P3
#
# A fatal error has been detected by the Java Runtime Environment:
#
# Internal Error (/home/peter/Documents/Programming/jdk21u/src/hotspot/share/oops/constantPool.hpp:442), pid=25890, tid=25891
# assert(tag_at(which).is_utf8()) failed: Corrupted constant pool
#
# JRE version: OpenJDK Runtime Environment (21.0.10) (slowdebug build 21.0.10-internal-adhoc.peter.jdk21u)
# Java VM: OpenJDK 64-Bit Server VM (slowdebug 21.0.10-internal-adhoc.peter.jdk21u, mixed mode, sharing, tiered, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# V [libjvm.so+0x6bfd8e] ConstantPool::symbol_at(int) const+0x5c
#
# Core dump will be written. Default location: Core dumps may be processed with "/bin/false" (or dumping to /home/peter/Documents/Programming/debugging-with-peter/Java/record-reproducer/segfault-reproducer/tmp/core.25890)
#
# An error report file with more information is saved as:
# /home/peter/Documents/Programming/debugging-with-peter/Java/record-reproducer/segfault-reproducer/tmp/hs_err_pid25890.log
#
# If you would like to submit a bug report, please visit:
# https://bugreport.java.com/bugreport/crash.jsp
#
Here is the stack trace:
V [libjvm.so+0x6bfd8e] ConstantPool::symbol_at(int) const+0x5c (constantPool.hpp:442)
V [libjvm.so+0x7d26ca] FieldInfo::signature(ConstantPool*) const+0x56 (fieldInfo.inline.hpp:48)
V [libjvm.so+0xa01201] FieldStreamBase::signature() const+0x37 (fieldStreams.hpp:98)
V [libjvm.so+0xcdec18] InstanceKlass::find_local_field(Symbol*, Symbol*, fieldDescriptor*) const+0x82 (instanceKlass.cpp:1650)
V [libjvm.so+0xcdee7e] InstanceKlass::find_field(Symbol*, Symbol*, fieldDescriptor*) const+0x30 (instanceKlass.cpp:1682)
V [libjvm.so+0x102ea44] LinkResolver::resolve_field(fieldDescriptor&, LinkInfo const&, Bytecodes::Code, bool, JavaThread*)+0x1c6 (linkResolver.cpp:974)
V [libjvm.so+0x102e84a] LinkResolver::resolve_field_access(fieldDescriptor&, constantPoolHandle const&, int, methodHandle const&, Bytecodes::Code, JavaThread*)+0x7a (linkResolver.cpp:954)
V [libjvm.so+0xd0af6a] InterpreterRuntime::resolve_get_put(JavaThread*, Bytecodes::Code)+0x170 (interpreterRuntime.cpp:670)
V [libjvm.so+0xd0cd78] InterpreterRuntime::resolve_from_cache(JavaThread*, Bytecodes::Code)+0xec (interpreterRuntime.cpp:979)
j DynamicAttachTest$MyRecord.<init>(Ljava/lang/String;)V+6
j DynamicAttachTest.main([Ljava/lang/String;)V+55
v ~StubRoutines::call_stub 0x00007f059325fd21
V [libjvm.so+0xd1c54c] JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*)+0x606 (javaCalls.cpp:415)
V [libjvm.so+0x121f270] os::os_exception_wrapper(void (*)(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*), JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*)+0x32 (os_linux.cpp:5053)
V [libjvm.so+0xd1bf42] JavaCalls::call(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*)+0x3a (javaCalls.cpp:329)
V [libjvm.so+0xdf0d0a] jni_invoke_static(JNIEnv_*, JavaValue*, _jobject*, JNICallType, _jmethodID*, JNI_ArgumentPusher*, JavaThread*)+0x1a2 (jni.cpp:888)
V [libjvm.so+0xdfe477] jni_CallStaticVoidMethod+0x1da (jni.cpp:1717)
C [libjli.so+0x5108] JavaMain+0xfc9 (java.c:560)
C [libjli.so+0xb89b] ThreadJavaMain+0x27 (java_md.c:642)
In a product build:
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00007fabbdc02ad0, pid=29589, tid=29590
#
# JRE version: OpenJDK Runtime Environment Corretto-17.0.17.10.1 (17.0.17+10) (build 17.0.17+10-LTS)
# Java VM: OpenJDK 64-Bit Server VM Corretto-17.0.17.10.1 (17.0.17+10-LTS, mixed mode, sharing, tiered, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# V [libjvm.so+0xe02ad0] ResolvingSignatureStream::ResolvingSignatureStream(Symbol*, Handle, Handle, bool)+0x20
#
To reproduce:
Define a record class with at least one annotated field.
Load it normally.
Use an agent or instrumentation code (e.g., ASM) to retransfrom the class:
ClassReader reader = new ClassReader(classfileBuffer);
// BUG: Not passing reader
ClassWriter writer = new ClassWriter(ClassWriter.COMPUTE_MAXS);
reader.accept(writer, 0);
return writer.toByteArray();
This triggers an exception:
>>> Transformer installed, scanning for loaded classes...
>>> Retransforming already-loaded: DynamicAttachTest$MyRecord
>>> Transforming: DynamicAttachTest$MyRecord retransform=true
java.lang.NoSuchFieldError: foo
at DynamicAttachTest$MyRecord.<init>(DynamicAttachTest.java:12)
at DynamicAttachTest.main(DynamicAttachTest.java:30)
and the JVM crashes with a segmentation fault during the redefinition process. (If you pass the reader to the writer the bug is bypassed.)
See attachments.
During class redefinition, the JVM returns an error when trying to merge constant pools, but somehow doesn't handle it.
In merge_cp_and_rewrite function in `src/hotspot/share/prims/jvmtiRedefineClasses.cpp` the execution runs into this if-statement and returns the error `JVMTI_ERROR_INTERNAL`:
if (!rewrite_cp_refs(scratch_class)) {
return JVMTI_ERROR_INTERNAL;
}
But now `load_new_class_versions()` doesn't check the return value `res`:
res = merge_cp_and_rewrite(the_class, scratch_class, THREAD);
if (HAS_PENDING_EXCEPTION) {
Symbol* ex_name = PENDING_EXCEPTION->klass()->name();
log_info(redefine, class, load, exceptions)("merge_cp_and_rewrite exception: '%s'", ex_name->as_C_string());
CLEAR_PENDING_EXCEPTION;
if (ex_name == vmSymbols::java_lang_OutOfMemoryError()) {
return JVMTI_ERROR_OUT_OF_MEMORY;
} else {
return JVMTI_ERROR_INTERNAL;
}
}
...
// res is never checked before the function end
# A fatal error has been detected by the Java Runtime Environment:
#
# Internal Error (/home/peter/Documents/Programming/jdk21u/src/hotspot/share/oops/constantPool.hpp:442), pid=25890, tid=25891
# assert(tag_at(which).is_utf8()) failed: Corrupted constant pool
#
# JRE version: OpenJDK Runtime Environment (21.0.10) (slowdebug build 21.0.10-internal-adhoc.peter.jdk21u)
# Java VM: OpenJDK 64-Bit Server VM (slowdebug 21.0.10-internal-adhoc.peter.jdk21u, mixed mode, sharing, tiered, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# V [libjvm.so+0x6bfd8e] ConstantPool::symbol_at(int) const+0x5c
#
# Core dump will be written. Default location: Core dumps may be processed with "/bin/false" (or dumping to /home/peter/Documents/Programming/debugging-with-peter/Java/record-reproducer/segfault-reproducer/tmp/core.25890)
#
# An error report file with more information is saved as:
# /home/peter/Documents/Programming/debugging-with-peter/Java/record-reproducer/segfault-reproducer/tmp/hs_err_pid25890.log
#
# If you would like to submit a bug report, please visit:
# https://bugreport.java.com/bugreport/crash.jsp
#
Here is the stack trace:
V [libjvm.so+0x6bfd8e] ConstantPool::symbol_at(int) const+0x5c (constantPool.hpp:442)
V [libjvm.so+0x7d26ca] FieldInfo::signature(ConstantPool*) const+0x56 (fieldInfo.inline.hpp:48)
V [libjvm.so+0xa01201] FieldStreamBase::signature() const+0x37 (fieldStreams.hpp:98)
V [libjvm.so+0xcdec18] InstanceKlass::find_local_field(Symbol*, Symbol*, fieldDescriptor*) const+0x82 (instanceKlass.cpp:1650)
V [libjvm.so+0xcdee7e] InstanceKlass::find_field(Symbol*, Symbol*, fieldDescriptor*) const+0x30 (instanceKlass.cpp:1682)
V [libjvm.so+0x102ea44] LinkResolver::resolve_field(fieldDescriptor&, LinkInfo const&, Bytecodes::Code, bool, JavaThread*)+0x1c6 (linkResolver.cpp:974)
V [libjvm.so+0x102e84a] LinkResolver::resolve_field_access(fieldDescriptor&, constantPoolHandle const&, int, methodHandle const&, Bytecodes::Code, JavaThread*)+0x7a (linkResolver.cpp:954)
V [libjvm.so+0xd0af6a] InterpreterRuntime::resolve_get_put(JavaThread*, Bytecodes::Code)+0x170 (interpreterRuntime.cpp:670)
V [libjvm.so+0xd0cd78] InterpreterRuntime::resolve_from_cache(JavaThread*, Bytecodes::Code)+0xec (interpreterRuntime.cpp:979)
j DynamicAttachTest$MyRecord.<init>(Ljava/lang/String;)V+6
j DynamicAttachTest.main([Ljava/lang/String;)V+55
v ~StubRoutines::call_stub 0x00007f059325fd21
V [libjvm.so+0xd1c54c] JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*)+0x606 (javaCalls.cpp:415)
V [libjvm.so+0x121f270] os::os_exception_wrapper(void (*)(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*), JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*)+0x32 (os_linux.cpp:5053)
V [libjvm.so+0xd1bf42] JavaCalls::call(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*)+0x3a (javaCalls.cpp:329)
V [libjvm.so+0xdf0d0a] jni_invoke_static(JNIEnv_*, JavaValue*, _jobject*, JNICallType, _jmethodID*, JNI_ArgumentPusher*, JavaThread*)+0x1a2 (jni.cpp:888)
V [libjvm.so+0xdfe477] jni_CallStaticVoidMethod+0x1da (jni.cpp:1717)
C [libjli.so+0x5108] JavaMain+0xfc9 (java.c:560)
C [libjli.so+0xb89b] ThreadJavaMain+0x27 (java_md.c:642)
In a product build:
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00007fabbdc02ad0, pid=29589, tid=29590
#
# JRE version: OpenJDK Runtime Environment Corretto-17.0.17.10.1 (17.0.17+10) (build 17.0.17+10-LTS)
# Java VM: OpenJDK 64-Bit Server VM Corretto-17.0.17.10.1 (17.0.17+10-LTS, mixed mode, sharing, tiered, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# V [libjvm.so+0xe02ad0] ResolvingSignatureStream::ResolvingSignatureStream(Symbol*, Handle, Handle, bool)+0x20
#
To reproduce:
Define a record class with at least one annotated field.
Load it normally.
Use an agent or instrumentation code (e.g., ASM) to retransfrom the class:
ClassReader reader = new ClassReader(classfileBuffer);
// BUG: Not passing reader
ClassWriter writer = new ClassWriter(ClassWriter.COMPUTE_MAXS);
reader.accept(writer, 0);
return writer.toByteArray();
This triggers an exception:
>>> Transformer installed, scanning for loaded classes...
>>> Retransforming already-loaded: DynamicAttachTest$MyRecord
>>> Transforming: DynamicAttachTest$MyRecord retransform=true
java.lang.NoSuchFieldError: foo
at DynamicAttachTest$MyRecord.<init>(DynamicAttachTest.java:12)
at DynamicAttachTest.main(DynamicAttachTest.java:30)
and the JVM crashes with a segmentation fault during the redefinition process. (If you pass the reader to the writer the bug is bypassed.)
See attachments.
During class redefinition, the JVM returns an error when trying to merge constant pools, but somehow doesn't handle it.
In merge_cp_and_rewrite function in `src/hotspot/share/prims/jvmtiRedefineClasses.cpp` the execution runs into this if-statement and returns the error `JVMTI_ERROR_INTERNAL`:
if (!rewrite_cp_refs(scratch_class)) {
return JVMTI_ERROR_INTERNAL;
}
But now `load_new_class_versions()` doesn't check the return value `res`:
res = merge_cp_and_rewrite(the_class, scratch_class, THREAD);
if (HAS_PENDING_EXCEPTION) {
Symbol* ex_name = PENDING_EXCEPTION->klass()->name();
log_info(redefine, class, load, exceptions)("merge_cp_and_rewrite exception: '%s'", ex_name->as_C_string());
CLEAR_PENDING_EXCEPTION;
if (ex_name == vmSymbols::java_lang_OutOfMemoryError()) {
return JVMTI_ERROR_OUT_OF_MEMORY;
} else {
return JVMTI_ERROR_INTERNAL;
}
}
...
// res is never checked before the function end
- duplicates
-
JDK-8376185 NoSuchFieldError thrown after a record with type annotation retransformed
-
- Open
-