That's excellent Gary, thank you. Sponsored: https://launchpad.net/ubuntu/noble/+upload/38508866/+files/plymouth_24.004.60-1ubuntu7.2_source.changes
** Description changed: + [Impact] + + * plymouthd SIGSEGVs during boot on systems that have a terminal-less + secondary DRM head while the boot splash is active. Effect for users: + the boot splash dies and a plymouthd coredump is logged every boot. On + an encrypted-disk install this is the LUKS passphrase splash. + + * Root cause is a NULL dereference of backend->terminal in + ply_terminal_set_disabled_input(). Plymouth assigns a terminal only to + the primary console DRM card but still builds a backend and watches + input on secondary, terminal-less DRM heads. The public reports trigger + this with NVIDIA multi-GPU / vt-less kernels. A second trigger is a + DisplayLink evdi connector that reports connected+enabled with a 0-byte + EDID, which is also a terminal-less head. + + * The upload fixes it by NULL-guarding the terminal pointer before the + terminal-input calls: in the set_disabled/_unbuffered/_buffered_input + functions in ply-terminal.c, and before the call in the drm and + frame-buffer renderers' close_input_source(). It cherry-picks the two + upstream commits listed in the comment onto noble's -1ubuntu7.1 as + -1ubuntu7.2. + + * Justification for backporting: noble is 24.04 LTS in standard support. + Affected users get a crashing boot splash and a coredump on every boot, + and the noble task has had no fix for roughly 14 months while the fix + has shipped in plucky and Fedora. The change is small and defensive. + + [Test Plan] + + * Affected configuration: noble with plymouth 24.004.60-1ubuntu7.1 and a + terminal-less secondary DRM head present while the splash is up. Either + an NVIDIA multi-GPU / vt-less-kernel setup, or a DisplayLink/evdi device + whose connector reports connected+enabled with an empty EDID. + + * Reproduce without the patch: + 1. Ensure "splash" is on the kernel command line. + 2. Boot with the affected head live during the splash. + 3. After boot, check for a plymouthd crash: + coredumpctl list plymouthd + coredumpctl info plymouthd + The backtrace shows the crash in ply_terminal_set_disabled_input + (here at +0x27 with rdi=0), reached via the drm renderer + add_input_device -> watch_input_device path. + + * Reproducer used by the reporter: HP ZBook Studio x360 G5, Intel i915 + + NVIDIA PRIME, StarTech USB32DP4K DisplayLink dongle (evdi) attached, + dracut initramfs that force-loads evdi early so the empty-EDID head is + live across switch_root. Booting with "splash" SIGSEGVs plymouthd as + above. + + * Verify with the -proposed package: install plymouth 24.004.60-1ubuntu7.2 + from noble-proposed, regenerate the initramfs, and boot the same way. + Expected: the splash completes and no new plymouthd coredump appears + (coredumpctl list plymouthd shows no new entry for the boot). The + reporter confirmed this with a local rebuild of the same two patches. + + [Where problems could occur] + + * The change adds NULL guards (~7 lines) in two places: the + set_disabled/_unbuffered/_buffered_input functions in + src/libply-splash-core/ply-terminal.c, and close_input_source() in the + drm and frame-buffer renderers (src/plugins/renderers/*/plugin.c). + + * If the guards were wrong, the failure mode would be input not being + toggled on a backend that legitimately has a terminal, i.e. the + terminal-input enable/disable on the primary console head being skipped. + In practice that would show up as the splash keyboard path + misbehaving -- the encrypted-disk passphrase prompt not accepting input, + or echo/no-echo being wrong at the prompt. Regression testers should + confirm the LUKS passphrase entry at the splash still accepts input with + correct echoing, and that the splash hands off to the display manager + cleanly, on a normal single-GPU machine with no secondary head as well + as on the affected configuration. + + * The change only gates the existing input-source open/close calls behind + a NULL check; it adds no new code paths. The same two commits are + shipping in plucky (24.004.60-2ubuntu6) and Fedora without reported + regressions, which lowers the risk but does not remove it, hence the + passphrase-input check above. + + [Other Info] + + * Upstream: commits 63597f92d108237a3ab7d2343a602a95edddd4e5 and + 5c10072a978dd7566559f44a54c3e031bb4cb216, freedesktop issue 288, first + upstream tag containing them 26.134.222. Related: Red Hat bz 2350956, + apport duplicates LP #2104358 and LP #2104360, earlier LP #2060086. + + * Development-release-first: the fix is Fix Released in plucky + (24.004.60-2ubuntu6) and in Fedora. I have not confirmed which plymouth + version the current development release ships or the state of its task, + so please confirm the development-release task is Fix Released (or get + it fixed there first) before this SRU is accepted. + + * The evdi empty-EDID head is an additional reproducer beyond the + NVIDIA multi-GPU trigger framed in the public reports; it is the same + NULL-terminal bug reached from a terminal-less head. + + * I have no upload rights. The debdiff is attached and ubuntu-sponsors is + subscribed for upload to noble-unapproved. I have not set the task to + In Progress; the sponsor uploads and sets status. I can run the Test + Plan against the -proposed build and mark verification-done-noble. + + [ Original Message ] + https://errors.ubuntu.com/problem/8d91218b809bc23879a6325c4eba1c9d4729cd0d https://errors.ubuntu.com/problem/6dd9b56f7dca6ce92e88daa30d67bef17aca57ab I got errors instead of the plymouth splash screen related to libply. Unfortunately I couldn't find the logs for the error on journalctl, but I could find something like this: mar 18 12:11:30 glados systemd[1]: Received SIGRTMIN+20 from PID 391 (plymouthd). For some reason plymouth is crashing. Please, let me know where I can find the logs for plymouthd since it doesn't seem to have a service unit for it. ProblemType: Bug DistroRelease: Ubuntu 25.04 Package: plymouth 24.004.60-2ubuntu5 ProcVersionSignature: Ubuntu 6.14.0-11.11~lp1845820-generic 6.14.0-rc6 Uname: Linux 6.14.0-11-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.32.0-0ubuntu2 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Tue Mar 18 12:13:50 2025 DefaultPlymouth: /usr/share/plymouth/themes/bgrt/bgrt.plymouth InstallationDate: Installed on 2021-11-26 (1208 days ago) InstallationMedia: Ubuntu 21.10 "Impish Indri" - Release amd64 (20211012) MachineType: Dell Inc. Dell G15 5511 ProcCmdLine: BOOT_IMAGE=/boot/vmlinuz-6.14.0-11-generic root=UUID=a15c1e1a-d162-4e98-98e6-bbc6e85a39c3 ro intel_iommu=on iommu=pt quiet splash crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M vt.handoff=7 ProcFB: 0 nvidia-drmdrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-6.14.0-11-generic root=UUID=a15c1e1a-d162-4e98-98e6-bbc6e85a39c3 ro intel_iommu=on iommu=pt quiet splash crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M vt.handoff=7 SourcePackage: plymouth TextPlymouth: /usr/share/plymouth/themes/ubuntu-text/ubuntu-text.plymouth UpgradeStatus: Upgraded to plucky on 2025-03-07 (11 days ago) dmi.bios.date: 12/16/2024 dmi.bios.release: 1.34 dmi.bios.vendor: Dell Inc. dmi.bios.version: 1.34.0 dmi.board.name: 0836K6 dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 10 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvr1.34.0:bd12/16/2024:br1.34:svnDellInc.:pnDellG155511:pvr:rvnDellInc.:rn0836K6:rvrA00:cvnDellInc.:ct10:cvr:sku0A70: dmi.product.family: GSeries dmi.product.name: Dell G15 5511 dmi.product.sku: 0A70 dmi.sys.vendor: Dell Inc. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2103533 Title: plymouth crashes with SIGSEGV in ply_terminal_set_disabled_input() from open_input_source() [drm.so] from ply_renderer_open_input_source() To manage notifications about this bug go to: https://bugs.launchpad.net/plymouth/+bug/2103533/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
