JDK-8304725 : AsyncGetCallTrace can cause SIGBUS on M1
  • Type: Bug
  • Component: hotspot
  • Sub-Component: svc
  • Affected Version: 11,17,21
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • OS: os_x
  • CPU: aarch64
  • Submitted: 2023-03-22
  • Updated: 2024-05-03
  • Resolved: 2023-04-12
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 17 JDK 21
11.0.23Fixed 17.0.9Fixed 21 b19Fixed
Related Reports
Duplicate :  
JDK-8303746 - AsyncGetCallTrace fails on Mac M1 on safepoint during instrumenting agent
Relates :  
JDK-8329103 - assert(!thread->in_asgct()) failed during multi-mode profiling
Relates :  
JDK-8303746 - AsyncGetCallTrace fails on Mac M1 on safepoint during instrumenting agent
Relates :  
JDK-8330171 - Lazy W^X switch implementation
Relates :  
JDK-8307549 - AsyncGetCallTrace crashes on Mac M1 after JDK-8294160
Relates :  
JDK-8331012 - Undo JDK-8304725 changes after JDK-8330181
Description
Calling AsyncGetCallTrace can trigger writing into the PcDescCache. This causes a SIGBUS error when the current thread is not WXWrite mode.
This is due a missing `MACOS_AARCH64_ONLY(ThreadWXEnable wx(WXWrite, Thread::current());)` to ensure that the thread is in this mode during the walking of the thread stack.

This error occurs sporadically but can be easily reproduced using https://github.com/parttimenerd/asgct_bottom with the renaissance dotty benchmark.

I could not reproduce this issue with JFR or async-profiler, but fixing it is simple.

Thanks to Martin and Matthias from my team for helping to debug this bug.

Excerpt from the hs_err file:

```
Stack: [0x000000016d554000,0x000000016d757000],  sp=0x000000016d750900,  free space=2034k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.dylib+0xdd5a08]  PcDescCache::add_pc_desc(PcDesc*)+0x60
V  [libjvm.dylib+0xdde49c]  PcDescContainer::find_pc_desc_internal(unsigned char*, bool, PcDescSearch const&)+0x564
V  [libjvm.dylib+0xf4271c]  PcDescContainer::find_pc_desc(unsigned char*, bool, PcDescSearch const&)+0x9c
V  [libjvm.dylib+0xa740c0]  CompiledMethod::find_pc_desc(unsigned char*, bool)+0xa0
V  [libjvm.dylib+0xde1eb0]  CompiledMethod::pc_desc_near(unsigned char*)+0x28
V  [libjvm.dylib+0x70d96c]  is_decipherable_compiled_frame(JavaThread*, frame*, CompiledMethod*)+0x104
V  [libjvm.dylib+0x70d574]  find_initial_Java_frame(JavaThread*, frame*, frame*, Method**, int*)+0x304
V  [libjvm.dylib+0x70d038]  forte_fill_call_trace_given_top(JavaThread*, ASGCT_CallTrace*, int, frame)+0x98
V  [libjvm.dylib+0x70cf48]  AsyncGetCallTrace+0x2dc
C  [libbottom.so+0x43c4]  asgctGSTHandler(__darwin_ucontext*)+0xbc
C  [libbottom.so+0x528c]  signalHandler(int, __siginfo*, void*)+0x20
C  [libsystem_platform.dylib+0x42a4]  _sigtramp+0x38
C  0x110180011a9e15f0
j  jdk.internal.jimage.ImageReader$SharedImageReader$$Lambda+0x00000008011cef68.visit(Ljdk/internal/jimage/ImageLocation;)V+9 java.base@21-internal
j  jdk.internal.jimage.ImageReader$SharedImageReader.visitLocation(Ljdk/internal/jimage/ImageLocation;Ljdk/internal/jimage/ImageReader$SharedImageReader$LocationVisitor;)V+61 java.base@21-internal
j  jdk.internal.jimage.ImageReader$SharedImageReader.handleModulesSubTree(Ljava/lang/String;Ljdk/internal/jimage/ImageLocation;)Ljdk/internal/jimage/ImageReader$Node;+42 java.base@21-internal
j  jdk.internal.jimage.ImageReader$SharedImageReader.buildNode(Ljava/lang/String;)Ljdk/internal/jimage/ImageReader$Node;+69 java.base@21-internal
```
Comments
Just for the record: The fix for this issue prevents ASGCT from modifying the PcDescCache.
03-05-2024
[jdk11u-fix-request] Approval Request from Johannes Bechberger Fixes SIGBUS caused by AsyncGetCallTrace on M1 Clean besides a compilation issue. Tested locally.
13-02-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk11u-dev/pull/2452 Date: 2024-01-10 13:51:29 +0000
10-01-2024
Fix request (11u-dev): I like to backport it, as the bug is also present in JDK 11.
10-01-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk17u-dev/pull/1554 Date: 2023-07-06 10:34:22 +0000
06-07-2023
Fix request (17u): I'd like to backport this to fix the crash when custom profiler is used on mac m1.
06-07-2023
Note for future investigator: AsyncProfiler bypasses this issue by enforcing WX mode prior to call of AsyncGetCallTrace (https://github.com/async-profiler/async-profiler/blob/117594bb4d1ce61b073c8a9cea438b33f3f09c81/src/profiler.cpp#L390)
06-07-2023
Changeset: d8af7a60 Author: Johannes Bechberger <jbechberger@openjdk.org> Committer: Matthias Baesken <mbaesken@openjdk.org> Date: 2023-04-12 06:49:10 +0000 URL: https://git.openjdk.org/jdk/commit/d8af7a6014055295355a1242db6c2872299c6398
12-04-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/13144 Date: 2023-03-22 15:57:40 +0000
22-03-2023