Bug 969884

Summary: [abrt] java-1.7.0-openjdk- strchr: Process /usr/lib/jvm/java-1.7.0-openjdk- was killed by signal 11 (SIGSEGV)
Product: [Fedora] Fedora Reporter: Christian Stadelmann <fedora>
Component: java-1.7.0-openjdkAssignee: Andrew John Hughes <ahughes>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 18CC: ahughes, dbhole, jerboaa, jvanek, omajid
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:07eb6b3663c67b56b10fef236bb9fdee6e679fd4
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-07-01 08:25:39 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Description Flags
File: backtrace
File: cgroup
File: core_backtrace
File: dso_list
File: environ
File: limits
File: maps
File: open_fds
File: proc_pid_status
File: var_log_messages none

Description Christian Stadelmann 2013-06-02 18:13:01 EDT
Description of problem:
java incorrectly handles command line parameters which will make java crash on illegal arguments.

How to reproduce:
start java from command line like this:
java -jar -Xmx4096M.
(note the . at the end of the otherwise valid parameter)
java -jar -Xmx128M
java -jar -Xms512M -Xmx1024M./something.jar

Expected behavior:
Java should display an error message or the CLI help as of executing java --help

What actually happens:
Java crashes with segmentation fault

Additional information:
Backtrace from gdb:
#0  __strchr_sse42 () at ../sysdeps/x86_64/multiarch/strchr.S:134
#1  0x0000003909e0711f in JLI_WildcardExpandClasspath (classpath=classpath@entry=0x0)
    at ../../../src/share/bin/wildcard.c:408
#2  0x0000003909e05529 in SetClassPath (s=0x0) at ../../../src/share/bin/java.c:696
#3  JLI_Launch (argc=2, argv=0x602098, jargc=jargc@entry=1, jargv=jargv@entry=0x0, appclassc=appclassc@entry=1, 
    appclassv=appclassv@entry=0x0, fullversion=fullversion@entry=0x400870 "1.7.0_19-mockbuild_2013_05_15_15_51-b00", 
    dotversion=dotversion@entry=0x400865 "1.7", pname=pname@entry=0x400860 "java", 
    lname=lname@entry=0x400860 "java", javaargs=javaargs@entry=0 '\000', cpwildcard=cpwildcard@entry=1 '\001', 
    javaw=javaw@entry=0 '\000', ergo=ergo@entry=0) at ../../../src/share/bin/java.c:283
#4  0x00000000004006b5 in main (argc=<optimized out>, argv=<optimized out>) at ../../../../src/share/bin/main.c:125

Version-Release number of selected component:

Additional info:
reporter:       libreport-2.1.4
backtrace_rating: 4
cmdline:        java -jar -Xms512M -Xmx4096M./jdiskreport-1.4.0.jar
crash_function: strchr
executable:     /usr/lib/jvm/java-1.7.0-openjdk-
kernel:         3.9.2-200.fc18.x86_64
runlevel:       N 5
uid:            1000

Truncated backtrace:
Thread no. 1 (4 frames)
 #0 strchr at ../sysdeps/x86_64/multiarch/strchr.S:134
 #1 JLI_WildcardExpandClasspath at ../../../src/share/bin/wildcard.c:408
 #2 SetClassPath at ../../../src/share/bin/java.c:696
 #3 JLI_Launch at ../../../src/share/bin/java.c:283

Potential duplicate: bug 875398
Comment 1 Christian Stadelmann 2013-06-02 18:13:06 EDT
Created attachment 756111 [details]
File: backtrace
Comment 2 Christian Stadelmann 2013-06-02 18:13:09 EDT
Created attachment 756112 [details]
File: cgroup
Comment 3 Christian Stadelmann 2013-06-02 18:13:12 EDT
Created attachment 756113 [details]
File: core_backtrace
Comment 4 Christian Stadelmann 2013-06-02 18:13:15 EDT
Created attachment 756114 [details]
File: dso_list
Comment 5 Christian Stadelmann 2013-06-02 18:13:19 EDT
Created attachment 756115 [details]
File: environ
Comment 6 Christian Stadelmann 2013-06-02 18:13:22 EDT
Created attachment 756116 [details]
File: limits
Comment 7 Christian Stadelmann 2013-06-02 18:13:25 EDT
Created attachment 756117 [details]
File: maps
Comment 8 Christian Stadelmann 2013-06-02 18:13:28 EDT
Created attachment 756118 [details]
File: open_fds
Comment 9 Christian Stadelmann 2013-06-02 18:13:32 EDT
Created attachment 756119 [details]
File: proc_pid_status
Comment 10 Christian Stadelmann 2013-06-02 18:13:35 EDT
Created attachment 756120 [details]
File: var_log_messages
Comment 11 Christian Stadelmann 2013-06-02 18:16:13 EDT
I know that this is an upstream bug but I found no way to report it (http://openjdk.java.net/ just mentions where to send patches, not where to report bugs and Sun Bugzilla is private/read-only).
Comment 12 Andrew John Hughes 2013-06-03 09:06:30 EDT
This seems to be fixed with the upcoming 2.4 release:

$ /home/andrew/build/icedtea7/bin/java -jar -Xmx4096M.
Invalid maximum heap size: -Xmx4096M.
Error: Could not create the Java Virtual Machine.
Error: A fatal exception has occurred. Program will exit.
$ /home/andrew/build/icedtea7-2.3/bin/java -jar -Xmx4096M.
Segmentation fault (core dumped)
$ /home/andrew/build/icedtea7-2.2/bin/java -jar -Xmx4096M.
Segmentation fault (core dumped)
$ /home/andrew/build/icedtea7-2.1/bin/java -jar -Xmx4096M.
Segmentation fault (core dumped)

6 seems to be fine so you could use that in the meantime: 

$ /usr/lib/jvm/icedtea-6/bin/java -jar -Xmx4096M.
Invalid maximum heap size: -Xmx4096M.
Could not create the Java virtual machine.
Comment 13 Andrew John Hughes 2013-06-03 09:07:54 EDT
I suspect:

changeset:   5561:6bd9089ebe96
user:        ksrini
date:        Thu Aug 16 08:29:30 2012 -0700
summary:     7151434: java -jar -XX crashes java launcher
Comment 14 Christian Stadelmann 2013-06-03 13:24:32 EDT
Should be this one: http://planetjava.org/java-openjdk-core-libs-devel/2012-04/msg00037.html
Comment 15 Andrew John Hughes 2013-06-04 04:36:55 EDT
Why are you closing this?  The fix has not been packaged yet.
Comment 16 Christian Stadelmann 2013-06-04 12:28:50 EDT
Sorry, I didn't know how you are handling this.
Comment 17 Andrew John Hughes 2013-06-04 12:46:46 EDT
It's ok.  I'm just used to closing things myself ;-)
Comment 18 Andrew John Hughes 2013-06-11 10:46:06 EDT
Fixed in http://blog.fuseyism.com/index.php/2013/06/10/icedtea-2-4-0-released/ and backporting to earlier versions.
Comment 19 Andrew John Hughes 2013-06-30 19:03:03 EDT
In 2.3.10: http://blog.fuseyism.com/index.php/2013/06/28/security-icedtea-2-3-10-for-openjdk-7-released/

Needs jvanek to confirm when this is packaged.
Comment 20 jiri vanek 2013-07-01 08:25:39 EDT
Fedora 18 have already received fixed b25 (based on 2.3.10 Andrew is linking, so issue should be fixed.

f17 and f19 are still in testing repo.