Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8229495

SIGILL in C2 generated OSR compilation



    • b32
    • Verified



        (provisional synopsis, please change as you see fit)

        Found with fuzzing. The testcase is attached. It fails in the first second every 5-th run or so. There are plenty of hs_errs in the attached bundle.

        $ ~/trunks/jdk-jdk/build/linux-x86_64-server-fastdebug/images/jdk/bin/java Test
        # A fatal error has been detected by the Java Runtime Environment:
        # SIGILL (0x4) at pc=0x00007f7693cde65e, pid=12339, tid=12340
        # JRE version: OpenJDK Runtime Environment (14.0) (fastdebug build 14-internal+0-adhoc.shade.jdk-jdk)
        # Java VM: OpenJDK 64-Bit Server VM (fastdebug 14-internal+0-adhoc.shade.jdk-jdk, mixed mode, sharing, tiered, compressed oops, g1 gc, linux-amd64)
        # Problematic frame:
        # J 63% c2 Test.vMeth(IF)V (252 bytes) @ 0x00007f7693cde65e [0x00007f7693cde020+0x000000000000063e]
        # Core dump will be written. Default location: Core dumps may be processed with "/usr/share/apport/apport %p %s %c %d %P" (or dumping to /home/shade/trunks/JavaFuzzer/tests/03934/core.12339)
        # An error report file with more information is saved as:
        # /home/shade/trunks/JavaFuzzer/tests/03934/hs_err_pid12339.log
        # If you would like to submit a bug report, please visit:
        # http://bugreport.java.com/bugreport/crash.jsp
        Current thread is 12340
        Dumping core ...

        The disassembly shows it is ud2 following the call:

         4c 8b 54 24 30 mov r10,QWORD PTR [rsp+0x30]
         4c 89 54 24 20 mov QWORD PTR [rsp+0x20],r10
         89 5c 24 14 mov DWORD PTR [rsp+0x14],ebx
         89 5c 24 28 mov DWORD PTR [rsp+0x28],ebx
         e8 c4 27 46 f8 call 0xfffffffff84627e2
         0f 0b ud2 ; <---- SIGILL here
         0f 0b ud2
         be 8d ff ff ff mov esi,0xffffff8d
         44 89 6c 24 08 mov DWORD PTR [rsp+0x8],r13d
         89 5c 24 0c mov DWORD PTR [rsp+0xc],ebx
         44 89 74 24 14 mov DWORD PTR [rsp+0x14],r14d
         c5 fa 10 4c 24 20 vmovss xmm1,DWORD PTR [rsp+0x20]

        ...so it must be returning incorrectly on some path.


          Issue Links



                roland Roland Westrelin
                shade Aleksey Shipilev
                0 Vote for this issue
                13 Start watching this issue