Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1464185

Summary: jsvc doesn't work after kernel update for CVE-2017-1000364
Product: Red Hat Enterprise Linux 7 Reporter: Coty Sutherland <csutherl>
Component: apache-commons-daemonAssignee: Java maintainers <java-maint>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 7.4CC: chris.reed, csutherl, dmoppert, hmatsumo, james.saffer, jkejda, kwalker, pasik, phoned
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-07-28 18:56:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1464237    
Bug Blocks: 1464064    

Description Coty Sutherland 2017-06-22 15:16:40 UTC 
Description of problem:
After updating the kernel to resolve CVE-2017-1000364 jsvc is not able to start a JVM anymore. The JVM can start without jsvc.

Version-Release number of selected component (if applicable):
apache-commons-daemon-jsvc-1.0.13-6.el7.x86_64

How reproducible:
Every time

Steps to Reproduce:
1. Create a small java application for jsvc to run.

$ cat Test.java
public class Test {
        public static void main(String[] args) {
                while (true) {
                        System.out.print(".");
                }
        }
}

2. Compile the test

$ javac Test.java

3. Try and start it with jsvc

$ /usr/bin/jsvc -debug Test

Actual results:

$ /usr/bin/jsvc -debug Test
+-- DUMPING PARSED COMMAND LINE ARGUMENTS --------------
| Detach:          True
| Show Version:    No
| Show Help:       No
| Check Only:      Disabled
| Stop:            False
| Wait:            0
| Run as service:  No
| Install service: No
| Remove service:  No
| JVM Name:        "null"
| Java Home:       "null"
| PID File:        "/var/run/jsvc.pid"
| User Name:       "null"
| Extra Options:   0
| Class Invoked:   "Test"
| Class Arguments: 0
+-------------------------------------------------------
Home not specified on command line, using environment
Home not on command line or in environment, searching
Attempting to locate Java Home in /usr/java/default
Path /usr/java/default is not a directory
Attempting to locate Java Home in /usr/java
Path /usr/java is not a directory
Attempting to locate Java Home in /usr/local/java
Path /usr/local/java is not a directory
Attempting to locate Java Home in /usr/lib/jvm/default-java
Path /usr/lib/jvm/default-java is not a directory
Attempting to locate Java Home in /usr/lib/jvm/java
Attempting to locate VM configuration file /usr/lib/jvm/java/jre/lib/jvm.cfg
Attempting to locate VM configuration file /usr/lib/jvm/java/lib/jvm.cfg
Attempting to locate VM configuration file /usr/lib/jvm/java/jre/lib/amd64/jvm.cfg
Found VM configuration file at /usr/lib/jvm/java/jre/lib/amd64/jvm.cfg
Found VM server definition in configuration
Checking library /usr/lib/jvm/java/jre/lib/amd64/server/libjvm.so
Found VM client definition in configuration
Checking library /usr/lib/jvm/java/jre/lib/amd64/client/libjvm.so
Checking library /usr/lib/jvm/java/lib/amd64/client/libjvm.so
Cannot locate library for VM client (skipping)
Found VM hotspot definition in configuration
Checking library /usr/lib/jvm/java/jre/lib/amd64/hotspot/libjvm.so
Checking library /usr/lib/jvm/java/lib/amd64/hotspot/libjvm.so
Cannot locate library for VM hotspot (skipping)
Found VM classic definition in configuration
Checking library /usr/lib/jvm/java/jre/lib/amd64/classic/libjvm.so
Checking library /usr/lib/jvm/java/lib/amd64/classic/libjvm.so
Cannot locate library for VM classic (skipping)
Found VM native definition in configuration
Checking library /usr/lib/jvm/java/jre/lib/amd64/native/libjvm.so
Checking library /usr/lib/jvm/java/lib/amd64/native/libjvm.so
Cannot locate library for VM native (skipping)
Found VM green definition in configuration
Checking library /usr/lib/jvm/java/jre/lib/amd64/green/libjvm.so
Checking library /usr/lib/jvm/java/lib/amd64/green/libjvm.so
Cannot locate library for VM green (skipping)
Java Home located in /usr/lib/jvm/java
+-- DUMPING JAVA HOME STRUCTURE ------------------------
| Java Home:       "/usr/lib/jvm/java"
| Java VM Config.: "/usr/lib/jvm/java/jre/lib/amd64/jvm.cfg"
| Found JVMs:      1
| JVM Name:        "server"
|                  "/usr/lib/jvm/java/jre/lib/amd64/server/libjvm.so"
+-------------------------------------------------------
Using default JVM in /usr/lib/jvm/java/jre/lib/amd64/server/libjvm.so
Invoking w/ LD_LIBRARY_PATH=/usr/lib/jvm/java/jre/lib/amd64/server:/usr/lib/jvm/java/jre/lib/amd64
+-- DUMPING PARSED COMMAND LINE ARGUMENTS --------------
| Detach:          True
| Show Version:    No
| Show Help:       No
| Check Only:      Disabled
| Stop:            False
| Wait:            0
| Run as service:  No
| Install service: No
| Remove service:  No
| JVM Name:        "null"
| Java Home:       "null"
| PID File:        "/var/run/jsvc.pid"
| User Name:       "null"
| Extra Options:   0
| Class Invoked:   "Test"
| Class Arguments: 0
+-------------------------------------------------------
Home not specified on command line, using environment
Home not on command line or in environment, searching
Attempting to locate Java Home in /usr/java/default
Path /usr/java/default is not a directory
Attempting to locate Java Home in /usr/java
Path /usr/java is not a directory
Attempting to locate Java Home in /usr/local/java
Path /usr/local/java is not a directory
Attempting to locate Java Home in /usr/lib/jvm/default-java
Path /usr/lib/jvm/default-java is not a directory
Attempting to locate Java Home in /usr/lib/jvm/java
Attempting to locate VM configuration file /usr/lib/jvm/java/jre/lib/jvm.cfg
Attempting to locate VM configuration file /usr/lib/jvm/java/lib/jvm.cfg
Attempting to locate VM configuration file /usr/lib/jvm/java/jre/lib/amd64/jvm.cfg
Found VM configuration file at /usr/lib/jvm/java/jre/lib/amd64/jvm.cfg
Found VM server definition in configuration
Checking library /usr/lib/jvm/java/jre/lib/amd64/server/libjvm.so
Found VM client definition in configuration
Checking library /usr/lib/jvm/java/jre/lib/amd64/client/libjvm.so
Checking library /usr/lib/jvm/java/lib/amd64/client/libjvm.so
Cannot locate library for VM client (skipping)
Found VM hotspot definition in configuration
Checking library /usr/lib/jvm/java/jre/lib/amd64/hotspot/libjvm.so
Checking library /usr/lib/jvm/java/lib/amd64/hotspot/libjvm.so
Cannot locate library for VM hotspot (skipping)
Found VM classic definition in configuration
Checking library /usr/lib/jvm/java/jre/lib/amd64/classic/libjvm.so
Checking library /usr/lib/jvm/java/lib/amd64/classic/libjvm.so
Cannot locate library for VM classic (skipping)
Found VM native definition in configuration
Checking library /usr/lib/jvm/java/jre/lib/amd64/native/libjvm.so
Checking library /usr/lib/jvm/java/lib/amd64/native/libjvm.so
Cannot locate library for VM native (skipping)
Found VM green definition in configuration
Checking library /usr/lib/jvm/java/jre/lib/amd64/green/libjvm.so
Checking library /usr/lib/jvm/java/lib/amd64/green/libjvm.so
Cannot locate library for VM green (skipping)
Java Home located in /usr/lib/jvm/java
+-- DUMPING JAVA HOME STRUCTURE ------------------------
| Java Home:       "/usr/lib/jvm/java"
| Java VM Config.: "/usr/lib/jvm/java/jre/lib/amd64/jvm.cfg"
| Found JVMs:      1
| JVM Name:        "server"
|                  "/usr/lib/jvm/java/jre/lib/amd64/server/libjvm.so"
+-------------------------------------------------------
Running w/ LD_LIBRARY_PATH=/usr/lib/jvm/java/jre/lib/amd64/server:/usr/lib/jvm/java/jre/lib/amd64
redirecting stdout to /dev/null and stderr to /dev/null
Switching umask back to 022 from 077
Using default JVM in /usr/lib/jvm/java/jre/lib/amd64/server/libjvm.so
Attemtping to load library /usr/lib/jvm/java/jre/lib/amd64/server/libjvm.so
JVM library /usr/lib/jvm/java/jre/lib/amd64/server/libjvm.so loaded
JVM library entry point found (0xDC4DD170)
+-- DUMPING JAVA VM CREATION ARGUMENTS -----------------
| Version:                       0x010004
| Ignore Unrecognized Arguments: False
| Extra options:                 0
+-------------------------------------------------------
| Internal options:              4
|   "-Dcommons.daemon.process.id=12087" (0x00000000)
|   "-Dcommons.daemon.process.parent=12086" (0x00000000)
|   "-Dcommons.daemon.version=1.0.13" (0x00000000)
|   "abort" (0x00405760)
+-------------------------------------------------------
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGBUS (0x7) at pc=0x00007fedd7a28541, pid=12087, tid=140659598960448
#
# JRE version:  (7.0_141-b02) (build )
# Java VM: OpenJDK 64-Bit Server VM (24.141-b02 mixed mode linux-amd64 compressed oops)
# Derivative: IcedTea 2.6.10
# Distribution: Red Hat Enterprise Linux Server release 7.3 (Maipo), package rhel-2.6.10.1.el7_3-x86_64 u141-b02
# Problematic frame:
# j  java.lang.Object.<clinit>()V+0
#
# Failed to write core dump. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# An error report file with more information is saved as:
# /tmp/jvm-12087/hs_error.log
#
# If you would like to submit a bug report, please include
# instructions on how to reproduce the bug and visit:
#   http://icedtea.classpath.org/bugzilla
#
Reloading service
Waiting 60 s to prevent looping

Expected results:
Jsvc successfully starts the application as a daemon and the JVM doesn't crash.

Additional info:
It tries to restart the application and crashes generating an hs_err_pid* file every 60 seconds until you `kill -9` jsvc.
Comment 6 Brandon Bremen 2017-06-23 17:03:42 UTC 
Debian is correcting their kernel patch for CVE-2017-1000364 which also suffers from this regression.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865303

For reference, their new patch is available at:

https://anonscm.debian.org/cgit/kernel/linux.git/commit/?h=benh/jessie-security&id=917c0e5682eafc89bf9b6b041b7b019332d6fb08

Is a similar fix likely to be applied to the Red Hat kernel?

I haven't seen any comments from the jsvc maintainers about why jsvc is affected and whether it is partially at fault or not.
Comment 7 Chris Reed 2017-06-26 15:36:03 UTC 
According to bug 1461333, bug 1464237 is tracking userland breakage; but I don't have permissions to view bug 1464237.
Comment 8 David 2017-06-26 23:10:20 UTC 
We've hit this on RHEL 6 (2.6.32-696.3.2) as well (as mentioned in other bugs) using a large vendors product.
Comment 10 James 2017-07-08 19:05:41 UTC 
Haven't verified myself It appears there is a bugfix kernel for RHEL7
https://access.redhat.com/errata/RHBA-2017:1674
Comment 14 Kyle Walker 2017-07-28 18:56:59 UTC 
Initial testing of this particular failure indicates that this is a duplicate of the issue documented in the following article:

    JVM crashes after updating to kernel with patch for Stack Guard flaw (CVE-2017-1000364) - Red Hat Customer Portal
    https://access.redhat.com/solutions/3091371


With that being the case, I am closing this bug as a DUPLICATE. Please feel free to reopen this bug in future if the issue is still present after updating to a kernel version included in the resolution section of the above article.

- Kyle Walker

*** This bug has been marked as a duplicate of bug 1464290 ***