Bug#1071996: libx11-6: Segfault in libX11.so.6.4.0 when using GNOME apps (Nautilus/Tweaks)

[Bernhard Übelacker]

On Mon, 27 May 2024 11:22:02 +0100 Jack Beckitt-Marshall <j...@pictura.co.uk> 
wrote:

When I perform certain actions on my GNOME desktop, such as using the Location
bar (Ctrl+L) in Nautilus, clicking on System Information in GNOME Control
Center, or click Fonts in GNOME Tweaks, the programs close with a segmentation
fault. Here is the output from dmesg.

[ 1659.826530] nautilus[19533]: segfault at 41 ip 00007f782c224d5d sp
00007fffa9cbf770 error 4 in libX11.so.6.4.0[7f782c216000+8d000] likely on CPU 7
(core 7, socket 0)
[ 1659.826554] Code: ff 66 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 41 54
49 89 d4 55 48 89 f5 53 48 8b 87 68 09 00 00 48 89 fb 48 85 c0 74 02 <ff> 10 48
89 ee 4c 89 e2 48 89 df e8 63 36 ff ff 89 c5 48 8b 83 68

Using Wayland and GNOME 44.9.

Debian Release: trixie/sid

Hello Jack,
I am not maintainer of libx11-6, just tried to collect some more information.

From the "Code" line the crash happens in function XGetWindowAttributes.
It looks strange this function gets called while using a Wayland session.

This gtk issue [1] shows similar calls into XGetWindowAttributes caused by
some library libim-scim.so from package scim-gtk-immodule.

Please check if you have this installed.
If it is needed it might be possbile to check if this still happens with
a Gnome X11 session, if not needed does it happens when this package is 
uninstalled?


For exact results a backtrace of the crash would still be good.
Maybe you can install the package systemd-coredump and retrieve from
e.g. `journalctl -b0 --no-pager` of a crash with a few lines before and 
afterwards. [2]


[1] https://gitlab.gnome.org/GNOME/gtk/-/issues/5472
[2] https://wiki.debian.org/HowToGetABacktrace


Kind regards,
Bernhard


[ 1659.826530] nautilus[19533]: segfault at 41 ip 00007f782c224d5d sp 
00007fffa9cbf770 error 4 in libX11.so.6.4.0[7f782c216000+8d000] likely on CPU 7 
(core 7, socket 0)
[ 1659.826554] Code: ff 66 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 41 54 
49 89 d4 55 48 89 f5 53 48 8b 87 68 09 00 00 48 89 fb 48 85 c0 74 02 <ff> 10 48 
89 ee 4c 89 e2 48 89 df e8 63 36 ff ff 89 c5 48 8b 83 68
[ 1666.674595] nautilus[19622]: segfault at ff0000 ip 00007fd182c0fd5d sp 
00007fff51cb2fa0 error 4 in libX11.so.6.4.0[7fd182c01000+8d000] likely on CPU 2 
(core 2, socket 0)
[ 1666.674608] Code: ff 66 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 41 54 
49 89 d4 55 48 89 f5 53 48 8b 87 68 09 00 00 48 89 fb 48 85 c0 74 02 <ff> 10 48 
89 ee 4c 89 e2 48 89 df e8 63 36 ff ff 89 c5 48 8b 83 68


https://wiki.debian.org/InterpretingKernelOutputAtProcessCrash


error 4
0b00000100
 *   bit 0 ==    0: no page found
 *   bit 1 ==    0: read access
 *   bit 2 ==    1: user-mode access
.



echo -n "find /b ..., ..., 0x" && \
echo "ff 66 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 41 54 49 89 d4 55 48 
89 f5 53 48 8b 87 68 09 00 00 48 89 fb 48 85 c0 74 02 <ff> 10 48 89 ee 4c 89 e2 
48 89 df e8 63 36 ff ff 89 c5 48 8b 83 68" \
 | sed 's/[<>]//g' | sed 's/ /, 0x/g'





# Trixie/testing amd64 qemu VM 2024-06-18

apt update
apt dist-upgrade

apt install --no-install-recommends gnome
apt install gdb




gdb -q --pid $(pgrep nautilus)

pipe info share | grep -i x11
find /b 0x00007fd8fcd4e970,  0x00007fd8fcdd881e, 0xff, 0x66, 0x66, 0x2e, 0x0f, 
0x1f, 0x84, 0x00, 0x00, 0x00, 0x00, 0x00, 0x90, 0xf3, 0x0f, 0x1e, 0xfa, 0x41, 
0x54, 0x49, 0x89, 0xd4, 0x55, 0x48, 0x89, 0xf5, 0x53, 0x48, 0x8b, 0x87, 0x68, 
0x09, 0x00, 0x00, 0x48, 0x89, 0xfb, 0x48, 0x85, 0xc0, 0x74, 0x02, 0xff, 0x10, 
0x48, 0x89, 0xee, 0x4c, 0x89, 0xe2, 0x48, 0x89, 0xdf, 0xe8, 0x63, 0x36, 0xff, 
0xff, 0x89, 0xc5, 0x48, 0x8b, 0x83, 0x68




benutzer@debian:~$ gdb -q --pid $(pgrep nautilus)
Attaching to process 2298
[New LWP 2349]
[New LWP 2351]
[New LWP 2352]
[New LWP 2373]
[New LWP 2383]
[New LWP 2384]
[New LWP 2529]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
0x00007fd8fd40947f in __GI___poll (fds=0x5562fdf47790, nfds=2, timeout=24377) 
at ../sysdeps/unix/sysv/linux/poll.c:29
29      ../sysdeps/unix/sysv/linux/poll.c: Datei oder Verzeichnis nicht 
gefunden.
(gdb) pipe info share | grep -i x11
0x00007fd8fcd4e970  0x00007fd8fcdd881e  Yes (*)     
/lib/x86_64-linux-gnu/libX11.so.6
0x00007fd8f8002040  0x00007fd8f800211f  Yes (*)     
/lib/x86_64-linux-gnu/libX11-xcb.so.1
(gdb) find /b 0x00007fd8fcd4e970,  0x00007fd8fcdd881e, 0xff, 0x66, 0x66, 0x2e, 
0x0f, 0x1f, 0x84, 0x00, 0x00, 0x00, 0x00, 0x00, 0x90, 0xf3, 0x0f, 0x1e, 0xfa, 
0x41, 0x54, 0x49, 0x89, 0xd4, 0x55, 0x48, 0x89, 0xf5, 0x53, 0x48, 0x8b, 0x87, 
0x68, 0x09, 0x00, 0x00, 0x48, 0x89, 0xfb, 0x48, 0x85, 0xc0, 0x74, 0x02, 0xff, 
0x10, 0x48, 0x89, 0xee, 0x4c, 0x89, 0xe2, 0x48, 0x89, 0xdf, 0xe8, 0x63, 0x36, 
0xff, 0xff, 0x89, 0xc5, 0x48, 0x8b, 0x83, 0x68
0x7fd8fcd5ad33 <_XGetWindowAttributes+483>
1 pattern found.
(gdb) b * (0x7fd8fcd5ad33 + 42)
Breakpoint 1 at 0x7fd8fcd5ad5d
(gdb) info b
Num     Type           Disp Enb Address            What
1       breakpoint     keep y   0x00007fd8fcd5ad5d <XGetWindowAttributes+29>
(gdb) disassemble /r 0x7fd8fcd5ad33, 0x7fd8fcd5ad33+62
Dump of assembler code from 0x7fd8fcd5ad33 to 0x7fd8fcd5ad71:
   0x00007fd8fcd5ad33 <_XGetWindowAttributes+483>:      ff 66 66                
        jmp    *0x66(%rsi)
   0x00007fd8fcd5ad36:                                  2e 0f 1f 84 00 00 00 00 
00      cs nopl 0x0(%rax,%rax,1)
   0x00007fd8fcd5ad3f:                                  90                      
        nop
   0x00007fd8fcd5ad40 <XGetWindowAttributes+0>:         f3 0f 1e fa             
        endbr64
   0x00007fd8fcd5ad44 <XGetWindowAttributes+4>:         41 54                   
        push   %r12
   0x00007fd8fcd5ad46 <XGetWindowAttributes+6>:         49 89 d4                
        mov    %rdx,%r12
   0x00007fd8fcd5ad49 <XGetWindowAttributes+9>:         55                      
        push   %rbp
   0x00007fd8fcd5ad4a <XGetWindowAttributes+10>:        48 89 f5                
        mov    %rsi,%rbp
   0x00007fd8fcd5ad4d <XGetWindowAttributes+13>:        53                      
        push   %rbx
   0x00007fd8fcd5ad4e <XGetWindowAttributes+14>:        48 8b 87 68 09 00 00    
        mov    0x968(%rdi),%rax
   0x00007fd8fcd5ad55 <XGetWindowAttributes+21>:        48 89 fb                
        mov    %rdi,%rbx
   0x00007fd8fcd5ad58 <XGetWindowAttributes+24>:        48 85 c0                
        test   %rax,%rax
   0x00007fd8fcd5ad5b <XGetWindowAttributes+27>:        74 02                   
        je     0x7fd8fcd5ad5f <XGetWindowAttributes+31>
   0x00007fd8fcd5ad5d <XGetWindowAttributes+29>:        ff 10                   
        call   *(%rax)                                    <<<<<<<<
   0x00007fd8fcd5ad5f <XGetWindowAttributes+31>:        48 89 ee                
        mov    %rbp,%rsi
   0x00007fd8fcd5ad62 <XGetWindowAttributes+34>:        4c 89 e2                
        mov    %r12,%rdx
   0x00007fd8fcd5ad65 <XGetWindowAttributes+37>:        48 89 df                
        mov    %rbx,%rdi
   0x00007fd8fcd5ad68 <XGetWindowAttributes+40>:        e8 63 36 ff ff          
        call   0x7fd8fcd4e3d0 <_XGetWindowAttributes@plt>
   0x00007fd8fcd5ad6d <XGetWindowAttributes+45>:        89 c5                   
        mov    %eax,%ebp
   0x00007fd8fcd5ad6f <XGetWindowAttributes+47>:        48 8b 83 68 09 00 00    
        mov    0x968(%rbx),%rax
End of assembler dump.
(gdb)




https://gitlab.gnome.org/GNOME/gtk/-/issues/5472