ParallelObjectIterator) is allocated inside of the safepoint, by the VMThread, but is deleted in the destructor of the VM_HeapDumper destructor, run by the requesting JavaThread. The end result is that a ThreadsListHandle runs its constructor in the VM thread, and its destructor in the requesting JavaThread. But it thinks it is being destructed in the VMThread, when going out of scope of a StackObj. That might not blow up all of the time, but it will eventually blow up some of the time. We should probably run the destructor of the ParallelObjectIterator right after it was used, and not defer it until some time later.
05-11-2021