Details
-
Bug
-
Resolution: Fixed
-
P4
-
8
-
b03
-
generic
-
generic
Description
The JVM could crash on the debug build because missing null check for nmethod::is_native_method().
The CodeCahe::print_internals() function checks is_native_method about nmethod, but the _method variable could be NULL when class is unloaded.
In that case, it refers to a NULL pointer and causes an access violation.
Not only is_native_method function but also is_java_method function has the same problem.
This problem happens only with JDK8. JDK9 was fiexed with the first commit for compiledMethod.hpp.
How to reproduce:
This problem can be reproduded by running the attached NmethodLogTest with the debug build.
1) build jdk8 with debug enabled
2) java -XX:+PrintCodeCache2 NmethodLogTest
3) The JVM will crash at nmethod::is_native_method() with the below error report.
'''
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00007f18da4556ec, pid=32476, tid=0x00007f18dc3fd700
#
# JRE version: OpenJDK Runtime Environment (8.0_402) (build 1.8.0_402-internal-debug-k5user_2023_09_20_05_16-b00)
# Java VM: OpenJDK 64-Bit Server VM (25.402-b00-debug mixed mode linux-amd64 compressed oops)
# Problematic frame:
# V [libjvm.so+0x3be6ec] Method::access_flags() const+0xc
#
# Failed to write core dump. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# An error report file with more information is saved as:
# /tmp/hs_err_pid32476.log
Compiled method (c1) 28934 2 3 (method)
total in heap [0x00007f18c522eb10,0x00007f18c522ee78] = 872
relocation [0x00007f18c522ec40,0x00007f18c522ec70] = 48
main code [0x00007f18c522ec80,0x00007f18c522ed40] = 192
stub code [0x00007f18c522ed40,0x00007f18c522edf8] = 184
metadata [0x00007f18c522edf8,0x00007f18c522ee00] = 8
scopes data [0x00007f18c522ee00,0x00007f18c522ee20] = 32
scopes pcs [0x00007f18c522ee20,0x00007f18c522ee70] = 80
dependencies [0x00007f18c522ee70,0x00007f18c522ee78] = 8
#
# If you would like to submit a bug report, please visit:
# http://bugreport.java.com/bugreport/crash.jsp
#
Current thread is 139744751113984
Dumping core ...
Aborted
'''
The CodeCahe::print_internals() function checks is_native_method about nmethod, but the _method variable could be NULL when class is unloaded.
In that case, it refers to a NULL pointer and causes an access violation.
Not only is_native_method function but also is_java_method function has the same problem.
This problem happens only with JDK8. JDK9 was fiexed with the first commit for compiledMethod.hpp.
How to reproduce:
This problem can be reproduded by running the attached NmethodLogTest with the debug build.
1) build jdk8 with debug enabled
2) java -XX:+PrintCodeCache2 NmethodLogTest
3) The JVM will crash at nmethod::is_native_method() with the below error report.
'''
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00007f18da4556ec, pid=32476, tid=0x00007f18dc3fd700
#
# JRE version: OpenJDK Runtime Environment (8.0_402) (build 1.8.0_402-internal-debug-k5user_2023_09_20_05_16-b00)
# Java VM: OpenJDK 64-Bit Server VM (25.402-b00-debug mixed mode linux-amd64 compressed oops)
# Problematic frame:
# V [libjvm.so+0x3be6ec] Method::access_flags() const+0xc
#
# Failed to write core dump. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# An error report file with more information is saved as:
# /tmp/hs_err_pid32476.log
Compiled method (c1) 28934 2 3 (method)
total in heap [0x00007f18c522eb10,0x00007f18c522ee78] = 872
relocation [0x00007f18c522ec40,0x00007f18c522ec70] = 48
main code [0x00007f18c522ec80,0x00007f18c522ed40] = 192
stub code [0x00007f18c522ed40,0x00007f18c522edf8] = 184
metadata [0x00007f18c522edf8,0x00007f18c522ee00] = 8
scopes data [0x00007f18c522ee00,0x00007f18c522ee20] = 32
scopes pcs [0x00007f18c522ee20,0x00007f18c522ee70] = 80
dependencies [0x00007f18c522ee70,0x00007f18c522ee78] = 8
#
# If you would like to submit a bug report, please visit:
# http://bugreport.java.com/bugreport/crash.jsp
#
Current thread is 139744751113984
Dumping core ...
Aborted
'''
