P4
Name: jl125535 Date: 01/26/2004
FULL PRODUCT VERSION :
java version "1.4.2_03"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_03-b02)
Java HotSpot(TM) Client VM (build 1.4.2_03-b02, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux xxx 2.4.24-grsec #1 SMP i686 unknown unknown GNU/Linux
EXTRA RELEVANT SYSTEM CONFIGURATION :
symlink to /usr/local/java/jre/plugin/i386/ns610-gcc32/libjavaplugin_oji.so in /usr/local/mozilla/plugins
gcc version 3.2.2 (Mandrake Linux 9.1 3.2.2-3mdk)
I am using Mozilla from www.mozillapl.org
(http://mozillapl.org/index.php?name=MozillaPLMirrors&dfile=aHR0cDovL29zZG4uZGwuc291cmNlZm9yZ2UubmV0L3NvdXJjZWZvcmdlL21vemlsbGFwbC9Nb3ppbGxhUEwub3JnLU1vemlsbGFQTC1MaW51eC1pNjg2LTEuNi50YXIuYnoy)
- this is 'improved' version of original Mozilla from mozilla.org.
But today i've also checked original Mozilla from mozilla.org and
MozillaFirebird from mozillapl.org.
Both crashes the same - and creates hs_err_pid*pid*.log
Unfortunately i can't test it without grsecurity (i *guess* it is the
problem)
A DESCRIPTION OF THE PROBLEM :
When i enter a site that uses java Mozilla (already tested on Mozilla 1.6) crashes and in syslog i can see:
Jan 21 15:44:50 gandalf kernel: grsec: signal 11 sent to (java_vm:*pid*) UID(*uid*) EUID(*euid*), parent (mozilla-bin:*pid*) UID(*pid*) EUID(*pid*)
Jan 21 15:44:50 gandalf kernel: grsec: signal 6 sent to (java_vm:*pid*) UID(*uid*) EUID(*euid*), parent (mozilla-bin:*pid*) UID(*pid*) EUID(*pid*)
It happens almost all the time, with all Mozilla versions, all Java versions.
I have no problem with compiling java programs using javac or running them using java.
I'm using grsecurity patch for kernel (www.grsecurity.net) with 'medium' security config. I've posted this on grsecurity.net forum but they can't help.
After Mozilla crash in my homedir appears a file hs_err_pid*pid*.log (see ERROR MESSAGES section below).
There are several grsecurity forum threads on this issue. Please see
http://forums.grsecurity.net/viewtopic.php?t=633
http://forums.grsecurity.net/viewtopic.php?t=478
http://forums.grsecurity.net/viewtopic.php?t=243
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Just open in Mozilla any web-page that uses java
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
no crash :)
ERROR MESSAGES/STACK TRACES THAT OCCUR :
hs_err_pid*pid*.log in homedir:
Unexpected Signal : 11 occurred at PC=0x50FBCE78
Function=[Unknown.]
Library=(N/A)
NOTE: We are unable to locate the function name symbol for the error
just occurred. Please refer to release documentation for possible
reason and solutions.
Current Java thread:
Dynamic libraries:
00000000-00000000 r-xp 00000000 08:07 115108 /usr/local/java/jre/bin/java_vm
00000000-00000000 rw-p 00002000 08:07 115108 /usr/local/java/jre/bin/java_vm
00000000-00000000 r-xp 00000000 08:01 271905 /lib/ld-2.3.1.so
00000000-00000000 rw-p 00011000 08:01 271905 /lib/ld-2.3.1.so
00000000-00000000 r-xp 00000000 08:07 115113 /usr/local/java/jre/lib/i386/native_threads/libhpi.so
00000000-00000000 rw-p 00007000 08:07 115113 /usr/local/java/jre/lib/i386/native_threads/libhpi.so
00000000-00000000 r-xp 00000000 08:01 335681 /lib/i686/libpthread-0.10.so
00000000-00000000 rw-p 0000d000 08:01 335681 /lib/i686/libpthread-0.10.so
00000000-00000000 r-xp 00000000 08:01 271480 /lib/libdl-2.3.1.so
00000000-00000000 rw-p 00001000 08:01 271480 /lib/libdl-2.3.1.so
00000000-00000000 r-xp 00000000 08:01 335687 /lib/i686/libc-2.3.1.so
00000000-00000000 rw-p 0012c000 08:01 335687 /lib/i686/libc-2.3.1.so
00000000-00000000 r-xp 00000000 08:07 589589 /usr/local/java/jre/lib/i386/client/libjvm.so
00000000-00000000 rw-p 003f9000 08:07 589589 /usr/local/java/jre/lib/i386/client/libjvm.so
00000000-00000000 r-xp 00000000 08:01 271502 /lib/libnsl-2.3.1.so
00000000-00000000 rw-p 00010000 08:01 271502 /lib/libnsl-2.3.1.so
00000000-00000000 r-xp 00000000 08:01 335644 /lib/i686/libm-2.3.1.so
00000000-00000000 rw-p 00020000 08:01 335644 /lib/i686/libm-2.3.1.so
00000000-00000000 rw-s 00000000 08:01 319750 /tmp/hsperfdata_lordmarc/12789
00000000-00000000 r-xp 00000000 08:01 271514 /lib/libnss_files-2.3.1.so
00000000-00000000 rw-p 0000a000 08:01 271514 /lib/libnss_files-2.3.1.so
00000000-00000000 r-xp 00000000 08:07 115120 /usr/local/java/jre/lib/i386/libverify.so
00000000-00000000 rw-p 0000f000 08:07 115120 /usr/local/java/jre/lib/i386/libverify.so
00000000-00000000 r-xp 00000000 08:07 115121 /usr/local/java/jre/lib/i386/libjava.so
00000000-00000000 rw-p 0001f000 08:07 115121 /usr/local/java/jre/lib/i386/libjava.so
00000000-00000000 r-xp 00000000 08:07 115123 /usr/local/java/jre/lib/i386/libzip.so
00000000-00000000 rw-p 00013000 08:07 115123 /usr/local/java/jre/lib/i386/libzip.so
00000000-00000000 r--s 00000000 08:07 115179 /usr/local/java/jre/lib/rt.jar
00000000-00000000 r--s 00000000 08:07 115145 /usr/local/java/jre/lib/sunrsasign.jar
00000000-00000000 r--s 00000000 08:07 115176 /usr/local/java/jre/lib/jsse.jar
00000000-00000000 r--s 00000000 08:07 115146 /usr/local/java/jre/lib/jce.jar
00000000-00000000 r--s 00000000 08:07 115177 /usr/local/java/jre/lib/charsets.jar
00000000-00000000 r--s 00000000 08:07 115178 /usr/local/java/jre/lib/plugin.jar
Heap at VM Abort:
Heap
def new generation total 576K, used 1K [0x53060000, 0x53100000, 0x53540000)
eden space 512K, 0% used [0x53060000, 0x530605a8, 0x530e0000)
from space 64K, 0% used [0x530e0000, 0x530e0000, 0x530f0000)
to space 64K, 0% used [0x530f0000, 0x530f0000, 0x53100000)
tenured generation total 1408K, used 0K [0x53540000, 0x536a0000, 0x57060000)
the space 1408K, 0% used [0x53540000, 0x53540000, 0x53540200, 0x536a0000)
compacting perm gen total 4096K, used 358K [0x57060000, 0x57460000, 0x5b060000)
the space 4096K, 8% used [0x57060000, 0x570b9a20, 0x570b9c00, 0x57460000)
Local Time = Wed Jan 21 15:44:50 2004
Elapsed Time = 0
#
# HotSpot Virtual Machine Error : 11
# Error ID : 4F530E43505002EF
# Please report this error at
# http://java.sun.com/cgi-bin/bugreport.cgi
#
# Java VM: Java HotSpot(TM) Client VM (1.4.2_03-b02 mixed mode)
#
REPRODUCIBILITY :
This bug can be reproduced often.
CUSTOMER SUBMITTED WORKAROUND :
i've downloaded chpax from http://pax.grsecurity.net/ and ran:
chpax -rmsp java_vm
so:
Pagind based PAGE_EXEC : disabled
Trampolines : not emulated
mprotect() : not restricted
mmap() base : not randomized
ET_EXEC base : not randomized
Segmantation based PAGE_EXEC : disabled
and Mozilla DIDN'T crash yet......
Maybe that will solve the problem. But could you put some oficial advice
for java users to use chpax when their browsers crashes? Or perhaps modify
java_vm to 'support' grsecurity 'features'?
If Mozilla crash again i can send new hs_err_pid.log
(Incident Review ID: 235125)
======================================================================
FULL PRODUCT VERSION :
java version "1.4.2_03"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_03-b02)
Java HotSpot(TM) Client VM (build 1.4.2_03-b02, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux xxx 2.4.24-grsec #1 SMP i686 unknown unknown GNU/Linux
EXTRA RELEVANT SYSTEM CONFIGURATION :
symlink to /usr/local/java/jre/plugin/i386/ns610-gcc32/libjavaplugin_oji.so in /usr/local/mozilla/plugins
gcc version 3.2.2 (Mandrake Linux 9.1 3.2.2-3mdk)
I am using Mozilla from www.mozillapl.org
(http://mozillapl.org/index.php?name=MozillaPLMirrors&dfile=aHR0cDovL29zZG4uZGwuc291cmNlZm9yZ2UubmV0L3NvdXJjZWZvcmdlL21vemlsbGFwbC9Nb3ppbGxhUEwub3JnLU1vemlsbGFQTC1MaW51eC1pNjg2LTEuNi50YXIuYnoy)
- this is 'improved' version of original Mozilla from mozilla.org.
But today i've also checked original Mozilla from mozilla.org and
MozillaFirebird from mozillapl.org.
Both crashes the same - and creates hs_err_pid*pid*.log
Unfortunately i can't test it without grsecurity (i *guess* it is the
problem)
A DESCRIPTION OF THE PROBLEM :
When i enter a site that uses java Mozilla (already tested on Mozilla 1.6) crashes and in syslog i can see:
Jan 21 15:44:50 gandalf kernel: grsec: signal 11 sent to (java_vm:*pid*) UID(*uid*) EUID(*euid*), parent (mozilla-bin:*pid*) UID(*pid*) EUID(*pid*)
Jan 21 15:44:50 gandalf kernel: grsec: signal 6 sent to (java_vm:*pid*) UID(*uid*) EUID(*euid*), parent (mozilla-bin:*pid*) UID(*pid*) EUID(*pid*)
It happens almost all the time, with all Mozilla versions, all Java versions.
I have no problem with compiling java programs using javac or running them using java.
I'm using grsecurity patch for kernel (www.grsecurity.net) with 'medium' security config. I've posted this on grsecurity.net forum but they can't help.
After Mozilla crash in my homedir appears a file hs_err_pid*pid*.log (see ERROR MESSAGES section below).
There are several grsecurity forum threads on this issue. Please see
http://forums.grsecurity.net/viewtopic.php?t=633
http://forums.grsecurity.net/viewtopic.php?t=478
http://forums.grsecurity.net/viewtopic.php?t=243
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Just open in Mozilla any web-page that uses java
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
no crash :)
ERROR MESSAGES/STACK TRACES THAT OCCUR :
hs_err_pid*pid*.log in homedir:
Unexpected Signal : 11 occurred at PC=0x50FBCE78
Function=[Unknown.]
Library=(N/A)
NOTE: We are unable to locate the function name symbol for the error
just occurred. Please refer to release documentation for possible
reason and solutions.
Current Java thread:
Dynamic libraries:
00000000-00000000 r-xp 00000000 08:07 115108 /usr/local/java/jre/bin/java_vm
00000000-00000000 rw-p 00002000 08:07 115108 /usr/local/java/jre/bin/java_vm
00000000-00000000 r-xp 00000000 08:01 271905 /lib/ld-2.3.1.so
00000000-00000000 rw-p 00011000 08:01 271905 /lib/ld-2.3.1.so
00000000-00000000 r-xp 00000000 08:07 115113 /usr/local/java/jre/lib/i386/native_threads/libhpi.so
00000000-00000000 rw-p 00007000 08:07 115113 /usr/local/java/jre/lib/i386/native_threads/libhpi.so
00000000-00000000 r-xp 00000000 08:01 335681 /lib/i686/libpthread-0.10.so
00000000-00000000 rw-p 0000d000 08:01 335681 /lib/i686/libpthread-0.10.so
00000000-00000000 r-xp 00000000 08:01 271480 /lib/libdl-2.3.1.so
00000000-00000000 rw-p 00001000 08:01 271480 /lib/libdl-2.3.1.so
00000000-00000000 r-xp 00000000 08:01 335687 /lib/i686/libc-2.3.1.so
00000000-00000000 rw-p 0012c000 08:01 335687 /lib/i686/libc-2.3.1.so
00000000-00000000 r-xp 00000000 08:07 589589 /usr/local/java/jre/lib/i386/client/libjvm.so
00000000-00000000 rw-p 003f9000 08:07 589589 /usr/local/java/jre/lib/i386/client/libjvm.so
00000000-00000000 r-xp 00000000 08:01 271502 /lib/libnsl-2.3.1.so
00000000-00000000 rw-p 00010000 08:01 271502 /lib/libnsl-2.3.1.so
00000000-00000000 r-xp 00000000 08:01 335644 /lib/i686/libm-2.3.1.so
00000000-00000000 rw-p 00020000 08:01 335644 /lib/i686/libm-2.3.1.so
00000000-00000000 rw-s 00000000 08:01 319750 /tmp/hsperfdata_lordmarc/12789
00000000-00000000 r-xp 00000000 08:01 271514 /lib/libnss_files-2.3.1.so
00000000-00000000 rw-p 0000a000 08:01 271514 /lib/libnss_files-2.3.1.so
00000000-00000000 r-xp 00000000 08:07 115120 /usr/local/java/jre/lib/i386/libverify.so
00000000-00000000 rw-p 0000f000 08:07 115120 /usr/local/java/jre/lib/i386/libverify.so
00000000-00000000 r-xp 00000000 08:07 115121 /usr/local/java/jre/lib/i386/libjava.so
00000000-00000000 rw-p 0001f000 08:07 115121 /usr/local/java/jre/lib/i386/libjava.so
00000000-00000000 r-xp 00000000 08:07 115123 /usr/local/java/jre/lib/i386/libzip.so
00000000-00000000 rw-p 00013000 08:07 115123 /usr/local/java/jre/lib/i386/libzip.so
00000000-00000000 r--s 00000000 08:07 115179 /usr/local/java/jre/lib/rt.jar
00000000-00000000 r--s 00000000 08:07 115145 /usr/local/java/jre/lib/sunrsasign.jar
00000000-00000000 r--s 00000000 08:07 115176 /usr/local/java/jre/lib/jsse.jar
00000000-00000000 r--s 00000000 08:07 115146 /usr/local/java/jre/lib/jce.jar
00000000-00000000 r--s 00000000 08:07 115177 /usr/local/java/jre/lib/charsets.jar
00000000-00000000 r--s 00000000 08:07 115178 /usr/local/java/jre/lib/plugin.jar
Heap at VM Abort:
Heap
def new generation total 576K, used 1K [0x53060000, 0x53100000, 0x53540000)
eden space 512K, 0% used [0x53060000, 0x530605a8, 0x530e0000)
from space 64K, 0% used [0x530e0000, 0x530e0000, 0x530f0000)
to space 64K, 0% used [0x530f0000, 0x530f0000, 0x53100000)
tenured generation total 1408K, used 0K [0x53540000, 0x536a0000, 0x57060000)
the space 1408K, 0% used [0x53540000, 0x53540000, 0x53540200, 0x536a0000)
compacting perm gen total 4096K, used 358K [0x57060000, 0x57460000, 0x5b060000)
the space 4096K, 8% used [0x57060000, 0x570b9a20, 0x570b9c00, 0x57460000)
Local Time = Wed Jan 21 15:44:50 2004
Elapsed Time = 0
#
# HotSpot Virtual Machine Error : 11
# Error ID : 4F530E43505002EF
# Please report this error at
# http://java.sun.com/cgi-bin/bugreport.cgi
#
# Java VM: Java HotSpot(TM) Client VM (1.4.2_03-b02 mixed mode)
#
REPRODUCIBILITY :
This bug can be reproduced often.
CUSTOMER SUBMITTED WORKAROUND :
i've downloaded chpax from http://pax.grsecurity.net/ and ran:
chpax -rmsp java_vm
so:
Pagind based PAGE_EXEC : disabled
Trampolines : not emulated
mprotect() : not restricted
mmap() base : not randomized
ET_EXEC base : not randomized
Segmantation based PAGE_EXEC : disabled
and Mozilla DIDN'T crash yet......
Maybe that will solve the problem. But could you put some oficial advice
for java users to use chpax when their browsers crashes? Or perhaps modify
java_vm to 'support' grsecurity 'features'?
If Mozilla crash again i can send new hs_err_pid.log
(Incident Review ID: 235125)
======================================================================