Bug#927436: gnome-shell: segfault error 4 in libgnome-shell.so

Bernhard Übelacker bernhardu at mailbox.org
Fri Apr 19 22:04:04 BST 2019 

Dear Maintainer,
from the segfault and also the code line this
may be a duplicate of #926212.

At least the crash points to the same source line:

    src/shell-app.c, line 1485.

Kind regards,
Bernhard

#926212 https://bugs.debian.org/926212
-------------- next part --------------

# Buster amd64 qemu VM 2019-04-19


apt update
apt dist-upgrade


apt install dpkg-dev devscripts systemd-coredump bc xserver-xorg dbus-x11 gdm3 gnome gdb elfutils binutils gnome-shell-dbgsym


systemctl start gdm3








################





# From submitter
[20044.478027] gnome-shell[19403]: segfault at 0 ip 00007f2bca1d03bf sp 00007ffcdcc37660 error 4 in libgnome-shell.so[7f2bca1c8000+1f000]
[20044.478034] Code: f7 86 ff ff 48 8b 78 20 48 89 c3 48 c7 40 20 00 00 00 00 48 85 ff 74 1a e8 46 bb ff ff eb 13 0f 1f 40 00 48 8b 42 08 48 89 df <48> 8b 30 e8 d9 82 ff ff 48 8b 53 28 48 85 d2 75 e8 8b 43 1c 85 c0



https://www.enodev.fr/posts/decode-segfault-errors-in-dmesg.html
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/arch/x86/mm/fault.c?h=linux-4.9.y#n31


/*
 * Page fault error code bits:
 *
 *   bit 0 ==<-> 0: no page found<----->1: protection fault
 *   bit 1 ==<-> 0: read access><------>1: write access
 *   bit 2 ==<-> 0: kernel-mode access<>1: user-mode access
 *   bit 3 ==<-><------><------><------>1: use of reserved bit detected
 *   bit 4 ==<-><------><------><------>1: fault was an instruction fetch
 *   bit 5 ==<-><------><------><------>1: protection keys block access
 */
enum x86_pf_error_code {

<------>PF_PROT><------>=<-----><------>1 << 0,
<------>PF_WRITE<------>=<-----><------>1 << 1,
<------>PF_USER><------>=<-----><------>1 << 2,
<------>PF_RSVD><------>=<-----><------>1 << 3,
<------>PF_INSTR<------>=<-----><------>1 << 4,
<------>PF_PK<-><------>=<-----><------>1 << 5,
};


"error 4" == 0b100

bit 0 ==<------> 0: no page found
bit 1 ==<------> 0: read access
bit 2 ==<------> 1: user-mode access





################




# From submitter
[20044.478027] gnome-shell[19403]: segfault at 0 ip 00007f2bca1d03bf sp 00007ffcdcc37660 error 4 in libgnome-shell.so[7f2bca1c8000+1f000]
[20044.478034] Code: f7 86 ff ff 48 8b 78 20 48 89 c3 48 c7 40 20 00 00 00 00 48 85 ff 74 1a e8 46 bb ff ff eb 13 0f 1f 40 00 48 8b 42 08 48 89 df <48> 8b 30 e8 d9 82 ff ff 48 8b 53 28 48 85 d2 75 e8 8b 43 1c 85 c0


crash instruction  - start .init    == diff
0x00007f2bca1d03bf - 0x7f2bca1c8000 == 0x83BF


benutzer at debian:~$ gdb -q -ex 'set width 0' -ex 'set pagination off' -ex 'info share' -ex 'info target' -ex 'detach' -ex 'quit' --pid $(pidof gnome-shell) 2>&1 | grep libgnome-shell.so
0x00007f956bd67f10  0x00007f956bd8222e  Yes         /usr/lib/gnome-shell/libgnome-shell.so
        0x00007f956bd4d238 - 0x00007f956bd4d25c is .note.gnu.build-id in /usr/lib/gnome-shell/libgnome-shell.so
        0x00007f956bd4d260 - 0x00007f956bd4e004 is .gnu.hash in /usr/lib/gnome-shell/libgnome-shell.so
        0x00007f956bd4e008 - 0x00007f956bd54d40 is .dynsym in /usr/lib/gnome-shell/libgnome-shell.so
        0x00007f956bd54d40 - 0x00007f956bd5c075 is .dynstr in /usr/lib/gnome-shell/libgnome-shell.so
        0x00007f956bd5c076 - 0x00007f956bd5c990 is .gnu.version in /usr/lib/gnome-shell/libgnome-shell.so
        0x00007f956bd5c990 - 0x00007f956bd5ca50 is .gnu.version_r in /usr/lib/gnome-shell/libgnome-shell.so
        0x00007f956bd5ca50 - 0x00007f956bd5d7d0 is .rela.dyn in /usr/lib/gnome-shell/libgnome-shell.so
        0x00007f956bd5d7d0 - 0x00007f956bd635c0 is .rela.plt in /usr/lib/gnome-shell/libgnome-shell.so

        0x00007f956bd64000 - 0x00007f956bd64017 is .init in /usr/lib/gnome-shell/libgnome-shell.so
        0x00007f956bd64020 - 0x00007f956bd67ed0 is .plt in /usr/lib/gnome-shell/libgnome-shell.so
        0x00007f956bd67ed0 - 0x00007f956bd67f08 is .plt.got in /usr/lib/gnome-shell/libgnome-shell.so
        0x00007f956bd67f10 - 0x00007f956bd8222e is .text in /usr/lib/gnome-shell/libgnome-shell.so
        0x00007f956bd82230 - 0x00007f956bd82239 is .fini in /usr/lib/gnome-shell/libgnome-shell.so

        0x00007f956bd83000 - 0x00007f956bd87b29 is .rodata in /usr/lib/gnome-shell/libgnome-shell.so
        0x00007f956bd87b30 - 0x00007f956bf897d8 is .gresource.shell_js_resources in /usr/lib/gnome-shell/libgnome-shell.so
        0x00007f956bf897d8 - 0x00007f956bf8ac94 is .eh_frame_hdr in /usr/lib/gnome-shell/libgnome-shell.so
        0x00007f956bf8ac98 - 0x00007f956bf92908 is .eh_frame in /usr/lib/gnome-shell/libgnome-shell.so
        0x00007f956bf94200 - 0x00007f956bf94210 is .init_array in /usr/lib/gnome-shell/libgnome-shell.so
        0x00007f956bf94210 - 0x00007f956bf94220 is .fini_array in /usr/lib/gnome-shell/libgnome-shell.so
        0x00007f956bf94220 - 0x00007f956bf94bf0 is .data.rel.ro in /usr/lib/gnome-shell/libgnome-shell.so
        0x00007f956bf94bf0 - 0x00007f956bf94fa0 is .dynamic in /usr/lib/gnome-shell/libgnome-shell.so
        0x00007f956bf94fa0 - 0x00007f956bf96fe8 is .got in /usr/lib/gnome-shell/libgnome-shell.so
        0x00007f956bf97000 - 0x00007f956bf970e0 is .data in /usr/lib/gnome-shell/libgnome-shell.so
        0x00007f956bf970e0 - 0x00007f956bf974b8 is .bss in /usr/lib/gnome-shell/libgnome-shell.so



current start .init + diff   == current ip
0x00007f956bd64000  + 0x83BF == 0x7F956BD6C3BF


benutzer at debian:~$ gdb -q -ex 'set width 0' -ex 'set pagination off' -ex 'disassemble 0x00007f956bd67f10,0x00007f956bd8222e' -ex 'b *0x7F956BD6C3BF' -ex 'detach' -ex 'quit' --pid $(pidof gnome-shell) 2>&1 | grep -i "7F956BD6C3BF"
   0x00007f956bd6c3bf <shell_app_dispose+63>:   mov    (%rax),%rsi
Breakpoint 1 at 0x7f956bd6c3bf: file ../src/shell-app.c, line 1485.






#############





# From submitter
[20044.478027] gnome-shell[19403]: segfault at 0 ip 00007f2bca1d03bf sp 00007ffcdcc37660 error 4 in libgnome-shell.so[7f2bca1c8000+1f000]
[20044.478034] Code: f7 86 ff ff 48 8b 78 20 48 89 c3 48 c7 40 20 00 00 00 00 48 85 ff 74 1a e8 46 bb ff ff eb 13 0f 1f 40 00 48 8b 42 08 48 89 df <48> 8b 30 e8 d9 82 ff ff 48 8b 53 28 48 85 d2 75 e8 8b 43 1c 85 c0

-> 42 bytes before the crashing instruction
-> 22 bytes the crashing instruction and following



benutzer at debian:~$ gdb -q --pid $(pidof gnome-shell)
Attaching to process 4180
[New LWP 4182]
...
[New LWP 4249]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
0x00007f956ad8bb69 in __GI___poll (fds=0x55749da60010, nfds=15, timeout=84207) at ../sysdeps/unix/sysv/linux/poll.c:29
29      ../sysdeps/unix/sysv/linux/poll.c: Datei oder Verzeichnis nicht gefunden.


(gdb) find /b 0x00007f956bd4d238, 0x00007f956bf974b8, 0xf7, 0x86, 0xff, 0xff, 0x48, 0x8b, 0x78, 0x20, 0x48, 0x89, 0xc3, 0x48, 0xc7, 0x40, 0x20, 0x00, 0x00, 0x00, 0x00, 0x48, 0x85, 0xff, 0x74, 0x1a, 0xe8, 0x46, 0xbb, 0xff, 0xff, 0xeb, 0x13, 0x0f, 0x1f, 0x40, 0x00, 0x48, 0x8b, 0x42, 0x08, 0x48, 0x89, 0xdf, 0x48, 0x8b, 0x30, 0xe8, 0xd9, 0x82, 0xff, 0xff, 0x48, 0x8b, 0x53, 0x28, 0x48, 0x85, 0xd2, 0x75, 0xe8, 0x8b, 0x43, 0x1c, 0x85, 0xc0
0x7f956bd6c395 <shell_app_dispose+21>
1 pattern found.

(gdb) disassemble 0x7f956bd6c395,0x7f956bd6c395+64
Dump of assembler code from 0x7f956bd6c395 to 0x7f956bd6c3d5:
   0x00007f956bd6c395 <shell_app_dispose+21>:   testl  $0x89482078,-0x74b70001(%rsi)
   0x00007f956bd6c39f <shell_app_dispose+31>:   retq   
   0x00007f956bd6c3a0 <shell_app_dispose+32>:   movq   $0x0,0x20(%rax)
   0x00007f956bd6c3a8 <shell_app_dispose+40>:   test   %rdi,%rdi
   0x00007f956bd6c3ab <shell_app_dispose+43>:   je     0x7f956bd6c3c7 <shell_app_dispose+71>
   0x00007f956bd6c3ad <shell_app_dispose+45>:   callq  0x7f956bd67ef8 <g_object_unref at plt>
   0x00007f956bd6c3b2 <shell_app_dispose+50>:   jmp    0x7f956bd6c3c7 <shell_app_dispose+71>
   0x00007f956bd6c3b4 <shell_app_dispose+52>:   nopl   0x0(%rax)
   0x00007f956bd6c3b8 <shell_app_dispose+56>:   mov    0x8(%rdx),%rax
   0x00007f956bd6c3bc <shell_app_dispose+60>:   mov    %rbx,%rdi
   0x00007f956bd6c3bf <shell_app_dispose+63>:   mov    (%rax),%rsi
   0x00007f956bd6c3c2 <shell_app_dispose+66>:   callq  0x7f956bd646a0 <_shell_app_remove_window at plt>
   0x00007f956bd6c3c7 <shell_app_dispose+71>:   mov    0x28(%rbx),%rdx
   0x00007f956bd6c3cb <shell_app_dispose+75>:   test   %rdx,%rdx
   0x00007f956bd6c3ce <shell_app_dispose+78>:   jne    0x7f956bd6c3b8 <shell_app_dispose+56>
   0x00007f956bd6c3d0 <shell_app_dispose+80>:   mov    0x1c(%rbx),%eax
   0x00007f956bd6c3d3 <shell_app_dispose+83>:   test   %eax,%eax
End of assembler dump.

(gdb) b *(0x7f956bd6c395+42)
Breakpoint 1 at 0x7f956bd6c3bf: file ../src/shell-app.c, line 1485.





#########




Duplicate of 926212 ?

More information about the pkg-gnome-maintainers mailing list