Bug ID: 7021322 assert(object_end <= top()) failed: Object crosses promotion LAB boundary

7021322 : assert(object_end <= top()) failed: Object crosses promotion LAB boundary

Details

Type:	Bug	Submit Date:	2011-02-22
Status:	Closed	Updated Date:	2012-01-23
Project Name:	JDK	Resolved Date:	2012-01-23
Component:	hotspot	OS:	generic
Sub-Component:	gc	CPU:	generic
Priority:	P3
Resolution:	Fixed
Affected Versions:	hs21
Fixed Versions:	hs23

Related Reports

Backport:	JDK-2219687 - assert(object_end <= top()) failed: Object crosses promotion LAB boundary
Backport:	JDK-2219675 - assert(object_end <= top()) failed: Object crosses promotion LAB boundary

Sub Tasks

Description

Application crashes after 31 hours:

# A fatal error has been detected by the Java Runtime Environment:
#
#  Internal Error (/HUDSON/workspace/jdk7-2-build-linux-amd64-product/jdk7/hotspot/src/share/vm/gc_implementation/parallelScavenge/psPromotionLAB.cpp:110), pid=17435, tid=139923979380480
#  assert(object_end <= top()) failed: Object crosses promotion LAB boundary
#
# JRE version: 7.0-b129
# Java VM: Java HotSpot(TM) 64-Bit Server VM (21.0-b01-fastdebug mixed mode linux-amd64 )


Current thread (0x00000000022f8800):  GCTaskThread [stack: 0x00007f4297062000,0x00007f4297163000] [id=17451]

Stack: [0x00007f4297062000,0x00007f4297163000],  sp=0x00007f4297161520,  free space=1021k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0xbb399c]  VMError::report(outputStream*)+0x131c;;  VMError::report(outputStream*)+0x131c
V  [libjvm.so+0xbb3de2]  VMError::report_and_die()+0x2d2;;  VMError::report_and_die()+0x2d2
V  [libjvm.so+0x5bc714]  report_vm_error(char const*, int, char const*, char const*)+0x84;;  report_vm_error(char const*, int, char const*, char const*)+0x84
V  [libjvm.so+0xa5271f]  PSPromotionLAB::unallocate_object(oopDesc*)+0x1ef;;  PSPromotionLAB::unallocate_object(oopDesc*)+0x1ef
V  [libjvm.so+0xa55f33]  PSPromotionManager::copy_to_survivor_space(oopDesc*)+0x9d3;;  PSPromotionManager::copy_to_survivor_space(oopDesc*)+0x9d3
V  [libjvm.so+0xa5d785]  StealTask::do_it(GCTaskManager*, unsigned int)+0x415;;  StealTask::do_it(GCTaskManager*, unsigned int)+0x415
V  [libjvm.so+0x68c969]  GCTaskThread::run()+0x1b9;;  GCTaskThread::run()+0x1b9
V  [libjvm.so+0x9cd330]  java_start(Thread*)+0xf0;;  java_start(Thread*)+0xf0

Comments

EVALUATION

http://hg.openjdk.java.net/hsx/hotspot-gc/hotspot/rev/c63b928b212b

2011-10-05

EVALUATION

The problem seems to be the following:

Two threads compete to copy an array. Both will copy the object, but only one will manage to write the forwarding pointer. The failing thread will unallocate the newly allocated object.

The bug happens because we rewrite the old object's array length as a way to do load balancing (See: PSPromotionManager::process_array_chunk). The second thread will see the smaller size when allocating memory for the object, but the original size when unallocating.

I'm in the process of verifying this, and if this is the case, the easy way to fix this should be to pass the size used when allocating the memory to unallocate_object.

2011-09-12

SELECT A COUNTRY/REGION
Africa Operation Argentina Australia Austria Bahrain Bangladesh Belgium & Luxembourg Belize Bhutan Bolivia Bosnia & Herzegovina Brasil Brunei Bulgaria Cambodia Canada - English Canada - French Chile China Colombia	Costa Rica Croatia Cyprus Czech Republic Denmark Ecuador Egypt Estonia Finland France Germany Greece Guatemala Honduras Hong Kong Hungary India Indonesia Iraq Ireland	Israel Italy Japan Jordan Kazakhstan Korea Kuwait Laos Latvia Lebanon Lithuania Malaysia Maldives Malta Mexico Moldova Nepal Netherlands New Zealand Nicaragua	Norway Oman Pakistan Panama Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Saudi Arabia Serbia & Montenegro Singapore Slovakia Slovenia South Africa Spain	Sri Lanka Sweden Switzerland -- French Switzerland -- German Taiwan Thailand Turkey Ukraine United Arab Emirates United Kingdom United States Uruguay Venezuela Vietnam Yemen

Hardware and Software, Engineered to Work Together