Integrated: 8343460: ZGC: Crash in ZRemembered::scan_page_and_clear_remset

Axel Boldt-Christmas aboldtch at openjdk.org
Thu Nov 14 06:15:58 UTC 2024 

On Tue, 5 Nov 2024 14:10:47 GMT, Axel Boldt-Christmas <aboldtch at openjdk.org> wrote:

> `free_page` may concurrently delete the remset while `scan_page_and_clear_remset` is scanning the page.  Move it to after the `_safe_recycle.register_and_clone_if_activated`. Doing the deletion on the new cloned page will not occur as it not old. And the registered page's remset will be deleted by the destructor when the `_safe_recycle` scope quest up the `safe_destroy`. 
> 
> To be able to push the deletion all the way into `prepare_to_recycle` the unnecessary use of this mechanism had to be removed. `free_pages_alloc_failed` does not need to protect the pages, as they are not yet present in the PageTable. We have simply taken them out of the cache, but failed to commit or map some memory, so we are putting these pages back into the cache. See bed9c260bbc9bd208b03d7eedd4e2cfa151b58f2
> 
> The fix works without this last commit. So we must be careful to check that these pages cannot be reached by some other means. The FoundOld bitmap iteration goes through the PageTable so even if an old page was registered, we would not find these pages.
> 
> There is a scary lack of a fence between the removal of the page from the PageTable and the lock in `register_and_clone_if_activated`.
> 
> The stress test will deterministically crash with this modified code 0756e0056b44ee16bee81256f556c8df981ceaf9 and using these options `-XX:+UseZGC -XX:+UseNewCode -XX:ZCollectionIntervalMinor=0.1 -XX:ZCollectionIntervalMajor=1 -XX:ZFragmentationLimit=0 -XX:-CreateCoredumpOnCrash`, and no longer does after with this patch.

This pull request has now been integrated.

Changeset: e7d90b94
Author:    Axel Boldt-Christmas <aboldtch at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/e7d90b941fff095f4b1555020c09270d201c7402
Stats:     25 lines in 2 files changed: 5 ins; 16 del; 4 mod

8343460: ZGC: Crash in ZRemembered::scan_page_and_clear_remset

Reviewed-by: jsikstro, eosterlund, stefank

-------------

PR: https://git.openjdk.org/jdk/pull/21905

More information about the hotspot-gc-dev mailing list