Ubuntu
linux package

jsvc crashed with SIGSEGV in _expand_stack_to()

Bug #1700010 reported by nezero
22
This bug affects 3 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

After upgrading to 4.4.0-81-generic some a third party service failed to start after investigating I managed to reproduce the issue using the following method. Note: Issue does not occur after down grading the kernel to 4.4.0-79-generic, but as this report suggests, it is still there in 4.4.0-82-generic

Created a Java file Run.java

import java.util.Date;
import org.apache.commons.daemon.Daemon;
import org.apache.commons.daemon.DaemonContext;
import org.apache.commons.daemon.DaemonInitException;

public class Run implements Daemon {

    private class Runner extends Thread {
        public void run() {
            synchronized(this) {
                try {
                    System.out.println(new Date() + " running ...");
                    wait();
                } catch (Exception e) {}
            }
        }
    }

    Runner r = new Runner();

    @Override
    public void init(DaemonContext context) throws DaemonInitException, Exception {}

    @Override
    public void start() throws Exception {
        System.out.println(new Date() + " Staring...");
        r.start();
    }

    @Override
    public void stop() throws Exception {
        synchronized(r) {
            System.out.println(new Date() + " Stopping ...");
            r.notify();
        }
    }

    @Override
    public void destroy() {}
}

Compiled with

javac -cp /usr/share/java/commons-daemon-1.0.15.jar Run.java

Created a script to launch through JSVC

# Setup variables
EXEC=/usr/bin/jsvc
JAVA_HOME=/usr/lib/jvm/default-java
CLASS_PATH="/usr/share/java/commons-daemon.jar":"/home/nervecentreadm/JavaTest/"
CLASS=Run
USER=nervecentreadm
PID=/tmp/example.pid
LOG_OUT=/tmp/example.out
LOG_ERR=/tmp/example.err

do_exec()
{
    $EXEC -home "$JAVA_HOME" -cp $CLASS_PATH -user $USER -outfile $LOG_OUT -errfile $LOG_ERR -pidfile $PID $1 $CLASS
}

case "$1" in
    start)
        do_exec
            ;;
    stop)
        do_exec "-stop"
            ;;
    restart)
        if [ -f "$PID" ]; then
            do_exec "-stop"
            do_exec
        else
            echo "service not running, will do nothing"
            exit 1
        fi
            ;;
    *)
            echo "usage: daemon {start|stop|restart}" >&2
            exit 3
            ;;
esac

Ran the script with

./service start

The error log file in /tmp/example.err contains.

ProblemType: Crash
DistroRelease: Ubuntu 16.04
Package: jsvc 1.0.15-6
ProcVersionSignature: Ubuntu 4.4.0-82.105-generic 4.4.70
Uname: Linux 4.4.0-82-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.7
Architecture: amd64
Date: Fri Jun 23 08:39:45 2017
ExecutablePath: /usr/bin/jsvc
InstallationDate: Installed on 2014-10-09 (987 days ago)
InstallationMedia: Ubuntu-Server 12.04.4 LTS "Precise Pangolin" - Release amd64 (20140204)
ProcCmdline: jsvc.exec -home /usr/lib/jvm/default-java -cp /usr/share/java/commons-daemon.jar:/home/username/JavaTest/ -user username -outfile /tmp/example.out -errfile /tmp/example.err -pidfile /tmp/example.pid Run
SegvAnalysis:
 Segfault happened at: 0x7f0c51ab0a4f <_expand_stack_to(address)+79>: movb $0x0,(%rax)
 PC (0x7f0c51ab0a4f) ok
 source "$0x0" ok
 destination "(%rax)" (0x7fff5de07ff0) not located in a known VMA region (needed writable region)!
 Stack memory exhausted (SP below stack segment)
SegvReason: writing unknown VMA
Signal: 11
SourcePackage: commons-daemon
StacktraceTop:
 _expand_stack_to(address) (bottom=0x7fff5de07fff "", bottom@entry=0x7fff5de076b0 "") at /build/openjdk-8-VTMhfL/openjdk-8-8u131-b11/src/hotspot/src/os/linux/vm/os_linux.cpp:673
 os::Linux::manually_expand_stack(JavaThread*, unsigned char*) (t=t@entry=0xa7e000, addr=0x7fff5de076b0 "") at /build/openjdk-8-VTMhfL/openjdk-8-8u131-b11/src/hotspot/src/os/linux/vm/os_linux.cpp:686
 JVM_handle_linux_signal(int, siginfo_t*, void*, int) (sig=sig@entry=11, info=info@entry=0x7fff5de0c230, ucVoid=ucVoid@entry=0x7fff5de0c100, abort_if_unrecognized=abort_if_unrecognized@entry=1) at /build/openjdk-8-VTMhfL/openjdk-8-8u131-b11/src/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp:330
 signalHandler(int, siginfo_t*, void*) (sig=11, info=0x7fff5de0c230, uc=0x7fff5de0c100) at /build/openjdk-8-VTMhfL/openjdk-8-8u131-b11/src/hotspot/src/os/linux/vm/os_linux.cpp:4346
 <signal handler called> () at /lib/x86_64-linux-gnu/libpthread.so.0
Title: jsvc crashed with SIGSEGV in _expand_stack_to()
UpgradeStatus: Upgraded to xenial on 2016-11-01 (233 days ago)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
---
AlsaDevices:
 total 0
 crw-rw---- 1 root audio 116, 1 Jun 23 08:28 seq
 crw-rw---- 1 root audio 116, 33 Jun 23 08:28 timer
AplayDevices: Error: [Errno 2] No such file or directory
ApportVersion: 2.20.1-0ubuntu2.7
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found.
DistroRelease: Ubuntu 16.04
HibernationDevice: RESUME=UUID=3d2157af-ff8c-4559-a982-af99dfe606d5
InstallationDate: Installed on 2014-10-09 (987 days ago)
InstallationMedia: Ubuntu-Server 12.04.4 LTS "Precise Pangolin" - Release amd64 (20140204)
IwConfig:
 ens32 no wireless extensions.

 lo no wireless extensions.
Lsusb: Error: command ['lsusb'] failed with exit code 1:
MachineType: VMware, Inc. VMware Virtual Platform
Package: linux (not installed)
PciMultimedia:

ProcFB:

ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-82-generic root=UUID=d790fdc1-8289-46d1-9d2e-ce094b9e743a ro
ProcVersionSignature: Ubuntu 4.4.0-82.105-generic 4.4.70
RelatedPackageVersions:
 linux-restricted-modules-4.4.0-82-generic N/A
 linux-backports-modules-4.4.0-82-generic N/A
 linux-firmware 1.157.11
RfKill: Error: [Errno 2] No such file or directory
Tags: xenial
Uname: Linux 4.4.0-82-generic x86_64
UpgradeStatus: Upgraded to xenial on 2016-11-01 (233 days ago)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
_MarkForUpload: True
dmi.bios.date: 09/21/2011
dmi.bios.vendor: Phoenix Technologies LTD
dmi.bios.version: 6.00
dmi.board.name: 440BX Desktop Reference Platform
dmi.board.vendor: Intel Corporation
dmi.board.version: None
dmi.chassis.asset.tag: No Asset Tag
dmi.chassis.type: 1
dmi.chassis.vendor: No Enclosure
dmi.chassis.version: N/A
dmi.modalias: dmi:bvnPhoenixTechnologiesLTD:bvr6.00:bd09/21/2011:svnVMware,Inc.:pnVMwareVirtualPlatform:pvrNone:rvnIntelCorporation:rn440BXDesktopReferencePlatform:rvrNone:cvnNoEnclosure:ct1:cvrN/A:
dmi.product.name: VMware Virtual Platform
dmi.product.version: None
dmi.sys.vendor: VMware, Inc.

See original description

CVE References

Revision history for this message
nezero (nezero) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

Stacktrace:
 #0 0x00007f0c51ab0a4f in ?? ()
 No symbol table info available.
 #1 0x0000000000000000 in ?? ()
 No symbol table info available.
StacktraceSource:
 #0 0x00007f0c51ab0a4f in ?? ()
 #1 0x0000000000000000 in ?? ()
StacktraceTop:
 ?? ()
 ?? ()

Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in commons-daemon (Ubuntu):
status: New → Invalid
Revision history for this message
Apport retracing service (apport) wrote : Crash report cannot be processed

Thank you for your report!

However, processing it in order to get sufficient information for the
developers failed (it does not generate a useful symbolic stack trace). This
might be caused by some outdated packages which were installed on your system
at the time of the report:

no debug symbol package found for debianutils
no debug symbol package found for perl-base
libbabeltrace-ctf1 version 1.2.1 required, but 1.3.2-1 is available
libbabeltrace1 version 1.2.1 required, but 1.3.2-1 is available
libc6 version 2.15 required, but 2.23-0ubuntu9 is available
libexpat1 version 2.0.1 required, but 2.1.0-7ubuntu0.16.04.2 is available
liblzma5 version 5.1.1alpha+20110809 required, but 5.1.1alpha+20120614-2ubuntu2 is available
libncurses5 version 6 required, but 6.0+20160213-1ubuntu1 is available
libpython3.5 version 3.5.0~b1 required, but 3.5.2-2ubuntu0~16.04.1 is available
libreadline6 version 6.0 required, but 6.3-8ubuntu2 is available
libtinfo5 version 6 required, but 6.0+20160213-1ubuntu1 is available
zlib1g version 1:1.2.0 required, but 1:1.2.8.dfsg-2ubuntu4.1 is available
libglib2.0-0 version 2.22.0 required, but 2.48.2-0ubuntu1 is available
libuuid1 version 2.16 required, but 2.27.1-6ubuntu3.3 is available
libffi6 version 3.0.4 required, but 3.2.1-4 is available
libselinux1 version 1.32 required, but 2.4-3build2 is available
libncursesw5 version 6 required, but 6.0+20160213-1ubuntu1 is available
libsqlite3-0 version 3.5.9 required, but 3.11.0-1ubuntu1 is available
dpkg version 1.15.4 required, but 1.18.4ubuntu1.2 is available
libaudit1 version 1:2.2.1 required, but 1:2.4.5-1ubuntu2 is available
libpam0g version 0.99.7.1 required, but 1.1.8-3.2ubuntu2 is available
libsemanage1 version 2.0.3 required, but 2.3-1build3 is available
debianutils version 2.15.2 required, but 4.7 is available
no debug symbol package found for debianutils
libssl1.0.0 version 1.0.2~beta3 required, but 1.0.2g-1ubuntu4.8 is available
tar version 1.23 required, but 1.28-2.1ubuntu0.1 is available
debconf version 0.5 required, but 1.5.58ubuntu1 is available
libsepol1 version 2.1.4 required, but 2.4-2 is available
libustr-1.0-1 version 1.0.4 required, but 1.0.4-5 is available
libacl1 version 2.2.51-8 required, but 2.2.52-3 is available
perl-base version 5.6.1-4 required, but 5.22.1-9 is available
no debug symbol package found for perl-base
libattr1 version 1:2.4.46-8 required, but 1:2.4.47-2 is available

Please upgrade your system to the latest package versions. If you still
encounter the crash, please file a new report.

Thank you for your understanding, and sorry for the inconvenience!

tags: removed: need-amd64-retrace
nezero (nezero)
information type: Private → Public
Changed in commons-daemon (Ubuntu):
status: Invalid → New
Revision history for this message
nezero (nezero) wrote :
Download full text (4.4 KiB)

The stack trace I've submitted

#0 0x00007f0c51ab0a4f in _expand_stack_to(address) (bottom=0x7fff5de07fff "", bottom@entry=0x7fff5de076b0 "") at /build/openjdk-8-VTMhfL/openjdk-8-8u131-b11/src/hotspot/src/os/linux/vm/os_linux.cpp:673
        sp = 0x7fff5de0be00 "CN\316Q\f\177"
        size = 15873
        p = 0x7fff5de07ff0 ""
#1 0x00007f0c51ab30ce in os::Linux::manually_expand_stack(JavaThread*, unsigned char*) (t=t@entry=0xa7e000, addr=0x7fff5de076b0 "") at /build/openjdk-8-VTMhfL/openjdk-8-8u131-b11/src/hotspot/src/os/linux/vm/os_linux.cpp:686
        mask_all = {__val = {18446744067267100671, 18446744073709551615 <repeats 15 times>}}
        old_sigset = {__val = {18446744067266838271, 139690880317374, 11003648, 4, 4, 15, 140734768398160, 139690880381852, 140734768398088, 6354184958887548672, 140734768398144, 139690880317477, 519691042815, 140734768398200, 140734768398272, 140734768399808}}
        t = 0xa7e000
        addr = 0x7fff5de076b0 ""
#2 0x00007f0c51abd687 in JVM_handle_linux_signal(int, siginfo_t*, void*, int) (sig=sig@entry=11, info=info@entry=0x7fff5de0c230, ucVoid=ucVoid@entry=0x7fff5de0c100, abort_if_unrecognized=abort_if_unrecognized@entry=1) at /build/openjdk-8-VTMhfL/openjdk-8-8u131-b11/src/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp:330
        addr = <optimized out>
        uc = 0x7fff5de0c100
        t = 0xa7e000
        shm = {<StackObj> = {<No data fields>}, _thread = 0xa7e000}
        thread = 0xa7e000
        vmthread = 0x0
        stub = 0x0
        pc = <optimized out>
        newset = {__val = {206158430208, 140734768398440, 140734768398512, 140734768399808, 18446744073709551615, 1, 139690892463736, 11003760, 140734768398512, 139690880406569, 140734768398440, 0, 3, 18446744073709551615, 140734768398528, 139690883567640}}
        err = {<StackObj> = {<No data fields>}, _id = 1575010544, _message = 0x7f0c519dbe25 <MacroAssembler::pop_CPU_state()+117> "H\203\304@\272", _detail_msg = 0x7fff5de0c040 "h\300\340]\377\177", _thread = 0x582e998ddf9f5700, _pc = 0x4 <error: Cannot access memory at address 0x4>, _siginfo = 0x4, _context = 0x7fff5de0c080, _filename = 0x7f0c514e2526 <Assembler::popa()+902> "H\203\304@\211\336L\211\347\350\214\062\377\377H\213E\330dH3\004%(", _lineno = 4, _current_step = 0, _current_step_info = 0xffffffffffffffff <error: Cannot access memory at address 0xffffffffffffffff>, _verbose = 1575010352, static first_error = 0x0, static first_error_tid = -1, static coredump_status = false, static coredump_message = '\000' <repeats 1999 times>, _size = 139690880317477, static out = {<outputStream> = {<ResourceObj> = {<No data fields>}, _vptr.outputStream = 0x7f0c52060210 <vtable for fdStream+16>, _indentation = 0, _width = 80, _position = 0, _newlines = 0, _precount = 0, _stamp = {_counter = 0}}, _fd = 1, _need_close = false}, static log = {<outputStream> = {<ResourceObj> = {<No data fields>}, _vptr.outputStream = 0x7f0c52060210 <vtable for fdStream+16>, _indentation = 0, _width = 80, _position = 0, _newlines = 0, _precount = 0, _stamp = {_counter = 0}}, _fd = -1, _need_close = false}}
#3 0x00007f0c51ab0ef8 in signalHandler(int, siginfo_t*, void*) (sig=11, info=0x7fff5de0c230, uc=0x7fff5de0c10...

Read more...

Revision history for this message
nezero (nezero) wrote :

This looks related to

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865311

Revision history for this message
nezero (nezero) wrote : CurrentDmesg.txt

apport information

tags: added: apport-collected
description: updated
Revision history for this message
nezero (nezero) wrote : JournalErrors.txt

apport information

Revision history for this message
nezero (nezero) wrote : Lspci.txt

apport information

Revision history for this message
nezero (nezero) wrote : ProcCpuinfo.txt

apport information

Revision history for this message
nezero (nezero) wrote : ProcCpuinfoMinimal.txt

apport information

Revision history for this message
nezero (nezero) wrote : ProcEnviron.txt

apport information

Revision history for this message
nezero (nezero) wrote : ProcInterrupts.txt

apport information

Revision history for this message
nezero (nezero) wrote : ProcModules.txt

apport information

Revision history for this message
nezero (nezero) wrote : UdevDb.txt

apport information

Revision history for this message
nezero (nezero) wrote : WifiSyslog.txt

apport information

Revision history for this message
nezero (nezero) wrote :

Relates to https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1699772

Revision history for this message
nezero (nezero) wrote :

It looks like this a linux kernel bug

affects: commons-daemon (Ubuntu) → linux (Ubuntu)
Revision history for this message
nezero (nezero) wrote :

Duplicate of https://bugs.launchpad.net/ubuntu/+source/commons-daemon/+bug/1699772

but I cannot mark it as a duplicate!

Revision history for this message
Joseph Salisbury (jsalisbury) wrote : Status changed to Confirmed

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.