2217724 – SEGV in G1ParScanThreadState::copy_to_survivor_space on java 11

Bug 2217724 - SEGV in G1ParScanThreadState::copy_to_survivor_space on java 11

Summary: SEGV in G1ParScanThreadState::copy_to_survivor_space on java 11

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	java-11-openjdk
Sub Component:
Version:	8.2
Hardware:	x86_64
OS:	Linux
Priority:	urgent
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Thomas Stuefe
QA Contact:	OpenJDK QA
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-06-27 02:53 UTC by kazuhiro kawana
Modified:	2023-08-17 12:35 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-08-17 12:35:03 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-160854	0	None	None	None	2023-06-27 02:54:01 UTC

Description kazuhiro kawana 2023-06-27 02:53:02 UTC

### Description of problem:

Crashed twice on the same server.
The customer has not installed or updated any packages on this system.

The 1st crash (2023-05-25-15.06.23) stack trace of thread 1 causing crash
...snip...
#8 <signal handler called>
#9 0x00007f74ad4bf19c in markOopDesc::age (this=<error reading variable: Cannot access memory at address 0x0>) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/utilities/globalDefinitions.hpp:1040
#10 G1ParScanThreadState::next_state (age=<synthetic pointer>: <optimized out>, m=0x0, state=..., this=0x7f73d40011c0) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1ParScanThreadState.cpp:192
#11 G1ParScanThreadState::copy_to_survivor_space (this=this@entry=0x7f73d40011c0, state=..., old=0x797fef830, old_mark=0x0) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1ParScanThreadState.cpp:225 <--------***
#12 0x00007f74ad480218 in G1ParScanThreadState::do_oop_evac<unsigned int> (p=0x766222c80, this=0x7f73d40011c0) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/oops/objArrayKlass.inline.hpp:65
#13 G1ParScanThreadState::deal_with_reference (ref_to_scan=0x766222c80, this=0x7f73d40011c0) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1ParScanThreadState.inline.hpp:129
#14 G1ParScanThreadState::dispatch_reference (ref=..., this=0x7f73d40011c0) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1ParScanThreadState.inline.hpp:135
#15 G1ParScanThreadState::steal_and_trim_queue (task_queues=0x7f74a8031660, this=0x7f73d40011c0) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1ParScanThreadState.inline.hpp:145
#16 G1ParEvacuateFollowersClosure::do_void (this=this@entry=0x7f7468ba0d80) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1CollectedHeap.cpp:3134
#17 0x00007f74ad485369 in G1ParTask::work (this=0x7f747c3df320, worker_id=5) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1CollectedHeap.cpp:3190
...snip...

The 2nd crash (2023-06-12-14.50.17) stack trace of thread 1 causing crash
...snip...
#22 <signal handler called>
#23 oopDesc::size_given_klass (klass=0xbcbe91ee8, this=0x7c159c6f0) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/oops/oop.inline.hpp:209
#24 oopDesc::size (this=0x7c159c6f0) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/oops/oop.inline.hpp:205
#25 G1ParScanThreadState::copy_to_survivor_space (this=this@entry=0x7feb1c000db0, state=..., old=0x7c159c6f0, old_mark=0x396a40)
    at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1ParScanThreadState.cpp:217  <--------***
#26 0x00007febcbae7a38 in G1ParScanThreadState::do_oop_evac<unsigned int> (p=0x76c4028dc, this=0x7feb1c000db0) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/ptrQueue.hpp:143
#27 G1ParScanThreadState::deal_with_reference (ref_to_scan=0x76c4028dc, this=0x7feb1c000db0)
    at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1ParScanThreadState.inline.hpp:129
#28 G1ParScanThreadState::dispatch_reference (ref=..., this=0x7feb1c000db0) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1ParScanThreadState.inline.hpp:135
#29 G1ParScanThreadState::trim_queue_to_threshold (threshold=<optimized out>, this=<optimized out>)
    at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1ParScanThreadState.inline.hpp:172
#30 G1ParScanThreadState::trim_queue_partially (this=0x7feb1c000db0) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1ParScanThreadState.inline.hpp:183
#31 0x00007febcb91a7ba in ClassLoaderData::ChunkedHandleList::oops_do_chunk (this=<optimized out>, size=<optimized out>, c=0x7fea70208680, f=0x7feb1c001128)
    at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/classfile/classLoaderData.cpp:221
#32 ClassLoaderData::ChunkedHandleList::oops_do (this=<optimized out>, f=0x7feb1c001128) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/classfile/classLoaderData.cpp:230
#33 0x00007febcbae7019 in G1CLDScanClosure::do_cld (this=0x7feb1c001158, cld=<optimized out>) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1OopClosures.cpp:55
#34 0x00007febcb91cfc1 in ClassLoaderDataGraph::roots_cld_do (strong=0x7feb1c001158, weak=weak@entry=0x7feb1c001158)
    at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/classfile/classLoaderData.cpp:1135
#35 0x00007febcbb037a8 in G1RootProcessor::process_java_roots (this=0x7feb961e6250, closures=0x7feb1c0010f0, phase_times=0x7febc402bdc0, worker_i=1)
    at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1RootProcessor.cpp:229
#36 0x00007febcbb03dbb in G1RootProcessor::evacuate_roots (this=0x7feb961e6250, pss=pss@entry=0x7feb1c000db0, worker_i=worker_i@entry=1)
    at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1RootProcessor.cpp:85
#37 0x00007febcbab02f0 in G1ParTask::work (this=0x7feb961e6320, worker_id=1) at /usr/src/debug/java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64/openjdk/src/hotspot/share/gc/g1/g1CollectedHeap.cpp:3175
...snip...

### Version-Release number of selected component (if applicable):

java-11-openjdk-devel-11.0.11.0.9-2.el8_4.x86_64 Tue Jul 6 18:19:36 2021
java-11-openjdk-11.0.11.0.9-2.el8_4.x86_64 Tue Jul 6 18:19:36 2021
java-11-openjdk-headless-11.0.11.0.9-2.el8_4.x86_64 Tue Jul 6 18:19:35 2021

### How reproducible:

Sometimes

### Steps to Reproduce:

N/A

### Expected results:

Do not SEGV.

Note You need to log in before you can comment on or make changes to this bug.