-
Bug
-
Resolution: Unresolved
-
P4
-
openjdk8u
-
x86_64
-
linux_ubuntu
ADDITIONAL SYSTEM INFORMATION :
Arch: x86_64
OS: Ubuntu 20.04.4 LTS
HotSpot
- openjdk version "1.8.0_352-internal-fastdebug"
- OpenJDK Runtime Environment (build 1.8.0_352-internal-fastdebug-congli_2022_06_07_14_13-b00)
- OpenJDK 64-Bit Server VM (build 25.352-b00-fastdebug, mixed mode)
javac: javac 1.8.0_352-internal-fastdebug
A DESCRIPTION OF THE PROBLEM :
The problem was found in the repo https://github.com/openjdk/jdk8u-dev (commit 83e90957), OpenJDK 1.8.0_352-internal.
**Note.** We have reported a "quite similar" case in thread 9073643 (internal ID). The difference of these two is 9073643 can only be reproduced on JDK 11 (cannot on JDK 8), but this one can only be reproduced on JDK 8 (cannot on JDK 11)
The following is part of the log:
```
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00007fd0dd45ea61, pid=1282519, tid=0x00007fd0f0c8c700
#
# JRE version: OpenJDK Runtime Environment (8.0_352) (build 1.8.0_352-internal-congli_2022_06_21_15_08-b00)
# Java VM: OpenJDK 64-Bit Server VM (25.352-b00 mixed mode linux-amd64 compressed oops)
# Problematic frame:
# J 22% C2 Test.main([Ljava/lang/String;)V (16 bytes) @ 0x00007fd0dd45ea61 [0x00007fd0dd45e8e0+0x181]
#
# Failed to write core dump. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# If you would like to submit a bug report, please visit:
# http://bugreport.java.com/bugreport/crash.jsp
#
--------------- T H R E A D ---------------
Current thread (0x00007fd0ec00a800): JavaThread "main" [_thread_in_Java, id=1282523, stack(0x00007fd0f0b8d000,0x00007fd0f0c8d000)]
siginfo: si_signo: 11 (SIGSEGV), si_code: 1 (SEGV_MAPERR), si_addr: 0xfffffffceae126f0
Registers:
RAX=0x0000000000000000, RBX=0xfffffffeeae126dc, RCX=0xfffffffe00000014, RDX=0x0000000000000000
RSP=0x00007fd0f0c8b9b0, RBP=0x0000000200000000, RSI=0x00007fd0ec1ad190, RDI=0xfffffffeeae126dc
R8 =0x00000000eae126c8, R9 =0x0000000000000052, R10=0xfffffffeeae126dc, R11=0x0000000080000005
R12=0x0000000000000000, R13=0x00007fd0dd45e790, R14=0x00007fd0f0c8b9f0, R15=0x00007fd0ec00a800
RIP=0x00007fd0dd45ea61, EFLAGS=0x0000000000010202, CSGSFS=0x002b000000000033, ERR=0x0000000000000005
TRAPNO=0x000000000000000e
Top of Stack: (sp=0x00007fd0f0c8b9b0)
0x00007fd0f0c8b9b0: 00007fd0d5197460 00007fd0d5197808
0x00007fd0f0c8b9c0: 00000000eab5f260 00000000eab5f250
0x00007fd0f0c8b9d0: 00007fd0f0c8b9f0 00007fd0f0c8ba60
0x00007fd0f0c8b9e0: 00007fd0f0c8ba60 00007fd0dd0004e7
0x00007fd0f0c8b9f0: 00000000eab5f250 00000000eab5f250
0x00007fd0f0c8ba00: 0000000000001fa0 00007fd0f0c8bb00
0x00007fd0f0c8ba10: 00007fd0f0c8bcf0 00007fd0ec00a800
0x00007fd0f0c8ba20: 00007fd0ec00a800 00007fd0d51973f0
0x00007fd0f0c8ba30: 00007fd0f0c8bb00 00007fd0f0c8bcf8
0x00007fd0f0c8ba40: 00007fd00000000a 00007fd0d51973f0
0x00007fd0f0c8ba50: 00007fd0dd013340 00007fd0f0c8bc38
0x00007fd0f0c8ba60: 00007fd0f0c8bb70 00007fd0f146594d
0x00007fd0f0c8ba70: 0000000000000001 00007fd0ec00a800
0x00007fd0f0c8ba80: 00007fd0f0c8bab0 000000000000000c
0x00007fd0f0c8ba90: 00007fd0f0c8bac0 000000030000000a
0x00007fd0f0c8baa0: 00007fd00000000e 00007fd0dd013340
0x00007fd0f0c8bab0: 00007fd0dd00045f 00007fd000000001
0x00007fd0f0c8bac0: 00007fd0ec00a800 00007fd0ec009b70
0x00007fd0f0c8bad0: 00007fd0ec009bb0 00007fd0ec009bc0
0x00007fd0f0c8bae0: 00007fd0ec009c98 00000000000000d8
0x00007fd0f0c8baf0: 00007fd0ec009cd0 00007fd0f17f3d00
0x00007fd0f0c8bb00: 00007fd0ec00a800 00007fd0ec0025f0
0x00007fd0f0c8bb10: 00007fd0d51973f0 0000000000000000
0x00007fd0f0c8bb20: 0000000000000000 0000000000000000
0x00007fd0f0c8bb30: 0000000000000000 00007fd0f0c8bcf0
0x00007fd0f0c8bb40: 0000000000000016 00007fd0ec00a800
0x00007fd0f0c8bb50: 00007fd0f0c8bcf0 00007fd0d51973f0
0x00007fd0f0c8bb60: 00007fd0f0c8bbf0 00007fd0f0c8bc30
0x00007fd0f0c8bb70: 00007fd0f0c8bce0 00007fd0f14e202d
0x00007fd0f0c8bb80: 0000000000000001 0000000000000004
0x00007fd0f0c8bb90: 00007fd0ec00aa58 00007fd0f0c8bc20
0x00007fd0f0c8bba0: 00007fd0d51973f0 00007fd0ec00a800
Instructions: (pc=0x00007fd0dd45ea61)
0x00007fd0dd45ea41: 90 49 63 cb 49 8d 1c 88 41 8b cb 81 c1 00 00 00
0x00007fd0dd45ea51: 80 45 03 4c 88 10 48 b9 14 00 00 00 fe ff ff ff
0x00007fd0dd45ea61: 44 03 0c 0b 48 b9 18 00 00 00 fe ff ff ff 45 03
0x00007fd0dd45ea71: 0c 0a 49 ba 1c 00 00 00 fe ff ff ff 46 03 0c 17
Register to memory mapping:
RAX=0x0000000000000000 is an unknown value
RBX=0xfffffffeeae126dc is an unknown value
RCX=0xfffffffe00000014 is an unknown value
RDX=0x0000000000000000 is an unknown value
RSP=0x00007fd0f0c8b9b0 is pointing into the stack for thread: 0x00007fd0ec00a800
RBP=0x0000000200000000 is an unknown value
RSI=0x00007fd0ec1ad190 is an unknown value
RDI=0xfffffffeeae126dc is an unknown value
R8 =0x00000000eae126c8 is an oop
[I
- klass: {type array int}
- length: 2
R9 =0x0000000000000052 is an unknown value
R10=0xfffffffeeae126dc is an unknown value
R11=0x0000000080000005 is an unknown value
R12=0x0000000000000000 is an unknown value
R13=0x00007fd0dd45e790 is at entry_point+-336 in (nmethod*)0x00007fd0dd45e790
R14=0x00007fd0f0c8b9f0 is pointing into the stack for thread: 0x00007fd0ec00a800
R15=0x00007fd0ec00a800 is a thread
Stack: [0x00007fd0f0b8d000,0x00007fd0f0c8d000], sp=0x00007fd0f0c8b9b0, free space=1018k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
J 22% C2 Test.main([Ljava/lang/String;)V (16 bytes) @ 0x00007fd0dd45ea61 [0x00007fd0dd45e8e0+0x181]
v ~StubRoutines::call_stub
V [libjvm.so+0x68994d] JavaCalls::call_helper(JavaValue*, methodHandle*, JavaCallArguments*, Thread*)+0xc5d
V [libjvm.so+0x70602d] jni_invoke_static(JNIEnv_*, JavaValue*, _jobject*, JNICallType, _jmethodID*, JNI_ArgumentPusher*, Thread*) [clone .isra.0] [clone .constprop.0]+0x2cd
V [libjvm.so+0x70891b] jni_CallStaticVoidMethod+0x16b
C [libjli.so+0x9522] JavaMain+0x472
C [libpthread.so.0+0x8609] start_thread+0xd9
```
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. javac Test.java
2. java -Xmx1G -XX:-BackgroundCompilation -XX:-PrintWarnings Test
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
No segfault
ACTUAL -
Segfault
---------- BEGIN SOURCE ----------
class Test {
void mainTest(String[] strArr1) {
int i, i1 = 69, i20, i31 = 78;
for (i20 = 3; i20 < 51; i20++) i1 += i20;
try {
int[] ax$21 = {1, 3};
for (int ax$22 = Integer.MIN_VALUE + 4; ax$22 < i20; ax$22++)
i31 += ax$21[ax$22 - (Integer.MIN_VALUE + 4)];
} catch (Throwable ax$25) {
} finally {
}
}
public static void main(String[] strArr) {
Test _instance = new Test();
for (; ; ) _instance.mainTest(strArr);
}
}
---------- END SOURCE ----------
FREQUENCY : always
Arch: x86_64
OS: Ubuntu 20.04.4 LTS
HotSpot
- openjdk version "1.8.0_352-internal-fastdebug"
- OpenJDK Runtime Environment (build 1.8.0_352-internal-fastdebug-congli_2022_06_07_14_13-b00)
- OpenJDK 64-Bit Server VM (build 25.352-b00-fastdebug, mixed mode)
javac: javac 1.8.0_352-internal-fastdebug
A DESCRIPTION OF THE PROBLEM :
The problem was found in the repo https://github.com/openjdk/jdk8u-dev (commit 83e90957), OpenJDK 1.8.0_352-internal.
**Note.** We have reported a "quite similar" case in thread 9073643 (internal ID). The difference of these two is 9073643 can only be reproduced on JDK 11 (cannot on JDK 8), but this one can only be reproduced on JDK 8 (cannot on JDK 11)
The following is part of the log:
```
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00007fd0dd45ea61, pid=1282519, tid=0x00007fd0f0c8c700
#
# JRE version: OpenJDK Runtime Environment (8.0_352) (build 1.8.0_352-internal-congli_2022_06_21_15_08-b00)
# Java VM: OpenJDK 64-Bit Server VM (25.352-b00 mixed mode linux-amd64 compressed oops)
# Problematic frame:
# J 22% C2 Test.main([Ljava/lang/String;)V (16 bytes) @ 0x00007fd0dd45ea61 [0x00007fd0dd45e8e0+0x181]
#
# Failed to write core dump. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# If you would like to submit a bug report, please visit:
# http://bugreport.java.com/bugreport/crash.jsp
#
--------------- T H R E A D ---------------
Current thread (0x00007fd0ec00a800): JavaThread "main" [_thread_in_Java, id=1282523, stack(0x00007fd0f0b8d000,0x00007fd0f0c8d000)]
siginfo: si_signo: 11 (SIGSEGV), si_code: 1 (SEGV_MAPERR), si_addr: 0xfffffffceae126f0
Registers:
RAX=0x0000000000000000, RBX=0xfffffffeeae126dc, RCX=0xfffffffe00000014, RDX=0x0000000000000000
RSP=0x00007fd0f0c8b9b0, RBP=0x0000000200000000, RSI=0x00007fd0ec1ad190, RDI=0xfffffffeeae126dc
R8 =0x00000000eae126c8, R9 =0x0000000000000052, R10=0xfffffffeeae126dc, R11=0x0000000080000005
R12=0x0000000000000000, R13=0x00007fd0dd45e790, R14=0x00007fd0f0c8b9f0, R15=0x00007fd0ec00a800
RIP=0x00007fd0dd45ea61, EFLAGS=0x0000000000010202, CSGSFS=0x002b000000000033, ERR=0x0000000000000005
TRAPNO=0x000000000000000e
Top of Stack: (sp=0x00007fd0f0c8b9b0)
0x00007fd0f0c8b9b0: 00007fd0d5197460 00007fd0d5197808
0x00007fd0f0c8b9c0: 00000000eab5f260 00000000eab5f250
0x00007fd0f0c8b9d0: 00007fd0f0c8b9f0 00007fd0f0c8ba60
0x00007fd0f0c8b9e0: 00007fd0f0c8ba60 00007fd0dd0004e7
0x00007fd0f0c8b9f0: 00000000eab5f250 00000000eab5f250
0x00007fd0f0c8ba00: 0000000000001fa0 00007fd0f0c8bb00
0x00007fd0f0c8ba10: 00007fd0f0c8bcf0 00007fd0ec00a800
0x00007fd0f0c8ba20: 00007fd0ec00a800 00007fd0d51973f0
0x00007fd0f0c8ba30: 00007fd0f0c8bb00 00007fd0f0c8bcf8
0x00007fd0f0c8ba40: 00007fd00000000a 00007fd0d51973f0
0x00007fd0f0c8ba50: 00007fd0dd013340 00007fd0f0c8bc38
0x00007fd0f0c8ba60: 00007fd0f0c8bb70 00007fd0f146594d
0x00007fd0f0c8ba70: 0000000000000001 00007fd0ec00a800
0x00007fd0f0c8ba80: 00007fd0f0c8bab0 000000000000000c
0x00007fd0f0c8ba90: 00007fd0f0c8bac0 000000030000000a
0x00007fd0f0c8baa0: 00007fd00000000e 00007fd0dd013340
0x00007fd0f0c8bab0: 00007fd0dd00045f 00007fd000000001
0x00007fd0f0c8bac0: 00007fd0ec00a800 00007fd0ec009b70
0x00007fd0f0c8bad0: 00007fd0ec009bb0 00007fd0ec009bc0
0x00007fd0f0c8bae0: 00007fd0ec009c98 00000000000000d8
0x00007fd0f0c8baf0: 00007fd0ec009cd0 00007fd0f17f3d00
0x00007fd0f0c8bb00: 00007fd0ec00a800 00007fd0ec0025f0
0x00007fd0f0c8bb10: 00007fd0d51973f0 0000000000000000
0x00007fd0f0c8bb20: 0000000000000000 0000000000000000
0x00007fd0f0c8bb30: 0000000000000000 00007fd0f0c8bcf0
0x00007fd0f0c8bb40: 0000000000000016 00007fd0ec00a800
0x00007fd0f0c8bb50: 00007fd0f0c8bcf0 00007fd0d51973f0
0x00007fd0f0c8bb60: 00007fd0f0c8bbf0 00007fd0f0c8bc30
0x00007fd0f0c8bb70: 00007fd0f0c8bce0 00007fd0f14e202d
0x00007fd0f0c8bb80: 0000000000000001 0000000000000004
0x00007fd0f0c8bb90: 00007fd0ec00aa58 00007fd0f0c8bc20
0x00007fd0f0c8bba0: 00007fd0d51973f0 00007fd0ec00a800
Instructions: (pc=0x00007fd0dd45ea61)
0x00007fd0dd45ea41: 90 49 63 cb 49 8d 1c 88 41 8b cb 81 c1 00 00 00
0x00007fd0dd45ea51: 80 45 03 4c 88 10 48 b9 14 00 00 00 fe ff ff ff
0x00007fd0dd45ea61: 44 03 0c 0b 48 b9 18 00 00 00 fe ff ff ff 45 03
0x00007fd0dd45ea71: 0c 0a 49 ba 1c 00 00 00 fe ff ff ff 46 03 0c 17
Register to memory mapping:
RAX=0x0000000000000000 is an unknown value
RBX=0xfffffffeeae126dc is an unknown value
RCX=0xfffffffe00000014 is an unknown value
RDX=0x0000000000000000 is an unknown value
RSP=0x00007fd0f0c8b9b0 is pointing into the stack for thread: 0x00007fd0ec00a800
RBP=0x0000000200000000 is an unknown value
RSI=0x00007fd0ec1ad190 is an unknown value
RDI=0xfffffffeeae126dc is an unknown value
R8 =0x00000000eae126c8 is an oop
[I
- klass: {type array int}
- length: 2
R9 =0x0000000000000052 is an unknown value
R10=0xfffffffeeae126dc is an unknown value
R11=0x0000000080000005 is an unknown value
R12=0x0000000000000000 is an unknown value
R13=0x00007fd0dd45e790 is at entry_point+-336 in (nmethod*)0x00007fd0dd45e790
R14=0x00007fd0f0c8b9f0 is pointing into the stack for thread: 0x00007fd0ec00a800
R15=0x00007fd0ec00a800 is a thread
Stack: [0x00007fd0f0b8d000,0x00007fd0f0c8d000], sp=0x00007fd0f0c8b9b0, free space=1018k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
J 22% C2 Test.main([Ljava/lang/String;)V (16 bytes) @ 0x00007fd0dd45ea61 [0x00007fd0dd45e8e0+0x181]
v ~StubRoutines::call_stub
V [libjvm.so+0x68994d] JavaCalls::call_helper(JavaValue*, methodHandle*, JavaCallArguments*, Thread*)+0xc5d
V [libjvm.so+0x70602d] jni_invoke_static(JNIEnv_*, JavaValue*, _jobject*, JNICallType, _jmethodID*, JNI_ArgumentPusher*, Thread*) [clone .isra.0] [clone .constprop.0]+0x2cd
V [libjvm.so+0x70891b] jni_CallStaticVoidMethod+0x16b
C [libjli.so+0x9522] JavaMain+0x472
C [libpthread.so.0+0x8609] start_thread+0xd9
```
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. javac Test.java
2. java -Xmx1G -XX:-BackgroundCompilation -XX:-PrintWarnings Test
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
No segfault
ACTUAL -
Segfault
---------- BEGIN SOURCE ----------
class Test {
void mainTest(String[] strArr1) {
int i, i1 = 69, i20, i31 = 78;
for (i20 = 3; i20 < 51; i20++) i1 += i20;
try {
int[] ax$21 = {1, 3};
for (int ax$22 = Integer.MIN_VALUE + 4; ax$22 < i20; ax$22++)
i31 += ax$21[ax$22 - (Integer.MIN_VALUE + 4)];
} catch (Throwable ax$25) {
} finally {
}
}
public static void main(String[] strArr) {
Test _instance = new Test();
for (; ; ) _instance.mainTest(strArr);
}
}
---------- END SOURCE ----------
FREQUENCY : always