JDK11 Segmentation error vmState=0x00000000

[connglli]

Java -version output

openjdk version "11.0.16-internal" 2022-07-19
OpenJDK Runtime Environment (build 11.0.16-internal+0-adhoc..openj9-openjdk-jdk11)
Eclipse OpenJ9 VM (build master-4ca209b54, JRE 11 Linux amd64-64-Bit Compressed References 20220615_000000 (JIT enabled, AOT enabled)
OpenJ9   - 4ca209b54
OMR      - 26b89f9f9
JCL      - 231dcc9eeb based on jdk-11.0.16+6)

Summary of problem

The following Test.java, which is reduced by us, crashes OpenJ9's JIT compiler. Even through the stacktrace shows the crash happens inside libj9prt29.so and libj9vm29; the bug disappears if you add -Xint. So we reckon this to be a JIT bug.

class Test {
  void vMeth1(int i4, int i5) {
    int ax$1 = 0xf;
    byte[] ax$0 = new byte[ax$1];
    int ax$3 = ax$0.length;
    for (int k = 0; ax$3 > 0; ax$3--) {
      int ax$2 = ax$0.length - ax$3;
      ax$0[ax$2] = (byte) 0xff;
    }
  }

  void vMeth(long l) {
    int i2 = 3;
    vMeth1(6, i2);
  }

  void mainTest(String[] strArr1) {
    for (; ; ) vMeth(4045L);
  }

  public static void main(String[] strArr) {
    Test _instance = new Test();
    _instance.mainTest(strArr);
  }
}

Diagnostic files

By issuing

$ java Test

the following crash log is given:

Unhandled exception
Type=Segmentation error vmState=0x00000000
J9Generic_Signal_Number=00000018 Signal_Number=0000000b Error_Value=00000000 Signal_Code=00000001
Handler1=00007F3E94999FD0 Handler2=00007F3E94781EF0 InaccessibleAddress=00007FFFFFFFFFFF
RDI=00000000001441BD RSI=0000000000000006 RAX=00000000FFFFFFFF RBX=00000007FFFBD550
RCX=0000000000000000 RDX=000000000000000F R8=0000000000000214 R9=00000007FFFBD450
R10=0000000000000000 R11=00007F3E94D9A928 R12=00007F3E94BF1400 R13=00007F3E94BF1970
R14=0000000000000000 R15=00000000148F8DF9
RIP=00007FFFFFFFFFFF GS=0000 FS=0000 RSP=00000000001441C0
EFlags=0000000000010206 CS=0033 RBP=000000000004DD00 ERR=0000000000000015
TRAPNO=000000000000000E OLDMASK=0000000000000000 CR2=00007FFFFFFFFFFF
xmm0 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm1 0000000048558800 (f: 1213564928.000000, d: 5.995807e-315)
xmm2 00007f3e94bf10d0 (f: 2495549696.000000, d: 6.912312e-310)
xmm3 bfe0441699a44826 (f: 2577680384.000000, d: -5.083116e-01)
xmm4 000000003f8b8000 (f: 1066106880.000000, d: 5.267268e-315)
xmm5 bff0000000000000 (f: 0.000000, d: -1.000000e+00)
xmm6 3fbc5e53aa362eb4 (f: 2855677696.000000, d: 1.108143e-01)
xmm7 4140000000000000 (f: 0.000000, d: 2.097152e+06)
xmm8 38002a2838002968 (f: 939534720.000000, d: 5.937964e-39)
xmm9 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm10 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm11 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm12 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm13 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm14 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm15 0000000000000000 (f: 0.000000, d: 0.000000e+00)
Target=2_90_20220615_000000 (Linux 5.4.0-117-generic)
CPU=amd64 (128 logical CPUs) (0x3ee84d8000 RAM)
----------- Stack Backtrace -----------
protectedBacktrace+0x12 (0x00007F3E9477E492 [libj9prt29.so+0x25492])
omrsig_protect+0x1e3 (0x00007F3E94782C53 [libj9prt29.so+0x29c53])
omrintrospect_backtrace_thread_raw+0xbf (0x00007F3E9477E98F [libj9prt29.so+0x2598f])
omrsig_protect+0x1e3 (0x00007F3E94782C53 [libj9prt29.so+0x29c53])
omrintrospect_backtrace_thread+0x70 (0x00007F3E9477E350 [libj9prt29.so+0x25350])
generateDiagnosticFiles+0x84 (0x00007F3E94999B14 [libj9vm29.so+0x3fb14])
omrsig_protect+0x1e3 (0x00007F3E94782C53 [libj9prt29.so+0x29c53])
vmSignalHandler+0x185 (0x00007F3E94999D85 [libj9vm29.so+0x3fd85])
 (0x00007F3E94A97C95 [libj9vm29.so+0x13dc95])
---------------------------------------
JVMDUMP039I Processing dump event "gpf", detail "" at 2022/07/01 15:34:17 - please wait.
JVMDUMP032I JVM requested System dump using '/zdata/congli/ax-exp/ax-eval/2-ax-only/88.hotspot/mutant/red/core.20220701.153417.2131536.0001.dmp' in response to an event
JVMDUMP010I System dump written to /zdata/congli/ax-exp/ax-eval/2-ax-only/88.hotspot/mutant/red/core.20220701.153417.2131536.0001.dmp
JVMDUMP032I JVM requested Java dump using '/zdata/congli/ax-exp/ax-eval/2-ax-only/88.hotspot/mutant/red/javacore.20220701.153417.2131536.0002.txt' in response to an event
JVMDUMP010I Java dump written to /zdata/congli/ax-exp/ax-eval/2-ax-only/88.hotspot/mutant/red/javacore.20220701.153417.2131536.0002.txt
JVMDUMP032I JVM requested Snap dump using '/zdata/congli/ax-exp/ax-eval/2-ax-only/88.hotspot/mutant/red/Snap.20220701.153417.2131536.0003.trc' in response to an event
JVMDUMP010I Snap dump written to /zdata/congli/ax-exp/ax-eval/2-ax-only/88.hotspot/mutant/red/Snap.20220701.153417.2131536.0003.trc
JVMDUMP032I JVM requested JIT dump using '/zdata/congli/ax-exp/ax-eval/2-ax-only/88.hotspot/mutant/red/jitdump.20220701.153417.2131536.0004.dmp' in response to an event
JVMDUMP051I JIT dump occurred in 'main' thread 0x000000000004DD00
JVMDUMP010I JIT dump written to /zdata/congli/ax-exp/ax-eval/2-ax-only/88.hotspot/mutant/red/jitdump.20220701.153417.2131536.0004.dmp
JVMDUMP013I Processed dump event "gpf", detail "".

Please also check openj9-bug-88.tar.gz for all the logs (jitdump, snap, etc.), the test (Test.java, Test.class), and the unreduced test (Test.java.orig).

Notice

The given Test.java (which is reduced by us) is always reproducible for us. If it is not reproducible for you, please use Test.java.orig in the above link.

[0xdaryl]

@nbhuiyan : please investigate this.

Moving to 0.36.

[hzongaro]

Nazim @nbhuiyan, I suspect this might be another occurrence of issue #15474, which was fixed with pull request #15870.

[nbhuiyan]

Thanks for pointing that out, @hzongaro! By including #15870 in my build, this crash is no longer reproducible.