P1 Description
After JDK-8318894 gc/logging/TestUnifiedLoggingSwitchStress.java often (~1 in 10 runs) crashes with the following stack trace:
#10 0x00007f1b00f2967f in javaSignalHandler (sig=11, info=0x7f1ae01f7730, context=0x7f1ae01f7600) at jdk/src/hotspot/os/posix/signals_posix.cpp:668
#11 <signal handler called>
#12 0x00007f1b00cf661a in AbsSeq::davg (this=0xabababababab8ee8) at jdk/src/hotspot/share/utilities/numberSeq.cpp:88
#13 0x00007f1b00629c56 in G1Predictions::predict (this=0x7f1af8048668, seq=0xabababababab8ee8) at jdk/src/hotspot/share/gc/g1/g1Predictions.hpp:58
#14 0x00007f1b00629cb9 in G1Predictions::predict_in_unit_interval (this=0x7f1af8048668, seq=0xabababababab8ee8) at jdk/src/hotspot/share/gc/g1/g1Predictions.hpp:62
#15 0x00007f1b006e22f3 in G1SurvRateGroup::surv_rate_pred (this=0x7f1af804a760, predictor=..., age=24) at jdk/src/hotspot/share/gc/g1/g1SurvRateGroup.hpp:89
#16 0x00007f1b006e3060 in HeapRegion::surv_rate_prediction (this=0x7f1af81c7620, predictor=...) at jdk/src/hotspot/share/gc/g1/heapRegion.inline.hpp:520
#17 0x00007f1b006df776 in G1Policy::predict_bytes_to_copy (this=0x7f1af8048660, hr=0x7f1af81c7620) at jdk/src/hotspot/share/gc/g1/g1Policy.cpp:1089
#18 0x00007f1b006df932 in G1Policy::predict_region_copy_time_ms (this=0x7f1af8048660, hr=0x7f1af81c7620, for_young_only_phase=false) at jdk/src/hotspot/share/gc/g1/g1Policy.cpp:1110
#19 0x00007f1b006dfb5e in G1Policy::predict_region_total_time_ms (this=0x7f1af8048660, hr=0x7f1af81c7620, for_young_only_phase=false) at jdk/src/hotspot/share/gc/g1/g1Policy.cpp:1148
#20 0x00007f1b0078b135 in HeapRegion::calc_gc_efficiency (this=0x7f1af81c7620) at jdk/src/hotspot/share/gc/g1/heapRegion.cpp:144
#21 0x00007f1b00671ef8 in G1PrintRegionLivenessInfoClosure::do_heap_region (this=0x7f1ae01f85a0, r=0x7f1af81c7620) at jdk/src/hotspot/share/gc/g1/g1ConcurrentMark.cpp:2994
#22 0x00007f1b0079400b in HeapRegionManager::iterate (this=0x7f1af8042670, blk=0x7f1ae01f85a0) at jdk/src/hotspot/share/gc/g1/heapRegionManager.cpp:509
#23 0x00007f1b00654240 in G1CollectedHeap::heap_region_iterate (this=0x7f1af80424d0, cl=0x7f1ae01f85a0) at jdk/src/hotspot/share/gc/g1/g1CollectedHeap.cpp:2039
#24 0x00007f1b006e05a5 in G1Policy::record_concurrent_mark_cleanup_end (this=0x7f1af8048660, has_rebuilt_remembered_sets=true) at jdk/src/hotspot/share/gc/g1/g1Policy.cpp:1326
#25 0x00007f1b0066dcb4 in G1ConcurrentMark::cleanup (this=0x7f1af805ae80) at jdk/src/hotspot/share/gc/g1/g1ConcurrentMark.cpp:1486
#26 0x00007f1b0070f7cb in VM_G1PauseCleanup::work (this=0x7f1afd912be0) at jdk/src/hotspot/share/gc/g1/g1VMOperations.cpp:199
#27 0x00007f1b0070f6ab in VM_G1PauseConcurrent::doit (this=0x7f1afd912be0) at jdk/src/hotspot/share/gc/g1/g1VMOperations.cpp:177
#28 0x00007f1b01129285 in VM_Operation::evaluate (this=0x7f1afd912be0) at jdk/src/hotspot/share/runtime/vmOperations.cpp:71
#29 0x00007f1b01196f60 in VMThread::evaluate_operation (this=0x7f1af82ba9a0, op=0x7f1afd912be0) at jdk/src/hotspot/share/runtime/vmThread.cpp:281
#30 0x00007f1b01197898 in VMThread::inner_execute (this=0x7f1af82ba9a0, op=0x7f1afd912be0) at jdk/src/hotspot/share/runtime/vmThread.cpp:435
#31 0x00007f1b01197ccb in VMThread::loop (this=0x7f1af82ba9a0) at jdk/src/hotspot/share/runtime/vmThread.cpp:502
#32 0x00007f1b01196af3 in VMThread::run (this=0x7f1af82ba9a0) at jdk/src/hotspot/share/runtime/vmThread.cpp:175
#33 0x00007f1b0106f343 in Thread::call_run (this=0x7f1af82ba9a0) at jdk/src/hotspot/share/runtime/thread.cpp:220
#34 0x00007f1b00d414de in thread_native_entry (thread=0x7f1af82ba9a0) at jdk/src/hotspot/os/linux/os_linux.cpp:786
#35 0x00007f1b02694ac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
Particularly note the corrupted "seq=0xabababababab8ee8" in frame 14.
(gdb) frame 15
#15 0x00007f1b006e22f3 in G1SurvRateGroup::surv_rate_pred (this=0x7f1af804a760, predictor=..., age=24) at jdk/src/hotspot/share/gc/g1/g1SurvRateGroup.hpp:89
89 return predictor.predict_in_unit_interval(_surv_rate_predictors[age]);
(gdb) print *this
$1 = {<CHeapObj<(MEMFLAGS)5>> = {<No data fields>}, _stats_arrays_length = 24, _num_added_regions = 25, _accum_surv_rate_pred = 0x7f1af8325730, _last_pred = 0.4332111447063256,
_surv_rate_predictors = 0x7f1af8325810, static InvalidAgeIndex = 4294967295}
_stats_arrays_length is 24, and the age is 24 too (i.e. the code indexes beyond the array).
It is also strange that _stats_arrays_length is unequal to _num_added_regions at first glance during a Cleanup pause.
WithoutJDK-8318894 it passed around 100 runs, so I think it introduced the problem.
#10 0x00007f1b00f2967f in javaSignalHandler (sig=11, info=0x7f1ae01f7730, context=0x7f1ae01f7600) at jdk/src/hotspot/os/posix/signals_posix.cpp:668
#11 <signal handler called>
#12 0x00007f1b00cf661a in AbsSeq::davg (this=0xabababababab8ee8) at jdk/src/hotspot/share/utilities/numberSeq.cpp:88
#13 0x00007f1b00629c56 in G1Predictions::predict (this=0x7f1af8048668, seq=0xabababababab8ee8) at jdk/src/hotspot/share/gc/g1/g1Predictions.hpp:58
#14 0x00007f1b00629cb9 in G1Predictions::predict_in_unit_interval (this=0x7f1af8048668, seq=0xabababababab8ee8) at jdk/src/hotspot/share/gc/g1/g1Predictions.hpp:62
#15 0x00007f1b006e22f3 in G1SurvRateGroup::surv_rate_pred (this=0x7f1af804a760, predictor=..., age=24) at jdk/src/hotspot/share/gc/g1/g1SurvRateGroup.hpp:89
#16 0x00007f1b006e3060 in HeapRegion::surv_rate_prediction (this=0x7f1af81c7620, predictor=...) at jdk/src/hotspot/share/gc/g1/heapRegion.inline.hpp:520
#17 0x00007f1b006df776 in G1Policy::predict_bytes_to_copy (this=0x7f1af8048660, hr=0x7f1af81c7620) at jdk/src/hotspot/share/gc/g1/g1Policy.cpp:1089
#18 0x00007f1b006df932 in G1Policy::predict_region_copy_time_ms (this=0x7f1af8048660, hr=0x7f1af81c7620, for_young_only_phase=false) at jdk/src/hotspot/share/gc/g1/g1Policy.cpp:1110
#19 0x00007f1b006dfb5e in G1Policy::predict_region_total_time_ms (this=0x7f1af8048660, hr=0x7f1af81c7620, for_young_only_phase=false) at jdk/src/hotspot/share/gc/g1/g1Policy.cpp:1148
#20 0x00007f1b0078b135 in HeapRegion::calc_gc_efficiency (this=0x7f1af81c7620) at jdk/src/hotspot/share/gc/g1/heapRegion.cpp:144
#21 0x00007f1b00671ef8 in G1PrintRegionLivenessInfoClosure::do_heap_region (this=0x7f1ae01f85a0, r=0x7f1af81c7620) at jdk/src/hotspot/share/gc/g1/g1ConcurrentMark.cpp:2994
#22 0x00007f1b0079400b in HeapRegionManager::iterate (this=0x7f1af8042670, blk=0x7f1ae01f85a0) at jdk/src/hotspot/share/gc/g1/heapRegionManager.cpp:509
#23 0x00007f1b00654240 in G1CollectedHeap::heap_region_iterate (this=0x7f1af80424d0, cl=0x7f1ae01f85a0) at jdk/src/hotspot/share/gc/g1/g1CollectedHeap.cpp:2039
#24 0x00007f1b006e05a5 in G1Policy::record_concurrent_mark_cleanup_end (this=0x7f1af8048660, has_rebuilt_remembered_sets=true) at jdk/src/hotspot/share/gc/g1/g1Policy.cpp:1326
#25 0x00007f1b0066dcb4 in G1ConcurrentMark::cleanup (this=0x7f1af805ae80) at jdk/src/hotspot/share/gc/g1/g1ConcurrentMark.cpp:1486
#26 0x00007f1b0070f7cb in VM_G1PauseCleanup::work (this=0x7f1afd912be0) at jdk/src/hotspot/share/gc/g1/g1VMOperations.cpp:199
#27 0x00007f1b0070f6ab in VM_G1PauseConcurrent::doit (this=0x7f1afd912be0) at jdk/src/hotspot/share/gc/g1/g1VMOperations.cpp:177
#28 0x00007f1b01129285 in VM_Operation::evaluate (this=0x7f1afd912be0) at jdk/src/hotspot/share/runtime/vmOperations.cpp:71
#29 0x00007f1b01196f60 in VMThread::evaluate_operation (this=0x7f1af82ba9a0, op=0x7f1afd912be0) at jdk/src/hotspot/share/runtime/vmThread.cpp:281
#30 0x00007f1b01197898 in VMThread::inner_execute (this=0x7f1af82ba9a0, op=0x7f1afd912be0) at jdk/src/hotspot/share/runtime/vmThread.cpp:435
#31 0x00007f1b01197ccb in VMThread::loop (this=0x7f1af82ba9a0) at jdk/src/hotspot/share/runtime/vmThread.cpp:502
#32 0x00007f1b01196af3 in VMThread::run (this=0x7f1af82ba9a0) at jdk/src/hotspot/share/runtime/vmThread.cpp:175
#33 0x00007f1b0106f343 in Thread::call_run (this=0x7f1af82ba9a0) at jdk/src/hotspot/share/runtime/thread.cpp:220
#34 0x00007f1b00d414de in thread_native_entry (thread=0x7f1af82ba9a0) at jdk/src/hotspot/os/linux/os_linux.cpp:786
#35 0x00007f1b02694ac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
Particularly note the corrupted "seq=0xabababababab8ee8" in frame 14.
(gdb) frame 15
#15 0x00007f1b006e22f3 in G1SurvRateGroup::surv_rate_pred (this=0x7f1af804a760, predictor=..., age=24) at jdk/src/hotspot/share/gc/g1/g1SurvRateGroup.hpp:89
89 return predictor.predict_in_unit_interval(_surv_rate_predictors[age]);
(gdb) print *this
$1 = {<CHeapObj<(MEMFLAGS)5>> = {<No data fields>}, _stats_arrays_length = 24, _num_added_regions = 25, _accum_surv_rate_pred = 0x7f1af8325730, _last_pred = 0.4332111447063256,
_surv_rate_predictors = 0x7f1af8325810, static InvalidAgeIndex = 4294967295}
_stats_arrays_length is 24, and the age is 24 too (i.e. the code indexes beyond the array).
It is also strange that _stats_arrays_length is unequal to _num_added_regions at first glance during a Cleanup pause.
Without
Attachments
Issue Links
- relates to
-
JDK-8318894 G1: Use uint for age in G1SurvRateGroup
-
- Resolved
-
