RFR: 8372566: Genshen: crash at ShenandoahScanRemembered::process_clusters after JDK-8371667 [v2]

Thomas Stuefe stuefe at openjdk.org
Thu Feb 5 07:53:07 UTC 2026 

On Tue, 27 Jan 2026 18:01:10 GMT, Xiaolong Peng <xpeng at openjdk.org> wrote:

>> Thanks all for the reviews!
>
>> Hi, @pengxiaolong ,
>> 
>> I have user error reports for JDK 25. Cannot reproduce them myself, but they have in common
>> 
>> * Lilliput + GenShen
>> * SIGSEGV during marking phase
>> * disassembly seems to indicate we crash when trying in Klass::is_array_klass(). Crash address always in the narrow Klass decoding range. Most likely cause is reading a garbage markword from the heap, extracting a garbage narrow Klass pointer, then decoding it.
>> 
>> The second hs-err file in your JBS issue (the one with the segfault) looks similar, at least for the latter point. Even though the crash was in a different GC phase.
>> 
>> So, question: could this error happen in JDK 25? If yes, should the fix be downported?
> 
> Hi @tstuefe,
> 
> I believe it is a different bug in JDK25, this PR fix the bug caused by https://github.com/openjdk/jdk/pull/28247, which has not been backported to JDK25 yet. 
> Could you share more details of the crash? the hs-err file would be great, I can try to run the test and reproduce it.
> 
> Thanks.

> > Hi, @pengxiaolong ,
> > I have user error reports for JDK 25. Cannot reproduce them myself, but they have in common
> > 
> > * Lilliput + GenShen
> > * SIGSEGV during marking phase
> > * disassembly seems to indicate we crash when trying in Klass::is_array_klass(). Crash address always in the narrow Klass decoding range. Most likely cause is reading a garbage markword from the heap, extracting a garbage narrow Klass pointer, then decoding it.
> > 
> > The second hs-err file in your JBS issue (the one with the segfault) looks similar, at least for the latter point. Even though the crash was in a different GC phase.
> > So, question: could this error happen in JDK 25? If yes, should the fix be downported?
> 
> Hi @tstuefe,
> 
> I believe it is a different bug in JDK25, this PR fix the bug caused by #28247, which has not been backported to JDK25 yet. Could you share more details of the crash? the hs-err file would be great, I can try to run the test and reproduce it.
> 
> Thanks.

Hi @pengxiaolong, @kdnilsen,

I opened https://bugs.openjdk.org/browse/JDK-8377214 with my findings and the users' logs. In that bug, it looks like we fall over garbage narrow Klass pointers read from heap during marking. I assigned the bug to @kdnilsen so that it would not get lost.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/28521#issuecomment-3851606510

More information about the shenandoah-dev mailing list