Bug ID: JDK-8229694 JVM crash in SWPointer during C2 OSR compilation

JDK-8229694 : JVM crash in SWPointer during C2 OSR compilation

Type: Bug
Component: hotspot
Sub-Component: compiler
Affected Version: 12,13,14

Priority: P2
Status: Closed
Resolution: Fixed

Submitted: 2019-08-14
Updated: 2020-01-30
Resolved: 2019-11-11

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 14
14 b23Fixed

Related Reports

Relates :

JDK-8214751 - X86: Support for VNNI Instructions

Description

(synopsis is provisional, please change as you see fit)

Found with fuzzing. Testing bundle is attached, has a few hs_errs and replays inside. Crashes intermittently, roughly in half of invocations, so this is the reproducer:

$ for I in `seq 1 10`; do ~/trunks/jdk-jdk/build/linux-x86_64-server-fastdebug/images/jdk/bin/java Test; done

release build crashes like this:

# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007f9cc1057e89, pid=22579, tid=22594
#
# JRE version: OpenJDK Runtime Environment (14.0) (build 14-internal+0-adhoc.shade.jdk-jdk)
# Java VM: OpenJDK 64-Bit Server VM (14-internal+0-adhoc.shade.jdk-jdk, mixed mode, sharing, tiered, compressed oops, g1 gc, linux-amd64)
# Problematic frame:
# V  [libjvm.so+0xf03e89]  SWPointer::SWPointer(MemNode*, SuperWord*, Node_Stack*, bool) [clone .constprop.199]+0x49
#
# Core dump will be written. Default location: Core dumps may be processed with "/usr/share/apport/apport %p %s %c %d %P" (or dumping to /home/shade/trunks/JavaFuzzer/tests/0002/core.22579)
#
# If you would like to submit a bug report, please visit:
#   http://bugreport.java.com/bugreport/crash.jsp
#

---------------  S U M M A R Y ------------

Command Line: Test

Host: Intel(R) Core(TM) i7-7820X CPU @ 3.60GHz, 16 cores, 125G, Ubuntu 18.04.3 LTS
Time: Wed Aug 14 10:18:52 2019 CEST elapsed time: 0 seconds (0d 0h 0m 0s)

---------------  T H R E A D  ---------------

Current thread (0x00007f9cb8486800):  JavaThread "C2 CompilerThread0" daemon [_thread_in_native, id=22594, stack(0x00007f9c5847d000,0x00007f9c5857e000)]


Current CompileTask:
C2:    215   64 %     4       Test::vMeth1 @ 112 (293 bytes)

Stack: [0x00007f9c5847d000,0x00007f9c5857e000],  sp=0x00007f9c58578a20,  free space=1006k
Native frames: (J=compiled Java code, A=aot compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0xf03e89]  SWPointer::SWPointer(MemNode*, SuperWord*, Node_Stack*, bool) [clone .constprop.199]+0x49
V  [libjvm.so+0xf04531]  SuperWord::align_initial_loop_index(MemNode*)+0xa1
V  [libjvm.so+0xf0a4b7]  SuperWord::output()+0xa07
V  [libjvm.so+0xf0e720]  SuperWord::SLP_extract()+0x70
V  [libjvm.so+0xf0ed5c]  SuperWord::transform_loop(IdealLoopTree*, bool)+0x26c

fastdebug build crashes like this:

#  SIGSEGV (0xb) at pc=0x00007f6fa6f8c52c, pid=21280, tid=21291
#
# JRE version: OpenJDK Runtime Environment (14.0) (fastdebug build 14-internal+0-adhoc.shade.jdk-jdk)
# Java VM: OpenJDK 64-Bit Server VM (fastdebug 14-internal+0-adhoc.shade.jdk-jdk, mixed mode, sharing, tiered, compressed oops, g1 gc, linux-amd64)
# Problematic frame:
# V  [libjvm.so+0x177f52c]  Node::in(unsigned int) const [clone .isra.38] [clone .constprop.281]+0xc
#
# Core dump will be written. Default location: Core dumps may be processed with "/usr/share/apport/apport %p %s %c %d %P" (or dumping to /home/shade/trunks/JavaFuzzer/tests/0002/core.21280)
#
# If you would like to submit a bug report, please visit:
#   http://bugreport.java.com/bugreport/crash.jsp
#

---------------  S U M M A R Y ------------

Command Line: Test

Host: shade-desktop, Intel(R) Core(TM) i7-7820X CPU @ 3.60GHz, 16 cores, 125G, Ubuntu 18.04.3 LTS
Time: Wed Aug 14 09:59:46 2019 CEST elapsed time: 0 seconds (0d 0h 0m 0s)

---------------  T H R E A D  ---------------

Current thread (0x00007f6fa0596000):  JavaThread "C2 CompilerThread0" daemon [_thread_in_native, id=21291, stack(0x00007f6f3056a000,0x00007f6f3066b000)]


Current CompileTask:
C2:    269   75 %     4       Test::vMeth1 @ 112 (293 bytes)

Stack: [0x00007f6f3056a000,0x00007f6f3066b000],  sp=0x00007f6f30665040,  free space=1004k
Native frames: (J=compiled Java code, A=aot compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0x177f52c]  Node::in(unsigned int) const [clone .isra.38] [clone .constprop.281]+0xc
V  [libjvm.so+0x1788bcf]  SWPointer::SWPointer(MemNode*, SuperWord*, Node_Stack*, bool) [clone .constprop.277]+0x6f
V  [libjvm.so+0x17897d9]  SuperWord::align_initial_loop_index(MemNode*)+0x279
V  [libjvm.so+0x179539d]  SuperWord::output()+0xe2d
V  [libjvm.so+0x1799418]  SuperWord::SLP_extract()+0x278
V  [libjvm.so+0x1799a9b]  SuperWord::transform_loop(IdealLoopTree*, bool)+0x41b
V  [libjvm.so+0x1208506]  PhaseIdealLoop::build_and_optimize(LoopOptsMode)+0x1146

Comments

Checked the regression test compiler/loopopts/superword/AlignmentOnePack.java passes in jdk14 atr and latest CI.
30-01-2020
URL: https://hg.openjdk.java.net/jdk/jdk/rev/586415e8abcb User: thartmann Date: 2019-11-11 09:43:52 +0000
11-11-2019
Hi [~vdeshpande], if you do not mind I will assign it to me. If you have already started working on it just reassign it to you again.
28-10-2019
Hi [~shade], [~vdeshpande], Found the reported crash failure started with or triggered by fix changeset of JDK-8214751, from jdk-12+24 build version onwards. Confirmed reported crash for the original reported test bundle, with JDK 14 builds. But got following type test errors for the original test as such, with previous JDK builds ## bad class file: ./FuzzerUtils.class class file has wrong version 58.0, should be 54.0 ## Exception in thread "main" java.lang.UnsupportedClassVersionError: FuzzerUtils has been compiled by a more recent version of the Java Runtime (class file version 58.0), this version of the Java Runtime only recognizes class file versions up to 57.0 So tried attached modified Test.java test (tried removing FuzzerUtils usages) and got the same reported crash very frequently, with JDK 12, 13, 14 builds. (-XX:-UseSuperWord usage is a workaround for the failure) --------------- $ java Test # A fatal error has been detected by the Java Runtime Environment: # SIGSEGV (0xb) at pc=0x00007f4514548d97, pid=6311, tid=6326 # JRE version: Java(TM) SE Runtime Environment (12.0) (fastdebug build 12-internal+0-2019-08-19-0648149.rvraghav...) # Java VM: Java HotSpot(TM) 64-Bit Server VM (fastdebug 12-internal+0-2019-08-19-0648149.rvraghav..., mixed mode, tiered, compressed oops, g1 gc, linux-amd64) # Problematic frame: # V [libjvm.so+0x185fd97] Node::in(unsigned int) const [clone .isra.37] [clone .constprop.275]+0x7 .......... --------------- T H R E A D --------------- Current thread (0x00007f44c01d0000): JavaThread "C2 CompilerThread1" daemon [_thread_in_native, id=6326, stack(0x00007f44e4bfc000,0x00007f44e4cfd000)] Current CompileTask: C2: 2840 814 % 4 Test::vMeth1 @ 96 (277 bytes) Stack: [0x00007f44e4bfc000,0x00007f44e4cfd000], sp=0x00007f44e4cf6720, free space=1001k Native frames: (J=compiled Java code, A=aot compiled Java code, j=interpreted, Vv=VM code, C=native code) V [libjvm.so+0x185fd97] Node::in(unsigned int) const [clone .isra.37] [clone .constprop.275]+0x7 V [libjvm.so+0x1869153] SWPointer::SWPointer(MemNode, SuperWord, Node_Stack, bool) [clone .constprop.272]+0x73 V [libjvm.so+0x1869da8] SuperWord::align_initial_loop_index(MemNode)+0x228 V [libjvm.so+0x18740e5] SuperWord::output()+0xed5 V [libjvm.so+0x187a8e8] SuperWord::SLP_extract()+0x2d8 V [libjvm.so+0x187afc3] SuperWord::transform_loop(IdealLoopTree, bool)+0x463 V [libjvm.so+0x128e3ba] PhaseIdealLoop::build_and_optimize(LoopOptsMode)+0x11fa V [libjvm.so+0xa32b92] Compile::optimize_loops(PhaseIterGVN&, LoopOptsMode) [clone .part.414]+0x2c2 V [libjvm.so+0xa35ee1] Compile::Optimize()+0xc21 V [libjvm.so+0xa36f5c] Compile::Compile(ciEnv, C2Compiler, ciMethod, int, bool, bool, bool, DirectiveSet)+0xd6c V [libjvm.so+0x829d51] C2Compiler::compile_method(ciEnv, ciMethod, int, DirectiveSet)+0xd1 V [libjvm.so+0xa445f9] CompileBroker::invoke_compiler_on_method(CompileTask)+0x409 V [libjvm.so+0xa45718] CompileBroker::compiler_thread_loop()+0x458 V [libjvm.so+0x1912aa7] JavaThread::thread_main_inner()+0x2c7 V [libjvm.so+0x1912d7c] JavaThread::run()+0x1cc V [libjvm.so+0x190ea65] Thread::call_run()+0x75 V [libjvm.so+0x14e6656] thread_native_entry(Thread)+0x106 --------------- Found the crash started with following fix changeset in jdk-12+24 build version onwards. (fails frequently, but could not get any failure with repeated run with prior versions) http://hg.openjdk.java.net/jdk/jdk/rev/4bb6e0871bf7 changeset: 52992:4bb6e0871bf7 user: vdeshpande date: Wed Dec 12 14:48:34 2018 -0800 summary: 8214751: X86: Support for VNNI Instructions https://bugs.openjdk.java.net/browse/JDK-8214751 (Confirmed fixes of other related bug trail of 8214751, did not fix this reported 8229694 case) Hi [~vdeshpande], request your help to check this. Please unassign if unrelated or missed something. Thanks.
20-08-2019
The crash issue reported here with the testcase seems started from jdk-12+24 build version onwards. Will work to find the related/triggered fix changeset.
19-08-2019