JDK-4288819 : Segmentation fault occurs in TicTacToe's applet save on Solaris
  • Type: Bug
  • Component: client-libs
  • Sub-Component: 2d
  • Affected Version: 1.3.0
  • Priority: P2
  • Status: Closed
  • Resolution: Duplicate
  • OS: solaris_7
  • CPU: sparc
  • Submitted: 1999-11-08
  • Updated: 1999-12-10
  • Resolved: 1999-12-10
Related Reports
Duplicate :  
JDK-4297157 - VM Crash with Remote Menus
Relates :  
JDK-4294621 - Kestrel,RC1 build P, Animator demo crashes at startup
Relates :  
JDK-4288811 - in appletSave: java.io.NotSerializableException occurs on win32 and solaris
Relates :  
JDK-4291487 - TicTacToe demo crashes VM and java console on Solaris only
Description
Kestrel fcs_N on Solaris

TicTacToe demo applets causes in appletSave: NotSerializableException or 
HotSpot Virtual Machine Errors or Segmentation fault in applet saving.


***The detail of NotSerializableException is;

java.io.NotSerializableException:sun.awt.motif.X11Image


***HotSpot Virtual Machine Errors are below;

# HotSpot Virtual Machine Error, Unexpected Signal 11
#
# Error ID: 4F533F534F4C415249530E435050079A 01
#

#
#  Unexpected Signal 10
#
# Error ID: 4F533F534F4C415249530E435050079A 01
#


To reproduce, 
Please run a TicTacToe demo applet in the directory of demo/applets/TicTacToe
 of jdk1.3 on Solaris.

If you save the applet at once after starting demo without mouse clicking,
"java.io.NotSerializableException:sun.awt.motif.X11Image" occurs.

If you do mouse clicking some times and then save the applet,
HotSpot Virtual Machine Error or Sgmentaion faults occurs.

shuna.wu@eng 1999-12-03
Please see 4265922 too. Bug 4265922 happened in every applet demo, but bug 4288819 happens just at This TicTacToe applet demo. Otherwise, there exists
duplication.
Comments
EVALUATION AppletViewer is attempting to save the demo by serializing all of the classes in use. If a class is not serializable, then a NotSerializableException will be thrown. This exception does not represent a problem with AppletViewer. It is a problem with either a class that is in the demo code itself or a class in the JDK. It appears that sun.awt.X11Image is not serializable by design (see 4025021). I don't know why the VM problems are occuring, but I'm going to guess that somebody is making an illegal memory access? iris.garcia@eng 1999-11-08 java.awt.Image is not serializable. Don't know why there is a hotspot error but it shouldn't be related to Image not being serializable. jeannette.hung@Eng 1999-11-11 john.coomes@eng 1999-12-01 I can only reproduce the SEGV on solaris (sparc) when using a remote display; have not been able to reproduce it using a local display. Also, it is not necessary to save the applet to reproduce the SEGV, can just - click once in a square - post the applet menu (but do not select anything from the menu) - unpost the menu by clicking elsewhere on the menu bar - click again in a different square - post the menu again The stack trace seen at the point of failure indicates this is an awt problem. Same stack trace is seen using JDK1.3 build P with both classic vm and hotspot. Stack trace below is from classic vm, green threads. I have seen the process hang while dumping core in native thread vm's. This is because one thread already holds _malloc_lock and the thread that gets the SEGV tries to malloc() space to print a message. =>[1] _kill(0x0, 0x6, 0xef622eb4, 0x0, 0xffffffff, 0xef7703f0), at 0xef60800c [2] abort(0xef622eb4, 0xef40c584, 0xeaff00ec, 0x7efefeff, 0x81010100, 0xff00), at 0xef5ba4e0 [3] Abort(0x68, 0xef40c584, 0xeaff0104, 0xeaff0250, 0xef629498, 0x0), at 0xef378660 [4] panic(0xef78687c, 0xef7990f4, 0xf7, 0xef62a76c, 0x0, 0xef622eb4), at 0xef3f0e78 [5] _mutex_lock(0xef625358, 0xef40d178, 0xeaff031c, 0x0, 0x0, 0x0), at 0xef78325c [6] _dgettext(0xef6119ec, 0xef60ecb8, 0xb, 0xef4245c4, 0xef60ecb8, 0x0), at 0xef59b9b8 [7] panicHandler(0xb, 0xeaff07f8, 0xeaff0540, 0x0, 0x0, 0x0), at 0xef402ff8 [8] userSignalHandler(0xb, 0xeaff07f8, 0xeaff0540, 0xef402e48, 0xef622eb4, 0xef606650), at 0xef783610 [9] intrDispatch(0xb, 0xeaff07f8, 0xeaff0540, 0x0, 0x0, 0x0), at 0xef7835a0 [10] intrDispatchMD(0xb, 0xeaff07f8, 0xeaff0540, 0x0, 0x0, 0x0), at 0xef77044c [11] sigacthandler(0xb, 0xeaff07f8, 0xeaff0540, 0xef622eb4, 0xef629498, 0x0), at 0xef5b88ec ---- called from signal handler with signal 11 (SIGSEGV) ------ [12] _smalloc(0x18, 0xef629408, 0x8, 0x0, 0x0, 0xef622eb4), at 0xef5c5998 [13] realloc(0x3be6f0, 0x18, 0xef622eb4, 0x11, 0x3be6e8, 0x3be6f0), at 0xef5c5e38 [14] XtRealloc(0x3be6f0, 0x14, 0xeac7016c, 0x80000000, 0xef6fc4dc, 0xeac5f1b1), at 0xeac1e38c [15] _XtAddCallback(0x2a1dc4, 0xeac2df5c, 0x0, 0xeac7016c, 0x2, 0x1), at 0xeac1e714 [16] XtAddCallback(0x2a1db0, 0xeac5f1b1, 0xeac2df5c, 0x0, 0xeac7016c, 0x23cec0), at 0xeac1e878 [17] XtAddGrab(0x2a1db0, 0x0, 0x0, 0xeac7016c, 0x2482bc, 0x23cec0), at 0xeac2e0c0 [18] AddGrab(0x24bf60, 0x3, 0x0, 0x0, 0x0, 0x2a1db0), at 0xea9c9f40 [19] _XmPopupI(0x2a1db0, 0x1, 0xeaaf8434, 0x0, 0x1, 0x0), at 0xeaa5adc0 [20] PostMenuShell(0x2a1db0, 0x1, 0x0, 0x1, 0x132, 0x0), at 0xeaa5af64 [21] ChangeManaged(0x2a1db0, 0x2a8320, 0xcf08dddf, 0x38cc30, 0x2a5598, 0x2a7550), at 0xea9dc544 [22] ManageChildren(0xeaff0fd4, 0x1, 0x2a1db0, 0xeac73e28, 0xeac72cf8, 0xeac7016c), at 0xeac38a04 [23] XtManageChildren(0xeaff0fd4, 0x1, 0xeac7016c, 0xffffff9c, 0x2a1db0, 0x23cec0), at 0xeac38c4c [24] XtManageChild(0x2a5598, 0x700002a, 0x0, 0x2a5598, 0xeaff1388, 0xeaa20bc0), at 0xeac38d34 [25] Popup(0x2a8320, 0xeab073b0, 0xeab073ac, 0xeaaf8434, 0x0, 0x2a5598), at 0xeaa2d978 [26] MenuBarSelect(0x2a8320, 0xeab00eec, 0x0, 0xeac7627c, 0xeaaf8434, 0xcf08dddf), at 0xeaa2cb10 [27] HandleActions(0x0, 0x2a8320, 0x2a7448, 0xeac7627c, 0x2b00dc, 0xeac76274), at 0xeac56874 [28] HandleSimpleState(0x10, 0x2a1a88, 0x1, 0x16, 0xeac76274, 0x1), at 0xeac56fb0 [29] _XtTranslateEvent(0x2a8320, 0x0, 0xeac7016c, 0x2a8350, 0x0, 0x4), at 0xeac576a8 [30] XtDispatchEventToWidget(0x1, 0xeaff1388, 0xeac7016c, 0x0, 0x0, 0x4), at 0xeac2cf58 [31] _XtDefaultDispatcher(0xeaff1388, 0x4, 0x0, 0x2482bc, 0x0, 0x2ab1f8), at 0xeac2db94 [32] XtDispatchEvent(0xeaff1388, 0x0, 0xeac2d7f4, 0xeac7016c, 0x0, 0x1), at 0xeac2de3c [33] processOneEvent(0x1, 0xa, 0xb, 0xeaf65838, 0x2d3, 0x1), at 0xead5ee44 [34] awt_MToolkit_loop(0x1, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xead5e634 [35] Java_sun_awt_motif_MToolkit_run(0x25cce8, 0xeaff15a4, 0x1, 0x240908, 0xef373518, 0x10), at 0xead61424 [36] invoke_V_V(0xebcb46c0, 0x240908, 0x1, 0x25cce8, 0xebe97ffc, 0xebccb334), at 0xef371090 [37] invokeLazyNativeMethod(0xebcb46c0, 0x240908, 0x1, 0x25cce8, 0x400, 0x28295600), at 0xef359824 [38] ExecuteJava_C(0xeaff1d78, 0x25cce8, 0x2616ec, 0x26170c, 0x2616f4, 0x4562b), at 0xef389eac [39] do_execute_java_method_vararg(0x25cce8, 0xebcb4000, 0xef422114, 0xef422118, 0x0, 0x0), at 0xef375114 [40] execute_java_dynamic_method(0x0, 0xebcb4000, 0xef422114, 0xef422118, 0xffffffff, 0x190780), at 0xef373ffc [41] ThreadRT0(0xebcb4000, 0xd47f1480, 0x0, 0x0, 0xef622eb4, 0xef606650), at 0xef3c732c [42] saveStackBase(0xef3c7290, 0x1, 0xeaff1ef0, 0xef7805ec, 0x0, 0x0), at 0xef3ee36c [43] start_func(0xef3ee2b0, 0xefffc738, 0x0, 0x0, 0x0, 0x0), at 0xef780658 ========================================================================= Recategorizing to classes_2D. The evaluation by the responsible engineer is below: I suggest to recategorize this bug to java2d. Looks like this bug is caused by same problem as 4297157. We are dereferencing dangling pointer pScreen->region in java2d code after memory is freed. If pScreen->region = NULL added after freeing region, the crash is gone. Setting pScreen->region to NULL is not a proper fix, since with it TicTacToe behaves erratically and doesn't draw images properly on 8 bit display. On other displays everything seems to be OK. Thanks, Sergey. eric.hawkes@eng 1999-12-10
10-12-1999