Regarding OpenJDK 8, it crashes as soon as Xss is set to (or higher than) 1141K in a i386 JVM (32-bit).
I used the example code from bug #1700270. Please note that there is no need to even use the java class: the program will segfault while starting the JVM, so do remove lines 30-34 from either test_case1.c or test_case2.c and set Xss to 1441K (or bigger). The OpenJDK part where the stack location and size are calculated is in os::Linux::capture_initial_stack() [1], specially _initial_thread_stack_bottom [2]. >From GDB I was able to collect the following data from that function: (gdb) p max_size $1 = 1171456 Note: max_size is Xss rounded to vm_page_size(), thus 1144K [3]. (gdb) info locals rlim = {rlim_cur = 8388608, rlim_max = 4294967295} stack_size = 8380416 stack_start = 4294956864 p = 0xf7ffcf34 <__libc_stack_end> stack_top = 4294959104 low = 0xfffdd000 "" high = 0xffffe000 <error: Cannot access memory at address 0xffffe000> (gdb) x p 0xf7ffcf34 <__libc_stack_end>: 0xffffd740 (gdb) x stack_top 0xffffe000: Cannot access memory at address 0xffffe000 (gdb) x low 0xfffdd000: 0x00000000 (gdb) x high 0xffffe000: Cannot access memory at address 0xffffe000 (gdb) p _initial_thread_stack_size $43 = 1171456 (gdb) x _initial_thread_stack_bottom 0xffee0000: 0x00000000 Backtrace: (gdb) bt #0 os::Linux::capture_initial_stack (max_size=1171456) at ./src/hotspot/src/os/linux/vm/os_linux.cpp:1272 #1 0xf7394287 in os::init_2 () at ./src/hotspot/src/os/linux/vm/os_linux.cpp:4939 #2 0xf74ee886 in Threads::create_vm (args=0xffffd62c, canTryAgain=0xffffd5bf) at ./src/hotspot/src/share/vm/runtime/thread.cpp:3361 #3 0xf7151423 in JNI_CreateJavaVM (vm=0xffffd684, penv=0xffffd624, args=0xffffd62c) at ./src/hotspot/src/share/vm/prims/jni.cpp:5220 #4 0x5655561f in create_vm (jvm=0xffffd684) at test_case.c:16 #5 0x56555685 in main (argc=1, argv=0xffffd744) at test_case.c:25 That information is used by os::Linux::default_guard_size() [4] to fetch both 'bottom' and 'size' used to indicate the start of the guard page - and it has a nice doc explaining the stack layout. The values from default_guard_size are in turn used by os::current_stack_base() [5] to calculate what should be the stack base. Let me know if there's any additional information I can help with. [1] http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/tip/src/os/linux/vm/os_linux.cpp#l1081 [2] http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/tip/src/os/linux/vm/os_linux.cpp#l1271 [3] http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/tip/src/os/linux/vm/os_linux.cpp#l5010 [4] http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/tip/src/os_cpu/linux_x86/vm/os_linux_x86.cpp#l714 [5] http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/tip/src/os_cpu/linux_x86/vm/os_linux_x86.cpp#l745 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1699772 Title: linux-image-4.10.0-24-generic, linux-image-4.8.0-56-generic, linux- image-4.4.0-81-generic, linux-image-3.13.0-121-generic Regression: many user-space apps crashing Status in LibreOffice: Won't Fix Status in commons-daemon package in Ubuntu: Confirmed Status in eclipse package in Ubuntu: Confirmed Status in imagej package in Ubuntu: Confirmed Status in libreoffice package in Ubuntu: Confirmed Status in linux package in Ubuntu: Confirmed Status in octave package in Ubuntu: Confirmed Status in python-jpype package in Ubuntu: Confirmed Status in rustc package in Ubuntu: Confirmed Status in scilab package in Ubuntu: Confirmed Status in linux package in Debian: Confirmed Bug description: Distribution: Ubuntu 16.04 x64 (Flavour: KDE Neon User Edition 5.10) linux-image-4.4.0-81-generic appears to contain a regression, probably related to the CVE-2017-1000364 fix backport / patch. Using this kernel, the Oracle Java browser plugin always crashes during stack-related actions on initialization. This means, the plugin completely stopped working. It works perfectly fine in linux-image-4.4.0-79-generic (vurlerable to CVE-2017-1000364) as well as linux-image-4.11.6-041106-generic, which also contains a fix for CVE-2017-1000364. uname -a: > Linux Zweiblum 4.4.0-81-generic #104-Ubuntu SMP Wed Jun 14 08:17:06 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux I tested Oracle Java 1.8 u131 as well as 1.6 u64 in Firefox 51.0.1 as well as Iceweasel / Firefox/3.5.16 in a chroot. Using linux-image-4.4.0-81-generic it crashes in all combinations while with both other kernels it works. I was not able to obtain any detailed crash information from Firefox 51.0.1, but Iceweasel 3.5.16 crashed completely, allowing me to obtain a stack trace which shows the relation to stack operations performed by the plugin, even without proper debug symbols: > (gdb) bt full > #0 0x00007fa06d805307 in _expand_stack_to(unsigned char*) () from /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so > No symbol table info available. > #1 0x00007fa06d8053ae in os::Linux::manually_expand_stack(JavaThread*, unsigned char*) () > from /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so > No symbol table info available. > #2 0x00007fa06d80cf0b in JVM_handle_linux_signal () from /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so > No symbol table info available. > #3 0x00007fa06d802e13 in signalHandler(int, siginfo*, void*) () from /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so > No symbol table info available. > #4 <signal handler called> I first assumed a bug in the Java plugin, but it works fine in Linux 4.11.6. The crash will be triggered by any applet, for example the test applet at: * https://java.com/en/download/installed8.jsp I'm running the Ubuntu 16.04 based KDE Neon distribution which somehow apparently does not allow me to use apport to report this bug: > $ LANG= apport-cli linux-image-4.4.0-81-generic > > *** Collecting problem information > > The collected information can be sent to the developers to improve the > application. This might take a few minutes. > ......... > > *** Problem in linux-image-4.4.0-81-generic > > The problem cannot be reported: > > This is not an official KDE package. Please remove any third party package and try again. If someone can tell me how to get apport working for this package, I can use it to collect additional information, but (unfortunately?) the problem should be fairly easy to reproduce... To manage notifications about this bug go to: https://bugs.launchpad.net/df-libreoffice/+bug/1699772/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp