P4
Problem was reported on jdk1.2.2_06 Production for Solaris.
A bug in a JNI application causes a SIGSEGV while performing a malloc . The JVM signal handler is called and it tries to malloc and then hangs because the malloc is trying to locak a resource that is already locked by the malloc that caused the fault. The application and the JVM are then deadlocked.
No test case is available but a stack trace is attached.
-----------------------------------------------------------------------------------------
=>[1] __lwp_sema_wait(0x2650960, 0x0, 0xfedb7fd8, 0x0, 0xfede6670, 0x3), at 0xfea97aec
[2] _park(0x26508b0, 0x2650960, 0x0, 0x2, 0xfe9ed7a0, 0xfe70ddc8), at 0xfe9cb1c8
[3] _swtch(0x5, 0xfe9eca0c, 0x2650940, 0x265093c, 0x2650938, 0x2650934), at 0xfe9caebc
[4] _mutex_adaptive_lock(0xfeab7f00, 0x4c00, 0xfe9eca0c, 0x1, 0x4d58, 0xfffeffff), at 0xfe9cc74c
[5] _cmutex_lock(0xfeab7f00, 0xff, 0x7, 0xfea4559c, 0x40050248, 0xff00), at 0xfe9cc4fc
[6] malloc(0x27, 0x2d3a548, 0x65720000, 0x7efefeff, 0x81010100, 0xff00), at 0xfea4559c
[7] classNameWithDots(0x26, 0x2ea75d0, 0x2eb7048, 0xfeabb58c, 0xfeab7670, 0xffbe92f1), at 0xfebe25c0
[8] pc2string(0x2eb70fc, 0x2eb7048, 0xffbe914c, 0x0, 0xfeddef30, 0xffbe924b), at 0xfeb428bc
[9] printJavaStackForEE(0xfedb7ff8, 0x2649688, 0xfedb7fd8, 0x0, 0xfede6670, 0x3), at 0xfeb47894
[10] DumpThreadsHelper(0x2ea92d8, 0x2ea93a0, 0x2649688, 0xfeddef30, 0x7fffffff, 0x2ea92d8), at 0xfeb48304
[11] sysThreadEnumerateOver(0x0, 0x2ea92d8, 0xfeddef30, 0xfeb47c64, 0x0, 0x0), at 0xfebdd328
[12] DumpThreads(0xfede6334, 0xfeddef30, 0xffbe9480, 0xfee13354, 0xfedc09ec, 0xfeab3968), at 0xfeb483e4
[13] panicHandler(0x2649688, 0xffbe9a78, 0x2000, 0xfeddef30, 0xb, 0xad5ca000), at 0xfec04430
[14] userSignalHandler(0xb, 0xffbe9a78, 0xffbe97c0, 0xfec03ed0, 0xfebfe180, 0x0), at 0xfebfe190
[15] intrDispatch(0xb, 0xffbe9a78, 0xffbe97c0, 0x0, 0x0, 0x0), at 0xfebfe170
[16] intrDispatchMD(0xb, 0xffbe9a78, 0xffbe97c0, 0xfe9eca0c, 0x2650934, 0x2650914), at 0xfec02c20
[17] __libthread_segvhdlr(0xb, 0xffbe9a78, 0xffbe97c0, 0xfe9eca0c, 0x0, 0x0), at 0xfe9d9340
[18] __sighndlr(0xb, 0xffbe9a78, 0xffbe97c0, 0xfe9d9260, 0x2650934, 0x2650914), at 0xfe9dbde8
[19] sigacthandler(0xb, 0xffbe9a78, 0xffbe97c0, 0xfe9eca0c, 0x2c, 0x2650944), at 0xfe9d86f0
---- called from signal handler with signal 11 (SIGSEGV) ------
[20] _malloc_unlocked(0x0, 0x948, 0x20000000, 0x3b73b68, 0x0, 0xfeab3968), at 0xfea45714
[21] malloc(0x948, 0x9, 0x0, 0x7, 0x8, 0x35fbee8), at 0xfea455a4
[22] calloc(0x9, 0x108, 0x948, 0x4, 0xb3, 0x385cf10), at 0xfea39c2c
[23] rt_ctMurexDLLActionFunction(0xffbe9e98, 0xffbe9de8, 0xbff00000, 0x0, 0x0, 0xffbe9c78), at 0x13abf2c
[24] rt_ctMurexDLLFunction(0xffbe9de8, 0x4, 0xffbe9e98, 0xffbe9d80, 0x0, 0x3b73508), at 0x13ac3e4
[25] rt_ctCallDLLFunction(0xffbe9de8, 0x4, 0xffbe9e98, 0xe, 0xffbe9d78, 0x5), at 0x13ac540
[26] rt_ctBackupResultsWithFlag(0x385cb88, 0x0, 0x3b526d0, 0x0, 0x64, 0x15), at 0x1383440
[27] rt_ctBackupResults(0x385cb88, 0x385cb88, 0xffffffff, 0x0, 0x0, 0x385d695), at 0x138348c
[28] rt_ctInternalComputeZeroCoupons(0x385cb88, 0x0, 0x0, 0x1, 0x1384590, 0x1386f40), at 0x13838ac
[29] rt_ctComputeZeroCoupons(0x385cb88, 0x0, 0x0, 0x7, 0x8, 0x35fbee8), at 0x1387130
[30] rt_ctFillInBCHandle(0x385cb40, 0x0, 0x385cb88, 0x34907d8, 0x3343f38, 0x0), at 0x138e9ac
[31] rt_ctLoadItems(0x385cb40, 0x3343f38, 0x1348628, 0x0, 0x0, 0xffbea059), at 0x13b0118
[32] TBLScanTable(0x35fbe18, 0x13b0098, 0x3343f38, 0xffbea2b9, 0x0, 0xffbea2c5), at 0x1adbadc
[33] rt_ctLoadStorageStructure(0x3343f38, 0x1, 0x0, 0x0, 0x0, 0x38aed38), at 0x13b3798
[34] mkpFdLoadStorageStructure(0x36683d8, 0x1, 0x0, 0x0, 0x0, 0x1), at 0x1361784
[35] mpMkpFDLoadParameters(0x34906a8, 0x37da818, 0xbff00000, 0x0, 0x0, 0x3674a4d), at 0x11334ec
[36] mpLoadSimulationParametersAux(0x34906a8, 0x1f7, 0x1, 0x0, 0x0, 0x0), at 0x1134e18
[37] mpLoadSimulationParameters(0x34906a8, 0x1f7, 0x0, 0x284, 0x0, 0xffbea9e8), at 0x11359dc
[38] mxSPBGlobalFunction(0x0, 0x0, 0x0, 0x284, 0x0, 0xffbea9e8), at 0x350080
[39] SPB_SpecialFunctionScan(0x284, 0xffbeaa5c, 0xffffffff, 0x0, 0x0, 0xffbeaa71), at 0x150552c
[40] SPBHdrOptimScanShut(0xffbeabec, 0x3a952a0, 0x3670d78, 0x1, 0x1, 0xa), at 0x1512520
[41] SPBHdrDBFScanProceed(0x3937e48, 0x3, 0xffbecca4, 0xd, 0xffbeece8, 0xc), at 0x1511084
[42] SPBActTrnPLLoadFOAdditionnal(0x264adf4, 0x1db3, 0x0, 0x1, 0x3695118, 0x331), at 0x15a8bf8
[43] SPBActTrnPLLoadFO(0x3678be8, 0x22121a8, 0x1db3, 0x1, 0x3695118, 0x331), at 0x15aa110
[44] mxSimPtfLoadPortfoliosWithFlag(0x3678be8, 0x1db3, 0x0, 0x1, 0x80, 0xffbeee80), at 0x1e75d50
[45] mxSimSelectInitAndLoadPortfolioInternal(0xffbeef70, 0x0, 0x1db3, 0x0, 0x0, 0x0), at 0x1e79164
[46] mxSimSelectInitAndLoad(0xffbeef70, 0x0, 0x1db3, 0x0, 0x47, 0x21), at 0x1e794f0
[47] mxSimScrPopUpSimulation(0x1db3, 0x0, 0x0, 0x0, 0x2f06e58, 0x88), at 0x1e7e54c
[48] mnuSimulationReactToCommand(0x7da5, 0x0, 0xffbeeb5e, 0x0, 0x43617265, 0x4d785265), at 0x3617c0
[49] mnuMxPopUp(0x3019db0, 0x753a, 0x3415cf4, 0x3635, 0x0, 0xffbeeb5e), at 0x364b48
[50] __objObjectSpecialFct(0x3019db0, 0x753a, 0x3415cf4, 0x301d6c8, 0x3019e98, 0x3019db0), at 0x1a325c4
[51] __objObjectDataSpecialFct(0x3415ce8, 0x753a, 0x3415cf4, 0x7efefeff, 0x81010100, 0xff0000), at 0x1a327ac
[52] mnuReactToExternalEvent(0x3415ce8, 0x33ae440, 0xffbef2c8, 0xffbef2c8, 0x301d6c8, 0xffbef2e5), at 0x1a3b124
[53] __ObjectActivator(0x3019cc8, 0x2eac2f8, 0xffbef3c0, 0x0, 0x1, 0x364620), at 0x1a335b0
[54] objHPopUp(0x7d64, 0x3, 0x0, 0x364620, 0xffbef3c0, 0x0), at 0x1a35150
[55] mxPopUpMenu(0x2728684, 0x0, 0x215ba6c, 0x1, 0x44, 0x64), at 0x36582c
[56] MainMenu(0x2727870, 0xffbef4b0, 0x1, 0x10, 0x4, 0x215babc), at 0x348194
[57] mxApplicationEntry(0x7530, 0xffbef5bc, 0x0, 0x215b6f4, 0x3, 0x215b6f8), at 0x349e18
[58] mmsApplicationEntry(0x7530, 0xffbef5bc, 0x0, 0x0, 0x0, 0x0), at 0x3480a8
[59] mdApplicationEntry(0x13, 0xffbef704, 0xffbef754, 0xfeab3968, 0x0, 0x0), at 0x1a343e0
[60] mdAppMain(0x13, 0xffbef704, 0xffbef754, 0x0, 0x0, 0x0), at 0x1be24ec
[61] main(0x13, 0xffbef704, 0xffbef754, 0x204a000, 0x0, 0x0), at 0x348120
A bug in a JNI application causes a SIGSEGV while performing a malloc . The JVM signal handler is called and it tries to malloc and then hangs because the malloc is trying to locak a resource that is already locked by the malloc that caused the fault. The application and the JVM are then deadlocked.
No test case is available but a stack trace is attached.
-----------------------------------------------------------------------------------------
=>[1] __lwp_sema_wait(0x2650960, 0x0, 0xfedb7fd8, 0x0, 0xfede6670, 0x3), at 0xfea97aec
[2] _park(0x26508b0, 0x2650960, 0x0, 0x2, 0xfe9ed7a0, 0xfe70ddc8), at 0xfe9cb1c8
[3] _swtch(0x5, 0xfe9eca0c, 0x2650940, 0x265093c, 0x2650938, 0x2650934), at 0xfe9caebc
[4] _mutex_adaptive_lock(0xfeab7f00, 0x4c00, 0xfe9eca0c, 0x1, 0x4d58, 0xfffeffff), at 0xfe9cc74c
[5] _cmutex_lock(0xfeab7f00, 0xff, 0x7, 0xfea4559c, 0x40050248, 0xff00), at 0xfe9cc4fc
[6] malloc(0x27, 0x2d3a548, 0x65720000, 0x7efefeff, 0x81010100, 0xff00), at 0xfea4559c
[7] classNameWithDots(0x26, 0x2ea75d0, 0x2eb7048, 0xfeabb58c, 0xfeab7670, 0xffbe92f1), at 0xfebe25c0
[8] pc2string(0x2eb70fc, 0x2eb7048, 0xffbe914c, 0x0, 0xfeddef30, 0xffbe924b), at 0xfeb428bc
[9] printJavaStackForEE(0xfedb7ff8, 0x2649688, 0xfedb7fd8, 0x0, 0xfede6670, 0x3), at 0xfeb47894
[10] DumpThreadsHelper(0x2ea92d8, 0x2ea93a0, 0x2649688, 0xfeddef30, 0x7fffffff, 0x2ea92d8), at 0xfeb48304
[11] sysThreadEnumerateOver(0x0, 0x2ea92d8, 0xfeddef30, 0xfeb47c64, 0x0, 0x0), at 0xfebdd328
[12] DumpThreads(0xfede6334, 0xfeddef30, 0xffbe9480, 0xfee13354, 0xfedc09ec, 0xfeab3968), at 0xfeb483e4
[13] panicHandler(0x2649688, 0xffbe9a78, 0x2000, 0xfeddef30, 0xb, 0xad5ca000), at 0xfec04430
[14] userSignalHandler(0xb, 0xffbe9a78, 0xffbe97c0, 0xfec03ed0, 0xfebfe180, 0x0), at 0xfebfe190
[15] intrDispatch(0xb, 0xffbe9a78, 0xffbe97c0, 0x0, 0x0, 0x0), at 0xfebfe170
[16] intrDispatchMD(0xb, 0xffbe9a78, 0xffbe97c0, 0xfe9eca0c, 0x2650934, 0x2650914), at 0xfec02c20
[17] __libthread_segvhdlr(0xb, 0xffbe9a78, 0xffbe97c0, 0xfe9eca0c, 0x0, 0x0), at 0xfe9d9340
[18] __sighndlr(0xb, 0xffbe9a78, 0xffbe97c0, 0xfe9d9260, 0x2650934, 0x2650914), at 0xfe9dbde8
[19] sigacthandler(0xb, 0xffbe9a78, 0xffbe97c0, 0xfe9eca0c, 0x2c, 0x2650944), at 0xfe9d86f0
---- called from signal handler with signal 11 (SIGSEGV) ------
[20] _malloc_unlocked(0x0, 0x948, 0x20000000, 0x3b73b68, 0x0, 0xfeab3968), at 0xfea45714
[21] malloc(0x948, 0x9, 0x0, 0x7, 0x8, 0x35fbee8), at 0xfea455a4
[22] calloc(0x9, 0x108, 0x948, 0x4, 0xb3, 0x385cf10), at 0xfea39c2c
[23] rt_ctMurexDLLActionFunction(0xffbe9e98, 0xffbe9de8, 0xbff00000, 0x0, 0x0, 0xffbe9c78), at 0x13abf2c
[24] rt_ctMurexDLLFunction(0xffbe9de8, 0x4, 0xffbe9e98, 0xffbe9d80, 0x0, 0x3b73508), at 0x13ac3e4
[25] rt_ctCallDLLFunction(0xffbe9de8, 0x4, 0xffbe9e98, 0xe, 0xffbe9d78, 0x5), at 0x13ac540
[26] rt_ctBackupResultsWithFlag(0x385cb88, 0x0, 0x3b526d0, 0x0, 0x64, 0x15), at 0x1383440
[27] rt_ctBackupResults(0x385cb88, 0x385cb88, 0xffffffff, 0x0, 0x0, 0x385d695), at 0x138348c
[28] rt_ctInternalComputeZeroCoupons(0x385cb88, 0x0, 0x0, 0x1, 0x1384590, 0x1386f40), at 0x13838ac
[29] rt_ctComputeZeroCoupons(0x385cb88, 0x0, 0x0, 0x7, 0x8, 0x35fbee8), at 0x1387130
[30] rt_ctFillInBCHandle(0x385cb40, 0x0, 0x385cb88, 0x34907d8, 0x3343f38, 0x0), at 0x138e9ac
[31] rt_ctLoadItems(0x385cb40, 0x3343f38, 0x1348628, 0x0, 0x0, 0xffbea059), at 0x13b0118
[32] TBLScanTable(0x35fbe18, 0x13b0098, 0x3343f38, 0xffbea2b9, 0x0, 0xffbea2c5), at 0x1adbadc
[33] rt_ctLoadStorageStructure(0x3343f38, 0x1, 0x0, 0x0, 0x0, 0x38aed38), at 0x13b3798
[34] mkpFdLoadStorageStructure(0x36683d8, 0x1, 0x0, 0x0, 0x0, 0x1), at 0x1361784
[35] mpMkpFDLoadParameters(0x34906a8, 0x37da818, 0xbff00000, 0x0, 0x0, 0x3674a4d), at 0x11334ec
[36] mpLoadSimulationParametersAux(0x34906a8, 0x1f7, 0x1, 0x0, 0x0, 0x0), at 0x1134e18
[37] mpLoadSimulationParameters(0x34906a8, 0x1f7, 0x0, 0x284, 0x0, 0xffbea9e8), at 0x11359dc
[38] mxSPBGlobalFunction(0x0, 0x0, 0x0, 0x284, 0x0, 0xffbea9e8), at 0x350080
[39] SPB_SpecialFunctionScan(0x284, 0xffbeaa5c, 0xffffffff, 0x0, 0x0, 0xffbeaa71), at 0x150552c
[40] SPBHdrOptimScanShut(0xffbeabec, 0x3a952a0, 0x3670d78, 0x1, 0x1, 0xa), at 0x1512520
[41] SPBHdrDBFScanProceed(0x3937e48, 0x3, 0xffbecca4, 0xd, 0xffbeece8, 0xc), at 0x1511084
[42] SPBActTrnPLLoadFOAdditionnal(0x264adf4, 0x1db3, 0x0, 0x1, 0x3695118, 0x331), at 0x15a8bf8
[43] SPBActTrnPLLoadFO(0x3678be8, 0x22121a8, 0x1db3, 0x1, 0x3695118, 0x331), at 0x15aa110
[44] mxSimPtfLoadPortfoliosWithFlag(0x3678be8, 0x1db3, 0x0, 0x1, 0x80, 0xffbeee80), at 0x1e75d50
[45] mxSimSelectInitAndLoadPortfolioInternal(0xffbeef70, 0x0, 0x1db3, 0x0, 0x0, 0x0), at 0x1e79164
[46] mxSimSelectInitAndLoad(0xffbeef70, 0x0, 0x1db3, 0x0, 0x47, 0x21), at 0x1e794f0
[47] mxSimScrPopUpSimulation(0x1db3, 0x0, 0x0, 0x0, 0x2f06e58, 0x88), at 0x1e7e54c
[48] mnuSimulationReactToCommand(0x7da5, 0x0, 0xffbeeb5e, 0x0, 0x43617265, 0x4d785265), at 0x3617c0
[49] mnuMxPopUp(0x3019db0, 0x753a, 0x3415cf4, 0x3635, 0x0, 0xffbeeb5e), at 0x364b48
[50] __objObjectSpecialFct(0x3019db0, 0x753a, 0x3415cf4, 0x301d6c8, 0x3019e98, 0x3019db0), at 0x1a325c4
[51] __objObjectDataSpecialFct(0x3415ce8, 0x753a, 0x3415cf4, 0x7efefeff, 0x81010100, 0xff0000), at 0x1a327ac
[52] mnuReactToExternalEvent(0x3415ce8, 0x33ae440, 0xffbef2c8, 0xffbef2c8, 0x301d6c8, 0xffbef2e5), at 0x1a3b124
[53] __ObjectActivator(0x3019cc8, 0x2eac2f8, 0xffbef3c0, 0x0, 0x1, 0x364620), at 0x1a335b0
[54] objHPopUp(0x7d64, 0x3, 0x0, 0x364620, 0xffbef3c0, 0x0), at 0x1a35150
[55] mxPopUpMenu(0x2728684, 0x0, 0x215ba6c, 0x1, 0x44, 0x64), at 0x36582c
[56] MainMenu(0x2727870, 0xffbef4b0, 0x1, 0x10, 0x4, 0x215babc), at 0x348194
[57] mxApplicationEntry(0x7530, 0xffbef5bc, 0x0, 0x215b6f4, 0x3, 0x215b6f8), at 0x349e18
[58] mmsApplicationEntry(0x7530, 0xffbef5bc, 0x0, 0x0, 0x0, 0x0), at 0x3480a8
[59] mdApplicationEntry(0x13, 0xffbef704, 0xffbef754, 0xfeab3968, 0x0, 0x0), at 0x1a343e0
[60] mdAppMain(0x13, 0xffbef704, 0xffbef754, 0x0, 0x0, 0x0), at 0x1be24ec
[61] main(0x13, 0xffbef704, 0xffbef754, 0x204a000, 0x0, 0x0), at 0x348120