search

eclipse-openj9 / openj9

Eclipse OpenJ9: A Java Virtual Machine for OpenJDK that's optimized for small footprint, fast start-up, and high throughput. Builds on Eclipse OMR (https://github.com/eclipse/omr) and combines with the Extensions for OpenJDK for OpenJ9 repo.
Other
3.28k stars 722 forks source link

aarch64 openjdk java/lang/annotation/TypeAnnotationReflection.java Segmentation error vmState=0x0002000f #10032

Open pshipton opened 4 years ago

pshipton commented 4 years ago

0.21.0 m2 build https://ci.eclipse.org/openj9/job/Test_openjdk11_j9_sanity.openjdk_aarch64_linux_xl_Personal/2 java/lang/annotation/TypeAnnotationReflection.java

15:40:07  Type=Segmentation error vmState=0x0002000f
15:40:07  J9Generic_Signal_Number=00000018 Signal_Number=0000000b Error_Value=00000000 Signal_Code=00000001
15:40:07  Handler1=0000FFFF8323DA30 Handler2=0000FFFF830F9E24 InaccessibleAddress=0076616A2E747318
15:40:07  R0=0000FFFF7C03C670 R1=0000FFFF7C0158A0 R2=0000FFFF83DBD040 R3=0000FFFF83DBD008
15:40:07  R4=0000FFFF83DBD010 R5=0000FFFF83DBD018 R6=0000000000000006 R7=00000000020E0001
15:40:07  R8=0000000000000000 R9=0000FFFF5C5D01E0 R10=00000000000002A8 R11=00000000000004B0
15:40:07  R12=0000000000000000 R13=00000003E8000000 R14=0013F993A4729A60 R15=0000569DA6758A9E
15:40:07  R16=0000FFFF824200A0 R17=0000FFFF83F48CD4 R18=0000000000000002 R19=6176616A2E747300
15:40:07  R20=0000FFFF7BE73DC8 R21=0000FFFF83DBD010 R22=0000FFFF83DBD018 R23=0000FFFF83DBD040
15:40:07  R24=0000FFFF83DBD008 R25=6176616A2E747365 R26=0000FFFF7C03C670 R27=0000FFFF83DBD170
15:40:07  R28=0000FFFF7C1B6AE0 R29=0000FFFF83DBCEA0 R30=0000FFFF82329318 R31=0000FFFF83DBCEA0
15:40:07  PC=0000FFFF82396D50 SP=0000FFFF83DBCEA0 PSTATE=0000000060000000
15:40:07  V0 0000000000000000 (f: 0.000000, d: 0.000000e+00)
15:40:07  V1 0000ffff5c5cbc58 (f: 1549581440.000000, d: 1.390658e-309)
15:40:07  V2 0000000000000000 (f: 0.000000, d: 0.000000e+00)
15:40:07  V3 000000003c41eed4 (f: 1010953920.000000, d: 4.994776e-315)
15:40:07  V4 00000000b8fc9512 (f: 3103560960.000000, d: 1.533363e-314)
15:40:07  V5 0000000039477542 (f: 960984384.000000, d: 4.747894e-315)
15:40:07  V6 0000000041a80000 (f: 1101529088.000000, d: 5.442277e-315)
15:40:07  V7 00000000b9ea5080 (f: 3119140864.000000, d: 1.541060e-314)
15:40:07  V8 0000000000000000 (f: 0.000000, d: 0.000000e+00)
15:40:07  V9 0000000000000000 (f: 0.000000, d: 0.000000e+00)
15:40:07  V10 0000000000000000 (f: 0.000000, d: 0.000000e+00)
15:40:07  V11 0000000000000000 (f: 0.000000, d: 0.000000e+00)
15:40:07  V12 0000000000000000 (f: 0.000000, d: 0.000000e+00)
15:40:07  V13 0000000000000000 (f: 0.000000, d: 0.000000e+00)
15:40:07  V14 0000000000000000 (f: 0.000000, d: 0.000000e+00)
15:40:07  V15 0000000000000000 (f: 0.000000, d: 0.000000e+00)
15:40:07  V16 000000003e53f142 (f: 1045688640.000000, d: 5.166388e-315)
15:40:07  V17 0000000000000001 (f: 1.000000, d: 4.940656e-324)
15:40:07  V18 0000ffff8261d9d0 (f: 2187450880.000000, d: 1.390661e-309)
15:40:07  V19 0000ffff82664810 (f: 2187741184.000000, d: 1.390661e-309)
15:40:07  V20 0000000000000000 (f: 0.000000, d: 0.000000e+00)
15:40:07  V21 0000000000000000 (f: 0.000000, d: 0.000000e+00)
15:40:07  V22 0000000000000000 (f: 0.000000, d: 0.000000e+00)
15:40:07  V23 0000000000000000 (f: 0.000000, d: 0.000000e+00)
15:40:07  V24 0000000000000000 (f: 0.000000, d: 0.000000e+00)
15:40:07  V25 0000000000000000 (f: 0.000000, d: 0.000000e+00)
15:40:07  V26 0000000000000000 (f: 0.000000, d: 0.000000e+00)
15:40:07  V27 0000000000000000 (f: 0.000000, d: 0.000000e+00)
15:40:07  V28 0000000000000000 (f: 0.000000, d: 0.000000e+00)
15:40:07  V29 0000000000000000 (f: 0.000000, d: 0.000000e+00)
15:40:07  V30 0000000000000000 (f: 0.000000, d: 0.000000e+00)
15:40:07  V31 000000003f400000 (f: 1061158912.000000, d: 5.242822e-315)
15:40:07  Module=/home/jenkins/workspace/Test_openjdk11_j9_sanity.openjdk_aarch64_linux_xl_Personal/openjdkbinary/j2sdk-image/lib/default/libj9gc29.so
15:40:07  Module_base_address=0000FFFF821A0000
15:40:07  Target=2_90_20200627_142 (Linux 4.14.0-115.2.2.el7a.aarch64)
15:40:07  CPU=aarch64 (96 logical CPUs) (0x1fcd7e0000 RAM)
15:40:07  ----------- Stack Backtrace -----------
15:40:07  (0x0000FFFF83116014 [libj9prt29.so+0x36014])
15:40:07  (0x0000FFFF830FB080 [libj9prt29.so+0x1b080])
15:40:07  (0x0000FFFF83116090 [libj9prt29.so+0x36090])
15:40:07  (0x0000FFFF831161AC [libj9prt29.so+0x361ac])
15:40:07  (0x0000FFFF830FB080 [libj9prt29.so+0x1b080])
15:40:07  (0x0000FFFF83115EF8 [libj9prt29.so+0x35ef8])
15:40:07  (0x0000FFFF8323D1C8 [libj9vm29.so+0x7d1c8])
pshipton commented 4 years ago

@dmitripivkine @knn-k

knn-k commented 4 years ago

I have never seen this failure before.

dmitripivkine commented 4 years ago

This crash occur an attempt to copy object !fj9object 0xffff7be73dc8 referenced from remembered object 

> !j9object 0xFFFF5C5C7AD0
!J9Object 0x0000FFFF5C5C7AD0 {
    struct J9Class* clazz = !j9class 0xFFFF7C2EF000 // java/lang/invoke/MethodType
    Object flags = 0x00000030;
    Ljava/lang/invoke/MethodTypeForm; form = !fj9object 0x0 (offset = 0) (java/lang/invoke/MethodType)
    Ljava/lang/Class; returnType = !fj9object 0xffff5c0005e8 (offset = 8) (java/lang/invoke/MethodType)
    [Ljava/lang/Class; arguments = !fj9object 0xffff7be73dc8 (offset = 16) (java/lang/invoke/MethodType)
    I argSlots = 0x00000001 (offset = 56) (java/lang/invoke/MethodType)
    [I stackDescriptionBits = !fj9object 0xffff7be73e28 (offset = 24) (java/lang/invoke/MethodType)
    Ljava/lang/String; methodDescriptor = !fj9object 0xffff7be73f90 (offset = 32) (java/lang/invoke/MethodType)
    I hashcode = 0xCC7936A6 (offset = 60) (java/lang/invoke/MethodType)
    Ljava/lang/invoke/InvokeExactHandle; invoker = !fj9object 0x0 (offset = 40) (java/lang/invoke/MethodType)
    Ljava/lang/invoke/MethodType$DeserializedFieldsHolder; deserializedFields = !fj9object 0x0 (offset = 48) (java/lang/invoke/MethodType)
}

but links to Nursery are stall. Looks like this object has been missed to be scanned/fixed up previous Local GCs

dmitripivkine commented 4 years ago

This crash occur at the very beginning of Local GC (Scavenge) but previous GC happen to be Global. Also there was no Concurrent Kickoff event, so Mark Map created at last Global GC still valid even for Nursery. According my analysis at least two slots were modified in !j9object 0xFFFF5C5C7AD0 since Global GC (otherwise it would crash earlier):

arguments = !fj9object 0xffff7be73dc8
stackDescriptionBits = !fj9object 0xffff7be73e28

Both of these pointers are wrong (stall or corrupted) and point mid-object. Object 0xFFFF5C5C7AD0 has flag 0x30 set (OMR_TENURED_STACK_OBJECT_CURRENTLY_REFERENCED), it means it was java stack referenced directly at the time of last Global GC. Also it means that GC should keep this object in Remembered Set for a period of tome and it does.

knn-k commented 4 years ago

@dmitripivkine Thank you for your analysis.