JDK-6236342 : byte array passed into JNI not an array oop
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 1.4.2_05
  • Priority: P2
  • Status: Closed
  • Resolution: Duplicate
  • OS: solaris_8
  • CPU: generic
  • Submitted: 2005-03-04
  • Updated: 2010-04-03
  • Resolved: 2005-05-17
Related Reports
Duplicate :  
JDK-5071820 - server VM crashes with -Xcomp in 1.4.2_05
Description
1.4.2_05 fcs crashed with follwoing stack trace:
  [1] _lwp_kill(0x0, 0x73, 0x0, 0xff33c004, 0xff386000, 0xff340430), at 0xff31ef78 
  [2] raise(0x6, 0x0, 0x0, 0xffffffff, 0xff3403bc, 0x0), at 0xff2cba1c 
  [3] abort(0xff33c004, 0xb797ddb0, 0x0, 0x4, 0x0, 0xb797ddd1), at 0xff2b593c 
  [4] os::abort(0x1, 0xff1555aa, 0xb797de60, 0xff182000, 0xff1c9944, 0x3ee894), at 0xff099d98 
  [5] os::handle_unexpected_exception(0x21c31a8, 0xb, 0xfedbd52c, 0xb797ebc8, 0xfedd7398, 0x0), at 0xff0980ac 
  [6] JVM_handle_solaris_signal(0xfedbd52c, 0xb797ebc8, 0xb797e910, 0x3400, 0x3608, 0x0), at 0xfedd7c6c 
  [7] __sighndlr(0xb, 0xb797ebc8, 0xb797e910, 0xfedd731c, 0x0, 0x0), at 0xff374cc8 
  [8] call_user_handler(0xbe2f4e00, 0x73, 0xff3878e0, 0xb797e910, 0xb797ebc8, 0xb), at 0xff36fb00 
  [9] sigacthandler(0xbe2f4e00, 0xb797ebc8, 0xb797e910, 0xff386000, 0xb797ebc8, 0xb), at 0xff36fccc 
  ---- called from signal handler with signal 11 (SIGSEGV) ------
  [10] jni_SetByteArrayRegion(0x21c323c, 0xb797f570, 0x0, 0x25, 0xb797ed10, 0x0), at 0xfedbd52c 
  [11] Java_java_net_SocketInputStream_socketRead0(0x21c323c, 0xb797f578, 0xb797f574, 0xb797f570, 0x0, 0x100), at 0xfa3aad4c 
  [12] 0xfab9a35c(0xcaa41200, 0xcaa411f0, 0xc9e5bb08, 0x0, 0x100, 0x2710), at 0xfab9a35b 
  [13] 0xfafdfd1c(0xffffffff, 0xcaa821b8, 0xdcd2eac8, 0x100, 0xcaa5b6e8, 0xdcd2ead8), at 0xfafdfd1b 
  [14] 0xfa44a68c(0xcaa41200, 0xb6, 0xb797f6f0, 0xfa415ea0, 0x8, 0x0), at 0xfa44a68b 
  [15] 0xfa405774(0xb797f6f4, 0xcaa410ec, 0x0, 0xfa415e98, 0x10, 0xb797f628), at 0xfa405773 
  [16] 0xfa44433c(0xcaa41200, 0xc9e5bb08, 0x0, 0xcaa5ba80, 0x8, 0xb797f6b0), at 0xfa44433b 
=>[17] 0xfaedc514(0xf2062a20, 0x0, 0xc9e5bb08, 0x1, 0xc9e620e8, 0x1), at 0xfaedc513 
  [18] 0xfb1709ac(0xdcd2eaf8, 0xd21179e0, 0xd21179f8, 0xfa4160d0, 0xf20659e0, 0x0), at 0xfb1709ab 
  [19] 0xfa498e48(0xc9e5a528, 0xb7, 0x0, 0xfa4152a0, 0xf2ce64f0, 0xf2ce64f0), at 0xfa498e47 
  [20] 0xfa405804(0xb797f92c, 0xb7, 0x0, 0xfa415e50, 0xc, 0xb797f828), at 0xfa405803 
  [21] 0xfa405750(0xb797f9d4, 0xb7, 0x0, 0xfa4160d0, 0x8, 0xb797f8c8), at 0xfa40574f 
  [22] 0xfa405750(0xb797fa6c, 0xb6, 0x0, 0xfa4160d0, 0x4, 0xb797f970), at 0xfa40574f 
  [23] 0xfa405750(0xb797fb14, 0xf2caf778, 0x0, 0xfa415e50, 0x4, 0xb797fa00), at 0xfa40574f 
  [24] 0xfa405a8c(0xb797fb9c, 0x0, 0x0, 0xfa416250, 0x8, 0xb797faa0), at 0xfa405a8b 
  [25] 0xfa40010c(0xb797fc28, 0xb797fe90, 0xa, 0xf3c70508, 0x4, 0xb797fb40), at 0xfa40010b 
  [26] JavaCalls::call_helper(0xb797fe88, 0xb797fcf0, 0xb797fda8, 0x21c31a8, 0x21c31a8, 0xb797fd00), at 0xfed5bcf8 
  [27] JavaCalls::call_virtual(0xff182000, 0x1746bf8, 0xb797fd9c, 0xb797fd98, 0xb797fda8, 0x21c31a8), at 0xfee4a3e4 
  [28] JavaCalls::call_virtual(0xb797fe88, 0xb797fe84, 0xb797fe7c, 0xb797fe74, 0xb797fe6c, 0x21c31a8), at 0xfee5d5a8 
  [29] thread_entry(0x21c31a8, 0x21c31a8, 0x88fb78, 0x1746bf8, 0x31a08c, 0xfee67ed8), at 0xfee6e8f8 
  [30] JavaThread::run(0x21c31a8, 0x73, 0x40, 0x0, 0x40, 0x0), at 0xfee67f00 
  [31] _start(0x21c31a8, 0xbe2f4e00, 0x0, 0x0, 0x0, 0x0), at 0xfee643e0 

Failure happened when in JNI code use the byte array oop passed from java method while the oop was not marked correctly:
(dbx) x 0xcaa410e0/16
0xcaa410e0:      0xcaa411f0 0x0000006c 0x00000100 0xfffe1fff
0xcaa410f0:      0xfe23fffe 0x27fffe24 0xfffa1801 0xfff00000
0xcaa41100:      0x00000000 0x00000000 0x00000000 0x00000000
0xcaa41110:      0x00000000 0x00000000 0x00000000 0x00000000

The byte array with size of 256 (0x100)

###@###.### 2005-03-04 18:23:10 GMT
Comments
EVALUATION It appears that TelnetSessionDefImpl.waitfor() has a particular structure that hints that this is a duplicate of 5071820. The object b is allocated near the begining of a loop. It is used only inside the loop, and the variable is never redefined. Those are the key ingredients to the recipe for failure in 5071820. ###@###.### 2005-04-05 22:10:51 GMT Customer confirmed this, closed as dup of 5071820. ###@###.### 2005-05-17 17:29:09 GMT
05-04-2005