Bug 1245855
| Summary: | Crash when debugger breakpoint occurs on String constructor | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | James Livingston <jlivings> | ||||
| Component: | java-1.7.0-openjdk | Assignee: | Andrew John Hughes <ahughes> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Lukáš Zachar <lzachar> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | urgent | ||||||
| Version: | 7.0 | CC: | ahughes, dbhole, isenfeld, iweiss, joallen, sbaiduzh | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | java-1.7.0-openjdk-1.7.0.85-2.6.1.4.el7 | Doc Type: | Bug Fix | ||||
| Doc Text: |
Cause: A bug was discovered when debugging Java code which enters the constructor for String objects.
Consequence: The Java Virtual Machine (JVM) would crash if the String object was null.
Fix: This update fixes the issue by checking for null strings throughout the OpenJDK code base.
Result: It is now possible for the debugger to operate on the constructor of String objects.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2015-11-19 03:55:28 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
James Livingston
2015-07-23 00:59:02 UTC
This is: changeset: 5409:f9be370a7d54 user: sla date: Sat Oct 05 15:18:57 2013 +0200 summary: 8025922: JNI access to Strings need to check if the value field is non-null http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/rev/f9be370a7d54 I'll look into a backport. It seems the issue moved somewhere else with this scratch build: # SIGSEGV (0xb) at pc=0x00007fa182074aa1, pid=11704, tid=140331189331712 # # JRE version: OpenJDK Runtime Environment (7.0_85-b01) (build 1.7.0_85-mockbuild_2015_07_22_22_59-b00) # Java VM: OpenJDK 64-Bit Server VM (24.85-b03 mixed mode linux-amd64 compressed oops) # Derivative: IcedTea 2.6.1 # Distribution: Built on Red Hat Enterprise Linux Server release 7.1 (Maipo) (Wed Jul 22 22:59:59 EDT 2015) # Problematic frame: # C [libc.so.6+0x162aa1] __strlen_sse2_pminub+0x11 Core dump and full hs_err attached. Created attachment 1055274 [details]
Core dump and new hs_err
The core dump is a little odd; I can't see a thread at __strlen_sse2_pminub at all. 20 of the 21 threads are waiting, and the final one is reading data for JVMTI:
Core was generated by `/usr/lib/jvm/java-1.7.0-openjdk/bin/java -agentlib:jdwp=transport=dt_socket,sus'.
Program terminated with signal 6, Aborted.
#0 0x00007f42eca94989 in ?? () at ../sysdeps/unix/sysv/linux/sigsuspend.c:32 from /lib64/libc.so.6
32 return INLINE_SYSCALL (rt_sigsuspend, 2, CHECK_SIGSET (set), _NSIG / 8);
(gdb) t 17
[Switching to thread 17 (Thread 0x7f42d145d700 (LWP 13917))]
#0 0x00007f42ed2405eb in __libc_recv (fd=fd@entry=4, buf=buf@entry=0x7f42d145cc8c, n=n@entry=4, flags=-1, flags@entry=0)
at ../sysdeps/unix/sysv/linux/x86_64/recv.c:33
33 ssize_t result = INLINE_SYSCALL (recvfrom, 6, fd, buf, n, flags, NULL, NULL);
(gdb) bt
#0 0x00007f42ed2405eb in __libc_recv (fd=fd@entry=4, buf=buf@entry=0x7f42d145cc8c, n=n@entry=4, flags=-1, flags@entry=0)
at ../sysdeps/unix/sysv/linux/x86_64/recv.c:33
#1 0x00007f42d169777b in dbgsysRecv (fd=fd@entry=4, buf=buf@entry=0x7f42d145cc8c "B\177", nBytes=nBytes@entry=4,
flags=flags@entry=0) at ../../../../src/solaris/transport/socket/socket_md.c:113
I notice that the original hs_err was on quite an old version of java-1.7.0-openjdk. Would it be possible to get one from the latest version in RHEL 7.1 (java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1)? This would eliminate any changes which don't result from the patches added between the patched version and the current RHEL version.
To reproduce, save and compile this class:
public class Main {
public static void main(String[] args) {
String string = new String(new char[0], 0, 0);
}
}
Then run:
jdb Main
stop in java.lang.String.<init>(char[],int,int)
run
print this
And the target JVM will crash, and jdb will abort too. I just reproduced it on java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1.x86_64 from RHEL, and also see the new crash location with the scratch build.
Fixed with the latest patches: $ /usr/lib/jvm/java-1.7.0-openjdk/bin/java -version java version "1.7.0_85" OpenJDK Runtime Environment (rhel-2.6.1.4.el7_1-x86_64 u85-b01) OpenJDK 64-Bit Server VM (build 24.85-b03, mixed mode) $ /usr/lib/jvm/java-1.7.0-openjdk/bin/jdb Main Initializing jdb ... > stop in java.lang.String.<init>(char[],int,int) Deferring breakpoint java.lang.String.<init>(char[],int,int). It will be set after the class is loaded. > run run Main Set uncaught java.lang.Throwable Set deferred breakpoint java.lang.String.<init>(char[],int,int) Set deferred uncaught java.lang.Throwable > VM Started: Breakpoint hit: "thread=main", java.lang.String.<init>(), line=192 bci=0 main[1] print this this = "" Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2015-2177.html |