Bug ID: JDK-8048265 AWT crashes inside CCombinedSegTable::In called from Java_sun_awt_windows_WDefaultFontCharset

JDK-8048265 : AWT crashes inside CCombinedSegTable::In called from Java_sun_awt_windows_WDefaultFontCharset_canConvert

Type: Bug
Component: client-libs
Sub-Component: java.awt
Affected Version: 8u20,9

Priority: P2
Status: Resolved
Resolution: Fixed
OS: windows
CPU: generic

Submitted: 2014-06-26
Updated: 2015-01-21
Resolved: 2014-07-01

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 8	JDK 9
8u20Fixed	9 b24Fixed

Description

AWT crashes inside CCombinedSegTable::In called from Java_sun_awt_windows_WDefaultFontCharset_canConvert:

#
# A fatal error has been detected by the Java Runtime Environment:
#
#  EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x0000000072005c9c, pid=12464, tid=9932
#
# JRE version: Java(TM) SE Runtime Environment (8.0_20-b16) (build 1.8.0_20-ea-b16)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (25.20-b16 mixed mode windows-amd64 compressed oops)
# Problematic frame:
# C  [awt.dll+0xa5c9c]  CCombinedSegTable::In+0x14
#
# Failed to write core dump. Minidumps are not enabled by default on client versions of Windows
#
# If you would like to submit a bug report, please visit:
#   http://bugreport.sun.com/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#
....
Stack: [0x0000000046b60000,0x0000000046c60000],  sp=0x0000000046c5db10,  free space=1014k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C  [awt.dll+0xa5c9c]  CCombinedSegTable::In+0x14
C  [awt.dll+0xa66bb]  Java_sun_awt_windows_WDefaultFontCharset_canConvert+0xcf
C  0x00000000029940bf

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j  sun.awt.windows.WDefaultFontCharset.canConvert(C)Z+0
j  sun.awt.windows.WDefaultFontCharset.access$100(Lsun/awt/windows/WDefaultFontCharset;C)Z+2
j  sun.awt.windows.WDefaultFontCharset$Encoder.canEncode(C)Z+5
j  sun.awt.PlatformFont.<init>(Ljava/lang/String;I)V+160
j  sun.awt.windows.WFontPeer.<init>(Ljava/lang/String;I)V+3
j  sun.awt.windows.WToolkit.getFontPeer(Ljava/lang/String;I)Ljava/awt/peer/FontPeer;+59
j  java.awt.Font.getPeer_NoClientCode()Ljava/awt/peer/FontPeer;+21
j  java.awt.Font.getPeer()Ljava/awt/peer/FontPeer;+1
v  ~StubRoutines::call_stub
j  sun.awt.windows.WComponentPeer._setFont(Ljava/awt/Font;)V+0
j  sun.awt.windows.WComponentPeer.setFont(Ljava/awt/Font;)V+7
j  sun.awt.windows.WWindowPeer.initialize()V+44
j  sun.awt.windows.WFramePeer.initialize()V+1
j  sun.awt.windows.WComponentPeer.<init>(Ljava/awt/Component;)V+83
j  sun.awt.windows.WCanvasPeer.<init>(Ljava/awt/Component;)V+2
j  sun.awt.windows.WPanelPeer.<init>(Ljava/awt/Component;)V+2
j  sun.awt.windows.WWindowPeer.<init>(Ljava/awt/Window;)V+2
j  sun.awt.windows.WFramePeer.<init>(Ljava/awt/Frame;)V+2
j  sun.awt.windows.WToolkit.createFrame(Ljava/awt/Frame;)Ljava/awt/peer/FramePeer;+5
j  java.awt.Frame.addNotify()V+20
j  java.awt.Window.show()V+8
j  java.awt.Component.show(Z)V+5
j  java.awt.Component.setVisible(Z)V+2
j  java.awt.Window.setVisible(Z)V+2
j  javasoft.sqe.tests.api.java.awt.Component.isValidTests.Component2008()Ljavasoft/sqe/harness/Status;+27
v  ~StubRoutines::call_stub
j  sun.reflect.NativeMethodAccessorImpl.invoke0(Ljava/lang/reflect/Method;Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;+0
j  sun.reflect.NativeMethodAccessorImpl.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;+100
j  sun.reflect.DelegatingMethodAccessorImpl.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;+6
j  java.lang.reflect.Method.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;+56
j  javasoft.sqe.jck.lib.MultiTest.run([Ljava/lang/String;Ljava/io/PrintStream;Ljava/io/PrintStream;)Ljavasoft/sqe/harness/Status;+147
j  sun.reflect.GeneratedMethodAccessor2.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;+56
j  sun.reflect.DelegatingMethodAccessorImpl.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;+6
j  java.lang.reflect.Method.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;+56
j  nsk.stress.share.StressTest$TestThread.runTest(I)V+250
j  nsk.stress.share.StressTest$TestThread.run()V+27
v  ~StubRoutines::call_stub

Issue could be reproduced with VM stress test that execute many different JCK tests concurrently. See comments for more details.

Issue could be reproduced starting from 8u20-b11.

I was able to reproduce issue w/ latest 8u20 and 9 builds.
I was not able to reproduce it w/ 8 FCS, so apparently it is a regression.

hs-err and compressed minidump attached to CR.

Comments

this particular fix is a roll-back to avoid the crash
02-07-2014
SQE is ok to take the fix in 8u20.
02-07-2014
I think we really need to understand the root cause. If some class started crashing VM when it became final this can happen with other classes.
01-07-2014
8u20-critical-request justification: Issue impact: crash introduced in 8u20 on windows. Fix risk: Part of the fix which caused a crash was reverted back. Webrev: http://cr.openjdk.java.net/~serb/8048265/webrev.00 Review: http://mail.openjdk.java.net/pipermail/awt-dev/2014-July/008122.html Suggested testing: https://bugs.openjdk.java.net/browse/JDK-8048265?focusedCommentId=13513774&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13513774
01-07-2014
The root problem is unclear, why it is unstable and reproduced on some powerful systems only in non-debug mode. But it was triggered by the change in JDK-8032435, when WingDings.java was changed to non-public class. Suggested fix for this crash is: src/windows/classes/sun/awt/windows/WingDings.java -final class WingDings extends Charset { +public final class WingDings extends Charset {
30-06-2014
According to comments for Java_sun_awt_windows_WDefaultFontCharset_canConvert it should not work :) http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/file/e6ed015afbbf/src/windows/native/sun/windows/awt_Font.cpp#l1849 /* * !!!!!!!!!!!!!!!!!!!! this does not work. I am not sure why, but * when active, this will reliably crash HJ, with no hope of debugging * for java. It doesn't seem to crash the _g version. * !!!!!!!!!!!!!!!!!!!!!!!!!!!! * * I suspect may be running out of C stack: see alloca in * JNI_GET_STRING, the alloca in it. * * (the method is prefixed with XXX so that the linker won't find it) / JNIEXPORT jboolean JNICALL Java_sun_awt_windows_WDefaultFontCharset_canConvert(JNIEnv env, jobject self, jchar ch)
26-06-2014
Possibly related to JDK-8035623 or JDK-8032435
26-06-2014
Please provide the link to the vm ws w/o aurora. Or the link to the agadmin.sh
26-06-2014
is it critical or deferral? what is an impact?
26-06-2014
Test crashes w/ 8u20-b20 too.
26-06-2014
please try 8u20 b20 promo build
26-06-2014
please evaluate asap
26-06-2014