Bug ID: JDK-8144851 java/lang/StackWalker/LocalsAndOperands.java: SEGV in StackValue::create_stack

Type: Bug
Component: hotspot
Sub-Component: compiler
Affected Version: 9

Priority: P2
Status: Closed
Resolution: Duplicate

Submitted: 2015-12-07
Updated: 2016-03-18
Resolved: 2016-03-18

JDK 9
9Resolved

This happens on almost all platforms with +DeoptimizeALot

#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007f25c784fc98, pid=46585, tid=50539
#
# JRE version: Java(TM) SE Runtime Environment (9.0) (build 9-internal+0-2015-12-04-214318.mikael.8144657)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (9-internal+0-2015-12-04-214318.mikael.8144657, compiled mode, tiered, compressed oops, g1 gc, linux-amd64)
# Problematic frame:
# V  [libjvm.so+0x1250c98]  StackValue::create_stack_value(frame const*, RegisterMap const*, ScopeValue*)+0x3e8
#
# Core dump will be written. Default location: Core dumps may be processed with "/usr/libexec/abrt-hook-ccpp %s %c %p %u %g %t e" (or dumping to /export/home/aurora/sandbox/results/workDir/java/lang/StackWalker/LocalsAndOperands/core.46585)
#
# If you would like to submit a bug report, please visit:
#   http://bugreport.java.com/bugreport/crash.jsp
#

---------------  T H R E A D  ---------------

Current thread (0x00007f25c07f9800):  JavaThread "MainThread" [_thread_in_vm, id=50539, stack(0x00007f23b0fd5000,0x00007f23b10d6000)]

Stack: [0x00007f23b0fd5000,0x00007f23b10d6000],  sp=0x00007f23b10d2520,  free space=1013k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0x1250c98]  StackValue::create_stack_value(frame const*, RegisterMap const*, ScopeValue*)+0x3e8;;  StackValue::create_stack_value(frame const*, RegisterMap const*, ScopeValue*)+0x3e8
V  [libjvm.so+0x1391b1d]  compiledVFrame::locals() const+0x29d;;  compiledVFrame::locals() const+0x29d
V  [libjvm.so+0x1253709]  StackWalk::fill_live_stackframe(Handle, methodHandle const&, int, javaVFrame*, Thread*)+0x39;;  StackWalk::fill_live_stackframe(Handle, methodHandle const&, int, javaVFrame*, Thread*)+0x39
V  [libjvm.so+0x1254f31]  StackWalk::fill_in_frames(long, vframeStream&, int, int, objArrayHandle, objArrayHandle, int&, Thread*)+0xea1;;  StackWalk::fill_in_frames(long, vframeStream&, int, int, objArrayHandle, objArrayHandle, int&, Thread*)+0xea1
V  [libjvm.so+0x1257765]  StackWalk::walk(Handle, long, int, int, int, objArrayHandle, objArrayHandle, Thread*)+0x10e5;;  StackWalk::walk(Handle, long, int, int, int, objArrayHandle, objArrayHandle, Thread*)+0x10e5
V  [libjvm.so+0xd1564b]  JVM_CallStackWalk+0x26b;;  JVM_CallStackWalk+0x26b
J 2845  java.lang.StackStreamFactory$AbstractStackWalker.callStackWalk(JIII[Ljava/lang/Class;[Ljava/lang/StackWalker$StackFrame;)Ljava/lang/Object; (0 bytes) @ 0x00007f25b54fb12a [0x00007f25b54fafc0+0x000000000000016a]
J 2826 C1 java.lang.StackStreamFactory$AbstractStackWalker.beginStackWalk()Ljava/lang/Object; (42 bytes) @ 0x00007f25ae9358dc [0x00007f25ae935520+0x00000000000003bc]
J 2817 C1 java.lang.StackStreamFactory$AbstractStackWalker.walk()Ljava/lang/Object; (25 bytes) @ 0x00007f25ae92ea9c [0x00007f25ae92e8e0+0x00000000000001bc]
j  java.lang.StackWalker.walk(Ljava/util/function/Function;)Ljava/lang/Object;+10
j  LocalsAndOperands.test()V+28
j  LocalsAndOperands.main([Ljava/lang/String;)V+148
v  ~StubRoutines::call_stub
V  [libjvm.so+0xc29246]  JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, Thread*)+0xe86;;  JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, Thread*)+0xe86
V  [libjvm.so+0x11addb6]  Reflection::invoke(instanceKlassHandle, methodHandle const&, Handle, bool, objArrayHandle, BasicType, objArrayHandle, bool, Thread*)+0xc56;;  Reflection::invoke(instanceKlassHandle, methodHandle const&, Handle, bool, objArrayHandle, BasicType, objArrayHandle, bool, Thread*)+0xc56
V  [libjvm.so+0x11aebba]  Reflection::invoke_method(oop, Handle, objArrayHandle, Thread*)+0x23a;;  Reflection::invoke_method(oop, Handle, objArrayHandle, Thread*)+0x23a
V  [libjvm.so+0xd3427d]  JVM_InvokeMethod+0x21d;;  JVM_InvokeMethod+0x21d
J 443  sun.reflect.NativeMethodAccessorImpl.invoke0(Ljava/lang/reflect/Method;Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object; (0 bytes) @ 0x00007f25b53e1234 [0x00007f25b53e10c0+0x0000000000000174]
J 442 C2 sun.reflect.NativeMethodAccessorImpl.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object; (104 bytes) @ 0x00007f25b53e0be0 [0x00007f25b53e0ac0+0x0000000000000120]
J 440 C2 sun.reflect.DelegatingMethodAccessorImpl.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object; (10 bytes) @ 0x00007f25b53e07dc [0x00007f25b53e0700+0x00000000000000dc]
J 430 C1 java.lang.reflect.Method.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object; (62 bytes) @ 0x00007f25ae129cfc [0x00007f25ae129a20+0x00000000000002dc]
j  com.sun.javatest.regtest.agent.MainWrapper$MainThread.run()V+60
J 1272 C1 java.lang.Thread.run()V (17 bytes) @ 0x00007f25ae345784 [0x00007f25ae3455c0+0x00000000000001c4]
v  ~StubRoutines::call_stub
V  [libjvm.so+0xc29246]  JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, Thread*)+0xe86;;  JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, Thread*)+0xe86
V  [libjvm.so+0xc29bcd]  JavaCalls::call_virtual(JavaValue*, KlassHandle, Symbol*, Symbol*, JavaCallArguments*, Thread*)+0x6bd;;  JavaCalls::call_virtual(JavaValue*, KlassHandle, Symbol*, Symbol*, JavaCallArguments*, Thread*)+0x6bd
V  [libjvm.so+0xc2a24f]  JavaCalls::call_virtual(JavaValue*, Handle, KlassHandle, Symbol*, Symbol*, Thread*)+0xbf;;  JavaCalls::call_virtual(JavaValue*, Handle, KlassHandle, Symbol*, Symbol*, Thread*)+0xbf
V  [libjvm.so+0xd0f1e0]  thread_entry(JavaThread*, Thread*)+0xc0;;  thread_entry(JavaThread*, Thread*)+0xc0
V  [libjvm.so+0x1315c8a]  JavaThread::thread_main_inner()+0x16a;;  JavaThread::thread_main_inner()+0x16a
V  [libjvm.so+0x1315eac]  JavaThread::run()+0x1cc;;  JavaThread::run()+0x1cc
V  [libjvm.so+0x109c742]  java_start(Thread*)+0xd2;;  java_start(Thread*)+0xd2
C  [libpthread.so.0+0x7df3]  start_thread+0xc3

Closing this as duplicate of JDK-8147039. We should re-open this bug if JDK-8147039 does not fix the problem or the fix is not ready soon.
18-03-2016
For reference: http://mail.openjdk.java.net/pipermail/hotspot-compiler-dev/2015-December/020464.html Roland's fix: http://cr.openjdk.java.net/~roland/8144851/webrev.00/
18-03-2016
Not pushing because JDK-8147039 will likely refactor the code and make this bug obsolete
19-01-2016
The crash occurs because the local which is retrieved by the stack walking code is stored in rbp. The correct rbp location is only kept in the RegisterMap if _update_map is true for that RegisterMap which is never true for vframeStream.
17-12-2015
Reassign to hotspot compiler. This issue seems to be related to getting the locals from a deoptimized frame that: reg_map->location(VMRegImpl::as_VMReg(loc.register_number())) is returning null.
10-12-2015
Further information about the source of the crash: According to gdb, the SEGV happens when dereferencing value_addr on line ~111 of hotspot/src/share/vm/runtime/stackValue.cpp: case Location::oop: { oop val = (oop )value_addr; value_addr is set on line ~45: address value_addr = loc.is_register() // Value was in a callee-save register ? reg_map->location(VMRegImpl::as_VMReg(loc.register_number())) // Else value was directly saved on the stack. The frame's original stack pointer, // before any extension by its callee (due to Compiler1 linkage on SPARC), must be used. : ((address)fr->unextended_sp()) + loc.stack_offset(); loc.is_register() is returning true, so value_addr is coming from the reg_map.
09-12-2015
Brent - can you take this too as it is related to JDK-8144553.
08-12-2015