RFR: 8352112: [ubsan] hotspot/share/code/relocInfo.cpp:130:37: runtime error: applying non-zero offset 18446744073709551614 to null pointer [v2]
Vladimir Kozlov
kvn at openjdk.org
Wed Jul 30 15:54:07 UTC 2025
On Wed, 30 Jul 2025 15:51:03 GMT, Vladimir Kozlov <kvn at openjdk.org> wrote:
>> My reasoning was based on the fact that what used to be set to a constant, `nullptr`, is no longer set to a constant. I'm saying that `blob_end()` isn't a constant, because it can be changed with `adjust_size()`, but I think that @vnkozlov said that that's unlikely, as it's only changed for interpreter stubs and not nmethods. The only other possibility is that `nmethod`s are copied, so their `this` pointer changes, this will make `blob_end()` change, and this may incur a double free. This double free is detected by NMT, which leads to the crash.
>>
>> I think it may still be best to 'fix' this by setting the `_mutable_data` to `nullptr` again and fixing the iterators, as it does simplify reasoning around this (and imho, understanding the code).
>
> We do not copy nmethods. At least until #23573 is integrated - and it will be under flag.
>
> `_mutable_data` field is initialized during final method installation into CodeCache - nothing modifies it for nmethods.
>
> I can add debug flag to CodeBlob to catch double free. But as I commented in [JDK-8361382](https://bugs.openjdk.org/browse/JDK-8361382) it is most likely the issue is a buffer overflow from preceding memory block which stomped over header.
I will do experiment with flag and let you know.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24102#discussion_r2243147688
More information about the hotspot-compiler-dev
mailing list