Dear Maintainer, I tried to get some more information from the kernel message.
This led me to this line: at 0x55555556ee99: file gpm-engine.c, line 540. There the array is dereferenced unconditionally: https://sources.debian.org/src/mate-power-manager/1.24.2-1/src/gpm-engine.c/#L540 539 array = up_client_get_devices2 (engine->priv->client); 540 for (i=0;i<array->len;i++) { Therefore the assertion message just before the segfault seems related: up_client_get_devices2: assertion 'UP_IS_CLIENT (client)' failed That points to this line in upower: https://cgit.freedesktop.org/upower/tree/libupower-glib/up-client.c#n117 117 g_return_val_if_fail (UP_IS_CLIENT (client), NULL); And therefore the "array" seems to have received the NULL pointer. Therefore the value given to function up_client_get_devices2 seems already suspicious. Unfortunately I have not found any related entry in upstream bug trackers. Details in attached file. Kind regards, Bernhard
# Bullseye/testing amd64 qemu VM 2021-03-06 apt update apt dist-upgrade systemd-coredump mate xserver-xorg lightdm gdb mate-power-manager-dbgsym reboot https://wiki.debian.org/InterpretingKernelOutputAtProcessCrash From submitter: [ 349.205142] mate-power-mana[3580]: segfault at 8 ip 00005641ef93ae99 sp 00007ffcb468bf60 error 4 in mate-power-manager[5641ef928000+1a000] [ 349.205154] Code: 00 49 8b 44 24 18 31 db 48 8b 78 20 e8 b0 01 ff ff 4c 89 e7 e8 68 f5 ff ff 49 8b 44 24 18 48 8b 78 08 e8 fa e3 fe ff 48 89 c5 <8b> 40 08 85 c0 74 1a 48 8b 45 00 89 da 4c 89 e7 83 c3 01 48 8b 34 error 4 == 0b00000100: - 0: no page found - 0: read access - 0: kernel-mode access echo -n "find /b ..., ..., 0x" && \ echo "00 49 8b 44 24 18 31 db 48 8b 78 20 e8 b0 01 ff ff 4c 89 e7 e8 68 f5 ff ff 49 8b 44 24 18 48 8b 78 08 e8 fa e3 fe ff 48 89 c5 <8b> 40 08 85 c0 74 1a 48 8b 45 00 89 da 4c 89 e7 83 c3 01 48 8b 34" \ | sed 's/[<>]//g' | sed 's/ /, 0x/g' find /b ..., ..., 0x00, 0x49, 0x8b, 0x44, 0x24, 0x18, 0x31, 0xdb, 0x48, 0x8b, 0x78, 0x20, 0xe8, 0xb0, 0x01, 0xff, 0xff, 0x4c, 0x89, 0xe7, 0xe8, 0x68, 0xf5, 0xff, 0xff, 0x49, 0x8b, 0x44, 0x24, 0x18, 0x48, 0x8b, 0x78, 0x08, 0xe8, 0xfa, 0xe3, 0xfe, 0xff, 0x48, 0x89, 0xc5, 0x8b, 0x40, 0x08, 0x85, 0xc0, 0x74, 0x1a, 0x48, 0x8b, 0x45, 0x00, 0x89, 0xda, 0x4c, 0x89, 0xe7, 0x83, 0xc3, 0x01, 0x48, 0x8b, 0x34 gdb -q set width 0 set pagination off file /usr/bin/mate-power-manager tb main run info target ... 0x000055555555d760 - 0x0000555555575a11 is .text ... find /b 0x000055555555d760, 0x0000555555575a11, 0x00, 0x49, 0x8b, 0x44, 0x24, 0x18, 0x31, 0xdb, 0x48, 0x8b, 0x78, 0x20, 0xe8, 0xb0, 0x01, 0xff, 0xff, 0x4c, 0x89, 0xe7, 0xe8, 0x68, 0xf5, 0xff, 0xff, 0x49, 0x8b, 0x44, 0x24, 0x18, 0x48, 0x8b, 0x78, 0x08, 0xe8, 0xfa, 0xe3, 0xfe, 0xff, 0x48, 0x89, 0xc5, 0x8b, 0x40, 0x08, 0x85, 0xc0, 0x74, 0x1a, 0x48, 0x8b, 0x45, 0x00, 0x89, 0xda, 0x4c, 0x89, 0xe7, 0x83, 0xc3, 0x01, 0x48, 0x8b, 0x34 0x55555556ee6f <gpm_engine_coldplug_idle_cb+79> 1 pattern found. b * (0x55555556ee6f + 42) Breakpoint 2 at 0x55555556ee99: file gpm-engine.c, line 540. info b Num Type Disp Enb Address What 2 breakpoint keep y 0x000055555556ee99 in gpm_engine_coldplug_idle_cb at gpm-engine.c:540 disassemble /r 0x55555556ee6f, 0x55555556ee6f + 62 Dump of assembler code from 0x55555556ee6f to 0x55555556eead: 0x000055555556ee6f <gpm_engine_coldplug_idle_cb+79>: 00 49 8b add %cl,-0x75(%rcx) 0x000055555556ee72 <gpm_engine_coldplug_idle_cb+82>: 44 24 18 rex.R and $0x18,%al 0x000055555556ee75 <gpm_engine_coldplug_idle_cb+85>: 31 db xor %ebx,%ebx 0x000055555556ee77 <gpm_engine_coldplug_idle_cb+87>: 48 8b 78 20 mov 0x20(%rax),%rdi 0x000055555556ee7b <gpm_engine_coldplug_idle_cb+91>: e8 b0 01 ff ff call 0x55555555f030 <gpm_phone_coldplug> 0x000055555556ee80 <gpm_engine_coldplug_idle_cb+96>: 4c 89 e7 mov %r12,%rdi 0x000055555556ee83 <gpm_engine_coldplug_idle_cb+99>: e8 68 f5 ff ff call 0x55555556e3f0 <gpm_engine_recalculate_state> 0x000055555556ee88 <gpm_engine_coldplug_idle_cb+104>: 49 8b 44 24 18 mov 0x18(%r12),%rax 0x000055555556ee8d <gpm_engine_coldplug_idle_cb+109>: 48 8b 78 08 mov 0x8(%rax),%rdi 0x000055555556ee91 <gpm_engine_coldplug_idle_cb+113>: e8 fa e3 fe ff call 0x55555555d290 <up_client_get_devices2@plt> 0x000055555556ee96 <gpm_engine_coldplug_idle_cb+118>: 48 89 c5 mov %rax,%rbp ***0x000055555556ee99 <gpm_engine_coldplug_idle_cb+121>: 8b 40 08 mov 0x8(%rax),%eax 0x000055555556ee9c <gpm_engine_coldplug_idle_cb+124>: 85 c0 test %eax,%eax 0x000055555556ee9e <gpm_engine_coldplug_idle_cb+126>: 74 1a je 0x55555556eeba <gpm_engine_coldplug_idle_cb+154> 0x000055555556eea0 <gpm_engine_coldplug_idle_cb+128>: 48 8b 45 00 mov 0x0(%rbp),%rax 0x000055555556eea4 <gpm_engine_coldplug_idle_cb+132>: 89 da mov %ebx,%edx 0x000055555556eea6 <gpm_engine_coldplug_idle_cb+134>: 4c 89 e7 mov %r12,%rdi 0x000055555556eea9 <gpm_engine_coldplug_idle_cb+137>: 83 c3 01 add $0x1,%ebx 0x000055555556eeac <gpm_engine_coldplug_idle_cb+140>: 48 8b 34 d0 mov (%rax,%rdx,8),%rsi End of assembler dump. mate-power-manager-dbgsym_1.24.2-1_amd64.deb https://sources.debian.org/src/mate-power-manager/1.24.2-1/src/gpm-engine.c/#L540 for (i=0;i<array->len;i++) { https://git.mate-desktop.org/mate-power-manager/tree/src/gpm-engine.c#n538 https://cgit.freedesktop.org/upower/tree/libupower-glib/up-client.c#n117 (gdb) ptype /o GPtrArray type = struct _GPtrArray { /* 0 | 8 */ gpointer *pdata; /* 8 | 4 */ guint len; /* XXX 4-byte padding */ /* total size (bytes): 16 */ } https://github.com/mate-desktop/mate-power-manager/issues?q=is%3Aissue+is%3Aopen+gpm_engine_coldplug_idle_cb https://gitlab.freedesktop.org/groups/upower/-/issues?scope=all&utf8=%E2%9C%93&state=opened&search=up_client_get_devices2
