linux-image-4.13.0-12-generic, linux-image-4.10.0-24-generic, linux-image-4.8.0-56-generic, linux-image-4.4.0-81-generic, linux-image-3.13.0-121-generic | Regression: many user-space apps crashing

Bug #1699772 reported by Gunter Ohrner on 2017-06-22
274
This bug affects 44 people
Affects Status Importance Assigned to Milestone
LibreOffice
Won't Fix
Critical
commons-daemon (Ubuntu)
Undecided
Unassigned
eclipse (Ubuntu)
Undecided
Unassigned
imagej (Ubuntu)
Undecided
Unassigned
libreoffice (Ubuntu)
Undecided
Unassigned
linux (Debian)
Confirmed
Unknown
linux (Ubuntu)
Critical
Unassigned
octave (Ubuntu)
Undecided
Unassigned
python-jpype (Ubuntu)
Undecided
Unassigned
rustc (Ubuntu)
Undecided
Unassigned
scilab (Ubuntu)
Undecided
Unassigned

Bug Description

Distribution: Ubuntu 16.04 x64 (Flavour: KDE Neon User Edition 5.10)

linux-image-4.4.0-81-generic appears to contain a regression, probably related to the CVE-2017-1000364 fix backport / patch.

Using this kernel, the Oracle Java browser plugin always crashes during stack-related actions on initialization. This means, the plugin completely stopped working.

It works perfectly fine in linux-image-4.4.0-79-generic (vurlerable to CVE-2017-1000364) as well as linux-image-4.11.6-041106-generic, which also contains a fix for CVE-2017-1000364.

uname -a:

> Linux Zweiblum 4.4.0-81-generic #104-Ubuntu SMP Wed Jun 14 08:17:06 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

I tested Oracle Java 1.8 u131 as well as 1.6 u64 in Firefox 51.0.1 as well as Iceweasel / Firefox/3.5.16 in a chroot.

Using linux-image-4.4.0-81-generic it crashes in all combinations while with both other kernels it works.

I was not able to obtain any detailed crash information from Firefox 51.0.1, but Iceweasel 3.5.16 crashed completely, allowing me to obtain a stack trace which shows the relation to stack operations performed by the plugin, even without proper debug symbols:

> (gdb) bt full
> #0 0x00007fa06d805307 in _expand_stack_to(unsigned char*) () from /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> No symbol table info available.
> #1 0x00007fa06d8053ae in os::Linux::manually_expand_stack(JavaThread*, unsigned char*) ()
> from /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> No symbol table info available.
> #2 0x00007fa06d80cf0b in JVM_handle_linux_signal () from /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> No symbol table info available.
> #3 0x00007fa06d802e13 in signalHandler(int, siginfo*, void*) () from /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> No symbol table info available.
> #4 <signal handler called>

I first assumed a bug in the Java plugin, but it works fine in Linux 4.11.6.

The crash will be triggered by any applet, for example the test applet at:

* https://java.com/en/download/installed8.jsp

I'm running the Ubuntu 16.04 based KDE Neon distribution which somehow apparently does not allow me to use apport to report this bug:

> $ LANG= apport-cli linux-image-4.4.0-81-generic
>
> *** Collecting problem information
>
> The collected information can be sent to the developers to improve the
> application. This might take a few minutes.
> .........
>
> *** Problem in linux-image-4.4.0-81-generic
>
> The problem cannot be reported:
>
> This is not an official KDE package. Please remove any third party package and try again.

If someone can tell me how to get apport working for this package, I can use it to collect additional information, but (unfortunately?) the problem should be fairly easy to reproduce...

CVE References

affects: mesa (Ubuntu) → linux (Ubuntu)
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in linux (Ubuntu):
status: New → Confirmed
Jarda Sladek (jaroslav-sladek) wrote :

The same bug appears on 17.04. 4.10.0-24-generic, which contains CVE-2017-1000364 fix, causes Oracle java plugin to crash. 4.10.0-22-generic, in exactly the same setup, works fine. The console error from Firefox (what most users will see) is

###!!! [Parent][MessageChannel::Call] Error: Channel error: cannot send/recv

This makes Java Plugin on latest version of Ubuntu completely unusable.

Yuexiang Zhang (xfeep) wrote :

This bug affects not only Oracle Java plugin but also those applications based on JNI Invocation API. Here is a very simple example to reproduce it.

#include <jni.h>

int main(int argc, char *args[]) {
     JavaVM *jvm;
     JNIEnv *env;
     JavaVMInitArgs vm_args;
     JavaVMOption options [1];
     options[0].optionString = "-Djava.class.path=/usr/lib/java";
     vm_args.version = JNI_VERSION_1_6;
     vm_args.nOptions = 1;
     vm_args.options = options;
     vm_args.ignoreUnrecognized = 0;

     JNI_CreateJavaVM(&jvm, (void**)&env, &vm_args); //crash at this line
            /**............**/

     (*jvm)->DestroyJavaVM(jvm);
            return 0;
}

Norbert (nrbrtx) on 2017-06-22
tags: added: xenial
Damjan Jovanovic (damjan-jov) wrote :

This is a ***MASSIVE REGRESSION*** affecting many or even all native applications that use the Java Invocation API, including at least Eclipse (crashes a few seconds after startup), and LibreOffice Base with any JDBC database connector (instant crash as soon as it tries to load the JVM).

Moritz Bechler (bechler) wrote :

This should affect all embedded java uses which launch the JVM on the main thread (the regular java launcher does not do that) and is caused by the known buggy (http://www.openwall.com/lists/oss-security/2017/06/22/6) custom CVE-2017-1000364 fix. Testing the upstream patch on debian it seems to be fine (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865549).

Liam Alford (nezero) on 2017-06-23
no longer affects: commons-daemon (Ubuntu)
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in commons-daemon (Ubuntu):
status: New → Confirmed
Changed in eclipse (Ubuntu):
status: New → Confirmed
Changed in imagej (Ubuntu):
status: New → Confirmed
Changed in libreoffice (Ubuntu):
status: New → Confirmed
Norbert (nrbrtx) on 2017-06-23
summary: - linux-image-4.4.0-81-generic Regression: Oracle Java plugin crashes
+ linux-image-4.4.0-81-generic, linux-image-3.13.0-121-generic Regression:
+ many user-space apps crashing

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in scilab (Ubuntu):
status: New → Confirmed
Norbert (nrbrtx) wrote :

Scilab is affected too. It uses openjdk-8.
See bug 1699892 for details.
Scilab is crashing with new kernel (linux-image-3.13.0-121-generic in Trusty / linux-image-4.4.0-81-generic in Xenial), but works with previous one (linux-image-3.13.0-119-generic in Trusty / linux-image-4.4.0-78-generic in Xenial).

Norbert (nrbrtx) wrote :

Also you can check comments on bug 1698919.
The (incomplete) list of affected applications include:
* LPCxpresso (see https://community.nxp.com/thread/453939 )
* RMongo (see https://stackoverflow.com/a/44699417 )
* Ubiquity UniFi (see
https://community.ubnt.com/t5/UniFi-Wireless/UniFi-Controller-failed-after-dist-upgrade/td-p/1967779
)

tags: added: trusty
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in octave (Ubuntu):
status: New → Confirmed
Norbert (nrbrtx) wrote :

Octave in Trusty is affected too (see bug 1699594).

Download full text (3.9 KiB)

Interestingly, octave 4.2 comes up successfully under 4.40-81 under Ubuntu
16.04.

On Jun 23, 2017 4:45 PM, "Norbert" <email address hidden> wrote:

> Octave in Trusty is affected too (see bug 1699594).
>
> --
> You received this bug notification because you are subscribed to a
> duplicate bug report (1699594).
> https://bugs.launchpad.net/bugs/1699772
>
> Title:
> linux-image-4.4.0-81-generic, linux-image-3.13.0-121-generic
> Regression: many user-space apps crashing
>
> Status in commons-daemon package in Ubuntu:
> Confirmed
> Status in eclipse package in Ubuntu:
> Confirmed
> Status in imagej package in Ubuntu:
> Confirmed
> Status in libreoffice package in Ubuntu:
> Confirmed
> Status in linux package in Ubuntu:
> Confirmed
> Status in octave package in Ubuntu:
> Confirmed
> Status in scilab package in Ubuntu:
> Confirmed
>
> Bug description:
> Distribution: Ubuntu 16.04 x64 (Flavour: KDE Neon User Edition 5.10)
>
> linux-image-4.4.0-81-generic appears to contain a regression, probably
> related to the CVE-2017-1000364 fix backport / patch.
>
> Using this kernel, the Oracle Java browser plugin always crashes
> during stack-related actions on initialization. This means, the plugin
> completely stopped working.
>
>
> It works perfectly fine in linux-image-4.4.0-79-generic (vurlerable to
> CVE-2017-1000364) as well as linux-image-4.11.6-041106-generic, which
> also contains a fix for CVE-2017-1000364.
>
>
> uname -a:
>
> > Linux Zweiblum 4.4.0-81-generic #104-Ubuntu SMP Wed Jun 14 08:17:06
> UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
>
>
> I tested Oracle Java 1.8 u131 as well as 1.6 u64 in Firefox 51.0.1 as
> well as Iceweasel / Firefox/3.5.16 in a chroot.
>
> Using linux-image-4.4.0-81-generic it crashes in all combinations
> while with both other kernels it works.
>
>
> I was not able to obtain any detailed crash information from Firefox
> 51.0.1, but Iceweasel 3.5.16 crashed completely, allowing me to obtain a
> stack trace which shows the relation to stack operations performed by the
> plugin, even without proper debug symbols:
>
>
> > (gdb) bt full
> > #0 0x00007fa06d805307 in _expand_stack_to(unsigned char*) () from
> /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> > No symbol table info available.
> > #1 0x00007fa06d8053ae in os::Linux::manually_expand_stack(JavaThread*,
> unsigned char*) ()
> > from /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> > No symbol table info available.
> > #2 0x00007fa06d80cf0b in JVM_handle_linux_signal () from
> /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> > No symbol table info available.
> > #3 0x00007fa06d802e13 in signalHandler(int, siginfo*, void*) () from
> /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> > No symbol table info available.
> > #4 <signal handler called>
>
>
> I first assumed a bug in the Java plugin, but it works fine in Linux
> 4.11.6.
>
>
> The crash will be triggered by any applet, for example the test applet
> at:
>
> * https://java.com/en/download/installed8.jsp
>
>
> I'm running the Ubuntu 16.04 based KDE Neon distribution which somehow
> apparently does not allow me t...

Read more...

Applications that use jsvc can increase their thread stack space with -Xss1280k or larger (Red Hat, for example, suggested -Xss2m which is much larger).

Norbert (nrbrtx) wrote :

I confirm issue with full installation of Octave 3.8.1-1ubuntu1 on Trusty
(
dpkg -l | grep octave | grep "^ii" | awk '{print $2;}'
liboctave2:i386 octave octave-audio octave-benchmark octave-biosig octave-common octave-communications octave-communications-common octave-control octave-data-smoothing octave-dataframe
octave-doc octave-econometrics octave-epstk octave-financial octave-fpl octave-ga octave-gdf octave-general octave-geometry octave-gmt octave-gsl octave-htmldoc octave-image octave-info octave-io octave-lhapdf:i386 octave-linear-algebra octave-mapping octave-miscellaneous octave-missing-functions octave-mpi octave-nan octave-nlopt octave-nnet octave-nurbs octave-ocs octave-octcdf octave-octgpr octave-odepkg octave-openmpi-ext octave-optim octave-optiminterp octave-parallel octave-pfstools octave-plot octave-psychtoolbox-3 octave-quaternion octave-signal octave-sockets octave-specfun octave-splines octave-statistics octave-strings octave-struct octave-sundials octave-symbolic octave-tsa octave-vlfeat:i386 octave-vrml octave-zenity qtoctave
)
it crashes on 3.13.0-121-generic. strace says that segmentation fault is after loading openjdk and mmap something. Octave starts normally with 3.13.0-119-generic.

Norbert (nrbrtx) wrote :

Current state of the problem: Ubuntu kernel developers will prepare new patch in a few days (see https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2017-June/017507.html).

John Johansen:
"The kernel team is aware of the issue, and will be releasing updated
kernels when they are available.

There are currently no plans to revert the kernel patch until the
replacement patches are ready due to the nature of the security
vulnerability. If the regression is preventing you from using the
applications you require then we currently recommend you reboot into
the previous kernel."

Other Xenial kernels (linux-image-4.8.0-56-generic, linux-image-4.10.0-24-generic) are affected too.

For today there is only one kernel with fixed problems - 4.11.6-1 in Debian sid (https://packages.debian.org/sid/linux-image-4.11.0-1-686).

summary: - linux-image-4.4.0-81-generic, linux-image-3.13.0-121-generic Regression:
- many user-space apps crashing
+ linux-image-4.10.0-24-generic, linux-image-4.8.0-56-generic, linux-
+ image-4.4.0-81-generic, linux-image-3.13.0-121-generic Regression: many
+ user-space apps crashing
Norbert (nrbrtx) wrote :
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in python-jpype (Ubuntu):
status: New → Confirmed
Changed in linux (Debian):
status: Unknown → Confirmed
Norbert (nrbrtx) wrote :

Scilab is still crashing with kernel from xenial-proposed (4.4.0-82.105).
"JAVA_TOOL_OPTIONS=-Xss1280k scilab" helps, but it is not a solution.

Norbert (nrbrtx) wrote :

With latest proposed kernel (4.4.0-83.106) Scilab does not crash.

Norbert (nrbrtx) wrote :
no longer affects: rustc
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in rustc (Ubuntu):
status: New → Confirmed
Liam Alford (nezero) wrote :

4.4.0-83.106 appears to be in the release repo's now and looks like it's fixed the issue for JSVC (commons-daemon (Ubuntu))

Damjan Jovanovic (damjan-jov) wrote :

4.4.0-83 fixes Eclipse, but LibreOffice Base still crashes with JDBC drivers.

Lachezar Dobrev (lachezar) wrote :

Kernel 4.10.0-26 (deb version 4.10.0-26.30) seems to have fixed crashes in Eclipse.

Upgrade to "Linux ... 4.10.0-26-generic #30-Ubuntu SMP Tue Jun 27 09:30:12 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux" (Ubuntu 17.04 with XFCE under VMware WS Pro 12.5.7 build-5813279) fixed my problems with "jsvc" (starting "tomcat" 8.5.16) and kernel 4.10.0-24.28 ... catching "signal 11" immediately after start.

Many thanks to all of You, having helped to solve the problem!

Norbert (nrbrtx) wrote :

Scilab and test C-Java program from bug 1700270 work normally with linux-image-4.4.0-83-generic, linux-image-4.8.0-58-generic, linux-image-4.10.0-26-generic.
Thank you!

Changed in linux (Ubuntu):
status: Confirmed → Fix Released
Download full text (4.3 KiB)

Thanks very much. I have installed it, and you're right.

Art Edwards

On Jun 29, 2017 3:02 PM, "Norbert" <email address hidden> wrote:

> Scilab and test C-Java program from bug 1700270 work normally with
> linux-image-4.4.0-83-generic, linux-image-4.8.0-58-generic,
> linux-image-4.10.0-26-generic.
> Thank you!
>
> ** Changed in: linux (Ubuntu)
> Status: Confirmed => Fix Released
>
> --
> You received this bug notification because you are subscribed to a
> duplicate bug report (1699594).
> https://bugs.launchpad.net/bugs/1699772
>
> Title:
> linux-image-4.10.0-24-generic, linux-image-4.8.0-56-generic, linux-
> image-4.4.0-81-generic, linux-image-3.13.0-121-generic Regression:
> many user-space apps crashing
>
> Status in commons-daemon package in Ubuntu:
> Confirmed
> Status in eclipse package in Ubuntu:
> Confirmed
> Status in imagej package in Ubuntu:
> Confirmed
> Status in libreoffice package in Ubuntu:
> Confirmed
> Status in linux package in Ubuntu:
> Fix Released
> Status in octave package in Ubuntu:
> Confirmed
> Status in python-jpype package in Ubuntu:
> Confirmed
> Status in rustc package in Ubuntu:
> Confirmed
> Status in scilab package in Ubuntu:
> Confirmed
> Status in linux package in Debian:
> Confirmed
>
> Bug description:
> Distribution: Ubuntu 16.04 x64 (Flavour: KDE Neon User Edition 5.10)
>
> linux-image-4.4.0-81-generic appears to contain a regression, probably
> related to the CVE-2017-1000364 fix backport / patch.
>
> Using this kernel, the Oracle Java browser plugin always crashes
> during stack-related actions on initialization. This means, the plugin
> completely stopped working.
>
>
> It works perfectly fine in linux-image-4.4.0-79-generic (vurlerable to
> CVE-2017-1000364) as well as linux-image-4.11.6-041106-generic, which
> also contains a fix for CVE-2017-1000364.
>
>
> uname -a:
>
> > Linux Zweiblum 4.4.0-81-generic #104-Ubuntu SMP Wed Jun 14 08:17:06
> UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
>
>
> I tested Oracle Java 1.8 u131 as well as 1.6 u64 in Firefox 51.0.1 as
> well as Iceweasel / Firefox/3.5.16 in a chroot.
>
> Using linux-image-4.4.0-81-generic it crashes in all combinations
> while with both other kernels it works.
>
>
> I was not able to obtain any detailed crash information from Firefox
> 51.0.1, but Iceweasel 3.5.16 crashed completely, allowing me to obtain a
> stack trace which shows the relation to stack operations performed by the
> plugin, even without proper debug symbols:
>
>
> > (gdb) bt full
> > #0 0x00007fa06d805307 in _expand_stack_to(unsigned char*) () from
> /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> > No symbol table info available.
> > #1 0x00007fa06d8053ae in os::Linux::manually_expand_stack(JavaThread*,
> unsigned char*) ()
> > from /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> > No symbol table info available.
> > #2 0x00007fa06d80cf0b in JVM_handle_linux_signal () from
> /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> > No symbol table info available.
> > #3 0x00007fa06d802e13 in signalHandler(int, siginfo*, void*) () from
> /opt/java-8-oracle/jre/lib/amd64/server/li...

Read more...

Changed in linux (Debian):
status: Confirmed → Fix Released
Changed in linux (Debian):
status: Fix Released → Confirmed
Arthur Edwards (edwardsah3) wrote :
Download full text (4.1 KiB)

Thanks!

On Jul 4, 2017 3:41 PM, "Bug Watch Updater" <email address hidden>
wrote:

> ** Changed in: linux (Debian)
> Status: Fix Released => Confirmed
>
> --
> You received this bug notification because you are subscribed to a
> duplicate bug report (1699594).
> https://bugs.launchpad.net/bugs/1699772
>
> Title:
> linux-image-4.10.0-24-generic, linux-image-4.8.0-56-generic, linux-
> image-4.4.0-81-generic, linux-image-3.13.0-121-generic Regression:
> many user-space apps crashing
>
> Status in commons-daemon package in Ubuntu:
> Confirmed
> Status in eclipse package in Ubuntu:
> Confirmed
> Status in imagej package in Ubuntu:
> Confirmed
> Status in libreoffice package in Ubuntu:
> Confirmed
> Status in linux package in Ubuntu:
> Fix Released
> Status in octave package in Ubuntu:
> Confirmed
> Status in python-jpype package in Ubuntu:
> Confirmed
> Status in rustc package in Ubuntu:
> Confirmed
> Status in scilab package in Ubuntu:
> Confirmed
> Status in linux package in Debian:
> Confirmed
>
> Bug description:
> Distribution: Ubuntu 16.04 x64 (Flavour: KDE Neon User Edition 5.10)
>
> linux-image-4.4.0-81-generic appears to contain a regression, probably
> related to the CVE-2017-1000364 fix backport / patch.
>
> Using this kernel, the Oracle Java browser plugin always crashes
> during stack-related actions on initialization. This means, the plugin
> completely stopped working.
>
>
> It works perfectly fine in linux-image-4.4.0-79-generic (vurlerable to
> CVE-2017-1000364) as well as linux-image-4.11.6-041106-generic, which
> also contains a fix for CVE-2017-1000364.
>
>
> uname -a:
>
> > Linux Zweiblum 4.4.0-81-generic #104-Ubuntu SMP Wed Jun 14 08:17:06
> UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
>
>
> I tested Oracle Java 1.8 u131 as well as 1.6 u64 in Firefox 51.0.1 as
> well as Iceweasel / Firefox/3.5.16 in a chroot.
>
> Using linux-image-4.4.0-81-generic it crashes in all combinations
> while with both other kernels it works.
>
>
> I was not able to obtain any detailed crash information from Firefox
> 51.0.1, but Iceweasel 3.5.16 crashed completely, allowing me to obtain a
> stack trace which shows the relation to stack operations performed by the
> plugin, even without proper debug symbols:
>
>
> > (gdb) bt full
> > #0 0x00007fa06d805307 in _expand_stack_to(unsigned char*) () from
> /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> > No symbol table info available.
> > #1 0x00007fa06d8053ae in os::Linux::manually_expand_stack(JavaThread*,
> unsigned char*) ()
> > from /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> > No symbol table info available.
> > #2 0x00007fa06d80cf0b in JVM_handle_linux_signal () from
> /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> > No symbol table info available.
> > #3 0x00007fa06d802e13 in signalHandler(int, siginfo*, void*) () from
> /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> > No symbol table info available.
> > #4 <signal handler called>
>
>
> I first assumed a bug in the Java plugin, but it works fine in Linux
> 4.11.6.
>
>
> The crash will be triggered by any applet, for example th...

Read more...

Norbert (nrbrtx) on 2017-07-05
no longer affects: linux
Norbert (nrbrtx) on 2017-07-05
tags: added: zesty

I can confirm that LibreOffice Base is crashing on Ubuntu 17.04 during database creation (launched Base, in 'Database Wizard' selected 'Create a new database', 'Embedded database:' -> 'HSQLDB Embedded', click 'Next', click 'Finish', save database file in /tmp/db.odb). After that Base is crashing silently.
I can't install libreoffice-dbg package on zesty (I reported bug 1702556 about it).
LibreOffice Writer does not crash in Zesty.

Norbert (nrbrtx) wrote :

Libreoffice Base 5.1.6.2 is crashing on Ubuntu 16.04 LTS.
What I did:
0. Installed all updates, "uname -a"
 Linux flash-1604 4.4.0-83-generic #106-Ubuntu SMP Mon Jun 26 17:54:25 UTC 2017 i686 i686 i686 GNU/Linux
1. "sudo apt-get install libreoffice-dbg ure-dbg uno-libs3-dbg libglib2.0-0-dbg"
3. run "gdb --args /usr/lib/libreoffice/program/soffice.bin --base", in Database Wizard selected 'Create a new database', 'Embedded database:' -> 'HSQLDB Embedded', click 'Next', click 'Finish', save database file in /tmp/db.odb.
   "run"
   "bt full"
    Got this backtrace: (see atachment).

Changed in df-libreoffice:
importance: Unknown → Critical
status: Unknown → Confirmed
Norbert (nrbrtx) wrote :

Libreoffice Base 5.3.1.2 is crashing on Ubuntu 17.04.
What I did:
0. Installed all updates, "uname -a"
 Linux ubuntu-zesty 4.10.0-26-generic #30-Ubuntu SMP Tue Jun 27 09:29:33 UTC 2017 i686 i686 i686 GNU/Linux
1. "apt-get install libreoffice-core-dbgsym libreoffice-writer-dbgsym ure-dbgsym uno-libs3-dbgsym libreoffice-gtk3-dbgsym libglib2.0-0-dbgsym"
3. run "gdb --args /usr/lib/libreoffice/program/soffice.bin --base", in Database Wizard selected 'Create a new database', 'Embedded database:' -> 'HSQLDB Embedded', click 'Next', click 'Finish', save database file in /tmp/db.odb.
   "run"
   "bt full"
    Got this backtrace: (see atachment).

Hi,
problem still present on linux-image-4.8.0-58-generic with these conditions:
    - while executing JVM launched from >>32-bit<< C (on 64-bit kernel)
    - defining "higher" JVM stack size (eg. -Xss2048k JVM argument)

=> causes JVM segmentation fault

Attached test case (sources + binary + output logs): Bug1699772_i386_jvm_segfault_problem.tgz
test_case1.c (32-bit) => using -Xss1024k => RUNS OK.
test_case2.c (32-bit) => using -Xss2048k => Segmentation fault.
test_case1.c (64-bit) => using -Xss1024k => RUNS OK.
test_case2.c (64-bit) => using -Xss2048k => RUNS OK.

My system:
cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.2 LTS"

with linux-generic-hwe-16.04

uname -a
Linux L34001100621 4.8.0-58-generic #63~16.04.1-Ubuntu SMP Mon Jun 26 18:08:51 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

Changed in df-libreoffice:
status: Confirmed → Won't Fix
Norbert (nrbrtx) wrote :

I can confirm that case2 i386 (see comments 39, 40 by Rostislav Stříbrný (rstribrn) ) produce segmentation fault on
"4.4.0-83-generic #106-Ubuntu SMP Mon Jun 26 17:54:43 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux"
with log:
bash: line 1: 11948 Segmentation fault (core dumped) LD_PRELOAD=/usr/lib/jvm/java-8-openjdk-i386/jre/lib/i386/server/libjvm.so ./test_openjdk_i386_case2

Do not forget to install gcc-multilib package before running test.

Here is backtrace with gdb:
(gdb) bt full
#0 0xf77c52c5 in ?? () from /usr/lib/jvm/java-8-openjdk-i386/jre/lib/i386/server/libjvm.so
No symbol table info available.
#1 0xf77c7a34 in ?? () from /usr/lib/jvm/java-8-openjdk-i386/jre/lib/i386/server/libjvm.so
No symbol table info available.
#2 0xf77d20a0 in ?? () from /usr/lib/jvm/java-8-openjdk-i386/jre/lib/i386/server/libjvm.so
No symbol table info available.
#3 0xf790e1a2 in ?? () from /usr/lib/jvm/java-8-openjdk-i386/jre/lib/i386/server/libjvm.so
No symbol table info available.
#4 0xf75cbe45 in JNI_CreateJavaVM () from /usr/lib/jvm/java-8-openjdk-i386/jre/lib/i386/server/libjvm.so
No symbol table info available.
#5 0x080485ab in create_vm (jvm=0xffffcebc) at test_case2.c:16
        env = 0xf7fe78c2
        args = {version = 65544, nOptions = 2, options = 0xffffce6c, ignoreUnrecognized = 0 '\000'}
        options = {{optionString = 0x8048730 "-Djava.class.path=.", extraInfo = 0xf7ffd000}, {optionString = 0x8048744 "-Xss2048k",
            extraInfo = 0xffffce90}}
        rv = -142860576
#6 0x08048604 in main (argc=1, argv=0xffffcf84) at test_case2.c:27
        jvm = 0x80486fb <__libc_csu_init+75>
        env = 0x1
        foo_class = 0xffffcf84
        test_method = 0xffffcf8c

Norbert (nrbrtx) wrote :

In 32-bit Zesty linux 4.10.0-28-generic still crashes LibreOffice Base.

Changed in linux (Debian):
status: Confirmed → Fix Released
Changed in linux (Debian):
status: Fix Released → Confirmed
Download full text (4.6 KiB)

Scilab 6.0 crash with 4.4.0-87-generic under Linux Mint

DISTRIB_ID=LinuxMint
DISTRIB_RELEASE=18
DISTRIB_CODENAME=sarah
DISTRIB_DESCRIPTION="Linux Mint 18 Sarah"
NAME="Linux Mint"
VERSION="18 (Sarah)"
ID=linuxmint
ID_LIKE=ubuntu
PRETTY_NAME="Linux Mint 18"
VERSION_ID="18"
HOME_URL="http://www.linuxmint.com/"
SUPPORT_URL="http://forums.linuxmint.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/linuxmint/"
UBUNTU_CODENAME=xenial
cat: /etc/upstream-release: Is a directory

On Thu, Jul 20, 2017 at 11:54 PM, Bug Watch Updater <
<email address hidden>> wrote:

> ** Changed in: linux (Debian)
> Status: Fix Released => Confirmed
>
> --
> You received this bug notification because you are subscribed to a
> duplicate bug report (1699926).
> https://bugs.launchpad.net/bugs/1699772
>
> Title:
> linux-image-4.10.0-24-generic, linux-image-4.8.0-56-generic, linux-
> image-4.4.0-81-generic, linux-image-3.13.0-121-generic Regression:
> many user-space apps crashing
>
> Status in LibreOffice:
> Won't Fix
> Status in commons-daemon package in Ubuntu:
> Confirmed
> Status in eclipse package in Ubuntu:
> Confirmed
> Status in imagej package in Ubuntu:
> Confirmed
> Status in libreoffice package in Ubuntu:
> Confirmed
> Status in linux package in Ubuntu:
> Fix Released
> Status in octave package in Ubuntu:
> Confirmed
> Status in python-jpype package in Ubuntu:
> Confirmed
> Status in rustc package in Ubuntu:
> Confirmed
> Status in scilab package in Ubuntu:
> Confirmed
> Status in linux package in Debian:
> Confirmed
>
> Bug description:
> Distribution: Ubuntu 16.04 x64 (Flavour: KDE Neon User Edition 5.10)
>
> linux-image-4.4.0-81-generic appears to contain a regression, probably
> related to the CVE-2017-1000364 fix backport / patch.
>
> Using this kernel, the Oracle Java browser plugin always crashes
> during stack-related actions on initialization. This means, the plugin
> completely stopped working.
>
>
> It works perfectly fine in linux-image-4.4.0-79-generic (vurlerable to
> CVE-2017-1000364) as well as linux-image-4.11.6-041106-generic, which
> also contains a fix for CVE-2017-1000364.
>
>
> uname -a:
>
> > Linux Zweiblum 4.4.0-81-generic #104-Ubuntu SMP Wed Jun 14 08:17:06
> UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
>
>
> I tested Oracle Java 1.8 u131 as well as 1.6 u64 in Firefox 51.0.1 as
> well as Iceweasel / Firefox/3.5.16 in a chroot.
>
> Using linux-image-4.4.0-81-generic it crashes in all combinations
> while with both other kernels it works.
>
>
> I was not able to obtain any detailed crash information from Firefox
> 51.0.1, but Iceweasel 3.5.16 crashed completely, allowing me to obtain a
> stack trace which shows the relation to stack operations performed by the
> plugin, even without proper debug symbols:
>
>
> > (gdb) bt full
> > #0 0x00007fa06d805307 in _expand_stack_to(unsigned char*) () from
> /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> > No symbol table info available.
> > #1 0x00007fa06d8053ae in os::Linux::manually_expand_stack(JavaThread*,
> unsigned char*) ()
> > from /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> > No symbol table info a...

Read more...

@Miroslav Karas (arditure87)
I'm running xenial x86_64 with 4.4.0-87-generic, I can run scilab-5.5.2 (from repos) and scilab-6.0.0 (from scilab.org).

$ uname -a
Linux host 4.4.0-87-generic #110-Ubuntu SMP Tue Jul 18 12:55:35 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

It seems that you missed some scilab dependency or have other problems. What happens if you try to start scilab from terminal?

Download full text (4.8 KiB)

Norbert
You might be right, there might be something missing. I follow the Youtube
video installation, that basically ask you to copy the package, expend and
link the executable. So no real installation. The scilab 6.0 start and
immediately shoot down. I am running concurrently scilab 5.5.2 - no problem
(installed from MInt apps). From command line it open the 5.5.2 version.

On Wed, Jul 26, 2017 at 12:44 PM, Norbert <email address hidden>
wrote:

> @Miroslav Karas (arditure87)
> I'm running xenial x86_64 with 4.4.0-87-generic, I can run scilab-5.5.2
> (from repos) and scilab-6.0.0 (from scilab.org).
>
> $ uname -a
> Linux host 4.4.0-87-generic #110-Ubuntu SMP Tue Jul 18 12:55:35 UTC 2017
> x86_64 x86_64 x86_64 GNU/Linux
>
> It seems that you missed some scilab dependency or have other problems.
> What happens if you try to start scilab from terminal?
>
> --
> You received this bug notification because you are subscribed to a
> duplicate bug report (1699926).
> https://bugs.launchpad.net/bugs/1699772
>
> Title:
> linux-image-4.10.0-24-generic, linux-image-4.8.0-56-generic, linux-
> image-4.4.0-81-generic, linux-image-3.13.0-121-generic Regression:
> many user-space apps crashing
>
> Status in LibreOffice:
> Won't Fix
> Status in commons-daemon package in Ubuntu:
> Confirmed
> Status in eclipse package in Ubuntu:
> Confirmed
> Status in imagej package in Ubuntu:
> Confirmed
> Status in libreoffice package in Ubuntu:
> Confirmed
> Status in linux package in Ubuntu:
> Fix Released
> Status in octave package in Ubuntu:
> Confirmed
> Status in python-jpype package in Ubuntu:
> Confirmed
> Status in rustc package in Ubuntu:
> Confirmed
> Status in scilab package in Ubuntu:
> Confirmed
> Status in linux package in Debian:
> Confirmed
>
> Bug description:
> Distribution: Ubuntu 16.04 x64 (Flavour: KDE Neon User Edition 5.10)
>
> linux-image-4.4.0-81-generic appears to contain a regression, probably
> related to the CVE-2017-1000364 fix backport / patch.
>
> Using this kernel, the Oracle Java browser plugin always crashes
> during stack-related actions on initialization. This means, the plugin
> completely stopped working.
>
>
> It works perfectly fine in linux-image-4.4.0-79-generic (vurlerable to
> CVE-2017-1000364) as well as linux-image-4.11.6-041106-generic, which
> also contains a fix for CVE-2017-1000364.
>
>
> uname -a:
>
> > Linux Zweiblum 4.4.0-81-generic #104-Ubuntu SMP Wed Jun 14 08:17:06
> UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
>
>
> I tested Oracle Java 1.8 u131 as well as 1.6 u64 in Firefox 51.0.1 as
> well as Iceweasel / Firefox/3.5.16 in a chroot.
>
> Using linux-image-4.4.0-81-generic it crashes in all combinations
> while with both other kernels it works.
>
>
> I was not able to obtain any detailed crash information from Firefox
> 51.0.1, but Iceweasel 3.5.16 crashed completely, allowing me to obtain a
> stack trace which shows the relation to stack operations performed by the
> plugin, even without proper debug symbols:
>
>
> > (gdb) bt full
> > #0 0x00007fa06d805307 in _expand_stack_to(unsigned char*) () from
> /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
>...

Read more...

@Miroslav Karas (arditure87)
Scilab 6 has a bug, it should be started with control terminal.
You can create desktop application launcher with this contents of Command field:
   xterm -e /home/full_path_to_scilab-6.0.0/bin/scilab
(you can change xterm to your favorite editor).

Norbert (nrbrtx) wrote :

^ not 'editor', I mean terminal emulator (such as gnome-terminal).

Nicholas Borisov (nicholas764) wrote :

I confirm this issue, LibreOffice Base crushed any time when i try to do anything in Base. are there any pathches ?

Processor: Intel Pentium T4400 @ 2.20GHz (2 Cores)

Software:
OS: Ubuntu 17.04, Kernel: 4.10.0-26-generic (i686), Desktop: Xfce 4.12, Display Driver: modesetting 1.19.3, OpenGL: 3.3 Mesa 17.2.0-devel, Compiler: GCC 6.3.0 20170406, File-System: ext4, Screen Resolution: 1366x768

Libreoffice 5.3.1.2, ID 1:5.3.1-0ubuntu2, VCL: gtk2

Olivier Tilloy (osomon) on 2017-08-02
Changed in linux (Ubuntu):
status: Fix Released → Confirmed
Bruno Vernay (brunovernay) wrote :

With a 32bit arch, LibreOffice Base crashes in the latest (updated) 16.04 LTS and in 17.04.
With a 64bit arch the 17.07 LibreOfiice Base does not crash.

Adolfo Jayme (fitojb) on 2017-08-08
Changed in linux (Ubuntu):
importance: Undecided → Critical
Tiago Stürmer Daitx (tdaitx) wrote :

Regarding OpenJDK 8, it crashes as soon as Xss is set to (or higher than) 1141K in a i386 JVM (32-bit).

I used the example code from bug #1700270. Please note that there is no need to even use the java class: the program will segfault while starting the JVM, so do remove lines 30-34 from either test_case1.c or test_case2.c and set Xss to 1441K (or bigger).

The OpenJDK part where the stack location and size are calculated is in os::Linux::capture_initial_stack() [1], specially _initial_thread_stack_bottom [2].

From GDB I was able to collect the following data from that function:
(gdb) p max_size
$1 = 1171456

Note: max_size is Xss rounded to vm_page_size(), thus 1144K [3].

(gdb) info locals
rlim = {rlim_cur = 8388608, rlim_max = 4294967295}
stack_size = 8380416
stack_start = 4294956864
p = 0xf7ffcf34 <__libc_stack_end>
stack_top = 4294959104
low = 0xfffdd000 ""
high = 0xffffe000 <error: Cannot access memory at address 0xffffe000>

(gdb) x p
0xf7ffcf34 <__libc_stack_end>: 0xffffd740
(gdb) x stack_top
0xffffe000: Cannot access memory at address 0xffffe000
(gdb) x low
0xfffdd000: 0x00000000
(gdb) x high
0xffffe000: Cannot access memory at address 0xffffe000
(gdb) p _initial_thread_stack_size
$43 = 1171456
(gdb) x _initial_thread_stack_bottom
0xffee0000: 0x00000000

Backtrace:
(gdb) bt
#0 os::Linux::capture_initial_stack (max_size=1171456) at ./src/hotspot/src/os/linux/vm/os_linux.cpp:1272
#1 0xf7394287 in os::init_2 () at ./src/hotspot/src/os/linux/vm/os_linux.cpp:4939
#2 0xf74ee886 in Threads::create_vm (args=0xffffd62c, canTryAgain=0xffffd5bf) at ./src/hotspot/src/share/vm/runtime/thread.cpp:3361
#3 0xf7151423 in JNI_CreateJavaVM (vm=0xffffd684, penv=0xffffd624, args=0xffffd62c) at ./src/hotspot/src/share/vm/prims/jni.cpp:5220
#4 0x5655561f in create_vm (jvm=0xffffd684) at test_case.c:16
#5 0x56555685 in main (argc=1, argv=0xffffd744) at test_case.c:25

That information is used by os::Linux::default_guard_size() [4] to fetch both 'bottom' and 'size' used to indicate the start of the guard page - and it has a nice doc explaining the stack layout. The values from default_guard_size are in turn used by os::current_stack_base() [5] to calculate what should be the stack base.

Let me know if there's any additional information I can help with.

[1] http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/tip/src/os/linux/vm/os_linux.cpp#l1081
[2] http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/tip/src/os/linux/vm/os_linux.cpp#l1271
[3] http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/tip/src/os/linux/vm/os_linux.cpp#l5010
[4] http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/tip/src/os_cpu/linux_x86/vm/os_linux_x86.cpp#l714
[5] http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/tip/src/os_cpu/linux_x86/vm/os_linux_x86.cpp#l745

Pete Cheslock (pete-cheslock) wrote :

This affects linux-aws 4.4.0-1020-aws as well. I ran into this issue on that kernel. https://github.com/collectd/collectd/issues/2321#issuecomment-311634825

Seems maybe fixed in 4.4.0-1022-aws

Olivier Tilloy (osomon) wrote :

libreoffice base still crashing at startup on xenial i386 with kernels 4.4.0-96.119 (in xenial-security) and 4.4.0-97.120 (in xenial-proposed)

Norbert (nrbrtx) wrote :

Ubuntu 17.10 with all updates. LibreOffice Base is still crashing on 32-bit (kernel is 4.13.0-12-generic).

tags: added: artful
summary: linux-image-4.10.0-24-generic, linux-image-4.8.0-56-generic, linux-
- image-4.4.0-81-generic, linux-image-3.13.0-121-generic Regression: many
- user-space apps crashing
+ image-4.4.0-81-generic, linux-image-3.13.0-121-generic, linux-
+ image-4.13.0-12-generic Regression: many user-space apps crashing
summary: - linux-image-4.10.0-24-generic, linux-image-4.8.0-56-generic, linux-
- image-4.4.0-81-generic, linux-image-3.13.0-121-generic, linux-
- image-4.13.0-12-generic Regression: many user-space apps crashing
+ linux-image-4.13.0-12-generic, linux-image-4.10.0-24-generic, linux-
+ image-4.8.0-56-generic, linux-image-4.4.0-81-generic, linux-
+ image-3.13.0-121-generic | Regression: many user-space apps crashing
tags: added: id-599af6610f9a304e95fd9796
ronalddsp (rdsierrap) on 2017-10-04
Changed in python-jpype (Ubuntu):
status: Confirmed → New
Henk Stuurman (hw-stuurman) wrote :

The crashes of LibreOffice give the following errors:
Sorry, Ubuntu 16.04 has experienced an internal error

ExecutablePath /usr/lib/libreoffice/program/sov\ffice.bin

Package libreoffice-core 1:5.1.6-rc2-oubuntu1~xenial2

Problem type crash

title soffice.bin crahed with SIGSEGV

apport version 2.20.1ubuntu2.10

distro release Ubuntu 16.04

Installation Dae Installed on 2014-03-19

Installationm Meda Ubuntu 12.04.4 LTS “Precise Pangolin” - Release i386 (20140204)

ProcCmdline /usr/lib/libreoffice/program/soffice.bin -writer -splash-pipe=5

ProcVersionSignature Ubuntu 4.4.0-92.115-generic 4.4.76

SegvReason reading unknown VMA

Signal 11

SourceOackage libreoffice

StacktraceAddressSignature /usr/lib/libreoffice.bin:11:/usr/lib/jvm/java-8-openjgk-i386/jre/lib/i386/server/libjvm.so+73fb35:/usr/lib/jvm/java-6-openjdk-i386/jre/lib/i386/server/libjvm.so+7422a4:/usr/lib/jvm/java-8-openjdk-i386/jre/lib/server/libjvm.so+74c790:/usr/lib/jvm/java-8-openjdk-i386/jre/lib/i386/server/libjvm.so+533f5f:/usr/lib/jvm/java-8-openjdk-i386/jre/lib/i386/server/libjvm.so+53439c:/usr/lib/libreoffice/program/libjvmaccesslo/so+3ce7:/usr/lib/libreoffice/program/libjvmaccesslo.so+3d36:/usr/lib/libreoffice/program/libjava_uno.so+13ffc:/usr/lib/libreoffice/program/libjava_uno.so+14a46:/usr/lib/libreoffice/program/libgcc3_uno.so.2720:/usr/lib/libreoffice/program/libgcc3_uno.so+2c6b:/usr/lib/libreoffice/program/libgcc3_uno.so+9235:/usr/lib/libreoffice/program/libjavaloaderlo.so+40ca:/usr/lib/libreoffice/program/libuno_cppuhelpergcc3.so+6a9b4:usr/lib/libreoffice/program/libuno_cppuhelpergcc3.so.3+6bb4d

Tags xenial

Uname Linux 4.4.0.92-generic i386

Upgradestatus Upgraded to xenial on 2016-08-03

UserGroups adm cdrom dip lpadmin plugdev sambashare sudo

I have no uninstalled Oracle Java and will try to find Open JDK to install, and see what happens.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in python-jpype (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.