United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6460762 Crash in test using ThreadReference.ownedMonitorsAndFrames
JDK-6460762 : Crash in test using ThreadReference.ownedMonitorsAndFrames

Details
Type:
Bug
Submit Date:
2006-08-16
Status:
Resolved
Updated Date:
2012-02-01
Project Name:
JDK
Resolved Date:
2007-05-24
Component:
hotspot
OS:
windows_2003,windows_nt
Sub-Component:
jvmti
CPU:
x86
Priority:
P3
Resolution:
Fixed
Affected Versions:
6,7
Fixed Versions:
hs10 (b13)

Related Reports
Backport:
Backport:
Duplicate:

Sub Tasks

Description
JDI test against 'ThreadReference.ownedMonitorsAndFrames' fails because of crash in debuggee VM.

Bug is reproducible on machine vm-amd64-02.sfbay, it is possible to use rdesktop to login on this machine (if you need login/password I can send it in separate email).
To reproduce:
run bash
cd Y:/weekly/mustang/results/1.6.0-rc-b95/ServerVM/64BITWIN03-AMD64/mixed/VM6/nsk.jdi-14-WEEKLYmtg-VM6-ServerVM-mixed-64BITWIN03-AMD64-2006-08-15-22-20-34-0222/ResultDir/ownedMonitorsAndFrames007
sh ownedMonitorsAndFrames007.tlog
(bug reproduces not every time, run script several times)

hs_err file (also attached):
# An unexpected error has been detected by Java Runtime Environment:
#
#  EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x0000000008285fe4, pid=9468, tid=5744
#
# Java VM: Java HotSpot(TM) 64-Bit Server VM (1.6.0-rc-b95 mixed mode)
# Problematic frame:
# V  [jvm.dll+0x285fe4]
#
# If you would like to submit a bug report, please visit:
#   http://java.sun.com/webapps/bugreport/crash.jsp
#

---------------  T H R E A D  ---------------

Current thread (0x0000000005166800):  VMThread [id=5744]

siginfo: ExceptionCode=0xc0000005, reading address 0x0000000006305eb8

Registers:
EAX=0x0000000006305eb0, EBX=0x000000000511aa00, ECX=0x0000000000000002, EDX=0x0000000000000003
ESP=0x000000000540fa50, EBP=0x0000000001d8edf0, ESI=0x0000000001e4e530, EDI=0x0000000006306b10
EIP=0x0000000008285fe4, EFLAGS=0x0000000000010206

Top of Stack: (sp=0x000000000540fa50)
0x000000000540fa50:   0000000001d93c08 00000000082839b5
0x000000000540fa60:   0000000001e4e530 0000000006306b10
0x000000000540fa70:   0000000001d93c08 0000000008260e1c
0x000000000540fa80:   000000000540fb10 0000000001f4f380
0x000000000540fa90:   0000000001d93820 0000000001db1ed0
0x000000000540faa0:   000000000843d048 000000000593f700
0x000000000540fab0:   0000000000000048 000000000826c531
0x000000000540fac0:   0000000001d93830 0000000078d5a120
0x000000000540fad0:   000000000843f878 0000000078d5d61f
0x000000000540fae0:   0000000000000000 00000000083d801c
0x000000000540faf0:   000000000540fb60 000000000837f97d
0x000000000540fb00:   0000000001f4f380 0000000005129850
0x000000000540fb10:   0000000000000000 000000005ee3fe00
0x000000000540fb20:   00024885e15e0147 0000000000380000
0x000000000540fb30:   0000000001d93c08 00000000083de4f8
0x000000000540fb40:   0000000001f4f380 0000000001d93830 

Instructions: (pc=0x0000000008285fe4)
0x0000000008285fd4:   48 8b 5d 30 48 85 db 74 49 66 66 90 48 8b 43 08
0x0000000008285fe4:   81 78 08 ee 71 00 00 75 09 48 8b f3 48 8b 5b 10 


Stack: [0x0000000005310000,0x0000000005410000),  sp=0x000000000540fa50,  free space=1022k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [jvm.dll+0x285fe4]

VM_Operation (0x0000000001f4f380): generation collection for allocation, mode: safepoint, requested by thread 0x0000000001d6d400


---------------  P R O C E S S  ---------------

Java Threads: ( => current thread )
  0x000000000522d800 JavaThread "ownedMonitorsAndFrames007_LockingThread10" [_thread_blocked, id=10288]
  0x000000000522d000 JavaThread "ownedMonitorsAndFrames007_LockingThread9" [_thread_blocked, id=6832]
  0x000000000522c800 JavaThread "ownedMonitorsAndFrames007_LockingThread8" [_thread_blocked, id=5400]
  0x000000000522c000 JavaThread "ownedMonitorsAndFrames007_LockingThread7" [_thread_blocked, id=3216]
  0x0000000001d74400 JavaThread "ownedMonitorsAndFrames007_LockingThread6" [_thread_blocked, id=8976]
  0x0000000001d73c00 JavaThread "ownedMonitorsAndFrames007_LockingThread5" [_thread_blocked, id=7352]
  0x0000000001d73400 JavaThread "ownedMonitorsAndFrames007_LockingThread4" [_thread_blocked, id=3208]
  0x0000000001d73000 JavaThread "ownedMonitorsAndFrames007_LockingThread3" [_thread_blocked, id=6952]
  0x0000000001d72800 JavaThread "ownedMonitorsAndFrames007_LockingThread2" [_thread_blocked, id=10792]
  0x0000000001d72000 JavaThread "ownedMonitorsAndFrames007_LockingThread1" [_thread_blocked, id=3392]
  0x0000000001d71800 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=8120]
  0x0000000001d71400 JavaThread "CompilerThread1" daemon [_thread_blocked, id=4224]
  0x0000000001d70c00 JavaThread "CompilerThread0" daemon [_thread_blocked, id=10600]
  0x0000000001d70400 JavaThread "JDWP Command Reader" daemon [_thread_in_native, id=8840]
  0x0000000001d6fc00 JavaThread "JDWP Event Helper Thread" daemon [_thread_blocked, id=8820]
  0x0000000001d6f800 JavaThread "JDWP Transport Listener: dt_shmem" daemon [_thread_blocked, id=10936]
  0x0000000001d6f000 JavaThread "Attach Listener" daemon [_thread_blocked, id=6836]
  0x0000000001d6e800 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=3424]
  0x0000000001d6e000 JavaThread "Finalizer" daemon [_thread_blocked, id=4716]
  0x0000000001d6d800 JavaThread "Reference Handler" daemon [_thread_blocked, id=6168]
  0x0000000001d6d400 JavaThread "OwnedMonitorDebuggeeMainThread" [_thread_blocked, id=8460]

Other Threads:
=>0x0000000005166800 VMThread [id=5744]
  0x0000000005166c00 WatcherThread [id=7688]

VM state:at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread:  ([mutex/lock_event])
[0x000000000035e1c0/0x0000000000000b0c] Threads_lock - owner thread: 0x0000000005166800
[0x0000000001d74de0/0x0000000000000acc] Heap_lock - owner thread: 0x0000000001d6d400

Heap
 def new generation   total 2368K, used 2367K [0x0000000010010000, 0x00000000102a0000, 0x0000000011c10000)
  eden space 2112K, 100% used [0x0000000010010000, 0x0000000010220000, 0x0000000010220000)
  from space 256K,  99% used [0x0000000010220000, 0x000000001025ffe8, 0x0000000010260000)
  to   space 256K,   0% used [0x0000000010260000, 0x0000000010260000, 0x00000000102a0000)
 tenured generation   total 5312K, used 107K [0x0000000011c10000, 0x0000000012140000, 0x0000000015410000)
   the space 5312K,   2% used [0x0000000011c10000, 0x0000000011c2ac50, 0x0000000011c2ae00, 0x0000000012140000)
 compacting perm gen  total 21248K, used 3667K [0x0000000015410000, 0x00000000168d0000, 0x000000001a810000)
   the space 21248K,  17% used [0x0000000015410000, 0x00000000157a4f90, 0x00000000157a5000, 0x00000000168d0000)
No shared spaces configured.

Dynamic libraries:
0x0000000000400000 - 0x000000000042d000 	c:\temp\Work\JDK\WEEKLYmtg\VM6\windows-amd64\jre\bin\java.exe
0x0000000078ec0000 - 0x0000000078ff9000 	C:\WINDOWS\system32\ntdll.dll
0x0000000078d40000 - 0x0000000078eb2000 	C:\WINDOWS\system32\kernel32.dll
0x000007ff7fee0000 - 0x000007ff7ffe5000 	C:\WINDOWS\system32\ADVAPI32.dll
0x000007ff7fd30000 - 0x000007ff7fed9000 	C:\WINDOWS\system32\RPCRT4.dll
0x0000000008000000 - 0x000000000854e000 	c:\temp\Work\JDK\WEEKLYmtg\VM6\windows-amd64\jre\bin\server\jvm.dll
0x0000000078c30000 - 0x0000000078d3c000 	C:\WINDOWS\system32\USER32.dll
0x000007ff7fc90000 - 0x000007ff7fd29000 	C:\WINDOWS\system32\GDI32.dll
0x000007ff7e060000 - 0x000007ff7e0b0000 	C:\WINDOWS\system32\WINMM.dll
0x000007ff7fc00000 - 0x000007ff7fc86000 	C:\WINDOWS\system32\msvcrt.dll
0x000007ff77100000 - 0x000007ff7710b000 	C:\WINDOWS\system32\rdpsnd.dll
0x000007ff7d2f0000 - 0x000007ff7d30a000 	C:\WINDOWS\system32\WINSTA.dll
0x000007ff771b0000 - 0x000007ff77248000 	C:\WINDOWS\system32\NETAPI32.dll
0x000007ff7e1b0000 - 0x000007ff7e1c0000 	C:\WINDOWS\system32\PSAPI.DLL
0x0000000010000000 - 0x000000001000a000 	c:\temp\Work\JDK\WEEKLYmtg\VM6\windows-amd64\jre\bin\hpi.dll
0x0000000000390000 - 0x00000000003c4000 	c:\temp\Work\JDK\WEEKLYmtg\VM6\windows-amd64\jre\bin\jdwp.dll
0x00000000003d0000 - 0x00000000003d8000 	c:\temp\Work\JDK\WEEKLYmtg\VM6\windows-amd64\jre\bin\npt.dll
0x00000000003f0000 - 0x00000000003fe000 	c:\temp\Work\JDK\WEEKLYmtg\VM6\windows-amd64\jre\bin\verify.dll
0x0000000001f50000 - 0x0000000001f77000 	c:\temp\Work\JDK\WEEKLYmtg\VM6\windows-amd64\jre\bin\java.dll
0x0000000001f80000 - 0x0000000001f92000 	c:\temp\Work\JDK\WEEKLYmtg\VM6\windows-amd64\jre\bin\zip.dll
0x0000000005810000 - 0x000000000581a000 	c:\temp\Work\JDK\WEEKLYmtg\VM6\windows-amd64\jre\bin\dt_shmem.dll
0x0000000005f40000 - 0x0000000005f57000 	C:\temp\Work\JDK\WEEKLYmtg\VM6\windows-amd64\jre\bin\net.dll
0x000007ff77150000 - 0x000007ff77180000 	C:\WINDOWS\system32\WS2_32.dll
0x000007ff77140000 - 0x000007ff7714c000 	C:\WINDOWS\system32\WS2HELP.dll
0x000007ff76fe0000 - 0x000007ff7705c000 	C:\WINDOWS\System32\mswsock.dll
0x000007ff7e720000 - 0x000007ff7e76e000 	C:\WINDOWS\system32\DNSAPI.dll
0x000007ff7e820000 - 0x000007ff7e82b000 	C:\WINDOWS\System32\winrnr.dll
0x000007ff7e780000 - 0x000007ff7e7e6000 	C:\WINDOWS\system32\WLDAP32.dll
0x000007ff7e830000 - 0x000007ff7e837000 	C:\WINDOWS\system32\rasadhlp.dll
0x000007ff6d1f0000 - 0x000007ff6d281000 	C:\WINDOWS\system32\hnetcfg.dll
0x000007ff76fa0000 - 0x000007ff76fab000 	C:\WINDOWS\System32\wshtcpip.dll
0x00000000064f0000 - 0x00000000064f8000 	X:\backup\testbase\testbase_vm.1.6\vm\bin\lib\windows-amd64\nsk\share\locks\LockingThread.dll

VM Arguments:
jvm_args: -Xdebug -Xrunjdwp:transport=dt_shmem,address=javadebug8343,suspend=y
java_command: nsk.share.jdi.OwnedMonitorsDebuggee -arch=windows-amd64 -waittime=2 -debugee.vmkind=java -transport.address=dynamic -pipe.port=4675
Launcher Type: SUN_STANDARD

Environment Variables:
CLASSPATH=C:/temp/Work/exec/nsk.jdi-14-WEEKLYmtg-VM6-ServerVM-mixed-64BITWIN03-AMD64-2006-08-15-22-20-34-0222/run2/Administrator.Windows_2003.amd64/ownedMonitorsAndFrames007;x:/backup/testbase/testbase_vm.1.6/vm/bin/classes;c:/temp/Work/JDK/WEEKLYmtg/VM6/windows-amd64/lib/tools.jar
PATH=c:/temp/Work/JDK/WEEKLYmtg/VM6/windows-amd64/bin;x:/backup/testbase/testbase_vm.1.6/vm/src/nsk/share/lib/windows-amd64;C:/WINDOWS/system32;c:/temp/Work/JDK/WEEKLYmtg/VM6/windows-amd64/jre/bin/server;c:/temp/Work/JDK/WEEKLYmtg/VM6/windows-amd64/jre/bin;C:/PROGRA~2/MKSTOO~1/mksnt;x:/backup/testbase/testbase_vm.1.6/vm/bin/lib/windows-amd64/nsk/share/locks;
USERNAME=Administrator
LD_LIBRARY_PATH=x:/backup/testbase/testbase_vm.1.6/vm/bin/lib/windows-amd64/nsk/share/locks
SHELL=C:/PROGRA~2/MKSTOO~1/mksnt/sh.exe
DISPLAY=:0.0
OS=Windows_NT
PROCESSOR_IDENTIFIER=AMD64 Family 15 Model 5 Stepping 10, AuthenticAMD



---------------  S Y S T E M  ---------------

OS: Windows Server 2003 family Build 3790 Service Pack 1

CPU:total 2 amd64 3dnow

Memory: 4k page, physical 1047944k(695032k free), swap 3162288k(2530080k free)

vm_info: Java HotSpot(TM) 64-Bit Server VM (1.6.0-rc-b95) for windows-amd64, built on Aug 10 2006 00:19:57 by "java_re" with unknown MS VC++:1400

                                    

Comments
EVALUATION

This problem is seen only on windows-amd64 and it is not easy to reproduce it.
This is random failure.
                                     
2006-08-22
EVALUATION

I was able to reproduce this after few runs. It is seg faulting in method oop_verify_on(). The faulting thread is vm thread. The def new generation
eden space and from space is almost 100% full. I think it is running
gc. There is no stack trace saved in hs err file to verify this also
I could not get a minidump even after enabling it from drwtsn32 tool. 
I suspect this is gc issue.
                                     
2006-08-23
EVALUATION

It is carshing in jvmtiThreadState::periodic_clean_up() at line marked "<===="
which is trying to deference the env ptr.

    while (ets != NULL) {
      if (ets->get_env()->is_valid()) {    <=====

Which is running in vm thread at safe point.
                                     
2006-08-26
EVALUATION

We got several failures with similar error messages in spb-nightly in following tests:
	nsk/jdi/ObjectReference/referringObjects/referringObjects001
This failures occurs on windows-i586 and it looks like reason of this errors is using of heapwalking methods: VirtualMachine.instanceCounts(), ReferenceType.instances(), ObjectReference.referringObjects() (tests for ThreadReference.ownedMonitorsAndFrames() also use this methods). I created minimized testcase: debuggee vm starts several threads filling memory and debugger calls several times heapwalking methods. This test always crashes on windows machine (this testcase is attached).
                                     
2006-09-25
EVALUATION

Problem here is jvmtiEnvBase::periodic_clean_up() is called first which 
deletes the jvmtiEnv and then jvmtiThreadState::periodic_clean_up() is 
called which tries to access the deleted jvmtiEnv.  See jvmtiEnvBase.cpp
file in method check_for_periodic_cleanup() (approx line 232).
                                     
2007-04-19
SUGGESTED FIX

=>sccs diffs jvmtiThreadState.cpp

------- jvmtiThreadState.cpp -------
138c138
<       if (ets->get_env()->is_valid()) {
---
>       if (ets->get_env() != NULL && ets->get_env()->is_valid()) {

I tried this fix and it did not solve this problem. Because 
defunct jvmtiEnv reference saved in JvmtiEnvThreadState::_env 
was not removed. The dead reference should be cleaned up.
                                     
2007-04-19
SUGGESTED FIX

Snip of assembly code:

;; 0812bd1e 33 ff                   xor    %edi,%edi
;; 0812bd20 85 f6                   test   %esi,%esi
;; 0812bd22 74 3c                   je     0x0812bd60
;; 0812bd24 8b 56 04                mov    0x4(%esi),%edx
                                    ^^^^^^^^^^^^^^^^^^^^^^^
                     		     SEGFAULTED here because            
;; ---------------
;; 0812bd27 81 7a 04 ee 71 00 00    cmpl   $0x71ee,0x4(%edx)
                                           ^^^^^^^ is our JVMTI_MAGIC
;; 0812bd2e 75 07                   jne    0x0812bd37
;; 0812bd30 8b fe                   mov    %esi,%edi
;; 0812bd32 8b 76 08                mov    0x8(%esi),%esi
;; 0812bd35 eb 25                   jmp    0x0812bd5c
;; 

So the above code maps to this source code in jvmtiThreadState.cpp::periodic_clean_up():

     if (ets->get_env()->is_valid()) {

jvmtiEnv returned by get_env() was deleted in jvmtiEnvBase::periodic_clean_up().
So we are accessing a deleted pointer here.
                                     
2007-04-20



Hardware and Software, Engineered to Work Together