BigAdmin: Java SE - Debugging Experience using WinDbg

Skip to Content Sun and Oracle Channel Sun How to Buy Log In United States [Change] English

BigAdmin: Java SE

Java SE - Debugging Experience using WinDbg

Submit Content | Check BigAdmin Bucks

From the BigAdmin JavaSE Hub

Debugging Experience using WinDbg

Poonam Bajaj

Sharing a debugging experience using WinDbg.

This issue was a crash on Windows platform showing jvm!jio_fprintf as the topmost JVM frame on the call stack of the crashing thread. I debugged this crash using WinDbg Debugger.

I received a Crash Dump file from customer, opened it in WinDbg and got the following stack trace from it:

00 2245f698 6d4545c1 ntdll!RtlEnterCriticalSection+0xb 
01 2245f6a8 6d454624 jvm!jio_fprintf(struct _iobuf * f = 0x6d48a34c, char * fmt = 0x00235048 "TKmore ")+0x12 
02 2245f6b8 6d46f4e2 jvm!jio_print(char * s = 0x6d48a34c "YY???")+0x20 
03 2245f6c8 6d46f29c jvm!defaultStream::print_raw(char * s = 0x6d48a34c "YY???")+0xe 
04 2245fea8 6d48a34c jvm!outputStream::print_cr(char * format = 0x6d4cdbb4 "Full thread dump:", char [2000] buffer = char [2000] "Full thread dump:")+0x49 
05 2245fecc 6d4912de jvm!Threads::print(long print_stacks = 1, long internal_format = 0)+0x17 
06 2245fed8 6d49104c jvm!VM_PrintThreads::doit(void)+0x9 
07 2245fef4 6d490b9a jvm!VM_Operation::evaluate(void)+0x17 
08 2245ff14 6d490cfb jvm!VMThread::evaluate_operation(class VM_Operation * op = 0x2259fed0)+0x1a 
09 2245ff68 6d490ab7 jvm!VMThread::loop(void)+0x129 
0a 2245ff74 6d46db10 jvm!VMThread::run(void)+0x52 
0b 2245ff7c 780085bc jvm!_start(class Thread * thread = 0x00b5f350)+0xb 
0c 2245ffb4 7c57b388 MSVCRT!endthreadex+0xbc 
0d 2245ffec 00000000 KERNEL32!lstrcmpiW+0xb7

This stack shows that the top frame is ntdll!RtlEnterCriticalSection+0xb which was called from jvm!jio_fprintf(), which seemed unlikely. To confirm this, I checked the symbols on the stack of the crashing thread.

Note: To get the stack address in Windbg, click View->Registers, take the value of 'ebp'; this register contains the address of the current frame on the stack.

In this case, ebp was 0x2245f698

Note: To see the symbols on the stack, click View->Memory and paste 'ebp' value. Select "Pointer and Symbol" in the 'Debug Format' drop down in the memory window.

I got the following symbols on the stack:

2245f680 6d46ef82 jvm!ThreadCritical::ThreadCritical+0x1c 
[D:\BUILD_AREA\jdk131-update\ws\hotspot\src\os\win32\vm\os_win32.cpp @ 1939]
2245f684 6d46ef91 jvm!ThreadCritical::~ThreadCritical+0xb 
[D:\BUILD_AREA\jdk131-update\ws\hotspot\src\os\win32\vm\os_win32.cpp @ 1940]
2245f688 6d4545dc jvm!jio_vfprintf+0x17 [D:\BUILD_AREA\jdk131-update\ws\hotspot\src\share\vm\prims\jvm.cpp @ 1639]
2245f68c 7803a6b0 MSVCRT!iob+0x20
2245f690 6d4c70e8 jvm!`string'
2245f694 2245f6b8 
2245f698 2245fea8 <----------- ebp
2245f69c 6d4545c1 jvm!jio_fprintf+0x12 [D:\BUILD_AREA\jdk131-update\ws\hotspot\src\share\vm\prims\jvm.cpp @ 1623]
2245f6a0 7803a6b0 MSVCRT!iob+0x20
2245f6a4 6d4c70e8 jvm!`string'
2245f6a8 2245f6b8 
2245f6ac 6d454624 jvm!jio_print+0x20 [D:\BUILD_AREA\jdk131-update\ws\hotspot\src\share\vm\prims\jvm.cpp @ 1656]
2245f6b0 7803a6b0 MSVCRT!iob+0x20
2245f6b4 6d4c70e8 jvm!`string'
2245f6b8 2245f6d8 
2245f6bc 6d46f4e2 jvm!defaultStream::print_raw+0xe [D:\BUILD_AREA\jdk131-update\ws\hotspot\src\share\vm\utilities\ostream.cpp @ 206]
2245f6c0 2245f6d8 
2245f6c4 00235048 
2245f6c8 00000000 
2245f6cc 6d46f29c jvm!outputStream::print_cr+0x49 [D:\BUILD_AREA\jdk131-update\ws\hotspot\src\share\vm\utilities\ostream.cpp @ 50]

The symbols on the stack show that the returm address of jvm!jio_vfprintf was also put on the stack and that means that the last JVM function that got called was actually jvm!jio_vfprintf and the crash might have happened somewhere in this function.

After that I looked at the disassembly of this function. For seeing disassembly we need to copy the value corresponding to the symbol of this function on the stack (6d4545dc) and paste it in the Disassembly window.

Note: To open the disassembly window, click View->Disassembly.

This disassembly shows that it is reading value in jvm!Arguments::_vfprintf_hook and is calling a function present at that address. This brought one important fact into light that customer was setting the 'vfprintf' option while creating the embedded jvm. So jvm function jvm!jio_vfprintf was invoking customer's jio_vfprintf() which was set as the _vfprintf_hook by customer code.

Here's some part of the customer's code where they create Java VM:

JavaVMInitArgs vm_args; 
JavaVMOption options[2]; 
options[0].optionString = "-Djava.class.path=" USER_CLASSPATH; 
vm_args.version = 0x00010002; 
options[1].optionString = "vfprintf"; 
options[1].extraInfo = (void*)jio_vfprintf; 
vm_args.version = JNI_VERSION_1_2; 
vm_args.ignoreUnrecognized = JNI_TRUE; 
/* Create the Java VM */ 
res = JNI_CreateJavaVM(&jvm,(void**) &env,&vm_args);

Customer's jio_vfprintf() was implemented in a dll called JavaInvoker. Here's part of the function:

Then I asked for the pdb file for JavaInvoker so that I could see the disassembly of this function in WinDbg. The diassembly of JavaInvoker!jio_vfprintf() showed that the FILE* file was NULL and fprintf was being called with null file handle.

The customer had also reported that the log file they were opening in jio_vfprintf was growing beyond 4gb size. On Windows, fopen() for large files of size more than 4gb fails and returns Null. So in this case, when the jvm.log file grew more than 4gb, fopen failed and was setting the 'file' to Null. The subsequent fprintf tried to access this Null file handle and crashed.

I suggested Customer to add a null check for 'file' after opening the file and before writing to it.

if (file == 0) {
    file = fopen("log\\JVM.log", "a+");
    if (file != 0) {
        ------
    }
}

and thus the problem was resolved.

Search BigAdmin

» Search the HCL

BigAdmin Subscriptions

BigAdmin Areas

BigAdmin Sun Center

BigAdmin Topics

Related:
»	Java SE at a Glance
»	Development Tools
»	Java Services



See Also:
»	Java Downloads
»	Java Training
»	Java Tutorials