1018625 – abort due to memory corruption discovered in remove_seen_thread

Bug 1018625 - abort due to memory corruption discovered in remove_seen_thread

Summary: abort due to memory corruption discovered in remove_seen_thread

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	java-1.6.0-openjdk
Sub Component:
Version:	5.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	5.11
Assignee:	Christine Flood
QA Contact:	BaseOS QE - Apps
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1049888
TreeView+	depends on / blocked

Reported:	2013-10-13 22:54 UTC by Brad Hubbard
Modified:	2017-04-18 21:56 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-04-18 21:56:38 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Full backtrace of all threads (10.05 KB, application/octet-stream) 2013-10-13 22:54 UTC, Brad Hubbard	no flags	Details
View All

Description Brad Hubbard 2013-10-13 22:54:47 UTC

Created attachment 811824 [details]
Full backtrace of all threads

Description of problem:

Core was generated by `java -Dprogram.name=run.sh -server -Xms768m -Xmx768m -XX:PermSize=256m -XX:MaxP'.
Program terminated with signal 6, Aborted.
#0  0x0000003c47430265 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64        return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb) bt
#0  0x0000003c47430265 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x0000003c47431d10 in abort () at abort.c:88
#2  0x00002b4cf089d5d9 in os::abort (dump_core=true) at /usr/src/debug/icedtea6-1.11.11.90/openjdk/hotspot/src/os/linux/vm/os_linux.cpp:1563
#3  0x00002b4cf09f6d70 in VMError::report_and_die (this=0x410f74d0) at /usr/src/debug/icedtea6-1.11.11.90/openjdk/hotspot/src/share/vm/utilities/vmError.cpp:975
#4  0x00002b4cf08a2bf1 in JVM_handle_linux_signal (sig=11, info=0x410f76a0, ucVoid=0x410f7570, abort_if_unrecognized=1)
    at /usr/src/debug/icedtea6-1.11.11.90/openjdk/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp:528
#5  <signal handler called>
#6  0x0000003c4746f8d8 in mem2chunk_check (mem=0x1c25b040, magic_p=0x0) at hooks.c:162
#7  0x0000003c47475d72 in free_check (mem=0x1c25b040, caller=<value optimized out>) at hooks.c:281
#8  0x0000003c474727f1 in __libc_free (mem=0x1c25b040) at malloc.c:3643
#9  0x00002b4cf097f012 in remove_seen_thread (child_name=..., class_name=<value optimized out>, class_loader=<value optimized out>, protection_domain=<value optimized out>, 
    is_superclass=true, __the_thread__=0x1b5e9000) at /usr/src/debug/icedtea6-1.11.11.90/openjdk/hotspot/src/share/vm/classfile/placeholders.hpp:321
#10 SystemDictionary::resolve_super_or_fail (child_name=..., class_name=<value optimized out>, class_loader=<value optimized out>, protection_domain=<value optimized out>, 
    is_superclass=true, __the_thread__=0x1b5e9000) at /usr/src/debug/icedtea6-1.11.11.90/openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp:362
#11 0x00002b4cf05237aa in ClassFileParser::parseClassFile (this=0x410f7e70, name=<value optimized out>, class_loader=..., protection_domain=<value optimized out>, 
    host_klass=<value optimized out>, cp_patches=<value optimized out>, parsed_name=..., verify=false, __the_thread__=0x1b5e9000)
    at /usr/src/debug/icedtea6-1.11.11.90/openjdk/hotspot/src/share/vm/classfile/classFileParser.cpp:3091
#12 0x00002b4cf0527fd7 in ClassLoader::load_classfile (h_name=<value optimized out>, __the_thread__=0x1b5e9000)
    at /usr/src/debug/icedtea6-1.11.11.90/openjdk/hotspot/src/share/vm/classfile/classFileParser.hpp:282
#13 0x00002b4cf097f7af in SystemDictionary::load_instance_class (class_name=..., class_loader=<value optimized out>, __the_thread__=0x1b5e9000)
    at /usr/src/debug/icedtea6-1.11.11.90/openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp:1362
#14 0x00002b4cf097e58a in SystemDictionary::resolve_instance_class_or_null (class_name=<value optimized out>, class_loader=..., protection_domain=<value optimized out>, 
    __the_thread__=0x1b5e9000) at /usr/src/debug/icedtea6-1.11.11.90/openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp:763
#15 0x00002b4cf09800c4 in SystemDictionary::resolve_or_fail (class_name=<value optimized out>, class_loader=..., protection_domain=..., throw_error=true, 
    __the_thread__=0xb1bc3420) at /usr/src/debug/icedtea6-1.11.11.90/openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp:145
#16 0x00002b4cf058e38b in constantPoolOopDesc::klass_at_impl (this_oop=..., which=66, __the_thread__=0x1b5e9000)
    at /usr/src/debug/icedtea6-1.11.11.90/openjdk/hotspot/src/share/vm/oops/constantPoolOop.cpp:101
#17 0x00002b4cf069350d in klass_at (thread=0x1b5e9000, pool=0xb1bc5950, index=66) at /usr/src/debug/icedtea6-1.11.11.90/openjdk/hotspot/src/share/vm/oops/constantPoolOop.hpp:293
#18 InterpreterRuntime::_new (thread=0x1b5e9000, pool=0xb1bc5950, index=66)
    at /usr/src/debug/icedtea6-1.11.11.90/openjdk/hotspot/src/share/vm/interpreter/interpreterRuntime.cpp:147
#19 0x00002aaaab32ddc4 in ?? ()
#20 0x00002aaaab32dd72 in ?? ()
#21 0x00000000410f86d8 in ?? ()
#22 0x00000000b1bc7f3a in ?? ()
#23 0x00000000410f8730 in ?? ()
#24 0x00000000b1bcee78 in ?? ()
#25 0x0000000000000000 in ?? ()


Version-Release number of selected component (if applicable):
java-1.6.0-openjdk-1.6.0.0-1.41.1.11.11.90.el5_9

How reproducible:
unknown, seen once

Additional info:
# strings core.6272| grep MALLOC_CHECK_
MALLOC_CHECK_=1

Comment 1 Deepak Bhole 2013-10-15 18:03:02 UTC

Not sure how addressable this is given that it is not reproducible, but assigning to Christine to make the final call.

Comment 2 Christine Flood 2014-01-22 14:42:34 UTC

Remove_seen_thread has been run many many times without improperly freeing memory.  I can't tell from the bug report why the memory was corrupted.  We need to close this without a reproducer.

Comment 3 RHEL Program Management 2014-01-22 16:24:15 UTC

This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.

Comment 7 RHEL Program Management 2014-07-16 00:25:40 UTC

This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.

Comment 8 Chris Williams 2017-04-18 21:56:38 UTC

Red Hat Enterprise Linux 5 shipped it's last minor release, 5.11, on September 14th, 2014. On March 31st, 2017 RHEL 5 exited Production Phase 3 and entered Extended Life Phase. For RHEL releases in the Extended Life Phase, Red Hat  will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.  If the customer purchases the Extended Life-cycle Support (ELS), certain critical-impact security fixes and selected urgent priority bug fixes for the last minor release will be provided.  For more details please consult the Red Hat Enterprise Linux Life Cycle Page:
https://access.redhat.com/support/policy/updates/errata

This BZ does not appear to meet ELS criteria so is being closed WONTFIX. If this BZ is critical for your environment and you have an Extended Life-cycle Support Add-on entitlement, please open a case in the Red Hat Customer Portal, https://access.redhat.com ,provide a thorough business justification and ask that the BZ be re-opened for consideration of an errata. Please note, only certain critical-impact security fixes and selected urgent priority bug fixes for the last minor release can be considered.

Note You need to log in before you can comment on or make changes to this bug.