I've been banging on java_g using AVH's page fetcher. I haven't been able to
reproduce 1191568, but can regularly cause an apparently distinct assertion failure.
The problem I am seeing is always when exiting the monitor cache lock when
killing a thread, and points to something that looks clearly bogus. In sysThreadKill()
we exit both the monitor registry and monitor cache monitors while the scheduler
is locked. When doing that we in turn relock the scheduler. When exiting a monitor
there is one path in which the thread yields and reschedules. The assertion that
is dying checks that when we reschedule the scheduler is locked exactly once. This
isn't anything fancy: the code is clearly in conflict with the assertion. I have seen
this die about 4 times now.
[Addendum:] Oh yes, _scheduling_lock is always 2 when this happens.
The evidence (this is my build so line numbers may vary):
[6] abort(0x4006e02c, 0x6cb68, 0x4006e178, 0x4006e010, 0x4006e11c, 0xc), at 0xef6ed7c8
[7] panic(format = 0x6cb68 "<bad address>", ...), line 289 in "../../../../src/share/java/main/util.c"
[8] reschedule(preemption = SYNCHRONOUS), line 41 in "../../../../src/solaris/java/runtime/schedule.c"
[9] sysMonitorExit(mid = 0x85330), line 397 in "../../../../src/solaris/java/runtime/monitor_md.c"
[10] _sysThreadKill(tid = 0x400dede8, in_trap = 0), line 321 in "../../../../src/solaris/java/runtime/threads_md.c"
[11] sysThreadKill(tid = 0x400dede8), line 359 in "../../../../src/solaris/java/runtime/threads_md.c"
[12] java_lang_Thread_stop(p = 0x300288), line 96 in "../../../../src/share/java/lang/thread.c"
[13] java_lang_Thread_stop_stub(_P_ = 0x45a16c, _EE_ = 0x4006ecd4), line 805 in "classstubs.c"
[14] invokeSynchronizedNativeMethod(o = 0x300288, mb = 0x3a2538, args_size = 1, ee = 0x4006ecd4), line 201 in "../../../../src/share/java/runtime/classruntime.c"
[15] ExecuteJava(initial_pc = 0x4006ebd2 "Õ", ee = 0x4006ecd4), line 1928 in "../../../../src/share/java/runtime/interpreter.c"
[16] do_execute_java_method_vararg(ee = 0x4006ecd4, obj = 0x2f50b0, method_name = 0x80114 "run", method_signature = 0x80118 "()V", mb = (nil), isStaticCall = FALSE, args = 0x4006ecc4), line 418 in "../../../../src/share/java/runtime/interpreter.c"
[17] execute_java_dynamic_method(ee = 0x4006ecd4, obj = 0x2f50b0, method_name = 0x80114 "run", signature = 0x80118 "()V", ...), line 194 in "../../../../src/share/java/runtime/interpreter.c"
[18] ThreadRT0(p = 0x2f50b0), line 52 in "../../../../src/share/java/lang/thread.c"
[19] start_func(dummy = 1, arg = 3100848, func = &`thread.c`ThreadRT0(register Hjava_lang_Thread *p) at 0x451c8), line 134 in "../../../../src/solaris/java/runtime/threads_md.c"
reproduce 1191568, but can regularly cause an apparently distinct assertion failure.
The problem I am seeing is always when exiting the monitor cache lock when
killing a thread, and points to something that looks clearly bogus. In sysThreadKill()
we exit both the monitor registry and monitor cache monitors while the scheduler
is locked. When doing that we in turn relock the scheduler. When exiting a monitor
there is one path in which the thread yields and reschedules. The assertion that
is dying checks that when we reschedule the scheduler is locked exactly once. This
isn't anything fancy: the code is clearly in conflict with the assertion. I have seen
this die about 4 times now.
[Addendum:] Oh yes, _scheduling_lock is always 2 when this happens.
The evidence (this is my build so line numbers may vary):
[6] abort(0x4006e02c, 0x6cb68, 0x4006e178, 0x4006e010, 0x4006e11c, 0xc), at 0xef6ed7c8
[7] panic(format = 0x6cb68 "<bad address>", ...), line 289 in "../../../../src/share/java/main/util.c"
[8] reschedule(preemption = SYNCHRONOUS), line 41 in "../../../../src/solaris/java/runtime/schedule.c"
[9] sysMonitorExit(mid = 0x85330), line 397 in "../../../../src/solaris/java/runtime/monitor_md.c"
[10] _sysThreadKill(tid = 0x400dede8, in_trap = 0), line 321 in "../../../../src/solaris/java/runtime/threads_md.c"
[11] sysThreadKill(tid = 0x400dede8), line 359 in "../../../../src/solaris/java/runtime/threads_md.c"
[12] java_lang_Thread_stop(p = 0x300288), line 96 in "../../../../src/share/java/lang/thread.c"
[13] java_lang_Thread_stop_stub(_P_ = 0x45a16c, _EE_ = 0x4006ecd4), line 805 in "classstubs.c"
[14] invokeSynchronizedNativeMethod(o = 0x300288, mb = 0x3a2538, args_size = 1, ee = 0x4006ecd4), line 201 in "../../../../src/share/java/runtime/classruntime.c"
[15] ExecuteJava(initial_pc = 0x4006ebd2 "Õ", ee = 0x4006ecd4), line 1928 in "../../../../src/share/java/runtime/interpreter.c"
[16] do_execute_java_method_vararg(ee = 0x4006ecd4, obj = 0x2f50b0, method_name = 0x80114 "run", method_signature = 0x80118 "()V", mb = (nil), isStaticCall = FALSE, args = 0x4006ecc4), line 418 in "../../../../src/share/java/runtime/interpreter.c"
[17] execute_java_dynamic_method(ee = 0x4006ecd4, obj = 0x2f50b0, method_name = 0x80114 "run", signature = 0x80118 "()V", ...), line 194 in "../../../../src/share/java/runtime/interpreter.c"
[18] ThreadRT0(p = 0x2f50b0), line 52 in "../../../../src/share/java/lang/thread.c"
[19] start_func(dummy = 1, arg = 3100848, func = &`thread.c`ThreadRT0(register Hjava_lang_Thread *p) at 0x451c8), line 134 in "../../../../src/solaris/java/runtime/threads_md.c"