Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8017093

JVM crashes in methods compiled by C1 when Metaspace is exhausted

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P2
    • Resolution: Duplicate
    • Affects Version/s: hs25
    • Fix Version/s: hs25
    • Component/s: hotspot

      Description

      JVM crashes in methods compiled by C1 when metaspace is exhausted with "implicit exception happened" message.

      Here is output for run with -XX:+PrintAssembly:

      implicit exception happened at 0xa8eb8bf0
      Compiled method (c1) 669431 5384 2 javasoft.sqe.tests.lang.clss021.clss02103.clss02103_b::qsum (8 bytes)
       total in heap [0xa8eb8ac8,0xa8eb8d18] = 592
       relocation [0xa8eb8b98,0xa8eb8bc0] = 40
       main code [0xa8eb8bc0,0xa8eb8c80] = 192
       stub code [0xa8eb8c80,0xa8eb8cb4] = 52
       oops [0xa8eb8cb4,0xa8eb8cb8] = 4
       metadata [0xa8eb8cb8,0xa8eb8cbc] = 4
       scopes data [0xa8eb8cbc,0xa8eb8cd4] = 24
       scopes pcs [0xa8eb8cd4,0xa8eb8d14] = 64
       dependencies [0xa8eb8d14,0xa8eb8d18] = 4
      0 iload_1
      1 iload_1
      2 imul
      3 iload_2
      4 iload_2
      5 imul
      6 iadd
      7 ireturn
      Decoding compiled method 0xa8eb8ac8:
      Code:
      [Entry Point]
      [Constants]
        # {method}
       {0x7f90e3b0} 'qsum' '(II)I' in 'javasoft/sqe/tests/lang/clss021/clss02103/clss02103_b'
        # this: ecx = 'javasoft/sqe/tests/lang/clss021/clss02103/clss02103_b'
        # parm0: edx = int
        # parm1: [sp+0x30] = int (sp of caller)
        ;; block B1 [0, 0]

      <bunch of nops...>

        0xa8eb8bd7: cmp 0x4(%ecx),%eax ;...3b4104
        0xa8eb8bda: jne 0xa8b4b020 ;...0f854024 c9ff
                                              ; {runtime_call}
      [Verified Entry Point]
        0xa8eb8be0: mov %eax,-0x9000(%esp) ;...89842400 70ffff
        0xa8eb8be7: push %ebp ;...55
        0xa8eb8be8: sub $0x28,%esp ;...83ec28
        0xa8eb8beb: mov $0x0,%eax ;...b8000000 00 <-- putting 0 into EAX
        0xa8eb8bf0: mov 0x8(%eax),%esi ;...8b7008 <-- BOOOOM
        0xa8eb8bf3: add $0x8,%esi ;...83c608
        0xa8eb8bf6: mov %esi,0x8(%eax) ;...897008
        0xa8eb8bf9: mov $0x7f90e3b0,%eax ;...b8b0e390 7f
       {0x7f90e3b0} 'qsum' '(II)I' in 'javasoft/sqe/tests/lang/clss021/clss02103/clss02103_b')}
        0xa8eb8bfe: and $0x3ff8,%esi ;...81e6f83f 0000
        0xa8eb8c04: cmp $0x0,%esi ;...83fe00
        ;; 24 branch [EQ] [CounterOverflowStub: 0x7f30aa10]
        0xa8eb8c07: je 0xa8eb8c2a ;...0f841d00 0000
                                              ;*iload_1
                                              ; - javasoft.sqe.tests.lang.clss021.clss02103.clss02103_b::qsum@0 (line 55)
        ;; block B2 [0, 0]
        0xa8eb8c0d: mov 0x30(%esp),%eax ;...8b442430
        ;; block B0 [0, 7]
        0xa8eb8c11: mov %edx,%esi ;...8bf2
        0xa8eb8c13: imul %edx,%esi ;...0faff2
        0xa8eb8c16: mov %eax,%edi ;...8bf8
        0xa8eb8c18: imul %eax,%edi ;...0faff8
        0xa8eb8c1b: add %edi,%esi ;...03f7
        0xa8eb8c1d: mov %esi,%eax ;...8bc6
        0xa8eb8c1f: add $0x28,%esp ;...83c428
        0xa8eb8c22: pop %ebp ;...5d
        0xa8eb8c23: test %eax,0xb7f53100 ;...85050031 f5b7
        0xa8eb8c29: ret ;...c3
        ;; CounterOverflowStub slow case
        0xa8eb8c2a: mov %eax,0x4(%esp) ;...89442404
        0xa8eb8c2e: movl $0xffffffff,(%esp) ;...c70424ff ffffff
        0xa8eb8c35: call 0xa8bb1800 ;...e8c68bcf ff
                                              ; OopMap{ecx=Oop off=122}
                                              ;*synchronization entry
                                              ; - javasoft.sqe.tests.lang.clss021.clss02103.clss02103_b::qsum@-1 (line 55)
                                              ; {runtime_call}
        0xa8eb8c3a: jmp 0xa8eb8c0d ;...ebd1
        0xa8eb8c3c: nop ;...90
        0xa8eb8c3d: nop ;...90
        ;; Unwind handler
        0xa8eb8c3e: mov %esp,%esi ;...8bf4
        0xa8eb8c40: shr $0xc,%esi ;...c1ee0c
        0xa8eb8c43: mov 0x1bb3500(,%esi,4),%esi ;...8b34b500 35bb01
        0xa8eb8c4a: mov 0x1ac(%esi),%eax ;...8b86ac01 0000
        0xa8eb8c50: movl $0x0,0x1ac(%esi) ;...c786ac01 000000
                                              ;...000000
        0xa8eb8c5a: movl $0x0,0x1b0(%esi) ;...c786b001 000000
                                              ;...000000
        0xa8eb8c64: add $0x28,%esp ;...83c428
        0xa8eb8c67: pop %ebp ;...5d
        0xa8eb8c68: jmp 0xa8bad740 ;...e9d34acf ff
                                              ; {runtime_call}
       
      <bunch of htls...>

      [Exception Handler]
      [Stub Code]
        0xa8eb8c80: mov $0xdead,%ebx ;...bbadde00 00
                                              ; {no_reloc}
        0xa8eb8c85: mov $0xdead,%ecx ;...b9adde00 00
        0xa8eb8c8a: mov $0xdead,%esi ;...beadde00 00
        0xa8eb8c8f: mov $0xdead,%edi ;...bfadde00 00
        0xa8eb8c94: call 0xa8bafcc0 ;...e82770cf ff
                                              ; {runtime_call}
        0xa8eb8c99: push $0x19f8d99 ;...68998d9f 01
                                              ; {external_word}
        0xa8eb8c9e: call 0xa8eb8ca3 ;...e8000000 00
        0xa8eb8ca3: pusha ;...60
        0xa8eb8ca4: call 0x016133e0 ;...e837a775 58
                                              ; {runtime_call}
        0xa8eb8ca9: hlt ;...f4
      [Deopt Handler Code]
        0xa8eb8caa: push $0xa8eb8caa ;...68aa8ceb a8
                                              ; {section_word}
        0xa8eb8caf: jmp 0xa8b4bd80 ;...e9cc30c9 ff
                                              ; {runtime_call}
      pc-bytecode offsets:
      PcDesc(pc=0xa8eb8bbf offset=ffffffff bits=0):
      PcDesc(pc=0xa8eb8c0d offset=4d bits=0):
         javasoft.sqe.tests.lang.clss021.clss02103.clss02103_b::qsum @0
      PcDesc(pc=0xa8eb8c3a offset=7a bits=0):
         javasoft.sqe.tests.lang.clss021.clss02103.clss02103_b::qsum @-1
      PcDesc(pc=0xa8eb8cb5 offset=f5 bits=0):
      #
      # A fatal error has been detected by the Java Runtime Environment:
      #
      # SIGSEGV (0xb) at pc=0xa8eb8bf0, pid=31630, tid=2133187472
      #
      # JRE version: Java(TM) SE Runtime Environment (8.0-b92) (build 1.8.0-ea-fastdebug-b92)
      # Java VM: Java HotSpot(TM) Server VM (25.0-b34-fastdebug compiled mode linux-x86 )
      # Problematic frame:
      # J javasoft.sqe.tests.lang.clss021.clss02103.clss02103_b.qsum(II)I
      #
      # Core dump written. Default location: /export/JQA/pg_stress/core or core.31630
      #
      # An error report file with more information is saved as:
      # /export/JQA/pg_stress/hs_err_pid31630.log
      Compiled method (c1) 669558 5384 2 javasoft.sqe.tests.lang.clss021.clss02103.clss02103_b::qsum (8 bytes)
       total in heap [0xa8eb8ac8,0xa8eb8d18] = 592
       relocation [0xa8eb8b98,0xa8eb8bc0] = 40
       main code [0xa8eb8bc0,0xa8eb8c80] = 192
       stub code [0xa8eb8c80,0xa8eb8cb4] = 52
       oops [0xa8eb8cb4,0xa8eb8cb8] = 4
       metadata [0xa8eb8cb8,0xa8eb8cbc] = 4
       scopes data [0xa8eb8cbc,0xa8eb8cd4] = 24
       scopes pcs [0xa8eb8cd4,0xa8eb8d14] = 64
       dependencies [0xa8eb8d14,0xa8eb8d18] = 4
      #
      # If you would like to submit a bug report, please visit:
      # http://bugreport.sun.com/bugreport/crash.jsp
      #

      I was able to reproduce issue in different linux hosts with latest JDK8 build.
      Issue could be reproduced with C1 or with TieredCompilation turned on (in this case crash happens in method compiled by C1).
      Failed VM test exhaust Metaspace and then starting multiple threads where different JCK-tests are executed.

      I've attached logs for several runs.

      Issue reproduces intermittently: approx. 1/30.

        Attachments

        1. crash1.hotspot.log.zip
          17.54 MB
        2. crash1.hs_err.log
          38 kB
        3. crash1.log.zip
          13.45 MB
        4. crash2.hotspot.log.zip
          18.15 MB
        5. crash2.hs_err.log
          38 kB
        6. crash2.log.zip
          13.84 MB
        7. crash3.gc.log
          18 kB
        8. crash3.hotspot.log.zip
          16.32 MB
        9. crash3.hs_err.log
          37 kB
        10. crash3.log.zip
          12.55 MB
        11. yac.zip
          7 kB

          Issue Links

            Activity

              People

              • Assignee:
                anoll Albert Noll (Inactive)
                Reporter:
                fzhinkin Filipp Zhinkin
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: