Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8229495

SIGILL in C2 generated OSR compilation



      (provisional synopsis, please change as you see fit)

      Found with fuzzing. The testcase is attached. It fails in the first second every 5-th run or so. There are plenty of hs_errs in the attached bundle.

      $ ~/trunks/jdk-jdk/build/linux-x86_64-server-fastdebug/images/jdk/bin/java Test
      # A fatal error has been detected by the Java Runtime Environment:
      # SIGILL (0x4) at pc=0x00007f7693cde65e, pid=12339, tid=12340
      # JRE version: OpenJDK Runtime Environment (14.0) (fastdebug build 14-internal+0-adhoc.shade.jdk-jdk)
      # Java VM: OpenJDK 64-Bit Server VM (fastdebug 14-internal+0-adhoc.shade.jdk-jdk, mixed mode, sharing, tiered, compressed oops, g1 gc, linux-amd64)
      # Problematic frame:
      # J 63% c2 Test.vMeth(IF)V (252 bytes) @ 0x00007f7693cde65e [0x00007f7693cde020+0x000000000000063e]
      # Core dump will be written. Default location: Core dumps may be processed with "/usr/share/apport/apport %p %s %c %d %P" (or dumping to /home/shade/trunks/JavaFuzzer/tests/03934/core.12339)
      # An error report file with more information is saved as:
      # /home/shade/trunks/JavaFuzzer/tests/03934/hs_err_pid12339.log
      # If you would like to submit a bug report, please visit:
      # http://bugreport.java.com/bugreport/crash.jsp
      Current thread is 12340
      Dumping core ...

      The disassembly shows it is ud2 following the call:

       4c 8b 54 24 30 mov r10,QWORD PTR [rsp+0x30]
       4c 89 54 24 20 mov QWORD PTR [rsp+0x20],r10
       89 5c 24 14 mov DWORD PTR [rsp+0x14],ebx
       89 5c 24 28 mov DWORD PTR [rsp+0x28],ebx
       e8 c4 27 46 f8 call 0xfffffffff84627e2
       0f 0b ud2 ; <---- SIGILL here
       0f 0b ud2
       be 8d ff ff ff mov esi,0xffffff8d
       44 89 6c 24 08 mov DWORD PTR [rsp+0x8],r13d
       89 5c 24 0c mov DWORD PTR [rsp+0xc],ebx
       44 89 74 24 14 mov DWORD PTR [rsp+0x14],r14d
       c5 fa 10 4c 24 20 vmovss xmm1,DWORD PTR [rsp+0x20]

      ...so it must be returning incorrectly on some path.


          Issue Links



              • Assignee:
                phedlin Patric Hedlin
                shade Aleksey Shipilev
              • Votes:
                0 Vote for this issue
                4 Start watching this issue


                • Created: