Bug ID: JDK-8370198 Test gc/arguments/TestShrinkHeapInSteps.java crashed: assert(left >= right) failed: avoid underflow

Type: Bug
Component: hotspot
Sub-Component: gc
Affected Version: 26

Priority: P2
Status: Resolved
Resolution: Fixed
OS: linux
CPU: aarch64

Submitted: 2025-10-20
Updated: 2025-12-16
Resolved: 2025-12-08

JDK 26	JDK 27
26Fixed	27 b02Fixed

#
# A fatal error has been detected by the Java Runtime Environment:
#
#  Internal Error (/opt/mach5/mesos/work_dir/slaves/0103b69c-746c-4fb5-bf13-94918f380124-S1465/frameworks/1735e8a2-a1db-478c-8104-60c8b0af87dd-0196/executors/642c7bf6-200a-4b43-835f-65206b9a7032/runs/3d60d1ef-219b-43cf-bd3f-9f43d1e285e8/workspace/open/src/hotspot/share/utilities/globalDefinitions.hpp:450), pid=1587889, tid=1587928
#  assert(left >= right) failed: avoid underflow - left: 0x0000ffff6bd00000 right: 0x0000ffff6bd20000
#
# JRE version: Java(TM) SE Runtime Environment (26.0+21) (fastdebug build 26-ea+21-2092)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (fastdebug 26-ea+21-2092, mixed mode, sharing, tiered, compressed class ptrs, serial gc, linux-aarch64)
# Problematic frame:
# V  [libjvm.so+0xa91de0]  pointer_delta(void const volatile*, void const volatile*, unsigned long) [clone .part.0]+0x30
#
# Core dump will be written. Default location: Core dumps may be processed with "/opt/core.sh %p" (or dumping to /opt/mach5/mesos/work_dir/slaves/0103b69c-746c-4fb5-bf13-94918f380124-S1481/frameworks/1735e8a2-a1db-478c-8104-60c8b0af87dd-0196/executors/12dc0c30-5314-4409-81c3-6bd4f1f6ef78/runs/ddf3d505-1e76-43c6-a70b-3518892de193/testoutput/test-support/jtreg_open_test_hotspot_jtreg_hotspot_gc/scratch/1/core.1587889)
#
# If you would like to submit a bug report, please visit:
#   https://bugreport.java.com/bugreport/crash.jsp
#

---------------  S U M M A R Y ------------

Command Line: -XX:-ZapUnusedHeapArea -XX:-VerifyBeforeExit -XX:MaxRAMPercentage=6.25 -Dtest.boot.jdk=/opt/mach5/mesos/work_dir/jib-master/install/jdk/25/37/bundles/linux-aarch64/jdk-25_linux-aarch64_bin.tar.gz/jdk-25 -Djava.io.tmpdir=/opt/mach5/mesos/work_dir/slaves/0103b69c-746c-4fb5-bf13-94918f380124-S1481/frameworks/1735e8a2-a1db-478c-8104-60c8b0af87dd-0196/executors/12dc0c30-5314-4409-81c3-6bd4f1f6ef78/runs/ddf3d505-1e76-43c6-a70b-3518892de193/testoutput/test-support/jtreg_open_test_hotspot_jtreg_hotspot_gc/tmp -XX:+UseSerialGC -XX:-UseCompressedOops -Xminf0.1 -XX:MaxHeapFreeRatio=80 -Xmx209715200 -Xms10485760 --add-exports=java.base/jdk.internal.misc=ALL-UNNAMED -XX:NewSize=5242880 -XX:MaxNewSize=20971520 -XX:-ShrinkHeapInSteps gc.arguments.TestMaxMinHeapFreeRatioFlags$RatioVerifier 10 80 false

Host: AArch64, 8 cores, 31G, Oracle Linux Server release 8.10
Time: Sat Oct 18 16:22:12 2025 UTC elapsed time: 1.792790 seconds (0d 0h 0m 1s)

---------------  T H R E A D  ---------------

Current thread (0x0000ffff44189440):  JavaThread "C2 CompilerThread2" daemon [_thread_in_native, id=1587928, stack(0x0000ffff944e9000,0x0000ffff946e7000) (2040K)]


Current CompileTask:
C2:1792  484       4       java.util.stream.ReferencePipeline$3$1::accept (20 bytes)

Stack: [0x0000ffff944e9000,0x0000ffff946e7000],  sp=0x0000ffff946e2360,  free space=2020k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0xa91de0]  pointer_delta(void const volatile*, void const volatile*, unsigned long) [clone .part.0]+0x30  (globalDefinitions.hpp:450)
V  [libjvm.so+0xa93fd8]  DefNewGeneration::is_in(void const*) const+0x168  (memRegion.hpp:79)
V  [libjvm.so+0x16a2ddc]  SerialHeap::is_in(void const*) const+0x1c  (serialHeap.cpp:618)
V  [libjvm.so+0x136e370]  MacroAssembler::set_narrow_klass(Register, Klass*)+0x90  (macroAssembler_aarch64.cpp:5512)
V  [libjvm.so+0x154b7a8]  PhaseOutput::fill_buffer(C2_MacroAssembler*, unsigned int*)+0x8e8  (output.cpp:1672)
V  [libjvm.so+0x154e144]  PhaseOutput::Output()+0xa64  (output.cpp:350)
V  [libjvm.so+0x9bcae0]  Compile::Code_Gen()+0x7f8  (compile.cpp:3131)
V  [libjvm.so+0x9c0c18]  Compile::Compile(ciEnv*, ciMethod*, int, Options, DirectiveSet*)+0x176c  (compile.cpp:893)
V  [libjvm.so+0x7ec300]  C2Compiler::compile_method(ciEnv*, ciMethod*, int, bool, DirectiveSet*)+0x2dc  (c2compiler.cpp:147)
V  [libjvm.so+0x9cf86c]  CompileBroker::invoke_compiler_on_method(CompileTask*)+0xb08  (compileBroker.cpp:2345)
V  [libjvm.so+0x9d0798]  CompileBroker::compiler_thread_loop()+0x638  (compileBroker.cpp:1989)
V  [libjvm.so+0xed1748]  JavaThread::thread_main_inner()+0x108  (javaThread.cpp:771)
V  [libjvm.so+0x18448dc]  Thread::call_run()+0xac  (thread.cpp:243)
V  [libjvm.so+0x152393c]  thread_native_entry(Thread*)+0x12c  (os_linux.cpp:883)
C  [libpthread.so.0+0x7950]  start_thread+0x190

A pull request was submitted for review. Branch: jdk26 URL: https://git.openjdk.org/jdk/pull/28704 Date: 2025-12-08 19:04:28 +0000
08-12-2025
Changeset: d34ef196 Branch: master Author: Albert Mingkun Yang <ayang@openjdk.org> Date: 2025-12-08 18:51:34 +0000 URL: https://git.openjdk.org/jdk/commit/d34ef196c298aa91f8511714cfb04b15ae7fbf0a
08-12-2025
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk/pull/28393 Date: 2025-11-19 15:39:27 +0000
19-11-2025
There is a high probability that it's caused by JDK-8368740. Investigating. Edit: Investigated; JDK-8368740 adds young-gen resizing inside safepoint. the `is_in` API implementation needs to be updated to account for this new dynamic behavior.
19-11-2025
The relevant code in `MacroAssembler::set_narrow_klass`: ``` void MacroAssembler::set_narrow_klass(Register dst, Klass* k) { assert (UseCompressedClassPointers, "should only be used for compressed headers"); assert (oop_recorder() != nullptr, "this assembler needs an OopRecorder"); int index = oop_recorder()->find_index(k); assert(! Universe::heap()->is_in(k), "should not be an oop"); ``` In this particular case, the arg of `is_in` is a Klass, so it must not be in reserved-heap. One can early-return instead. For example in G1: ``` bool G1CollectedHeap::is_in(const void p) const { return is_in_reserved(p) && _hrm.is_available(addr_to_region(p)); } ```
19-11-2025