SIGSEGV in boostrap classloader on x86-64

[penberg]

Using GCC 4.7.2-2 from Fedora 17:

[penberg@golgotha jato]$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-redhat-linux/4.7.2/lto-wrapper
Target: x86_64-redhat-linux
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-bootstrap --enable-shared --enable-threads=posix --enable-checking=release --disable-build-with-cxx --disable-build-poststage1-with-cxx --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-linker-build-id --with-linker-hash-style=gnu --enable-languages=c,c++,objc,obj-c++,java,fortran,ada,go,lto --enable-plugin --enable-initfini-array --enable-java-awt=gtk --disable-dssi --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre --enable-libgcj-multifile --enable-java-maintainer-mode --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --disable-libjava-multilib --with-ppl --with-cloog --with-tune=generic --with-arch_32=i686 --build=x86_64-redhat-linux
Thread model: posix
gcc version 4.7.2 20120921 (Red Hat 4.7.2-2) (GCC) 

I'm seeing the following SIGSEGV during early bootstrap classloading which is not visible with older GCC from Fedora 16:

[penberg@golgotha jato]$ ./jato -cp test/functional jvm/EntryTest
[main] SIGSEGV at RIP 04df8547 while accessing memory address 00000000.
[main] Registers:
[main]  rsp: 00007fffc07e0080
[main]  rax: 00000000422a50f0   rbx: 0000000000000080   rcx: 0000000000008000
[main]  rdx: 0000000000000000   rsi: 00000000044d5000   rdi: 000000000129ed20
[main]  rbp: 00007fffc07e0260   r8:  0000000000008000   r9:  00000000044d5000
[main]  r10: 0000003ba1fb0778   r11: 000000000384e7c0   r12: 0000000000008000
[main]  r13: 0000000004db16c0   r14: 0000000000000002   r15: 000000000129ed20
[main] Stack:
[main] 000000000129ed20 000000000129ed20 00000000044d5000 0000000000000000 
[main] 0000000000008000 0000000000008000 00007fffc07e00f0 0000000004cc32b0 
[main] 0000000004e0be10 0000000000000000 00000000c07e0110 0000000003b80b18 
[main] Code: 00 00 00 00 33 00 00 00 00 00 00 00 e1 00 00 00 00 00 00 00 20 86 df 04 00 00 00 00 20 84 df 04 00 00 00 00 38 86 df 04 00 00 00 <00> 02 00 00 00 00 00 00 00 c0 16 db 04 00 00 00 00 00 00 00 00 
[main] Native and Java stack trace:
[main]  [<04df8547>] native     : signal_bh_trampoline+49ca8db (arch/x86/signal-bh.S:126)
[main]  [<422a4458>] jit        : java/util/zip/Inflater.inflate(Inflater.java:322)
[main]  [<422a277c>] jit        : java/util/zip/InflaterInputStream.read(InflaterInputStream.java:196)
[main]  [<422597b3>] jit        : java/io/InputStreamReader.read(InputStreamReader.java:393)
[main]  [<4225782a>] jit        : java/io/BufferedReader.fill(BufferedReader.java:370)
[main]  [<42254dfb>] jit        : java/io/BufferedReader.readLine(BufferedReader.java:469)
[main]  [<422a1a23>] jit        : gnu/java/util/jar/JarUtils.read_attributes(JarUtils.java:194)
[main]  [<422a1395>] jit        : gnu/java/util/jar/JarUtils.readMainSection(JarUtils.java:140)
[main]  [<4229e940>] jit        : gnu/java/util/jar/JarUtils.readMFManifest(JarUtils.java:101)
[main]  [<42209d01>] jit        : java/util/jar/Manifest.read(Manifest.java:162)
[main]  [<4220689f>] jit        : java/util/jar/Manifest.<init>(Manifest.java:89)
[main]  [<421e4e8f>] jit        : java/util/jar/JarFile.readManifest(JarFile.java:303)
[main]  [<421e2f38>] jit        : java/util/jar/JarFile.<init>(JarFile.java:268)
[main]  [<4218a763>] jit        : gnu/java/net/protocol/jar/Connection$JarFileCache.get(Connection.java:99)
[main]  [<421873f2>] jit        : gnu/java/net/protocol/jar/Connection.connect(Connection.java:141)
[main]  [<421862d2>] jit        : gnu/java/net/protocol/jar/Connection.getInputStream(Connection.java:159)
[main]  [<4217a12d>] jit        : java/net/URL.openStream(URL.java:737)
[main]  [<41cff9d1>] jit        : java/lang/VMClassLoader.getBootPackages(VMClassLoader.java:262)
[main]  [<41cede1b>] jit        : java/lang/VMClassLoader.<clinit>(VMClassLoader.java:88)
[main]  [<00410214>] native     : vm_class_init+175 (/home/penberg/jato/vm/class.c:748)
[main]  [<00425542>] native     : vm_class_ensure_init+ffffffffffff2f0d (/home/penberg/jato/include/vm/class.h:126)
[main]  [<41ce7d52>] jit        : java/lang/VMClassLoader.getSystemClassLoader(VMClassLoader.java)
[main]  [<41ce9e73>] jit        : java/lang/ClassLoader$StaticData.<clinit>(ClassLoader.java:154)
[main]  [<00410214>] native     : vm_class_init+175 (/home/penberg/jato/vm/class.c:748)
[main]  [<41ce70a3>] jit        : java/lang/ClassLoader.getSystemClassLoader(ClassLoader.java:799)
[main]  [<0041b54e>] native     : native_call_gp+c6 (/home/penberg/jato/arch/x86/call.c:203)
[main]  [<0041b5b3>] native     : native_call+42 (/home/penberg/jato/arch/x86/call.c:270)
[main]  [<0040f8db>] native     : call_method_a+41 (/home/penberg/jato/vm/call.c:54)
[main]  [<0040f9a5>] native     : vm_call_method_v+99 (/home/penberg/jato/vm/call.c:71)
[main]  [<00411a56>] native     : vm_call_method_object+48e6 (/home/penberg/jato/include/vm/call.h:81)
[main]  [<00405e6f>] native     : do_main_class+18 (/home/penberg/jato/jato.c:1004)
[main]  [<00405775>] native     : ./jato() [0x405775]
[main]  [<3ba1c21734>] native     : signal_bh_trampoline+3ba17f3ac8 (arch/x86/signal-bh.S:126)

Decoding the trapping instruction:

[penberg@golgotha linux]$ ./scripts/decodecode 
Code: 00 00 00 00 33 00 00 00 00 00 00 00 e1 00 00 00 00 00 00 00 20 86 df 04 00 00 00 00 20 84 df 04 00 00 00 00 38 86 df 04 00 00 00 <00> 02 00 00 00 00 00 00 00 c0 16 db 04 00 00 00 00 00 00 00 00
Code: 00 00 00 00 33 00 00 00 00 00 00 00 e1 00 00 00 00 00 00 00 20 86 df 04 00 00 00 00 20 84 df 04 00 00 00 00 38 86 df 04 00 00 00 <00> 02 00 00 00 00 00 00 00 c0 16 db 04 00 00 00 00 00 00 00 00
All code
========
   0:   00 00                   add    %al,(%rax)
   2:   00 00                   add    %al,(%rax)
   4:   33 00                   xor    (%rax),%eax
   6:   00 00                   add    %al,(%rax)
   8:   00 00                   add    %al,(%rax)
   a:   00 00                   add    %al,(%rax)
   c:   e1 00                   loope  0xe
   e:   00 00                   add    %al,(%rax)
  10:   00 00                   add    %al,(%rax)
  12:   00 00                   add    %al,(%rax)
  14:   20 86 df 04 00 00       and    %al,0x4df(%rsi)
  1a:   00 00                   add    %al,(%rax)
  1c:   20 84 df 04 00 00 00    and    %al,0x4(%rdi,%rbx,8)
  23:   00 38                   add    %bh,(%rax)
  25:   86 df                   xchg   %bl,%bh
  27:   04 00                   add    $0x0,%al
  29:   00 00                   add    %al,(%rax)
  2b:*  00 02                   add    %al,(%rdx)     <-- trapping instruction
  2d:   00 00                   add    %al,(%rax)
  2f:   00 00                   add    %al,(%rax)
  31:   00 00                   add    %al,(%rax)
  33:   00 c0                   add    %al,%al
  35:   16                      (bad)  
  36:   db 04 00                fildl  (%rax,%rax,1)
  39:   00 00                   add    %al,(%rax)
  3b:   00 00                   add    %al,(%rax)
  3d:   00 00                   add    %al,(%rax)
    ...

Code starting with the faulting instruction
===========================================
   0:   00 02                   add    %al,(%rdx)
   2:   00 00                   add    %al,(%rax)
   4:   00 00                   add    %al,(%rax)
   6:   00 00                   add    %al,(%rax)
   8:   00 c0                   add    %al,%al
   a:   16                      (bad)  
   b:   db 04 00                fildl  (%rax,%rax,1)
   e:   00 00                   add    %al,(%rax)
  10:   00 00                   add    %al,(%rax)
  12:   00 00                   add    %al,(%rax)
    ...

Indicates that the %rdx register is clobbered.

Valgrind reports the following:

[penberg@golgotha jato]$ valgrind ./jato -Xnogc -cp test/functional jvm/EntryTest
==11402== Memcheck, a memory error detector
==11402== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==11402== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==11402== Command: ./jato -Xnogc -cp test/functional jvm/EntryTest
==11402== 
JIT: Enabling workarounds for valgrind.
==11402== Jump to the invalid address stated on the next line
==11402==    at 0x0: ???
==11402==    by 0x410214: vm_class_init (class.c:748)
==11402==    by 0x508F760: ???
==11402==    by 0x41B54E: native_call_gp (call.c:203)
==11402==    by 0x41B5B3: native_call (call.c:270)
==11402==    by 0x40F8DB: call_method_a (call.c:54)
==11402==    by 0x40F9A5: vm_call_method_v (call.c:71)
==11402==    by 0x411A56: vm_call_method_object (call.h:81)
==11402==    by 0x405E6F: do_main_class (jato.c:1004)
==11402==    by 0x405775: main (jato.c:1068)
==11402==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==11402== 
==11402== Use of uninitialised value of size 8
==11402==    at 0x3BA1C464B1: _itoa_word (in /usr/lib64/libc-2.15.so)
==11402==    by 0x3BA1C49118: vfprintf (in /usr/lib64/libc-2.15.so)
==11402==    by 0x3BA1C74064: vsnprintf (in /usr/lib64/libc-2.15.so)
==11402==    by 0x40B7F2: str_vprintf (string.c:154)
==11402==    by 0x41AAE2: trace_printf (trace.c:57)
==11402==    by 0x420D0E: print_backtrace_and_die (backtrace.c:152)
==11402==    by 0x3BA240EFDF: ??? (in /usr/lib64/libpthread-2.15.so)
==11402== 
==11402== Conditional jump or move depends on uninitialised value(s)
==11402==    at 0x3BA1C464B8: _itoa_word (in /usr/lib64/libc-2.15.so)
==11402==    by 0x3BA1C49118: vfprintf (in /usr/lib64/libc-2.15.so)
==11402==    by 0x3BA1C74064: vsnprintf (in /usr/lib64/libc-2.15.so)
==11402==    by 0x40B7F2: str_vprintf (string.c:154)
==11402==    by 0x41AAE2: trace_printf (trace.c:57)
==11402==    by 0x420D0E: print_backtrace_and_die (backtrace.c:152)
==11402==    by 0x3BA240EFDF: ??? (in /usr/lib64/libpthread-2.15.so)
==11402== 
==11402== Conditional jump or move depends on uninitialised value(s)
==11402==    at 0x3BA1C49168: vfprintf (in /usr/lib64/libc-2.15.so)
==11402==    by 0x3BA1C74064: vsnprintf (in /usr/lib64/libc-2.15.so)
==11402==    by 0x40B7F2: str_vprintf (string.c:154)
==11402==    by 0x41AAE2: trace_printf (trace.c:57)
==11402==    by 0x420D0E: print_backtrace_and_die (backtrace.c:152)
==11402==    by 0x3BA240EFDF: ??? (in /usr/lib64/libpthread-2.15.so)
==11402== 
==11402== Conditional jump or move depends on uninitialised value(s)
==11402==    at 0x3BA1C48DF0: vfprintf (in /usr/lib64/libc-2.15.so)
==11402==    by 0x3BA1C74064: vsnprintf (in /usr/lib64/libc-2.15.so)
==11402==    by 0x40B7F2: str_vprintf (string.c:154)
==11402==    by 0x41AAE2: trace_printf (trace.c:57)
==11402==    by 0x420D0E: print_backtrace_and_die (backtrace.c:152)
==11402==    by 0x3BA240EFDF: ??? (in /usr/lib64/libpthread-2.15.so)
==11402== 
==11402== Conditional jump or move depends on uninitialised value(s)
==11402==    at 0x3BA1C48E6A: vfprintf (in /usr/lib64/libc-2.15.so)
==11402==    by 0x3BA1C74064: vsnprintf (in /usr/lib64/libc-2.15.so)
==11402==    by 0x40B7F2: str_vprintf (string.c:154)
==11402==    by 0x41AAE2: trace_printf (trace.c:57)
==11402==    by 0x420D0E: print_backtrace_and_die (backtrace.c:152)
==11402==    by 0x3BA240EFDF: ??? (in /usr/lib64/libpthread-2.15.so)
==11402== 
[main] SIGSEGV at RIP 00000000 while accessing memory address 00000000.
[main] Registers:
[main]  rsp: 00000007fefff7b8
[main]  rax: 0000000000000000   rbx: 00000000040d9cc0   rcx: 0000000000000000
[main]  rdx: 0000000000000000   rsi: 00000000004e1576   rdi: 00000000169f5dc8
[main]  rbp: 00000007fefff9a0   r8:  0000000000000000   r9:  0000000000000000
[main]  r10: 0000000016566d00   r11: 00000000040d9330   r12: 0000000000000000
[main]  r13: 00000000040d17f8   r14: 0000000000000000   r15: 0000000000000000
[main] Stack:
[main] 0000000005092534 00000000169f5dc8 0000000000000000 0000000000000000 
[main] 00000000040d17f8 0000000000000000 00000000040d9cc0 0000000000001102 
[main] 0000000000000000 0000000016ad01a0 0000000000000000 0000000000001102 
[main] Native and Java stack trace:
[main]  [<00000000>] native     : [(nil)]
[main]  [<00410214>] native     : ./jato() [0x410214]
[main]  [<0508f760>] jit        : java/lang/ClassLoader.getSystemClassLoader(ClassLoader.java:799)
[main]  [<0041b54e>] native     : ./jato() [0x41b54e]
[main]  [<0041b5b3>] native     : ./jato() [0x41b5b3]
[main]  [<0040f8db>] native     : ./jato() [0x40f8db]
[main]  [<0040f9a5>] native     : ./jato() [0x40f9a5]
[main]  [<00411a56>] native     : ./jato() [0x411a56]
[main]  [<00405e6f>] native     : ./jato() [0x405e6f]
[main]  [<00405775>] native     : ./jato() [0x405775]
[main]  [<3ba1c21734>] native     : /lib64/libc.so.6(__libc_start_main+0xf4) [0x3ba1c21734]
==11402== 
==11402== HEAP SUMMARY:
==11402==     in use at exit: 102,012,458 bytes in 198,987 blocks
==11402==   total heap usage: 1,942,210 allocs, 1,743,223 frees, 1,062,288,077 bytes allocated
==11402== 
==11402== LEAK SUMMARY:
==11402==    definitely lost: 729,256 bytes in 622 blocks
==11402==    indirectly lost: 358 bytes in 19 blocks
==11402==      possibly lost: 1,963,405 bytes in 46,171 blocks
==11402==    still reachable: 99,319,439 bytes in 152,175 blocks
==11402==         suppressed: 0 bytes in 0 blocks
==11402== Rerun with --leak-check=full to see details of leaked memory
==11402== 
==11402== For counts of detected and suppressed errors, rerun with: -v
==11402== Use --track-origins=yes to see where uninitialised values come from
==11402== ERROR SUMMARY: 42 errors from 6 contexts (suppressed: 2 from 2)
Aborted (core dumped)

where the code that calls %rdx is:

[penberg@golgotha jato]$ addr2line -e jato
0x410214
/home/penberg/jato/vm/class.c:748

which is class initializer trampoline:

 739         if (vmc->class) {
 740                 /* XXX: Make sure there's at most one of these. */
 741                 for (uint16_t i = 0; i < vmc->class->methods_count; ++i) {
 742                         if (strcmp(vmc->methods[i].name, "<clinit>"))
 743                                 continue;
 744 
 745                         void (*clinit_trampoline)(void)
 746                                 = vm_method_trampoline_ptr(&vmc->methods[i]);
 747 
 748                         clinit_trampoline();
 749                         if (exception_occurred())
 750                                 goto error;
 751                 }
 752         }

[penberg]

I see the exact same problem with GCC 4.6.3 when trying to launch JRuby which means GCC version doesn't really make a difference.

[penberg@tux jruby-1.7.3]$ jato -jar lib/jruby.jar  -v
[main] SIGSEGV at RIP 06337c20 while accessing memory address 7fff6cf75c08.
[main] Registers:
[main]  rsp: 00007fff66e4ec08
[main]  rax: 000000004242ad75   rbx: 0000000000008000   rcx: 0000000000008000
[main]  rdx: 0000000000000000   rsi: 0000000006127000   rdi: 0000000001711b60
[main]  rbp: 00007fff66e4edf0   r8:  0000000000008000   r9:  0000000006127000
[main]  r10: 0000000000000000   r11: 0000003e8ee8b508   r12: 0000000000008000
[main]  r13: 0000000006340c80   r14: 0000000000000002   r15: 0000000001711b60
[main] Stack:
[main] 000000004242ad60 0000000001711b60 0000000001711b60 0000000006127000 
[main] 0000000000000000 0000000000008000 0000000000008000 00007fff66e4ec80 
[main] 0000000000008000 0000000000000000 0000000006127000 0000000001711b60 
[main] Code: 00 00 00 e1 00 00 00 00 00 00 00 70 56 b4 05 00 00 00 00 50 09 34 06 00 00 00 00 88 56 b4 05 00 00 00 00 02 00 00 00 00 00 00 00 <80> 0c 34 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
[main] Native and Java stack trace:
[main]  [<06337c20>] native     : signal_bh_trampoline+5eea808 (arch/x86/signal-bh.S:126)
[main]  [<4242a0c8>] jit        : java/util/zip/Inflater.inflate(Inflater.java:322)
[main]  [<424283ec>] jit        : java/util/zip/InflaterInputStream.read(InflaterInputStream.java:196)
[main]  [<422f06d3>] jit        : java/io/InputStreamReader.read(InputStreamReader.java:393)
[main]  [<422ee74a>] jit        : java/io/BufferedReader.fill(BufferedReader.java:370)
[main]  [<422ebd1b>] jit        : java/io/BufferedReader.readLine(BufferedReader.java:469)
[main]  [<42338993>] jit        : gnu/java/util/jar/JarUtils.read_attributes(JarUtils.java:194)
[main]  [<42338305>] jit        : gnu/java/util/jar/JarUtils.readMainSection(JarUtils.java:140)
[main]  [<423358b0>] jit        : gnu/java/util/jar/JarUtils.readMFManifest(JarUtils.java:101)
[main]  [<422a0bd1>] jit        : java/util/jar/Manifest.read(Manifest.java:162)
[main]  [<4229d76f>] jit        : java/util/jar/Manifest.<init>(Manifest.java:89)
[main]  [<42295e3f>] jit        : java/util/jar/JarFile.readManifest(JarFile.java:303)
[main]  [<42293ee8>] jit        : java/util/jar/JarFile.<init>(JarFile.java:268)
[main]  [<4223b713>] jit        : gnu/java/net/protocol/jar/Connection$JarFileCache.get(Connection.java:99)
[main]  [<422383a2>] jit        : gnu/java/net/protocol/jar/Connection.connect(Connection.java:141)
[main]  [<4240cf5b>] jit        : gnu/java/net/protocol/jar/Connection.getJarFile(Connection.java:170)
[main]  [<42408965>] jit        : gnu/java/net/loader/JarURLLoader.initialize(JarURLLoader.java:85)
[main]  [<42400382>] jit        : gnu/java/net/loader/JarURLLoader.<init>(JarURLLoader.java:76)
[main]  [<423fc36b>] jit        : java/net/URLClassLoader.addURLImpl(URLClassLoader.java:387)
[main]  [<423f3124>] jit        : java/net/URLClassLoader.addURLs(URLClassLoader.java:418)
[main]  [<423f1b81>] jit        : java/net/URLClassLoader.<init>(URLClassLoader.java:217)
[main]  [<423f11c4>] jit        : java/lang/ClassLoader$1.<init>(ClassLoader.java:1099)
[main]  [<423f0548>] jit        : java/lang/ClassLoader.createSystemClassLoader(ClassLoader.java:1099)
[main]  [<423e2904>] jit        : java/lang/ClassLoader.defaultGetSystemClassLoader(ClassLoader.java:1084)
[main]  [<423e2300>] jit        : java/lang/VMClassLoader.getSystemClassLoader(VMClassLoader.java:379)
[main]  [<41d9a833>] jit        : java/lang/ClassLoader$StaticData.<clinit>(ClassLoader.java:154)
[main]  [<0041a071>] native     : vm_class_init+1d2 (/home/penberg/jato/vm/class.c:748)
[main]  [<00457d06>] native     : vm_class_ensure_init+527f8 (/home/penberg/jato/include/vm/class.h:126)
[main]  [<41d97a63>] jit        : java/lang/ClassLoader.getSystemClassLoader(ClassLoader.java:799)
[main]  [<0042c7a4>] native     : native_call_gp+1b4 (/home/penberg/jato/arch/x86/call.c:204)
[main]  [<0042c833>] native     : native_call+66 (/home/penberg/jato/arch/x86/call.c:253)
[main]  [<00417b93>] native     : call_method_a+3d (/home/penberg/jato/vm/call.c:54)
[main]  [<00417ce4>] native     : vm_call_method_v+131 (/home/penberg/jato/vm/call.c:71)
[main]  [<0041ba00>] native     : vm_call_method_object+873a (/home/penberg/jato/include/vm/call.h:81)
[main]  [<0041ce29>] native     : get_system_class_loader+31 (/home/penberg/jato/vm/classloader.c:770)
[main]  [<00406698>] native     : do_main_class+1f (/home/penberg/jato/jato.c:1004)
[main]  [<004068a5>] native     : do_jar_file+8 (/home/penberg/jato/jato.c:1068)
[main]  [<00406c51>] native     : main+219 (/home/penberg/jato/jato.c:1218)
[main]  [<3e8ee2169c>] native     : signal_bh_trampoline+3e8e9d4284 (arch/x86/signal-bh.S:126)
Aborted

I see the same problem with -Os and -O3 optimization levels which points to stack alignment issues still...

[penberg]

Launching JRuby with -Xdebug:stack yields the following error:

[penberg@tux jruby-1.7.3]$ jato -Xdebug:stack -jar lib/jruby.jar  -v
Error: stack is 8 bytes misaligned when entering function:

  gnu/java/net/loader/JarURLLoader.<init>(Ljava/net/URLClassLoader;Lgnu/java/net/loader/URLStreamHandlerCache;Ljava/net/URLStreamHandlerFactory;Ljava/net/URL;Ljava/net/URL;)V.

which has 0 arguments passed on the stack.
Aborted

[penberg]

Looking at the stack trace and the stack alignment check error, we first enter addURLImpl, then ClassNotFoundException is throw from Class.forName after which we invoke JarURLLoader constructor which now has wrong stack alignment.

This seems to point to exception handling not cleaning up the stack properly somewhere on x86-64.

[penberg]

It turns out that with GCC 4.7.2 no exception is throw. The last invoked method is decode():

[main] trace invoke: java/util/zip/Inflater.decode()Z

which suggest that the generated code for that method is broken on x86-64.

[penberg]

Evidence points to TABLESWITCH miscompilation on x86-64.

On 32-bit, we have this:

[main]   0xa745be57:   81 ef 00 00 00 00          sub    $0x0,%edi
[main]   0xa745be5d:   be 28 a1 7a 09             mov    $0x97aa128,%esi
[main]   0xa745be62:   ff 24 be                   jmp    *(%esi,%edi,4)

But on 64-bit, we have this:

[main]   0x424b1fbb:   41 81 ee 00 00 00 00       sub    $0x0,%r14d
[main]   0x424b1fc2:   49 bd b0 de f9 05 00 00 00 00    movabs $0x5f9deb0,%r13
[main]   0x424b1fcc:   43 ff 24 f5 50 2b f6 05    jmpq   *0x5f62b50(,%r14,8)

As the instruction selectors look pretty much identical, it's likely that INSN_JMP_MEMINDEX encoding has a bug on 64-bit.