Bug 2217724
| Summary: | SEGV in G1ParScanThreadState::copy_to_survivor_space on java 11 | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | kazuhiro kawana <kkawana> |
| Component: | java-11-openjdk | Assignee: | Thomas Stuefe <tstuefe> |
| Status: | CLOSED NOTABUG | QA Contact: | OpenJDK QA <java-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 8.2 | CC: | ahughes, myoshida, tstuefe |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-08-17 12:35:03 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
### Description of problem: Crashed twice on the same server. The customer has not installed or updated any packages on this system. The 1st crash (2023-05-25-15.06.23) stack trace of thread 1 causing crash ...snip... #8 <signal handler called> #9 0x00007f74ad4bf19c in markOopDesc::age (this=<error reading variable: Cannot access memory at address 0x0>) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/utilities/globalDefinitions.hpp:1040 #10 G1ParScanThreadState::next_state (age=<synthetic pointer>: <optimized out>, m=0x0, state=..., this=0x7f73d40011c0) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1ParScanThreadState.cpp:192 #11 G1ParScanThreadState::copy_to_survivor_space (this=this@entry=0x7f73d40011c0, state=..., old=0x797fef830, old_mark=0x0) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1ParScanThreadState.cpp:225 <--------*** #12 0x00007f74ad480218 in G1ParScanThreadState::do_oop_evac<unsigned int> (p=0x766222c80, this=0x7f73d40011c0) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/oops/objArrayKlass.inline.hpp:65 #13 G1ParScanThreadState::deal_with_reference (ref_to_scan=0x766222c80, this=0x7f73d40011c0) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1ParScanThreadState.inline.hpp:129 #14 G1ParScanThreadState::dispatch_reference (ref=..., this=0x7f73d40011c0) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1ParScanThreadState.inline.hpp:135 #15 G1ParScanThreadState::steal_and_trim_queue (task_queues=0x7f74a8031660, this=0x7f73d40011c0) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1ParScanThreadState.inline.hpp:145 #16 G1ParEvacuateFollowersClosure::do_void (this=this@entry=0x7f7468ba0d80) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1CollectedHeap.cpp:3134 #17 0x00007f74ad485369 in G1ParTask::work (this=0x7f747c3df320, worker_id=5) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1CollectedHeap.cpp:3190 ...snip... The 2nd crash (2023-06-12-14.50.17) stack trace of thread 1 causing crash ...snip... #22 <signal handler called> #23 oopDesc::size_given_klass (klass=0xbcbe91ee8, this=0x7c159c6f0) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/oops/oop.inline.hpp:209 #24 oopDesc::size (this=0x7c159c6f0) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/oops/oop.inline.hpp:205 #25 G1ParScanThreadState::copy_to_survivor_space (this=this@entry=0x7feb1c000db0, state=..., old=0x7c159c6f0, old_mark=0x396a40) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1ParScanThreadState.cpp:217 <--------*** #26 0x00007febcbae7a38 in G1ParScanThreadState::do_oop_evac<unsigned int> (p=0x76c4028dc, this=0x7feb1c000db0) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/ptrQueue.hpp:143 #27 G1ParScanThreadState::deal_with_reference (ref_to_scan=0x76c4028dc, this=0x7feb1c000db0) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1ParScanThreadState.inline.hpp:129 #28 G1ParScanThreadState::dispatch_reference (ref=..., this=0x7feb1c000db0) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1ParScanThreadState.inline.hpp:135 #29 G1ParScanThreadState::trim_queue_to_threshold (threshold=<optimized out>, this=<optimized out>) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1ParScanThreadState.inline.hpp:172 #30 G1ParScanThreadState::trim_queue_partially (this=0x7feb1c000db0) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1ParScanThreadState.inline.hpp:183 #31 0x00007febcb91a7ba in ClassLoaderData::ChunkedHandleList::oops_do_chunk (this=<optimized out>, size=<optimized out>, c=0x7fea70208680, f=0x7feb1c001128) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/classfile/classLoaderData.cpp:221 #32 ClassLoaderData::ChunkedHandleList::oops_do (this=<optimized out>, f=0x7feb1c001128) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/classfile/classLoaderData.cpp:230 #33 0x00007febcbae7019 in G1CLDScanClosure::do_cld (this=0x7feb1c001158, cld=<optimized out>) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1OopClosures.cpp:55 #34 0x00007febcb91cfc1 in ClassLoaderDataGraph::roots_cld_do (strong=0x7feb1c001158, weak=weak@entry=0x7feb1c001158) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/classfile/classLoaderData.cpp:1135 #35 0x00007febcbb037a8 in G1RootProcessor::process_java_roots (this=0x7feb961e6250, closures=0x7feb1c0010f0, phase_times=0x7febc402bdc0, worker_i=1) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1RootProcessor.cpp:229 #36 0x00007febcbb03dbb in G1RootProcessor::evacuate_roots (this=0x7feb961e6250, pss=pss@entry=0x7feb1c000db0, worker_i=worker_i@entry=1) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1RootProcessor.cpp:85 #37 0x00007febcbab02f0 in G1ParTask::work (this=0x7feb961e6320, worker_id=1) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1CollectedHeap.cpp:3175 ...snip... ### Version-Release number of selected component (if applicable): java-11-openjdk-devel-11.0.11.0.9-2.el8_4.x86_64 Tue Jul 6 18:19:36 2021 java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64 Tue Jul 6 18:19:36 2021 java-11-openjdk-headless-11.0.11.0.9-2.el8_4.x86_64 Tue Jul 6 18:19:35 2021 ### How reproducible: Sometimes ### Steps to Reproduce: N/A ### Expected results: Do not SEGV.