Bug 1273183 - [abrt] gnome-shell: meta_monitor_config_assign_crtcs(): gnome-shell killed by SIGABRT
[abrt] gnome-shell: meta_monitor_config_assign_crtcs(): gnome-shell killed by...
Status: CLOSED EOL
Product: Fedora
Classification: Fedora
Component: gnome-shell (Show other bugs)
23
x86_64 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Owen Taylor
Fedora Extras Quality Assurance
https://retrace.fedoraproject.org/faf...
abrt_hash:59202f1a421851ee261ec2b15a7...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-19 17:09 EDT by Alex Chvatal
Modified: 2016-12-20 10:04 EST (History)
15 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-12-20 10:04:18 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
File: backtrace (41.90 KB, text/plain)
2015-10-19 17:09 EDT, Alex Chvatal
no flags Details
File: cgroup (190 bytes, text/plain)
2015-10-19 17:09 EDT, Alex Chvatal
no flags Details
File: core_backtrace (10.00 KB, text/plain)
2015-10-19 17:09 EDT, Alex Chvatal
no flags Details
File: dso_list (23.57 KB, text/plain)
2015-10-19 17:09 EDT, Alex Chvatal
no flags Details
File: environ (2.04 KB, text/plain)
2015-10-19 17:09 EDT, Alex Chvatal
no flags Details
File: limits (1.29 KB, text/plain)
2015-10-19 17:09 EDT, Alex Chvatal
no flags Details
File: maps (148.71 KB, text/plain)
2015-10-19 17:09 EDT, Alex Chvatal
no flags Details
File: mountinfo (3.38 KB, text/plain)
2015-10-19 17:09 EDT, Alex Chvatal
no flags Details
File: open_fds (4.05 KB, text/plain)
2015-10-19 17:09 EDT, Alex Chvatal
no flags Details
File: proc_pid_status (1023 bytes, text/plain)
2015-10-19 17:09 EDT, Alex Chvatal
no flags Details
File: var_log_messages (356 bytes, text/plain)
2015-10-19 17:09 EDT, Alex Chvatal
no flags Details
Fix driverPrivate nullification (599 bytes, patch)
2016-01-07 16:54 EST, Thomas Meyer
no flags Details | Diff

  None (edit)
Description Alex Chvatal 2015-10-19 17:09:21 EDT
Description of problem:
docked laptop with two attached monitors.

screen was locked.
unlocked screen but only one monitor started showing content.
lifted laptop lid to get monitors to refresh.
gnome crashed

Version-Release number of selected component:
gnome-shell-3.18.1-1.fc23

Additional info:
reporter:       libreport-2.6.3
backtrace_rating: 4
cmdline:        /usr/bin/gnome-shell
crash_function: meta_monitor_config_assign_crtcs
executable:     /usr/bin/gnome-shell
global_pid:     3019
kernel:         4.2.3-300.fc23.x86_64
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #4 meta_monitor_config_assign_crtcs at backends/meta-monitor-config.c:2032
 #5 apply_configuration at backends/meta-monitor-config.c:895
 #6 meta_monitor_config_restore_previous at backends/meta-monitor-config.c:1557
 #12 g_object_notify_by_spec_internal at gobject.c:1154
 #13 g_object_notify at gobject.c:1202
 #19 g_object_notify_by_spec_internal at gobject.c:1154
 #20 g_object_notify at gobject.c:1202
 #21 up_client_glue_proxy_g_properties_changed at up-client-glue.c:1348
 #22 ffi_call_unix64 at ../src/x86/unix64.S:76
 #23 ffi_call at ../src/x86/ffi64.c:525

Potential duplicate: bug 1204700
Comment 1 Alex Chvatal 2015-10-19 17:09:25 EDT
Created attachment 1084528 [details]
File: backtrace
Comment 2 Alex Chvatal 2015-10-19 17:09:26 EDT
Created attachment 1084529 [details]
File: cgroup
Comment 3 Alex Chvatal 2015-10-19 17:09:27 EDT
Created attachment 1084530 [details]
File: core_backtrace
Comment 4 Alex Chvatal 2015-10-19 17:09:28 EDT
Created attachment 1084531 [details]
File: dso_list
Comment 5 Alex Chvatal 2015-10-19 17:09:29 EDT
Created attachment 1084532 [details]
File: environ
Comment 6 Alex Chvatal 2015-10-19 17:09:30 EDT
Created attachment 1084533 [details]
File: limits
Comment 7 Alex Chvatal 2015-10-19 17:09:32 EDT
Created attachment 1084534 [details]
File: maps
Comment 8 Alex Chvatal 2015-10-19 17:09:33 EDT
Created attachment 1084535 [details]
File: mountinfo
Comment 9 Alex Chvatal 2015-10-19 17:09:34 EDT
Created attachment 1084536 [details]
File: open_fds
Comment 10 Alex Chvatal 2015-10-19 17:09:35 EDT
Created attachment 1084537 [details]
File: proc_pid_status
Comment 11 Alex Chvatal 2015-10-19 17:09:36 EDT
Created attachment 1084538 [details]
File: var_log_messages
Comment 12 lennart_reuther 2015-11-25 14:38:20 EST
Another user experienced a similar problem:

locking lenovo x200 laptop into docking station with 2 external monitors

reporter:       libreport-2.6.3
backtrace_rating: 4
cmdline:        /usr/bin/gnome-shell --wayland --display-server
crash_function: meta_monitor_config_assign_crtcs
executable:     /usr/bin/gnome-shell
global_pid:     1292
kernel:         4.2.6-300.fc23.x86_64
package:        gnome-shell-3.18.3-1.fc23
reason:         gnome-shell killed by SIGABRT
runlevel:       N 5
type:           CCpp
uid:            1000
Comment 13 Thomas Meyer 2016-01-07 15:41:33 EST
This crash seems to happen everytime when I unplug my external monitor on my hdmi output.
Comment 14 Thomas Meyer 2016-01-07 16:08:06 EST
2025│     {
2026│       g_hash_table_iter_steal (&iter);
2027│       g_ptr_array_add (crtcs, info);
2028│     }
2029│
2030│   all_outputs = meta_monitor_manager_get_outputs (manager,
2031│                                                   &n_outputs);
2032├>  g_assert (n_outputs == config->n_outputs);
2033│
2034│   for (i = 0; i < n_outputs; i++)
2035│     {
2036│       MetaOutputInfo *output_info = g_slice_new (MetaOutputInfo);
2037│       MetaOutputConfig *output_config = &config->outputs[i];
2038│
2039│       output_info->output = find_output_by_key (all_outputs, n_outputs,

(gdb) p	n_outputs
$12 = 2
(gdb) p	*config
$13 = {refcount = 2, keys = 0x55705f87eba0, outputs = 0x55705e337360, n_outputs = 1}
(gdb) p	*all_outputs
$14 = {crtc = 0x55705e416000, winsys_id	= 70, name = 0x55705fa70aa0 "HDMI1", vendor = 0x55705fa70a80 "unknown", product = 0x55705fa70b7
0 "unknown", serial = 0x55705fa70b90 "unknown",	width_mm = 0, height_mm = 0, subpixel_order = COGL_SUBPIXEL_ORDER_UNKNOWN, scale = 0, c
onnector_type = META_CONNECTOR_TYPE_HDMIA, preferred_mode = 0x55705db5e960, modes = 0x55705f1b07f0, n_modes = 24, possible_crtcs = 0x55
705fa70980, n_possible_crtcs = 2, possible_clones = 0x55705fa70bb0, n_possible_clones = 2, backlight = -1, backlight_min = 0, backlight
_max = 0, is_dirty = 0, is_primary = 1, is_presentation	= 0, is_underscanning = 0, supports_underscanning = 0, driver_private = 0x0, dr
iver_notify = 0x0, hotplug_mode_update = 0, suggested_x = -1, suggested_y = -1, tile_info = {group_id = 0, flags = 0, max_h_tiles = 0,
max_v_tiles = 0, loc_h_tile = 0, loc_v_tile = 0, tile_w = 0, tile_h = 0}}

Maybe related to https://retrace.fedoraproject.org/faf/reports/951153/ ?
Comment 15 Thomas Meyer 2016-01-07 16:27:53 EST
Regarding retrage 951153:

bt is:
#0  ms_ent_priv (scrn=0x19dae80) at driver.c:187
#1  FreeRec (pScrn=0x19dae80) at driver.c:632
#2  FreeScreen (pScrn=0x19dae80) at driver.c:1281
#3  0x0000000000480d6a in xf86DeleteScreen (pScrn=0x19dae80) at xf86Helper.c:240
#4  0x0000000000498ea6 in xf86platformRemoveDevice (index=index@entry=1) at xf86platformBus.c:587
#5  0x000000000049eb86 in DeleteGPUDeviceRequest (attribs=0x1e3d4f0) at lnx_platform.c:225
#6  0x000000000049a5df in device_removed (device=device@entry=0x1b20960) at udev.c:318
#7  0x000000000049b226 in wakeup_handler (data=<optimized out>, err=5, read_mask=0x8398a0 <LastSelectMask>) at udev.c:361
#8  0x000000000043b4dd in WakeupHandler (result=result@entry=5, pReadmask=pReadmask@entry=0x8398a0 <LastSelectMask>) at dixutils.c:423
#9  0x000000000059398f in WaitForSomething (pClientsReady=pClientsReady@entry=0x18ef140) at WaitFor.c:230
#10 0x000000000043676e in Dispatch () at dispatch.c:359
#11 0x000000000043a953 in dix_main (argc=14, argv=0x7ffe02310118, envp=<optimized out>) at main.c:300
#12 0x00007fba3c25c580 in __libc_start_main () from /lib64/libc.so.6
#13 0x0000000000424ce9 in _start ()

the bug seems to be in:

 183│ modesettingEntPtr ms_ent_priv(ScrnInfoPtr scrn)
 184│ {
 185│     DevUnion     *pPriv;
 186│     modesettingPtr ms = modesettingPTR(scrn);
 187├>    pPriv = xf86GetEntityPrivate(ms->pEnt->index,
 188│                                  ms_entity_index);
 189│     return pPriv->ptr;
 190│ }
 191│
 192│ static int
 193│ open_hw(const char *dev)
 194│ {
/usr/src/debug/xorg-server-1.18.0/hw/xfree86/drivers/modesetting/driver.c  

(gdb) p	ms
$3 = (modesettingPtr) 0x0

(gdb) p *scrn
$5 = {driverVersion = 1, driverName = 0x7fba1d6b3c49 "modesetting", pScreen = 0x21260d0, scrnIndex = 256, configured = 1, origIndex = 256, imageByteOrder = 0, bitmapScanlineUnit = 32, bitmapScanlinePad = 32, bitmapBitOrder = 0, numFormats = 0, formats = {{depth = 0 '\000', bitsPerPixel = 0 '\000', scanlinePad = 0 '\000'}, {depth = 0 '\000', bitsPerPixel = 0 '\000', scanlinePad = 0 '\000'}, {depth = 0 '\000', bitsPerPixel = 0 '\000', scanlinePad = 0 '\000'}, {depth = 0 '\000', bitsPerPixel = 0 '\000', scanlinePad = 0 '\000'}, {depth = 0 '\000', bitsPerPixel = 0 '\000', scanlinePad = 0 '\000'}, {depth = 0 '\000', bitsPerPixel = 0 '\000', scanlinePad = 0 '\000'}, {depth = 0 '\000', bitsPerPixel = 0 '\000', scanlinePad = 0 '\000'}, {depth = 0 '\000', bitsPerPixel = 0 '\000', scanlinePad = 0 '\000'}}, fbFormat = {depth = 24 '\030', bitsPerPixel = 32 ' ', scanlinePad = 32 ' '}, bitsPerPixel = 32, pixmap24 = Pix24DontCare, depth = 24, depthFrom = X_DEFAULT, bitsPerPixelFrom = X_DEFAULT, weight = {red = 8, green = 8, blue = 8}, mask = {red = 16711680, green = 65280, blue = 255}, offset = {red = 16, green = 8, blue = 0}, rgbBits = 8, gamma = {red = 1, green = 1, blue = 1}, defaultVisual = 4, maxHValue = 0, maxVValue = 0, virtualX = 1024, virtualY = 768, xInc = 0, virtualFrom = X_PROBED, displayWidth = 1024, frameX0 = 0, frameY0 = 0, frameX1 = 0, frameY1 = 0, zoomLocked = 0, modePool = 0x0, modes = 0x20da0f0, currentMode = 0x20da0f0, confScreen = 0x149a7a0, monitor = 0x149b010, display = 0x14add30, entityList = 0x19d3d90, numEntities = 1, widthmm = 260, heightmm = 140, xDpi = 100, yDpi =	139, name = 0x7fba1d6b3c55 "modeset", driverPrivate = 0x0, privates = 0x19f1da0, drv = 0x19d3d30, module = 0x19dd9e0, colorKey = 0, overlayFlags = 0, chipset = 0x0, ramdac = 0x0, clockchip = 0x0, progClock = 1, numClocks = 0, clock = {0 <repeats 128 times>}, videoRam = 0, biosBase = 0, memPhysBase =	0, fbOffset = 0, memClk = 0, flipPixels = 0, options = 0x0, chipID = 0, chipRev = 0, vtSema = 0, silkenMouse = 1, clockRanges = 0x0, adjustFlags = 0, preferClone = 0, reservedInt = {0 <repeats 16 times>}, entityInstanceList = 0x19f1de0, vgaDev = 0x0, reservedPtr = {0x0	<repeats 14 times>}, Probe = 0x0, PreInit = 0x7fba1d6add30 <PreInit>, ScreenInit = 0x7fba1d6ad3e0 <ScreenInit>, SwitchMode = 0x7fba1d6ac990 <SwitchMode>, AdjustFrame = 0x7fba1d6ac970 <AdjustFrame>, EnterVT = 0x7fba1d6ad390 <EnterVT>, LeaveVT = 0x7fba1d6ac910 <LeaveVT>, FreeScreen = 0x7fba1d6ac8c0 <FreeScreen>, ValidMode = 0x7fba1d6ac7d0 <ValidMode>, EnableDisableFBAccess = 0x0, SetDGAMode = 0x0, ChangeGamma = 0x4b7d20 <xf86RandR12ChangeGamma>, PointerMoved = 0x4b8b90 <xf86RandR12PointerMoved>, PMEvent =	0x0, DPMSSet = 0x4ae8e0 <xf86DPMSSet>,	LoadPalette = 0x0, SetOverscan = 0x0, DriverFunc = 0x7fba1d6ac7b0 <ms_driver_func>, ModeSet = 0x0, reservedFuncs = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, is_gpu = 1, capabilities = 3}
Comment 16 Thomas Meyer 2016-01-07 16:38:13 EST
This seems to be a bug in the xf86-modesetting driver:

(gdb) p (modesettingPtr)((scrn)->driverPrivate)
$6 = (struct _modesettingRec *) 0x0

driverPrivate is NULL. It is set to NULL in FreeRec function:

 625│         return;
 626│->   pScrn->driverPrivate = NULL;
 627│
 628│     if (ms->fd > 0) {
 629│         modesettingEntPtr ms_ent;
 630│         int ret;
 631│
 632├>        ms_ent = ms_ent_priv(pScrn);
 633│         ms_ent->fd_ref--;
 634│         if (!ms_ent->fd_ref) {
 635│             if (ms->pEnt->location.type == BUS_PCI)
 636│                 ret = drmClose(ms->fd);
 637│             else
 638│ #ifdef XF86_PDEV_SERVER_FD
 639│                 if (!(ms->pEnt->location.type == BUS_PLATFORM &&
/usr/src/debug/xorg-server-1.18.0/hw/xfree86/drivers/modesetting/driver.c   

line 626 clears the pointer and in line 632 it's used later on again by ms_ent_priv()
Comment 17 Thomas Meyer 2016-01-07 16:48:34 EST
Offending commit in modesetting driver:

commit 19e1dc8f6ea6d7ff5ba4a5caa0e2f40a47879408
Author: Dave Airlie <airlied@redhat.com>
Date:   Wed Jul 22 03:56:13 2015 +0100

    modesetting: add zaphod support (v3)
    
    This adds zaphod and ZaphodHeads support
    to the the in-server modesetting driver.
    
    this is based on a request from Mario,
    and on the current radeon driver, along
    with some patches from Mario to bring things
    up to the state of the art in Zaphod.
    
    v2: fixup vblank fd registring.
    v3: squash Mario's fixes.
      modesetting: Allow/Fix use of multiple ZaphodHead outputs per x-screen.
      modesetting: Take shift in crtc positions for ZaphodHeads configs into account.
      modesetting: Add ZaphodHeads description to man page.
    small cleanups (airlied).
    
    Reviewed-and-tested-by: Mario Kleiner <mario.kleiner.de@gmail.com>
    Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Dave Airlie <airlied@redhat.com>

diff --git a/hw/xfree86/drivers/modesetting/driver.c b/hw/xfree86/drivers/modesetting/driver.c
Comment 18 Thomas Meyer 2016-01-07 16:54 EST
Created attachment 1112620 [details]
Fix driverPrivate nullification
Comment 19 Felix Schwarz 2016-02-05 15:06:27 EST
(In reply to Thomas Meyer from comment #18)
> Created attachment 1112620 [details]
> Fix driverPrivate nullification

Did you try to contact Dave directly? Does your patch fix the issue for you? If so this seems to be a generic upstream patch. I'm not familiar with X.org's contribution policy but I assume the best way to get this fixed is to post your patch (using git send-email, add your DCO/Signed-Off) to xorg-devel (http://lists.x.org/mailman/listinfo/xorg-devel) and CC Dave, Mario and Alex explicitly.
(Please disregard this comment if you did so already. If you don't know how to do this or you think this is too time consuming for you, please let me know so others can drive this patch.)

Besides that your patch seems sensible. "driverPrivate" is needed by the "modesettingPTR" macro so it is set to NULL too early.

Anyway: Assuming your patch fixes the problem this bug is not about gnome-shell but should be filed against xorg-x11 or so.
Comment 20 Daniel Lehrner 2016-03-02 04:04:45 EST
This bug only occurs on my laptop (Lenovo U31-70) since the update to kernel 4.4.2-301. The older kernel versions work fine.
Comment 21 Fedora End Of Life 2016-11-24 07:50:52 EST
This message is a reminder that Fedora 23 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 23. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '23'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 23 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.
Comment 22 Fedora End Of Life 2016-12-20 10:04:18 EST
Fedora 23 changed to end-of-life (EOL) status on 2016-12-20. Fedora 23 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.