RFR: 8359870: JVM crashes in AccessInternal::PostRuntimeDispatch [v5]
Kevin Walls
kevinw at openjdk.org
Wed Jun 25 21:26:29 UTC 2025
On Wed, 25 Jun 2025 20:48:26 GMT, David Holmes <dholmes at openjdk.org> wrote:
> Something still bugging me about this one. From JBS it looked to me like we were dealing with a virtual thread but your change is for the non-virtual thread. And Alan says something about this only being possible due to a temporary condition. So I'm still unclear exactly what the problem is, or why it appeared. Where does the initial "thread" argument come from in the Java code? Is it the one that has terminated, if so why is there not an `isAlive()` check somewhere?
>
> And how does this lead to the bad oop?
Yes, I was reproducing with a regular non-virtual thread exiting. We have the the j.l.Thread Object and could for it being TERMINATED earlier in HeapDumper/Snapshot, but leaving it to the last moment avoids a bigger window where it could terminate.
(Maybe there is somewhere this should intersect with ThreadSMR...?)
On the bad oop:
I enabled the test to run in debug vm for my own testing, but in one of the earlier release crashes at:
V [libjvm.so+0x47bb10] AccessInternal::PostRuntimeDispatch<G1BarrierSet::AccessBarrier<286822ul, G1BarrierSet>, (AccessInternal::BarrierType)3, 286822ul>::oop_access_barrier(oopDesc*, long)+0x0 (accessBackend.hpp:228)
V [libjvm.so+0x10e1c1a] vframeStream::vframeStream(oopDesc*, Handle)+0x7a (vframe.cpp:523)
V [libjvm.so+0x1068a51] GetThreadSnapshotClosure::do_thread(Thread*)+0x7d1 (threadService.cpp:1319)
V [libjvm.so+0x106691d] ThreadSnapshotFactory::get_thread_snapshot(_jobject*, JavaThread*)+0x80d (threadService.cpp:1482)
V [libjvm.so+0xae23d5] JVM_CreateThreadSnapshot+0x75 (jvm.cpp:2966)
j jdk.internal.vm.ThreadSnapshot.create(Ljava/lang/Thread;)Ljdk/internal/vm/ThreadSnapshot;+0 java.base at 25-ea
...
Line number info puts it in the _java_thread == null branch of:
threadService.cpp
1317 vframeStream vfst(_java_thread != nullptr
1318 ? vframeStream(_java_thread, false, true, vthread_carrier)
1319 : vframeStream(java_lang_VirtualThread::continuation(_thread_h()))); <---
And it's looking inside the Handle _thread_h() within GetThreadSnapshotClosure which was setup by get_thread_snapshot, and it's a null pointer, as
Instructions:
=>0x00007ffadc251b10: 8b 14 37 31 c0 85 d2 74 18 89 d0 48 8d 15 1e ee
mov edx,DWORD PTR [rdi+rsi*1] and RDI=0x0000000000000000
-------------
PR Comment: https://git.openjdk.org/jdk/pull/25958#issuecomment-3006190183
More information about the hotspot-dev
mailing list