-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P4
-
Affects Version/s: 1.4.2_02, 5.0
-
Component/s: vm-legacy
-
b42
-
generic
-
generic
###@###.### 2003-06-19
A GC operation starts after AsyncGetCallTrace() makes it past
its 'is GC running' check. The GC relocates a methodID that we
are accessing during the stack walk and we crash.
Here is a stack trace snippet for the JavaThread calling
AsyncGetCallTrace():
THREAD t@12
---- called from signal handler with signal 11 (SIGSEGV) ------
[10] jniIdSupport::to_jmethod_id_or_null(0xd674a9a8), at 0xdf8a872f
[11] methodOopDesc::find_jmethod_id_or_null(0xd674a9a8), at 0xdf99b0f8
[12] forte_fill_call_trace_given_top(0x81f3428, 0xd22df1bc, 0x32, 0xd22df568,
0xda86b536, 0xd22df570), at 0xdf84b927
[13] AsyncGetCallTrace(0xd22df1bc, 0x32, 0xd22df27c), at 0xdf84bbbb
=>[14] profhandler(sig = 29, siginfo = 0xd22df47c, ucontext = 0xd22df27c), line
138 in "b4757672.c"
[15] __sighndlr(0x1d, 0xd22df47c, 0xd22df27c, 0xdd241008), at 0xdfb92963
[16] call_user_handler(0x1d, 0xd22df47c, 0xd22df27c), at 0xdfb8e0b6
[17] sigacthandler(), at 0xdfb8e1e0
---- called from signal handler with signal 29 (SIGPROF) ------
[18] __lwp_mutex_unlock(0x8069238), at 0xdfaeb80c
[19] Mutex::unlock(0x8069238), at 0xdf6f257d
[20] SafepointSynchronize::block(0x81f3428), at 0xdf79ca2d
[21] Runtime1::resolve_static_call(), at 0xdf80a9fe
[22] 0xda86b536(), at 0xda86b535
Here is a stack trace snippet for the VMThread doing a GC:
THREAD t@2
t@2(l@2) stopped in ConstantPoolCacheEntry::adjust_pointers at 0xdf7c3917
0xdf7c3917: adjust_pointers+0x0027: andl $0x4000000,%eax
current thread: t@2
=>[1] ConstantPoolCacheEntry::adjust_pointers(0xd6703398), at 0xdf7c3917
[2] constantPoolCacheKlass::oop_adjust_pointers(0xd6400c48, 0xd6703328), at 0x
df7c38da
[3] CompactibleSpace::adjust_pointers(0x80de818), at 0xdf7c2f0a
[4] AdjustPointersClosure::do_space(0xdd34fc00, 0x80de818), at 0xdf7c2e6b
[5] OneContigSpaceCardGeneration::space_iterate(0x80de708, 0xdd34fc00, 0x1), a
t 0xdf7c2e44
[6] Generation::adjust_pointers(0x80de708), at 0xdf7c2e0c
[7] GenMarkSweep::mark_sweep_phase3(0x1), at 0xdf856400
[8] GenMarkSweep::invoke_at_safepoint(0x1, 0x80de254, 0x0), at 0xdf855e62
[9] OneContigSpaceCardGeneration::collect(0x80de208, 0x1, 0x0, 0x0, 0x0, 0x0),
at 0xdf7c01b0
[10] TenuredGeneration::collect(0x80de208, 0x1, 0x0, 0x0, 0x0, 0x0), at 0xdf9d
8902
[11] GenCollectedHeap::do_collection(0x80dc7e8, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1,
0xd224fbfc), at 0xdf7a81c9
[12] GenCollectedHeap::do_full_collection(0x80dc7e8, 0x0, 0x1, 0xd224fbfc), at
0xdf7cabb9
[13] VM_GenCollectFull::doit(0xd224fbe0), at 0xdf7cab87
[14] VM_Operation::evaluate(0xd224fbe0), at 0xdf79c76c
[15] VMThread::evaluate_operation(0x81031b0, 0xd224fbe0), at 0xdf79c65b
[16] VMThread::loop(0x81031b0), at 0xdf73a401
[17] VMThread::run(0x81031b0), at 0xdf73a096
The complete stack trace is attached as threads.log.287.
###@###.### 2004-01-28
This can also happen after the VMThread has finished doing a GC when
the target thread just happens to get a chance to run again:
[10] sigacthandler(0xfeff1800, 0xef67ea68, 0xef67e7b0, 0xff396000, 0xef67ea68,
0x4), at 0xff37fccc
---- called from signal handler with signal 4 (SIGILL) ------
[11] 0xf4401148(0xf4bcfef0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xf4401147
[12] jniIdPrivate::id_for_or_null(k = 0xf4bcfef0, index = 1), line 389 in "jni
Id.cpp"
[13] jniIdSupport::to_jmethod_id_or_null(method_oop = 0xf4bcfe88), line 531 in
"jniId.cpp"
[14] methodOopDesc::find_jmethod_id_or_null(this = 0xf4bcfe88), line 740 in "m
ethodOop.cpp"
[15] forte_fill_call_trace_given_top(thd = 0x5dd3d8, trace = 0xef67f024, depth
= 50, top_frame = CLASS), line 773 in "forte.cpp"
[16] AsyncGetCallTrace(trace = 0xef67f024, depth = 50, ucontext = 0xef67f1f8),
line 913 in "forte.cpp"
[17] profhandler(sig = 29, siginfo = 0xef67f4b0, ucontext = 0xef67f1f8), line
171 in "b4757672.c"
[18] __sighndlr(0x1d, 0xef67f4b0, 0xef67f1f8, 0xff0113e0, 0x0, 0x0), at 0xff38
4cc8
[19] call_user_handler(0xfeff1800, 0x2b, 0xff397b20, 0xef67f1f8, 0xef67f4b0, 0
x1d), at 0xff37fb00
[20] sigacthandler(0xfeff1800, 0xef67f4b0, 0xef67f1f8, 0xff396000, 0xef67f4b0,
0x1d), at 0xff37fccc
---- called from signal handler with signal 29 (SIGPROF) ------
[21] _libc_poll(0x0, 0x0, 0x1e, 0xe1a, 0xf041e320, 0x0), at 0xff31d348
[22] _ti_poll(0x0, 0xfeff1800, 0x1e, 0x0, 0x0, 0xef67f618), at 0xff37da7c
[23] os_sleep(millis = 30LL, interruptible = 1), line 2207 in "os_solaris.cpp"
[24] os::sleep(thread = 0x5dd3d8, millis = 30LL, interruptible = 1), line 2287
in "os_solaris.cpp"
[25] JVM_Sleep(env = 0x5dd4ac, threadClass = 0xef67f7d4, millis = 30LL), line
2468 in "jvm.cpp"
In this crash, the VMThread was just waiting for something to do.
The complete thread dump is attached as threads.log.48.
A GC operation starts after AsyncGetCallTrace() makes it past
its 'is GC running' check. The GC relocates a methodID that we
are accessing during the stack walk and we crash.
Here is a stack trace snippet for the JavaThread calling
AsyncGetCallTrace():
THREAD t@12
---- called from signal handler with signal 11 (SIGSEGV) ------
[10] jniIdSupport::to_jmethod_id_or_null(0xd674a9a8), at 0xdf8a872f
[11] methodOopDesc::find_jmethod_id_or_null(0xd674a9a8), at 0xdf99b0f8
[12] forte_fill_call_trace_given_top(0x81f3428, 0xd22df1bc, 0x32, 0xd22df568,
0xda86b536, 0xd22df570), at 0xdf84b927
[13] AsyncGetCallTrace(0xd22df1bc, 0x32, 0xd22df27c), at 0xdf84bbbb
=>[14] profhandler(sig = 29, siginfo = 0xd22df47c, ucontext = 0xd22df27c), line
138 in "b4757672.c"
[15] __sighndlr(0x1d, 0xd22df47c, 0xd22df27c, 0xdd241008), at 0xdfb92963
[16] call_user_handler(0x1d, 0xd22df47c, 0xd22df27c), at 0xdfb8e0b6
[17] sigacthandler(), at 0xdfb8e1e0
---- called from signal handler with signal 29 (SIGPROF) ------
[18] __lwp_mutex_unlock(0x8069238), at 0xdfaeb80c
[19] Mutex::unlock(0x8069238), at 0xdf6f257d
[20] SafepointSynchronize::block(0x81f3428), at 0xdf79ca2d
[21] Runtime1::resolve_static_call(), at 0xdf80a9fe
[22] 0xda86b536(), at 0xda86b535
Here is a stack trace snippet for the VMThread doing a GC:
THREAD t@2
t@2(l@2) stopped in ConstantPoolCacheEntry::adjust_pointers at 0xdf7c3917
0xdf7c3917: adjust_pointers+0x0027: andl $0x4000000,%eax
current thread: t@2
=>[1] ConstantPoolCacheEntry::adjust_pointers(0xd6703398), at 0xdf7c3917
[2] constantPoolCacheKlass::oop_adjust_pointers(0xd6400c48, 0xd6703328), at 0x
df7c38da
[3] CompactibleSpace::adjust_pointers(0x80de818), at 0xdf7c2f0a
[4] AdjustPointersClosure::do_space(0xdd34fc00, 0x80de818), at 0xdf7c2e6b
[5] OneContigSpaceCardGeneration::space_iterate(0x80de708, 0xdd34fc00, 0x1), a
t 0xdf7c2e44
[6] Generation::adjust_pointers(0x80de708), at 0xdf7c2e0c
[7] GenMarkSweep::mark_sweep_phase3(0x1), at 0xdf856400
[8] GenMarkSweep::invoke_at_safepoint(0x1, 0x80de254, 0x0), at 0xdf855e62
[9] OneContigSpaceCardGeneration::collect(0x80de208, 0x1, 0x0, 0x0, 0x0, 0x0),
at 0xdf7c01b0
[10] TenuredGeneration::collect(0x80de208, 0x1, 0x0, 0x0, 0x0, 0x0), at 0xdf9d
8902
[11] GenCollectedHeap::do_collection(0x80dc7e8, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1,
0xd224fbfc), at 0xdf7a81c9
[12] GenCollectedHeap::do_full_collection(0x80dc7e8, 0x0, 0x1, 0xd224fbfc), at
0xdf7cabb9
[13] VM_GenCollectFull::doit(0xd224fbe0), at 0xdf7cab87
[14] VM_Operation::evaluate(0xd224fbe0), at 0xdf79c76c
[15] VMThread::evaluate_operation(0x81031b0, 0xd224fbe0), at 0xdf79c65b
[16] VMThread::loop(0x81031b0), at 0xdf73a401
[17] VMThread::run(0x81031b0), at 0xdf73a096
The complete stack trace is attached as threads.log.287.
###@###.### 2004-01-28
This can also happen after the VMThread has finished doing a GC when
the target thread just happens to get a chance to run again:
[10] sigacthandler(0xfeff1800, 0xef67ea68, 0xef67e7b0, 0xff396000, 0xef67ea68,
0x4), at 0xff37fccc
---- called from signal handler with signal 4 (SIGILL) ------
[11] 0xf4401148(0xf4bcfef0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xf4401147
[12] jniIdPrivate::id_for_or_null(k = 0xf4bcfef0, index = 1), line 389 in "jni
Id.cpp"
[13] jniIdSupport::to_jmethod_id_or_null(method_oop = 0xf4bcfe88), line 531 in
"jniId.cpp"
[14] methodOopDesc::find_jmethod_id_or_null(this = 0xf4bcfe88), line 740 in "m
ethodOop.cpp"
[15] forte_fill_call_trace_given_top(thd = 0x5dd3d8, trace = 0xef67f024, depth
= 50, top_frame = CLASS), line 773 in "forte.cpp"
[16] AsyncGetCallTrace(trace = 0xef67f024, depth = 50, ucontext = 0xef67f1f8),
line 913 in "forte.cpp"
[17] profhandler(sig = 29, siginfo = 0xef67f4b0, ucontext = 0xef67f1f8), line
171 in "b4757672.c"
[18] __sighndlr(0x1d, 0xef67f4b0, 0xef67f1f8, 0xff0113e0, 0x0, 0x0), at 0xff38
4cc8
[19] call_user_handler(0xfeff1800, 0x2b, 0xff397b20, 0xef67f1f8, 0xef67f4b0, 0
x1d), at 0xff37fb00
[20] sigacthandler(0xfeff1800, 0xef67f4b0, 0xef67f1f8, 0xff396000, 0xef67f4b0,
0x1d), at 0xff37fccc
---- called from signal handler with signal 29 (SIGPROF) ------
[21] _libc_poll(0x0, 0x0, 0x1e, 0xe1a, 0xf041e320, 0x0), at 0xff31d348
[22] _ti_poll(0x0, 0xfeff1800, 0x1e, 0x0, 0x0, 0xef67f618), at 0xff37da7c
[23] os_sleep(millis = 30LL, interruptible = 1), line 2207 in "os_solaris.cpp"
[24] os::sleep(thread = 0x5dd3d8, millis = 30LL, interruptible = 1), line 2287
in "os_solaris.cpp"
[25] JVM_Sleep(env = 0x5dd4ac, threadClass = 0xef67f7d4, millis = 30LL), line
2468 in "jvm.cpp"
In this crash, the VMThread was just waiting for something to do.
The complete thread dump is attached as threads.log.48.
- relates to
-
-
- Closed
-