Bug ID: JDK-8364153 SIGSEGV in nmethod::oops_do_try_claim_weak

Type: Bug
Component: hotspot
Sub-Component: gc
Affected Version: 26
Priority: P2
Status: Open
Resolution: Unresolved
Submitted: 2025-07-28
Updated: 2025-07-28
JDK 26
26Unresolved
Seen in a "kitchensink" run:

#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x0000000105c22488, pid=76735, tid=47875
#
# JRE version: Java(TM) SE Runtime Environment (26.0+9) (fastdebug build 26-ea+9-860)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (fastdebug 26-ea+9-860, mixed mode, tiered, compressed oops, compressed class ptrs, g1 gc, bsd-aarch64)
# Problematic frame:
# V  [libjvm.dylib+0xe5a488]  nmethod::oops_do_try_claim_weak_request()+0x4c
#
# Core dump will be written. Default location: core.76735
#
# JFR recording file will be written. Location: /System/Volumes/Data/mesos/work_dir/slaves/d2398cde-9325-49c3-b030-8961a4f0a253-S577413/frameworks/1735e8a2-a1db-478c-8104-60c8b0af87dd-0196/executors/5272b730-2a2b-4034-b8fa-b7135f79532d/runs/195ec4e6-4db8-460a-86ea-709c031017e8/testoutput/test-support/jtreg_closed_test_hotspot_jtreg_applications_kitchensink_Kitchensink8H_java/scratch/0/hs_err_pid76735.jfr
#

---------------  T H R E A D  ---------------

Current thread (0x000000012c05a610):  WorkerThread "GC Thread#8"    [id=47875, stack(0x0000000174404000,0x0000000174607000) (2060K)]

Stack: [0x0000000174404000,0x0000000174607000],  sp=0x0000000174606950,  free space=2058k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.dylib+0xe5a488]  nmethod::oops_do_try_claim_weak_request()+0x4c
V  [libjvm.dylib+0xe5aed0]  nmethod::oops_do_process_weak(nmethod::OopsDoProcessor*)+0x34
V  [libjvm.dylib+0x777f5c]  G1NMethodClosure::do_nmethod(nmethod*)+0x60
V  [libjvm.dylib+0x79dd4c]  G1ScanAndCountNMethodClosure::do_nmethod(nmethod*)+0x20
V  [libjvm.dylib+0x6de720]  bool ConcurrentHashTable<G1CodeRootSetHashTableConfig, (MemTag)5>::do_scan_for_range<G1CodeRootSetHashTable::iterate_at_safepoint(NMethodClosure*)::'lambda'(nmethod**)>(G1CodeRootSetHashTable::iterate_at_safepoint(NMethodClosure*)::'lambda'(nmethod**)&, unsigned long, unsigned long, ConcurrentHashTable<G1CodeRootSetHashTableConfig, (MemTag)5>::InternalTable*)+0xd8
V  [libjvm.dylib+0x6de590]  void ConcurrentHashTable<G1CodeRootSetHashTableConfig, (MemTag)5>::ScanTask::do_safepoint_scan<G1CodeRootSetHashTable::iterate_at_safepoint(NMethodClosure*)::'lambda'(nmethod**)>(G1CodeRootSetHashTable::iterate_at_safepoint(NMethodClosure*)::'lambda'(nmethod**)&)+0xf4
V  [libjvm.dylib+0x6dab28]  G1CodeRootSet::nmethods_do(NMethodClosure*) const+0x68
V  [libjvm.dylib+0x79dd08]  G1ScanCodeRootsClosure::do_heap_region(G1HeapRegion*)+0x48
V  [libjvm.dylib+0x6e7018]  G1CollectedHeap::par_iterate_regions_array(G1HeapRegionClosure*, G1HeapRegionClaimer*, unsigned int const*, unsigned long, unsigned int) const+0x108
V  [libjvm.dylib+0x799808]  G1RemSet::scan_collection_set_code_roots(G1ParScanThreadState*, unsigned int, G1GCPhaseTimes::GCParPhases, G1GCPhaseTimes::GCParPhases)+0xf4
V  [libjvm.dylib+0x7caf04]  G1EvacuateRegionsTask::scan_roots(G1ParScanThreadState*, unsigned int)+0x64
V  [libjvm.dylib+0x7cad30]  G1EvacuateRegionsBaseTask::work(unsigned int)+0xf4
V  [libjvm.dylib+0x12971f4]  WorkerThread::run()+0x9c
V  [libjvm.dylib+0x115bf0c]  Thread::call_run()+0xf0
V  [libjvm.dylib+0xebfc8c]  thread_native_entry(Thread*)+0x138
C  [libsystem_pthread.dylib+0x72e4]  _pthread_start+0x88

siginfo: si_signo: 11 (SIGSEGV), si_code: 2 (SEGV_ACCERR), si_addr: 0x000000000000011e

Registers:
 x0=0x000000000000008e  x1=0x0000000174606b50  x2=0x0000000000000000  x3=0x0000000000000000
 x4=0x0000000000000008  x5=0x00000000e24277fb  x6=0x0000600043357120  x7=0x6b726f77656d6172
 x8=0x0000000000000000  x9=0x0000000000000002 x10=0xe800304634413634 x11=0x00000001402c1388
x12=0x0000000000000001 x13=0x00000001402c1418 x14=0x00000000ffffffb1 x15=0x00000000000007fb
x16=0x0000000000000040 x17=0x0000600000058960 x18=0x0000000000000000 x19=0x000000000000008e
x20=0x0000000174606b50 x21=0x0000000000000110 x22=0x0000000174606c10 x23=0x00000001064da758
x24=0x000060004334e148 x25=0x0000000000000000 x26=0x00006000000c6fe4 x27=0x0000000000000000
x28=0x0000000000000000  fp=0x0000000174606a30  lr=0x0000000105c22ed0  sp=0x0000000174606950
pc=0x0000000105c22488 cpsr=0x0000000060000000

Register to memory mapping:

x0 =0x000000000000008e is an unknown value
x1 =0x0000000174606b50 points into unknown readable memory: 0x0000000106445e08 | 08 5e 44 06 01 00 00 00
x2 =0x0 is null
x3 =0x0 is null
x4 =0x0000000000000008 is an unknown value
x5 =0x00000000e24277fb is an unknown value
x6 =0x0000600043357120 into header of live malloced block starting at 0x0000600043357130, size 24, tag mtGC
[0x00000001054a2d48]bool ConcurrentHashTable<G1CodeRootSetHashTableConfig, (MemTag)5>::internal_insert_get<G1CodeRootSetHashTable::HashTableLookUp, bool ConcurrentHashTable<G1CodeRootSetHashTableConfig, (MemTag)5>::insert<G1CodeRootSetHashTable::HashTableLookUp>(Thread*, G1CodeRootSetHashTable::HashTableLookUp&, nmethod* const&, bool*, bool*)::NOP>(Thread*, G1CodeRootSetHashTable::HashTableLookUp&, nmethod* const&, bool ConcurrentHashTable<G1CodeRootSetHashTableConfig, (MemTag)5>::insert<G1CodeRootSetHashTable::HashTableLookUp>(Thread*, G1CodeRootSetHashTable::HashTableLookUp&, nmethod* const&, bool*, bool*)::NOP&, bool*, bool*)+0x48
[0x00000001054a2680]G1CodeRootSetHashTable::insert(nmethod*)+0x78
[0x00000001054a252c]G1CodeRootSet::add(nmethod*)+0x90
[0x000000010553f760]void G1NMethodClosure::HeapRegionGatheringOopClosure::do_oop_work<oop>(oop*)+0x2a8

x7 =0x6b726f77656d6172 is an unknown value
x8 =0x0 is null
x9 =0x0000000000000002 is an unknown value
x10=0xe800304634413634 is an unknown value
x11=0x00000001402c1388 is at entry_point+-252 in (nmethod*)0x00000001402c1388
Compiled method (c2) 25925421 3396568       4       spec.jbb.History::getAmount (7 bytes)
 total in heap  [0x00000001402c1388,0x00000001402c1550] = 456
 main code      [0x00000001402c1480,0x00000001402c1528] = 168
 stub code      [0x00000001402c1528,0x00000001402c1548] = 32
 oops           [0x00000001402c1548,0x00000001402c1550] = 8
 mutable data [0x0000600033f73750,0x0000600033f73770] = 32
 relocation     [0x0000600033f73750,0x0000600033f73768] = 24
 metadata       [0x0000600033f73768,0x0000600033f73770] = 8
 immutable data [0x0000600014fbf2d0,0x0000600014fbf328] = 88
 dependencies   [0x0000600014fbf2d0,0x0000600014fbf2d8] = 8
 scopes pcs     [0x0000600014fbf2d8,0x0000600014fbf318] = 64
 scopes data    [0x0000600014fbf318,0x0000600014fbf328] = 16
x12=0x0000000000000001 in mmap'd memory region [0x0000000000000001 - 0x0000000000000002], tag mtNone

x13=0x00000001402c1418 is at entry_point+-108 in (nmethod*)0x00000001402c1388
Compiled method (c2) 25925422 3396568       4       spec.jbb.History::getAmount (7 bytes)
 total in heap  [0x00000001402c1388,0x00000001402c1550] = 456
 main code      [0x00000001402c1480,0x00000001402c1528] = 168
 stub code      [0x00000001402c1528,0x00000001402c1548] = 32
 oops           [0x00000001402c1548,0x00000001402c1550] = 8
 mutable data [0x0000600033f73750,0x0000600033f73770] = 32
 relocation     [0x0000600033f73750,0x0000600033f73768] = 24
 metadata       [0x0000600033f73768,0x0000600033f73770] = 8
 immutable data [0x0000600014fbf2d0,0x0000600014fbf328] = 88
 dependencies   [0x0000600014fbf2d0,0x0000600014fbf2d8] = 8
 scopes pcs     [0x0000600014fbf2d8,0x0000600014fbf318] = 64
 scopes data    [0x0000600014fbf318,0x0000600014fbf328] = 16
x14=0x00000000ffffffb1 is an unknown value
x15=0x00000000000007fb is an unknown value
x16=0x0000000000000040 is an unknown value
x17=0x0000600000058960 points into unknown readable memory: 0x0000000000000000 | 00 00 00 00 00 00 00 00
x18=0x0 is null
x19=0x000000000000008e is an unknown value
x20=0x0000000174606b50 points into unknown readable memory: 0x0000000106445e08 | 08 5e 44 06 01 00 00 00
x21=0x0000000000000110 is an unknown value
x22=0x0000000174606c10 points into unknown readable memory: 0x0000000174606c18 | 18 6c 60 74 01 00 00 00
x23=0x00000001064da758: _ZN16DebuggingContext8_enabledE+0 in /System/Volumes/Data/mesos/work_dir/jib-master/install/jdk-26+9-860/macosx-aarch64-debug.jdk/jdk-26/fastdebug/lib/server/libjvm.dylib at 0x0000000104dc8000
x24=0x000060004334e148 into live malloced block starting at 0x000060004334e140, size 15, tag mtInternal
[0x0000000105291330]CodeBuffer::block_comment(long, char const*)+0x68
[0x0000000105b0e774]MacroAssembler::movptr(Register, unsigned long)+0x60
[0x0000000105b1e5fc]MacroAssembler::stop(char const*)+0xe0
[0x0000000105c9ac58]PhaseOutput::fill_buffer(C2_MacroAssembler*, unsigned int*)+0xe84

x25=0x0 is null
x26=0x00006000000c6fe4 into live malloced block starting at 0x00006000000c6fb0, size 64, tag mtInternal
[0x00000001054ac8d4]G1CollectedHeap::initialize()+0x440
[0x0000000105f708bc]universe_init()+0x168
[0x00000001056397e0]init_globals()+0x64
[0x0000000105f3ab20]Threads::create_vm(JavaVMInitArgs*, bool*)+0x2f8

x27=0x0 is null
x28=0x0 is null
 fp=0x0000000174606a30 points into unknown readable memory: 0x0000000174606b40 | 40 6b 60 74 01 00 00 00
 lr=0x0000000105c22ed0: _ZN7nmethod20oops_do_process_weakEPNS_15OopsDoProcessorE+0x34 in /System/Volumes/Data/mesos/work_dir/jib-master/install/jdk-26+9-860/macosx-aarch64-debug.jdk/jdk-26/fastdebug/lib/server/libjvm.dylib at 0x0000000104dc8000
 sp=0x0000000174606950 points into unknown readable memory: 0x0000000000000000 | 00 00 00 00 00 00 00 00
Not sure if this is related, but there is currently some memory corruption in the code cache going on ()JDK-8361382
28-07-2025
Starting off in GC but I suspect GC just encountered a bad oop.
28-07-2025