P4
When running test gc/arguments/TestMaxNewSize_id0 (UseSerialGC case of the test) with asan enabled binaries, the test fails with this report :
==5875==ERROR: AddressSanitizer: heap-use-after-free on address 0x508000004070 at pc 0x7fa6d0bde36f bp 0x7fa6ab5fe320 sp 0x7fa6ab5fe318
READ of size 8 at 0x508000004070 thread T11
#0 0x7fa6d0bde36e in defaultStream::writer() src/hotspot/share/utilities/defaultStream.hpp:93
#1 0x7fa6d0bde36e in ttyLocker::break_tty_lock_for_safepoint(long) src/hotspot/share/utilities/ostream.cpp:949
#2 0x7fa6d0e69ab5 in SafepointSynchronize::block(JavaThread*) src/hotspot/share/runtime/safepoint.cpp:552
#3 0x7fa6d0e7dec7 in SafepointMechanism::process(JavaThread*, bool, bool) src/hotspot/share/runtime/safepointMechanism.cpp:149
#4 0x7fa6d0ed624c in SafepointMechanism::process_if_requested(JavaThread*, bool, bool) src/hotspot/share/runtime/safepointMechanism.inline.hpp:90
#5 0x7fa6d0ed624c in ThreadBlockInVMPreprocess<void (JavaThread*)>::~ThreadBlockInVMPreprocess() src/hotspot/share/runtime/interfaceSupport.inline.hpp:218
#6 0x7fa6d0ed624c in ThreadBlockInVMPreprocess<void (JavaThread*)>::~ThreadBlockInVMPreprocess() src/hotspot/share/runtime/interfaceSupport.inline.hpp:211
#7 0x7fa6d0ed624c in ThreadBlockInVM::~ThreadBlockInVM() src/hotspot/share/runtime/interfaceSupport.inline.hpp:223
#8 0x7fa6d0ed624c in ServiceThread::service_thread_entry(JavaThread*, JavaThread*) src/hotspot/share/runtime/serviceThread.cpp:128
#9 0x7fa6cfc22e92 in JavaThread::thread_main_inner() src/hotspot/share/runtime/javaThread.cpp:773
#10 0x7fa6cfc37faf in JavaThread::thread_main_inner() src/hotspot/share/runtime/javaThread.cpp:753
#11 0x7fa6cfc37faf in JavaThread::run() src/hotspot/share/runtime/javaThread.cpp:758
#12 0x7fa6d172101f in Thread::call_run() src/hotspot/share/runtime/thread.cpp:243
#13 0x7fa6d0bb69b2 in thread_native_entry src/hotspot/os/linux/os_linux.cpp:868
#14 0x7fa6d585eff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#15 0x7fa6d54a6f6b in start_thread (/lib64/libc.so.6+0xa6f6b) (BuildId: 8cd6cc55dddb025d49c90d45e7ace66d04f55c4a)
#16 0x7fa6d552e337 in clone3 (/lib64/libc.so.6+0x12e337) (BuildId: 8cd6cc55dddb025d49c90d45e7ace66d04f55c4a)
0x508000004070 is located 80 bytes inside of 96-byte region [0x508000004020,0x508000004080)
freed by thread T1 here:
#0 0x7fa6d58f5f58 (/usr/lib64/libasan.so.8+0xf5f58) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x7fa6d0bde82f in CHeapObjBase::operator delete(void*) src/hotspot/share/memory/allocation.hpp:172
#2 0x7fa6d0bde82f in defaultStream::~defaultStream() src/hotspot/share/utilities/defaultStream.hpp:60
#3 0x7fa6d0bde82f in ostream_exit() src/hotspot/share/utilities/ostream.cpp:995
#4 0x7fa6d175e621 in Threads::destroy_vm() src/hotspot/share/runtime/threads.cpp:1029
#5 0x7fa6cfe8e4c3 in jni_DestroyJavaVM_inner src/hotspot/share/prims/jni.cpp:3741
#6 0x7fa6cfe8e4c3 in jni_DestroyJavaVM src/hotspot/share/prims/jni.cpp:3753
#7 0x7fa6d5f58bba in JavaMain src/java.base/share/native/libjli/java.c:668
#8 0x7fa6d5f60fd8 in ThreadJavaMain src/java.base/unix/native/libjli/java_md.c:646
#9 0x7fa6d585eff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
previously allocated by thread T1 here:
#0 0x7fa6d58f72b7 in malloc (/usr/lib64/libasan.so.8+0xf72b7) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x7fa6d0ad674e in permit_forbidden_function::malloc(unsigned long) src/hotspot/share/utilities/permitForbiddenFunctions.hpp:63
#2 0x7fa6d0ad674e in raw_malloc src/hotspot/share/nmt/nmtPreInit.cpp:36
#3 0x7fa6d0ad674e in raw_checked_malloc src/hotspot/share/nmt/nmtPreInit.cpp:45
#4 0x7fa6d0ad674e in NMTPreInitAllocation::do_alloc(unsigned long) src/hotspot/share/nmt/nmtPreInit.cpp:71
#5 0x7fa6d0b9bd9f in NMTPreInit::handle_malloc(void**, unsigned long) src/hotspot/share/nmt/nmtPreInit.hpp:274
#6 0x7fa6d0b9bd9f in os::malloc(unsigned long, MemTag, NativeCallStack const&) src/hotspot/share/runtime/os.cpp:634
#7 0x7fa6ce519f2b in AllocateHeap(unsigned long, MemTag, NativeCallStack const&, AllocFailStrategy::AllocFailEnum) src/hotspot/share/memory/allocation.cpp:40
#8 0x7fa6ce519f2b in AllocateHeap(unsigned long, MemTag, AllocFailStrategy::AllocFailEnum) src/hotspot/share/memory/allocation.cpp:50
#9 0x7fa6d0bde3a4 in CHeapObjBase::operator new(unsigned long, MemTag) src/hotspot/share/memory/allocation.hpp:127
#10 0x7fa6d0bde3a4 in ostream_init() src/hotspot/share/utilities/ostream.cpp:960
#11 0x7fa6d175b1bb in Threads::create_vm(JavaVMInitArgs*, bool*) src/hotspot/share/runtime/threads.cpp:454
#12 0x7fa6cfe9f868 in JNI_CreateJavaVM_inner src/hotspot/share/prims/jni.cpp:3589
#13 0x7fa6cfe9f868 in JNI_CreateJavaVM src/hotspot/share/prims/jni.cpp:3680
#14 0x7fa6d5f587b3 in InitializeJVM src/java.base/share/native/libjli/java.c:1506
#15 0x7fa6d5f587b3 in JavaMain src/java.base/share/native/libjli/java.c:494
#16 0x7fa6d5f60fd8 in ThreadJavaMain src/java.base/unix/native/libjli/java_md.c:646
#17 0x7fa6d585eff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
Thread T11 created by T1 here:
#0 0x7fa6d58ef191 in pthread_create (/usr/lib64/libasan.so.8+0xef191) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x7fa6d0bb9c40 in os::create_thread(Thread*, os::ThreadType, unsigned long) src/hotspot/os/linux/os_linux.cpp:1061
#2 0x7fa6d0ed69cd in ServiceThread::ServiceThread(void (*)(JavaThread*, JavaThread*)) src/hotspot/share/runtime/serviceThread.hpp:44
#3 0x7fa6d0ed69cd in ServiceThread::initialize() src/hotspot/share/runtime/serviceThread.cpp:61
#4 0x7fa6d175bf7c in Threads::create_vm(JavaVMInitArgs*, bool*) src/hotspot/share/runtime/threads.cpp:741
#5 0x7fa6cfe9f868 in JNI_CreateJavaVM_inner src/hotspot/share/prims/jni.cpp:3589
#6 0x7fa6cfe9f868 in JNI_CreateJavaVM src/hotspot/share/prims/jni.cpp:3680
#7 0x7fa6d5f587b3 in InitializeJVM src/java.base/share/native/libjli/java.c:1506
#8 0x7fa6d5f587b3 in JavaMain src/java.base/share/native/libjli/java.c:494
#9 0x7fa6d5f60fd8 in ThreadJavaMain src/java.base/unix/native/libjli/java_md.c:646
#10 0x7fa6d585eff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
Thread T1 created by T0 here:
#0 0x7fa6d58ef191 in pthread_create (/usr/lib64/libasan.so.8+0xef191) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x7fa6d5f62928 in CallJavaMainInNewThread src/java.base/unix/native/libjli/java_md.c:687
#2 0x7fa6d5f5e580 in ContinueInNewThread src/java.base/share/native/libjli/java.c:2340
#3 0x7fa6d5f5fedd in JLI_Launch src/java.base/share/native/libjli/java.c:330
#4 0x5581dc19d0fc in main src/java.base/share/native/launcher/main.c:150
#5 0x7fa6d5440e6b in __libc_start_call_main (/lib64/libc.so.6+0x40e6b) (BuildId: 8cd6cc55dddb025d49c90d45e7ace66d04f55c4a)
SUMMARY: AddressSanitizer: heap-use-after-free src/hotspot/share/utilities/defaultStream.hpp:93 in defaultStream::writer()
Shadow bytes around the buggy address:
0x508000003d80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x508000003e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x508000003e80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x508000003f00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x508000003f80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x508000004000: fa fa fa fa fd fd fd fd fd fd fd fd fd fd[fd]fd
0x508000004080: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 03 fa
0x508000004100: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 03 fa
0x508000004180: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 05 fa
0x508000004200: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 05 fa
0x508000004280: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==5875==ABORTING
]
==5875==ERROR: AddressSanitizer: heap-use-after-free on address 0x508000004070 at pc 0x7fa6d0bde36f bp 0x7fa6ab5fe320 sp 0x7fa6ab5fe318
READ of size 8 at 0x508000004070 thread T11
#0 0x7fa6d0bde36e in defaultStream::writer() src/hotspot/share/utilities/defaultStream.hpp:93
#1 0x7fa6d0bde36e in ttyLocker::break_tty_lock_for_safepoint(long) src/hotspot/share/utilities/ostream.cpp:949
#2 0x7fa6d0e69ab5 in SafepointSynchronize::block(JavaThread*) src/hotspot/share/runtime/safepoint.cpp:552
#3 0x7fa6d0e7dec7 in SafepointMechanism::process(JavaThread*, bool, bool) src/hotspot/share/runtime/safepointMechanism.cpp:149
#4 0x7fa6d0ed624c in SafepointMechanism::process_if_requested(JavaThread*, bool, bool) src/hotspot/share/runtime/safepointMechanism.inline.hpp:90
#5 0x7fa6d0ed624c in ThreadBlockInVMPreprocess<void (JavaThread*)>::~ThreadBlockInVMPreprocess() src/hotspot/share/runtime/interfaceSupport.inline.hpp:218
#6 0x7fa6d0ed624c in ThreadBlockInVMPreprocess<void (JavaThread*)>::~ThreadBlockInVMPreprocess() src/hotspot/share/runtime/interfaceSupport.inline.hpp:211
#7 0x7fa6d0ed624c in ThreadBlockInVM::~ThreadBlockInVM() src/hotspot/share/runtime/interfaceSupport.inline.hpp:223
#8 0x7fa6d0ed624c in ServiceThread::service_thread_entry(JavaThread*, JavaThread*) src/hotspot/share/runtime/serviceThread.cpp:128
#9 0x7fa6cfc22e92 in JavaThread::thread_main_inner() src/hotspot/share/runtime/javaThread.cpp:773
#10 0x7fa6cfc37faf in JavaThread::thread_main_inner() src/hotspot/share/runtime/javaThread.cpp:753
#11 0x7fa6cfc37faf in JavaThread::run() src/hotspot/share/runtime/javaThread.cpp:758
#12 0x7fa6d172101f in Thread::call_run() src/hotspot/share/runtime/thread.cpp:243
#13 0x7fa6d0bb69b2 in thread_native_entry src/hotspot/os/linux/os_linux.cpp:868
#14 0x7fa6d585eff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#15 0x7fa6d54a6f6b in start_thread (/lib64/libc.so.6+0xa6f6b) (BuildId: 8cd6cc55dddb025d49c90d45e7ace66d04f55c4a)
#16 0x7fa6d552e337 in clone3 (/lib64/libc.so.6+0x12e337) (BuildId: 8cd6cc55dddb025d49c90d45e7ace66d04f55c4a)
0x508000004070 is located 80 bytes inside of 96-byte region [0x508000004020,0x508000004080)
freed by thread T1 here:
#0 0x7fa6d58f5f58 (/usr/lib64/libasan.so.8+0xf5f58) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x7fa6d0bde82f in CHeapObjBase::operator delete(void*) src/hotspot/share/memory/allocation.hpp:172
#2 0x7fa6d0bde82f in defaultStream::~defaultStream() src/hotspot/share/utilities/defaultStream.hpp:60
#3 0x7fa6d0bde82f in ostream_exit() src/hotspot/share/utilities/ostream.cpp:995
#4 0x7fa6d175e621 in Threads::destroy_vm() src/hotspot/share/runtime/threads.cpp:1029
#5 0x7fa6cfe8e4c3 in jni_DestroyJavaVM_inner src/hotspot/share/prims/jni.cpp:3741
#6 0x7fa6cfe8e4c3 in jni_DestroyJavaVM src/hotspot/share/prims/jni.cpp:3753
#7 0x7fa6d5f58bba in JavaMain src/java.base/share/native/libjli/java.c:668
#8 0x7fa6d5f60fd8 in ThreadJavaMain src/java.base/unix/native/libjli/java_md.c:646
#9 0x7fa6d585eff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
previously allocated by thread T1 here:
#0 0x7fa6d58f72b7 in malloc (/usr/lib64/libasan.so.8+0xf72b7) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x7fa6d0ad674e in permit_forbidden_function::malloc(unsigned long) src/hotspot/share/utilities/permitForbiddenFunctions.hpp:63
#2 0x7fa6d0ad674e in raw_malloc src/hotspot/share/nmt/nmtPreInit.cpp:36
#3 0x7fa6d0ad674e in raw_checked_malloc src/hotspot/share/nmt/nmtPreInit.cpp:45
#4 0x7fa6d0ad674e in NMTPreInitAllocation::do_alloc(unsigned long) src/hotspot/share/nmt/nmtPreInit.cpp:71
#5 0x7fa6d0b9bd9f in NMTPreInit::handle_malloc(void**, unsigned long) src/hotspot/share/nmt/nmtPreInit.hpp:274
#6 0x7fa6d0b9bd9f in os::malloc(unsigned long, MemTag, NativeCallStack const&) src/hotspot/share/runtime/os.cpp:634
#7 0x7fa6ce519f2b in AllocateHeap(unsigned long, MemTag, NativeCallStack const&, AllocFailStrategy::AllocFailEnum) src/hotspot/share/memory/allocation.cpp:40
#8 0x7fa6ce519f2b in AllocateHeap(unsigned long, MemTag, AllocFailStrategy::AllocFailEnum) src/hotspot/share/memory/allocation.cpp:50
#9 0x7fa6d0bde3a4 in CHeapObjBase::operator new(unsigned long, MemTag) src/hotspot/share/memory/allocation.hpp:127
#10 0x7fa6d0bde3a4 in ostream_init() src/hotspot/share/utilities/ostream.cpp:960
#11 0x7fa6d175b1bb in Threads::create_vm(JavaVMInitArgs*, bool*) src/hotspot/share/runtime/threads.cpp:454
#12 0x7fa6cfe9f868 in JNI_CreateJavaVM_inner src/hotspot/share/prims/jni.cpp:3589
#13 0x7fa6cfe9f868 in JNI_CreateJavaVM src/hotspot/share/prims/jni.cpp:3680
#14 0x7fa6d5f587b3 in InitializeJVM src/java.base/share/native/libjli/java.c:1506
#15 0x7fa6d5f587b3 in JavaMain src/java.base/share/native/libjli/java.c:494
#16 0x7fa6d5f60fd8 in ThreadJavaMain src/java.base/unix/native/libjli/java_md.c:646
#17 0x7fa6d585eff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
Thread T11 created by T1 here:
#0 0x7fa6d58ef191 in pthread_create (/usr/lib64/libasan.so.8+0xef191) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x7fa6d0bb9c40 in os::create_thread(Thread*, os::ThreadType, unsigned long) src/hotspot/os/linux/os_linux.cpp:1061
#2 0x7fa6d0ed69cd in ServiceThread::ServiceThread(void (*)(JavaThread*, JavaThread*)) src/hotspot/share/runtime/serviceThread.hpp:44
#3 0x7fa6d0ed69cd in ServiceThread::initialize() src/hotspot/share/runtime/serviceThread.cpp:61
#4 0x7fa6d175bf7c in Threads::create_vm(JavaVMInitArgs*, bool*) src/hotspot/share/runtime/threads.cpp:741
#5 0x7fa6cfe9f868 in JNI_CreateJavaVM_inner src/hotspot/share/prims/jni.cpp:3589
#6 0x7fa6cfe9f868 in JNI_CreateJavaVM src/hotspot/share/prims/jni.cpp:3680
#7 0x7fa6d5f587b3 in InitializeJVM src/java.base/share/native/libjli/java.c:1506
#8 0x7fa6d5f587b3 in JavaMain src/java.base/share/native/libjli/java.c:494
#9 0x7fa6d5f60fd8 in ThreadJavaMain src/java.base/unix/native/libjli/java_md.c:646
#10 0x7fa6d585eff5 (/usr/lib64/libasan.so.8+0x5eff5) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
Thread T1 created by T0 here:
#0 0x7fa6d58ef191 in pthread_create (/usr/lib64/libasan.so.8+0xef191) (BuildId: 4ee117fa2a132af1da9f17a0a5fe1f888398d50f)
#1 0x7fa6d5f62928 in CallJavaMainInNewThread src/java.base/unix/native/libjli/java_md.c:687
#2 0x7fa6d5f5e580 in ContinueInNewThread src/java.base/share/native/libjli/java.c:2340
#3 0x7fa6d5f5fedd in JLI_Launch src/java.base/share/native/libjli/java.c:330
#4 0x5581dc19d0fc in main src/java.base/share/native/launcher/main.c:150
#5 0x7fa6d5440e6b in __libc_start_call_main (/lib64/libc.so.6+0x40e6b) (BuildId: 8cd6cc55dddb025d49c90d45e7ace66d04f55c4a)
SUMMARY: AddressSanitizer: heap-use-after-free src/hotspot/share/utilities/defaultStream.hpp:93 in defaultStream::writer()
Shadow bytes around the buggy address:
0x508000003d80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x508000003e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x508000003e80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x508000003f00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x508000003f80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x508000004000: fa fa fa fa fd fd fd fd fd fd fd fd fd fd[fd]fd
0x508000004080: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 03 fa
0x508000004100: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 03 fa
0x508000004180: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 05 fa
0x508000004200: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 05 fa
0x508000004280: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==5875==ABORTING
]