[jdk11u-dev] RFR: 8322511: JfrCheckpointThreadClosure::do_thread crashes when fetching thread_id

[唐佳未]

On Fri, 22 Dec 2023 07:46:36 GMT, Goetz Lindenmaier <goetz at openjdk.org> wrote:

>> Threads which are in the state of `is_attaching_via_jni` may have the NULL object as their `_threadObj` . 
>> So the JVM will crash when calling `JfrCheckpointThreadClosure::do_thread()`.
>
> Hi,
> is this an error in 11 only?
> If so, explain why & where this was fixed in higher versions.
> Else please close this PR, reopen it against repo jdk. Once it is submitted there, backport it to 21, 17 and 11.
> See also https://wiki.openjdk.org/display/JDKUpdates/How+to+contribute+or+backport+a+fix

@GoeLin  Hi, I made some changes to fix this bug. Combine this PR and  [BackPort 8276125](https://github.com/openjdk/jdk11u-dev/pull/2501) can fix the JVM crash.

Some details about how JVM visit the null object `_threadObj` as follows.
1. JNI call `AttachCurrentThread` 
2. JVM creates a JavaThread, which is set in the state of `is_attaching_via_jni`
3. `Threads::add` add this new JavaThread into ThreadList
4. The JavaThread continues to initialize and call `allocate_threadObj` to fill in `_threadObj`

However, Between 3-4 steps, a JFR safepoint operation is executing. It traverses the ThreadList and attempts to read the id of each thread. The id is gotten by using `_threadObj` as a base value and adding a offset. Thus, the JVM crash happens when read the illegal address.

-------------

PR Comment: https://git.openjdk.org/jdk11u-dev/pull/2413#issuecomment-1916465089