SEGV occurs when ClassLoader and Metaspace is released in JDK 8
Osamu Sakamoto
sakamoto.osamu at nttcom.co.jp
Wed Nov 6 12:59:44 UTC 2019
Hi Thomas,
Thank you for advise.
I'm sorry but I can't send to Gmail Address, So I reply to this ML only.
> Could be https://bugs.openjdk.java.net/browse/JDK-8016731 but that
has never been solved.
This situation is similar, but native stack traces are different and I
can't determine if it is the same.
> Your best bet would be to obtain a debug (fastdebug) build of that
JVM version and attempt to reproduce the bug. The hs-err file may be
more helpful then.
This problem occurred a few time, but I haven't understood how to reproduce.
I have the hs-err file, could you tell me what I should check?
> Also, does this error happen in jdk11 too?
I haven't try on jdk11.
Our system is running, so it is difficult to try to change JDK version.
This problem seems to occurs on CMS only. (Our System uses CMS GC.)
I checked native stack trace[1],
ClassLoaderDataGraph::purge_if_needed()[2] was executed on frame #11.
purge_if_needed() is commented that "Only purge the CLDG for CMS if
concurrent sweep is complete.",
so I think this method passes only when CMS GC is used.
[1]https://mail.openjdk.java.net/pipermail/hotspot-gc-dev/2019-October/027449.html
[2]http://hg.openjdk.java.net/jdk8u/jdk8u-dev/hotspot/file/eed8e846c982/src/share/vm/classfile/classLoaderData.hpp#l100
Focusing on this strange ClassLoader, it is referenced from
ClassLoaderDataGraph::_unloading[3] before crashed.
I understand as ClassLoaderDataGraph::_unloading is head address of
purging ClassLoader list.
In this problem, It looks like that _unloading is also broken, not only
metaspace middle chank.
So, I think this is a bug in combination of Metaspace and CMS.
[3]http://hg.openjdk.java.net/jdk8u/jdk8u-dev/hotspot/file/eed8e846c982/src/share/vm/classfile/classLoaderData.hpp#l66
Could you let me know you thoughts about this?
Thanks,
Osamu
On 11/5/19 19:34, Thomas Stüfe wrote:
> Hi Osamu,
>
> Strange and not easy to analyze. Looks too "deterministic" to be a
> random memory overwrite. The first chunk of the medium chunk list is
> 0x10, but the only place where this is set we immediately beforehand
> dereference this pointer
> (http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/b44df6c5942c/src/share/vm/memory/metaspace.cpp#l2423)
> so that should have crashed.
>
> Could be https://bugs.openjdk.java.net/browse/JDK-8016731 but that has
> never been solved.
>
> Your best bet would be to obtain a debug (fastdebug) build of that JVM
> version and attempt to reproduce the bug. The hs-err file may be more
> helpful then.
>
> Also, does this error happen in jdk11 too?
>
> Cheers Thomas
>
>
> On Tue, Nov 5, 2019 at 10:51 AM Osamu Sakamoto
> <sakamoto.osamu at nttcom.co.jp <mailto:sakamoto.osamu at nttcom.co.jp>> wrote:
>
> Hi all,
>
> I have investigated the cause of SEGV occurring in CMS GC of
> OpenJDK 8,
> and I've not been able to clarify the cause.
> Could you help me to solve the problem?
>
> Our system uses OpenJDK 1.8.0.171 and crashed by SEGV when purging a
> ClassLoader at safepoint.
> I found 2 strange points,
>
> 1. SEGV occrred when the metaspace destructor maneged by that
> Classloader is executed,
> because the metaspace has illegal chunk address(0x10).
>
> 2. That ClassLoader's oop address indicates a character array, not a
> ClassLoader.
>
> I think memory corruption was occurred, but I've not understood the
> reason yet.
>
> I also asked this problem to hotspot-gc-dev mailing list, and I
> received
> a comment that it might be a JDK bug.
> Detailed Information is summarized in the following hotspot-gc-dev ML
> thread.
> <https://mail.openjdk.java.net/pipermail/hotspot-gc-dev/2019-October/027583.html>
>
> Does anyone know this problem?
>
> Thanks,
>
> Osamu
>
>
>
>
More information about the jdk8u-dev
mailing list