Bug#1023013: gnome-shell: Segfault in liblcms2.so when plugging in HDMI, Wayland display
Bernhard Übelacker
bernhardu at mailbox.org
Tue Nov 22 10:53:05 GMT 2022
Dear Maintainer,
following is what I was able to extract from the dmesg lines
and the dbgsym packages.
It looks like it crashes in cmsSetHeaderRenderingIntent because
it was given a NULL pointer in parameter hProfile.
That's still not much information, but for this function name
an upstream bug shows up that might be related.
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/5875
Kind regards,
Bernhard
> [51654.559550] gnome-shell[2024]: segfault at 58 ip 00007f6993962770 sp 00007fff1cc8c248 error 6 in liblcms2.so.2.0.13[7f6993954000+3c000]
> [51654.559568] Code: 81 c4 a0 00 00 00 5b 5d 41 5c c3 e8 2a 1d ff ff 66 2e 0f 1f 84 00 00 00 00 00 8b 47 58 c3 66 66 2e 0f 1f 84 00 00 00 00 00 90 <89> 77 58 c3 66 66 2e 0f 1f 84 00 00 00 00 00 90 8b 47 5c c3 66 66
> ii liblcms2-2 2.13.1-1+b1
https://wiki.debian.org/InterpretingKernelOutputAtProcessCrash
> error 6
0b110, 0: no page found, 1: write access, 1: user-mode access
apt install liblcms2-2 liblcms2-2-dbgsym coreutils-dbgsym
$ gdb -q
(gdb) set width 0
(gdb) set pagination off
(gdb) file /bin/true
Reading symbols from /bin/true...
Reading symbols from /usr/lib/debug/.build-id/c8/9156ebdabf859f4ee70cb0c303004dccf1ae51.debug...
(gdb) set environment LD_PRELOAD=/usr/lib/x86_64-linux-gnu/liblcms2.so.2.0.13
(gdb) tb main
Temporary breakpoint 1 at 0x2310: file src/true.c, line 59.
(gdb) run
...
(gdb) pipe info target | grep "\.text"
...
0x00007ffff7f6c2c0 - 0x00007ffff7fa622b is .text in /usr/lib/x86_64-linux-gnu/liblcms2.so.2.0.13
...
(gdb) find /b 0x00007ffff7f6c2c0, 0x00007ffff7fa622b, 0x81, 0xc4, 0xa0, 0x00, 0x00, 0x00, 0x5b, 0x5d, 0x41, 0x5c, 0xc3, 0xe8, 0x2a, 0x1d, 0xff, 0xff, 0x66, 0x2e, 0x0f, 0x1f, 0x84, 0x00, 0x00, 0x00, 0x00, 0x00, 0x8b, 0x47, 0x58, 0xc3, 0x66, 0x66, 0x2e, 0x0f, 0x1f, 0x84, 0x00, 0x00, 0x00, 0x00, 0x00, 0x90, 0x89, 0x77, 0x58, 0xc3, 0x66, 0x66, 0x2e, 0x0f, 0x1f, 0x84, 0x00, 0x00, 0x00, 0x00, 0x00, 0x90, 0x8b, 0x47, 0x5c, 0xc3, 0x66, 0x66
0x7ffff7f79746 <_cmsWriteHeader+550>
1 pattern found.
(gdb) b * (0x7ffff7f79746 + 42)
Breakpoint 2 at 0x7ffff7f79770: file ./src/cmsio0.c, line 869.
(gdb) info b
Num Type Disp Enb Address What
2 breakpoint keep y 0x00007ffff7f79770 in cmsSetHeaderRenderingIntent at ./src/cmsio0.c:869
(gdb) disassemble /r 0x7ffff7f79746, 0x7ffff7f79746 + 62
Dump of assembler code from 0x7ffff7f79746 to 0x7ffff7f79784:
...
0x00007ffff7f79760 <cmsGetHeaderRenderingIntent+0>: 8b 47 58 mov 0x58(%rdi),%eax
0x00007ffff7f79763 <cmsGetHeaderRenderingIntent+3>: c3 ret
0x00007ffff7f79764: 66 66 2e 0f 1f 84 00 00 00 00 00 data16 cs nopw 0x0(%rax,%rax,1)
0x00007ffff7f7976f: 90 nop
0x00007ffff7f79770 <cmsSetHeaderRenderingIntent+0>: 89 77 58 mov %esi,0x58(%rdi) <<<<<<<<<<
0x00007ffff7f79773 <cmsSetHeaderRenderingIntent+3>: c3 ret
0x00007ffff7f79774: 66 66 2e 0f 1f 84 00 00 00 00 00 data16 cs nopw 0x0(%rax,%rax,1)
0x00007ffff7f7977f: 90 nop
0x00007ffff7f79780 <cmsGetHeaderFlags+0>: 8b 47 5c mov 0x5c(%rdi),%eax
0x00007ffff7f79783 <cmsGetHeaderFlags+3>: c3 ret
End of assembler dump.
https://sources.debian.org/src/lcms2/2.13.1-1/src/cmsio0.c/#L869
866 void CMSEXPORT cmsSetHeaderRenderingIntent(cmsHPROFILE hProfile, cmsUInt32Number RenderingIntent)
867 {
868 _cmsICCPROFILE* Icc = (_cmsICCPROFILE*) hProfile;
869 Icc -> RenderingIntent = RenderingIntent;
870 }
(gdb) ptype cmsHPROFILE
type = void *
(gdb) ptype /o _cmsICCPROFILE
type = struct _cms_iccprofile_struct {
/* 0 | 8 */ cmsIOHANDLER *IOhandler;
/* 8 | 8 */ cmsContext ContextID;
...
/* 84 | 4 */ cmsColorSpaceSignature PCS;
/* 88 | 4 */ cmsUInt32Number RenderingIntent; <<<<<<<<
/* 92 | 4 */ cmsUInt32Number flags;
...
/* total size (bytes): 3752 */
}
(gdb)
> segfault at 58 ip
0n88 == 0x58
More information about the pkg-gnome-maintainers
mailing list