-
Bug
-
Resolution: Unresolved
-
P4
-
25
-
None
-
Fix Understood
-
generic
-
linux
When doing a scoped memory access, for instance using the MemorySegment API, it is possible to access a memory mapped file that has been truncated, resulting in a segmentation fault. The VM's signal handler will turn this fault into an InternalError using a handshake operation that calls back into Java to call the InternalError constructor. This constructor will bottom out in the constructor of Throwable, which calls JFR tracing code. All of this adds more Java frames to the stack during the original @Scoped method call.
If at this point a shared arena is closed in another thread, the shared scoped closure handshake that runs may not see the faulting thread is inside a thread. On debug builds, this triggers an assertion:
#
# A fatal error has been detected by the Java Runtime Environment:
#
# Internal Error (/home/jvernee/ws/openjdk/jdk/open/src/hotspot/share/prims/scopedMemoryAccess.cpp:63), pid=2258337, tid=2258338
# assert(depth < max_critical_stack_depth) failed: can't have more than 10 critical frames
#
# JRE version: OpenJDK Runtime Environment (26.0) (fastdebug build 26-internal-2025-10-13-1257562.jvernee...)
# Java VM: OpenJDK 64-Bit Server VM (fastdebug 26-internal-2025-10-13-1257562.jvernee..., mixed mode, sharing, tiered, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# V [libjvm.so+0x1913262] bool for_scoped_method<is_accessing_session(JavaThread*, oop, bool&)::{lambda(vframeStream&)#1}>(JavaThread*, is_accessing_session(JavaThread*, oop, bool&)::{lambda(vframeStream&)#1} const&)+0x1892
#
# Core dump will be written. Default location: Core dumps may be processed with "/usr/share/apport/apport -p%p -s%s -c%c -d%d -P%P -u%u -g%g -F%F -- %E" (or dumping to /home/jvernee/ws/experiments/internal_error_shared_close/core.2258337)
#
# JFR recording file will be written. Location: /home/jvernee/ws/experiments/internal_error_shared_close/hs_err_pid2258337.jfr
#
# An error report file with more information is saved as:
# /home/jvernee/ws/experiments/internal_error_shared_close/hs_err_pid2258337.log
Locks owned:
Mutex: [0x00007f34f002ce60] HandshakeState_lock - owner: 0x00007f34f002c790 allow_vm_block nosafepoint
#
# If you would like to submit a bug report, please visit:
# https://bugreport.java.com/bugreport/crash.jsp
#
See the attached reproducer.
If at this point a shared arena is closed in another thread, the shared scoped closure handshake that runs may not see the faulting thread is inside a thread. On debug builds, this triggers an assertion:
#
# A fatal error has been detected by the Java Runtime Environment:
#
# Internal Error (/home/jvernee/ws/openjdk/jdk/open/src/hotspot/share/prims/scopedMemoryAccess.cpp:63), pid=2258337, tid=2258338
# assert(depth < max_critical_stack_depth) failed: can't have more than 10 critical frames
#
# JRE version: OpenJDK Runtime Environment (26.0) (fastdebug build 26-internal-2025-10-13-1257562.jvernee...)
# Java VM: OpenJDK 64-Bit Server VM (fastdebug 26-internal-2025-10-13-1257562.jvernee..., mixed mode, sharing, tiered, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# V [libjvm.so+0x1913262] bool for_scoped_method<is_accessing_session(JavaThread*, oop, bool&)::{lambda(vframeStream&)#1}>(JavaThread*, is_accessing_session(JavaThread*, oop, bool&)::{lambda(vframeStream&)#1} const&)+0x1892
#
# Core dump will be written. Default location: Core dumps may be processed with "/usr/share/apport/apport -p%p -s%s -c%c -d%d -P%P -u%u -g%g -F%F -- %E" (or dumping to /home/jvernee/ws/experiments/internal_error_shared_close/core.2258337)
#
# JFR recording file will be written. Location: /home/jvernee/ws/experiments/internal_error_shared_close/hs_err_pid2258337.jfr
#
# An error report file with more information is saved as:
# /home/jvernee/ws/experiments/internal_error_shared_close/hs_err_pid2258337.log
Locks owned:
Mutex: [0x00007f34f002ce60] HandshakeState_lock - owner: 0x00007f34f002c790 allow_vm_block nosafepoint
#
# If you would like to submit a bug report, please visit:
# https://bugreport.java.com/bugreport/crash.jsp
#
See the attached reproducer.