linux-image-4.13.0-12-generic, linux-image-4.10.0-24-generic, linux-image-4.8.0-56-generic, linux-image-4.4.0-81-generic, linux-image-3.13.0-121-generic | Regression: many user-space apps crashing

Bug #1699772 reported by Gunter Ohrner
376
This bug affects 60 people
Affects Status Importance Assigned to Milestone
LibreOffice
Won't Fix
Critical
linux (Debian)
Fix Released
Unknown
linux (Ubuntu)
Incomplete
Critical
Unassigned
Xenial
Incomplete
Critical
Unassigned
Artful
Won't Fix
Critical
Unassigned
Bionic
Fix Released
Critical
Unassigned

Bug Description

Distribution: Ubuntu 16.04 x64 (Flavour: KDE Neon User Edition 5.10)

linux-image-4.4.0-81-generic appears to contain a regression, probably related to the CVE-2017-1000364 fix backport / patch.

Using this kernel, the Oracle Java browser plugin always crashes during stack-related actions on initialization. This means, the plugin completely stopped working.

It works perfectly fine in linux-image-4.4.0-79-generic (vurlerable to CVE-2017-1000364) as well as linux-image-4.11.6-041106-generic, which also contains a fix for CVE-2017-1000364.

uname -a:

> Linux Zweiblum 4.4.0-81-generic #104-Ubuntu SMP Wed Jun 14 08:17:06 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

I tested Oracle Java 1.8 u131 as well as 1.6 u64 in Firefox 51.0.1 as well as Iceweasel / Firefox/3.5.16 in a chroot.

Using linux-image-4.4.0-81-generic it crashes in all combinations while with both other kernels it works.

I was not able to obtain any detailed crash information from Firefox 51.0.1, but Iceweasel 3.5.16 crashed completely, allowing me to obtain a stack trace which shows the relation to stack operations performed by the plugin, even without proper debug symbols:

> (gdb) bt full
> #0 0x00007fa06d805307 in _expand_stack_to(unsigned char*) () from /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> No symbol table info available.
> #1 0x00007fa06d8053ae in os::Linux::manually_expand_stack(JavaThread*, unsigned char*) ()
> from /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> No symbol table info available.
> #2 0x00007fa06d80cf0b in JVM_handle_linux_signal () from /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> No symbol table info available.
> #3 0x00007fa06d802e13 in signalHandler(int, siginfo*, void*) () from /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> No symbol table info available.
> #4 <signal handler called>

I first assumed a bug in the Java plugin, but it works fine in Linux 4.11.6.

The crash will be triggered by any applet, for example the test applet at:

* https://java.com/en/download/installed8.jsp

I'm running the Ubuntu 16.04 based KDE Neon distribution which somehow apparently does not allow me to use apport to report this bug:

> $ LANG= apport-cli linux-image-4.4.0-81-generic
>
> *** Collecting problem information
>
> The collected information can be sent to the developers to improve the
> application. This might take a few minutes.
> .........
>
> *** Problem in linux-image-4.4.0-81-generic
>
> The problem cannot be reported:
>
> This is not an official KDE package. Please remove any third party package and try again.

If someone can tell me how to get apport working for this package, I can use it to collect additional information, but (unfortunately?) the problem should be fairly easy to reproduce...

CVE References

Gunter Ohrner (gohrner)
affects: mesa (Ubuntu) → linux (Ubuntu)
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in linux (Ubuntu):
status: New → Confirmed
Revision history for this message
Jarda Sladek (jaroslav-sladek) wrote :

The same bug appears on 17.04. 4.10.0-24-generic, which contains CVE-2017-1000364 fix, causes Oracle java plugin to crash. 4.10.0-22-generic, in exactly the same setup, works fine. The console error from Firefox (what most users will see) is

###!!! [Parent][MessageChannel::Call] Error: Channel error: cannot send/recv

This makes Java Plugin on latest version of Ubuntu completely unusable.

Revision history for this message
Yuexiang Zhang (xfeep) wrote :

This bug affects not only Oracle Java plugin but also those applications based on JNI Invocation API. Here is a very simple example to reproduce it.

#include <jni.h>

int main(int argc, char *args[]) {
     JavaVM *jvm;
     JNIEnv *env;
     JavaVMInitArgs vm_args;
     JavaVMOption options [1];
     options[0].optionString = "-Djava.class.path=/usr/lib/java";
     vm_args.version = JNI_VERSION_1_6;
     vm_args.nOptions = 1;
     vm_args.options = options;
     vm_args.ignoreUnrecognized = 0;

     JNI_CreateJavaVM(&jvm, (void**)&env, &vm_args); //crash at this line
            /**............**/

     (*jvm)->DestroyJavaVM(jvm);
            return 0;
}

Norbert (nrbrtx)
tags: added: xenial
Revision history for this message
Damjan Jovanovic (damjan-jov) wrote :

This is a ***MASSIVE REGRESSION*** affecting many or even all native applications that use the Java Invocation API, including at least Eclipse (crashes a few seconds after startup), and LibreOffice Base with any JDBC database connector (instant crash as soon as it tries to load the JVM).

Revision history for this message
Moritz Bechler (bechler) wrote :

This should affect all embedded java uses which launch the JVM on the main thread (the regular java launcher does not do that) and is caused by the known buggy (http://www.openwall.com/lists/oss-security/2017/06/22/6) custom CVE-2017-1000364 fix. Testing the upstream patch on debian it seems to be fine (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865549).

Revision history for this message
nezero (nezero) wrote :
nezero (nezero)
no longer affects: commons-daemon (Ubuntu)
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in commons-daemon (Ubuntu):
status: New → Confirmed
Changed in eclipse (Ubuntu):
status: New → Confirmed
Changed in imagej (Ubuntu):
status: New → Confirmed
Changed in libreoffice (Ubuntu):
status: New → Confirmed
Norbert (nrbrtx)
summary: - linux-image-4.4.0-81-generic Regression: Oracle Java plugin crashes
+ linux-image-4.4.0-81-generic, linux-image-3.13.0-121-generic Regression:
+ many user-space apps crashing
3 comments hidden view all 141 comments
Revision history for this message
Launchpad Janitor (janitor) wrote : Re: linux-image-4.4.0-81-generic, linux-image-3.13.0-121-generic Regression: many user-space apps crashing

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in scilab (Ubuntu):
status: New → Confirmed
Revision history for this message
Norbert (nrbrtx) wrote :

Scilab is affected too. It uses openjdk-8.
See bug 1699892 for details.
Scilab is crashing with new kernel (linux-image-3.13.0-121-generic in Trusty / linux-image-4.4.0-81-generic in Xenial), but works with previous one (linux-image-3.13.0-119-generic in Trusty / linux-image-4.4.0-78-generic in Xenial).

Revision history for this message
Norbert (nrbrtx) wrote :

Also you can check comments on bug 1698919.
The (incomplete) list of affected applications include:
* LPCxpresso (see https://community.nxp.com/thread/453939 )
* RMongo (see https://stackoverflow.com/a/44699417 )
* Ubiquity UniFi (see
https://community.ubnt.com/t5/UniFi-Wireless/UniFi-Controller-failed-after-dist-upgrade/td-p/1967779
)

tags: added: trusty
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in octave (Ubuntu):
status: New → Confirmed
Revision history for this message
Norbert (nrbrtx) wrote :

Octave in Trusty is affected too (see bug 1699594).

Revision history for this message
Arthur Edwards (edwardsah3) wrote : Re: [Bug 1699772] Re: linux-image-4.4.0-81-generic, linux-image-3.13.0-121-generic Regression: many user-space apps crashing
Download full text (3.9 KiB)

Interestingly, octave 4.2 comes up successfully under 4.40-81 under Ubuntu
16.04.

On Jun 23, 2017 4:45 PM, "Norbert" <email address hidden> wrote:

> Octave in Trusty is affected too (see bug 1699594).
>
> --
> You received this bug notification because you are subscribed to a
> duplicate bug report (1699594).
> https://bugs.launchpad.net/bugs/1699772
>
> Title:
> linux-image-4.4.0-81-generic, linux-image-3.13.0-121-generic
> Regression: many user-space apps crashing
>
> Status in commons-daemon package in Ubuntu:
> Confirmed
> Status in eclipse package in Ubuntu:
> Confirmed
> Status in imagej package in Ubuntu:
> Confirmed
> Status in libreoffice package in Ubuntu:
> Confirmed
> Status in linux package in Ubuntu:
> Confirmed
> Status in octave package in Ubuntu:
> Confirmed
> Status in scilab package in Ubuntu:
> Confirmed
>
> Bug description:
> Distribution: Ubuntu 16.04 x64 (Flavour: KDE Neon User Edition 5.10)
>
> linux-image-4.4.0-81-generic appears to contain a regression, probably
> related to the CVE-2017-1000364 fix backport / patch.
>
> Using this kernel, the Oracle Java browser plugin always crashes
> during stack-related actions on initialization. This means, the plugin
> completely stopped working.
>
>
> It works perfectly fine in linux-image-4.4.0-79-generic (vurlerable to
> CVE-2017-1000364) as well as linux-image-4.11.6-041106-generic, which
> also contains a fix for CVE-2017-1000364.
>
>
> uname -a:
>
> > Linux Zweiblum 4.4.0-81-generic #104-Ubuntu SMP Wed Jun 14 08:17:06
> UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
>
>
> I tested Oracle Java 1.8 u131 as well as 1.6 u64 in Firefox 51.0.1 as
> well as Iceweasel / Firefox/3.5.16 in a chroot.
>
> Using linux-image-4.4.0-81-generic it crashes in all combinations
> while with both other kernels it works.
>
>
> I was not able to obtain any detailed crash information from Firefox
> 51.0.1, but Iceweasel 3.5.16 crashed completely, allowing me to obtain a
> stack trace which shows the relation to stack operations performed by the
> plugin, even without proper debug symbols:
>
>
> > (gdb) bt full
> > #0 0x00007fa06d805307 in _expand_stack_to(unsigned char*) () from
> /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> > No symbol table info available.
> > #1 0x00007fa06d8053ae in os::Linux::manually_expand_stack(JavaThread*,
> unsigned char*) ()
> > from /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> > No symbol table info available.
> > #2 0x00007fa06d80cf0b in JVM_handle_linux_signal () from
> /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> > No symbol table info available.
> > #3 0x00007fa06d802e13 in signalHandler(int, siginfo*, void*) () from
> /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> > No symbol table info available.
> > #4 <signal handler called>
>
>
> I first assumed a bug in the Java plugin, but it works fine in Linux
> 4.11.6.
>
>
> The crash will be triggered by any applet, for example the test applet
> at:
>
> * https://java.com/en/download/installed8.jsp
>
>
> I'm running the Ubuntu 16.04 based KDE Neon distribution which somehow
> apparently does not allow me t...

Read more...

Revision history for this message
Joshua R. Poulson (jrp) wrote : Re: linux-image-4.4.0-81-generic, linux-image-3.13.0-121-generic Regression: many user-space apps crashing

Applications that use jsvc can increase their thread stack space with -Xss1280k or larger (Red Hat, for example, suggested -Xss2m which is much larger).

Revision history for this message
Norbert (nrbrtx) wrote :

I confirm issue with full installation of Octave 3.8.1-1ubuntu1 on Trusty
(
dpkg -l | grep octave | grep "^ii" | awk '{print $2;}'
liboctave2:i386 octave octave-audio octave-benchmark octave-biosig octave-common octave-communications octave-communications-common octave-control octave-data-smoothing octave-dataframe
octave-doc octave-econometrics octave-epstk octave-financial octave-fpl octave-ga octave-gdf octave-general octave-geometry octave-gmt octave-gsl octave-htmldoc octave-image octave-info octave-io octave-lhapdf:i386 octave-linear-algebra octave-mapping octave-miscellaneous octave-missing-functions octave-mpi octave-nan octave-nlopt octave-nnet octave-nurbs octave-ocs octave-octcdf octave-octgpr octave-odepkg octave-openmpi-ext octave-optim octave-optiminterp octave-parallel octave-pfstools octave-plot octave-psychtoolbox-3 octave-quaternion octave-signal octave-sockets octave-specfun octave-splines octave-statistics octave-strings octave-struct octave-sundials octave-symbolic octave-tsa octave-vlfeat:i386 octave-vrml octave-zenity qtoctave
)
it crashes on 3.13.0-121-generic. strace says that segmentation fault is after loading openjdk and mmap something. Octave starts normally with 3.13.0-119-generic.

Revision history for this message
Norbert (nrbrtx) wrote :

Current state of the problem: Ubuntu kernel developers will prepare new patch in a few days (see https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2017-June/017507.html).

John Johansen:
"The kernel team is aware of the issue, and will be releasing updated
kernels when they are available.

There are currently no plans to revert the kernel patch until the
replacement patches are ready due to the nature of the security
vulnerability. If the regression is preventing you from using the
applications you require then we currently recommend you reboot into
the previous kernel."

Revision history for this message
Norbert (nrbrtx) wrote :
Revision history for this message
Norbert (nrbrtx) wrote :
Revision history for this message
Norbert (nrbrtx) wrote : Re: linux-image-4.10.0-24-generic, linux-image-4.8.0-56-generic, linux-image-4.4.0-81-generic, linux-image-3.13.0-121-generic Regression: many user-space apps crashing

Other Xenial kernels (linux-image-4.8.0-56-generic, linux-image-4.10.0-24-generic) are affected too.

For today there is only one kernel with fixed problems - 4.11.6-1 in Debian sid (https://packages.debian.org/sid/linux-image-4.11.0-1-686).

summary: - linux-image-4.4.0-81-generic, linux-image-3.13.0-121-generic Regression:
- many user-space apps crashing
+ linux-image-4.10.0-24-generic, linux-image-4.8.0-56-generic, linux-
+ image-4.4.0-81-generic, linux-image-3.13.0-121-generic Regression: many
+ user-space apps crashing
Revision history for this message
Norbert (nrbrtx) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in python-jpype (Ubuntu):
status: New → Confirmed
Changed in linux (Debian):
status: Unknown → Confirmed
Revision history for this message
Norbert (nrbrtx) wrote :

Scilab is still crashing with kernel from xenial-proposed (4.4.0-82.105).
"JAVA_TOOL_OPTIONS=-Xss1280k scilab" helps, but it is not a solution.

Revision history for this message
Norbert (nrbrtx) wrote :

With latest proposed kernel (4.4.0-83.106) Scilab does not crash.

Revision history for this message
Norbert (nrbrtx) wrote :
no longer affects: rustc
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in rustc (Ubuntu):
status: New → Confirmed
Revision history for this message
nezero (nezero) wrote :

4.4.0-83.106 appears to be in the release repo's now and looks like it's fixed the issue for JSVC (commons-daemon (Ubuntu))

Revision history for this message
Damjan Jovanovic (damjan-jov) wrote :

4.4.0-83 fixes Eclipse, but LibreOffice Base still crashes with JDBC drivers.

Revision history for this message
Lachezar Dobrev (lachezar) wrote :

Kernel 4.10.0-26 (deb version 4.10.0-26.30) seems to have fixed crashes in Eclipse.

Revision history for this message
J. Klaus Krieger (ike85659ms127b) wrote :

Upgrade to "Linux ... 4.10.0-26-generic #30-Ubuntu SMP Tue Jun 27 09:30:12 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux" (Ubuntu 17.04 with XFCE under VMware WS Pro 12.5.7 build-5813279) fixed my problems with "jsvc" (starting "tomcat" 8.5.16) and kernel 4.10.0-24.28 ... catching "signal 11" immediately after start.

Many thanks to all of You, having helped to solve the problem!

Revision history for this message
Norbert (nrbrtx) wrote :

Scilab and test C-Java program from bug 1700270 work normally with linux-image-4.4.0-83-generic, linux-image-4.8.0-58-generic, linux-image-4.10.0-26-generic.
Thank you!

Changed in linux (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Arthur Edwards (edwardsah3) wrote : Re: [Bug 1699772] Re: linux-image-4.10.0-24-generic, linux-image-4.8.0-56-generic, linux-image-4.4.0-81-generic, linux-image-3.13.0-121-generic Regression: many user-space apps crashing
Download full text (4.3 KiB)

Thanks very much. I have installed it, and you're right.

Art Edwards

On Jun 29, 2017 3:02 PM, "Norbert" <email address hidden> wrote:

> Scilab and test C-Java program from bug 1700270 work normally with
> linux-image-4.4.0-83-generic, linux-image-4.8.0-58-generic,
> linux-image-4.10.0-26-generic.
> Thank you!
>
> ** Changed in: linux (Ubuntu)
> Status: Confirmed => Fix Released
>
> --
> You received this bug notification because you are subscribed to a
> duplicate bug report (1699594).
> https://bugs.launchpad.net/bugs/1699772
>
> Title:
> linux-image-4.10.0-24-generic, linux-image-4.8.0-56-generic, linux-
> image-4.4.0-81-generic, linux-image-3.13.0-121-generic Regression:
> many user-space apps crashing
>
> Status in commons-daemon package in Ubuntu:
> Confirmed
> Status in eclipse package in Ubuntu:
> Confirmed
> Status in imagej package in Ubuntu:
> Confirmed
> Status in libreoffice package in Ubuntu:
> Confirmed
> Status in linux package in Ubuntu:
> Fix Released
> Status in octave package in Ubuntu:
> Confirmed
> Status in python-jpype package in Ubuntu:
> Confirmed
> Status in rustc package in Ubuntu:
> Confirmed
> Status in scilab package in Ubuntu:
> Confirmed
> Status in linux package in Debian:
> Confirmed
>
> Bug description:
> Distribution: Ubuntu 16.04 x64 (Flavour: KDE Neon User Edition 5.10)
>
> linux-image-4.4.0-81-generic appears to contain a regression, probably
> related to the CVE-2017-1000364 fix backport / patch.
>
> Using this kernel, the Oracle Java browser plugin always crashes
> during stack-related actions on initialization. This means, the plugin
> completely stopped working.
>
>
> It works perfectly fine in linux-image-4.4.0-79-generic (vurlerable to
> CVE-2017-1000364) as well as linux-image-4.11.6-041106-generic, which
> also contains a fix for CVE-2017-1000364.
>
>
> uname -a:
>
> > Linux Zweiblum 4.4.0-81-generic #104-Ubuntu SMP Wed Jun 14 08:17:06
> UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
>
>
> I tested Oracle Java 1.8 u131 as well as 1.6 u64 in Firefox 51.0.1 as
> well as Iceweasel / Firefox/3.5.16 in a chroot.
>
> Using linux-image-4.4.0-81-generic it crashes in all combinations
> while with both other kernels it works.
>
>
> I was not able to obtain any detailed crash information from Firefox
> 51.0.1, but Iceweasel 3.5.16 crashed completely, allowing me to obtain a
> stack trace which shows the relation to stack operations performed by the
> plugin, even without proper debug symbols:
>
>
> > (gdb) bt full
> > #0 0x00007fa06d805307 in _expand_stack_to(unsigned char*) () from
> /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> > No symbol table info available.
> > #1 0x00007fa06d8053ae in os::Linux::manually_expand_stack(JavaThread*,
> unsigned char*) ()
> > from /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> > No symbol table info available.
> > #2 0x00007fa06d80cf0b in JVM_handle_linux_signal () from
> /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> > No symbol table info available.
> > #3 0x00007fa06d802e13 in signalHandler(int, siginfo*, void*) () from
> /opt/java-8-oracle/jre/lib/amd64/server/li...

Read more...

Changed in linux (Debian):
status: Confirmed → Fix Released
Changed in linux (Debian):
status: Fix Released → Confirmed
Revision history for this message
Arthur Edwards (edwardsah3) wrote :
Download full text (4.1 KiB)

Thanks!

On Jul 4, 2017 3:41 PM, "Bug Watch Updater" <email address hidden>
wrote:

> ** Changed in: linux (Debian)
> Status: Fix Released => Confirmed
>
> --
> You received this bug notification because you are subscribed to a
> duplicate bug report (1699594).
> https://bugs.launchpad.net/bugs/1699772
>
> Title:
> linux-image-4.10.0-24-generic, linux-image-4.8.0-56-generic, linux-
> image-4.4.0-81-generic, linux-image-3.13.0-121-generic Regression:
> many user-space apps crashing
>
> Status in commons-daemon package in Ubuntu:
> Confirmed
> Status in eclipse package in Ubuntu:
> Confirmed
> Status in imagej package in Ubuntu:
> Confirmed
> Status in libreoffice package in Ubuntu:
> Confirmed
> Status in linux package in Ubuntu:
> Fix Released
> Status in octave package in Ubuntu:
> Confirmed
> Status in python-jpype package in Ubuntu:
> Confirmed
> Status in rustc package in Ubuntu:
> Confirmed
> Status in scilab package in Ubuntu:
> Confirmed
> Status in linux package in Debian:
> Confirmed
>
> Bug description:
> Distribution: Ubuntu 16.04 x64 (Flavour: KDE Neon User Edition 5.10)
>
> linux-image-4.4.0-81-generic appears to contain a regression, probably
> related to the CVE-2017-1000364 fix backport / patch.
>
> Using this kernel, the Oracle Java browser plugin always crashes
> during stack-related actions on initialization. This means, the plugin
> completely stopped working.
>
>
> It works perfectly fine in linux-image-4.4.0-79-generic (vurlerable to
> CVE-2017-1000364) as well as linux-image-4.11.6-041106-generic, which
> also contains a fix for CVE-2017-1000364.
>
>
> uname -a:
>
> > Linux Zweiblum 4.4.0-81-generic #104-Ubuntu SMP Wed Jun 14 08:17:06
> UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
>
>
> I tested Oracle Java 1.8 u131 as well as 1.6 u64 in Firefox 51.0.1 as
> well as Iceweasel / Firefox/3.5.16 in a chroot.
>
> Using linux-image-4.4.0-81-generic it crashes in all combinations
> while with both other kernels it works.
>
>
> I was not able to obtain any detailed crash information from Firefox
> 51.0.1, but Iceweasel 3.5.16 crashed completely, allowing me to obtain a
> stack trace which shows the relation to stack operations performed by the
> plugin, even without proper debug symbols:
>
>
> > (gdb) bt full
> > #0 0x00007fa06d805307 in _expand_stack_to(unsigned char*) () from
> /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> > No symbol table info available.
> > #1 0x00007fa06d8053ae in os::Linux::manually_expand_stack(JavaThread*,
> unsigned char*) ()
> > from /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> > No symbol table info available.
> > #2 0x00007fa06d80cf0b in JVM_handle_linux_signal () from
> /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> > No symbol table info available.
> > #3 0x00007fa06d802e13 in signalHandler(int, siginfo*, void*) () from
> /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
> > No symbol table info available.
> > #4 <signal handler called>
>
>
> I first assumed a bug in the Java plugin, but it works fine in Linux
> 4.11.6.
>
>
> The crash will be triggered by any applet, for example th...

Read more...

Norbert (nrbrtx)
no longer affects: linux
Norbert (nrbrtx)
tags: added: zesty
Revision history for this message
Norbert (nrbrtx) wrote : Re: linux-image-4.10.0-24-generic, linux-image-4.8.0-56-generic, linux-image-4.4.0-81-generic, linux-image-3.13.0-121-generic Regression: many user-space apps crashing

I can confirm that LibreOffice Base is crashing on Ubuntu 17.04 during database creation (launched Base, in 'Database Wizard' selected 'Create a new database', 'Embedded database:' -> 'HSQLDB Embedded', click 'Next', click 'Finish', save database file in /tmp/db.odb). After that Base is crashing silently.
I can't install libreoffice-dbg package on zesty (I reported bug 1702556 about it).
LibreOffice Writer does not crash in Zesty.

Revision history for this message
Norbert (nrbrtx) wrote :

Libreoffice Base 5.1.6.2 is crashing on Ubuntu 16.04 LTS.
What I did:
0. Installed all updates, "uname -a"
 Linux flash-1604 4.4.0-83-generic #106-Ubuntu SMP Mon Jun 26 17:54:25 UTC 2017 i686 i686 i686 GNU/Linux
1. "sudo apt-get install libreoffice-dbg ure-dbg uno-libs3-dbg libglib2.0-0-dbg"
3. run "gdb --args /usr/lib/libreoffice/program/soffice.bin --base", in Database Wizard selected 'Create a new database', 'Embedded database:' -> 'HSQLDB Embedded', click 'Next', click 'Finish', save database file in /tmp/db.odb.
   "run"
   "bt full"
    Got this backtrace: (see atachment).

Changed in df-libreoffice:
importance: Unknown → Critical
status: Unknown → Confirmed
Revision history for this message
Norbert (nrbrtx) wrote :

Libreoffice Base 5.3.1.2 is crashing on Ubuntu 17.04.
What I did:
0. Installed all updates, "uname -a"
 Linux ubuntu-zesty 4.10.0-26-generic #30-Ubuntu SMP Tue Jun 27 09:29:33 UTC 2017 i686 i686 i686 GNU/Linux
1. "apt-get install libreoffice-core-dbgsym libreoffice-writer-dbgsym ure-dbgsym uno-libs3-dbgsym libreoffice-gtk3-dbgsym libglib2.0-0-dbgsym"
3. run "gdb --args /usr/lib/libreoffice/program/soffice.bin --base", in Database Wizard selected 'Create a new database', 'Embedded database:' -> 'HSQLDB Embedded', click 'Next', click 'Finish', save database file in /tmp/db.odb.
   "run"
   "bt full"
    Got this backtrace: (see atachment).

Revision history for this message
Rostislav Stříbrný (rstribrn) wrote :

Hi,
problem still present on linux-image-4.8.0-58-generic with these conditions:
    - while executing JVM launched from >>32-bit<< C (on 64-bit kernel)
    - defining "higher" JVM stack size (eg. -Xss2048k JVM argument)

=> causes JVM segmentation fault

Attached test case (sources + binary + output logs): Bug1699772_i386_jvm_segfault_problem.tgz
test_case1.c (32-bit) => using -Xss1024k => RUNS OK.
test_case2.c (32-bit) => using -Xss2048k => Segmentation fault.
test_case1.c (64-bit) => using -Xss1024k => RUNS OK.
test_case2.c (64-bit) => using -Xss2048k => RUNS OK.

My system:
cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.2 LTS"

with linux-generic-hwe-16.04

uname -a
Linux L34001100621 4.8.0-58-generic #63~16.04.1-Ubuntu SMP Mon Jun 26 18:08:51 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

Revision history for this message
Rostislav Stříbrný (rstribrn) wrote :
Changed in df-libreoffice:
status: Confirmed → Won't Fix
Changed in linux (Debian):
status: Confirmed → Fix Released
Changed in linux (Debian):
status: Fix Released → Confirmed
61 comments hidden view all 141 comments
Revision history for this message
In , Luke (lukebenes) wrote :

There are 2 workarounds for this issue:

Add kernel parameter stack_guard_gap=1

Or

Start Libreoffice, click on Tools, click on options and under Libreoffice section click on Advanced.
And instead of changing parameteres, considering I don't use java in Libreoffice, I've simply deselected "Use a Java runtime environment".

from: https://bbs.archlinux.org/viewtopic.php?id=227597

Revision history for this message
In , Cloph-0 (cloph-0) wrote :

pointers to the openjdk code / showing why only 32bit is affected

https://<email address hidden>/msg1437925.html

Revision history for this message
In , Michael-stahl (michael-stahl) wrote :

*** Bug 109327 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Iplaw67-h (iplaw67-h) wrote :

*** Bug 108854 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Iplaw67-h (iplaw67-h) wrote :

*** Bug 109101 has been marked as a duplicate of this bug. ***

Olivier Tilloy (osomon)
Changed in linux (Ubuntu):
status: Fix Released → Confirmed
Revision history for this message
In , Iplaw67-h (iplaw67-h) wrote :

*** Bug 110748 has been marked as a duplicate of this bug. ***

Changed in linux (Ubuntu):
importance: Undecided → Critical
Revision history for this message
In , Michael-stahl (michael-stahl) wrote :

*** Bug 109014 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Iplaw67-h (iplaw67-h) wrote :

*** Bug 112357 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Iplaw67-h (iplaw67-h) wrote :

*** Bug 112479 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Luke (lukebenes) wrote :

The build time manifestation of this bug is a CppunitTest_dbaccess_hsqldb_test or CppunitTest_dbaccess_RowSetClones test failure. For details see:

http://nabble.documentfoundation.org/CppunitTest-dbaccess-hsqldb-test-CppunitTest-dbaccess-RowSetClones-Failing-after-System-Update-td4218769.html

Norbert (nrbrtx)
tags: added: artful
summary: linux-image-4.10.0-24-generic, linux-image-4.8.0-56-generic, linux-
- image-4.4.0-81-generic, linux-image-3.13.0-121-generic Regression: many
- user-space apps crashing
+ image-4.4.0-81-generic, linux-image-3.13.0-121-generic, linux-
+ image-4.13.0-12-generic Regression: many user-space apps crashing
summary: - linux-image-4.10.0-24-generic, linux-image-4.8.0-56-generic, linux-
- image-4.4.0-81-generic, linux-image-3.13.0-121-generic, linux-
- image-4.13.0-12-generic Regression: many user-space apps crashing
+ linux-image-4.13.0-12-generic, linux-image-4.10.0-24-generic, linux-
+ image-4.8.0-56-generic, linux-image-4.4.0-81-generic, linux-
+ image-3.13.0-121-generic | Regression: many user-space apps crashing
tags: added: id-599af6610f9a304e95fd9796
ronalddsp (rdsierrap)
Changed in python-jpype (Ubuntu):
status: Confirmed → New
Revision history for this message
In , Xiscofauli (xiscofauli) wrote :

*** Bug 112930 has been marked as a duplicate of this bug. ***

Changed in python-jpype (Ubuntu):
status: New → Confirmed
Revision history for this message
In , julien2412 (serval2412-6) wrote :

*** Bug 113491 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Beluga (beluga) wrote :

*** Bug 113904 has been marked as a duplicate of this bug. ***

Changed in linux (Debian):
status: Confirmed → Fix Released
Revision history for this message
In , Mikekaganski (mikekaganski) wrote :

*** Bug 114689 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Mikekaganski (mikekaganski) wrote :

*** Bug 114898 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Xiscofauli (xiscofauli) wrote :

*** Bug 114639 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Xiscofauli (xiscofauli) wrote :

*** Bug 114638 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Aron Budea (baron-z) wrote :

*** Bug 114977 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Jan-Peter Rühmann (jpruehmann) wrote :

Why then every other Java Programm not showing errors?
LibreOffice is the only one.
Thanks,

tags: added: kernel-da-key
Changed in linux (Ubuntu Artful):
assignee: nobody → Joseph Salisbury (jsalisbury)
importance: Undecided → High
status: New → In Progress
Changed in linux (Ubuntu Bionic):
assignee: nobody → Joseph Salisbury (jsalisbury)
status: Confirmed → In Progress
no longer affects: commons-daemon (Ubuntu)
no longer affects: commons-daemon (Ubuntu Artful)
no longer affects: commons-daemon (Ubuntu Bionic)
no longer affects: eclipse (Ubuntu Artful)
no longer affects: eclipse (Ubuntu Bionic)
no longer affects: eclipse (Ubuntu)
no longer affects: imagej (Ubuntu Artful)
no longer affects: imagej (Ubuntu Bionic)
no longer affects: libreoffice (Ubuntu Artful)
no longer affects: libreoffice (Ubuntu Bionic)
no longer affects: libreoffice (Ubuntu)
no longer affects: imagej (Ubuntu)
no longer affects: octave (Ubuntu Artful)
no longer affects: octave (Ubuntu Bionic)
no longer affects: octave (Ubuntu)
no longer affects: python-jpype (Ubuntu Artful)
no longer affects: python-jpype (Ubuntu Bionic)
no longer affects: python-jpype (Ubuntu)
no longer affects: rustc (Ubuntu Artful)
no longer affects: rustc (Ubuntu Bionic)
no longer affects: rustc (Ubuntu)
no longer affects: scilab (Ubuntu Artful)
no longer affects: scilab (Ubuntu Bionic)
no longer affects: scilab (Ubuntu)
Changed in linux (Ubuntu Xenial):
status: New → In Progress
Changed in linux (Ubuntu Artful):
importance: High → Critical
Changed in linux (Ubuntu Xenial):
importance: Undecided → Critical
assignee: nobody → Joseph Salisbury (jsalisbury)
Revision history for this message
In , julien2412 (serval2412-6) wrote :

*** Bug 115631 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Xiscofauli (xiscofauli) wrote :

*** Bug 115222 has been marked as a duplicate of this bug. ***

Changed in linux (Ubuntu Xenial):
status: In Progress → Incomplete
Changed in linux (Ubuntu Artful):
status: In Progress → Incomplete
Changed in linux (Ubuntu Bionic):
status: In Progress → Incomplete
Revision history for this message
In , Xiscofauli (xiscofauli) wrote :

*** Bug 118677 has been marked as a duplicate of this bug. ***

Andy Whitcroft (apw)
Changed in linux (Ubuntu Artful):
status: Incomplete → Won't Fix
Revision history for this message
Wladimir Mutel (mwg) wrote :

Is there any chance to have this fixed in Ubuntu 18.04 earlier than 20.04 is released ?

Revision history for this message
Wladimir Mutel (mwg) wrote :

What's interesting, is that lowriter does not crash in 32-bit LinuxMint-Mate 19 (based on Ubuntu Bionic 18.04)
with either 4.15.0-20 initial kernel, or -33 updated from Bionic.
with 32-bit Lubuntu 18.04 it still crashes under -33 kernel, so the fix is clearly in some different place.
probably LinuxMint authors know some magic incantations

Revision history for this message
In , Xiscofauli (xiscofauli) wrote :

*** Bug 119078 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Xiscofauli (xiscofauli) wrote :

*** Bug 119487 has been marked as a duplicate of this bug. ***

Revision history for this message
Olivier Tilloy (osomon) wrote :

Still crashing in cosmic on i386 with libreoffice 6.0.6 and kernel 4.17.0.9.12, and libreoffice 6.1.0 and kernel 4.18.0.7.8.

3 comments hidden view all 141 comments
Revision history for this message
In , Beluga (beluga) wrote :

*** Bug 119614 has been marked as a duplicate of this bug. ***

2 comments hidden view all 141 comments
Revision history for this message
Seth Forshee (sforshee) wrote :

I've tried to reproduce the crash in a vm running up-to-date i386 cosmic, kernel version 4.18.0-7.8. I'm not seeing any crashes opening up the libreoffice apps. Can you give instructions on how to reproduce? Thanks.

Revision history for this message
Olivier Tilloy (osomon) wrote :

@Seth: I can reliably reproduce the crash in an up-to-date i386 cosmic VM. You need to install libreoffice-base (which is not installed by default, and pulls in all the java dependencies), then run it with "libreoffice --base", go through the initial wizard to create a new HSQLDB database, and that's when the crash happens.

Changed in linux (Ubuntu):
assignee: Joseph Salisbury (jsalisbury) → nobody
Changed in linux (Ubuntu Xenial):
assignee: Joseph Salisbury (jsalisbury) → nobody
Changed in linux (Ubuntu Artful):
assignee: Joseph Salisbury (jsalisbury) → nobody
Changed in linux (Ubuntu Bionic):
assignee: Joseph Salisbury (jsalisbury) → nobody
Revision history for this message
Seth Forshee (sforshee) wrote :

I can reproduce using those steps, opened bug #1795956 from the crash report that was produced.

1 comments hidden view all 141 comments
Revision history for this message
In , Xiscofauli (xiscofauli) wrote :

*** Bug 122062 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Djn4823 (djn4823) wrote :

xubuntu 18.04.1 32-bit (4.15.0-42-generic #45-Ubuntu)

My experience was rather different. LibreOffice would always crash at a point about 35% through the splash screen, so I couldn't use the UI to disable the use of Java.

I checked with sysctl -a and also by dumping all strings in the kernel, and "stack_guard_gap" isn't a valid kernel parameter.

If I edited the LibreOffice config file "javasettings_Linux_x86.xml"

to look like this:

<?xml version="1.0" encoding="UTF-8"?>
<!--This is a generated file. Do not alter this file!-->
<java xmlns="http://openoffice.org/2004/java/framework/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<enabled xsi:nil="false"/>
<userClassPath xsi:nil="true"/>
<vmParameters xsi:nil="true"/>
<jreLocations xsi:nil="true"/>
<javaInfo xsi:nil="true"/>
</java>

LibreOffice 6.0.6.2 00m0(Build:2) would find the java virtual machine, update the config file, and then crash as before.

The (partial) solution was to rename /usr/bin/java and /usr/lib/jvm/ AND code the javasettings file as above. With these steps taken I can at least edit documents in --writer and spreadsheets with --calc. Creating a native database requires Java, so that doesn't work, but I was able to attach to a spreadsheet and treat it like a database. Not sure about Access/Jet or SqLite databases yet.

Of course, anything else that requires Java is now broken. Java version is

OpenJDK Runtime Environment (build 10.0.2+13-Ubuntu-1ubuntu0.18.04.4)
OpenJDK Server VM (build 10.0.2+13-Ubuntu-1ubuntu0.18.04.4, mixed mode)

I tried creating a "Hello World" Java program and it worked as expected.

Hmmm... "Mixed Mode?" Also, this version of was intended for Ubuntu 18.04.**4**, whereas I have 18.04.**1**.

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

@ Seth Forshee (sforshee)

the "crash" based bug got marked as dupicate of this bug. So surely this bug report should not be "incomplete" status. What's the progress here?

Trivial to reproduce using libreoffice package in bionic i386 VM as seen in autopkgtests all the time.

Changed in linux (Ubuntu Bionic):
status: Incomplete → Confirmed
Revision history for this message
Olivier Tilloy (osomon) wrote :

As evidenced by http://autopkgtest.ubuntu.com/packages/libreoffice/cosmic/i386, the problem went away in cosmic at some point in November 2018.

xenial and bionic are still affected.

Revision history for this message
Olivier Tilloy (osomon) wrote :

Autopkgtests on cosmic started passing (as far as this bug is concerned − there were other unrelated failures) on 2018-10-10, when openjdk-lts was upgraded from 10.0.2+13-1ubuntu1 to 11~28-3ubuntu1.

Revision history for this message
In , Luke (lukebenes) wrote :

(In reply to Dave Notman from comment #42)
> "stack_guard_gap" isn't a valid kernel parameter.

Yes, the correct parameter "stack_guard_gap=1"

With ubuntu 18.04.2 32-bit, the master branch is building with this parameter.

Brad Figg (brad-figg)
tags: added: cscc
Changed in libreoffice (Ubuntu):
status: New → Fix Released
Revision history for this message
Marcus Tomlinson (marcustomlinson) wrote :

openjdk 11 has since been backported to bionic.

Changed in linux (Ubuntu Bionic):
status: Confirmed → Fix Released
no longer affects: libreoffice (Ubuntu)
no longer affects: libreoffice (Ubuntu Xenial)
Norbert (nrbrtx)
tags: removed: artful trusty zesty
1 comments hidden view all 141 comments
Revision history for this message
In , Funnylittleman76 (funnylittleman76) wrote :

Very informative post. Thanks for sharing it. <a href="https://www.rubbishremovalgeelong.com.au/">rubbish removal Geelong</a>

Displaying first 40 and last 40 comments. View all 141 comments or add a comment.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.