Details
-
Bug
-
Resolution: Fixed
-
P4
-
11, 17, 21, 22
-
b10
-
x86
-
linux
Backports
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8315054 | 21.0.1 | Ben Taylor | P4 | Resolved | Fixed | b09 |
| JDK-8314459 | 17.0.9 | Ben Taylor | P4 | Resolved | Fixed | b04 |
| JDK-8314600 | 11.0.21 | Ben Taylor | P4 | Resolved | Fixed | b04 |
Description
```
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00007f83be32e9c3, pid=100, tid=926134
#
# JRE version: OpenJDK Runtime Environment Corretto-11.0.19.7.1 (11.0.19+7) (build 11.0.19+7-LTS)
# Java VM: OpenJDK 64-Bit Server VM Corretto-11.0.19.7.1 (11.0.19+7-LTS, mixed mode, tiered, compressed oops, g1 gc, linux-amd64)
# Problematic frame:
# V [libjvm.so+0x7a19c3] frame::is_interpreted_frame_valid(JavaThread*) const+0x43
#
# Core dump will be written. Default location: //core.100
#
# If you would like to submit a bug report, please visit:
# https://github.com/corretto/corretto-11/issues/
#
...
Current thread (0x00007f81700aa000): JavaThread "redacted" daemon [_thread_in_vm, id=926134, stack(0x00007f7f9b9fe000,0x00007f7f9baff000)]
Stack: [0x00007f7f9b9fe000,0x00007f7f9baff000], sp=0x00007f7f9baf8b00, free space=1002k
Native frames: (J=compiled Java code, A=aot compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [libjvm.so+0x7a19c3] frame::is_interpreted_frame_valid(JavaThread*) const+0x43
V [libjvm.so+0x286f47] forte_fill_call_trace_given_top(JavaThread*, ASGCT_CallTrace*, int, frame) [clone .isra.20]+0x1d3
V [libjvm.so+0x79daf8] AsyncGetCallTrace+0x188
C [libjavaProfiler12753845288268514789.so+0x33c1b] Profiler::getJavaTraceAsync(void*, ASGCT_CallFrame*, int, StackContext*, bool*)+0x12b
C [libjavaProfiler12753845288268514789.so+0x34cf0] Profiler::recordSample(void*, unsigned long long, int, int, Event*)+0x250
C [libjavaProfiler12753845288268514789.so+0x3944c] PerfEvents::signalHandler(int, siginfo_t*, void*)+0x13c
C [libpthread.so.0+0x118e0]
siginfo: si_signo: 11 (SIGSEGV), si_code: 128 (SI_KERNEL), si_addr: 0x0000000000000000
```
```
00000000007a1980 <_ZNK5frame26is_interpreted_frame_validEP10JavaThread>:
7a1980: 48 8b 47 20 mov 0x20(%rdi),%rax
7a1984: 48 85 c0 test %rax,%rax
7a1987: 74 1f je 7a19a8 <_ZNK5frame26is_interpreted_frame_validEP10JavaThread+0x28>
7a1989: a8 07 test $0x7,%al
7a198b: 75 1b jne 7a19a8 <_ZNK5frame26is_interpreted_frame_validEP10JavaThread+0x28>
7a198d: 48 8b 17 mov (%rdi),%rdx
7a1990: 48 85 d2 test %rdx,%rdx
7a1993: 74 13 je 7a19a8 <_ZNK5frame26is_interpreted_frame_validEP10JavaThread+0x28>
7a1995: f6 c2 07 test $0x7,%dl
7a1998: 75 0e jne 7a19a8 <_ZNK5frame26is_interpreted_frame_validEP10JavaThread+0x28>
7a199a: 48 8d 48 b8 lea -0x48(%rax),%rcx
7a199e: 48 39 ca cmp %rcx,%rdx
7a19a1: 77 05 ja 7a19a8 <_ZNK5frame26is_interpreted_frame_validEP10JavaThread+0x28>
7a19a3: 48 39 c2 cmp %rax,%rdx
7a19a6: 72 08 jb 7a19b0 <_ZNK5frame26is_interpreted_frame_validEP10JavaThread+0x30>
7a19a8: 31 c0 xor %eax,%eax
7a19aa: c3 retq
7a19ab: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
7a19b0: 55 push %rbp
7a19b1: 48 89 e5 mov %rsp,%rbp
7a19b4: 41 55 push %r13
7a19b6: 41 54 push %r12
7a19b8: 53 push %rbx
7a19b9: 48 89 fb mov %rdi,%rbx
7a19bc: 49 89 f4 mov %rsi,%r12
7a19bf: 48 83 ec 08 sub $0x8,%rsp
7a19c3: 4c 8b 68 e8 mov -0x18(%rax),%r13 <-- +0x43
7a19c7: 4c 89 ef mov %r13,%rdi
7a19ca: e8 91 00 45 00 callq bf1a60 <_ZN6Method15is_valid_methodEPKS_>
7a19cf: 84 c0 test %al,%al
7a19d1: 74 21 je 7a19f4 <_ZNK5frame26is_interpreted_frame_validEP10JavaThread+0x74>
7a19d3: 49 8b 55 08 mov 0x8(%r13),%rdx
7a19d7: 48 8b 43 20 mov 0x20(%rbx),%rax
7a19db: 48 2b 43 28 sub 0x28(%rbx),%rax
7a19df: 0f b7 52 30 movzwl 0x30(%rdx),%edx
7a19e3: 48 c1 f8 03 sar $0x3,%rax
7a19e7: 48 8d 14 d5 08 04 00 lea 0x408(,%rdx,8),%rdx
7a19ee: 00
7a19ef: 48 39 d0 cmp %rdx,%rax
7a19f2: 7e 0d jle 7a1a01 <_ZNK5frame26is_interpreted_frame_validEP10JavaThread+0x81>
7a19f4: 31 c0 xor %eax,%eax
7a19f6: 48 83 c4 08 add $0x8,%rsp
7a19fa: 5b pop %rbx
7a19fb: 41 5c pop %r12
7a19fd: 41 5d pop %r13
7a19ff: 5d pop %rbp
7a1a00: c3 retq
7a1a01: 48 89 df mov %rbx,%rdi
7a1a04: e8 d7 ce ff ff callq 79e8e0 <_ZNK5frame21interpreter_frame_bcpEv>
7a1a09: 4c 89 ef mov %r13,%rdi
7a1a0c: 48 89 c6 mov %rax,%rsi
7a1a0f: e8 cc 9c 44 00 callq beb6e0 <_ZNK6Method21validate_bci_from_bcpEPh>
7a1a14: 85 c0 test %eax,%eax
7a1a16: 78 dc js 7a19f4 <_ZNK5frame26is_interpreted_frame_validEP10JavaThread+0x74>
7a1a18: 48 8b 43 20 mov 0x20(%rbx),%rax
7a1a1c: 48 8b 78 d0 mov -0x30(%rax),%rdi
7a1a20: e8 cb df c9 ff callq 43f9f0 <_ZN12MetaspaceObj8is_validEPKS_>
7a1a25: 84 c0 test %al,%al
7a1a27: 74 cb je 7a19f4 <_ZNK5frame26is_interpreted_frame_validEP10JavaThread+0x74>
7a1a29: 48 8b 53 20 mov 0x20(%rbx),%rdx
7a1a2d: 48 8b 4a c8 mov -0x38(%rdx),%rcx
7a1a31: 49 3b 8c 24 90 02 00 cmp 0x290(%r12),%rcx
7a1a38: 00
7a1a39: 0f 97 c0 seta %al
7a1a3c: 48 39 d1 cmp %rdx,%rcx
7a1a3f: 0f 92 c2 setb %dl
7a1a42: 09 d0 or %edx,%eax
7a1a44: 83 f0 01 xor $0x1,%eax
7a1a47: eb ad jmp 7a19f6 <_ZNK5frame26is_interpreted_frame_validEP10JavaThread+0x76>
7a1a49: 90 nop
7a1a4a: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
```
This appears to indicate that the `Method**` returned by `interpreter_frame_method_addr()` is null:
```cpp
// do some validation of frame elements
// first the method
Method* m = *interpreter_frame_method_addr();
```
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00007f83be32e9c3, pid=100, tid=926134
#
# JRE version: OpenJDK Runtime Environment Corretto-11.0.19.7.1 (11.0.19+7) (build 11.0.19+7-LTS)
# Java VM: OpenJDK 64-Bit Server VM Corretto-11.0.19.7.1 (11.0.19+7-LTS, mixed mode, tiered, compressed oops, g1 gc, linux-amd64)
# Problematic frame:
# V [libjvm.so+0x7a19c3] frame::is_interpreted_frame_valid(JavaThread*) const+0x43
#
# Core dump will be written. Default location: //core.100
#
# If you would like to submit a bug report, please visit:
# https://github.com/corretto/corretto-11/issues/
#
...
Current thread (0x00007f81700aa000): JavaThread "redacted" daemon [_thread_in_vm, id=926134, stack(0x00007f7f9b9fe000,0x00007f7f9baff000)]
Stack: [0x00007f7f9b9fe000,0x00007f7f9baff000], sp=0x00007f7f9baf8b00, free space=1002k
Native frames: (J=compiled Java code, A=aot compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [libjvm.so+0x7a19c3] frame::is_interpreted_frame_valid(JavaThread*) const+0x43
V [libjvm.so+0x286f47] forte_fill_call_trace_given_top(JavaThread*, ASGCT_CallTrace*, int, frame) [clone .isra.20]+0x1d3
V [libjvm.so+0x79daf8] AsyncGetCallTrace+0x188
C [libjavaProfiler12753845288268514789.so+0x33c1b] Profiler::getJavaTraceAsync(void*, ASGCT_CallFrame*, int, StackContext*, bool*)+0x12b
C [libjavaProfiler12753845288268514789.so+0x34cf0] Profiler::recordSample(void*, unsigned long long, int, int, Event*)+0x250
C [libjavaProfiler12753845288268514789.so+0x3944c] PerfEvents::signalHandler(int, siginfo_t*, void*)+0x13c
C [libpthread.so.0+0x118e0]
siginfo: si_signo: 11 (SIGSEGV), si_code: 128 (SI_KERNEL), si_addr: 0x0000000000000000
```
```
00000000007a1980 <_ZNK5frame26is_interpreted_frame_validEP10JavaThread>:
7a1980: 48 8b 47 20 mov 0x20(%rdi),%rax
7a1984: 48 85 c0 test %rax,%rax
7a1987: 74 1f je 7a19a8 <_ZNK5frame26is_interpreted_frame_validEP10JavaThread+0x28>
7a1989: a8 07 test $0x7,%al
7a198b: 75 1b jne 7a19a8 <_ZNK5frame26is_interpreted_frame_validEP10JavaThread+0x28>
7a198d: 48 8b 17 mov (%rdi),%rdx
7a1990: 48 85 d2 test %rdx,%rdx
7a1993: 74 13 je 7a19a8 <_ZNK5frame26is_interpreted_frame_validEP10JavaThread+0x28>
7a1995: f6 c2 07 test $0x7,%dl
7a1998: 75 0e jne 7a19a8 <_ZNK5frame26is_interpreted_frame_validEP10JavaThread+0x28>
7a199a: 48 8d 48 b8 lea -0x48(%rax),%rcx
7a199e: 48 39 ca cmp %rcx,%rdx
7a19a1: 77 05 ja 7a19a8 <_ZNK5frame26is_interpreted_frame_validEP10JavaThread+0x28>
7a19a3: 48 39 c2 cmp %rax,%rdx
7a19a6: 72 08 jb 7a19b0 <_ZNK5frame26is_interpreted_frame_validEP10JavaThread+0x30>
7a19a8: 31 c0 xor %eax,%eax
7a19aa: c3 retq
7a19ab: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
7a19b0: 55 push %rbp
7a19b1: 48 89 e5 mov %rsp,%rbp
7a19b4: 41 55 push %r13
7a19b6: 41 54 push %r12
7a19b8: 53 push %rbx
7a19b9: 48 89 fb mov %rdi,%rbx
7a19bc: 49 89 f4 mov %rsi,%r12
7a19bf: 48 83 ec 08 sub $0x8,%rsp
7a19c3: 4c 8b 68 e8 mov -0x18(%rax),%r13 <-- +0x43
7a19c7: 4c 89 ef mov %r13,%rdi
7a19ca: e8 91 00 45 00 callq bf1a60 <_ZN6Method15is_valid_methodEPKS_>
7a19cf: 84 c0 test %al,%al
7a19d1: 74 21 je 7a19f4 <_ZNK5frame26is_interpreted_frame_validEP10JavaThread+0x74>
7a19d3: 49 8b 55 08 mov 0x8(%r13),%rdx
7a19d7: 48 8b 43 20 mov 0x20(%rbx),%rax
7a19db: 48 2b 43 28 sub 0x28(%rbx),%rax
7a19df: 0f b7 52 30 movzwl 0x30(%rdx),%edx
7a19e3: 48 c1 f8 03 sar $0x3,%rax
7a19e7: 48 8d 14 d5 08 04 00 lea 0x408(,%rdx,8),%rdx
7a19ee: 00
7a19ef: 48 39 d0 cmp %rdx,%rax
7a19f2: 7e 0d jle 7a1a01 <_ZNK5frame26is_interpreted_frame_validEP10JavaThread+0x81>
7a19f4: 31 c0 xor %eax,%eax
7a19f6: 48 83 c4 08 add $0x8,%rsp
7a19fa: 5b pop %rbx
7a19fb: 41 5c pop %r12
7a19fd: 41 5d pop %r13
7a19ff: 5d pop %rbp
7a1a00: c3 retq
7a1a01: 48 89 df mov %rbx,%rdi
7a1a04: e8 d7 ce ff ff callq 79e8e0 <_ZNK5frame21interpreter_frame_bcpEv>
7a1a09: 4c 89 ef mov %r13,%rdi
7a1a0c: 48 89 c6 mov %rax,%rsi
7a1a0f: e8 cc 9c 44 00 callq beb6e0 <_ZNK6Method21validate_bci_from_bcpEPh>
7a1a14: 85 c0 test %eax,%eax
7a1a16: 78 dc js 7a19f4 <_ZNK5frame26is_interpreted_frame_validEP10JavaThread+0x74>
7a1a18: 48 8b 43 20 mov 0x20(%rbx),%rax
7a1a1c: 48 8b 78 d0 mov -0x30(%rax),%rdi
7a1a20: e8 cb df c9 ff callq 43f9f0 <_ZN12MetaspaceObj8is_validEPKS_>
7a1a25: 84 c0 test %al,%al
7a1a27: 74 cb je 7a19f4 <_ZNK5frame26is_interpreted_frame_validEP10JavaThread+0x74>
7a1a29: 48 8b 53 20 mov 0x20(%rbx),%rdx
7a1a2d: 48 8b 4a c8 mov -0x38(%rdx),%rcx
7a1a31: 49 3b 8c 24 90 02 00 cmp 0x290(%r12),%rcx
7a1a38: 00
7a1a39: 0f 97 c0 seta %al
7a1a3c: 48 39 d1 cmp %rdx,%rcx
7a1a3f: 0f 92 c2 setb %dl
7a1a42: 09 d0 or %edx,%eax
7a1a44: 83 f0 01 xor $0x1,%eax
7a1a47: eb ad jmp 7a19f6 <_ZNK5frame26is_interpreted_frame_validEP10JavaThread+0x76>
7a1a49: 90 nop
7a1a4a: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
```
This appears to indicate that the `Method**` returned by `interpreter_frame_method_addr()` is null:
```cpp
// do some validation of frame elements
// first the method
Method* m = *interpreter_frame_method_addr();
```
Attachments
Issue Links
- backported by
-
JDK-8314459 AsyncGetCallTrace crash on unreadable interpreter method pointer
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
- links to
-
Commit
openjdk/jdk11u-dev/3c9dc44b
-
Commit
openjdk/jdk17u-dev/4084a818
-
Commit
openjdk/jdk21u/46ce5553
-
Commit
openjdk/jdk/0e2c72d7
-
Review
openjdk/jdk11u-dev/2079
-
Review
openjdk/jdk17u-dev/1665
-
Review
openjdk/jdk21u/94
-
Review
openjdk/jdk/15178
-
Review
openjdk/jdk/15193
(7 links to)