JDK-6469580 : 1.5.0_08 JVM crashes in SignatureHandlerLibrary::add on Fujitsu Primepower platform
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 5.0u8,6
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: solaris_9,solaris_10
  • CPU: x86,sparc
  • Submitted: 2006-09-12
  • Updated: 2010-04-03
  • Resolved: 2007-03-24
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other JDK 6 JDK 7 Other
5.0u14,OpenJDK6Fixed 6u2 b01Fixed 7Fixed OpenJDK6Fixed
Related Reports
Duplicate :  
Relates :  
Relates :  
Description
Customer experiences crashes in SignatureHandlerLibrary::add
The stack trace looks like this.

They are running the testcase from bug 6305546.
java -Xint -classpath dacapo-beta050224.jar Harness -s small chart


-----------------  lwp# 1 / thread# 1  --------------------
 ff31fb84 _lwp_kill (6, 0, ffbfd6b0, 75c8, 8540, 8400) + 8
 ff2b6d10 abort    (6c00, fefce000, fee76fe0, ff023794, 0, 338d0) + 100
 fee70c1c void os::abort(int) (1, 0, ff00277c, fefce000, 74c8, 7400) + 58
 feeff200 void VMError::report_and_die() (0, ff029eb8, ff02376c, 1, fee750a8, ff02376c) + c84
 fea73480 JVM_handle_solaris_signal (b, ffbfddb0, ffbfdaf8, 7800, ff022790, 369f0) + aac
 ff385b0c __sighndlr (b, ffbfddb0, ffbfdaf8, fea7299c, 0, 0) + c
 ff37f804 call_user_handler (b, ffbfddb0, ffbfdaf8, 0, 0, 0) + 234
 ff37f9b4 sigacthandler (b, ffbfddb0, ffbfdaf8, 0, 156, 156) + 64
 --- called from signal handler with signal 11 (SIGSEGV) ---
 fea831fc void SignatureHandlerLibrary::add(methodHandle) (ffbfdf84, 0, 0, ff0023a8, 9400, 80000000) + 358
 fea82d70 void InterpreterRuntime::prepare_native_call(JavaThread*,methodOopDesc*) (369f0, b4956238, 8bd4, 8c00, fefce000, 6) + 1c4
 f900ba58 ???????? (e49057e0, ff0267ac, 0, 4, 8800, ffbfe010)
 f90058fc ???????? (80000000, ff0267ac, 0, f90142f0, 8800, ffbfe0b8)
 f9005874 ???????? (e3577a90, ff0267ac, 0, f900dfb0, 8800, ffbfe178)
 f9005764 ???????? (e3512310, b4a00010, 0, f9013f30, 8800, ffbfe208)
 f9005c2c ???????? (e3478b18, ff0267ac, 0, f90143e0, 8800, ffbfe290)
 f9005764 ???????? (e3466640, ff0267ac, 0, f9013ee0, 8800, ffbfe380)
 f9005764 ???????? (e3466640, ff0267ac, 0, f9014188, 8800, ffbfe420)
 f9005764 ???????? (2000, 2, 0, f9014188, ffb8c200, ffbfe5a8)
 f9000218 ???????? (ffbfe690, ffbfe898, a, b49ea4b0, f900a840, ffbfe8c8)
 fe999d8c void JavaCalls::call_helper(JavaValue*,methodHandle*,JavaCallArguments*,Thread*) (1, 369f0, ffbfe8c0, ffbfe6a0, 4, ffbfe898) + 5a0
 fea337c4 oopDesc*Reflection::invoke(instanceKlassHandle,methodHandle,Handle,int,objArrayHandle,BasicType,objArrayHandle,int,Thread*) (0, 1, 4, 1, ff
bfe9e8, fefce000) + 14a8
 feaff9cc oopDesc*Reflection::invoke_method(oopDesc*,Handle,objArrayHandle,Thread*) (36fd4, ffbfe9e4, 36fcc, 369f0, 36fd0, 0) + 268
 feafd9f8 JVM_InvokeMethod (36aac, 0, 0, ffbfec44, ff023154, 369f0) + 2bc
 fe770358 Java_sun_reflect_NativeMethodAccessorImpl_invoke0 (36aac, ffbfebc0, ffbfec4c, 0, ffbfec44, 8000) + 10
 f900bb08 ???????? (369f0, ffbfec4c, ffbfebc0, ffffff80, 80000000, 1a7c)
 f900baac ???????? (80000000, ff0267ac, 0, c, 8800, ffbfebd8)
 f9005874 ???????? (e3453e08, ff0267ac, 0, f90142a0, 8800, ffbfec70)
 f9005874 ???????? (e3453e20, b4842180, 0, f9013ee0, 8800, ffbfecf0)
 f9005d3c ???????? (e3453778, ff0267ac, 0, f90143e0, 8800, ffbfed80)
 f9005874 ???????? (e34478f8, ff0267ac, 0, f9013ee0, 8800, ffbfee28)
 f9005764 ???????? (80000000, ff0267ac, 0, f9014140, 8800, ffbfeee0)
 f9005764 ???????? (2000, 2, 0, f90142a0, ffb8c0f8, ffbfef58)
 f9000218 ???????? (ffbff040, ffbff1a0, a, b49caae8, f900a840, ffbff128)
 fe999d8c void JavaCalls::call_helper(JavaValue*,methodHandle*,JavaCallArguments*,Thread*) (1, 369f0, ffbff120, ffbff050, 4, ffbff1a0) + 5a0
 feadb898 jni_CallStaticVoidMethod (ff023154, 36fc4, 36bc0, 369f0, 36bb8, 34b10) + 500
 00012224 main     (375a0, 343f9, ff01a9f0, 1d8, fead0ee4, 1) + 115c
 000110b0 _start   (0, 0, 0, 0, 0, 0) + 108

Comments
SUGGESTED FIX *** src/solaris/native/sun/security/pkcs11/wrapper/p11_md.c Thu Jun 23 11:57:50 2005 --- p11_md.c Fri Mar 2 07:08:24 2007 *************** *** 122,128 **** */ dlerror(); /* clear any old error message not fetched */ C_GetFunctionList = (CK_C_GetFunctionList) dlsym(hModule, "C_GetFunctionList"); ! if ((C_GetFunctionList == NULL) || ((systemErrorMessage = dlerror()) != NULL)){ throwIOException(env, systemErrorMessage); /* Free the buffer. */ - free(systemErrorMessage); --- 122,131 ---- */ dlerror(); /* clear any old error message not fetched */ C_GetFunctionList = (CK_C_GetFunctionList) dlsym(hModule, "C_GetFunctionList"); ! if ( C_GetFunctionList == NULL ){ ! throwIOException(env, "ERROR: C_GetFunctionList == NULL"); ! return; ! } else if ( (systemErrorMessage = dlerror()) != NULL ){ throwIOException(env, systemErrorMessage); /* Free the buffer. */
02-03-2007

EVALUATION After access to the Fujitsu platform, Thanks to Tom Rodriguez for analysis: Well that crash looks like bad code in the pkcs11 wrapper. Check out /java/re/jdk/1.7.0/promoted/all/b07/ws/j2se/src/solaris/native/sun/security/pkcs11/wrapper/p11_md.c. Around line 130 is this: /* * Get function pointer to C_GetFunctionList */ dlerror(); /* clear any old error message not fetched */ // with the old JAR file jGetFunctionList is null, temporarily check for that if (jGetFunctionList != NULL) { getFunctionListStr = (*env)->GetStringUTFChars(env, jGetFunctionList, 0); C_GetFunctionList = (CK_C_GetFunctionList) dlsym(hModule, getFunctionListStr); (*env)->ReleaseStringUTFChars(env, jGetFunctionList, getFunctionListStr); } if ((C_GetFunctionList == NULL) || ((systemErrorMessage = dlerror()) != NULL)){ throwIOException(env, systemErrorMessage); return; } If dlsym returns null then we'll call throwIOException with systemErrorMessage, which hasn't been initialized. It seems like there are a lot of dubious paths through this code because there are so many uninitialized variables. So it looks like the PKCS11 library exists but doesn't have the entry point that this code needs so we die while trying to throw an exception for it. So we need to initialize systemErrorMessage or split the path.
28-02-2007

EVALUATION On SunOS s4us-pp650a-gmp02 5.10 Generic_118833-17 sun4us sparc FJSV,GPUSC-M isainfo -v 64-bit sparcv9 applications vis2 vis 32-bit sparc applications vis2 vis v8plus div32 mul32 (Attached showrev -p output as OKPrimePower-info ) the failure does not occurr (in any version ): s4us-pp650a-gmp02: 223 % ./jdk1.6.0/bin/java -Xint -classpath dacapo-beta050224.jar Harness -s small chart ===== DaCapo chart Starting ===== Done plotting: scratch/compress-tgt-ptr-prf-time.pdf Done plotting: scratch/compress-src-ptr-prf-time.pdf Done plotting: scratch/compress-dst-ptr-prf-time.pdf Done plotting: scratch/compress-tgt-mut-prf-time.pdf Done plotting: scratch/compress-src-mut-prf-time.pdf Done plotting: scratch/compress-dst-mut-prf-time.pdf Done plotting: scratch/compress-heap-comp-b.pdf Done plotting: scratch/compress-heap-comp-a.pdf Done plotting: scratch/compress-tgt-ptr-inf-time.pdf Done plotting: scratch/compress-src-ptr-inf-time.pdf Done plotting: scratch/compress-dst-ptr-inf-time.pdf Done plotting: scratch/compress-tgt-mut-inf-time.pdf Done plotting: scratch/compress-src-mut-inf-time.pdf Done plotting: scratch/compress-dst-mut-inf-time.pdf ===== DaCapo chart Finished in 195269 msec ===== s4us-pp650a-gmp02: 224 % ./jdk1.6.0/bin/java -Xint -version java version "1.6.0" Java(TM) SE Runtime Environment (build 1.6.0-b105) Java HotSpot(TM) Server VM (build 1.6.0-b105, interpreted mode) Need more info about the environment.
18-12-2006

EVALUATION Neglected to mention that there are core files etc available (oft times gzipped by the cores daemon ;( ) at: /net/cores.central/cores/dir30/10907101/ 0907/int is the original 5u8 -server -Xint issue 0921/jdk16_server 0921/jdk16_client are the 1.6.0-rc-b98 cores. Any insight would be appreciated.
28-09-2006

EVALUATION The failures with this test appear to occur only on PrimePower machines. Is there an architectural difference that we are encountering that could cause this? I note the following from an earlier bug: http://monaco.sfbay.sun.com/detail.jsf?cr=6330078 "This happens because libjvm's GenericGrowableArray::GenericGrowableArray(int, int) suffers from V8+ trap handler problem -- higher 32 bits of $o7 got cleared in the middle of the constructor and it chooses the wrong branch (the decision depends indirectly on the value of $o7). Thus the crash." Here's the stack for jdk 6 server(essentially similar for both client and server, did they try -Xint? ): ---- called from signal handler with signal 11 (SIGSEGV) ------ [8] UTF8::unicode_length(0x200, 0xfe77d2bc, 0xfe77d2b8, 0x2fc00, 0x304c8, 0x62e6e0), at 0xfe94d704 [9] java_lang_String::create_from_str(0xfe77d2fc, 0x200, 0x2fc00, 0x0, 0x0, 0x45136c), at 0xfe969934 [10] Exceptions::new_exception(0xfe77d408, 0x2fc00, 0xfe77d404, 0x0, 0xfe77d400, 0xfe77d3fc), at 0xfeb46d50 [11] Exceptions::_throw_msg(0x2fc00, 0xfeef78cf, 0x205, 0xfe77d490, 0x0, 0x0), at 0xfeb46994 [12] jni_ThrowNew(0x0, 0xfefbb1ec, 0x200, 0x2fc00, 0x304bc, 0xa0400), at 0xfeba19ec [13] throwIOException(0x2fce8, 0x200, 0x10000, 0x12908, 0xb78ccfb4, 0xfefbbdd8), at 0xb78ba6ec [14] Java_sun_security_pkcs11_wrapper_PKCS11_connect(0x2fce8, 0xfefbbdd8, 0xfe77d6e8, 0xfe77d6e4, 0x0, 0xfefc1dc0), at 0xb78bbcc8 [15] 0xfc40eba8(0x0, 0xfe77d6ec, 0xfe77d670, 0xffffff80, 0x2fc00, 0x8), at 0xfc40eba8 [16] 0xfc40eb54(0xe6a1f150, 0x20000000, 0x0, 0xc, 0x1f80, 0xfe77d688), at 0xfc40eb54 [17] 0xfc405a30(0xe6a1f150, 0x20000000, 0x0, 0xfc418ea0, 0x1f80, 0xfe77d708), at 0xfc405a30 [18] 0xfc405a30(0x2fc00, 0x20000000, 0x0, 0xfc418ea0, 0x1f80, 0xfe77d7a0), at 0xfc405a30 [19] 0xfc4058c0(0xe69d0458, 0x20000000, 0x0, 0xfc418c70, 0x1f80, 0xfe77d870), at 0xfc4058c0 [20] 0xfc405a30(0x2fc00, 0x29dbc, 0x0, 0xfc418ea0, 0xe69d0458, 0xfe77d8f0), at 0xfc405a30 [21] 0xfc40021c(0xfe77da00, 0xfe77dc08, 0xa, 0xb85de5b0, 0xfc40c340, 0xfe77dc38), at 0xfc40021c [22] JavaCalls::call_helper(0x2, 0xb85de5b0, 0xfe77dc2c, 0x2fc00, 0x304b0, 0xfe77d9e0), at 0xfe8e1460 [23] Reflection::invoke(0x1, 0x4, 0xfef98000, 0x3045c, 0x2de20, 0x30070), at 0xfedcc6f0 [24] Reflection::invoke_constructor(0x304a0, 0xfe77dd9c, 0x2fc00, 0x304b0, 0x304a8, 0x304a4), at 0xfe94f22c [25] JVM_NewInstanceFromConstructor(0x2fce8, 0x3049c, 0x304a0, 0x2fc00, 0x1ffc, 0x29dbc), at 0xfe94f3f4 [26] Java_sun_reflect_NativeConstructorAccessorImpl_newInstance0(0x2fce8, 0xfe77df60, 0xfe77dfe4, 0xfe77dfe0, 0xfc00, 0x0), at 0xfe69ddb8 [27] 0xfc40eba8(0x239, 0xfe77dfe4, 0xfe77df60, 0xffffff80, 0xfefc4acc, 0x0), at 0xfc40eba8 [28] 0xfc40eb54(0xe69cb1c8, 0xb8, 0x0, 0x8, 0xe69db860, 0xfe77df78), at 0xfc40eb54 [29] 0xfc4058c0(0xe69cb1d8, 0xb6, 0x0, 0xfc419000, 0x75, 0xfe77e008), at 0xfc4058c0 [30] 0xfc4058c0(0xe69cb1f0, 0xb7c46300, 0x0, 0xfc418c20, 0x29c00, 0xfe77e088), at 0xfc4058c0 [31] 0xfc405de0(0xe69cb188, 0x20000000, 0x0, 0xfc419160, 0x1f80, 0xfe77e118), at 0xfc405de0 [32] 0xfc4058c0(0x2fc00, 0x29dbc, 0x0, 0xfc418c70, 0xe68c7630, 0xfe77e1b0), at 0xfc4058c0 [33] 0xfc40021c(0xfe77e2b8, 0xfe77e4e0, 0xa, 0xb850d860, 0xfc40c340, 0xfe77e454), at 0xfc40021c [34] JavaCalls::call_helper(0x1, 0xb850d860, 0xfe77e44c, 0x2fc00, 0x30494, 0xfe77e298), at 0xfe8e1460 [35] JVM_DoPrivileged(0xfe77e470, 0x30498, 0x30494, 0xfe77e4f8, 0x2fc00, 0xfef98000), at 0xfe946d74 [36] Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedAction_2(0x2fce8, 0xfe77e8c0, 0xfe77e9 3c, 0x0, 0x29c00, 0x20100), at 0xfe69ab0c [37] 0xfc40eba8(0x1259, 0xfe77e93c, 0xfe77e8c0, 0xffffff80, 0x1f80, 0x0), at 0xfc40eba8 [38] 0xfc40eb54(0xe68c7630, 0xb8, 0x0, 0x4, 0x1f80, 0xfe77e8d8), at 0xfc40eb54 [39] 0xfc4058c0(0xe68c69a0, 0x20000000, 0x0, 0xfc418ea0, 0x1f80, 0xfe77e960), at 0xfc4058c0 [40] 0xfc4058c0(0xe68c69a0, 0x20000000, 0x0, 0xfc418ea0, 0x1f80, 0xfe77e9f8), at 0xfc4058c0 [41] 0xfc4058c0(0xe68c6800, 0x20000000, 0x0, 0xfc418c20, 0x1f80, 0xfe77ea80), at 0xfc4058c0 [42] 0xfc4058c0(0xe68c6800, 0x20000000, 0x0, 0xfc418c68, 0x1f80, 0xfe77eb10), at 0xfc4058c0 [43] 0xfc4058c0(0x2fc00, 0x20000000, 0x0, 0xfc418c20, 0x1f80, 0xfe77ebb0), at 0xfc4058c0 [44] 0xfc4058c0(0x2fc00, 0x20000000, 0x0, 0xfc419000, 0x1f80, 0xfe77ec38), at 0xfc4058c0 [45] 0xfc4058c0(0x2fc00, 0x20000000, 0x0, 0xfc419000, 0x1f80, 0xfe77ecc8), at 0xfc4058c0 [46] 0xfc4058c0(0x2fc00, 0x20000000, 0x0, 0xfc419050, 0x1f80, 0xfe77ed70), at 0xfc4058c0 [47] 0xfc4058c0(0xe7d05878, 0x20000000, 0x0, 0xfc4112b0, 0x1f80, 0xfe77ee30), at 0xfc4058c0 [48] 0xfc405a30(0xe7d07560, 0xb7e7bba8, 0x0, 0xfc418c70, 0x1f80, 0xfe77eec0), at 0xfc405a30 [49] 0xfc405f50(0xe7d057d0, 0x20000000, 0x0, 0xfc419160, 0x1f80, 0xfe77ef48), at 0xfc405f50 [50] 0xfc405a30(0xe6875038, 0x20000000, 0x0, 0xfc418c20, 0x1f80, 0xfe77f038), at 0xfc405a30 [51] 0xfc405a30(0xe6875038, 0x20000000, 0x0, 0xfc418ee8, 0x1f80, 0xfe77f0d8), at 0xfc405a30 [52] 0xfc405a30(0x2fc00, 0x29dbc, 0x0, 0xfc418ee8, 0x0, 0xfe77f260), at 0xfc405a30 [53] 0xfc40021c(0xfe77f368, 0xfe77f570, 0xa, 0xb7e653e8, 0xfc40c340, 0xfe77f59c), at 0xfc40021c [54] JavaCalls::call_helper(0x1, 0xb7e653e8, 0xfe77f594, 0x2fc00, 0x0, 0xfe77f348), at 0xfe8e1460 [55] Reflection::invoke(0x1, 0x4, 0xfef98000, 0x3045c, 0x2de20, 0x30070), at 0xfedcc6f0 [56] Reflection::invoke_method(0x30488, 0xfe77f704, 0xfe77f77c, 0x1, 0x30484, 0x30490), at 0xfe9b6050 [57] JVM_InvokeMethod(0x2fce8, 0x0, 0x0, 0xfe77f954, 0x2fc00, 0xfefb8100), at 0xfe9b4778 [58] Java_sun_reflect_NativeMethodAccessorImpl_invoke0(0x2fce8, 0xfe77f8d0, 0xfe77f95c, 0x0, 0xfe77f954, 0xfefc1dc0), at 0xfe6a0c4c [59] 0xfc40eba8(0x0, 0xfe77f95c, 0xfe77f8d0, 0xffffff80, 0x2fc00, 0x8), at 0xfc40eba8 [60] 0xfc40eb54(0x2fc00, 0x20000000, 0x0, 0xc, 0x1f80, 0xfe77f8e8), at 0xfc40eb54 [61] 0xfc4058c0(0xe6861c58, 0x20000000, 0x0, 0xfc419000, 0x1f80, 0xfe77f980), at 0xfc4058c0 [62] 0xfc4058c0(0xe6861c70, 0xb7c45c40, 0x0, 0xfc418c20, 0x1f80, 0xfe77fa00), at 0xfc4058c0 [63] 0xfc405de0(0xe68615a8, 0x20000000, 0x0, 0xfc419160, 0x1f80, 0xfe77faa0), at 0xfc405de0 [64] 0xfc4058c0(0xe6855740, 0x20000000, 0x0, 0xfc418c20, 0x1f80, 0xfe77fb48), at 0xfc4058c0 [65] 0xfc405a30(0x2fc00, 0x20000000, 0x0, 0xfc418ea0, 0x1f80, 0xfe77fc00), at 0xfc405a30 [66] 0xfc405a30(0xfe77ffa0, 0x29dbc, 0x0, 0xfc419000, 0x0, 0xfe77fc78), at 0xfc405a30 [67] 0xfc40021c(0xfe77fd80, 0xfe77ff08, 0xa, 0xb7e49580, 0xfc40c340, 0xfe77fe60), at 0xfc40021c [68] JavaCalls::call_helper(0x1, 0xb7e49580, 0xfe77fe58, 0x2fc00, 0x0, 0xfe77fd60), at 0xfe8e1460 [69] jni_CallStaticVoidMethod(0x2fce8, 0x30474, 0x30070, 0x2fc00, 0x30068, 0x2de20), at 0xfe99e4ec [70] JavaMain(0x30aac, 0x2b5e4, 0x2ac30, 0x2fce8, 0x3, 0xfefbbdd8), at 0x13a4c
27-09-2006