-
Bug
-
Resolution: Fixed
-
P2
-
9
-
b120
-
Verified
Reproducible with:
jtreg -javaoptions:"-XX:+ShowMessageBoxOnError -Xlog:all=trace:ul.log -XX:+VerifyBeforeGC -XX:+VerifyAfterGC"
-jdk:linux-x86_64-normal-server-slowdebug/jdk jdk/test/java/util/concurrent/ConcurrentLinkedQueue/RemoveLeak.java
#6 report_vm_error
#7 oopDesc::decode_heap_oop_not_null
#8 oopDesc::decode_heap_oop
#9 G1SATBCardTableModRefBS::inline_write_ref_field_pre<unsigned int>
#10 G1SATBCardTableModRefBS::write_ref_field_pre_work
#11 BarrierSet::write_ref_field_pre<unsigned int>
#12 update_barrier_set_pre<unsigned int>
#13 oop_store<unsigned int>
#14 oopDesc::obj_field_put
#15 java_lang_Class::set_module
#16 java_lang_Class::fixup_module_field
#17 ModuleEntryTable::patch_javabase_entries
#18 define_javabase_module
#19 Modules::define_module
#20 JVM_DefineModule
#21 Java_java_lang_reflect_Module_defineModule0
The crash happens because one of the Klasses in the _fixup_module_field_list has been unloaded before the the fixup code executes.
(gdb) f 16
#16 0x00007f0ba68d0657 in java_lang_Class::fixup_module_field (k=..., module=...) at /home/stefank/hg/jdk9/hs-rt/hotspot/src/share/vm/classfile/javaClasses.cpp:869
869 java_lang_Class::set_module(k->java_mirror(), module());
(gdb) p k
$18 = {..., _value = 0x100062830}
And from the ul.log file:
21403:[1.380s][trace][gc,metaspace,freelist] Metachunk: bottom 0x0000000100062800 top 0x0000000100062830 end 0x0000000100062c00 size 128
21408:[1.380s][debug][classload ] java.lang.invoke.LambdaForm$BMH/1919892312 source: java.lang.invoke.LambdaForm klass: 0x0000000100062830 super: 0x0000000100000fb0 loader: [NULL class_loader] bytes: 601 checksum: 767a2e19
21414:[1.380s][info ][classinit ] 363 Initializing 'java/lang/invoke/LambdaForm$BMH'(no method) (0x0000000100062830)
104394:[24.230s][info ][classunload ] unloading class java.lang.invoke.LambdaForm$BMH/1919892312 0x0000000100062830
104395:[24.230s][debug][classloaderdata ] : unload loader data 0x00007f0ba02d4200 for instance 0x0000000000000000 of <bootloader> for anonymous class 0x0000000100062830
The _fixup_mirror_list, that the _fixup_module_field_list mimcs, assumes that all Klasses in the list is held alive by the null class loader. This assumption is broken when one of the Klasses are an anonymous Klass. The anonymous klasses are not automatically kept alive by the null class loader.
jtreg -javaoptions:"-XX:+ShowMessageBoxOnError -Xlog:all=trace:ul.log -XX:+VerifyBeforeGC -XX:+VerifyAfterGC"
-jdk:linux-x86_64-normal-server-slowdebug/jdk jdk/test/java/util/concurrent/ConcurrentLinkedQueue/RemoveLeak.java
#6 report_vm_error
#7 oopDesc::decode_heap_oop_not_null
#8 oopDesc::decode_heap_oop
#9 G1SATBCardTableModRefBS::inline_write_ref_field_pre<unsigned int>
#10 G1SATBCardTableModRefBS::write_ref_field_pre_work
#11 BarrierSet::write_ref_field_pre<unsigned int>
#12 update_barrier_set_pre<unsigned int>
#13 oop_store<unsigned int>
#14 oopDesc::obj_field_put
#15 java_lang_Class::set_module
#16 java_lang_Class::fixup_module_field
#17 ModuleEntryTable::patch_javabase_entries
#18 define_javabase_module
#19 Modules::define_module
#20 JVM_DefineModule
#21 Java_java_lang_reflect_Module_defineModule0
The crash happens because one of the Klasses in the _fixup_module_field_list has been unloaded before the the fixup code executes.
(gdb) f 16
#16 0x00007f0ba68d0657 in java_lang_Class::fixup_module_field (k=..., module=...) at /home/stefank/hg/jdk9/hs-rt/hotspot/src/share/vm/classfile/javaClasses.cpp:869
869 java_lang_Class::set_module(k->java_mirror(), module());
(gdb) p k
$18 = {..., _value = 0x100062830}
And from the ul.log file:
21403:[1.380s][trace][gc,metaspace,freelist] Metachunk: bottom 0x0000000100062800 top 0x0000000100062830 end 0x0000000100062c00 size 128
21408:[1.380s][debug][classload ] java.lang.invoke.LambdaForm$BMH/1919892312 source: java.lang.invoke.LambdaForm klass: 0x0000000100062830 super: 0x0000000100000fb0 loader: [NULL class_loader] bytes: 601 checksum: 767a2e19
21414:[1.380s][info ][classinit ] 363 Initializing 'java/lang/invoke/LambdaForm$BMH'(no method) (0x0000000100062830)
104394:[24.230s][info ][classunload ] unloading class java.lang.invoke.LambdaForm$BMH/1919892312 0x0000000100062830
104395:[24.230s][debug][classloaderdata ] : unload loader data 0x00007f0ba02d4200 for instance 0x0000000000000000 of <bootloader> for anonymous class 0x0000000100062830
The _fixup_mirror_list, that the _fixup_module_field_list mimcs, assumes that all Klasses in the list is held alive by the null class loader. This assumption is broken when one of the Klasses are an anonymous Klass. The anonymous klasses are not automatically kept alive by the null class loader.
- blocks
-
-
- Closed
-
- duplicates
-
-
- Closed
-
- relates to
-
-
- Closed
-
-
-
- Closed
-