-
Bug
-
Resolution: Fixed
-
Highest
-
4.11.0
-
None
-
16
-
Severity 1 - Critical
-
65
-
Issue Summary
This is a combination of existing bugs: IMFC-72 & IMFC-82
Insight Macro for Confluence with versions above 1.4.1 could potentially cause JVM crash. Problematic frame is libj2v8_linux_x86_64.so+0xae3a19
Steps to Reproduce
- Set up a Confluence instance, such as 7.11.1
- Set up a Jira instance, such as 8.13.1
- Once both instances are started, link Jira and Confluence using the Application Links.
On Jira side
- Install the Insight NVD plugin for Insight.
This plugin is not involved on this bug. We just used it to create over 30k objects to generate custom data) - Create a new Insight object schema
- From this new schema, create a new CVE import and synchronize it - this will create a lot of objects
On Confluence side
- Install Insight for Confluence app
- Configure an Insight Macro to use the newly created application link (System / Manage Apps, select Insight Macro and click configure)
- Create a new page and insert the Insight Macro.
- In the macro configuration, select the Insight schema you just created
- Select all the attributes (to make the response as big as possible)
- Set the 'Load more limit' to 500.
- On the new page, the list of objects will be displayed
- Export this page as PDF or Word
Expected Results
The PDF should be exported and Confluence does not crash
OR
Insight objects are loaded in Confluence pages without Confluence crashing
Actual Results
JVM (Confluence) crashes with
# # A fatal error has been detected by the Java Runtime Environment: # # SIGILL (0x4) at pc=0x00007f0d2d1eba19, pid=433, tid=758 # # JRE version: OpenJDK Runtime Environment AdoptOpenJDK (11.0.10+9) (build 11.0.10+9) # Java VM: OpenJDK 64-Bit Server VM AdoptOpenJDK (11.0.10+9, mixed mode, tiered, compressed oops, g1 gc, linux-amd64) # Problematic frame: # C [libj2v8_linux_x86_64.so+0xae3a19] v8::base::OS::Abort()+0x9 # # Core dump will be written. Default location: Core dumps may be processed with "/usr/share/apport/apport %p %s %c %d %P %E" (or dumping to /var/atlassian/application-data/confluence/core.433) # # If you would like to submit a bug report, please visit: # https://github.com/AdoptOpenJDK/openjdk-support/issues # The crash happened outside the Java Virtual Machine in native code. # See problematic frame for where to report the bug. # --------------- S U M M A R Y ------------ Command Line: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED -Djava.util.logging.config.file=/opt/atlassian/confluence/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 -XX:ReservedCodeCacheSize=256m -XX:+UseCodeCacheFlushing -Djdk.tls.server.protocols=TLSv1.1,TLSv1.2 -Djdk.tls.client.protocols=TLSv1.1,TLSv1.2 -Dconfluence.context.path= -Datlassian.plugins.startup.options=-fg -Djava.locale.providers=JRE,SPI,CLDR -Dorg.apache.tomcat.websocket.DEFAULT_BUFFER_SIZE=32768 -Dsynchrony.enable.xhr.fallback=true -Xms20g -Xmx20g -Dconfluence.home=/var/atlassian/application-data/confluence -XX:+UseG1GC -Datlassian.plugins.enable.wait=300 -Djava.awt.headless=true -XX:G1ReservePercent=20 -Xloggc:/opt/atlassian/confluence/logs/gc-2021-07-27_07-36-39.log -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=5 -XX:GCLogFileSize=2M -Xlog:gc+age=debug:file=/opt/atlassian/confluence/logs/gc-2021-07-27_07-36-39.log::filecount=5,filesize=2M -XX:-PrintGCDetails -XX:+PrintGCDateStamps -XX:-PrintTenuringDistribution -XX:+IgnoreUnrecognizedVMOptions -Dfile.encoding=UTF-8 -Dsun.jnu.encoding=UTF-8 -XX:+UseContainerSupport -XX:+UseCodeCacheFlushing -Dconversion.sandbox.pool.size=2 -Dconversion.sandbox.memory.limit.megabytes=1024 -Ddocument.conversion.sandbox.memory.requirement.megabytes=512 -Ddocument.conversion.sandbox.request.time.limit.secs=60 -XX:InitialCodeCacheSize=1g -XX:ReservedCodeCacheSize=1g -XX:+DisableExplicitGC -Dsynchrony.service.url=https://confluence-stg.cats.ktc-int.net/synchrony/v1 -Dsynchrony.enable.xhr.fallback=true -Dconfluence.cluster.node.name=confluence-c230_node --add-modules=java.se --add-exports=java.base/jdk.internal.ref=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/sun.nio.ch=ALL-UNNAMED --add-opens=java.management/sun.management=ALL-UNNAMED --add-opens=jdk.management/com.sun.management.internal=ALL-UNNAMED -DConfluenceHomeLogAppender.disabled=false -Dignore.endorsed.dirs= -Dcatalina.base=/opt/atlassian/confluence -Dcatalina.home=/opt/atlassian/confluence -Djava.io.tmpdir=/opt/atlassian/confluence/temp org.apache.catalina.startup.Bootstrap start Host: AMD EPYC 7452 32-Core Processor, 4 cores, 31G, Ubuntu 20.04.2 LTS Time: Tue Jul 27 07:46:42 2021 UTC elapsed time: 602.813415 seconds (0d 0h 10m 2s) --------------- T H R E A D --------------- Current thread (0x00007f0e56504000): JavaThread "http-nio-8090-exec-1 url: /spaces/flyingpdf/pdfpageexport.action; user: 00wendl" daemon [_thread_in_native, id=758, stack(0x00007f0d35d3d000,0x00007f0d35e3e000)] Stack: [0x00007f0d35d3d000,0x00007f0d35e3e000], sp=0x00007f0d35e2bcb8, free space=955k Native frames: (J=compiled Java code, A=aot compiled Java code, j=interpreted, Vv=VM code, C=native code) C [libj2v8_linux_x86_64.so+0xae3a19] v8::base::OS::Abort()+0x9 C [libj2v8_linux_x86_64.so+0x48efa5] v8::internal::V8::FatalProcessOutOfMemory(char const*, bool)+0x1d5 C [libj2v8_linux_x86_64.so+0x54bf19] v8::internal::Factory::NewFillerObject(int, bool, v8::internal::AllocationSpace)+0x159 C [libj2v8_linux_x86_64.so+0x8afc6e] v8::internal::Runtime_AllocateInTargetSpace(int, v8::internal::Object**, v8::internal::Isolate*)+0x5e C 0x00002cd2c6206295 C 0x00002cd2c6232ab0 C 0x00002cd2c6377834 C 0x00002cd2c6376aee C 0x00002cd2c6375c59 C 0x00002cd2c63755c6 C 0x00002cd2c6219d7d C 0x00002cd2c6218ba2 C [libj2v8_linux_x86_64.so+0x5427f0] v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*, bool)+0x120 C [libj2v8_linux_x86_64.so+0x4996f7] v8::Script::Run(v8::Local<v8::Context>)+0x137 C [libj2v8_linux_x86_64.so+0x4a4fb4] v8::Script::Run()+0x34 C [libj2v8_linux_x86_64.so+0x3f687a] runScript(v8::Isolate*, JNIEnv_*, v8::Local<v8::Script>*, v8::TryCatch*, v8::Local<v8::Value>&, long)+0x37 C [libj2v8_linux_x86_64.so+0x3f78df] Java_com_eclipsesource_v8_V8__1executeStringScript+0x255 j com.eclipsesource.v8.V8._executeStringScript(JLjava/lang/String;Ljava/lang/String;I)Ljava/lang/String;+0 j com.eclipsesource.v8.V8.executeStringScript(JLjava/lang/String;Ljava/lang/String;I)Ljava/lang/String;+7 j com.eclipsesource.v8.V8.executeStringScript(Ljava/lang/String;Ljava/lang/String;I)Ljava/lang/String;+16 j com.eclipsesource.v8.V8.executeStringScript(Ljava/lang/String;)Ljava/lang/String;+4 j com.mindville.confluence.plugins.insight.export.ExportRenderer.render(Ljava/util/Map;)Ljava/lang/String;+724 j com.mindville.confluence.plugins.insight.InsightObjectsMacro.execute(Ljava/util/Map;Ljava/lang/String;Lcom/atlassian/confluence/content/render/xhtml/ConversionContext;)Ljava/lang/String;+186
Workaround
Currently there is no known workaround for this behavior. A workaround will be added here when available
- has a regression in
-
-
- Closed
-
-
-
- Gathering Impact
-
- is duplicated by
-
-
- Closed
-
- mentioned in
-
Page Failed to load
-
Page Failed to load
-
Page Loading...
-
-
-
-
-
(6 mentioned in)
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|