8000 JDK8 Crash with either "Segmentation error vmState=0x00000000" or "Invalid JIT return address" · Issue #15477 · eclipse-openj9/openj9 · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
JDK8 Crash with either "Segmentation error vmState=0x00000000" or "Invalid JIT return address" #15477
New issue
New issue
Closed
eclipse-omr/omr
#6826
Closed
JDK8 Crash with either "Segmentation error vmState=0x00000000" or "Invalid JIT return address"#15477
eclipse-omr/omr
#6826
Assignees
jdmpapin
Labels
comp:jitsegfaultIssues that describe segfaults / JVM crashesuserRaised
Milestone
 
Release 0.38 (Java 8, 11, 17) Apr refresh
@connglli

Description

@connglli
connglli
opened on Jul 1, 2022

Java -version output

openjdk version "1.8.0_342-internal"
OpenJDK Runtime Environment (build 1.8.0_342-internal-_2022_06_10_15_18-b00)
Eclipse OpenJ9 VM (build master-3d06b2f9c, JRE 1.8.0 Linux amd64-64-Bit Compressed References 20220610_000000 (JIT enabled, AOT enabled)
OpenJ9   - 3d06b2f9c
OMR      - cf8ddbd1a
JCL      - 2bb179375a based on jdk8u342-b05)

Summary of problem

Sorry this test is a bit large but we are unable to reduce it further. The test is somewhat tricky because it sometimes crashes with a Segmentation error and full stacktrace; sometimes just crashes with outputting "Invalid JIT return address".

Also, this is perhaps a JIT bug since -Xint can hide it.

public class Test {
  public static final int N = 256;
  public static long instanceCount = 9593L;
  public static byte byFld = -75;
  public static boolean bFld = false;

  public static int iMeth(boolean b, int i2) {
    float f4 = -2.554F;
    int i20 = 55118,
        i21 = 36767,
        i22 = -33501,
        i23 = -196,
        i24 = 1188,
        i25 = 10,
        i26 = 2080,
        iArr[] = new int[N];
    short s2 = 12562;
    for (i20 = 1; i20 < 217; i20++) {
      i2 += i20;
      iArr[i20 - 1] -= i21;
      i2 += (i20 - i2);
      if (b) continue;
      i21 = 8;
      f4 = i21;
      iArr[i20] = i2;
      Test.byFld += (byte) i21;
      i2 += (((i20 * f4) + i20) - Test.instanceCount);
      Test.instanceCount = -77;
      iArr[i20 + 1] = i21;
      if (i2 != 0) {}
      f4 -= Test.instanceCount;
    }
    for (int ax$7 = -635; ax$7 < 5443; ax$7 += 1) {
      boolean ax$4 = b;
      int ax$5 = i20;
      try {
        int[] ax$0 = {1, 2, 3, 4};
        int ax$3;
        for (int ax$1 = 1; ax$1 < i20; ax$1++) {
          for (int ax$2 = 0; ax$2 < i20 - ax$1; ax$2++) {
            if (ax$0[ax$2] > ax$0[ax$2 + 1]) {
              ax$3 = ax$0[ax$2];
              ax$0[ax$2] = ax$0[ax$2 + 1];
              ax$0[ax$2 + 1] = ax$3;
            }
          }
        }
      } catch (Throwable ax$6) {
      } finally {
        b = ax$4;
        i20 = ax$5;
      }
    }
    do {
      if (b) break;
    } while (++i22 < 143);
    long meth_res =
        (b ? 1 : 0)
            + i2
            + Float.floatToIntBits(f4)
            + i20
            + i21
            + i22
            + i23
            + i24
            + s2
            + i25
            + i26
            + FuzzerUtils.checkSum(iArr);
    return (int) meth_res;
  }

  public void mainTest(String[] strArr1) {
    double d = -2.106236, dArr1[] = new double[N];
    int i = -1, i1 = 91, i27 = -1, i28 = 94, i29 = 7, i30 = 4, i31 = -7, i32 = 238;
    for (d = 81; 2 < d; d -= 2) i1 = (int) ((-(i1 + -1.60531)) * iMeth(Test.bFld, -3));
  }

  public static void main(String[] strArr) {
    try {
      Test _instance = new Test();
      for (int i = 0; i < 10; i++) {
        _instance.mainTest(strArr);
      }
    } catch (Exception ex) {
      FuzzerUtils.out.println(ex.getClass().getCanonicalName());
    }
  }
}

Diagnostic files

By issuing

$ java Test

the following crash log is given:

unhandled exception
Type=Segmentation error vmState=0x00000000
J9Generic_Signal_Number=00000018 Signal_Number=0000000b Error_Value=00000000 Signal_Code=00000002
Handler1=00007F1A712A7020 Handler2=00007F1A7108FEF0 InaccessibleAddress=0000000400000008
RDI=00007F1A6BD93740 RSI=000000000011B860 RAX=00007F1A714584E0 RBX=000000000004DD00
RCX=0000000400000004 RDX=0000000400000004 R8=00000000000000D9 R9=0000000000000000
R10=0000000000000000 R11=00000000000000D9 R12=000000000011B7B0 R13=000000000011B7C0
R14=00007F1A6C47E362 R15=00007F1A714ED0A0
RIP=00007F1A712F6FD0 GS=0000 FS=0000 RSP=00007F1A714ECD30
EFlags=0000000000010202 CS=0033 RBP=0000000000000000 ERR=0000000000000004
TRAPNO=000000000000000E OLDMASK=0000000000000000 CR2=0000000400000008
xmm0 0000000000270600 (f: 2557440.000000, d: 1.263543e-317)
xmm1 c1e0000044fca000 (f: 1157406720.000000, d: -2.147484e+09)
xmm2 00007f1a714ed0d0 (f: 1900990720.000000, d: 6.904644e-310)
xmm3 c1e0000044fb8000 (f: 1157332992.000000, d: -2.147484e+09)
xmm4 2323232323232323 (f: 589505344.000000, d: 2.008777e-139)
xmm5 bff0000000000000 (f: 0.000000, d: -1.000000e+00)
xmm6 bfba4e76ce8c0e5e (f: 3465285120.000000, d: -1.027598e-01)
xmm7 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm8 0000000042aa0000 (f: 1118437376.000000, d: 5.525815e-315)
xmm9 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm10 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm11 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm12 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm13 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm14 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm15 0000000000000000 (f: 0.000000, d: 0.000000e+00)
Module=/zdata/congli/OpenJ9/jdk8/jre/lib/amd64/default/libj9vm29.so
Module_base_address=00007F1A71268000
Target=2_90_20220610_000000 (Linux 5.4.0-117-generic)
CPU=amd64 (128 logical CPUs) (0x3ee84d8000 RAM)
----------- Stack Backtrace -----------
_ZN32VM_BytecodeInterpreterCompressed3runEP10J9VMThread+0x5db0 (0x00007F1A712F6FD0 [libj9vm29.so+0x8efd0])
bytecodeLoopCompressed+0xad (0x00007F1A712F120D [libj9vm29.so+0x8920d])
 (0x00007F1A7139B642 [libj9vm29.so+0x133642])
 ---------------------------------------
 JVMDUMP039I Processing dump event "gpf", detail "" at 2022/07/01 17:57:28 - please wait.
 JVMDUMP032I JVM requested System dump using '/zdata/congli/ax-exp/ax-eval/2-ax-only/90.openj9/mutant/red/core.20220701.175728.522725.0001.dmp' in response to an event
 JVMDUMP010I System dump written to /zdata/congli/ax-exp/ax-eval/2-ax-only/90.openj9/mutant/red/core.20220701.175728.522725.0001.dmp
 JVMDUMP032I JVM requested Java dump using '/zdata/congli/ax-exp/ax-eval/2-ax-only/90.openj9/mutant/red/javacore.20220701.175728.522725.0002.txt' in response to an event
 JVMDUMP012E Error in Java dump: /zdata/congli/ax-exp/ax-eval/2-ax-only/90.openj9/mutant/red/javacore.20220701.175728.522725.0002.txt
 JVMDUMP032I JVM requested Snap dump using '/zdata/congli/ax-exp/ax-eval/2-ax-only/90.openj9/mutant/red/Snap.20220701.175728.522725.0003.trc' in response to an event
 JVMDUMP010I Snap dump written to /zdata/congli/ax-exp/ax-eval/2-ax-only/90.openj9/mutant/red/Snap.20220701.175728.522725.0003.trc
 JVMDUMP032I JVM requested JIT dump using '/zdata/congli/ax-exp/ax-eval/2-ax-only/90.openj9/mutant/red/jitdump.20220701.175728.522725.0004.dmp' in response to an event
 JVMDUMP051I JIT dump occurred in 'main' thread 0x000000000004DD00
 JVMDUMP010I JIT dump written to /zdata/congli/ax-exp/ax-eval/2-ax-only/90.openj9/mutant/red/jitdump.20220701.175728.522725.0004.dmp
 JVMDUMP013I Processed dump event "gpf", detail "".

Or sometimes just output:



*** Invalid JIT return address 0000000400000004 in 000000000004E000

15:56:26.134 0x4dd00    j9vm.249    *   ** ASSERTION FAILED ** at /root/hostdir/openj9-openjdk-jdk8/openj9/runtime/vm/swalk.c:1602: ((0 ))
JVMDUMP039I Processing dump event "traceassert", detail "" at 2022/07/01 17:56:26 - please wait.
JVMDUMP032I JVM requested System dump using '/zdata/congli/ax-exp/ax-eval/2-ax-only/90.openj9/mutant/red/core.20220701.175626.443427.0001.dmp' in response to an event
JVMDUMP010I System dump written to /zdata/congli/ax-exp/ax-eval/2-ax-only/90.openj9/mutant/red/core.20220701.175626.443427.0001.dmp
JVMDUMP032I JVM requested Java dump using '/zdata/congli/ax-exp/ax-eval/2-ax-only/90.openj9/mutant/red/javacore.20220701.175626.443427.0002.txt' in response to an event
JVMDUMP012E Error in Java dump: /zdata/congli/ax-exp/ax-eval/2-ax-only/90.openj9/mutant/red/javacore.20220701.175626.443427.0002.txt
JVMDUMP032I JVM requested Snap dump using '/zdata/congli/ax-exp/ax-eval/2-ax-only/90.openj9/mutant/red/Snap.20220701.175626.443427.0003.trc' in response to an event
JVMDUMP010I Snap dump written to /zdata/congli/ax-exp/ax-eval/2-ax-only/90.openj9/mutant/red/Snap.20220701.175626.443427.0003.trc
JVMDUMP013I Processed dump event "traceassert", detail "".

Please also check openj9-bug-90.tar.gz for the two types of logs (core, snap, etc.) and the test (Test.java, Test.class).

Metadata

Metadata

Assignees

Labels

comp:jitsegfaultIssues that describe segfaults / JVM crashesuserRaised

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions
    0