Bug 204211

Summary: LibreOffice (Pluma) problem - the code at some point jumps into the "heap" and begins to "execute" the data there, which is why it falls
Product: Platform Specific/Hardware Reporter: gkot
Component: MIPSAssignee: ralf
Status: NEW ---    
Severity: normal CC: gkot
Priority: P1    
Hardware: Mips32   
OS: Linux   
Kernel Version: => 3.19.12 Subsystem:
Regression: No Bisected commit-id:
Attachments: MIPS-Improve-non-executable-support.patch
nx.patch
crash_log.txt
crash_screen.png
crash_log2.txt
crash_log3.txt
MIPS-Improve-non-executable-support.patch
MIPS-Improve-non-executable-support.patch

Description gkot 2019-07-17 14:41:05 UTC 
We found one problem - quite unpleasant, because it is related to the stability of work and, moreover, is not reproduced under any conditions.


In short:

- surrounded by Alt Linux when opening one or several files in LibreOffice, the application sometimes crashes with an error

- the same behavior was observed with the Pluma text editor when opening large text files

- the problem is not reproduced every time

- when checking with different hardware (copies of Mini-ITX, Pico-PSU, SODIMM), no clear patterns were found


 

We tried to reproduce the problem - on average we see it 3 times from 10 attempts.


At the same time, we saw 3 different manifestations:


1. A message in the GUI about the completion of LibreOffice. Record in the logs may be present, or may be missing. An example of the log in the attachment, the file crash_log.txt, screenshot crash_screen.png

2. Warning in the log. The fall of the office is not necessary. Example log in attachment, file crash_log2.txt

3. Complete office downfall without any messages in the GUI. An example of the log in the attachment, the file crash_log3.txt



Data was collected in the following ways:

 - libreoffice --backtrace --writer

 - and also directly with gdb: gdb --args libreoffice *


We noticed that in / proc / <PID> / maps there is an executable bit on [heap] and on a lot of other sections / files:
...

 00400000-00404000 r-xp 00000000 08:16 2232535 
/usr/lib/LibreOffice/program/soffice.bin                  
 00410000-00414000 rwxp 00000000 08:16 2232535    /usr/lib/LibreOffice/program/soffice.bin                              
 00414000-032a0000 rwxp 00000000 00:00 0          [heap]     < --                                                           
 62f40000-64380000 rwxp 00000000 00:00 0                                                                                                                                                                                                       
 64380000-643a8000 r-xp 00000000 08:16 2232771    /usr/lib/LibreOffice/program/libintrospectionlo.so    
 643a8000-643b4000 ---p 00028000 08:16 2232771    /usr/lib/LibreOffice/program/libintrospectionlo.so                    
 643b4000-643bc000 rwxp 00024000 08:16 2232771    /usr/lib/LibreOffice/program/libintrospectionlo.so                    
 643bc000-64abc000 rwxp 00000000 00:00 0                                                                                                                                                                                                       
 64abc000-64ac0000 r-xp 00000000 08:16 2235833    /usr/lib/libexttextcat-2.0.so.0.0.0                                                                                                                                                          
 64ac0000-64acc000 ---p 00004000 08:16 2235833    /usr/lib/libexttextcat-2.0.so.0.0.0                                                                                                                                                          
 64acc000-64ad0000 rwxp 00000000 08:16 2235833    /usr/lib/libexttextcat-2.0.so.0.0.0                                                                                                                                                          
 64ae8000-67370000 rwxp 00000000 00:00 0                                                                                                                                                                                                       
 67370000-673c0000 r-xp 00000000 08:16 2232786    /usr/lib/LibreOffice/program/libfwllo.so                                                                                                                                                     
 673c0000-673cc000 ---p 00050000 08:16 2232786    
/usr/lib/LibreOffice/program/libfwllo.so                                                                                                                                                     
 673cc000-673d4000 rwxp 0004c000 08:16 2232786    /usr/lib/LibreOffice/program/libfwllo.so                                                                                                                                                     
 673d4000-6740c000 r-xp 00000000 08:16 2235745    /usr/lib/libcroco-0.6.so.3.0.1                                                                                                                                                               
 6740c000-67418000 ---p 00038000 08:16 2235745    /usr/lib/libcroco-0.6.so.3.0.1                                                                                                                                                               
 67418000-67420000 rwxp 00034000 08:16 2235745    /usr/lib/libcroco-0.6.so.3.0.1                                                                                                                                                               
 67420000-6745c000 r-xp 00000000 08:16 2235533    /usr/lib/librsvg-2.so.2.40.20                                                                                                                                                                
 6745c000-67468000 ---p 0003c000 08:16 2235533    /usr/lib/librsvg-2.so.2.40.20                                                                                                                                                                
 67468000-6746c000 rwxp 00038000 08:16 2235533    /usr/lib/librsvg-2.so.2.40.20                                         
 6746c000-67474000 r-xp 00000000 08:16 2232755    /usr/lib/LibreOffice/program/libmcnttype.so                           
 67474000-67480000 ---p 00008000 08:16 2232755    /usr/lib/LibreOffice/program/libmcnttype.so                                                                                                                                                  
 67480000-67484000 rwxp 00004000 08:16 2232755    /usr/lib/LibreOffice/program/libmcnttype.so                                                                                                                                                  
 67484000-674a8000 r-xs 00000000 08:16 526839     /usr/share/mime/mime.cache                                            
 674a8000-674b4000 r-xp 00000000 08:16 2232728    /usr/lib/LibreOffice/program/libprotocolhandlerlo.so      
 674b4000-674c4000 ---p 0000c000 08:16 2232728    /usr/lib/LibreOffice/program/libprotocolhandlerlo.so                  
 674c4000-674c8000 rwxp 0000c000 08:16 2232728    /usr/lib/LibreOffice/program/libprotocolhandlerlo.so                  
 674c8000-674ec000 r-xp 00000000 08:16 2232790    /usr/lib/LibreOffice/program/libfsstoragelo.so                                                                                                                                               
 674ec000-674f8000 ---p 00024000 08:16 2232790    /usr/lib/LibreOffice/program/libfsstoragelo.so                        
 674f8000-674fc000 rwxp 00020000 08:16 2232790    /usr/lib/LibreOffice/program/libfsstoragelo.so                        
 674fc000-67528000 r-xp 00000000 08:16 2232799    /usr/lib/LibreOffice/program/libexpwraplo.so                          
 67528000-67534000 ---p 0002c000 08:16 2232799    /usr/lib/LibreOffice/program/libexpwraplo.so                                                                                                                                                 
 67534000-6753c000 rwxp 00028000 08:16 2232799    /usr/lib/LibreOffice/program/libexpwraplo.so                                                                                                                                                 
 6753c000-67588000 r-xp 00000000 08:16 2235838    /usr/lib/libiodbc.so.2.1.20                                                                                                                                                                  
 67588000-67594000 ---p 0004c000 08:16 2235838    /usr/lib/libiodbc.so.2.1.20                                                                                                                                                                  
 67594000-6759c000 rwxp 00048000 08:16 2235838    /usr/lib/libiodbc.so.2.1.20                                                                                                                                                                  
 6759c000-675a8000 r-xp 00000000 08:16 2359840    /usr/lib/redland/librdf_storage_virtuoso.so                                                                                                                                                  
 675a8000-675b4000 ---p 0000c000 08:16 2359840    /usr/lib/redland/librdf_storage_virtuoso.so                                                                                                                                                  
 675b4000-675b8000 rwxp 00008000 08:16 2359840    /usr/lib/redland/librdf_storage_virtuoso.so                                                                                                                                                  
 675b8000-676d4000 r-xp 00000000 08:16 2236862    /usr/lib/libsqlite3.so.0.8.6                                                                                                                                                                 
 676d4000-676e0000 ---p 0011c000 08:16 2236862    /usr/lib/libsqlite3.so.0.8.6                                                                                                                                                                 
 676e0000-676e8000 rwxp 00118000 08:16 2236862    /usr/lib/libsqlite3.so.0.8.6             
...


Perhaps the office code (LibreOffice) at some point jumped into the "heap" and began to "execute" the data there, which is why it fell.


We disabled this in kernel 4.9 (see the attached patch in the “nx.patch” file, not decorated) to calculate the source of the problem. But after that the fall of the office is not reproduced. We looked at a similar / proc / <PID> / maps in Alta - there is also an exec bit on the heap and the stack.


We also apply a patch (see the attached patch in the file “MIPS-Improve-non-executable-support.patch”) to solve this problem in our case at 3.19 (tested on Alt Linux for mipsel 32 bit kernel 3.19.12)


I ask for help in registration, testing and sending to Upstream.
Comment 1 gkot 2019-07-17 14:44:06 UTC 
Created attachment 283783 [details]
MIPS-Improve-non-executable-support.patch
Comment 2 gkot 2019-07-17 14:44:52 UTC 
Created attachment 283785 [details]
nx.patch
Comment 3 gkot 2019-07-17 14:45:21 UTC 
Comment on attachment 283783 [details]
MIPS-Improve-non-executable-support.patch

MIPS-Improve-non-executable-support
Comment 4 gkot 2019-07-17 14:45:42 UTC 
Comment on attachment 283785 [details]
nx.patch

Patch for 4.9 kernel
Comment 5 gkot 2019-07-17 14:52:03 UTC 
Created attachment 283787 [details]
crash_log.txt

Sample log for manifestations No. 1. Message in the GUI on the completion of LibreOffice.
Comment 6 gkot 2019-07-17 14:52:52 UTC 
Created attachment 283789 [details]
crash_screen.png

Sample screenshot for manifestations No. 1. Message in the GUI about the completion of LibreOffice.
Comment 7 gkot 2019-07-17 14:54:34 UTC 
Created attachment 283791 [details]
crash_log2.txt

Sample log for manifestations No. 2. Warning in the log. The fall of the office is not necessary.
Comment 8 gkot 2019-07-17 14:56:26 UTC 
Created attachment 283793 [details]
crash_log3.txt

Sample log for manifestations no. 3. Complete office downfall without any messages in the GUI.
Comment 9 gkot 2019-07-17 16:58:32 UTC 
Created attachment 283795 [details]
MIPS-Improve-non-executable-support.patch

New version - fixed include
Comment 10 gkot 2019-07-17 18:00:35 UTC 
Created attachment 283797 [details]
MIPS-Improve-non-executable-support.patch
Comment 11 gkot 2019-07-17 18:01:35 UTC 
Comment on attachment 283797 [details]
MIPS-Improve-non-executable-support.patch

New version - fixed include