Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8229495

SIGILL in C2 generated OSR compilation

    Details

      Description

      (provisional synopsis, please change as you see fit)

      Found with fuzzing. The testcase is attached. It fails in the first second every 5-th run or so. There are plenty of hs_errs in the attached bundle.

      $ ~/trunks/jdk-jdk/build/linux-x86_64-server-fastdebug/images/jdk/bin/java Test
      #
      # A fatal error has been detected by the Java Runtime Environment:
      #
      # SIGILL (0x4) at pc=0x00007f7693cde65e, pid=12339, tid=12340
      #
      # JRE version: OpenJDK Runtime Environment (14.0) (fastdebug build 14-internal+0-adhoc.shade.jdk-jdk)
      # Java VM: OpenJDK 64-Bit Server VM (fastdebug 14-internal+0-adhoc.shade.jdk-jdk, mixed mode, sharing, tiered, compressed oops, g1 gc, linux-amd64)
      # Problematic frame:
      # J 63% c2 Test.vMeth(IF)V (252 bytes) @ 0x00007f7693cde65e [0x00007f7693cde020+0x000000000000063e]
      #
      # Core dump will be written. Default location: Core dumps may be processed with "/usr/share/apport/apport %p %s %c %d %P" (or dumping to /home/shade/trunks/JavaFuzzer/tests/03934/core.12339)
      #
      # An error report file with more information is saved as:
      # /home/shade/trunks/JavaFuzzer/tests/03934/hs_err_pid12339.log
      #
      # If you would like to submit a bug report, please visit:
      # http://bugreport.java.com/bugreport/crash.jsp
      #
      Current thread is 12340
      Dumping core ...

      The disassembly shows it is ud2 following the call:

       4c 8b 54 24 30 mov r10,QWORD PTR [rsp+0x30]
       4c 89 54 24 20 mov QWORD PTR [rsp+0x20],r10
       89 5c 24 14 mov DWORD PTR [rsp+0x14],ebx
       89 5c 24 28 mov DWORD PTR [rsp+0x28],ebx
       e8 c4 27 46 f8 call 0xfffffffff84627e2
       0f 0b ud2 ; <---- SIGILL here
       0f 0b ud2
       be 8d ff ff ff mov esi,0xffffff8d
       44 89 6c 24 08 mov DWORD PTR [rsp+0x8],r13d
       89 5c 24 0c mov DWORD PTR [rsp+0xc],ebx
       44 89 74 24 14 mov DWORD PTR [rsp+0x14],r14d
       c5 fa 10 4c 24 20 vmovss xmm1,DWORD PTR [rsp+0x20]

      ...so it must be returning incorrectly on some path.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                phedlin Patric Hedlin
                Reporter:
                shade Aleksey Shipilev
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated: