Bug 1468436 - Libreoffice Writer crashing with segmentation fault in libjvm.so _expand_stack_to when wiki plugin installed
Libreoffice Writer crashing with segmentation fault in libjvm.so _expand_stac...
Status: CLOSED EOL
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
26
i686 Linux
unspecified Severity medium
: ---
: ---
Assigned To: Kernel Maintainer List
Fedora Extras Quality Assurance
:
: 1471293 1473485 1473920 1479762 1483537 1497523 (view as bug list)
Depends On:
Blocks: x86Tracker
  Show dependency treegraph
 
Reported: 2017-07-07 01:42 EDT by Yura
Modified: 2018-05-29 08:57 EDT (History)
44 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-05-29 08:57:24 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Back trace of libreoffice (21.10 KB, text/plain)
2017-07-07 01:42 EDT, Yura
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Launchpad 1700010 None None None 2017-07-07 06:38 EDT

  None (edit)
Description Yura 2017-07-07 01:42:10 EDT
Created attachment 1295176 [details]
Back trace of libreoffice

Description of problem:
When launch libreoffice writer it's simply crashing.
There is few ways to reproduce crash but all of them related to interacting with wiki plugin.
For example it's enough to launch libreoffice and select wiki plugin in options then libreoffice crashing even without launching writer.
 

Version-Release number of selected component (if applicable):
------------------
$ cat /etc/fedora-release 
Fedora release 24 (Twenty Four)
------------------
$ uname -a
Linux happyfedora 4.11.8-100.fc24.i686+PAE #1 SMP Thu Jun 29 18:32:30 UTC 2017 i686 i686 i386 GNU/Linux
------------------
# dnf list libreoffice
Last metadata expiration check: 2:54:28 ago on Fri Jul  7 05:12:26 2017.
Installed Packages
libreoffice.i686     1:5.1.6.2-8.fc24                     @updates      
------------------
# dnf list libreoffice-wiki-publisher
Last metadata expiration check: 2:55:50 ago on Fri Jul  7 05:12:26 2017.
Available Packages
libreoffice-wiki-publisher.i686      1:5.1.6.2-8.fc24             updates
------------------
[root@happyfedora happiness]# dnf list java*
Last metadata expiration check: 0:26:14 ago on Fri Jul  7 08:12:43 2017.
Installed Packages
java-1.8.0-openjdk.i686        1:1.8.0.131-3.b12.fc24     @updates-testing
------------------

How reproducible:
Reproduced every time when startup writer.
Or simply launch libreoffice and go to options find wiki plugin and select it.

Steps to Reproduce:
1. install wiki plugin
# dnf install libreoffice-wiki-publisher
2. Execute (add --backtrace to create gdbtrace.log)
$ libreoffice --writer

Actual results:
Crash of libreoffice backtrace file attached

Expected results:
no crash

Additional info:
Comment 1 Caolan McNamara 2017-07-07 05:32:04 EDT
I don't get a crash under f25 on installing the publisher and checking tools->options->internet->mediawiki so I can't reproduce this

--backtrace unfortunately will stop at the first SEGV and java generates loads of them so its tricky to get the right backtrace automatically

caolanm->sberg: any ideas ?
Comment 2 Michael Stahl 2017-07-07 06:13:11 EDT
it's possible that this _expand_stack_to isn't the usual harmless
JVM SIGSEGV but something different.

_rene_ reported seeing this on Debian:

https://buildd.debian.org/status/fetch.php?pkg=libreoffice&arch=i386&ver=1%3A5.3.4-1&stamp=1498442560&raw=0
Comment 3 Caolan McNamara 2017-07-07 06:38:48 EDT
hum, maybe we have hit a kernel bug then ?

https://lkml.org/lkml/2017/7/4/610
Comment 4 Caolan McNamara 2017-07-07 07:37:02 EDT
https://lwn.net/Articles/727206/

anyhow, fix is presumably required either in openjdk or the kernel and not in libreoffice so I'll push it down a level
Comment 5 Yura 2017-07-07 10:05:01 EDT
Hi sorry for an intrusion 
just update I've tried with Fedora 25 installed on virtualbox 
and it's reproduced

some info
 ----------
Linux localhost.localdomain 4.11.8-200.fc25.i686+PAE #1 SMP Thu Jun 29 16:36:01 UTC 2017 i686 i686 i386 GNU/Linux
----------
libreoffice.i686                   1:5.2.7.2-4.fc25
----------
libreoffice-wiki-publisher.i686    1:5.2.7.2-4.fc25 
----------
java-1.8.0-openjdk.i686            1:1.8.0.131-1.b12.fc25

tell me if I can provide more info
Comment 6 Deepak Bhole 2017-07-07 11:36:36 EDT
Are you able to verify that using an older kernel does _not_ cause this crash?
Comment 7 Yura 2017-07-07 16:23:10 EDT
(In reply to Deepak Bhole from comment #6)
> Are you able to verify that using an older kernel does _not_ cause this
> crash?

yes lucky me the last saved kernel work, nice idea and looks like problem localized

simply I've boot into old kernel and no crash.

so results:
---- NO CRASH ----
Linux happyfedora 4.11.5-100.fc24.i686+PAE #1 SMP Wed Jun 14 17:44:34 UTC 2017 i686 i686 i386 GNU/Linux
------------------

---- CRASH ----
Linux happyfedora 4.11.6-101.fc24.i686+PAE #1 SMP Tue Jun 20 16:50:52 UTC 2017 i686 i686 i386 GNU/Linux
---------------
Comment 8 Michael Stahl 2017-07-21 05:33:50 EDT
*** Bug 1473485 has been marked as a duplicate of this bug. ***
Comment 9 Caolan McNamara 2017-07-22 09:11:40 EDT
*** Bug 1473920 has been marked as a duplicate of this bug. ***
Comment 10 David H. Gutteridge 2017-07-24 21:15:00 EDT
I'm hitting the same bug; in my case the issue is caused by the LanguageTool plugin for Writer, which requires Java. If I disable LanguageTool, Writer runs fine. This is again on i686. I cannot reproduce the problem on x86_64.

I can also reproduce this with 4.12 kernels, e.g. kernel-4.12.0-1.fc27. I updated to the latest OpenJDK in updates-testing (java-1.8.0-openjdk-1.8.0.141-1.b16), and that makes no difference for me.
Comment 11 Fedora End Of Life 2017-07-25 20:26:20 EDT
This message is a reminder that Fedora 24 is nearing its end of life.
Approximately 2 (two) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 24. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '24'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not
able to fix it before Fedora 24 is end of life. If you would still like
to see this bug fixed and are able to reproduce it against a later version
of Fedora, you are encouraged  change the 'version' to a later Fedora
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.
Comment 12 Andreas Bleischwitz 2017-07-26 15:18:49 EDT
Same issue with Fedora 26 and *all* available i686 kernel for FC26.

java-1.8.0-openjdk-headless-1.8.0.131-7.b12.fc26.i686
libreoffice-core-5.3.4.2-4.fc26.i686

Workaround: install kernel-PAE-4.8.6-300.fc25.i686 from fedora-25

# dnf install kernel-PAE-4.8.6-300.fc25 --releasever=25

# journalctl -xn

Jul 26 19:56:39 example systemd-coredump[2359]: Process 2346 (soffice.bin) of user 1000 dumped core.
                                                                
                                                                Stack trace of thread 2346:
                                                                #0  0x00000000a789e0a5 _ZL16_expand_stack_toPh (libjvm.so)
                                                                #1  0x00000000a78a0b6b _ZN2os5Linux21manually_expand_stackEP10JavaThreadPh (libjvm.so)
                                                                #2  0x00000000a78ad147 _ZN2os18create_main_threadEP10JavaThread (libjvm.so)
                                                                #3  0x00000000a7a11525 _ZN7Threads9create_vmEP14JavaVMInitArgsPb (libjvm.so)
                                                                #4  0x00000000a766b185 JNI_CreateJavaVM (libjvm.so)
                                                                #5  0x00000000b156266e _Z34jfw_plugin_startJavaVirtualMachinePK8JavaInfoPK12JavaVMOptionlPP7JavaVM_PP7JNIEnv_ (libjvmfwklo.so)
                                                                #6  0x00000000b15745fd _Z11jfw_startVMPK8JavaInfoP12JavaVMOptionlPP7JavaVM_PP7JNIEnv_ (libjvmfwklo.so)
                                                                #7  0x00000000a811d60a _ZN11stoc_javavm18JavaVirtualMachine9getJavaVMERKN3com3sun4star3uno8SequenceIaEE (libjavavmlo.so)
                                                                #8  0x00000000a8f047e8 _ZN15stoc_javaloader19JavaComponentLoader13getJavaLoaderEv (libjavaloaderlo.so)
                                                                #9  0x00000000a8f061b7 _ZN15stoc_javaloader19JavaComponentLoader17writeRegistryInfoERKN3com3sun4star3uno9ReferenceINS3_8registry12XRegistryKeyEEERKN3rtl8OUStringE
                                                                #10 0x00000000a814d72d _ZN12_GLOBAL__N_126ImplementationRegistration10doRegisterERKN3com3sun4star3uno9ReferenceINS3_4lang22XMultiComponentFactoryEEERKNS5_INS4_17X
                                                                #11 0x00000000a814fc1e _ZN12_GLOBAL__N_126ImplementationRegistration15prepareRegisterERKN3rtl8OUStringES4_S4_RKN3com3sun4star3uno9ReferenceINS7_8registry15XSimple
                                                                #12 0x00000000a9d7c313 _ZN11dp_registry7backend9component12_GLOBAL__N_111BackendImpl20ComponentPackageImpl15processPackage_ERN3osl15ResettableGuardINS5_5MutexEEEb
                                                                #13 0x00000000a9d9decf _ZN11dp_registry7backend7Package19processPackage_implEbbRKN3com3sun4star3uno9ReferenceINS4_4task13XAbortChannelEEERKNS6_INS4_3ucb19XCommand
                                                                #14 0x00000000a9d9e6ff _ZN11dp_registry7backend7Package15registerPackageEhRKN3com3sun4star3uno9ReferenceINS4_4task13XAbortChannelEEERKNS6_INS4_3ucb19XCommandEnvir
                                                                #15 0x00000000a9dc85cb _ZN11dp_registry7backend6bundle12_GLOBAL__N_111BackendImpl11PackageImpl15processPackage_ERN3osl15ResettableGuardINS5_5MutexEEEbbRKN3rtl9Ref
                                                                #16 0x00000000a9d9decf _ZN11dp_registry7backend7Package19processPackage_implEbbRKN3com3sun4star3uno9ReferenceINS4_4task13XAbortChannelEEERKNS6_INS4_3ucb19XCommand
                                                                #17 0x00000000a9d9e6ff _ZN11dp_registry7backend7Package15registerPackageEhRKN3com3sun4star3uno9ReferenceINS4_4task13XAbortChannelEEERKNS6_INS4_3ucb19XCommandEnvir
                                                                #18 0x00000000a9d4a846 _ZN10dp_manager16ExtensionManager17activateExtensionERKN3com3sun4star3uno8SequenceINS4_9ReferenceINS3_10deployment8XPackageEEEEEbbRKNS6_INS
                                                                #19 0x00000000a9d4cea2 _ZN10dp_manager16ExtensionManager11synchronizeERKN3com3sun4star3uno9ReferenceINS3_4task13XAbortChannelEEERKNS5_INS3_3ucb19XCommandEnvironme
                                                                #20 0x00000000b672127a _ZN7dp_misc16syncRepositoriesEbRKN3com3sun4star3uno9ReferenceINS2_3ucb19XCommandEnvironmentEEE (libdeploymentmisclo.so)
                                                                #21 0x00000000b75ee7d5 _ZN7desktop7Desktop32SynchronizeExtensionRepositoriesEv (libsofficeapp.so)
                                                                #22 0x00000000b75e0802 _ZN7desktop7Desktop4MainEv (libsofficeapp.so)
                                                                #23 0x00000000b4230222 _Z10ImplSVMainv (libvcllo.so)
                                                                #24 0x00000000b4230359 _Z6SVMainv (libvcllo.so)
                                                                #25 0x00000000b7616d35 soffice_main (libsofficeapp.so)
                                                                #26 0x000000008001f5cc main (soffice.bin)
                                                                #27 0x00000000b73d32f3 __libc_start_main (libc.so.6)
                                                                #28 0x000000008001f60f _start (soffice.bin)
Comment 13 Adam Benjamin 2017-08-03 14:35:38 EDT
I was getting a similar crash, but no wiki plugin installed.  But, given the idea from this thread, I removed libreoffice-writer2latex-1.0.2-20.fc26.i686 and bingo - working again.  Let me know if more diagnostic information is required/helpful - but I expect you can reproduce.  Seems pretty decisive.  Uninstall = working.  Install = crashing.
Comment 14 Deepak Bhole 2017-08-04 16:37:12 EDT
Hi, is this problem still happening? One of the more recent kernel updates should have addressed this.
Comment 15 Adam Benjamin 2017-08-04 16:39:49 EDT
My post, yesterday, was on a freshly upgraded/patched Fedora 26, running 4.11.11-300.fc26.i686.
Comment 16 Yura 2017-08-05 01:23:06 EDT
(In reply to Deepak Bhole from comment #14)
> Hi, is this problem still happening? One of the more recent kernel updates
> should have addressed this.

Hi, yes still happening after upgrade to F26

Updated components versions now:
-----------------
# cat /etc/fedora-release 
Fedora release 26 (Twenty Six)
-----------------

-----------------
# uname -a
Linux happyfedora 4.11.8-300.fc26.i686+PAE #1 SMP Thu Jun 29 20:38:21 UTC 2017 i686 i686 i386 GNU/Linux
-----------------

-----------------
# dnf list libreoffice
libreoffice.i686 1:5.3.4.2-6.fc26
-----------------

-----------------
# dnf list libreoffice-wiki-publisher
libreoffice-wiki-publisher.i686 1:5.3.4.2-6.fc26
-----------------

-----------------
# dnf list java
java-1.8.0-openjdk.i686 1:1.8.0.141-1.b16.fc26
-----------------
Comment 17 Deepak Bhole 2017-08-08 12:39:52 EDT
(In reply to Yura from comment #16)
> (In reply to Deepak Bhole from comment #14)
> > Hi, is this problem still happening? One of the more recent kernel updates
> > should have addressed this.
> 
> Hi, yes still happening after upgrade to F26
> 
> Updated components versions now:
> -----------------
> # cat /etc/fedora-release 
> Fedora release 26 (Twenty Six)
> -----------------
> 
> -----------------
> # uname -a
> Linux happyfedora 4.11.8-300.fc26.i686+PAE #1 SMP Thu Jun 29 20:38:21 UTC
> 2017 i686 i686 i386 GNU/Linux
> -----------------
> 

This is a much older kernel. Are you able to try with the latest? Latest stable in F26 is 4.11.12:
https://bodhi.fedoraproject.org/updates/?packages=kernel
Comment 18 Yura 2017-08-09 00:09:11 EDT
(In reply to Deepak Bhole from comment #17)

> This is a much older kernel. Are you able to try with the latest? Latest
> stable in F26 is 4.11.12:
> https://bodhi.fedoraproject.org/updates/?packages=kernel

hm currently it's not available for me in repos for FC26 but before upgrade from FC24 I have it, so I'm able to boot into FC24 4.11.12 on upgraded FC26
kernel-PAE-4.11.12-100.fc24.i686
wiki still crashed

my current FC26 kernel is kernel-PAE-4.11.11-300.fc26.i686 here it's too crashing
Comment 19 David H. Gutteridge 2017-08-13 22:06:28 EDT
This is still an issue with kernel 4.12.6-300.fc26.i686, built in Koji but not yet in updates-testing.
Comment 20 Michael Stahl 2017-08-14 16:04:11 EDT
*** Bug 1479762 has been marked as a duplicate of this bug. ***
Comment 21 Michael Stahl 2017-08-21 08:01:33 EDT
*** Bug 1483537 has been marked as a duplicate of this bug. ***
Comment 22 Enrique Meléndez 2017-08-21 14:35:38 EDT
*** Bug 1483537 has been marked as a duplicate of this bug. ***
Comment 23 David H. Gutteridge 2017-09-02 14:02:08 EDT
There is a workaround for this issue, for users who really need Java enabled with LibreOffice. Add the kernel parameter "stack_guard_gap=1". I tested this and found it works for me. (The source for this information is https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865303#230.)

Still otherwise an issue with kernel 4.12.9-300.fc26.i686.
Comment 24 Caolan McNamara 2017-10-09 08:32:22 EDT
*** Bug 1497523 has been marked as a duplicate of this bug. ***
Comment 25 Francois Romieu 2017-11-12 15:03:17 EST
Same thing that comment #23  with java-1.8.0-openjdk-1.8.0.151-1.b12.fc26.i386
and any of
- kernel-4.12.14-300.fc26.i686
- kernel-4.13.11-200.fc26.i686

-- 
Ueimor
Comment 26 Th. Siraut 2017-11-13 14:21:07 EST
(In reply to Francois Romieu from comment #25)
> Same thing that comment #23  with
> java-1.8.0-openjdk-1.8.0.151-1.b12.fc26.i386
> and any of
> - kernel-4.12.14-300.fc26.i686
> - kernel-4.13.11-200.fc26.i686
> 
> -- 
> Ueimor

Exactly, I confirm comment #23 and #25.
Thanks David H. Gutteridge for the solution.
Comment 27 David Tardon 2017-12-24 04:35:35 EST
*** Bug 1471293 has been marked as a duplicate of this bug. ***
Comment 28 Stephan Bergmann 2018-02-12 11:05:01 EST
Is there a chance to get this fixed?

This issue now started to hit me when doing LibreOffice Flatpak builds on Flathub (with a Flatpak-provided OpenJDK 9), which includes doing i386 builds, which includes running certain LibreOffice tests during the build that instantiate a JVM in the test process.  These tests crash with SIGSEGV in _expand_stack_to, on my local machine with kernel 4.14.16-300.fc27.x86_64 (where I could debug the Flatpak build failure down to be this issue) as well as on various Flathub builders like flathub-builder-pdx1 with kernel 3.10.0-693.11.6.el7.x86_64 (where I very much assume the Flatpak build failures to be caused by this issue given the symptoms in the build logs; see also <https://cgit.freedesktop.org/libreoffice/core/commit/?id=9cf2616c5e709b595eeee6ab88dacdfad2003f98> "Work around i386 kernel vs. JVM bug for now by disabling all tests on i386").

(Debian seems to have addressed this with a kernel patch, see <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865303#492>.)
Comment 29 Deepak Bhole 2018-02-16 12:45:00 EST
This is a problem in the kernel and unfortunately there is nothing the JVM can do. RHEL kernel was fixed with this update: https://access.redhat.com/errata/RHSA-2017:2412

Unfortunately I don't know enough about the Fedora kernel to identify the exact fix. Here is the relevant portion that may help the Fedora kernel maintainers:

"When upgrading to kernel with the fix for stack guard flaw, a crash could occur in Java Virtual Machine (JVM) environments, which attempted to implement their own stack guard page. With this update, the underlying source code has been fixed to consider the PROT_NONE mapping as a part of the stack, and the crash in JVM no longer occurs under the described circumstances. (BZ#1467938)"

Re-assigning to kernel.
Comment 30 Laura Abbott 2018-02-16 13:04:31 EST
This needs to be tracked as an i686 issue. There was never a consensus upstream about this.
Comment 31 Eduard Vopicka 2018-05-02 07:59:59 EDT
When it hanged state, reaction to <Ctrl>+<Alt>+<Del> is "reboot: Restarting system" followed by immediate reboot.
Comment 32 Eduard Vopicka 2018-05-02 08:05:43 EDT
Sorry for my above comment, my mistake, it is not related to this problem.
Comment 33 Fedora End Of Life 2018-05-03 04:42:08 EDT
This message is a reminder that Fedora 26 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 26. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '26'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not
able to fix it before Fedora 26 is end of life. If you would still like
to see this bug fixed and are able to reproduce it against a later version
of Fedora, you are encouraged  change the 'version' to a later Fedora
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.
Comment 34 David H. Gutteridge 2018-05-03 20:59:25 EDT
This is still relevant for Fedora 27 (and probably 28, though I'm not in a position to confirm that at the moment).
Comment 35 Fedora End Of Life 2018-05-29 08:57:24 EDT
Fedora 26 changed to end-of-life (EOL) status on 2018-05-29. Fedora 26
is no longer maintained, which means that it will not receive any
further security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.