Crash during resize
Hello, I've experienced a crash during resize when using gnome-remote-desktop-daemon to share a screen on Fedora 31 via Pipewire. It took quite numerous attempts to reproduce it again in order to catch the crash details, so here are they:
Looks like pipewire data-loop thread crashed, the crash happens in particular situation, that is when I connect to Fedora 31 through vnc session and resize Fedora 31 screen immediately as soon as pipewire stream is started.
steps to reproduce: (this seems a very random crash and therefore it is difficult to reproduce as it needs many attempts)
- I connected to Fedora 31 VBox from my Ubuntu 16.04 physical machine through vnc session (Fedora 31 VBox is running on the same Ubuntu 16.04)
$ gvncviewer <IP address of Fedora 31>
- I resized Fedora 31 screen immediately as I accepted screen sharing request and Pipewire stream started.
Crash details
Thread 99 "gnome-remote-de" received signal SIGSEGV, Segmentation fault.
0x00007f43cdb38482 in write () from /lib64/libc.so.6
thread apply all bt:
Thread 99 (Thread 0x7f43c6d63700 (LWP 6674)):
#0 0x00007f43cdb38482 in write () from /lib64/libc.so.6
#1 0x00007f43cdeecd0d in on_rtsocket_condition () from /lib64/libpipewire-0.2.so.1
#2 0x00007f43ce26ab5e in loop_iterate () from /usr/lib64/spa/support/libspa-support.so
#3 0x00007f43cded5078 in do_loop () from /lib64/libpipewire-0.2.so.1
#4 0x00007f43cd9b94e2 in start_thread () from /lib64/libpthread.so.0
#5 0x00007f43cdb47643 in clone () from /lib64/libc.so.6
Thread 4 (Thread 0x7f43c7d65700 (LWP 2497)):
#0 0x00007f43cdb3ca1f in poll () from /lib64/libc.so.6
#1 0x00007f43ce18c79e in g_main_context_iterate.isra () from /lib64/libglib-2.0.so.0
#2 0x00007f43ce18c8d3 in g_main_context_iteration () from /lib64/libglib-2.0.so.0
#3 0x00007f43cc04f93d in dconf_gdbus_worker_thread () from /usr/lib64/gio/modules/libdconfsettings.so
#4 0x00007f43ce1b5f52 in g_thread_proxy () from /lib64/libglib-2.0.so.0
#5 0x00007f43cd9b94e2 in start_thread () from /lib64/libpthread.so.0
#6 0x00007f43cdb47643 in clone () from /lib64/libc.so.6
Thread 3 (Thread 0x7f43cc882700 (LWP 2492)):
#0 0x00007f43cdb3ca1f in poll () from /lib64/libc.so.6
#1 0x00007f43ce18c79e in g_main_context_iterate.isra () from /lib64/libglib-2.0.so.0
#2 0x00007f43ce18cb23 in g_main_loop_run () from /lib64/libglib-2.0.so.0
#3 0x00007f43ce07b70a in gdbus_shared_thread_func () from /lib64/libgio-2.0.so.0
#4 0x00007f43ce1b5f52 in g_thread_proxy () from /lib64/libglib-2.0.so.0
#5 0x00007f43cd9b94e2 in start_thread () from /lib64/libpthread.so.0
#6 0x00007f43cdb47643 in clone () from /lib64/libc.so.6
Thread 2 (Thread 0x7f43cd083700 (LWP 2491)):
#0 0x00007f43cdb3ca1f in poll () from /lib64/libc.so.6
#1 0x00007f43ce18c79e in g_main_context_iterate.isra () from /lib64/libglib-2.0.so.0
#2 0x00007f43ce18c8d3 in g_main_context_iteration () from /lib64/libglib-2.0.so.0
#3 0x00007f43ce18c921 in glib_worker_main () from /lib64/libglib-2.0.so.0
#4 0x00007f43ce1b5f52 in g_thread_proxy () from /lib64/libglib-2.0.so.0
#5 0x00007f43cd9b94e2 in start_thread () from /lib64/libpthread.so.0
#6 0x00007f43cdb47643 in clone () from /lib64/libc.so.6
Thread 1 (Thread 0x7f43cd0872c0 (LWP 2487)):
#0 0x00007f43cdb383fc in read () from /lib64/libc.so.6
#1 0x00007f43ce26add5 in loop_invoke () from /usr/lib64/spa/support/libspa-support.so
#2 0x00007f43cdeeebe1 in pw_stream_disconnect () from /lib64/libpipewire-0.2.so.1
#3 0x00007f43cdeeed18 in pw_stream_destroy () from /lib64/libpipewire-0.2.so.1
#4 0x000055e94d16a1bd in grd_vnc_pipewire_stream_finalize ()
#5 0x00007f43cdf1ccb0 in g_object_unref () from /lib64/libgobject-2.0.so.0
#6 0x000055e94d163c9b in grd_session_vnc_stop ()
#7 0x000055e94d1628b8 in grd_session_stop ()
#8 0x00007f43cd8e0aa8 in ffi_call_unix64 () from /lib64/libffi.so.6
#9 0x00007f43cd8e02a4 in ffi_call () from /lib64/libffi.so.6
#10 0x00007f43cdf1824d in g_cclosure_marshal_generic () from /lib64/libgobject-2.0.so.0
#11 0x00007f43cdf17742 in g_closure_invoke () from /lib64/libgobject-2.0.so.0
#12 0x00007f43cdf2b604 in signal_emit_unlocked_R () from /lib64/libgobject-2.0.so.0
#13 0x00007f43cdf3345a in g_signal_emitv () from /lib64/libgobject-2.0.so.0
#14 0x000055e94d15f945 in grd_dbus_remote_desktop_session_proxy_g_signal ()
#15 0x00007f43cdf17742 in g_closure_invoke () from /lib64/libgobject-2.0.so.0
#16 0x00007f43cdf2ad84 in signal_emit_unlocked_R () from /lib64/libgobject-2.0.so.0
#17 0x00007f43cdf343ae in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0
#18 0x00007f43cdf349d3 in g_signal_emit () from /lib64/libgobject-2.0.so.0
#19 0x00007f43ce0777a8 in on_signal_received () from /lib64/libgio-2.0.so.0
#20 0x00007f43ce066298 in emit_signal_instance_in_idle_cb () from /lib64/libgio-2.0.so.0
#21 0x00007f43ce188dcb in g_idle_dispatch () from /lib64/libglib-2.0.so.0
#22 0x00007f43ce18c4a0 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#23 0x00007f43ce18c830 in g_main_context_iterate.isra () from /lib64/libglib-2.0.so.0
#24 0x00007f43ce18c8d3 in g_main_context_iteration () from /lib64/libglib-2.0.so.0
#25 0x00007f43ce03fc75 in g_application_run () from /lib64/libgio-2.0.so.0
#26 0x000055e94d15963a in main ()
Disassembly of the current code that crashed:
│ >0x7f43cdb38482 <write+50> callq 0x7f43cdacce10 <__libc_enable_asynccancel> │
│ 0x7f43cdb38487 <write+55> mov 0x18(%rsp),%rdx │
│ 0x7f43cdb3848c <write+60> mov 0x10(%rsp),%rsi │
│ 0x7f43cdb38491 <write+65> mov %eax,%r8d │
│ 0x7f43cdb38494 <write+68> mov 0x8(%rsp),%edi │
│ 0x7f43cdb38498 <write+72> mov $0x1,%eax │
│ 0x7f43cdb3849d <write+77> syscall │
│ 0x7f43cdb3849f <write+79> cmp $0xfffffffffffff000,%rax │
│ 0x7f43cdb384a5 <write+85> ja 0x7f43cdb384d4 <write+132> │
│ 0x7f43cdb384a7 <write+87> mov %r8d,%edi │
│ 0x7f43cdb384aa <write+90> mov %rax,0x8(%rsp) │
│ 0x7f43cdb384af <write+95> callq 0x7f43cdacce70 <__libc_disable_asynccancel> │
│ 0x7f43cdb384b4 <write+100> mov 0x8(%rsp),%rax │
│ 0x7f43cdb384b9 <write+105> add $0x28,%rsp │
│ 0x7f43cdb384bd <write+109> retq │
│ 0x7f43cdb384be <write+110> xchg %ax,%ax │
│ 0x7f43cdb384c0 <write+112> mov 0xcf9a1(%rip),%rdx # 0x7f43cdc07e68 │
│ 0x7f43cdb384c7 <write+119> neg %eax
info registers
rax 0x1 1
rbx 0xffffffff 4294967295
rcx 0x0 0
rdx 0x8 8
rsi 0x7f43c6d600f8 139929075450104
rdi 0x133 307
rbp 0x7f43c6d60170 0x7f43c6d60170
rsp 0x7f43c6564000 0x7f43c6564000
r8 0x7f43c7f87020 139929094484000
r9 0x7f43c6d60120 139929075450144
r10 0x18 24
r11 0x2 2
r12 0x7f43c7f87010 139929094483984
r13 0x1 1
r14 0x7f43cdf03000 139929194606592
r15 0x55e94ecb3400 94460537680896
rip 0x7f43cdb38482 0x7f43cdb38482 <write+50>
eflags 0x10206 [ PF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
System info
[test@localhost ~]$ /usr/libexec/gnome-remote-desktop-daemon --version
GNOME Remote Desktop 0.1.7
[test@localhost ~]$ /usr/bin/pipewire --version
/usr/bin/pipewire
Compiled with libpipewire 0.2.6
Linked with libpipewire 0.2.6
[test@localhost ~]$ uname -r
5.3.7-301.fc31.x86_64
[test@localhost ~]$ cat /etc/fedora-release
Fedora release 31 (Thirty One)
[test@localhost ~]$ ldd --version
ldd (GNU libc) 2.30
Copyright (C) 2019 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.