@ Seth Forshee (sforshee)

the "crash" based bug got marked as dupicate of this bug. So surely this
bug report should not be "incomplete" status. What's the progress here?

Trivial to reproduce using libreoffice package in bionic i386 VM as seen
in autopkgtests all the time.

** Changed in: linux (Ubuntu Bionic)
       Status: Incomplete => Confirmed

You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.

  linux-image-4.13.0-12-generic, linux-image-4.10.0-24-generic, linux-
  image-4.8.0-56-generic, linux-image-4.4.0-81-generic, linux-
  image-3.13.0-121-generic | Regression: many user-space apps crashing

Status in LibreOffice:
  Won't Fix
Status in linux package in Ubuntu:
Status in linux source package in Xenial:
Status in linux source package in Artful:
  Won't Fix
Status in linux source package in Bionic:
Status in linux package in Debian:
  Fix Released

Bug description:
  Distribution: Ubuntu 16.04 x64 (Flavour: KDE Neon User Edition 5.10)

  linux-image-4.4.0-81-generic appears to contain a regression, probably
  related to the CVE-2017-1000364 fix backport / patch.

  Using this kernel, the Oracle Java browser plugin always crashes
  during stack-related actions on initialization. This means, the plugin
  completely stopped working.

  It works perfectly fine in linux-image-4.4.0-79-generic (vurlerable to 
CVE-2017-1000364) as well as linux-image-4.11.6-041106-generic, which also 
contains a fix for CVE-2017-1000364.

  uname -a:

  > Linux Zweiblum 4.4.0-81-generic #104-Ubuntu SMP Wed Jun 14 08:17:06
  UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

  I tested Oracle Java 1.8 u131 as well as 1.6 u64 in Firefox 51.0.1 as
  well as Iceweasel / Firefox/3.5.16 in a chroot.

  Using linux-image-4.4.0-81-generic it crashes in all combinations
  while with both other kernels it works.

  I was not able to obtain any detailed crash information from Firefox 51.0.1, 
but Iceweasel 3.5.16 crashed completely, allowing me to obtain a stack trace 
which shows the relation to stack operations performed by the plugin, even 
without proper debug symbols:

  > (gdb) bt full
  > #0  0x00007fa06d805307 in _expand_stack_to(unsigned char*) () from 
  > No symbol table info available.
  > #1  0x00007fa06d8053ae in os::Linux::manually_expand_stack(JavaThread*, 
unsigned char*) ()
  >    from /opt/java-8-oracle/jre/lib/amd64/server/libjvm.so
  > No symbol table info available.
  > #2  0x00007fa06d80cf0b in JVM_handle_linux_signal () from 
  > No symbol table info available.
  > #3  0x00007fa06d802e13 in signalHandler(int, siginfo*, void*) () from 
  > No symbol table info available.
  > #4  <signal handler called>

  I first assumed a bug in the Java plugin, but it works fine in Linux 4.11.6.

  The crash will be triggered by any applet, for example the test applet at:

  * https://java.com/en/download/installed8.jsp

  I'm running the Ubuntu 16.04 based KDE Neon distribution which somehow 
apparently does not allow me to use apport to report this bug:

  > $ LANG= apport-cli linux-image-4.4.0-81-generic
  > *** Collecting problem information
  > The collected information can be sent to the developers to improve the
  > application. This might take a few minutes.
  > .........
  > *** Problem in linux-image-4.4.0-81-generic
  > The problem cannot be reported:
  > This is not an official KDE package. Please remove any third party package 
and try again.

  If someone can tell me how to get apport working for this package, I
  can use it to collect additional information, but (unfortunately?) the
  problem should be fairly easy to reproduce...

To manage notifications about this bug go to:

Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to