-
Bug
-
Resolution: Fixed
-
P4
-
20
-
b19
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8299040 | 17.0.7-oracle | Calvin Cheung | P4 | Resolved | Fixed | b01 |
| JDK-8298844 | 17.0.7 | Richard Reingruber | P4 | Resolved | Fixed | b01 |
| JDK-8299219 | 11.0.19-oracle | Calvin Cheung | P4 | Resolved | Fixed | b01 |
| JDK-8298847 | 11.0.19 | Richard Reingruber | P4 | Resolved | Fixed | b01 |
Symptom: SIGSEGV in frame::interpreter_frame_print_on()
Bug: missing null check before dereferencing BasicObjectLock::_obj. _obj is nullptr if the lock is free.
Can be reproduced with -XX:+VerifyContinuations -Xlog:continuations=trace and a
test that yields a continuation after leaving a synchronized block (see attached test).
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00007ffff5cb342e, pid=2791965, tid=2791966
#
# JRE version: OpenJDK Runtime Environment (20.0) (slowdebug build 20-internal-adhoc.USER.jdk)
# Java VM: OpenJDK 64-Bit Server VM (slowdebug 20-internal-adhoc.USER.jdk, mixed mode, tiered, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# V [libjvm.so+0x35542e] oopDesc::klass() const+0x22
#
# Core dump will be written. Default location: Core dumps may be processed with "/usr/share/apport/apport -p%p -s%s -c%c -d%d -P%P -u%u -g%g -- %E" (or dumping to /builds/jdk_HOST__slowdebug/core.2791965)
#
# If you would like to submit a bug report, please visit:
# https://bugreport.java.com/bugreport/crash.jsp
#
--------------- S U M M A R Y ------------
Command Line: -XX:+WhiteBoxAPI -Xbootclasspath/a:/git/work/testclasses/lib --patch-module=java.base=/git/work/testclasses/patches/java.base --add-exports=java.base/jdk.internal.vm=ALL-UNNAMED -XX:+UnlockDiagnosticVMOptions -Xms768m -Xmx768m --enable-preview -XX:+VerifyContinuations -XX:-PauseAtStartup -Xbatch -XX:CompileThreshold=1000 -XX:CompileCommand=dontinline,*::*dontinline* -XX:CompileCommand=dontinline,*::*dontjit* -XX:CompileCommand=exclude,*::*dontjit* -XX:CompileCommand=dontinline,java/lang/String*.* -Xlog:continuations=trace BasicExp
Host: HOST, Intel(R) Xeon(R) CPU E5-2660 v3 @ 2.60GHz, 40 cores, 125G, Ubuntu 20.04.5 LTS
Time: Thu Sep 29 07:19:06 2022 CEST elapsed time: 13.296406 seconds (0d 0h 0m 13s)
--------------- T H R E A D ---------------
Current thread (0x00007ffff002aeb0): JavaThread "main" [_thread_in_vm, id=2791966, stack(0x00007ffff570e000,0x00007ffff580f000)]
Stack: [0x00007ffff570e000,0x00007ffff580f000], sp=0x00007ffff580b790, free space=1013k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [libjvm.so+0x35542e] oopDesc::klass() const+0x22 (oop.inline.hpp:86)
V [libjvm.so+0x10f86e4] oopDesc::print_value_on(outputStream*) const+0x60 (oop.cpp:83)
V [libjvm.so+0xa92f19] frame::interpreter_frame_print_on(outputStream*) const+0x1cb (frame.cpp:574)
V [libjvm.so+0xa92d4b] frame::print_on(outputStream*) const+0x4f (frame.cpp:549)
V [libjvm.so+0x12e69b4] StackChunkFrameStream<(ChunkFrames)1>::print_on(outputStream*) const+0xaa (stackChunkFrameStream.cpp:37)
V [libjvm.so+0x12f3073] bool VerifyStackChunkFrameClosure::do_frame<(ChunkFrames)1, SmallRegisterMap>(StackChunkFrameStream<(ChunkFrames)1> const&, SmallRegisterMap const*)+0x289 (stackChunkOop.cpp:512)
V [libjvm.so+0x12ef98f] void stackChunkOopDesc::iterate_stack<(ChunkFrames)1, VerifyStackChunkFrameClosure>(VerifyStackChunkFrameClosure*)+0x299 (stackChunkOop.inline.hpp:227)
V [libjvm.so+0x12ea917] void stackChunkOopDesc::iterate_stack<VerifyStackChunkFrameClosure>(VerifyStackChunkFrameClosure*)+0x37 (stackChunkOop.inline.hpp:192)
V [libjvm.so+0x12e7a8a] stackChunkOopDesc::verify(unsigned long*, int*, int*, int*)+0x43e (stackChunkOop.cpp:589)
V [libjvm.so+0x909f19] Continuation::debug_verify_continuation(oopDesc*)+0x215 (continuation.cpp:390)
V [libjvm.so+0x90c82f] verify_continuation(oopDesc*)+0x1c (continuationFreezeThaw.cpp:173)
V [libjvm.so+0x910e7d] freeze_epilog(JavaThread*, ContinuationWrapper&)+0x24 (continuationFreezeThaw.cpp:1384)
V [libjvm.so+0x910f8a] freeze_epilog(JavaThread*, ContinuationWrapper&, freeze_result)+0x83 (continuationFreezeThaw.cpp:1402)
V [libjvm.so+0x921e49] int freeze_internal<Config<(oop_kind)0, G1BarrierSet> >(JavaThread*, long*)+0x67a (continuationFreezeThaw.cpp:1464)
V [libjvm.so+0x91fb98] Config<(oop_kind)0, G1BarrierSet>::freeze(JavaThread*, long*)+0x27 (continuationFreezeThaw.cpp:266)
V [libjvm.so+0x915206] int freeze<Config<(oop_kind)0, G1BarrierSet> >(JavaThread*, long*)+0x131 (continuationFreezeThaw.cpp:233)
J 544 jdk.internal.vm.Continuation.doYield()I java.base@20-internal (0 bytes) @ 0x00007fffe093c1d5 [0x00007fffe093c180+0x0000000000000055]
Bug: missing null check before dereferencing BasicObjectLock::_obj. _obj is nullptr if the lock is free.
Can be reproduced with -XX:+VerifyContinuations -Xlog:continuations=trace and a
test that yields a continuation after leaving a synchronized block (see attached test).
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00007ffff5cb342e, pid=2791965, tid=2791966
#
# JRE version: OpenJDK Runtime Environment (20.0) (slowdebug build 20-internal-adhoc.USER.jdk)
# Java VM: OpenJDK 64-Bit Server VM (slowdebug 20-internal-adhoc.USER.jdk, mixed mode, tiered, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# V [libjvm.so+0x35542e] oopDesc::klass() const+0x22
#
# Core dump will be written. Default location: Core dumps may be processed with "/usr/share/apport/apport -p%p -s%s -c%c -d%d -P%P -u%u -g%g -- %E" (or dumping to /builds/jdk_HOST__slowdebug/core.2791965)
#
# If you would like to submit a bug report, please visit:
# https://bugreport.java.com/bugreport/crash.jsp
#
--------------- S U M M A R Y ------------
Command Line: -XX:+WhiteBoxAPI -Xbootclasspath/a:/git/work/testclasses/lib --patch-module=java.base=/git/work/testclasses/patches/java.base --add-exports=java.base/jdk.internal.vm=ALL-UNNAMED -XX:+UnlockDiagnosticVMOptions -Xms768m -Xmx768m --enable-preview -XX:+VerifyContinuations -XX:-PauseAtStartup -Xbatch -XX:CompileThreshold=1000 -XX:CompileCommand=dontinline,*::*dontinline* -XX:CompileCommand=dontinline,*::*dontjit* -XX:CompileCommand=exclude,*::*dontjit* -XX:CompileCommand=dontinline,java/lang/String*.* -Xlog:continuations=trace BasicExp
Host: HOST, Intel(R) Xeon(R) CPU E5-2660 v3 @ 2.60GHz, 40 cores, 125G, Ubuntu 20.04.5 LTS
Time: Thu Sep 29 07:19:06 2022 CEST elapsed time: 13.296406 seconds (0d 0h 0m 13s)
--------------- T H R E A D ---------------
Current thread (0x00007ffff002aeb0): JavaThread "main" [_thread_in_vm, id=2791966, stack(0x00007ffff570e000,0x00007ffff580f000)]
Stack: [0x00007ffff570e000,0x00007ffff580f000], sp=0x00007ffff580b790, free space=1013k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [libjvm.so+0x35542e] oopDesc::klass() const+0x22 (oop.inline.hpp:86)
V [libjvm.so+0x10f86e4] oopDesc::print_value_on(outputStream*) const+0x60 (oop.cpp:83)
V [libjvm.so+0xa92f19] frame::interpreter_frame_print_on(outputStream*) const+0x1cb (frame.cpp:574)
V [libjvm.so+0xa92d4b] frame::print_on(outputStream*) const+0x4f (frame.cpp:549)
V [libjvm.so+0x12e69b4] StackChunkFrameStream<(ChunkFrames)1>::print_on(outputStream*) const+0xaa (stackChunkFrameStream.cpp:37)
V [libjvm.so+0x12f3073] bool VerifyStackChunkFrameClosure::do_frame<(ChunkFrames)1, SmallRegisterMap>(StackChunkFrameStream<(ChunkFrames)1> const&, SmallRegisterMap const*)+0x289 (stackChunkOop.cpp:512)
V [libjvm.so+0x12ef98f] void stackChunkOopDesc::iterate_stack<(ChunkFrames)1, VerifyStackChunkFrameClosure>(VerifyStackChunkFrameClosure*)+0x299 (stackChunkOop.inline.hpp:227)
V [libjvm.so+0x12ea917] void stackChunkOopDesc::iterate_stack<VerifyStackChunkFrameClosure>(VerifyStackChunkFrameClosure*)+0x37 (stackChunkOop.inline.hpp:192)
V [libjvm.so+0x12e7a8a] stackChunkOopDesc::verify(unsigned long*, int*, int*, int*)+0x43e (stackChunkOop.cpp:589)
V [libjvm.so+0x909f19] Continuation::debug_verify_continuation(oopDesc*)+0x215 (continuation.cpp:390)
V [libjvm.so+0x90c82f] verify_continuation(oopDesc*)+0x1c (continuationFreezeThaw.cpp:173)
V [libjvm.so+0x910e7d] freeze_epilog(JavaThread*, ContinuationWrapper&)+0x24 (continuationFreezeThaw.cpp:1384)
V [libjvm.so+0x910f8a] freeze_epilog(JavaThread*, ContinuationWrapper&, freeze_result)+0x83 (continuationFreezeThaw.cpp:1402)
V [libjvm.so+0x921e49] int freeze_internal<Config<(oop_kind)0, G1BarrierSet> >(JavaThread*, long*)+0x67a (continuationFreezeThaw.cpp:1464)
V [libjvm.so+0x91fb98] Config<(oop_kind)0, G1BarrierSet>::freeze(JavaThread*, long*)+0x27 (continuationFreezeThaw.cpp:266)
V [libjvm.so+0x915206] int freeze<Config<(oop_kind)0, G1BarrierSet> >(JavaThread*, long*)+0x131 (continuationFreezeThaw.cpp:233)
J 544 jdk.internal.vm.Continuation.doYield()I java.base@20-internal (0 bytes) @ 0x00007fffe093c1d5 [0x00007fffe093c180+0x0000000000000055]
- backported by
-
JDK-8298844 frame::interpreter_frame_print_on() crashes if free BasicObjectLock exists in frame
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
- links to
-
Commit
openjdk/jdk11u-dev/3f66b162
-
Commit
openjdk/jdk17u-dev/9fdaa338
-
Commit
openjdk/jdk/bdb4ed0f
-
Review
openjdk/jdk11u-dev/1590
-
Review
openjdk/jdk17u-dev/952
-
Review
openjdk/jdk/10486
(5 links to)