-
Bug
-
Resolution: Duplicate
-
P3
-
hs19.1, hs24, hs25
-
x86
-
linux
Ashok reported the following crash in JVM/TI GetCurrentContendedMonitor():
Hi Daniel,
I am working on a JVM crash in our environment in a JVMTI call.
I have looked at the problem and analyzed the core dump, I don’t see a possibility of the JVMD agent causing this crash. I am suspecting a bug in JVM code.
Can you please have a look at this crash and let us know your view on it or can you suggest others from the JVM team who could have a look at it ( I could raise a bug for this).
The details of the crash and the related files and its location are in the attached file. I have attached the hs_err file for reference.
Thanks and Regards,
Ashok
Here's the HSX-19 version of the code that is crashing. I don't have
a copy of HSX-19.1 at my fingertips...
src/share/vm/prims/jvmtiEnvBase.cpp:
642 jvmtiError
643 JvmtiEnvBase::get_current_contended_monitor(JavaThread *calling_thread,
JavaThread *java_thread, jobject *monitor_ptr) {
644 #ifdef ASSERT
645 uint32_t debug_bits = 0;
646 #endif
647 assert((SafepointSynchronize::is_at_safepoint() ||
648 is_thread_fully_suspended(java_thread, false, &debug_bits)),
649 "at safepoint or target thread is suspended");
650 oop obj = NULL;
651 ObjectMonitor *mon = java_thread->current_waiting_monitor();
652 if (mon == NULL) {
653 // thread is not doing an Object.wait() call
654 mon = java_thread->current_pending_monitor();
655 if (mon != NULL) {
656 // The thread is trying to enter() or raw_enter() an ObjectMonitor
.
657 obj = (oop)mon->object();
658 // If obj == NULL, then ObjectMonitor is raw which doesn't count
659 // as contended for this API
660 }
661 // implied else: no contended ObjectMonitor
662 } else {
663 // thread is doing an Object.wait() call
664 obj = (oop)mon->object();
665 assert(obj != NULL, "Object.wait() should have an object");
666 }
667
668 if (obj == NULL) {
669 *monitor_ptr = NULL;
670 } else {
671 HandleMark hm;
672 Handle hobj(obj);
673 *monitor_ptr = jni_reference(calling_thread, hobj);
674 }
675 return JVMTI_ERROR_NONE;
676 }
The above function matches the current HSX-24-B04 source.
Based a quick look at the disassembly that Ashok provided
(I stripped off some of the name mangling stuff for clarity):
(gdb) disass 0x00002af8d716b911
Dump of assembler code for function JvmtiEnvBase29get_current_contended_monitor:
0x00002af8d716b8e0 <JvmtiEnvBase29get_current_contended_monitor+0>: push %rbp
0x00002af8d716b8e1 <JvmtiEnvBase29get_current_contended_monitor+1>: mov %rsp,%rbp
0x00002af8d716b8e4 <JvmtiEnvBase29get_current_contended_monitor+4>: sub $0x60,%rsp
0x00002af8d716b8e8 <JvmtiEnvBase29get_current_contended_monitor+8>: mov 0xc8(%rdx),%rax
0x00002af8d716b8ef <JvmtiEnvBase29get_current_contended_monitor+15>: mov %r13,-0x18(%rbp)
0x00002af8d716b8f3 <JvmtiEnvBase29get_current_contended_monitor+19>: mov %r14,-0x10(%rbp)
0x00002af8d716b8f7 <JvmtiEnvBase29get_current_contended_monitor+23>: mov %r15,-0x8(%rbp)
0x00002af8d716b8fb <JvmtiEnvBase29get_current_contended_monitor+27>: xor %r13d,%r13d
0x00002af8d716b8fe <JvmtiEnvBase29get_current_contended_monitor+30>: mov %rbx,-0x28(%rbp)
0x00002af8d716b902 <JvmtiEnvBase29get_current_contended_monitor+34>: mov %r12,-0x20(%rbp)
0x00002af8d716b906 <JvmtiEnvBase29get_current_contended_monitor+38>: test %rax,%rax
0x00002af8d716b909 <JvmtiEnvBase29get_current_contended_monitor+41>: mov %rsi,%r15
0x00002af8d716b90c <JvmtiEnvBase29get_current_contended_monitor+44>: mov %rcx,%r14
0x00002af8d716b90f <JvmtiEnvBase29get_current_contended_monitor+47>: je 0x2af8d716b990 <JvmtiEnvBase29get_current_contended_monitor+176>
0x00002af8d716b911 <JvmtiEnvBase29get_current_contended_monitor+49>: mov 0x8(%rax),%r13
0x00002af8d716b915 <JvmtiEnvBase29get_current_contended_monitor+53>: test %r13,%r13
0x00002af8d716b918 <JvmtiEnvBase29get_current_contended_monitor+56>: je 0x2af8d716b986 <JvmtiEnvBase29get_current_contended_monitor=+166>
I think the crash is happening at line 664:
662 } else {
663 // thread is doing an Object.wait() call
664 obj = (oop)mon->object();
on the attempt to dereference 'mon' to get the associated object.
Hi Daniel,
I am working on a JVM crash in our environment in a JVMTI call.
I have looked at the problem and analyzed the core dump, I don’t see a possibility of the JVMD agent causing this crash. I am suspecting a bug in JVM code.
Can you please have a look at this crash and let us know your view on it or can you suggest others from the JVM team who could have a look at it ( I could raise a bug for this).
The details of the crash and the related files and its location are in the attached file. I have attached the hs_err file for reference.
Thanks and Regards,
Ashok
Here's the HSX-19 version of the code that is crashing. I don't have
a copy of HSX-19.1 at my fingertips...
src/share/vm/prims/jvmtiEnvBase.cpp:
642 jvmtiError
643 JvmtiEnvBase::get_current_contended_monitor(JavaThread *calling_thread,
JavaThread *java_thread, jobject *monitor_ptr) {
644 #ifdef ASSERT
645 uint32_t debug_bits = 0;
646 #endif
647 assert((SafepointSynchronize::is_at_safepoint() ||
648 is_thread_fully_suspended(java_thread, false, &debug_bits)),
649 "at safepoint or target thread is suspended");
650 oop obj = NULL;
651 ObjectMonitor *mon = java_thread->current_waiting_monitor();
652 if (mon == NULL) {
653 // thread is not doing an Object.wait() call
654 mon = java_thread->current_pending_monitor();
655 if (mon != NULL) {
656 // The thread is trying to enter() or raw_enter() an ObjectMonitor
.
657 obj = (oop)mon->object();
658 // If obj == NULL, then ObjectMonitor is raw which doesn't count
659 // as contended for this API
660 }
661 // implied else: no contended ObjectMonitor
662 } else {
663 // thread is doing an Object.wait() call
664 obj = (oop)mon->object();
665 assert(obj != NULL, "Object.wait() should have an object");
666 }
667
668 if (obj == NULL) {
669 *monitor_ptr = NULL;
670 } else {
671 HandleMark hm;
672 Handle hobj(obj);
673 *monitor_ptr = jni_reference(calling_thread, hobj);
674 }
675 return JVMTI_ERROR_NONE;
676 }
The above function matches the current HSX-24-B04 source.
Based a quick look at the disassembly that Ashok provided
(I stripped off some of the name mangling stuff for clarity):
(gdb) disass 0x00002af8d716b911
Dump of assembler code for function JvmtiEnvBase29get_current_contended_monitor:
0x00002af8d716b8e0 <JvmtiEnvBase29get_current_contended_monitor+0>: push %rbp
0x00002af8d716b8e1 <JvmtiEnvBase29get_current_contended_monitor+1>: mov %rsp,%rbp
0x00002af8d716b8e4 <JvmtiEnvBase29get_current_contended_monitor+4>: sub $0x60,%rsp
0x00002af8d716b8e8 <JvmtiEnvBase29get_current_contended_monitor+8>: mov 0xc8(%rdx),%rax
0x00002af8d716b8ef <JvmtiEnvBase29get_current_contended_monitor+15>: mov %r13,-0x18(%rbp)
0x00002af8d716b8f3 <JvmtiEnvBase29get_current_contended_monitor+19>: mov %r14,-0x10(%rbp)
0x00002af8d716b8f7 <JvmtiEnvBase29get_current_contended_monitor+23>: mov %r15,-0x8(%rbp)
0x00002af8d716b8fb <JvmtiEnvBase29get_current_contended_monitor+27>: xor %r13d,%r13d
0x00002af8d716b8fe <JvmtiEnvBase29get_current_contended_monitor+30>: mov %rbx,-0x28(%rbp)
0x00002af8d716b902 <JvmtiEnvBase29get_current_contended_monitor+34>: mov %r12,-0x20(%rbp)
0x00002af8d716b906 <JvmtiEnvBase29get_current_contended_monitor+38>: test %rax,%rax
0x00002af8d716b909 <JvmtiEnvBase29get_current_contended_monitor+41>: mov %rsi,%r15
0x00002af8d716b90c <JvmtiEnvBase29get_current_contended_monitor+44>: mov %rcx,%r14
0x00002af8d716b90f <JvmtiEnvBase29get_current_contended_monitor+47>: je 0x2af8d716b990 <JvmtiEnvBase29get_current_contended_monitor+176>
0x00002af8d716b911 <JvmtiEnvBase29get_current_contended_monitor+49>: mov 0x8(%rax),%r13
0x00002af8d716b915 <JvmtiEnvBase29get_current_contended_monitor+53>: test %r13,%r13
0x00002af8d716b918 <JvmtiEnvBase29get_current_contended_monitor+56>: je 0x2af8d716b986 <JvmtiEnvBase29get_current_contended_monitor=+166>
I think the crash is happening at line 664:
662 } else {
663 // thread is doing an Object.wait() call
664 obj = (oop)mon->object();
on the attempt to dereference 'mon' to get the associated object.
- relates to
-
-
- Closed
-
-
-
- Closed
-