macOS Sonoma 14.4 crashes Java

[jbailey]

This came out over the weekend. From blogs.oracle.com:

An issue introduced by macOS 14.4, which causes Java process to terminate unexpectedly, is affecting all Java versions from Java 8 to the early access builds of JDK 22. There is no workaround available, and since there is no easy way to revert a macOS update, affected users might be unable to return to a stable configuration unless they have a complete backup of their systems prior to the OS update.

The problem is apparently caused by Apple changing what happens when the JVM tries to access a protected page to convert it to a JIT compilation. In the past such an access would trigger a SIGBUS signal which the JVM could trap and do the appropriate action to continue the JIT operation. For some reason, Apple decided to change that to a SIGKILL which can't be trapped and causes an immediate termination of the process.

I'd imagine that Apple will get a fix out for this fairly rapidly considering that their own developers need to develop with Java for their various services.

Edit: From bugs.java.com there is some simple c-source that will trigger the bug:

I've managed to narrow this down to this small reproducer:

#include <stdio.h>
#include <sys/mman.h>
#include <pthread.h>
int main() {
  pthread_jit_write_protect_np(0);
  char* mem = (char*)mmap(0, 16 * 1024, 0, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0);
  fprintf(stderr, "addr = %p\n", mem);
  char value = *mem;
  fprintf(stderr, "value = %c\n", value);
  return 0;
}

This results the expected SIGBUS on 14.3, but on 14.4 it results in a SIGKILL.

There doesn't seem to be any usernames or emails on Oracle's bug tracker so I don't have an attribution for the above code.

 

[Nycturne]

Which is depressing for two reasons:

1) This came out after our IT folks forced everyone onto 14.4.
2) Have fun developing for Android when Java crashes. :|

 

[leman]

I am wondering whether trapping on page protection fault is the best way to do this? Is there some other mechanism they could use?

 

[jbailey]

I am wondering whether trapping on page protection fault is the best way to do this? Is there some other mechanism they could use?

From what I've read, this is a POSIX standard for mmap that Apple is now violating.

Edit: Both the Linux and open group man pages specify SIGBUS and say nothing about SIGKILL.

 

[SteveOM]

Some developers could do this: Where allowed, I'd suggest building a "lightweight" VM running an older version of Sonoma. Free tools like VirtualBuddy (Guilherme Rambo on GitHub) and Viable (Howard Oakley of eclecticlight.co) make this really easy and the VMs are dang fast.
I've kept my Java environments separate from my main Mac boot environment since I bought my 14" M2 Max a year ago.

SteveOM

 

[dada_dave]

Some developers could do this: Where allowed, I'd suggest building a "lightweight" VM running an older version of Sonoma. Free tools like VirtualBuddy (Guilherme Rambo on GitHub) and Viable (Howard Oakley of eclecticlight.co) make this really easy and the VMs are dang fast.
I've kept my Java environments separate from my main Mac boot environment since I bought my 14" M2 Max a year ago.

SteveOM

Welcome to the forums!

 

[jbailey]

Some developers could do this: Where allowed, I'd suggest building a "lightweight" VM running an older version of Sonoma. Free tools like VirtualBuddy (Guilherme Rambo on GitHub) and Viable (Howard Oakley of eclecticlight.co) make this really easy and the VMs are dang fast.
I've kept my Java environments separate from my main Mac boot environment since I bought my 14" M2 Max a year ago.

SteveOM

This is smart. If I were currently using Java (luckily I’m using JavaScript ) for my current contract this is a good solution that I hadn’t thought of. Apple’s macOS VM is just about as fast as native.

Edit: you don’t even need any freeware since you can just run Apple’s example code. No features but if you just need to run macOS for a while; it’s pretty viable (). It bugs me that hoakley@eclecticlight.co doesn’t publish his code but I respect his choice.

 

[casperes1996]

2) Have fun developing for Android when Java crashes. :|

Strange thing is, that's what I do at work. I work both with iOS and Android and it's working just fine on Sonoma 14.4 on my M1 Pro work laptop. Android Studio, the emulator and our own Kotlin/JVM based application runs just fine.

But yeah, Apple's ideal workflow for JIT regions is to use the kit_write_with_callback. It disables write protection (enabling execution protection), calls a function you've provided to write into the JIT memory region and then disables write protection (enabling execution) all in one transaction-like step. (That is, it is transactional-ish, per-thread)
Under this model, the security permissions are also such that you provide a list of symbols that are valid to use for the callback function, so the pointer can't be overwritten by malware to take control of the JIT writing code.

That said, while the above is the "ideal" from Apple's perspective, trapping, catching and reacting should still be permitted

 

[dada_dave]

14.4 seems to have multiple QA issues.

macOS Sonoma 14.4: Reasons Not to Upgrade [Updated]

Update: Apple has released macOS 14.4.1, which fixes three bugs mentioned in this article. Click the link to learn what they are. Since Apple...

www.macrumors.com

Any release, even dot releases, can cause problems of course, but this one seems to be the worst in a while for both the number and the severity of the issues caused.

 

[Roller]

14.4 seems to have multiple QA issues.

macOS Sonoma 14.4: Reasons Not to Upgrade [Updated]

Update: Apple has released macOS 14.4.1, which fixes three bugs mentioned in this article. Click the link to learn what they are. Since Apple...

www.macrumors.com

Any release, even dot releases, can cause problems of course, but this one seems to be the worst in a while for both the number and the severity of the issues caused.

It’s enough to make me question my practice of updating macOS quickly after each release, which I’ve been doing for security fixes.

 

[throAU]

openJDK works
breaking oracle is a feature

 

[casperes1996]

openJDK works
breaking oracle is a feature

That's why I haven't had issues then. OpenJDK and Temurin

 

[jbailey]

openJDK works
breaking oracle is a feature

Are you sure? Oracle seems to think that openJDK is also broken in the same way. If it really is just Oracle’s version then it’s not much of a problem for most people.

 

[leman]

openJDK works
breaking oracle is a feature

Seems to affect openJDK just the same

Loading…

bugs.openjdk.org

 

[jbailey]

Fix is available now in Sonoma 14.4.1.

 

[throAU]

Seems to affect openJDK just the same

Loading…

bugs.openjdk.org

Weird, I've literally run an applet in openJDK to test, and it worked fine.