Open benaryorg opened 2 years ago
reinerh
commented
2 years ago There are some GL-related error messages, and the backtrace also seems to be in a 3d-related library (while creating a window?).
We recently had a report with crashes (#4960) that was solved by removing no3d, though I couldn't find no3d in minecraft-launcher.profile.
But maybe some related 3d-library is in a different path in Gentoo.
benaryorg
commented
2 years ago You know what? This thing has 24 cores idling and I've been meaning to put git-bisect to use for some time now.
[a few minutes later]
ea564eb74abaefd791a8c95d51e36c21e5fffcf9 is the first bad commit
commit ea564eb74abaefd791a8c95d51e36c21e5fffcf9
Author: Kelvin M. Klann <kmk3.code@protonmail.com>
Date: Sat Oct 16 02:26:17 2021 -0300
Consider nosound and novideo when keeping groups
Even when `nogroups` is not used, avoid keeping the audio and video
groups when `nosound` and `novideo` are used, respectively.
Based on @rusty-snake's suggestion:
https://github.com/netblue30/firejail/issues/4603#issuecomment-944046299
Relates to #4603.
src/firejail/main.c | 20 ++++++++++++--------
src/firejail/util.c | 13 ++++++++++---
2 files changed, 22 insertions(+), 11 deletions(-)Guess I'll have a look at ea564eb74abaefd791a8c95d51e36c21e5fffcf9, I'll let you know if I find out anything.
benaryorg
commented
2 years ago Turns out, it's specifically that video group handling.
If I remove the ifs around the video group handling I get a window again.
Only now did I notice the novideo line in the minecraft-launcher profile, and it seems it's been there since the initial commit for that profile.
I'm not too familiar with the internals, so maybe you can shed some light on the purpose of novideo.? Because I'm not sure whether it's just out of place in the minecraft-launcher profile, or the handling is at fault?
rusty-snake
commented
2 years ago purpose of novideo
novideo Disable video devices.
video devices mean webcam (/dev/video*, /dev/v4l).
out of place in the minecraft-launcher profile,
Unless minecraft(-launcher) has a webcam feature (e.g. for streaming) it is right there.
it's specifically that video group handling.
Related discussion: https://github.com/netblue30/firejail/pull/4632#issuecomment-949886706
benaryorg
commented
2 years ago What fixes it for me is this:
==> /home/benaryorg/.config/firejail/minecraft-launcher.local <==
ignore novideo # required due to nvidia voodoo
ignore private-opt # required for openjdk selectionIt seems ignore nogroups does nothing at all.
For me this is a passable workaround so feel free to close the issue unless you're planning to pursue the matter further.
kmk3
commented
2 years ago @benaryorg commented on Feb 25:
What fixes it for me is this:
==> /home/benaryorg/.config/firejail/minecraft-launcher.local <== ignore novideo # required due to nvidia voodoo ignore private-opt # required for openjdk selectionIt seems
ignore nogroupsdoes nothing at all. For me this is a passable workaround so feel free to close the issue unless you're planning to pursue the matter further.
Thanks for debugging and for specifying that the problem happens on nvidia.
The aforementioned bisected commit from #4632 would be my first guess as well. Permalink to it:
So as I suspected in #4632, it seems that the proprietary nvidia driver indeed needs both the "render" and "video" groups in order to avoid breakage with hardware acceleration.
I think I'll change the checks to keep the video group to also consider the
nvidia proprietary driver (+ no no3d).
To clarify the environment:
Are you using openrc and the proprietary nvidia driver?
Are you using udev/eudev?
Which seat manager are you using if any? Examples: logind, elogind, seatd
benaryorg
commented
2 years ago Are you using openrc and the proprietary nvidia driver?
Correct. Specifically x11-drivers/nvidia-drivers-510.54. In case it's relevant I also have cgroup support enabled in OpenRC:
rc_controller_cgroups="YES"
rc_cgroup_mode="unified"
rc_cgroup_controllers="cpuset cpu io memory hugetlb pids systemd"
rc_cgroup_cleanup="YES"
rc_crashed_start=YES
rc_depend_strict="YES"
rc_parallel="NO"
rc_shell=/sbin/sulogin
rc_sys=""
rc_tty_number=12
unicode="YES"Are you using udev/eudev?
udev, yes. FYI: eudev was retired on 2022-01-01.
Which seat manager are you using if any? Examples: logind, elogind, seatd
None, plain old startx on tty2 (at which point agetty chowns the tty device to my user for the duration of my session AFAIK).
Description
Hard SIGSEGV when running minecraft-launcher in corresponding profile.
Steps to Reproduce
firejail "--private=${custom_path?}" minecraft-launcher(LC_ALL=C.utf8 is my default)Click to expand
```text # # A fatal error has been detected by the Java Runtime Environment: # # SIGSEGV (0xb) at pc=0x00007f41675e3661, pid=401, tid=403 # # JRE version: OpenJDK Runtime Environment Temurin-17.0.2+8 (17.0.2+8) (build 17.0.2+8) # Java VM: OpenJDK 64-Bit Server VM Temurin-17.0.2+8 (17.0.2+8, mixed mode, sharing, tiered, compressed class ptrs, z gc, linux-amd64) # Problematic frame: # C [libc.so.6+0x75661] fgets+0x21 # # Core dump will be written. Default location: core.401 (may not exist) # # If you would like to submit a bug report, please visit: # https://github.com/adoptium/adoptium-support/issues # The crash happened outside the Java Virtual Machine in native code. # See problematic frame for where to report the bug. # --------------- S U M M A R Y ------------ Command Line: […] Host: AMD Ryzen 9 3900XT 12-Core Processor, 24 cores, 62G, Linux Time: Fri Feb 18 21:44:38 2022 UTC elapsed time: 11.473674 seconds (0d 0h 0m 11s) --------------- T H R E A D --------------- Current thread (0x00007f4160031340): JavaThread "Render thread" [_thread_in_native, id=403, stack(0x00007f4165d62000,0x00007f4165e62000)] Stack: [0x00007f4165d62000,0x00007f4165e62000], sp=0x00007f4165e5cf80, free space=1003k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) C [libc.so.6+0x75661] fgets+0x21 Java frames: (J=compiled Java code, j=interpreted, Vv=VM code) j org.lwjgl.util.tinyfd.TinyFileDialogs.ntinyfd_messageBox(JJJJI)I+0 org.lwjgl.tinyfd j org.lwjgl.util.tinyfd.TinyFileDialogs.tinyfd_messageBox(Ljava/lang/CharSequence;Ljava/lang/CharSequence;Ljava/lang/CharSequence;Ljava/lang/CharSequence;Z)Z+106 org.lwjgl.tinyfd j com.mojang.blaze3d.platform.Window.m_85412_(IJ)V+30 minecraft@1.18.1 j com.mojang.blaze3d.platform.Window$$Lambda$4284+0x00000008016ff3f8.invoke(IJ)V+2 minecraft@1.18.1 j org.lwjgl.glfw.GLFWErrorCallbackI.callback(J)V+9 org.lwjgl.glfw v ~StubRoutines::call_stub j org.lwjgl.system.JNI.invokePPPP(IIJJJJ)J+0 org.lwjgl j org.lwjgl.glfw.GLFW.nglfwCreateWindow(IIJJJ)J+14 org.lwjgl.glfw j org.lwjgl.glfw.GLFW.glfwCreateWindow(IILjava/lang/CharSequence;JJ)J+37 org.lwjgl.glfw j net.minecraftforge.client.loading.NoVizFallback.lambda$fallback$0(Ljava/util/function/IntSupplier;Ljava/util/function/IntSupplier;Ljava/util/function/Supplier;Ljava/util/function/LongSupplier;)J+28 forge@39.0.79 j net.minecraftforge.client.loading.NoVizFallback$$Lambda$4293+0x0000000801704208.getAsLong()J+16 forge@39.0.79 j net.minecraftforge.fml.loading.progress.EarlyProgressVisualization$Visualization$$Lambda$4294+0x00000008016faa98.apply(Ljava/lang/Object;)Ljava/lang/Object;+4 fmlloader@1.18.1-39.0.79 J 4324 c2 java.util.Optional.map(Ljava/util/function/Function;)Ljava/util/Optional; java.base@17.0.2 (30 bytes) @ 0x00007f41510a2ba0 [0x00007f41510a2b20+0x0000000000000080] j net.minecraftforge.fml.loading.progress.EarlyProgressVisualization$Visualization.handOffWindow(Ljava/util/function/IntSupplier;Ljava/util/function/IntSupplier;Ljava/util/function/Supplier;Ljava/util/function/LongSupplier;)J+48 fmlloader@1.18.1-39.0.79 j net.minecraftforge.fml.loading.progress.EarlyProgressVisualization.handOffWindow(Ljava/util/function/IntSupplier;Ljava/util/function/IntSupplier;Ljava/util/function/Supplier;Ljava/util/function/LongSupplier;)J+9 fmlloader@1.18.1-39.0.79 j com.mojang.blaze3d.platform.Window.Seems to be a solid NULL-deref.
Expected behavior
It's supposed to launch the game as usual.
Actual behavior
The above error is thrown and no game ever appears.
Behavior without a profile
Doesn't start at all
```text Parent pid 29380, child pid 29381 Child process initialized in 9.59 ms Parent is shutting down, bye... ```Additional context
The problem was introduced after firejail-0.9.66. That version works as expected, while the update to 0.9.68 introduces the error.
firejail version 0.9.66 (working)
```text Compile time support: - always force nonewprivs support is disabled - AppArmor support is disabled - AppImage support is enabled - chroot support is enabled - D-BUS proxy support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - firetunnel support is disabled - networking support is enabled - output logging is enabled - overlayfs support is disabled - private-home support is enabled - private-cache and tmpfs as user enabled - SELinux support is disabled - user namespace support is enabled - X11 sandboxing support is enabled ```firejail version 0.9.68 (broken)
```text Compile time support: - always force nonewprivs support is disabled - AppArmor support is disabled - AppImage support is enabled - chroot support is enabled - D-BUS proxy support is enabled - file transfer support is enabled - firetunnel support is disabled - networking support is enabled - output logging is enabled - overlayfs support is disabled - private-home support is enabled - private-cache and tmpfs as user enabled - SELinux support is disabled - user namespace support is enabled - X11 sandboxing support is enabled ```Environment
Checklist
browser-allow-drm yes/browser-disable-u2f noinfirejail.configto allow DRM/U2F in browsers: shouldn't be relevant--profile=PROFILENAMEto set the right profile. (Only relevant for AppImages)Log
Output of
LC_ALL=C firejail /path/to/program``` Reading profile /etc/firejail/minecraft-launcher.profile Reading profile /etc/firejail/allow-java.inc Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-exec.inc Reading profile /etc/firejail/disable-interpreters.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/disable-shell.inc Reading profile /etc/firejail/disable-xdg.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-runuser-common.inc Reading profile /etc/firejail/whitelist-usr-share-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 29562, child pid 29563 Warning: NVIDIA card detected, nogroups command ignored Warning: NVIDIA card detected, nogroups command ignored Warning: NVIDIA card detected, nogroups command ignored Warning: NVIDIA card detected, nogroups command ignored 3 programs installed in 2.79 ms Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set. Warning: skipping alternatives for private /etc Warning: skipping ati for private /etc Warning: skipping crypto-policies for private /etc Warning: skipping drirc for private /etc Warning: skipping hostname for private /etc Warning: skipping java-10-openjdk for private /etc Warning: skipping java-11-openjdk for private /etc Warning: skipping java-12-openjdk for private /etc Warning: skipping java-13-openjdk for private /etc Warning: skipping java-14-openjdk for private /etc Warning: skipping java-7-openjdk for private /etc Warning: skipping java-8-openjdk for private /etc Warning: skipping java-9-openjdk for private /etc Warning: skipping java-openjdk for private /etc Warning: skipping nvidia for private /etc Warning: skipping pki for private /etc Warning: skipping selinux for private /etc Warning fcopy: skipping /etc/X11/startDM.sh, cannot find inode Private /etc installed in 18.23 ms Private /usr/etc installed in 0.00 ms Blacklist violations are logged to syslog Warning: NVIDIA card detected, nogroups command ignored Warning: NVIDIA card detected, nogroups command ignored Child process initialized in 59.26 ms https://launchermeta.mojang.com/v1/products/launcher/6f083b80d5e6fabbc4236f81d0d8f8a350c665a9/linux.json [0218/222620.528597:ERROR:address_tracker_linux.cc(214)] Could not bind NETLINK socket: Address already in use (98) [0218/222620.533890:INFO:main_context.cpp(137)] CEF initialized successfully. [0218/222620.533924:INFO:main_context.cpp(139)] CEF version: 86.0.23+ga2c2edf+chromium-86.0.4240.193 (minecraft-launcher:36): dbind-WARNING **: 22:26:20.566: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-wILK2vPpjW: No such file or directory [0218/222620.566602:ERROR:angle_platform_impl.cc(43)] initialize(797): ANGLE Display::initialize error 12289: Could not create a backing OpenGL context. [0218/222620.566706:ERROR:gl_surface_egl.cc(767)] EGL Driver message (Critical) eglInitialize: Could not create a backing OpenGL context. [0218/222620.566739:ERROR:gl_surface_egl.cc(1295)] eglInitialize OpenGL failed with error EGL_NOT_INITIALIZED, trying next display type [0218/222620.572542:ERROR:angle_platform_impl.cc(43)] initialize(797): ANGLE Display::initialize error 12289: Could not create a backing OpenGL context. [0218/222620.572621:ERROR:gl_surface_egl.cc(767)] EGL Driver message (Critical) eglInitialize: Could not create a backing OpenGL context. [0218/222620.572653:ERROR:gl_surface_egl.cc(1295)] eglInitialize OpenGLES failed with error EGL_NOT_INITIALIZED [0218/222620.572681:ERROR:gl_initializer_linux_x11.cc(160)] GLSurfaceEGL::InitializeOneOff failed. [0218/222620.573479:ERROR:viz_main_impl.cc(229)] Exiting GPU process due to errors during initialization Created browser window for reuse: 0x1a00001 [0218/222620.761130:INFO:LauncherAppRenderer.cpp(518)] OnContextReleased: no frame (unknown context), browser id=1 [0218/222621.276611:ERROR:nss_util.cc(53)] Failed to create /home/benaryorg/.pki/nssdb directory. Created browser window for reuse: 0x1a00007 [0218/222910.202664:INFO:LauncherAppRenderer.cpp(518)] OnContextReleased: no frame (unknown context), browser id=2 [0218/223008.023547:INFO:LauncherAppRenderer.cpp(518)] OnContextReleased: no frame (unknown context), browser id=2 [0218/223008.104329:WARNING:xproto_util.cc(51)] X error received: serial 1469, error_code 3 (BadWindow (invalid Window parameter)), request_code 4, minor_code 0 (X_DestroyWindow) Created browser window for reuse: 0x1a0000f [0218/223015.994086:INFO:LauncherAppRenderer.cpp(51)] [Info: 2022-02-18 22:26:20.520468189: LauncherMain.cpp(104)] Initiated models [0218/223015.994195:INFO:LauncherAppRenderer.cpp(51)] [Info: 2022-02-18 22:26:20.520655151: LauncherController.cpp(436)] Constructing launcher controller with workDir: /.../.minecraft, isActive: 0 [0218/223015.994223:INFO:LauncherAppRenderer.cpp(51)] [Info: 2022-02-18 22:30:11.743687891: LauncherAppRenderer.cpp(172)] Javascript bridge extended in OnWebKitInitialized. [0218/223016.303904:INFO:LauncherAppRenderer.cpp(518)] OnContextReleased: no frame (unknown context), browser id=3 [0218/223016.305749:INFO:LauncherAppRenderer.cpp(69)] OnBrowserDestroyed: id=3 [0218/223016.388072:WARNING:xproto_util.cc(51)] X error received: serial 1800, error_code 3 (BadWindow (invalid Window parameter)), request_code 4, minor_code 0 (X_DestroyWindow) ```
The above output is pretty much the same with the older version too, only after that output the start button is triggered at which point the segfault occurs, but there is no more output from that point onwards.
Output of
LC_ALL=C firejail --debug /path/to/programSame as without the `--debug`, but with this prepended: See attached file: [log.txt](https://github.com/netblue30/firejail/files/8100822/log.txt)