United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6469580 1.5.0_08 JVM crashes in SignatureHandlerLibrary::add on Fujitsu Primepower platform
JDK-6469580 : 1.5.0_08 JVM crashes in SignatureHandlerLibrary::add on Fujitsu Primepower platform

Details
Type:
Bug
Submit Date:
2006-09-12
Status:
Resolved
Updated Date:
2010-04-03
Project Name:
JDK
Resolved Date:
2007-03-24
Component:
security-libs
OS:
solaris_9,solaris_10
Sub-Component:
java.security
CPU:
x86,sparc
Priority:
P3
Resolution:
Fixed
Affected Versions:
5.0u8,6
Fixed Versions:
6u2 (b01)

Related Reports
Backport:
Backport:
Backport:
Duplicate:
Relates:
Relates:

Sub Tasks

Description
Customer experiences crashes in SignatureHandlerLibrary::add
The stack trace looks like this.

They are running the testcase from bug 6305546.
java -Xint -classpath dacapo-beta050224.jar Harness -s small chart


-----------------  lwp# 1 / thread# 1  --------------------
 ff31fb84 _lwp_kill (6, 0, ffbfd6b0, 75c8, 8540, 8400) + 8
 ff2b6d10 abort    (6c00, fefce000, fee76fe0, ff023794, 0, 338d0) + 100
 fee70c1c void os::abort(int) (1, 0, ff00277c, fefce000, 74c8, 7400) + 58
 feeff200 void VMError::report_and_die() (0, ff029eb8, ff02376c, 1, fee750a8, ff02376c) + c84
 fea73480 JVM_handle_solaris_signal (b, ffbfddb0, ffbfdaf8, 7800, ff022790, 369f0) + aac
 ff385b0c __sighndlr (b, ffbfddb0, ffbfdaf8, fea7299c, 0, 0) + c
 ff37f804 call_user_handler (b, ffbfddb0, ffbfdaf8, 0, 0, 0) + 234
 ff37f9b4 sigacthandler (b, ffbfddb0, ffbfdaf8, 0, 156, 156) + 64
 --- called from signal handler with signal 11 (SIGSEGV) ---
 fea831fc void SignatureHandlerLibrary::add(methodHandle) (ffbfdf84, 0, 0, ff0023a8, 9400, 80000000) + 358
 fea82d70 void InterpreterRuntime::prepare_native_call(JavaThread*,methodOopDesc*) (369f0, b4956238, 8bd4, 8c00, fefce000, 6) + 1c4
 f900ba58 ???????? (e49057e0, ff0267ac, 0, 4, 8800, ffbfe010)
 f90058fc ???????? (80000000, ff0267ac, 0, f90142f0, 8800, ffbfe0b8)
 f9005874 ???????? (e3577a90, ff0267ac, 0, f900dfb0, 8800, ffbfe178)
 f9005764 ???????? (e3512310, b4a00010, 0, f9013f30, 8800, ffbfe208)
 f9005c2c ???????? (e3478b18, ff0267ac, 0, f90143e0, 8800, ffbfe290)
 f9005764 ???????? (e3466640, ff0267ac, 0, f9013ee0, 8800, ffbfe380)
 f9005764 ???????? (e3466640, ff0267ac, 0, f9014188, 8800, ffbfe420)
 f9005764 ???????? (2000, 2, 0, f9014188, ffb8c200, ffbfe5a8)
 f9000218 ???????? (ffbfe690, ffbfe898, a, b49ea4b0, f900a840, ffbfe8c8)
 fe999d8c void JavaCalls::call_helper(JavaValue*,methodHandle*,JavaCallArguments*,Thread*) (1, 369f0, ffbfe8c0, ffbfe6a0, 4, ffbfe898) + 5a0
 fea337c4 oopDesc*Reflection::invoke(instanceKlassHandle,methodHandle,Handle,int,objArrayHandle,BasicType,objArrayHandle,int,Thread*) (0, 1, 4, 1, ff
bfe9e8, fefce000) + 14a8
 feaff9cc oopDesc*Reflection::invoke_method(oopDesc*,Handle,objArrayHandle,Thread*) (36fd4, ffbfe9e4, 36fcc, 369f0, 36fd0, 0) + 268
 feafd9f8 JVM_InvokeMethod (36aac, 0, 0, ffbfec44, ff023154, 369f0) + 2bc
 fe770358 Java_sun_reflect_NativeMethodAccessorImpl_invoke0 (36aac, ffbfebc0, ffbfec4c, 0, ffbfec44, 8000) + 10
 f900bb08 ???????? (369f0, ffbfec4c, ffbfebc0, ffffff80, 80000000, 1a7c)
 f900baac ???????? (80000000, ff0267ac, 0, c, 8800, ffbfebd8)
 f9005874 ???????? (e3453e08, ff0267ac, 0, f90142a0, 8800, ffbfec70)
 f9005874 ???????? (e3453e20, b4842180, 0, f9013ee0, 8800, ffbfecf0)
 f9005d3c ???????? (e3453778, ff0267ac, 0, f90143e0, 8800, ffbfed80)
 f9005874 ???????? (e34478f8, ff0267ac, 0, f9013ee0, 8800, ffbfee28)
 f9005764 ???????? (80000000, ff0267ac, 0, f9014140, 8800, ffbfeee0)
 f9005764 ???????? (2000, 2, 0, f90142a0, ffb8c0f8, ffbfef58)
 f9000218 ???????? (ffbff040, ffbff1a0, a, b49caae8, f900a840, ffbff128)
 fe999d8c void JavaCalls::call_helper(JavaValue*,methodHandle*,JavaCallArguments*,Thread*) (1, 369f0, ffbff120, ffbff050, 4, ffbff1a0) + 5a0
 feadb898 jni_CallStaticVoidMethod (ff023154, 36fc4, 36bc0, 369f0, 36bb8, 34b10) + 500
 00012224 main     (375a0, 343f9, ff01a9f0, 1d8, fead0ee4, 1) + 115c
 000110b0 _start   (0, 0, 0, 0, 0, 0) + 108

                                    

Comments
EVALUATION

The failures with this test appear to occur only on PrimePower machines. Is there
an architectural difference that we are encountering that could cause this?
I note the following from an earlier bug:
 http://monaco.sfbay.sun.com/detail.jsf?cr=6330078  
 "This happens because libjvm's 
  GenericGrowableArray::GenericGrowableArray(int, int)
  suffers from V8+ trap handler problem -- higher 32 bits of $o7 
  got cleared in the middle of the constructor and it chooses the 
  wrong branch (the decision depends indirectly on the value
  of $o7). Thus the crash."

Here's the stack for jdk 6 server(essentially similar for both client and server,
did they try -Xint? ):

   ---- called from signal handler with signal 11 (SIGSEGV) ------
  [8] UTF8::unicode_length(0x200, 0xfe77d2bc, 0xfe77d2b8, 0x2fc00, 0x304c8, 0x62e6e0), at 0xfe94d704 
  [9] java_lang_String::create_from_str(0xfe77d2fc, 0x200, 0x2fc00, 0x0, 0x0, 0x45136c), at 0xfe969934 
  [10] Exceptions::new_exception(0xfe77d408, 0x2fc00, 0xfe77d404, 0x0, 0xfe77d400, 0xfe77d3fc), at 0xfeb46d50 
  [11] Exceptions::_throw_msg(0x2fc00, 0xfeef78cf, 0x205, 0xfe77d490, 0x0, 0x0), at 0xfeb46994 
  [12] jni_ThrowNew(0x0, 0xfefbb1ec, 0x200, 0x2fc00, 0x304bc, 0xa0400), at 0xfeba19ec 
  [13] throwIOException(0x2fce8, 0x200, 0x10000, 0x12908, 0xb78ccfb4, 0xfefbbdd8), at 0xb78ba6ec 
  [14] Java_sun_security_pkcs11_wrapper_PKCS11_connect(0x2fce8, 0xfefbbdd8, 0xfe77d6e8, 0xfe77d6e4, 0x0, 0xfefc1dc0), at
 0xb78bbcc8 
  [15] 0xfc40eba8(0x0, 0xfe77d6ec, 0xfe77d670, 0xffffff80, 0x2fc00, 0x8), at 0xfc40eba8 
  [16] 0xfc40eb54(0xe6a1f150, 0x20000000, 0x0, 0xc, 0x1f80, 0xfe77d688), at 0xfc40eb54 
  [17] 0xfc405a30(0xe6a1f150, 0x20000000, 0x0, 0xfc418ea0, 0x1f80, 0xfe77d708), at 0xfc405a30 
  [18] 0xfc405a30(0x2fc00, 0x20000000, 0x0, 0xfc418ea0, 0x1f80, 0xfe77d7a0), at 0xfc405a30 
  [19] 0xfc4058c0(0xe69d0458, 0x20000000, 0x0, 0xfc418c70, 0x1f80, 0xfe77d870), at 0xfc4058c0 
  [20] 0xfc405a30(0x2fc00, 0x29dbc, 0x0, 0xfc418ea0, 0xe69d0458, 0xfe77d8f0), at 0xfc405a30 
  [21] 0xfc40021c(0xfe77da00, 0xfe77dc08, 0xa, 0xb85de5b0, 0xfc40c340, 0xfe77dc38), at 0xfc40021c 
  [22] JavaCalls::call_helper(0x2, 0xb85de5b0, 0xfe77dc2c, 0x2fc00, 0x304b0, 0xfe77d9e0), at 0xfe8e1460 
  [23] Reflection::invoke(0x1, 0x4, 0xfef98000, 0x3045c, 0x2de20, 0x30070), at 0xfedcc6f0 
  [24] Reflection::invoke_constructor(0x304a0, 0xfe77dd9c, 0x2fc00, 0x304b0, 0x304a8, 0x304a4), at 0xfe94f22c 
  [25] JVM_NewInstanceFromConstructor(0x2fce8, 0x3049c, 0x304a0, 0x2fc00, 0x1ffc, 0x29dbc), at 0xfe94f3f4 
  [26] Java_sun_reflect_NativeConstructorAccessorImpl_newInstance0(0x2fce8, 0xfe77df60, 0xfe77dfe4, 0xfe77dfe0, 0xfc00, 
0x0), at 0xfe69ddb8 
  [27] 0xfc40eba8(0x239, 0xfe77dfe4, 0xfe77df60, 0xffffff80, 0xfefc4acc, 0x0), at 0xfc40eba8 
  [28] 0xfc40eb54(0xe69cb1c8, 0xb8, 0x0, 0x8, 0xe69db860, 0xfe77df78), at 0xfc40eb54 
  [29] 0xfc4058c0(0xe69cb1d8, 0xb6, 0x0, 0xfc419000, 0x75, 0xfe77e008), at 0xfc4058c0 
  [30] 0xfc4058c0(0xe69cb1f0, 0xb7c46300, 0x0, 0xfc418c20, 0x29c00, 0xfe77e088), at 0xfc4058c0 
  [31] 0xfc405de0(0xe69cb188, 0x20000000, 0x0, 0xfc419160, 0x1f80, 0xfe77e118), at 0xfc405de0 
  [32] 0xfc4058c0(0x2fc00, 0x29dbc, 0x0, 0xfc418c70, 0xe68c7630, 0xfe77e1b0), at 0xfc4058c0 
  [33] 0xfc40021c(0xfe77e2b8, 0xfe77e4e0, 0xa, 0xb850d860, 0xfc40c340, 0xfe77e454), at 0xfc40021c 
  [34] JavaCalls::call_helper(0x1, 0xb850d860, 0xfe77e44c, 0x2fc00, 0x30494, 0xfe77e298), at 0xfe8e1460 
  [35] JVM_DoPrivileged(0xfe77e470, 0x30498, 0x30494, 0xfe77e4f8, 0x2fc00, 0xfef98000), at 0xfe946d74 
  [36] Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedAction_2(0x2fce8, 0xfe77e8c0, 0xfe77e9
3c, 0x0, 0x29c00, 0x20100), at 0xfe69ab0c 
  [37] 0xfc40eba8(0x1259, 0xfe77e93c, 0xfe77e8c0, 0xffffff80, 0x1f80, 0x0), at 0xfc40eba8 
  [38] 0xfc40eb54(0xe68c7630, 0xb8, 0x0, 0x4, 0x1f80, 0xfe77e8d8), at 0xfc40eb54 
  [39] 0xfc4058c0(0xe68c69a0, 0x20000000, 0x0, 0xfc418ea0, 0x1f80, 0xfe77e960), at 0xfc4058c0 
  [40] 0xfc4058c0(0xe68c69a0, 0x20000000, 0x0, 0xfc418ea0, 0x1f80, 0xfe77e9f8), at 0xfc4058c0 
  [41] 0xfc4058c0(0xe68c6800, 0x20000000, 0x0, 0xfc418c20, 0x1f80, 0xfe77ea80), at 0xfc4058c0 
  [42] 0xfc4058c0(0xe68c6800, 0x20000000, 0x0, 0xfc418c68, 0x1f80, 0xfe77eb10), at 0xfc4058c0 
  [43] 0xfc4058c0(0x2fc00, 0x20000000, 0x0, 0xfc418c20, 0x1f80, 0xfe77ebb0), at 0xfc4058c0 
  [44] 0xfc4058c0(0x2fc00, 0x20000000, 0x0, 0xfc419000, 0x1f80, 0xfe77ec38), at 0xfc4058c0 
  [45] 0xfc4058c0(0x2fc00, 0x20000000, 0x0, 0xfc419000, 0x1f80, 0xfe77ecc8), at 0xfc4058c0 
  [46] 0xfc4058c0(0x2fc00, 0x20000000, 0x0, 0xfc419050, 0x1f80, 0xfe77ed70), at 0xfc4058c0 
  [47] 0xfc4058c0(0xe7d05878, 0x20000000, 0x0, 0xfc4112b0, 0x1f80, 0xfe77ee30), at 0xfc4058c0 
  [48] 0xfc405a30(0xe7d07560, 0xb7e7bba8, 0x0, 0xfc418c70, 0x1f80, 0xfe77eec0), at 0xfc405a30 
  [49] 0xfc405f50(0xe7d057d0, 0x20000000, 0x0, 0xfc419160, 0x1f80, 0xfe77ef48), at 0xfc405f50 
  [50] 0xfc405a30(0xe6875038, 0x20000000, 0x0, 0xfc418c20, 0x1f80, 0xfe77f038), at 0xfc405a30 
  [51] 0xfc405a30(0xe6875038, 0x20000000, 0x0, 0xfc418ee8, 0x1f80, 0xfe77f0d8), at 0xfc405a30 
  [52] 0xfc405a30(0x2fc00, 0x29dbc, 0x0, 0xfc418ee8, 0x0, 0xfe77f260), at 0xfc405a30 
  [53] 0xfc40021c(0xfe77f368, 0xfe77f570, 0xa, 0xb7e653e8, 0xfc40c340, 0xfe77f59c), at 0xfc40021c 
  [54] JavaCalls::call_helper(0x1, 0xb7e653e8, 0xfe77f594, 0x2fc00, 0x0, 0xfe77f348), at 0xfe8e1460 
  [55] Reflection::invoke(0x1, 0x4, 0xfef98000, 0x3045c, 0x2de20, 0x30070), at 0xfedcc6f0 
  [56] Reflection::invoke_method(0x30488, 0xfe77f704, 0xfe77f77c, 0x1, 0x30484, 0x30490), at 0xfe9b6050 
  [57] JVM_InvokeMethod(0x2fce8, 0x0, 0x0, 0xfe77f954, 0x2fc00, 0xfefb8100), at 0xfe9b4778 
  [58] Java_sun_reflect_NativeMethodAccessorImpl_invoke0(0x2fce8, 0xfe77f8d0, 0xfe77f95c, 0x0, 0xfe77f954, 0xfefc1dc0), 
at 0xfe6a0c4c 
  [59] 0xfc40eba8(0x0, 0xfe77f95c, 0xfe77f8d0, 0xffffff80, 0x2fc00, 0x8), at 0xfc40eba8 
  [60] 0xfc40eb54(0x2fc00, 0x20000000, 0x0, 0xc, 0x1f80, 0xfe77f8e8), at 0xfc40eb54 
  [61] 0xfc4058c0(0xe6861c58, 0x20000000, 0x0, 0xfc419000, 0x1f80, 0xfe77f980), at 0xfc4058c0 
  [62] 0xfc4058c0(0xe6861c70, 0xb7c45c40, 0x0, 0xfc418c20, 0x1f80, 0xfe77fa00), at 0xfc4058c0 
  [63] 0xfc405de0(0xe68615a8, 0x20000000, 0x0, 0xfc419160, 0x1f80, 0xfe77faa0), at 0xfc405de0 
  [64] 0xfc4058c0(0xe6855740, 0x20000000, 0x0, 0xfc418c20, 0x1f80, 0xfe77fb48), at 0xfc4058c0 
  [65] 0xfc405a30(0x2fc00, 0x20000000, 0x0, 0xfc418ea0, 0x1f80, 0xfe77fc00), at 0xfc405a30 
  [66] 0xfc405a30(0xfe77ffa0, 0x29dbc, 0x0, 0xfc419000, 0x0, 0xfe77fc78), at 0xfc405a30 
  [67] 0xfc40021c(0xfe77fd80, 0xfe77ff08, 0xa, 0xb7e49580, 0xfc40c340, 0xfe77fe60), at 0xfc40021c 
  [68] JavaCalls::call_helper(0x1, 0xb7e49580, 0xfe77fe58, 0x2fc00, 0x0, 0xfe77fd60), at 0xfe8e1460 
  [69] jni_CallStaticVoidMethod(0x2fce8, 0x30474, 0x30070, 0x2fc00, 0x30068, 0x2de20), at 0xfe99e4ec 
  [70] JavaMain(0x30aac, 0x2b5e4, 0x2ac30, 0x2fce8, 0x3, 0xfefbbdd8), at 0x13a4c
                                     
2006-09-27
EVALUATION

Neglected to mention that there are core files etc available (oft times gzipped by
the cores daemon ;( ) at:
  /net/cores.central/cores/dir30/10907101/
     0907/int is the original 5u8 -server -Xint issue
     0921/jdk16_server
     0921/jdk16_client are the 1.6.0-rc-b98 cores.

Any insight would be appreciated.
                                     
2006-09-28
EVALUATION

On 
SunOS s4us-pp650a-gmp02 5.10 Generic_118833-17 sun4us sparc FJSV,GPUSC-M
isainfo -v 
64-bit sparcv9 applications
        vis2 vis 
32-bit sparc applications
        vis2 vis v8plus div32 mul32 
(Attached showrev -p output as OKPrimePower-info )
the failure does not occurr (in any version ):

s4us-pp650a-gmp02: 223 % ./jdk1.6.0/bin/java -Xint -classpath dacapo-beta050224.jar Harness -s small chart
===== DaCapo chart Starting =====
Done plotting: scratch/compress-tgt-ptr-prf-time.pdf
Done plotting: scratch/compress-src-ptr-prf-time.pdf
Done plotting: scratch/compress-dst-ptr-prf-time.pdf
Done plotting: scratch/compress-tgt-mut-prf-time.pdf
Done plotting: scratch/compress-src-mut-prf-time.pdf
Done plotting: scratch/compress-dst-mut-prf-time.pdf
Done plotting: scratch/compress-heap-comp-b.pdf
Done plotting: scratch/compress-heap-comp-a.pdf
Done plotting: scratch/compress-tgt-ptr-inf-time.pdf
Done plotting: scratch/compress-src-ptr-inf-time.pdf
Done plotting: scratch/compress-dst-ptr-inf-time.pdf
Done plotting: scratch/compress-tgt-mut-inf-time.pdf
Done plotting: scratch/compress-src-mut-inf-time.pdf
Done plotting: scratch/compress-dst-mut-inf-time.pdf
===== DaCapo chart Finished in 195269 msec =====
s4us-pp650a-gmp02: 224 % ./jdk1.6.0/bin/java -Xint -version
java version "1.6.0"
Java(TM) SE Runtime Environment (build 1.6.0-b105)
Java HotSpot(TM) Server VM (build 1.6.0-b105, interpreted mode)

Need more info about the environment.
                                     
2006-12-18
EVALUATION

After access to the Fujitsu platform, 
Thanks to Tom Rodriguez for analysis:
Well that crash looks like bad code in the pkcs11 wrapper.  Check out /java/re/jdk/1.7.0/promoted/all/b07/ws/j2se/src/solaris/native/sun/security/pkcs11/wrapper/p11_md.c.  Around line 130 is this:

    /*
     * Get function pointer to C_GetFunctionList
     */
    dlerror(); /* clear any old error message not fetched */
    // with the old JAR file jGetFunctionList is null, temporarily check for that
    if (jGetFunctionList != NULL) {
        getFunctionListStr = (*env)->GetStringUTFChars(env, jGetFunctionList, 0);
        C_GetFunctionList = (CK_C_GetFunctionList) dlsym(hModule, getFunctionListStr);
        (*env)->ReleaseStringUTFChars(env, jGetFunctionList, getFunctionListStr);
    }
    if ((C_GetFunctionList == NULL) || ((systemErrorMessage = dlerror()) != NULL)){
        throwIOException(env, systemErrorMessage);
        return;
    }

If dlsym returns null then we'll call throwIOException with systemErrorMessage, which hasn't been initialized.  It seems like there are a lot of dubious paths through this code because there are so many uninitialized variables.  So it looks like the PKCS11 library exists but doesn't have the entry point that this code needs so we die while trying to throw an exception for it.

So we need to initialize systemErrorMessage or split the path.
                                     
2007-02-28
SUGGESTED FIX

*** src/solaris/native/sun/security/pkcs11/wrapper/p11_md.c     Thu Jun 23 11:57:50 2005
--- p11_md.c    Fri Mar  2 07:08:24 2007
***************
*** 122,128 ****
       */
      dlerror(); /* clear any old error message not fetched */
      C_GetFunctionList = (CK_C_GetFunctionList) dlsym(hModule, "C_GetFunctionList");
!     if ((C_GetFunctionList == NULL) || ((systemErrorMessage = dlerror()) != NULL)){
        throwIOException(env, systemErrorMessage);
        /* Free the buffer. */
-       free(systemErrorMessage);
--- 122,131 ----
       */
      dlerror(); /* clear any old error message not fetched */
      C_GetFunctionList = (CK_C_GetFunctionList) dlsym(hModule, "C_GetFunctionList");
!     if ( C_GetFunctionList == NULL ){
!       throwIOException(env, "ERROR: C_GetFunctionList == NULL");
!       return;
!     } else if ( (systemErrorMessage = dlerror()) != NULL ){
        throwIOException(env, systemErrorMessage);
        /* Free the buffer. */
                                     
2007-03-02



Hardware and Software, Engineered to Work Together