RFR: 8372566: Genshen: crash at ShenandoahScanRemembered::process_clusters after JDK-8371667 [v2]
Thomas Stuefe
stuefe at openjdk.org
Tue Jan 27 16:44:59 UTC 2026
On Mon, 1 Dec 2025 18:28:34 GMT, Xiaolong Peng <xpeng at openjdk.org> wrote:
>> Xiaolong Peng has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Use member function is_lab_alloc() instead of test the value of type()
>
> Thanks all for the reviews!
Hi, @pengxiaolong ,
I have user error reports for JDK 25. Cannot reproduce them myself, but they have in common
- Lilliput + GenShen
- SIGSEGV during marking phase
- disassembly seems to indicate we crash when trying in Klass::is_array_klass(). Crash address always in the narrow Klass decoding range. Most likely cause is reading a garbage markword from the heap, extracting a garbage narrow Klass pointer, then decoding it.
The second hs-err file in your JBS issue (the one with the segfault) looks similar, at least for the latter point. Even though the crash was in a different GC phase.
So, question: could this error happen in JDK 25? If yes, should the fix be downported?
-------------
PR Comment: https://git.openjdk.org/jdk/pull/28521#issuecomment-3806257209
More information about the hotspot-gc-dev
mailing list