P3 Description
Method is_good(oop* p) in FrameValuesOopClosure tries to verify that we have a valid oop. One of the things checked is that the Klass* field in the object points to valid memory. When UseCompressedClassPointers is true though we first go through the decode logic when fetching the Klass* which asserts that the decoded pointer is aligned. If the oop is bad _compressed_klass can be garbage and we can hit the assertion.
The crash can be easily reproduced when running jdk/internal/vm/Continuation/Basic.java with "-Xlog:continuations=trace -XX:+UseZGC". When thawing, if continuations trace logging is enabled, we first walk the stackchunk and call fr.describe() for each of the walked frames which in turn calls FrameValuesOopClosure. With G1 either the oop will be good or it will be compressed and we will most likely fail a previous checked condition that the oop points to valid memory. With ZGC the oops can be moved outside safepoints so the oop could appear good but it's actually bad.
STDOUT:
# To suppress the following error report, specify this argument
# after -XX: or in .hotspotrc: SuppressErrorAt=/compressedOops.inline.hpp:135
#
# A fatal error has been detected by the Java Runtime Environment:
#
# Internal Error (/scratch/pchilano/random3/open/src/hotspot/share/oops/compressedOops.inline.hpp:135), pid=37868, tid=37902
# assert(check_alignment(result)) failed: address not aligned: 0x00000000baadbabe
#
# JRE version: OpenJDK Runtime Environment (20.0) (fastdebug build 20-internal-2022-09-15-1920221.pchilano...)
# Java VM: OpenJDK 64-Bit Server VM (fastdebug 20-internal-2022-09-15-1920221.pchilano..., interpreted mode, compressed class ptrs, z gc, linux-amd64)
# Problematic frame:
# V [libjvm.so+0xd311a7] FrameValuesOopClosure::describe(FrameValues&, int)+0x537
#
# Core dump will be written. Default location: /scratch/pchilano/random3/open/build/linux-x64/test-support/jtreg_test_jdk_jdk_internal_vm_Continuation_Basic_java/scratch/0/core.37868
#
# An error report file with more information is saved as:
# /scratch/pchilano/random3/open/build/linux-x64/test-support/jtreg_test_jdk_jdk_internal_vm_Continuation_Basic_java/scratch/0/hs_err_pid37868.log
#
# If you would like to submit a bug report, please visit:
# https://bugreport.java.com/bugreport/crash.jsp
#
The logging part is needed to execute the FrameValuesOopClosure code.
The crash can be easily reproduced when running jdk/internal/vm/Continuation/Basic.java with "-Xlog:continuations=trace -XX:+UseZGC". When thawing, if continuations trace logging is enabled, we first walk the stackchunk and call fr.describe() for each of the walked frames which in turn calls FrameValuesOopClosure. With G1 either the oop will be good or it will be compressed and we will most likely fail a previous checked condition that the oop points to valid memory. With ZGC the oops can be moved outside safepoints so the oop could appear good but it's actually bad.
STDOUT:
# To suppress the following error report, specify this argument
# after -XX: or in .hotspotrc: SuppressErrorAt=/compressedOops.inline.hpp:135
#
# A fatal error has been detected by the Java Runtime Environment:
#
# Internal Error (/scratch/pchilano/random3/open/src/hotspot/share/oops/compressedOops.inline.hpp:135), pid=37868, tid=37902
# assert(check_alignment(result)) failed: address not aligned: 0x00000000baadbabe
#
# JRE version: OpenJDK Runtime Environment (20.0) (fastdebug build 20-internal-2022-09-15-1920221.pchilano...)
# Java VM: OpenJDK 64-Bit Server VM (fastdebug 20-internal-2022-09-15-1920221.pchilano..., interpreted mode, compressed class ptrs, z gc, linux-amd64)
# Problematic frame:
# V [libjvm.so+0xd311a7] FrameValuesOopClosure::describe(FrameValues&, int)+0x537
#
# Core dump will be written. Default location: /scratch/pchilano/random3/open/build/linux-x64/test-support/jtreg_test_jdk_jdk_internal_vm_Continuation_Basic_java/scratch/0/core.37868
#
# An error report file with more information is saved as:
# /scratch/pchilano/random3/open/build/linux-x64/test-support/jtreg_test_jdk_jdk_internal_vm_Continuation_Basic_java/scratch/0/hs_err_pid37868.log
#
# If you would like to submit a bug report, please visit:
# https://bugreport.java.com/bugreport/crash.jsp
#
The logging part is needed to execute the FrameValuesOopClosure code.