JDK-6984901 : ClassLoader.getResource and loadClass deadlock when signed jar is verified
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 6u20,7
  • Priority: P2
  • Status: Closed
  • Resolution: Cannot Reproduce
  • OS: generic,windows_vista
  • CPU: generic,x86
  • Submitted: 2010-09-15
  • Updated: 2012-02-02
  • Resolved: 2011-04-06
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7
7Resolved
Related Reports
Relates :  
Relates :  
Relates :  
Description
FULL PRODUCT VERSION :
java version "1.6.0_20"
Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
Java HotSpot(TM) Client VM (build 16.3-b01, mixed mode, sharing)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.0.6002]

EXTRA RELEVANT SYSTEM CONFIGURATION :
ActivClient CAC x64 6.2.0.50

-- LIBRARY VERSION --

CSP Library:
Name:  accsp.dll
Version: 5-1-0-20

P11 Library:
Name:  acpkcs211.dll
Version: 5-1-0-22

BSI Library:
Name:  acbsi21.dll
Version: 5-1-0-11

PIV Library:
Name:  acpivapi.dll
Version: 4-4-0-7


A DESCRIPTION OF THE PROBLEM :
An unsandboxed multithreaded swing client will deadlock on startup.  At the point when the app deadlocks, the EDT is trying to execute "new Foo()", which results in ClassLoader.loadClass while the main thread is trying to locate a resource file on the local disk using Class.getResource.  If the main thread triggers a jar verify of a signed jar (bsi21classes.jar) while the EDT is trying to load a class, the deadlock occurs.  If all jars in the classpath are unsigned, like in the previous version of ActivClient, the deadlock does not occur.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Use a classpath order = %programfiles%\ActivIdentity\ActivClient\bsi21classes.jar;%programfiles%\ActivIdentity\ActivClient\bsi21interf.jar;%programfiles%\ActivIdentity\ActivClient\acjsys.jar;app\unindexed unsigned.jars*;app\a folder with resources

2. Create a unsigned unindex jar to load classes from.
3. Create a folder with a file resource.
4. Make one thread call loadClass while the another thread triggers a signed jar verify.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
No deadlock.
ACTUAL -
Output is attached seperatly

REPRODUCIBILITY :
This bug can be reproduced often.

CUSTOMER SUBMITTED WORKAROUND :
1. Don't call Class.getResource until most of the classes have been loaded.
2. Synch on the classloader prior to calling getResource.

Comments
EVALUATION Nicolay confirmed that he also can't reproduce the deadlock against the latest jdk build. I sent an email to the original submitter for a test case as the deadlock/stack trace looks somewhat different than what Nicolay provided. However, given the codefreeze deadline for jdk7 is almost here and that the current testcase provided by Nicolay can't reproduce the bug, I am going to close this as "Not Reproducible" for jdk7. If the original submitter can provide a testcase, we'll file a separate bug to address it.
06-04-2011

EVALUATION I have to make minor modifications to the provided scripts (sfbay went away, and override the DISPLAY setting), i.e. reproduce_bug.sh and rerun1.sh. I ran the scripts w/ "-x" for a few days and I can't reproduce the deadlock yet. The scripts error out w/ "Bug has been reproduced" message but the actual cause all varies, sometimes it's too many open files, sometimes it's some harness class can't be found, sometime, it core dump w/ SEGV. Can the submitter double check to see if the deadlock is indeed reproducible on your end? I am mark this bug "incomplete" for the time being.
21-03-2011

EVALUATION I can't download the attached rerun1.sh.zip - got "Attachment missing" message. Can the submitter double check? Move this to "Incomplete" state before this info is provided.
12-11-2010