Package: muffin 6.6.3+zena
Cinnamon: 6.6.7
Distribution: Linux Mint Zena (Ubuntu 24.04 base)
GPU: NVIDIA (Alienware m17, driver 580.159.03)
Frequency: Reproducible, 4 crashes over 7 weeks, always identical stack
Crash summary
Cinnamon crashes with SIGSEGV every time a monitor hotplug event occurs
while GetMonitors is being called concurrently.
Exact trigger sequence (from journal)
09:03:22 — kernel detects DP-1 hotplug (HDMI/CEC, external monitor reconnecting after suspend/resume)
09:03:23 — cinnamon-screensaver detects monitor change, sends change notification
09:03:25 — Cinnamon SIGSEGV
GDB backtrace (top frames)
#0 meta_x11_display_logical_monitor_to_xinerama_index
(logical_monitor=0x5a9ac9d6eed0, x11_display=)
at ../src/x11/meta-x11-display.c:2087
#1 meta_display_logical_index_to_xinerama_index
(display=0x5a9ac27c23d0, log_index=)
at ../src/core/display.c:4058
...
#32 gjs_dbus_implementation_method_call
method_name="GetMonitors"
Root cause
GetMonitors in cinnamonDBus.js iterates Main.layoutManager.monitors
and calls global.display.logical_index_to_xinerama_index(current.index)
for each monitor. When a hotplug event causes muffin to rebuild the
monitor list mid-iteration, a stale logical_monitor pointer is passed
to meta_x11_display_logical_monitor_to_xinerama_index which dereferences
it at offset 0 — SIGSEGV.
The try/catch in GetMonitors does NOT catch this because the crash
occurs inside native C code in libmuffin, not in JS.
Suggested fix areas
- muffin: validate logical_monitor pointer in
meta_x11_display_logical_monitor_to_xinerama_index before dereferencing
- OR: cinnamonDBus.js: refresh monitor list inside GetMonitors
rather than iterating a potentially stale Main.layoutManager.monitors
- OR: add a monitor-list lock/guard during hotplug rebuilds
Package: muffin 6.6.3+zena
Cinnamon: 6.6.7
Distribution: Linux Mint Zena (Ubuntu 24.04 base)
GPU: NVIDIA (Alienware m17, driver 580.159.03)
Frequency: Reproducible, 4 crashes over 7 weeks, always identical stack
Crash summary
Cinnamon crashes with SIGSEGV every time a monitor hotplug event occurs
while GetMonitors is being called concurrently.
Exact trigger sequence (from journal)
09:03:22 — kernel detects DP-1 hotplug (HDMI/CEC, external monitor reconnecting after suspend/resume)
09:03:23 — cinnamon-screensaver detects monitor change, sends change notification
09:03:25 — Cinnamon SIGSEGV
GDB backtrace (top frames)
#0 meta_x11_display_logical_monitor_to_xinerama_index
(logical_monitor=0x5a9ac9d6eed0, x11_display=)
at ../src/x11/meta-x11-display.c:2087
#1 meta_display_logical_index_to_xinerama_index
(display=0x5a9ac27c23d0, log_index=)
at ../src/core/display.c:4058
...
#32 gjs_dbus_implementation_method_call
method_name="GetMonitors"
Root cause
GetMonitors in cinnamonDBus.js iterates Main.layoutManager.monitors
and calls global.display.logical_index_to_xinerama_index(current.index)
for each monitor. When a hotplug event causes muffin to rebuild the
monitor list mid-iteration, a stale logical_monitor pointer is passed
to meta_x11_display_logical_monitor_to_xinerama_index which dereferences
it at offset 0 — SIGSEGV.
The try/catch in GetMonitors does NOT catch this because the crash
occurs inside native C code in libmuffin, not in JS.
Suggested fix areas
meta_x11_display_logical_monitor_to_xinerama_index before dereferencing
rather than iterating a potentially stale Main.layoutManager.monitors