Bug#1133266: libmutter-18-0: gnome-shell crash during resume, meta_kms_impl_device_get_fd() on invalid pointer

Simon McVittie smcv at debian.org
Sat Apr 11 10:12:06 BST 2026 

Package: libmutter-18-0
Version: 50.0-1
Severity: important

While resuming my laptop from suspend using experimental's GNOME Shell, 
I saw this crash:

#0  meta_kms_impl_device_get_fd (impl_device=0x7fb973ebce76) at ../src/backends/native/meta-kms-impl-device.c:1234
#1  0x00007fbec27f65e7 in meta_kms_mode_create_blob_id
    (mode=mode at entry=0x7fbe88036020, error=error at entry=0x7fbeb5496160) at ../src/backends/native/meta-kms-mode.c:51
#2  0x00007fbec27eb962 in process_mode_set
    (impl_device=<optimized out>, update=0x55c73d80e970, req=0x55c73a8f9970, blob_ids=<optimized out>, update_entry=0x55c73e4f1c80, user_data=0x0, error=0x7fbeb5496160) at ../src/backends/native/meta-kms-impl-device-atomic.c:409
#3  process_entries
    (user_data=0x0, impl_device=0x7fbe88005660, update=0x55c73d80e970, req=0x55c73a8f9970, blob_ids=0x7fbea4024de0, entries=<optimized out>, func=<optimized out>, error=0x7fbeb5496160)
    at ../src/backends/native/meta-kms-impl-device-atomic.c:978
#4  meta_kms_impl_device_atomic_process_update
    (impl_device=0x7fbe88005660, update=0x55c73d80e970, flags=<optimized out>)
    at ../src/backends/native/meta-kms-impl-device-atomic.c:1204
#5  0x00007fbec27f0d00 in do_process
    (impl_device=impl_device at entry=0x7fbe88005660, latch_crtc=latch_crtc at entry=0x0, update=0x55c73d80e970, flags=flags at entry=META_KMS_UPDATE_FLAG_MODE_SET) at ../src/backends/native/meta-kms-impl-device.c:1636
#6  0x00007fbec27f3420 in filter_and_process
    (impl_device=0x7fbe88005660, latch_crtc=0x0, update=<optimized out>, flags=META_KMS_UPDATE_FLAG_MODE_SET)
    at ../src/backends/native/meta-kms-impl-device.c:1672
#7  process_mode_set_update (impl_device=0x7fbe88005660, update=0x55c73d80e970, flags=META_KMS_UPDATE_FLAG_MODE_SET)
    at ../src/backends/native/meta-kms-impl-device.c:2317
#8  meta_kms_impl_device_process_update
    (impl_device=0x7fbe88005660, update=0x55c73d80e970, flags=META_KMS_UPDATE_FLAG_MODE_SET)
    at ../src/backends/native/meta-kms-impl-device.c:2357
#9  0x00007fbec2810b81 in meta_thread_impl_dispatch (thread_impl=thread_impl at entry=0x55c737d5c610)
    at ../src/backends/native/meta-thread-impl.c:543
#10 0x00007fbec2810c99 in impl_source_dispatch
    (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>)
    at ../src/backends/native/meta-thread-impl.c:177
#11 0x00007fbec2d0566e in ??? () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#12 0x00007fbec2d089ff in ??? () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#13 0x00007fbec2d0948f in g_main_loop_run () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#14 0x00007fbec2810d2d in meta_thread_impl_run
    (thread_impl=<optimized out>, scheduling_priority=META_SCHEDULING_PRIORITY_HIGH_PRIORITY)
    at ../src/backends/native/meta-thread-impl.c:592
#15 0x00007fbec281210d in thread_impl_func (user_data=<optimized out>) at ../src/backends/native/meta-thread.c:552
#16 0x00007fbec2d3b4f6 in ??? () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#17 0x00007fbec249dda9 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:448
#18 0x00007fbec251ce08 in __GI___clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

I can't reproduce it on-demand: usually a suspend/resume works as 
expected.

In frame 0, impl_device is an invalid pointer.

In frame 1, it looks like mode might be invalid or corrupted:

(gdb) p *mode
$1 = {impl_device = 0x7fb973ebce76,
  flags = (META_KMS_MODE_FLAG_FALLBACK_LANDSCAPE | META_KMS_MODE_FLAG_FALLBACK_PORTRAIT | unknown: 0x32c60220),
  drm_mode = {clock = 3974231169, hdisplay = 0, hsync_start = 0, hsync_end = 0, htotal = 0, hskew = 0, vdisplay = 0,
    vsync_start = 0, vsync_end = 0, vtotal = 0, vscan = 0, vrefresh = 0, flags = 1, type = 0,
    name = "Nearest Neighbor", '\000' <repeats 15 times>}}

and similarly in frame 2.

The impl_device in frame 3 and up looks a lot more reasonable:

(gdb) p *impl_device
$6 = {parent_instance = {g_type_instance = {g_class = Python Exception <class 'TypeError'>: can only concatenate str (not "NoneType") to str
}, ref_count = 1, qdata = 0x0}}

More information about the pkg-gnome-maintainers mailing list