<!DOCTYPE html><html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
Hi again,<br>
<br>
Could you tell us what JVM flags you are using when you are hitting
this issue?<br>
<br>
We're also curious if you have your own set of patches on top of the
code openjdk/jdk?<br>
<br>
Thanks,<br>
StefanK<br>
<br>
<div class="moz-cite-prefix">On 2025-12-06 08:16, yifan zhang wrote:<br>
</div>
<blockquote type="cite" cite="mid:CAHBE+gyhcQKqBWESbqVRThce3QxMik+06Y0wmxt4rZCX-0yfeA@mail.gmail.com">
<div dir="ltr">
<p>I hope you can check whether this is a ZGC-related bug.</p>
<p>Version: openjdk-23-ga</p>
<p>Git command: git clone --branch jdk-23-ga <a href="https://github.com/openjdk/jdk.git" moz-do-not-send="true" class="moz-txt-link-freetext">https://github.com/openjdk/jdk.git</a></p>
<p>In one run, I caused the VM to halt and the following message
appeared: </p>
<p> #<br>
# A fatal error has been detected by the Java Runtime
Environment:<br>
#<br>
# SIGSEGV (0xb) at pc=0x00007c928eaf58da, pid=214039,
tid=214049<br>
#<br>
# JRE version: OpenJDK Runtime Environment (23.0) (build
23-internal-adhoc.yifanzhang.jdk)<br>
# Java VM: OpenJDK 64-Bit Server VM
(23-internal-adhoc.yifanzhang.jdk, interpreted mode, sharing,
compressed class ptrs, z gc, linux-amd64)<br>
# Problematic frame:<br>
# V [libjvm.so+0x10f58da]
ZRelocationSetSelectorGroup::semi_sort()+0x13a<br>
#<br>
# No core dump will be written. Core dumps have been
disabled. To enable core dumping, try "ulimit -c unlimited"
before starting Java again<br>
#<br>
# An error report file with more information is saved as:<br>
#
/home/yifanzhang/Work/Bug-HotspotVM/testFile/JavaFile/Gjf_Case22/hs_err_pid214039.log<br>
#<br>
# If you would like to submit a bug report, please visit:<br>
# <a href="https://bugreport.java.com/bugreport/crash.jsp" moz-do-not-send="true" class="moz-txt-link-freetext">https://bugreport.java.com/bugreport/crash.jsp</a><br>
#<br>
已中止</p>
<p>I looked into the VM source code and found that this appears
to be an array out-of-bounds error.</p>
<p>Detailed problem description :</p>
<p> In function `<span style="color:rgb(0,0,0);font-family:Consolas,"JetBrains Mono","Courier New",monospace,Consolas,"Courier New",monospace;font-size:14px;white-space:pre">ZRelocationSetSelectorGroup::semi_sort()</span>`
, an array partitions[npartitions] is allocated. Under the
heap’s default settings, its size is 2048 (meaning indices 0
through 2047 are valid).
</p>
<p> However, the subsequent index used for access is
determined by right-shifting each page’s live byte count,
which may lead to accessing index 2048.
</p>
<p> Based on this, I made the following changes to the
function `semi_sort()`, add a conditional branch to print
corresponding information when an out-of-bounds access may
occur.
:
</p>
<p> ```</p>
<p> int partitions[npartitions] = { /* zero initialize */
};</p>
<br>
// Calculate partition slots<br>
ZArrayIterator<ZPage*> iter1(&_live_pages);<br>
for (ZPage* page; iter1.next(&page);) {<br>
const size_t index = page->live_bytes() >>
partition_size_shift;<br>
if (index >= npartitions) {<br>
log_info(gc,
heap)("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");<br>
log_info(gc, heap)("Size of partition array : %zu",
npartitions);<br>
log_info(gc, heap)("partition_size = _page_size
>> npartitions_shift : %zu = %zu >> %zu",
partition_size, _page_size, npartitions_shift);<br>
log_info(gc, heap)("partition_size_shift =
exact_log2(partition_size) : %zu", partition_size_shift);<br>
log_info(gc, heap)("Index will be visited
(page->live_bytes() >> partition_size_shift): %zu",
index);<br>
log_info(gc, heap)("Page lived bytes: %zu",
page->live_bytes());<br>
log_info(gc,
heap)("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");<br>
}<br>
partitions[index]++;<br>
}
<div><br>
</div>
<div> ```</div>
<div>
Here is the information I obtained:</div>
<div>[4.779s][info][gc,heap]
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br>
[4.779s][info][gc,heap] Size of partition array : 2048<br>
[4.779s][info][gc,heap] partition_size = _page_size >>
npartitions_shift : 1024 = 2097152 >> 11<br>
[4.779s][info][gc,heap] partition_size_shift =
exact_log2(partition_size) : 10<br>
[4.779s][info][gc,heap] Index will be visited
(page->live_bytes() >> partition_size_shift): 2048<br>
[4.779s][info][gc,heap] Page lived bytes: 2097152<br>
[4.779s][info][gc,heap]
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!</div>
<div><br>
</div>
<div>
So I’d like to ask you to check whether this is a related bug,
and if so, whether I should open a corresponding issue in the
JDK bug system.
</div>
<div><br>
</div>
</div>
</blockquote>
<br>
</body>
</html>