RFR: 8359366: RunThese30M.java EXCEPTION_ACCESS_VIOLATION in JvmtiBreakpoints::clearall_in_class_at_safepoint

Sun, 29 Jun 2025 10:43:07 -0700 

The segv/eav happens in the case if JvmtiBreakpoint::_method's class redefined 
old between getting the Method* from jmethodid in the 
JvmtiEnv::SetBreakpoint(Method* method, jlocation location) {..} and 
and actual setting breakpoint in the VM operation VM_ChangeBreakpoints.

Here are details:
The breakpoint is set in 2 steps.
1) method jvmti_SetBreakpoint(jvmtiEnv* env, jmethodID method,  jlocation 
location)  convert jmethodID to Method* and call 
 JvmtiEnv::SetBreakpoint(Method* method, jlocation location)
where 
  JvmtiBreakpoint bp(method, location);
is created with this Method* 
Note: it is done while thread is in VM state, so Method can't become is_old 
while this is done.
 
2) The VMOp is used to add breakpoint into the list 
 VM_ChangeBreakpoints set_breakpoint(VM_ChangeBreakpoints::SET_BREAKPOINT, &bp);
  VMThread::execute(&set_breakpoint);
to call  JvmtiBreakpoints::set_at_safepoint()
that can modify JvmtiBreakpoints list and set breakpoint in safepoint without 
synchronization.

So it might be possible that class redefinition  VM_RedefineClasses  operation 
that redefine the class with this breakpoint happens between steps 1) and 2)
VM_RedefineClasses::redefine_single_class()
clear all class-related breakpoints in the JvmtiBreakpoints, however the 
"problematic" breakpoint is in VMThread  queue and thus we are still continue 
to do this operation.
So in the step 2) the the JvmtiBreakpoint with 'is_old' method is added to the 
JvmtiBreakpoints and breakpoint is set.

Then old method mights be purged any time once  they are not on the stack and 
any access to this breakpoint could lead to usage of Metthod* _method pointing 
to deallocated metaspace.

The VM_RedefineClasses clear all breakpoints so it is correct just to don't 
proceed with current breakpoint also.

Looks, like very unlikely but reproducing with stress test after some time.
Verified that the crash is not reproduced anymore with corresponding test after 
the fix.

-------------

Commit messages:
 - fix

Changes: https://git.openjdk.org/jdk/pull/26031/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=26031&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8359366
  Stats: 10 lines in 2 files changed: 8 ins; 0 del; 2 mod
  Patch: https://git.openjdk.org/jdk/pull/26031.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/26031/head:pull/26031

PR: https://git.openjdk.org/jdk/pull/26031

Reply via email to