Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8178870

instrumentation.retransformClasses cause coredump

XMLWordPrintable

    • b31
    • generic
    • generic

        FULL PRODUCT VERSION :
        build 1.8.0-b112

        ADDITIONAL OS VERSION INFORMATION :
        Red Hat Enterprise Linux Server release 7.1(Maipo)
        Linux 3.10.0-229.el7.x86_64 #1 SMP Thu Jan 29 18:37:38 EST 2015 x86_64 x86_64 GNU/Linux

        EXTRA RELEVANT SYSTEM CONFIGURATION :
        8G memory
        two cores cpu
        1G network
        -Xmx1g -Xms1g -XX:MaxPermSize=512m

        A DESCRIPTION OF THE PROBLEM :
        I am implementing a java agent program(APM), the requirement is to enable/disable the monitor function by UI, The underlying implementation is to use the instrumentation.retransformClasses api to redefine the montored classes at runtime.
        Asm is used to transform the class byte codes.
        A coredump or hs_error_pid file is generated when retransformClasses is invoked occasionally. So I designed a program to invoke retransformClasses iteratively on large number of loaded classes, a few hours later ,coredump will be reproduced.

        When retransforming the classes, the coredump will be produced even using the
        original byte code without changed by asm.

        The issue is found on oracle jdk 8, not found on oracle jdk6, oracle jdk7



        STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
        1.Implement a javaagent and a function to retransform part of the loaded classes at runtime
        2.retransform the classes without changed the byte code even, just do the retransform action, and return the original byte code copy in the transform method of transformer
        3. Repeat 2 in a program automatically in a few hours,sometimes half a day ,sometimes one or two days.



        EXPECTED VERSUS ACTUAL BEHAVIOR :
        EXPECTED -
        The retransformation will run without any errors
        ACTUAL -
        a coredump or hs_error_pid will be generated alternatively

        ERROR MESSAGES/STACK TRACES THAT OCCUR :
        hs_error_pid information:

        *** Error in `/home/bes/java/jdk1.8.0_92/bin/java': double free or corruption (out): 0x00007f4694193450 ***
        ======= Backtrace: =========
        /lib64/libc.so.6(+0x7d1fd)[0x7f46f42ef1fd]


        The coredump information

        Program terminated with signal 6, Aborted.
        #0 0x00007fe7e605a5d7 in raise () from /lib64/libc.so.6
        Missing separate debuginfos, use: debuginfo-install glibc-2.17-78.el7.x86_64 libgcc-4.8.3-9.el7.x86_64
        (gdb) bt
        #0 0x00007fe7e605a5d7 in raise () from /lib64/libc.so.6
        #1 0x00007fe7e605bcc8 in abort () from /lib64/libc.so.6
        #2 0x00007fe7e609ae07 in __libc_message () from /lib64/libc.so.6
        #3 0x00007fe7e60a21fd in _int_free () from /lib64/libc.so.6
        #4 0x00007fe7e5999209 in os::free(void*, unsigned short) () from /home/bes/java/jdk1.8.0/jre/lib/amd64/server/libjvm.so
        #5 0x00007fe7e56da5a6 in InstanceKlass::release_C_heap_structures() () from /home/bes/java/jdk1.8.0/jre/lib/amd64/server/libjvm.so
        #6 0x00007fe7e56e0a6a in InstanceKlass::deallocate_contents(ClassLoaderData*) () from /home/bes/java/jdk1.8.0/jre/lib/amd64/server/libjvm.so
        #7 0x00007fe7e552ab2f in ClassLoaderData::free_deallocate_list() () from /home/bes/java/jdk1.8.0/jre/lib/amd64/server/libjvm.so
        #8 0x00007fe7e552b51b in ClassLoaderDataGraph::do_unloading(BoolObjectClosure*) () from /home/bes/java/jdk1.8.0/jre/lib/amd64/server/libjvm.so
        #9 0x00007fe7e5aa8f1b in SystemDictionary::do_unloading(BoolObjectClosure*) () from /home/bes/java/jdk1.8.0/jre/lib/amd64/server/libjvm.so
        #10 0x00007fe7e59fe6b4 in PSParallelCompact::marking_phase(ParCompactionManager*, bool, ParallelOldTracer*) () from /home/bes/java/jdk1.8.0/jre/lib/amd64/server/libjvm.so
        #11 0x00007fe7e5a037c6 in PSParallelCompact::invoke_no_policy(bool) () from /home/bes/java/jdk1.8.0/jre/lib/amd64/server/libjvm.so
        #12 0x00007fe7e5a040b3 in PSParallelCompact::invoke(bool) () from /home/bes/java/jdk1.8.0/jre/lib/amd64/server/libjvm.so
        #13 0x00007fe7e55414c4 in CollectedHeap::collect_as_vm_thread(GCCause::Cause) () from /home/bes/java/jdk1.8.0/jre/lib/amd64/server/libjvm.so
        #14 0x00007fe7e5b322f1 in VM_CollectForMetadataAllocation::doit() () from /home/bes/java/jdk1.8.0/jre/lib/amd64/server/libjvm.so
        #15 0x00007fe7e5b3a1c5 in VM_Operation::evaluate() () from /home/bes/java/jdk1.8.0/jre/lib/amd64/server/libjvm.so
        #16 0x00007fe7e5b385ba in VMThread::evaluate_operation(VM_Operation*) () from /home/bes/java/jdk1.8.0/jre/lib/amd64/server/libjvm.so
        #17 0x00007fe7e5b3897d in VMThread::loop() () from /home/bes/java/jdk1.8.0/jre/lib/amd64/server/libjvm.so
        #18 0x00007fe7e5b38db0 in VMThread::run() () from /home/bes/java/jdk1.8.0/jre/lib/amd64/server/libjvm.so
        #19 0x00007fe7e59a2058 in java_start(Thread*) () from /home/bes/java/jdk1.8.0/jre/lib/amd64/server/libjvm.so
        #20 0x00007fe7e6808df5 in start_thread () from /lib64/libpthread.so.0
        #21 0x00007fe7e611b1ad in clone () from /lib64/libc.so.6

        REPRODUCIBILITY :
        This bug can be reproduced occasionally.

        ---------- BEGIN SOURCE ----------
        package agent.loader;

        import java.lang.instrument.ClassFileTransformer;
        import java.lang.instrument.IllegalClassFormatException;
        import java.security.ProtectionDomain;

        public class PreClassTransformer implements ClassFileTransformer {
            public PreClassTransformer() {
             super();
            }

            /**
             * Transform the class at loading stage
             */
            public byte[] transform(ClassLoader loader, String className, Class classBeingRedefined, ProtectionDomain protectionDomain, byte[] classfileBuffer) throws
        IllegalClassFormatException {
        byte[] cloneClassBytes = new byte[classfileBuffer.length];
        System.arrayCopy(classBytes,0,cloneClassBytes,0,classBytes.length);
                return cloneClassBytes;
            }
        }


        package agent.loader;

        import java.lang.instrument.Instrumentation;

        public abstract class AbstractClassRetransformer {
            private String name;

            public AbstractClassRetransformer(String name) {
                this.name = name;
            }
            
            public void retransformClass(Instrumentation instrumentation, Class<?> retransformClass) {
                try {
                    instrumentation.retransformClasses(retransformClass);
                } catch (Throwable ex) {
                    ; log the errors
                }
            }
        }

        ---------- END SOURCE ----------

              coleenp Coleen Phillimore
              webbuggrp Webbug Group
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: