8u152 sigsegv in CounterDecay::do_method during VMThead safepoint processing

Vitaly Davidovich vitalyd at gmail.com
Fri Feb 2 00:00:56 UTC 2018 

On Thu, Feb 1, 2018 at 5:59 PM Vladimir Kozlov <vladimir.kozlov at oracle.com>
wrote:

> Hi Vitaly,
>
> I would suggest to file a bug. I looked through our bugs DB and did not
> find anything similar except
> 8156721 which you pointed.

Hi Vladimir,

Thanks for following up on this.  Would you like me to file a bug or did
you mean someone on the hotspot team?

>
>
> Based on disassembler the problem happened on first instruction:
>
>    static void do_method(Method* m) {
>      MethodCounters* mcs = m->method_counters();
>
>     0x82000000: mov    0x18(%rdi),%rcx
>     0x82000004: push   %rbp
>     0x82000005: mov    %rsp,%rbp
>     0x82000008: test   %rcx,%rcx
>     0x8200000b: je     0x82000035
>
> RDI=0x0000001a00190005
>
> Which means Method* m pointer is corrupted/incorrect (but not 0).

Indeed.  Doesn’t even look like a pointer at all with that 5 in there.

>
>
> CounterDecay::do_method() is called from InstanceKlass::methods_do() which
> has a fix in JDK 9 to
> process only loaded classes:
>
> https://bugs.openjdk.java.net/browse/JDK-8042727
>
> http://hg.openjdk.java.net/jdk9/jdk9/hotspot/rev/2c2aa6de8f60#l4.6
>
> That is the only related changes I found. May be it is a different
> problem. CCing to runtime group.

Thanks for the JDK9 pointer.  We’re slowly trying to get to 9 but it’s
taking a long time and a lot of effort for a variety of reasons.

Do you think that 9 fix could be backported to 8 in case it’s the  same
issue?

>
>
> Regards,
> Vladimir
>
> On 1/22/18 7:36 AM, Vitaly Davidovich wrote:
> > Hi all,
> >
> > Are there any known issues with this method crashing the JVM? Here's a
> (slightly redacted) snippet
> > from the hs_err log:
> >
> > #____
> >
> > # A fatal error has been detected by the Java Runtime Environment:____
> >
> > #____
> >
> > #  SIGSEGV (0xb) at pc=0x00002b14765b7210, pid=140880,
> tid=0x00002b149a643700____
> >
> > #____
> >
> > # JRE version: Java(TM) SE Runtime Environment (8.0_152-b16) (build
> 1.8.0_152-b16)____
> >
> > # Java VM: Java HotSpot(TM) 64-Bit Server VM (25.152-b16 mixed mode
> linux-amd64 compressed oops)____
> >
> > # Problematic frame:____
> >
> > # V  [libjvm.so+0x49c210]  CounterDecay::do_method(Method*)+0x0____
> >
> > #____
> >
> > # Core dump written. Default location: <path> or core.140880____
> >
> > #____
> >
> > # If you would like to submit a bug report, please visit:____
> >
> > # http://bugreport.java.com/bugreport/crash.jsp <
> http://bugreport.java.com/bugreport/crash.jsp>____
> >
> > #____
> >
> > __ __
> >
> > ---------------  T H R E A D  ---------------____
> >
> > __ __
> >
> > Current thread (0x00002b147cb12800):  VMThread [stack:
> 0x00002b149a543000,0x00002b149a644000]
> > [id=140909]____
> >
> > __ __
> >
> > siginfo: si_signo: 11 (SIGSEGV), si_code: 1 (SEGV_MAPERR), si_addr:
> 0x0000001a0019001d____
> >
> > __ __
> >
> > Registers:____
> >
> > RAX=0x0000000000000000, RBX=0x0000000000000001, RCX=0x00002b156839ca18,
> RDX=0x00002b156799fc68____
> >
> > RSP=0x00002b149a6429b8, RBP=0x00002b149a6429e0, RSI=0x00002b14765b7210,
> RDI=0x0000001a00190005____
> >
> > R8 =0x0000000000000010, R9 =0x0000000000000001, R10=0x0000000000000000,
> R11=0x0000000000000001____
> >
> > R12=0x0000000000000007, R13=0x00000007c03c8428, R14=0x00002b14765b7210,
> R15=0x0000000000000000____
> >
> > RIP=0x00002b14765b7210, EFLAGS=0x0000000000010202,
> CSGSFS=0x0000000000000033, ERR=0x0000000000000004____
> >
> >    TRAPNO=0x000000000000000e____
> >
> > __ __
> >
> > Top of Stack: (sp=0x00002b149a6429b8)____
> >
> > 0x00002b149a6429b8:   00002b147675e83d 0000000000000060____
> >
> > 0x00002b149a6429c8:   00002b149a642a10 0000000000000000____
> >
> > 0x00002b149a6429d8:   0000000000000000 00002b149a642a00____
> >
> > 0x00002b149a6429e8:   00002b14765b3cd1 40590bbbbbbbbbbc____
> >
> > 0x00002b149a6429f8:   00002b14770db352 00002b149a642a50____
> >
> > 0x00002b149a642a08:   00002b1476adfbd6 00000000018f0100____
> >
> > 0x00002b149a642a18:   0000000000000000 00002b149a642a40____
> >
> > 0x00002b149a642a28:   00002b1476ba2100 431bde82d7b634db____
> >
> > 0x00002b149a642a38:   00002b14f9ce9800 431bde82d7b634db____
> >
> > 0x00002b149a642a48:   00002b14f9ce9800 00002b149a642b00____
> >
> > 0x00002b149a642a58:   00002b1476ae08a6 00002b14770e6140____
> >
> > 0x00002b149a642a68:   00002b149a642aa0 00002b147709ef83____
> >
> > 0x00002b149a642a78:   0000000000ae12f0 000000307cb12800____
> >
> > 0x00002b149a642a88:   0000000000000000 00000040000003e8____
> >
> > 0x00002b149a642a98:   0000001a0000001a 00002b14ce44b580____
> >
> > 0x00002b149a642aa8:   00002b1478ccda09 00002b1478cbb5d0____
> >
> > 0x00002b149a642ab8:   00002b1400000000 00002b14ce44b5d0____
> >
> > 0x00002b149a642ac8:   00002b14ce44b580 00002b14770db3d8____
> >
> > 0x00002b149a642ad8:   0000000000000000 0000000000000000____
> >
> > 0x00002b149a642ae8:   00002b14770db3d8 00002b147cb12800____
> >
> > 0x00002b149a642af8:   00002b14770e5950 00002b149a642ca0____
> >
> > 0x00002b149a642b08:   00002b1476bf22ef 00002b149a642b20____
> >
> > 0x00002b149a642b18:   00002b149a642c30 00002b149a642b28____
> >
> > 0x00002b149a642b28:   6e69747563657845 65706f204d562067____
> >
> > 0x00002b149a642b38:   203a6e6f69746172 6c6f43636e493147____
> >
> > 0x00002b149a642b48:   506e6f697463656c 6e6f640065737561____
> >
> > 0x00002b149a642b58:   6e6f64206e6f0065 0000000000000065____
> >
> > 0x00002b149a642b68:   0000001577100ce0 0000000000000000____
> >
> > 0x00002b149a642b78:   00002b14770ae164 00002b1476116e40____
> >
> > 0x00002b149a642b88:   0000000000000148 00002b147cb12800____
> >
> > 0x00002b149a642b98:   0000000000000002 00002b149a642c40____
> >
> > 0x00002b149a642ba8:   00002b1475e08a40 00002b149a543000____
> >
> > __ __
> >
> > Instructions: (pc=0x00002b14765b7210)____
> >
> > 0x00002b14765b71f0:   55 31 c0 48 89 e5 c9 c3 90 90 90 90 90 90 90 90____
> >
> > 0x00002b14765b7200:   55 b8 04 00 00 00 48 89 e5 c9 c3 90 90 90 90 90____
> >
> > 0x00002b14765b7210:   48 8b 4f 18 55 48 89 e5 48 85 c9 74 28 8b 51 08____
> >
> > 0x00002b14765b7220:   89 d0 c1 e8 03 89 c6 d1 fe 85 c0 7e 09 85 f6 b8____
> >
> > __ __
> >
> > Register to memory mapping:____
> >
> > __ __
> >
> > RAX=0x0000000000000000 is an unknown value____
> >
> > RBX=0x0000000000000001 is an unknown value____
> >
> > RCX=0x00002b156839ca18 is an unknown value____
> >
> > RDX=0x00002b156799fc68 is pointing into metadata____
> >
> > RSP=0x00002b149a6429b8 is an unknown value____
> >
> > RBP=0x00002b149a6429e0 is an unknown value____
> >
> > RSI=0x00002b14765b7210: <offset 0x49c210> in
> <path>/jre/lib/amd64/server/libjvm.so at
> > 0x00002b147611b000____
> >
> > RDI=0x0000001a00190005 is an unknown value____
> >
> > R8 =0x0000000000000010 is an unknown value____
> >
> > R9 =0x0000000000000001 is an unknown value____
> >
> > R10=0x0000000000000000 is an unknown value____
> >
> > R11=0x0000000000000001 is an unknown value____
> >
> > R12=0x0000000000000007 is an unknown value____
> >
> > R13=0x00000007c03c8428 is pointing into metadata____
> >
> > R14=0x00002b14765b7210: <offset 0x49c210> in
> <path>/jre/lib/amd64/server/libjvm.so at
> > 0x00002b147611b000____
> >
> > R15=0x0000000000000000 is an unknown value____
> >
> > __ __
> >
> > __ __
> >
> > Stack: [0x00002b149a543000,0x00002b149a644000],  sp=0x00002b149a6429b8,
> free space=1022k____
> >
> > Native frames: (J=compiled Java code, j=interpreted, Vv=VM code,
> C=native code)____
> >
> > V  [libjvm.so+0x49c210]  CounterDecay::do_method(Method*)+0x0____
> >
> > V  [libjvm.so+0x498cd1]
> NonTieredCompPolicy::do_safepoint_work()+0x91____
> >
> > V  [libjvm.so+0x9c4bd6]
> SafepointSynchronize::do_cleanup_tasks()+0x76____
> >
> > V  [libjvm.so+0x9c58a6]  SafepointSynchronize::begin()+0x406____
> >
> > V  [libjvm.so+0xad72ef]  VMThread::loop()+0x1bf____
> >
> > V  [libjvm.so+0xad7770]  VMThread::run()+0x70____
> >
> > V  [libjvm.so+0x92d8d8]  java_start(Thread*)+0x108____
> >
> > __ __
> >
> > VM_Operation (0x00002b15140011a0): G1IncCollectionPause, mode:
> safepoint, requested by thread
> > 0x00002b14f9bb8000
> >
> >
> > This is on a Debian Wheezy linux machine running Xeon Broadwell cores.
> The reason I mention this
> > part is a quick google did show
> https://bugs.openjdk.java.net/browse/JDK-8156721 but that JBS is for
> > a different platform (with an overclocked CPU, apparently) and it's
> marked Incomplete.
> >
> > This crash was observed on about 17 separate JVMs (different hosts) at
> about the same time, all
> > running the same application code after about 3 weeks of uptime.
> >
> > I can provide more details if you'd like but wanted to see if this is a
> known (but rarely witnessed)
> > bug.
> >
> > Thanks
> >
>
-- 
Sent from my phone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/hotspot-compiler-dev/attachments/20180202/fbda2cf1/attachment-0001.html>

More information about the hotspot-compiler-dev mailing list