Details
-
Bug
-
Resolution: Fixed
-
P2
-
12, 13, 14
-
b23
-
Verified
Description
(synopsis is provisional, please change as you see fit)
Found with fuzzing. Testing bundle is attached, has a few hs_errs and replays inside. Crashes intermittently, roughly in half of invocations, so this is the reproducer:
$ for I in `seq 1 10`; do ~/trunks/jdk-jdk/build/linux-x86_64-server-fastdebug/images/jdk/bin/java Test; done
release build crashes like this:
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00007f9cc1057e89, pid=22579, tid=22594
#
# JRE version: OpenJDK Runtime Environment (14.0) (build 14-internal+0-adhoc.shade.jdk-jdk)
# Java VM: OpenJDK 64-Bit Server VM (14-internal+0-adhoc.shade.jdk-jdk, mixed mode, sharing, tiered, compressed oops, g1 gc, linux-amd64)
# Problematic frame:
# V [libjvm.so+0xf03e89] SWPointer::SWPointer(MemNode*, SuperWord*, Node_Stack*, bool) [clone .constprop.199]+0x49
#
# Core dump will be written. Default location: Core dumps may be processed with "/usr/share/apport/apport %p %s %c %d %P" (or dumping to /home/shade/trunks/JavaFuzzer/tests/0002/core.22579)
#
# If you would like to submit a bug report, please visit:
# http://bugreport.java.com/bugreport/crash.jsp
#
--------------- S U M M A R Y ------------
Command Line: Test
Host: Intel(R) Core(TM) i7-7820X CPU @ 3.60GHz, 16 cores, 125G, Ubuntu 18.04.3 LTS
Time: Wed Aug 14 10:18:52 2019 CEST elapsed time: 0 seconds (0d 0h 0m 0s)
--------------- T H R E A D ---------------
Current thread (0x00007f9cb8486800): JavaThread "C2 CompilerThread0" daemon [_thread_in_native, id=22594, stack(0x00007f9c5847d000,0x00007f9c5857e000)]
Current CompileTask:
C2: 215 64 % 4 Test::vMeth1 @ 112 (293 bytes)
Stack: [0x00007f9c5847d000,0x00007f9c5857e000], sp=0x00007f9c58578a20, free space=1006k
Native frames: (J=compiled Java code, A=aot compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [libjvm.so+0xf03e89] SWPointer::SWPointer(MemNode*, SuperWord*, Node_Stack*, bool) [clone .constprop.199]+0x49
V [libjvm.so+0xf04531] SuperWord::align_initial_loop_index(MemNode*)+0xa1
V [libjvm.so+0xf0a4b7] SuperWord::output()+0xa07
V [libjvm.so+0xf0e720] SuperWord::SLP_extract()+0x70
V [libjvm.so+0xf0ed5c] SuperWord::transform_loop(IdealLoopTree*, bool)+0x26c
fastdebug build crashes like this:
# SIGSEGV (0xb) at pc=0x00007f6fa6f8c52c, pid=21280, tid=21291
#
# JRE version: OpenJDK Runtime Environment (14.0) (fastdebug build 14-internal+0-adhoc.shade.jdk-jdk)
# Java VM: OpenJDK 64-Bit Server VM (fastdebug 14-internal+0-adhoc.shade.jdk-jdk, mixed mode, sharing, tiered, compressed oops, g1 gc, linux-amd64)
# Problematic frame:
# V [libjvm.so+0x177f52c] Node::in(unsigned int) const [clone .isra.38] [clone .constprop.281]+0xc
#
# Core dump will be written. Default location: Core dumps may be processed with "/usr/share/apport/apport %p %s %c %d %P" (or dumping to /home/shade/trunks/JavaFuzzer/tests/0002/core.21280)
#
# If you would like to submit a bug report, please visit:
# http://bugreport.java.com/bugreport/crash.jsp
#
--------------- S U M M A R Y ------------
Command Line: Test
Host: shade-desktop, Intel(R) Core(TM) i7-7820X CPU @ 3.60GHz, 16 cores, 125G, Ubuntu 18.04.3 LTS
Time: Wed Aug 14 09:59:46 2019 CEST elapsed time: 0 seconds (0d 0h 0m 0s)
--------------- T H R E A D ---------------
Current thread (0x00007f6fa0596000): JavaThread "C2 CompilerThread0" daemon [_thread_in_native, id=21291, stack(0x00007f6f3056a000,0x00007f6f3066b000)]
Current CompileTask:
C2: 269 75 % 4 Test::vMeth1 @ 112 (293 bytes)
Stack: [0x00007f6f3056a000,0x00007f6f3066b000], sp=0x00007f6f30665040, free space=1004k
Native frames: (J=compiled Java code, A=aot compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [libjvm.so+0x177f52c] Node::in(unsigned int) const [clone .isra.38] [clone .constprop.281]+0xc
V [libjvm.so+0x1788bcf] SWPointer::SWPointer(MemNode*, SuperWord*, Node_Stack*, bool) [clone .constprop.277]+0x6f
V [libjvm.so+0x17897d9] SuperWord::align_initial_loop_index(MemNode*)+0x279
V [libjvm.so+0x179539d] SuperWord::output()+0xe2d
V [libjvm.so+0x1799418] SuperWord::SLP_extract()+0x278
V [libjvm.so+0x1799a9b] SuperWord::transform_loop(IdealLoopTree*, bool)+0x41b
V [libjvm.so+0x1208506] PhaseIdealLoop::build_and_optimize(LoopOptsMode)+0x1146
Found with fuzzing. Testing bundle is attached, has a few hs_errs and replays inside. Crashes intermittently, roughly in half of invocations, so this is the reproducer:
$ for I in `seq 1 10`; do ~/trunks/jdk-jdk/build/linux-x86_64-server-fastdebug/images/jdk/bin/java Test; done
release build crashes like this:
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00007f9cc1057e89, pid=22579, tid=22594
#
# JRE version: OpenJDK Runtime Environment (14.0) (build 14-internal+0-adhoc.shade.jdk-jdk)
# Java VM: OpenJDK 64-Bit Server VM (14-internal+0-adhoc.shade.jdk-jdk, mixed mode, sharing, tiered, compressed oops, g1 gc, linux-amd64)
# Problematic frame:
# V [libjvm.so+0xf03e89] SWPointer::SWPointer(MemNode*, SuperWord*, Node_Stack*, bool) [clone .constprop.199]+0x49
#
# Core dump will be written. Default location: Core dumps may be processed with "/usr/share/apport/apport %p %s %c %d %P" (or dumping to /home/shade/trunks/JavaFuzzer/tests/0002/core.22579)
#
# If you would like to submit a bug report, please visit:
# http://bugreport.java.com/bugreport/crash.jsp
#
--------------- S U M M A R Y ------------
Command Line: Test
Host: Intel(R) Core(TM) i7-7820X CPU @ 3.60GHz, 16 cores, 125G, Ubuntu 18.04.3 LTS
Time: Wed Aug 14 10:18:52 2019 CEST elapsed time: 0 seconds (0d 0h 0m 0s)
--------------- T H R E A D ---------------
Current thread (0x00007f9cb8486800): JavaThread "C2 CompilerThread0" daemon [_thread_in_native, id=22594, stack(0x00007f9c5847d000,0x00007f9c5857e000)]
Current CompileTask:
C2: 215 64 % 4 Test::vMeth1 @ 112 (293 bytes)
Stack: [0x00007f9c5847d000,0x00007f9c5857e000], sp=0x00007f9c58578a20, free space=1006k
Native frames: (J=compiled Java code, A=aot compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [libjvm.so+0xf03e89] SWPointer::SWPointer(MemNode*, SuperWord*, Node_Stack*, bool) [clone .constprop.199]+0x49
V [libjvm.so+0xf04531] SuperWord::align_initial_loop_index(MemNode*)+0xa1
V [libjvm.so+0xf0a4b7] SuperWord::output()+0xa07
V [libjvm.so+0xf0e720] SuperWord::SLP_extract()+0x70
V [libjvm.so+0xf0ed5c] SuperWord::transform_loop(IdealLoopTree*, bool)+0x26c
fastdebug build crashes like this:
# SIGSEGV (0xb) at pc=0x00007f6fa6f8c52c, pid=21280, tid=21291
#
# JRE version: OpenJDK Runtime Environment (14.0) (fastdebug build 14-internal+0-adhoc.shade.jdk-jdk)
# Java VM: OpenJDK 64-Bit Server VM (fastdebug 14-internal+0-adhoc.shade.jdk-jdk, mixed mode, sharing, tiered, compressed oops, g1 gc, linux-amd64)
# Problematic frame:
# V [libjvm.so+0x177f52c] Node::in(unsigned int) const [clone .isra.38] [clone .constprop.281]+0xc
#
# Core dump will be written. Default location: Core dumps may be processed with "/usr/share/apport/apport %p %s %c %d %P" (or dumping to /home/shade/trunks/JavaFuzzer/tests/0002/core.21280)
#
# If you would like to submit a bug report, please visit:
# http://bugreport.java.com/bugreport/crash.jsp
#
--------------- S U M M A R Y ------------
Command Line: Test
Host: shade-desktop, Intel(R) Core(TM) i7-7820X CPU @ 3.60GHz, 16 cores, 125G, Ubuntu 18.04.3 LTS
Time: Wed Aug 14 09:59:46 2019 CEST elapsed time: 0 seconds (0d 0h 0m 0s)
--------------- T H R E A D ---------------
Current thread (0x00007f6fa0596000): JavaThread "C2 CompilerThread0" daemon [_thread_in_native, id=21291, stack(0x00007f6f3056a000,0x00007f6f3066b000)]
Current CompileTask:
C2: 269 75 % 4 Test::vMeth1 @ 112 (293 bytes)
Stack: [0x00007f6f3056a000,0x00007f6f3066b000], sp=0x00007f6f30665040, free space=1004k
Native frames: (J=compiled Java code, A=aot compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [libjvm.so+0x177f52c] Node::in(unsigned int) const [clone .isra.38] [clone .constprop.281]+0xc
V [libjvm.so+0x1788bcf] SWPointer::SWPointer(MemNode*, SuperWord*, Node_Stack*, bool) [clone .constprop.277]+0x6f
V [libjvm.so+0x17897d9] SuperWord::align_initial_loop_index(MemNode*)+0x279
V [libjvm.so+0x179539d] SuperWord::output()+0xe2d
V [libjvm.so+0x1799418] SuperWord::SLP_extract()+0x278
V [libjvm.so+0x1799a9b] SuperWord::transform_loop(IdealLoopTree*, bool)+0x41b
V [libjvm.so+0x1208506] PhaseIdealLoop::build_and_optimize(LoopOptsMode)+0x1146
Attachments
Issue Links
- relates to
-
JDK-8214751 X86: Support for VNNI Instructions
-
- Resolved
-