[Bug 1222442] New: [20240404] Xorg crash running Android studio
https://bugzilla.suse.com/show_bug.cgi?id=1222442 Bug ID: 1222442 Summary: [20240404] Xorg crash running Android studio Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: X.Org Assignee: gfx-bugs@suse.de Reporter: pujos.michael@gmail.com QA Contact: gfx-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- Since snapshot 20240404 and upgrade of xorg-x11-server (21.1.11 -> 21.1.12), starting Android Studio crashes Xorg hard everytime. Most specifically, I am using Android Studio Koala | 2024.1.1 Canary 3 that can be downloaded here: https://developer.android.com/studio/preview. I would not be surprised this crash happens with other Jetbrains IDE but I have not tried. I triggered 2 crashes, both of which killed the Xorg process. There first crash had a crash stack in journalctl why the other did not: Apr 08 10:06:11 p72 systemd-coredump[16070]: [🡕] Process 11338 (Xorg.bin) of user 1000 dumped core. Stack trace of thread 11338: #0 0x00007f63b22949ec __pthread_kill_implementation (libc.so.6 + 0x949ec) #1 0x00007f63b2241176 raise (libc.so.6 + 0x41176) #2 0x00007f63b2228917 abort (libc.so.6 + 0x28917) #3 0x0000555e1e464efc n/a (/usr/bin/Xorg.bin + 0x1dbefc) #4 0x00007ffee9bf4ba0 n/a (n/a + 0x0) ELF object binary architecture: AMD x86-64 Reverting to 21.1.11 fixes that issue and I have added a lock for package xorg-x11-server for the time being. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1222442 https://bugzilla.suse.com/show_bug.cgi?id=1222442#c2 --- Comment #2 from Michael Pujos <pujos.michael@gmail.com> --- I need to make it crash again to generate a Xorg log with more info. I will do that later as I need my laptop functioning at the moment. I am also a bit wary of making it crash again as it drops me to the vconsole with no key working (out of 3 crashes, this happened twice), and I have to do an unclean shutdown of the laptop long-pressing its power button. For info, I am starting Xorg with startx which is unusual. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1222442 https://bugzilla.suse.com/show_bug.cgi?id=1222442#c3 --- Comment #3 from Michael Pujos <pujos.michael@gmail.com> --- Also of note, there is a coredump that as generated (in only 1 of the 3 crashes) but coredumpctl says it is inaccessible while the file exists: Storage: /var/lib/systemd/coredump/core.Xorg\x2ebin.1000.140a9d06219f4ea99ea51127a7f00da7.11338.1712563570000000.zst (inaccessible) Message: Process 11338 (Xorg.bin) of user 1000 dumped core. Stack trace of thread 11338: #0 0x00007f63b22949ec __pthread_kill_implementation (libc.so.6 + 0x949ec) #1 0x00007f63b2241176 raise (libc.so.6 + 0x41176) #2 0x00007f63b2228917 abort (libc.so.6 + 0x28917) #3 0x0000555e1e464efc n/a (/usr/bin/Xorg.bin + 0x1dbefc) #4 0x00007ffee9bf4ba0 n/a (n/a + 0x0) ELF object binary architecture: AMD x86-64 The filename has a weird escaped character with \x, but the file do exist: /var/log> ll /var/lib/systemd/coredump/core.Xorg\\x2ebin.1000.140a9d06219f4ea99ea51127a7f00da7.11338.1712563570000000.zst -rw-r----- 1 root root 6.1M Apr 8 10:06 '/var/lib/systemd/coredump/core.Xorg\x2ebin.1000.140a9d06219f4ea99ea51127a7f00da7.11338.1712563570000000.zst' -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1222442 https://bugzilla.suse.com/show_bug.cgi?id=1222442#c5 --- Comment #5 from Michael Pujos <pujos.michael@gmail.com> --- Stefan, your package is not crashing (manually installed xorg-x11-server-21.1.11-749.1.x86_64.rpm) I have also switched to using to regular SDDM for troubleshooting with the advantage of being dropped to the SDDM login when it crashes (rather than having to hard reboot due to the issue I mentioned). Here's the relevant crash lines in Xorg.0.log: [ 126.867] (EE) [ 126.867] (EE) Backtrace: [ 126.867] (EE) 0: /usr/bin/Xorg.bin (xorg_backtrace+0x7e) [0x56165c485b8e] [ 126.868] (EE) 1: /usr/bin/Xorg.bin (0x56165c2af000+0x1df5f9) [0x56165c48e5f9] [ 126.868] (EE) 2: /lib64/libc.so.6 (0x7f908e600000+0x41240) [0x7f908e641240] [ 126.868] (EE) 3: /lib64/libc.so.6 (0x7f908e600000+0x949ec) [0x7f908e6949ec] [ 126.868] (EE) 4: /lib64/libc.so.6 (gsignal+0x18) [0x7f908e641176] [ 126.868] (EE) 5: /lib64/libc.so.6 (abort+0xd9) [0x7f908e628917] [ 126.868] (EE) 6: /lib64/libc.so.6 (0x7f908e600000+0x297e8) [0x7f908e6297e8] [ 126.868] (EE) 7: /lib64/libc.so.6 (0x7f908e600000+0x9f3c7) [0x7f908e69f3c7] [ 126.868] (EE) 8: /lib64/libc.so.6 (malloc+0x2fe) [0x7f908e6a3cdc] [ 126.868] (EE) 9: /usr/bin/Xorg.bin (0x56165c2af000+0x13536d) [0x56165c3e436d] [ 126.868] (EE) 10: /usr/bin/Xorg.bin (0x56165c2af000+0x140b8a) [0x56165c3efb8a] [ 126.868] (EE) 11: /usr/bin/Xorg.bin (0x56165c2af000+0x4d707) [0x56165c2fc707] [ 126.868] (EE) 12: /lib64/libc.so.6 (0x7f908e600000+0x2a1f0) [0x7f908e62a1f0] [ 126.868] (EE) 13: /lib64/libc.so.6 (__libc_start_main+0x8b) [0x7f908e62a2b9] [ 126.868] (EE) 14: /usr/bin/Xorg.bin (_start+0x27) [0x56165c2fca35] [ 126.868] (EE) [ 126.868] (EE) Fatal server error: [ 126.868] (EE) Caught signal 6 (Aborted). Server aborting -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1222442 https://bugzilla.suse.com/show_bug.cgi?id=1222442#c7 --- Comment #7 from Michael Pujos <pujos.michael@gmail.com> --- No crash again with this new version (750) -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1222442 https://bugzilla.suse.com/show_bug.cgi?id=1222442#c9 --- Comment #9 from Michael Pujos <pujos.michael@gmail.com> --- This one (751) is crashing. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1222442 https://bugzilla.suse.com/show_bug.cgi?id=1222442#c11 --- Comment #11 from Michael Pujos <pujos.michael@gmail.com> --- Last one (752) does not crash. I could test that both Android Studio Koala and Iguana crash, but not Intellij IDEA community. Weird issue for sure. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1222442 https://bugzilla.suse.com/show_bug.cgi?id=1222442#c12 --- Comment #12 from Michael Pujos <pujos.michael@gmail.com> --- ^ meant "both Android Studio Koala and Iguana make Xorg crash". -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1222442 https://bugzilla.suse.com/show_bug.cgi?id=1222442#c16 --- Comment #16 from Michael Pujos <pujos.michael@gmail.com> --- I mean that I have this issue only with Android Studio (Koala and Iguana) but not Intellij IDEA Community edition. To make it 100% clear: - Android Studio (both Koala and Iguana) makes Xorg crash only with test build version 751 (and of course the currently TW xorg version) - Intellij IDEA Community edition never cause Xorg to crash I also tested Intellij IDEA because Android Studio is based on it. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1222442 https://bugzilla.suse.com/show_bug.cgi?id=1222442#c19 Jan Engelhardt <jengelh@inai.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jengelh@inai.de --- Comment #19 from Jan Engelhardt <jengelh@inai.de> ---
I am also a bit wary of making it crash again as it drops me to the vconsole with no key working
Start sshd, and use it to issue safe reboots or e.g. `systemctl restart xdm` to just restart Xorg. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1222442 https://bugzilla.suse.com/show_bug.cgi?id=1222442#c20 --- Comment #20 from Michael Pujos <pujos.michael@gmail.com> --- (In reply to Stefan Dirsch from comment #18)
Please test to double check if the patch is really the culprit. Packages are still rebuilding though.
Confirming that package is fine and does not crash. Should I report that issue to the xorg issue tracker ? Maybe they will have a hint about what it could be or an idea how to further debug it ? (In reply to Jan Engelhardt from comment #19)
Start sshd, and use it to issue safe reboots or e.g. `systemctl restart xdm` to just restart Xorg.
That's what I would usually do, but do not have access to a separate PC at the moment. Anyway, I switched to using SDDM instead of startx (which is unusual, not recommended, etc) and it recovers nicely on Xorg crash (back to SDDM login). -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1222442 https://bugzilla.suse.com/show_bug.cgi?id=1222442#c22 --- Comment #22 from Michael Pujos <pujos.michael@gmail.com> --- I could finally get a detailed stack trace in gdb: #0 0x00007f03c5c949ec in __pthread_kill_implementation () at /lib64/libc.so.6 #1 0x00007f03c5c41176 in raise () at /lib64/libc.so.6 #2 0x00007f03c5c28917 in abort () at /lib64/libc.so.6 #3 0x0000561d2962eefc in OsAbort () at ../../os/utils.c:1361 #4 0x0000561d2962ff5f in AbortServer () at ../../os/log.c:879 #5 FatalError (f=f@entry=0x561d2965b308 "Caught signal %d (%s). Server aborting\n") at ../../os/log.c:1017 #6 0x0000561d29632652 in OsSigHandler (unused=<optimized out>, sip=<optimized out>, signo=6) at ../../os/osinit.c:156 #7 OsSigHandler (signo=6, sip=<optimized out>, unused=<optimized out>) at ../../os/osinit.c:110 #8 0x00007f03c5c41240 in <signal handler called> () at /lib64/libc.so.6 #9 0x00007f03c5c949ec in __pthread_kill_implementation () at /lib64/libc.so.6 #10 0x00007f03c5c41176 in raise () at /lib64/libc.so.6 #11 0x00007f03c5c28917 in abort () at /lib64/libc.so.6 #12 0x00007f03c5c297e8 in _IO_peekc_locked.cold () at /lib64/libc.so.6 #13 0x00007f03c5c9f3c7 in () at /lib64/libc.so.6 #14 0x00007f03c5ca3cdc in malloc () at /lib64/libc.so.6 #15 0x0000561d2958836d in AllocateGlyph (gi=0x561d2b58339c, fdepth=<optimized out>) at ../../render/glyph.c:355 #16 0x0000561d29593b8a in ProcRenderAddGlyphs (client=<optimized out>) at ../../render/render.c:1085 #17 0x0000561d294a0707 in Dispatch () at ../../dix/dispatch.c:550 #18 dix_main (envp=<optimized out>, argv=0x7fffca74c508, argc=<optimized out>) at ../../dix/main.c:276 #19 main (argc=<optimized out>, argv=0x7fffca74c508, envp=<optimized out>) at ../../dix/stubmain.c:34 (gdb) frame 15 #15 0x0000561d2958836d in AllocateGlyph (gi=0x561d2b58339c, fdepth=<optimized out>) at ../../render/glyph.c:355 355 glyph = (GlyphPtr) malloc(size); So it is crashing in malloc() triggered from AllocateGlyph(). Would not be surprised it is caused by a double free() or something caused by the relevant CVE patch. Will open a bug on the Xorg bug tracker. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1222442 https://bugzilla.suse.com/show_bug.cgi?id=1222442#c23 --- Comment #23 from Michael Pujos <pujos.michael@gmail.com> --- Urgh. Just as I was about to open a bug report, this commit from 1h ago likely fixes that issue: https://gitlab.freedesktop.org/xorg/xserver/-/commit/337d8d48b618d4fc0168a7b... Can you generate a new test version with it ? -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1222442 https://bugzilla.suse.com/show_bug.cgi?id=1222442#c24 --- Comment #24 from Michael Pujos <pujos.michael@gmail.com> --- And it had been reported but I totally missed it because of the title not mentioning Android Studio / Jetbrain / Intellij: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1659 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1222442 https://bugzilla.suse.com/show_bug.cgi?id=1222442#c26 --- Comment #26 from Michael Pujos <pujos.michael@gmail.com> --- Confirming new patched version does not crash. Since this bug cannot be left unpatched, it seems that there will be new official versions for xorg-xserver and xwayland so maybe it is best to wait for that ? : https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1222442 https://bugzilla.suse.com/show_bug.cgi?id=1222442#c28 --- Comment #28 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1222442) was mentioned in https://build.opensuse.org/request/show/1166666 Factory / xorg-x11-server -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1222442 https://bugzilla.suse.com/show_bug.cgi?id=1222442#c42 --- Comment #42 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1222442) was mentioned in https://build.opensuse.org/request/show/1186897 Factory / xwayland -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1222442 https://bugzilla.suse.com/show_bug.cgi?id=1222442#c43 --- Comment #43 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1222442) was mentioned in https://build.opensuse.org/request/show/1187080 Factory / xwayland -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com