gnome-shell crashed with SIGSEGV in gbm_surface_release_buffer() from meta_drm_buffer_gbm_finalize() from g_object_unref() from g_object_unref() from g_set_object()

Status changed to 'Confirmed' because the bug affects multiple users.

It appears the crash reports suddenly stopped happening around 14 April. Certainly the last affected version of gnome-shell is 42.0-1ubuntu1, but that was replaced by 42.0-2ubuntu1 around 13 April.

So fixed already?

Maybe it was a side effect of bug 1964037 / bug 1959888.

I'm still crashing with the exact same issue with 42.0-2ubuntu1. If i blacklist amdgpu at boot time and use the Intel monitor there is no crashing but obviously it isn't ideal.

https://errors.ubuntu.com/problem/4fa0be3b67c650c621a425137efd7376c32451b4 is still showing all crashes are in 42.0-1ubuntu1, and zero crashes from 42.0-2ubuntu1. Are you sure you have 42.0-2ubuntu1 ?

If the bug is still present then it's at least not common enough to show up on errors.ubuntu.com yet.

gnome-shell/jammy,now 42.0-2ubuntu1 amd64 [installed]
  graphical shell for the GNOME desktop

As sure as when I opened the original bug.

Are you sure your receiving reports? Are you talking about that popup that that says Ubuntu has encountered and error and do you want to send an error report or something? That doesn't happen.

You might be commenting on the wrong bug now. We're still getting zero crash reports in gbm_surface_release_buffer, at least none since gnome-shell version 42.0-1ubuntu1.

Can you provide a stack trace of the most recent crash and confirm that it happened after the update to 42.0-2ubuntu1 ?

Thread 1 "gnome-shell" received signal SIGSEGV, Segmentation fault.
0x00007f50612a82e7 in gbm_surface_release_buffer () from /lib/x86_64-linux-gnu/libgbm.so.1
(gdb) bt full
#0 0x00007f50612a82e7 in gbm_surface_release_buffer () at /lib/x86_64-linux-gnu/libgbm.so.1
#1 0x00007f5063665dbf in meta_drm_buffer_gbm_finalize (object=0x55a6d0d9c690) at ../src/backends/native/meta-drm-buffer-gbm.c:485
        buffer_gbm = <optimized out>
#2 0x00007f5064379dfd in g_object_unref () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#3 0x00007f506366f5b0 in g_set_object (new_object=0x55a6d0d9c890, object_ptr=0x55a6cefbc490) at /usr/include/glib-2.0/gobject/gobject.h:762
        old_object = 0x55a6d0d9c690
        _object_ptr = {in = 0x55a6cefbc490 "\220\310\331ЦU", out = 0x55a6cefbc490}
        plane_state = 0x55a6cefbc490
#4 swap_plane_buffers (key=<optimized out>, user_data=<optimized out>, value=0x55a6cefbc490) at ../src/backends/native/meta-kms-crtc.c:487
        _object_ptr = {in = 0x55a6cefbc490 "\220\310\331ЦU", out = 0x55a6cefbc490}
        plane_state = 0x55a6cefbc490
#5 swap_plane_buffers (key=<optimized out>, value=0x55a6cefbc490, user_data=<optimized out>) at ../src/backends/native/meta-kms-crtc.c:479
        plane_state = 0x55a6cefbc490
#6 0x00007f5064256698 in g_hash_table_foreach () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#7 0x00007f506367b86c in meta_kms_crtc_on_scanout_started (crtc=<optimized out>, crtc=<optimized out>) at ../src/backends/native/meta-kms-crtc.c:496
        page_flip_data = 0x55a6cf69d180
        l = <optimized out>
        __func__ = "meta_kms_page_flip_data_flipped"
#8 meta_kms_page_flip_data_flipped (kms=<optimized out>, user_data=0x55a6cf69d180) at ../src/backends/native/meta-kms-page-flip.c:153
        page_flip_data = 0x55a6cf69d180
        l = <optimized out>
        __func__ = "meta_kms_page_flip_data_flipped"
#9 0x00007f5063695bce in flush_callbacks.isra.0 (kms=kms@entry=0x55a6cec0e9c0) at ../src/backends/native/meta-kms.c:478
        callback_data = 0x55a6cf078c30
        l = 0x55a6d08b2ec0 = {0x55a6cf078c30}
        callback_count = <optimized out>
#10 0x00007f506367b8dd in callback_idle (user_data=0x55a6cec0e9c0) at ../src/backends/native/meta-kms.c:494
        kms = 0x55a6cec0e9c0
#11 0x00007f5064272c24 in g_main_context_dispatch () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#12 0x00007f50642c76f8 in () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#13 0x00007f5064272293 in g_main_loop_run () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#14 0x00007f50635e35c9 in meta_context_run_main_loop (context=<optimized out>, error=0x7ffc4dbf21e8) at ../src/core/meta-context.c:437
        priv = 0x55a6cec03050
        __func__ = "meta_context_run_main_loop"
#15 0x000055a6cce14f12 in ()
#16 0x00007f5063314d90 in __libc_start_call_main (main=main@entry=0x55a6cce14a70, argc=argc@entry=1, argv=argv@entry=0x7ffc4dbf2388) at ../sysdeps/nptl/libc_start_call_main.h:58
        self = <optimized out>
        result = <optimized out>

                      unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 6610810358620701876, 140721612858248, 94174890248816, 94174890265080, 139983260733504, -6609371649918810956, -6548631210224696140},...

I found this in my syslog for the crash this morning

Apr 26 10:52:21 desktop whoopsie[6666]: [10:52:21] Parsing /var/crash/_usr_bin_gnome-shell.1000.crash.
Apr 26 10:52:21 desktop whoopsie[6666]: [10:52:21] Uploading /var/crash/_usr_bin_gnome-shell.1000.crash.
Apr 26 10:52:22 desktop whoopsie[6666]: [10:52:22] Sent; server replied with: No error
Apr 26 10:52:22 desktop whoopsie[6666]: [10:52:22] Response code: 200
Apr 26 10:52:22 desktop whoopsie[6666]: [10:52:22] Reported OOPS ID 9fb85060-c589-11ec-9979-fa163e55efd0

Maybe you can pull up the OOPS ID?

Thanks. It looks like a problem with errors.ubuntu.com itself, which is not uncommon. The crash report exists but it failed to get a stack trace and so errors.ubuntu.com can't categorise/group the crash reports.

This bug is still open at least, but it does mean we don't get a feel for how common the crash is. It looks like it may only happen at logout or during monitor config rearrangement.

Interesting your system appears to use 'amdgpu' (from bug 1969351). I wonder if bug 1970043 is the same crash.

It doesn't freeze. The primary monitor is connected to the RX 580, and 2nd monitor is connected to the motherboard. If I unplug the 2nd monitor thats using i915 there is no crash. Suspend and switching to TTY's work if I unplug the 2nd monitor.

Sounds like I will need to try an Intel+AMDGPU hybrid combo.

>It looks like it may only happen at logout or during monitor config rearrangement.
and suspend and switching TTY's and plugging the 2nd monitor back in.

I came here from 1969351. On a rig with two identical AMD GPUs (First driving one monitor, second driving three), I'll sometimes have the one monitor disconnect, but it won't detect the failure or cause the other three screens to rearrange until I try to apply a change in Display Settings, after which it will show the one monitor as missing. The system will continue operating normally for a minute or two, before crashing back to the login screen

Dmesg shows these entries:
[127759.552431] gnome-shell[4403]: segfault at 558324328300 ip 0000558324328300 sp 00007ffd66257c98 error 15
[127780.586613] apport-gtk[272085]: segfault at 18 ip 00007fa1e6314cf4 sp 00007fff77ca9820 error 4 in libgtk-3.so.0.2404.29[7fa1e620c000+383000]
[130882.632498] traps: gnome-shell[272824] general protection fault ip:7f3228a412e7 sp:7ffe4c6be868 error:0 in libgbm.so.1.0.0[7f3228a40000+8000]
[176834.926719] gnome-shell[285277]: segfault at 501000000af ip 00007f250fbc92e7 sp 00007fff283ee988 error 4 in libgbm.so.1.0.0[7f250fbc8000+8000]

- Sometimes the system crashes to the login screen during a screen lock without any interaction
- Sometimes the system crashes to the login screen when attempting to unlock a locked session
- Sometimes after unlock a session shows all the windows rearranged or consolidated into a single workspace as though a monitor was briefly disconnected. Often windows are 'maximized' with a strange offset from a monitor's edge, which is fixed by re-maximizing the window.
- Sometimes after unlock everything is fine.

I have crash reports for the most recent failure in /var/crash, though I'm not sure how to provide them. _usr_bin_gnome-shell.1000.crash is nearly 70MiB

Yes crashes in libgbm.so.1.0.0 are likely to be this bug. But we should create new bugs for each crash to confirm what they really are.

Please run:

  ubuntu-bug /var/crash/_usr_bin_gnome-shell.1000.crash

or if that doesn't work then try:

  apport-cli /var/crash/_usr_bin_gnome-shell.1000.crash

I ran it, but didn't get any output after executing it and submitting the report. Let me know if there's anything else I can do to help

Status changed to 'Confirmed' because the bug affects multiple users.

Another duplicate (bug 1987174) shows the crash happening on a hybrid system with i915+nouveau.

So it doesn't sound as related to AMDGPU as to hybrid systems in general (open source drivers).

See also:
https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1968#note_1275389

Hello @vanvugt,
I tried with gnome-42.4 with steps below and gnome-shell works fine

[Device]
Laptop with iGPU (intel) and dGPU (amd)

[steps]
1. Plug a monitor on iGPU (intel internal graphic) and plug the other monitor on dGPU (amd gpu)
2. Boot into system
3. Open gnome-settings-daemon and select `Displays`
4. Change the `Primary Display` to the other one

[result]
no crash with gnome-42.4

Test PPA:
https://launchpad.net/~andch/+archive/ubuntu/experimental-package

I can finally reproduce this using a dual GPU dual monitor setup (Intel + AMD).

Fixed upstream in:
https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1441#note_1548259

and in the patch for mutter 42:
https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2487.patch

Updating jammy here:
https://salsa.debian.org/gnome-team/mutter/-/merge_requests/82

This bug was fixed in the package mutter - 43~rc-2ubuntu2

---------------
mutter (43~rc-2ubuntu2) kinetic; urgency=medium

  * Ignore build test failures on s390x

 -- Jeremy Bicha <email address hidden> Tue, 13 Sep 2022 11:43:54 -0400

Hi Daniel,

In order to meet customer's TTM expectation, would you please upload the solution to Jammy -proposed no later than Oct. 29, 2022? Thanks for your great support.

It's in the upload queue for jammy updates:

https://launchpadlibrarian.net/629164794/mutter_42.5-0ubuntu1_source.changes

Hello errors.ubuntu.com, or anyone else affected,

Accepted mutter into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/mutter/42.5-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted mutter (42.5-0ubuntu1) for jammy have finished running.
The following regressions have been reported in tests triggered by the package:

mutter/42.5-0ubuntu1 (s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/jammy/update_excuses.html#mutter

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Just in time before updating to 22.10 :)

I tested with mutter 42.5-0ubuntu1

and for me the problem seems to be fixed, i can finally work with multiple monitors again :)

Thanks a lot!

I pulled gnome-shell, gnome-shell-common, mutter, and mutter-common 42.5-0ubuntu1 on 22.04.1 LTS, rebooted, and was able to immediately reproduce the issue by locking my screen and attempting to unlock it.

OOPS ID: fb8c6096-5550-11ed-b3c8-fa163ef35206

Brad,

I am unable to confirm if that's the same crash but the package you need to get the fix is 'libmutter-10-0' https://launchpad.net/ubuntu/jammy/amd64/libmutter-10-0/42.5-0ubuntu1

The verification of the Stable Release Update for mutter has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package mutter - 42.5-0ubuntu1

---------------
mutter (42.5-0ubuntu1) jammy; urgency=medium

  [ Marco Trevisan (Treviño) ]
  * New upstream release (LP: #1985856)
  * debian/patches: Refresh
  * debian/libmutter-10-0.symbols: Sync with new and removed internal symbols

  [ Daniel van Vugt ]
  * Update Support-Dynamic-triple-double-buffering.patch.
    Dual-GPUs crash in gbm_surface_release_buffer (LP: #1969422)
    Leftover mouse pointer when moving between monitors (LP: #1988625)

  [ Zoe Spellman ]
  * New upstream release

 -- Zoe Spellman <email address hidden> Thu, 13 Oct 2022 12:08:14 -0700

Can confirm that libmutter-10-0/42.5-0ubuntu1 fixed my issue. Thanks for all your hard work on this!

Confirmed. This fixed the issue.

Thanks!

This is confusing. errors.ubuntu.com reports the crash still occurring in 42.5-0ubuntu1 but it means gnome-shell 42.5-0ubuntu1, not mutter 42.5-0ubuntu1. And none at all recently enough to make the incident list so it seems the fix is actually working.