<!DOCTYPE html><html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body>
    Hi,<br>
    <br>
    It looks like you have found a bug. Feel free to create a new Bug
    report in the JDK bug system. If you don't have access to JBS, we
    can open a bug for you.<br>
    <br>
    Thanks!<br>
    StefanK<br>
    <br>
    <div class="moz-cite-prefix">On 2025-12-06 08:16, yifan zhang wrote:<br>
    </div>
    <blockquote type="cite" cite="mid:CAHBE+gyhcQKqBWESbqVRThce3QxMik+06Y0wmxt4rZCX-0yfeA@mail.gmail.com">
      
      <div dir="ltr">
        <p>I hope you can check whether this is a ZGC-related bug.</p>
        <p>Version: openjdk-23-ga</p>
        <p>Git command: git clone --branch jdk-23-ga <a href="https://github.com/openjdk/jdk.git" moz-do-not-send="true" class="moz-txt-link-freetext">https://github.com/openjdk/jdk.git</a></p>
        <p>In one run, I caused the VM to halt and the following message
          appeared:  </p>
        <p>     #<br>
               # A fatal error has been detected by the Java Runtime
          Environment:<br>
               #<br>
               #  SIGSEGV (0xb) at pc=0x00007c928eaf58da, pid=214039,
          tid=214049<br>
               #<br>
               # JRE version: OpenJDK Runtime Environment (23.0) (build
          23-internal-adhoc.yifanzhang.jdk)<br>
               # Java VM: OpenJDK 64-Bit Server VM
          (23-internal-adhoc.yifanzhang.jdk, interpreted mode, sharing,
          compressed class ptrs, z gc, linux-amd64)<br>
               # Problematic frame:<br>
               # V  [libjvm.so+0x10f58da]
           ZRelocationSetSelectorGroup::semi_sort()+0x13a<br>
               #<br>
               # No core dump will be written. Core dumps have been
          disabled. To enable core dumping, try "ulimit -c unlimited"
          before starting Java again<br>
               #<br>
               # An error report file with more information is saved as:<br>
               #
/home/yifanzhang/Work/Bug-HotspotVM/testFile/JavaFile/Gjf_Case22/hs_err_pid214039.log<br>
               #<br>
               # If you would like to submit a bug report, please visit:<br>
               #   <a href="https://bugreport.java.com/bugreport/crash.jsp" moz-do-not-send="true" class="moz-txt-link-freetext">https://bugreport.java.com/bugreport/crash.jsp</a><br>
               #<br>
               已中止</p>
        <p>I looked into the VM source code and found that this appears
          to be an array out-of-bounds error.</p>
        <p>Detailed problem description :</p>
        <p>     In function `<span style="color:rgb(0,0,0);font-family:Consolas,"JetBrains Mono","Courier New",monospace,Consolas,"Courier New",monospace;font-size:14px;white-space:pre">ZRelocationSetSelectorGroup::semi_sort()</span>` 
          , an array partitions[npartitions] is allocated. Under the
          heap’s default settings, its size is 2048 (meaning indices 0
          through 2047 are valid).
        </p>
        <p>     However, the subsequent index used for access is
          determined by right-shifting each page’s live byte count,
          which may lead to accessing index 2048.
        </p>
        <p>     Based on this, I made the following changes to the
          function `semi_sort()`,  add a conditional branch to print
          corresponding information when an out-of-bounds access may
          occur.
          :
        </p>
        <p>     ```</p>
        <p>       int partitions[npartitions] = { /* zero initialize */
          };</p>
        <br>
               // Calculate partition slots<br>
               ZArrayIterator<ZPage*> iter1(&_live_pages);<br>
               for (ZPage* page; iter1.next(&page);) {<br>
                 const size_t index = page->live_bytes() >>
        partition_size_shift;<br>
                 if (index >= npartitions) {<br>
                   log_info(gc,
heap)("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");<br>
                   log_info(gc, heap)("Size of partition array : %zu",
        npartitions);<br>
                   log_info(gc, heap)("partition_size = _page_size
        >> npartitions_shift : %zu = %zu >> %zu",
        partition_size, _page_size, npartitions_shift);<br>
                   log_info(gc, heap)("partition_size_shift =
        exact_log2(partition_size) : %zu", partition_size_shift);<br>
                   log_info(gc, heap)("Index will be visited
        (page->live_bytes() >> partition_size_shift): %zu",
        index);<br>
                   log_info(gc, heap)("Page lived bytes: %zu",
        page->live_bytes());<br>
                   log_info(gc,
heap)("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");<br>
                 }<br>
                 partitions[index]++;<br>
               }
        <div><br>
        </div>
        <div>     ```</div>
        <div>     
          Here is the information I obtained:</div>
        <div>[4.779s][info][gc,heap]
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br>
          [4.779s][info][gc,heap] Size of partition array : 2048<br>
          [4.779s][info][gc,heap] partition_size = _page_size >>
          npartitions_shift : 1024 = 2097152 >> 11<br>
          [4.779s][info][gc,heap] partition_size_shift =
          exact_log2(partition_size) : 10<br>
          [4.779s][info][gc,heap] Index will be visited
          (page->live_bytes() >> partition_size_shift): 2048<br>
          [4.779s][info][gc,heap] Page lived bytes: 2097152<br>
          [4.779s][info][gc,heap]
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!</div>
        <div><br>
        </div>
        <div>      
          So I’d like to ask you to check whether this is a related bug,
          and if so, whether I should open a corresponding issue in the
          JDK bug system.
        </div>
        <div><br>
        </div>
      </div>
    </blockquote>
    <br>
  </body>
</html>