[regression] Java applications leaks shmem chunks

Created attachment 1396
Patch to fix the bad merge.

Finally found the cause of the issue. Looks like a bad merge from 2 parents.

Revision 7726:4b26f93b23ba is the first to cause the crash.

$ hg log -r 7726:4b26f93b23ba
changeset: 7726:4b26f93b23ba
parent: 7506:6aaf00000bd5
parent: 7696:8dc56d0f3e86
user: goetz
date: Mon Jul 07 12:45:48 2014 +0200
summary: Merge

Both parents, 7506:6aaf00000bd5 and 7696:8dc56d0f3e86, are working fine.

Upstream repo is different than icedtea7-forest, and contains working code.

Please see the patch for the issue in attachment.

The changes from:

changeset: 7162:cd2d8f23e93c
user: alitvinov
date: Thu Dec 19 15:21:08 2013 +0400
summary: 8025775: JNI warnings in TryXShmAttach

have got lost in this merge. Re-applying this should fix it.

details: http://icedtea.classpath.org//hg/icedtea7-forest/jdk?cmd=changeset;node=a2334007f1a8
author: andrew
date: Thu Jul 30 17:52:32 2015 +0100

 PR2568: openjdk causes a full desktop crash on RHEL 6 i586
 Summary: Re-apply "8025775: JNI warnings in TryXShmAttach"; some changes lost in bad merge changeset 4b26f93b23ba

details: http://icedtea.classpath.org//hg/icedtea7?cmd=changeset;node=761344512703
author: Andrew John Hughes <email address hidden>
date: Tue Sep 08 23:46:03 2015 +0100

 Bump to icedtea-2.7.0pre01.

 Upstream changes:
   - OPENJDK7-01: Allow OpenJDK to build on PaX-enabled kernels
   - OPENJDK7-02: Fix build where PAX_COMMAND is not specified
   - OPENJDK7-03: Only apply PaX-marking when needed by a running PaX kernel
   - OPENJDK7-04: Revert introduction of lambda expression in sun.lwawt.macosx.LWCToolkit
   - OPENJDK7-05: Fix mistake in 8075374 backport
   - PR2487: Make jdk8 mode the default for jdk.tls.ephemeralDHKeySize
   - PR2501: libjavasctp.so doesn't need to link against libdl when linking against libsctp
   - PR2502: Remove -fno-tree-vectorize workaround now http://gcc.gnu.org/PR63341 is fixed
   - PR2503: Add existence check for all optional dependencies in jdk_generic_profile.sh
   - PR2521: Systems with a GLib without libgio segfault when obtaining proxy information
   - PR2568: openjdk causes a full desktop crash on RHEL 6 i586
   - S7105883, PR2560: JDWP: agent crash if there exists a ThreadGroup with null name
   - S7124253: [macosx] Flavor change notification not coming
   - S8007219: [macosx] Frame size reverts meaning of maximized attribute if frame size close to display
   - S8013581: [macosx] Key Bindings break with awt GraphicsEnvironment setFullScreenWindow
   - S8014464: Update jcheck for OpenJDK 7
   - S8016105, PR2560: Add complementary RETURN_NULL allocation macros in allocation.hpp
   - S8020210: [macosx] JVM crashes in CWrapper$NSWindow.screen(long)
   - S8021897, PR2560: EXCEPTION_ACCESS_VIOLATION on debugging String.contentEquals()
   - S8022683, PR2560: JNI GetStringUTFChars should return NULL on allocation failure not abort the VM
   - S8025922, PR2560: JNI access to Strings need to check if the value field is non-null
   - S8027058: sun/management/jmxremote/bootstrap/RmiBootstrapTest.sh Failed to initialize connector
   - S8027561: [macosx] Cleanup "may not respond to selector" warnings in native code
   - S8028617: Dvorak keyboard mapping not honored when ctrl key pressed
   - S8029868: Fix KSS issues in sun.lwawt.macosx
   - S8042205: javax/management/monitor/*: some tests didn't get all the notifications
   - S8043201: Deprecate RC4 in SunJSSE provider
   - S8043202: Prohibit RC4 cipher suites
   - S8046817: JDK 8 schemagen tool does not generate xsd files for enum types
   - S8048194: GSSContext.acceptSecContext fails when a supported mech is not initiator preferred
   - S8048214: Linker error when compiling G1SATBCardTableModRefBS after include order changes
   - S8064546: CipherInputStream throws BadPaddingException if stream is not fully read
   - S8065764: javax/management/monitor/CounterMonitorTest.java hangs
   - S8066952: [TEST-BUG] javax/management/monitor/CounterMonitorTest.java hangs
   - S8067694: Improved certification checking
   - S8068674: Increment minor version of HSx for 7u85 and initialize the build number
   - S8071668: [macosx] Clipboard does not work with 3rd parties Clipboard Managers
   - S8071715: Tune font layout engine
   - S8071731: Better scaling for C1
   - S8072490:...

I am experiencing the glitching reported to KDE for multiple distros (including another Gentoo user) at https://bugs.kde.org/show_bug.cgi?id=350976. Another user there reports that OpenJDK-1.8 resolves the problem, but we don't have dev-java/icedtea:8 in the java overlay at this time.

Portage 2.2.20.1 (python 3.4.1-final-0, default/linux/amd64/13.0/desktop/kde/systemd, gcc-4.8.5, glibc-2.20-r2, 4.0.5-gentoo x86_64)
=================================================================
                         System Settings
=================================================================
System uname: Linux-4.0.5-gentoo-x86_64-Intel-R-_Core-TM-_i7-3840QM_CPU_@_2.80GHz-with-gentoo-2.2
KiB Mem: 32805220 total, 20148380 free
KiB Swap: 0 total, 0 free
Timestamp of repository gentoo: Fri, 25 Sep 2015 06:00:01 +0000
sh bash 4.3_p39
ld GNU ld (Gentoo 2.25.1 p1.1) 2.25.1
app-shells/bash: 4.3_p39::gentoo
dev-java/java-config: 2.2.0::gentoo
dev-lang/perl: 5.20.2::gentoo
dev-lang/python: 2.7.9-r1::gentoo, 3.4.1::gentoo
dev-util/cmake: 3.2.2::gentoo
dev-util/pkgconfig: 0.28-r2::gentoo
sys-apps/baselayout: 2.2::gentoo
sys-apps/openrc: 0.17::gentoo
sys-apps/sandbox: 2.6-r1::gentoo
sys-devel/autoconf: 2.13::gentoo, 2.69::gentoo
sys-devel/automake: 1.11.6-r1::gentoo, 1.14.1::gentoo, 1.15::gentoo
sys-devel/binutils: 2.25.1-r1::gentoo
sys-devel/gcc: 4.8.5::gentoo
sys-devel/gcc-config: 1.7.3::gentoo
sys-devel/libtool: 2.4.6::gentoo
sys-devel/make: 4.1-r1::gentoo
sys-kernel/linux-headers: 3.18::gentoo (virtual/os-headers)
sys-libs/glibc: 2.20-r2::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://rsync.gentoo.org/gentoo-portage
    priority: -1000
    sync-uri: git://github.com/pantera31752/open-overlay.git
    masters: gentoo
    priority: 50

steam-overlay
    location: /var/lib/layman/steam-overlay
    sync-type: laymansync
    sync-uri: git://github.com/anyc/steam-overlay.git
    masters: gentoo
    priority: 50

ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -O2 -pipe -fomit-frame-pointer"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/themes/oxygen-gtk/gtk-2.0 /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=native -O2 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS=" --with-bdeps y --binpkg-respect-use=y"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs buildpkg collision-protect config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed,-z,now,--...

(In reply to Mike Nerone from comment #0)
> Another user there reports that
> OpenJDK-1.8 resolves the problem, but we don't have dev-java/icedtea:8 in
> the java overlay at this time.

Actually we do but it's called icedtea-3 because upstream wants us to use their versioning. It's a prerelease though and the current ebuild is outdated. It probably won't fetch properly now.

If you hear of any other workarounds, please let us know.

I'm also affected by this problem. Possible workaround is using another JDK (for example oracle-jdk-bin)

Yes, that's true. To my knowledge, only OpenJDK/icedtea exhibits this issue (one person in the KDE bug claims Oracle's does, as well, but I suspect that the wrong jre/jdk is actually selected).

*** Bug 561710 has been marked as a duplicate of this bug. ***

(In reply to James Le Cuirot from comment #1)
> (In reply to Mike Nerone from comment #0)
> > Another user there reports that
> > OpenJDK-1.8 resolves the problem, but we don't have dev-java/icedtea:8 in
> > the java overlay at this time.
>
> Actually we do but it's called icedtea-3 because upstream wants us to use
> their versioning. It's a prerelease though and the current ebuild is
> outdated. It probably won't fetch properly now.
>
> If you hear of any other workarounds, please let us know.

It's slotted as 8 though, so icedtea:8 works. I emerged it as that just today.

The ebuild has been updated to pre06 which uses 8u60-b24. Testing is welcomed so we can make sure the final release is as good as possible.

(In reply to Mike Nerone from comment #3)
> Yes, that's true. To my knowledge, only OpenJDK/icedtea exhibits this issue
> (one person in the KDE bug claims Oracle's does, as well, but I suspect that
> the wrong jre/jdk is actually selected).

As far as I can tell from https://bugs.kde.org/show_bug.cgi?id=350976, two completely different versions are being compared; OpenJDK/IcedTea 7 vs. proprietary Oracle binaries for 8. Try emerging icedtea:8 from java-overlay and see if this solves the issue.

It seems likely that a fix needs backporting from 8 to 7 to fix this there, but there's not enough info here to tell what that might be.

I've been using dev-java/icedtea-3.0.0_pre06 for about an hour now with no hiccups nor any glitching. I'll continue to use it and report back if it returns.

I launched an IP-KVM java applet and here what I see:

$ sudo ipcs -m -p | awk '{print $3}' | sort | uniq -c | sort -n
      1 1408
      1 1526
      1 cpid
      1 Memory
      2
      3 1778
      3 1898
      3 3856
    780 4339
$ ps www 4339
  PID TTY STAT TIME COMMAND
 4339 tty2 Sl+ 1:17 /etc/java-config-2/current-icedtea-web-vm/bin/java -Xbootclasspath/a:/usr/share/icedtea-web/netx.jar:/usr/share/icedtea-web/plugin.jar:no -classpath /opt/icedtea-bin-7.2.6.1/jre/lib/rt.jar sun.applet.PluginMain /run/user/1000/icedteaplugin-puleglot-1pHWZM/4332-icedteanp-plugin-to-appletviewer /run/user/1000/icedteaplugin-puleglot-1pHWZM/4332-icedteanp-appletviewer-to-plugin /run/user/1000/icedteaplugin-puleglot-1pHWZM/4332-icedteanp-plugin-debug-to-appletviewer

The number of shared memory segments used by this java process constantly grows:

$ sudo ipcs -m -p | awk '{print $3}' | sort | uniq -c | grep 4339
    839 4339
...
$ sudo ipcs -m -p | awk '{print $3}' | sort | uniq -c | grep 4339
    865 4339

The default limit for a number of shared memory segments:

$ sudo sysctl kernel.shmmni
kernel.shmmni = 4096

I applied the patch from [1] to icedtea-7.2.6.1 and java stopped leaking shm segments. ^_^ This should also fix problems with QT, alsa, etc.

[1] http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2568

BTW, the same issue in other bug tracking systems:

https://bugzilla.redhat.com/show_bug.cgi?id=1248530
https://bugs.archlinux.org/task/45824
https://bugzilla.opensuse.org/show_bug.cgi?id=948301
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799587

(In reply to Alexander Tsoy from comment #9)
> I applied the patch from [1] to icedtea-7.2.6.1 and java stopped leaking shm
> segments. ^_^ This should also fix problems with QT, alsa, etc.
>
> [1] http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2568

Thanks, I am attempting to build icedtea with a revised ebuild now and will check the result in the morning, though I'm not aware of any simple way to reproduce the problem. I don't use KDE. If everything looks good, I'll commit the result tomorrow but I don't wish to apply it to icedtea-bin. That's a lot of work and it probably won't be too long before the next release.

(In reply to James Le Cuirot from comment #11)
> Thanks, I am attempting to build icedtea with a revised ebuild now and will
> check the result in the morning,

I'll attach patches from my local overlay, just in case.

> though I'm not aware of any simple way to reproduce the problem.

Just start any java application with GUI and see how it's leaking shared memory.

> I don't use KDE.

Me too. :)

Created attachment 414164
files/7-xshm-fix.patch

Created attachment 414166
icedtea-7.2.6.1-r1.ebuild.patch

I've tested with alexander's ebuild/patch from #12, #13, and #14, and so far, it does, indeed, appear to resolve the glitching in KDE.

*** Bug 561610 has been marked as a duplicate of this bug. ***

Same here, dup of https://bugs.gentoo.org/show_bug.cgi?id=560268

See also https://bugs.archlinux.org/task/45824

*** Bug 560268 has been marked as a duplicate of this bug. ***

*** Bug 561104 has been marked as a duplicate of this bug. ***

Sorry for the wait. I've just committed the fix to dev-java/icedtea-7.2.6.1-r1. I took the later patch from the icedtea bug report as that seems to be the full fix, though I am admittedly a little confused about what actually happened. It does apply cleanly and the problem seems to go away. I was able to observe it with just policytool, which comes with the JDK.

I'll fix icedtea-bin if I have time but no promises. It takes ages to build on arm so it would only be for amd64 and x86.

(In reply to James Le Cuirot from comment #20)
> I've just committed the fix to dev-java/icedtea-7.2.6.1-r1.

Fix confirmed working here. Thank you very much!

gnu_andrew tells me the next icedtea will be out in a week or so. I'll update icedtea-bin shortly after.

(In reply to James Le Cuirot from comment #20)
> I've just committed the fix to dev-java/icedtea-7.2.6.1-r1.

Works for me too for a week now. Thank you! :)

details: http://icedtea.classpath.org//hg/release/icedtea7-forest-2.6/jdk?cmd=changeset;node=e92ba87e90a2
author: andrew
date: Thu Jul 30 17:52:32 2015 +0100

 PR2568: openjdk causes a full desktop crash on RHEL 6 i586
 Summary: Re-apply "8025775: JNI warnings in TryXShmAttach"; some changes lost in bad merge changeset 4b26f93b23ba

details: http://icedtea.classpath.org//hg/release/icedtea7-2.6?cmd=changeset;node=723ef630c332
author: Andrew John Hughes <email address hidden>
date: Tue Oct 20 04:30:23 2015 +0100

 Bump to icedtea-2.6.2pre02.

 Upstream changes:
   - Bump to icedtea-2.6.2pre01
   - Bump to icedtea-2.6.2pre02
   - PR2512: Reset success following calls in LayoutManager.cpp
   - PR2568: openjdk causes a full desktop crash on RHEL 6 i586
   - S6880559, PR2674: Enable PKCS11 64-bit windows builds
   - S6904403, PR2674: assert(f == k-&gt;has_finalizer(),&quot;inconsistent has_finalizer&quot;) with debug VM
   - S7011441, PR2674: jndi/ldap/Connection.java needs to avoid spurious wakeup
   - S7059542, PR2674: JNDI name operations should be locale independent
   - S7105461, PR2571: Large JTables are not rendered correctly with Xrender pipeline
   - S7105883, PR2560: JDWP: agent crash if there exists a ThreadGroup with null name
   - S7107611, PR2674: sun.security.pkcs11.SessionManager is scalability blocker
   - S7127066, PR2674: Class verifier accepts an invalid class file
   - S7150092, PR2674: NTLM authentication fail if user specified a different realm
   - S7150134, PR2571: JCK api/java_awt/Graphics/index.html#DrawLine fails with OOM for jdk8 with XRender pipeline
   - S7152582, PR2674: PKCS11 tests should use the NSS libraries available in the OS
   - S7156085, PR2674: ArrayIndexOutOfBoundsException throws in UTF8Reader of SAXParser
   - S7177045, PR2674: Rework the TestProviderLeak.java regression test, it is too fragile to low memory errors.
   - S7190945, PR2674: pkcs11 problem loading NSS libs on Ubuntu
   - S8005226, PR2674: java/rmi/transport/pinClientSocketFactory/PinClientSocketFactory.java fails intermittently
   - S8009438, PR2674: sun/security/pkcs11/Secmod tests failing on Ubuntu 12.04
   - S8011709, PR2509: [parfait] False positive: memory leak in jdk/src/share/native/sun/font/layout/CanonShaping.cpp
   - S8012971, PR2674: PKCS11Test hiding exception failures
   - S8016105, PR2560: Add complementary RETURN_NULL allocation macros in allocation.hpp
   - S8020424, PR2674: The NSS version should be detected before running crypto tests
   - S8020443, PR2674: Frame is not created on the specified GraphicsDevice with two monitors
   - S8021897, PR2560: EXCEPTION_ACCESS_VIOLATION on debugging String.contentEquals()
   - S8022683, PR2560: JNI GetStringUTFChars should return NULL on allocation failure not abort the VM
   - S8023052, PR2509: JVM crash in native layout
   - S8025922, PR2560: JNI access to Strings need to check if the value field is non-null
   - S8027058: sun/management/jmxremote/bootstrap/RmiBootstrapTest.sh Failed to initialize connector
   - S8027624, PR2674: com/sun/crypto/provider/KeyFactory/TestProviderLeak.java unstable again
   - S8033069, PR2674: mouse wheel scroll closes combobox popup
   - S8035150, PR2674: ShouldNotReachHere() in ConstantPool::copy_entry_to
   - S8039212, PR2674: SecretKeyBasic.sh needs to avoid NSS libnss3 and libsoftokn3 version mismatches
   - S8042855, PR2509: [parfait] Potential null pointer dereference in IndicLayoutEngine.cpp
   - S8044364, PR2674: runtime/RedefineFinalizer test fails on windows
   - ...

*** Bug 564740 has been marked as a duplicate of this bug. ***

Now fixed in icedtea-bin-7.2.6.2. ppc still needs to be stabilised but I'll close this now.