United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-7145024 Crashes in ucrypto related to C2
JDK-7145024 : Crashes in ucrypto related to C2

Details
Type:
Bug
Submit Date:
2012-02-13
Status:
Closed
Updated Date:
2013-06-10
Project Name:
JDK
Resolved Date:
2012-03-24
Component:
hotspot
OS:
generic
Sub-Component:
compiler
CPU:
generic
Priority:
P1
Resolution:
Fixed
Affected Versions:
hs23,8
Fixed Versions:
7u4 (b16)

Related Reports
Backport:
Backport:
Backport:
Backport:
Duplicate:
Relates:
Relates:

Sub Tasks

Description
# A fatal error has been detected by the Java Runtime Environment:
#
#  Internal Error (frame.cpp:1158), pid=22981, tid=13
#  Error: ShouldNotReachHere()
#
# JRE version: 7.0_04-b11
# Java VM: Java HotSpot(TM) 64-Bit Server VM (23.0-b15-internal-201202102004.jcoomes.hs23-b15-jdk7u4-b12 mixed mode solaris-amd64 compressed oops)

Stack: [0xfffffd7ff0492000,0xfffffd7ff0592000],  sp=0xfffffd7ff0590c00,  free space=1019k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0x1087e5b]  void VMError::report(outputStream*)+0x8bb;;  void VMError::report(outputStream*)+0x8bb
V  [libjvm.so+0x1088f80]  void VMError::report_and_die()+0x4fc;;  void VMError::report_and_die()+0x4fc
V  [libjvm.so+0xa06a59]  void report_should_not_reach_here(const char*,int)+0x59;;  void report_should_not_reach_here(const char*,int)+0x59
V  [libjvm.so+0xa7a38e]  void frame::oops_do_internal(OopClosure*,CodeBlobClosure*,RegisterMap*,bool)+0x132;;  void frame::oops_do_internal(OopClosure*,CodeBlobClosure*,RegisterMap*,bool)+0x132
V  [libjvm.so+0x102fc1c]  void JavaThread::oops_do(OopClosure*,CodeBlobClosure*)+0x1b8;;  void JavaThread::oops_do(OopClosure*,CodeBlobClosure*)+0x1b8
V  [libjvm.so+0x470f97]  void ThreadRootsTask::do_it(GCTaskManager*,unsigned)+0x6b;;  void ThreadRootsTask::do_it(GCTaskManager*,unsigned)+0x6b
V  [libjvm.so+0x5ff4f4]  void GCTaskThread::run()+0x264;;  void GCTaskThread::run()+0x264
V  [libjvm.so+0xeee7fa]  java_start+0x9d2;;  java_start+0x9d2
C  [libc.so.1+0x121021]  _thrp_setup+0xa5;;  _thrp_setup+0xa5
C  [libc.so.1+0x1212c0]  _lwp_start+0x0;;  _lwp_start+0x0

JavaThread 0x0000000008c73800 (nid = 243) was being processed
Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
J  com.oracle.security.ucrypto.NativeDigest.nativeUpdate(IJ[BII)I
C  0xfffffd7f00000000

[error occurred during error reporting (printing target Java thread stack), id 0xb]
# A fatal error has been detected by the Java Runtime Environment:
#
#  Internal Error (/tmp/jprt/P1/200445.jcoomes/source/src/share/vm/compiler/oopMap.cpp:154), pid=26223, tid=1330
#  assert(_locs_used[reg->value()] == OopMapValue::unused_value) failed: cannot insert twice
#
# JRE version: 7.0_04-b11
# Java VM: Java HotSpot(TM) 64-Bit Server VM (23.0-b15-internal-201202102004.jcoomes.hs23-b15-jdk7u4-b12-fastdebug compiled mode solaris-amd64 compressed oops)
Stack: [0xfffffd7ffbb42000,0xfffffd7ffbc42000],  sp=0xfffffd7ffbc37980,  free space=982k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0x286e53c]  void VMError::report(outputStream*)+0x8c8;;  void VMError::report(outputStream*)+0x8c8
V  [libjvm.so+0x286f6ad]  void VMError::report_and_die()+0x4fd;;  void VMError::report_and_die()+0x4fd
V  [libjvm.so+0xf1ac1f]  void report_vm_error(const char*,int,const char*,const char*)+0x55f;;  void report_vm_error(const char*,int,const char*,const char*)+0x55f
V  [libjvm.so+0x2287859]  void OopMap::set_oop(VMRegImpl*)+0x181;;  void OopMap::set_oop(VMRegImpl*)+0x181
V  [libjvm.so+0x25742fb]  void save_or_restore_arguments(MacroAssembler*,int,int,int,OopMap*,VMRegPair*,BasicType*)+0x17a3;;  void save_or_restore_arguments(MacroAssembler*,int,int,int,OopMap*,VMRegPair*,BasicType*)+0x17a3
V  [libjvm.so+0x2575f41]  void check_needs_gc_for_critical_native(MacroAssembler*,int,int,int,int,OopMapSet*,VMRegPair*,BasicType*)+0x175;;  void check_needs_gc_for_critical_native(MacroAssembler*,int,int,int,int,OopMapSet*,VMRegPair*,BasicType*)+0x175
V  [libjvm.so+0x257ada7]  nmethod*SharedRuntime::generate_native_wrapper(MacroAssembler*,methodHandle,int,int,int,BasicType*,VMRegPair*,BasicType)+0x173f;;  nmethod*SharedRuntime::generate_native_wrapper(MacroAssembler*,methodHandle,int,int,int,BasicType*,VMRegPair*,BasicType)+0x173f
V  [libjvm.so+0x2552160]  nmethod*AdapterHandlerLibrary::create_native_wrapper(methodHandle,int)+0xae4;;  nmethod*AdapterHandlerLibrary::create_native_wrapper(methodHandle,int)+0xae4
V  [libjvm.so+0xd729bf]  nmethod*CompileBroker::compile_method(methodHandle,int,int,methodHandle,int,const char*,Thread*)+0x1467;;  nmethod*CompileBroker::compile_method(methodHandle,int,int,methodHandle,int,const char*,Thread*)+0x1467
V  [libjvm.so+0x1e1fccf]  void CallInfo::set_common(KlassHandle,KlassHandle,methodHandle,methodHandle,int,Thread*)+0xaef;;  void CallInfo::set_common(KlassHandle,KlassHandle,methodHandle,methodHandle,int,Thread*)+0xaef
V  [libjvm.so+0x1e2e3aa]  void LinkResolver::resolve_static_call(CallInfo&,KlassHandle&,Symbol*,Symbol*,KlassHandle,bool,bool,Thread*)+0xa46;;  void LinkResolver::resolve_static_call(CallInfo&,KlassHandle&,Symbol*,Symbol*,KlassHandle,bool,bool,Thread*)+0xa46
V  [libjvm.so+0x1e4610a]  void LinkResolver::resolve_invokestatic(CallInfo&,constantPoolHandle,int,Thread*)+0xa1e;;  void LinkResolver::resolve_invokestatic(CallInfo&,constantPoolHandle,int,Thread*)+0xa1e
V  [libjvm.so+0x1e44982]  void LinkResolver::resolve_invoke(CallInfo&,Handle,constantPoolHandle,int,Bytecodes::Code,Thread*)+0x7aa;;  void LinkResolver::resolve_invoke(CallInfo&,Handle,constantPoolHandle,int,Bytecodes::Code,Thread*)+0x7aa
V  [libjvm.so+0x253b134]  Handle SharedRuntime::find_callee_info_helper(JavaThread*,vframeStream&,Bytecodes::Code&,CallInfo&,Thread*)+0x135c;;  Handle SharedRuntime::find_callee_info_helper(JavaThread*,vframeStream&,Bytecodes::Code&,CallInfo&,Thread*)+0x135c
V  [libjvm.so+0x253e684]  methodHandle SharedRuntime::resolve_sub_helper(JavaThread*,bool,bool,Thread*)+0xb84;;  methodHandle SharedRuntime::resolve_sub_helper(JavaThread*,bool,bool,Thread*)+0xb84
V  [libjvm.so+0x253d671]  methodHandle SharedRuntime::resolve_helper(JavaThread*,bool,bool,Thread*)+0x35;;  methodHandle SharedRuntime::resolve_helper(JavaThread*,bool,bool,Thread*)+0x35
V  [libjvm.so+0x25417f6]  unsigned char*SharedRuntime::resolve_static_call_C(JavaThread*)+0x126;;  unsigned char*SharedRuntime::resolve_static_call_C(JavaThread*)+0x126
v  ~RuntimeStub::resolve_static_call
J  com.oracle.security.ucrypto.NativeKey$RSAPrivateCrt.<init>(Ljava/security/spec/KeySpec;)V
J  java.security.Signature$Delegate.engineInitSign(Ljava/security/PrivateKey;)V
V  [libjvm.so+0x15ef8d4]  void JavaCalls::call_helper(JavaValue*,methodHandle*,JavaCallArguments*,Thread*)+0x9d4;;  void JavaCalls::call_helper(JavaValue*,methodHandle*,JavaCallArguments*,Thread*)+0x9d4
V  [libjvm.so+0x15eeebc]  void JavaCalls::call(JavaValue*,methodHandle,JavaCallArguments*,Thread*)+0x44;;  void JavaCalls::call(JavaValue*,methodHandle,JavaCallArguments*,Thread*)+0x44
V  [libjvm.so+0x24b4459]  oop Reflection::invoke(instanceKlassHandle,methodHandle,Handle,bool,objArrayHandle,BasicType,objArrayHandle,bool,Thread*)+0x2fc5;;  oop Reflection::invoke(instanceKlassHandle,methodHandle,Handle,bool,objArrayHandle,BasicType,objArrayHandle,bool,Thread*)+0x2fc5
V  [libjvm.so+0x24b7295]  oop Reflection::invoke_method(oop,Handle,objArrayHandle,Thread*)+0xdd5;;  oop Reflection::invoke_method(oop,Handle,objArrayHandle,Thread*)+0xdd5
V  [libjvm.so+0x19abcce]  JVM_InvokeMethod+0xae2;;  JVM_InvokeMethod+0xae2
C  [libjava.so+0x1b83e]  Java_sun_reflect_NativeMethodAccessorImpl_invoke0+0x12;;  Java_sun_reflect_NativeMethodAccessorImpl_invoke0+0x12
J  sun.reflect.NativeMethodAccessorImpl.invoke0(Ljava/lang/reflect/Method;Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
v  ~RuntimeStub::resolve_static_call
J  com.oracle.security.ucrypto.NativeKey$RSAPrivateCrt.<init>(Ljava/security/spec/KeySpec;)V
J  com.oracle.security.ucrypto.NativeRSAKeyFactory.engineGeneratePrivate(Ljava/security/spec/KeySpec;)Ljava/security/PrivateKey;
j  com.oracle.security.ucrypto.NativeRSASignature.engineInitSign(Ljava/security/PrivateKey;)V+123
J  java.security.Signature$Delegate.engineInitSign(Ljava/security/PrivateKey;)V
J  javasoft.sqe.tests.api.java.security.Signature.updateTests.update001()Ljavasoft/sqe/javatest/Status;
v  ~StubRoutines::call_stub
J  sun.reflect.NativeMethodAccessorImpl.invoke0(Ljava/lang/reflect/Method;Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;
J  sun.reflect.NativeMethodAccessorImpl.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;
J  sun.reflect.DelegatingMethodAccessorImpl.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;
J  java.lang.reflect.Method.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;
J  javasoft.sqe.jck.lib.ProviderTest.invokeTestCase(Ljava/lang/reflect/Method;)Ljavasoft/sqe/javatest/Status;
J  javasoft.sqe.javatest.lib.MultiTest.run([Ljava/lang/String;Ljava/io/PrintWriter;Ljava/io/PrintWriter;)Ljavasoft/sqe/javatest/Status;
J  javasoft.sqe.javatest.lib.MultiTest.run([Ljava/lang/String;Ljava/io/PrintStream;Ljava/io/PrintStream;)Ljavasoft/sqe/javatest/Status;
J  javasoft.sqe.tests.api.java.security.Signature.updateTests.main([Ljava/lang/String;)V
v  ~StubRoutines::call_stub
J  sun.reflect.NativeMethodAccessorImpl.invoke0(Ljava/lang/reflect/Method;Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;
J  sun.reflect.NativeMethodAccessorImpl.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;
J  sun.reflect.DelegatingMethodAccessorImpl.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;
J  java.lang.reflect.Method.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;
J  runThese$TestRunner$1.run()V
v  ~StubRoutines::call_stub
Also this crash happened during SPECjbb2012 run on vmsqe-x4170-04:

#  Internal Error (frame.cpp:1158), pid=5695, tid=15
#  Error: ShouldNotReachHere()
#
# JRE version: 8.0-b26
# Java VM: Java HotSpot(TM) 64-Bit Server VM (23.0-b15 mixed mode solaris-amd64 )

Stack: [0x0000000000000000,0x0000000000000000],  sp=0xfffffd7ffdf37100,  free space=18014395825093852k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0x1087e5b]  void VMError::report(outputStream*)+0x8bb
V  [libjvm.so+0x1088f80]  void VMError::report_and_die()+0x4fc
V  [libjvm.so+0xa06a59]  void report_should_not_reach_here(const char*,int)+0x59
V  [libjvm.so+0xa7a38e]  void frame::oops_do_internal(OopClosure*,CodeBlobClosure*,RegisterMap*,bool)+0x132
V  [libjvm.so+0x102fc1c]  void JavaThread::oops_do(OopClosure*,CodeBlobClosure*)+0x1b8
V  [libjvm.so+0x1034861]  void Threads::possibly_parallel_oops_do(OopClosure*,CodeBlobClosure*)+0x9d
V  [libjvm.so+0xf7b55b]  void SharedHeap::process_strong_roots(bool,bool,SharedHeap::ScanningOption,OopClosure*,CodeBlobClosure*,OopsInGenClosure*)+0xbf
V  [libjvm.so+0xa922ae]  void G1CollectedHeap::g1_process_strong_roots(bool,SharedHeap::ScanningOption,OopClosure*,OopsInHeapRegionClosure*,OopsInGenClosure*,int)+0x202
V  [libjvm.so+0xa970ef]  void G1ParTask::work(unsigned)+0x6eb
V  [libjvm.so+0x109a545]  void GangWorker::loop()+0x99

hs_err file is attached.
Also happened with Specjvm2008 crypto subbenchmark on Solaris-i586 and Solaris-amd64

See comments for details

                                    

Comments
EVALUATION

http://hg.openjdk.java.net/hsx/hotspot-comp/hotspot/rev/2ee7dcc77c63
                                     
2012-02-28
EVALUATION

7145024: Crashes in ucrypto related to C2
Reviewed-by: kvn

There are two issues here.  The first issue, that resulted in the
asserts was incorrect incrementing of the slots when building the oop
map.  Fixing that exposed the second issue which is that different
signatures may require very different orders for the move to avoid
clobbering other arguments.  There's no simple way to order them
safely so I resurrected some old C1 code for computing a safe order
for issuing stores and break any cycles in those stores.  The code
itself is fairly general but it's not necessary on the other platforms
so I kept it in the platform dependent code instead of moving it into
a shared file.  Tested with a new manual test that exercises all
permutations of 8 arguments that mix primtives and arrays on Solaris,
Linux and Windows.  Also tested with failing
javasoft.sqe.tests.api.java.security.Signature.updateTests test.

The crashes in frame.cpp are likely caused by overwriting parts of the stack in the logic the logic that was miscounting the handle space.

I attached a test case that exercises various signatures and caught the bug in the report.
                                     
2012-02-29
WORK AROUND

-XX:-CriticalJNINatives
                                     
2012-02-29
EVALUATION

http://hg.openjdk.java.net/hsx/hsx23/hotspot/rev/ad0b499ddb18
                                     
2012-03-08
EVALUATION

http://hg.openjdk.java.net/lambda/lambda/hotspot/rev/2ee7dcc77c63
                                     
2012-03-22



Hardware and Software, Engineered to Work Together