Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8328084

JVM crash with problematic frame [libjvm.so+0xca5c60] RegMask::is_bound_pair() | openjdk build 11.0.17

XMLWordPrintable

    • x86_64
    • linux_ubuntu

      ADDITIONAL SYSTEM INFORMATION :
       #
      # A fatal error has been detected by the Java Runtime Environment:
      #
      # SIGSEGV (0xb) at pc=0x00007f2d4aa39c60, pid=316798, tid=316898
      #
      # JRE version: OpenJDK Runtime Environment (11.0.17) (build 11.0.17-internal+0-adhoc.root.jdk-11.0.178)
      # Java VM: OpenJDK 64-Bit Server VM (11.0.17-internal+0-adhoc.root.jdk-11.0.178, mixed mode, tiered, compressed oops, g1 gc, linux-amd64)
      # Problematic frame:
      # V [libjvm.so+0xca5c60] RegMask::is_bound_pair() const+0x70
      #
      # Core dump will be written. Default location: Core dumps may be processed with "/usr/share/apport/apport -p%p -s%s -c%c -d%d -P%P -u%u -g%g -- %E" (or dumping to /root/shannonfuzz-python/fuzz/workline/core.316798)
      #
      # If you would like to submit a bug report, please visit:
      # https://bugreport.java.com/bugreport/crash.jsp

      A DESCRIPTION OF THE PROBLEM :
      This could be due to a code segment in the Java Virtual Machine (JVM) that is causing access to an illegitimate memory location or some other problem with the underlying interaction with the operating system


      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      I don't think it's a specific test case that triggers the bug, maybe it's the runtime.
      But the test case that triggered the bug is still pasted below.

      import javax.swing.*;
      import java.awt.*;

      public class MyThreadGroup{

          ThreadGroup getRootThreadGroup() throws Exception {
              int mapPos = null;
              if (mapPos != Position.NOPOS)
                  return mapPos;
              ThreadGroup currentTG = Thread.currentThread().getThreadGroup();
              ThreadGroup parentTG = currentTG.getParent();
              while (parentTG != null) {
                  currentTG = parentTG;
                  parentTG = currentTG.getParent();
              }
              return currentTG;
          }

          public static void main(String[] args) throws Exception {
              System.out.println(new MyThreadGroup().getRootThreadGroup());
          }
      }


      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      /root/shannonfuzz-python/fuzz/shannon_v0/openjdk17/MyJVMTest_11927.java:8: error: incompatible types: <null> cannot be converted to int
              int mapPos = null;
                           ^
      /root/shannonfuzz-python/fuzz/shannon_v0/openjdk17/MyJVMTest_11927.java:9: error: cannot find symbol
              if (mapPos != Position.NOPOS)
                                    ^
        symbol: variable NOPOS
        location: class Position
      /root/shannonfuzz-python/fuzz/shannon_v0/openjdk17/MyJVMTest_11927.java:10: error: incompatible types: int cannot be converted to ThreadGroup
                  return mapPos;
                         ^
      3 errors

      ACTUAL -
      #
      # A fatal error has been detected by the Java Runtime Environment:
      #
      # SIGSEGV (0xb) at pc=0x00007f2d4aa39c60, pid=316798, tid=316898
      #
      # JRE version: OpenJDK Runtime Environment (11.0.17) (build 11.0.17-internal+0-adhoc.root.jdk-11.0.178)
      # Java VM: OpenJDK 64-Bit Server VM (11.0.17-internal+0-adhoc.root.jdk-11.0.178, mixed mode, tiered, compressed oops, g1 gc, linux-amd64)
      # Problematic frame:
      # V [libjvm.so+0xca5c60] RegMask::is_bound_pair() const+0x70
      #
      # Core dump will be written. Default location: Core dumps may be processed with "/usr/share/apport/apport -p%p -s%s -c%c -d%d -P%P -u%u -g%g -- %E" (or dumping to /root/shannonfuzz-python/fuzz/workline/core.316798)
      #
      # An error report file with more information is saved as:
      # /root/shannonfuzz-python/fuzz/workline/hs_err_pid316798.log
      #
      # Compiler replay data is saved as:
      # /root/shannonfuzz-python/fuzz/workline/replay_pid316798.log
      #
      # If you would like to submit a bug report, please visit:
      # https://bugreport.java.com/bugreport/crash.jsp
      #


      ---------- BEGIN SOURCE ----------
      I don't think it's a specific test case that triggers the bug, maybe it's the runtime.
      But the test case that triggered the bug is still pasted below.

      import javax.swing.*;
      import java.awt.*;

      public class MyThreadGroup{

          ThreadGroup getRootThreadGroup() throws Exception {
              int mapPos = null;
              if (mapPos != Position.NOPOS)
                  return mapPos;
              ThreadGroup currentTG = Thread.currentThread().getThreadGroup();
              ThreadGroup parentTG = currentTG.getParent();
              while (parentTG != null) {
                  currentTG = parentTG;
                  parentTG = currentTG.getParent();
              }
              return currentTG;
          }

          public static void main(String[] args) throws Exception {
              System.out.println(new MyThreadGroup().getRootThreadGroup());
          }
      }

      ---------- END SOURCE ----------

      CUSTOMER SUBMITTED WORKAROUND :
      Haven't figured out how to fix that crash yet

      FREQUENCY : rarely


            rsurianaraya Rajagopal Surianarayanan
            webbuggrp Webbug Group
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: