SUMMARY I started krfb 21.12.2 from konsole in Plasma 5.24.2 on Wayland in a Fedora 36 KDE Plasma installation. I noticed that krfb didn't appear after trying to start it from the Application Launcher menu. xdg-desktop-portal segmentation faulted in magazine_chain_pop_head at ../glib/gslice.c:579 in glib2-2.71.2-1.fc36.x86_64 sometimes when starting krfb with the following trace. Core was generated by `/usr/libexec/xdg-desktop-portal'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007fe40a194f51 in magazine_chain_pop_head (magazine_chunks=<optimized out>) at ../glib/gslice.c:579 579 ChunkLink *chunk = (*magazine_chunks)->data; [Current thread is 1 (Thread 0x7fe3fb689640 (LWP 16331))] (gdb) bt #0 0x00007fe40a194f51 in magazine_chain_pop_head (magazine_chunks=<optimized out>) at ../glib/gslice.c:579 #1 magazine_chain_prepare_fields (magazine_chunks=0x7fe300000000) at ../glib/gslice.c:661 #2 magazine_cache_push_magazine (ix=14, magazine_chunks=0x7fe3d0008110, count=5) at ../glib/gslice.c:735 #3 0x00007fe40a1950f6 in private_thread_memory_cleanup (data=0x7fe3d00008e0) at ../glib/gslice.c:821 #4 0x00007fe409f89181 in __GI___nptl_deallocate_tsd () at nptl_deallocate_tsd.c:73 #5 __GI___nptl_deallocate_tsd () at nptl_deallocate_tsd.c:22 #6 0x00007fe409f8be98 in start_thread (arg=<optimized out>) at pthread_create.c:453 #7 0x00007fe40a0116d0 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81 The journal from when one of the crashes happened follows. Mar 04 14:25:16 kwalletd5[1175]: Application ' "krfb" ' using kwallet without parent window! Mar 04 14:25:17 kernel: "filter_IN_drop_DROP: "IN=enp1s0 OUT= MAC= SRC=fe80:0000:0000:0000:265c:5b24:c7aa:102b DST=ff02:0000:0000:0000:0000:0000:0000:00fb LEN=164 TC=0 HOPLIMIT=255 FLOWLBL=52591 PROTO=UDP SPT=5353 DPT=5353 LEN=124 Mar 04 14:25:17 kernel: "filter_IN_drop_DROP: "IN=enp1s0 OUT= MAC= SRC=192.168.2.10 DST=224.0.0.251 LEN=144 TOS=0x00 PREC=0x00 TTL=255 ID=19703 DF PROTO=UDP SPT=5353 DPT=5353 LEN=124 Mar 04 14:25:17 xdg-desktop-portal-kde[1676]: file:///usr/lib64/qt5/qml/org/kde/plasma/workspace/dialogs/SystemDialog.qml:81:5: Unable to assign [undefined] to int Mar 04 14:25:17 xdg-desktop-portal-kde[1676]: file:///usr/lib64/qt5/qml/org/kde/plasma/workspace/dialogs/SystemDialog.qml:80:5: Unable to assign [undefined] to int Mar 04 14:25:17 kernel: "filter_IN_drop_DROP: "IN=enp1s0 OUT= MAC= SRC=fe80:0000:0000:0000:265c:5b24:c7aa:102b DST=ff02:0000:0000:0000:0000:0000:0000:00fb LEN=164 TC=0 HOPLIMIT=255 FLOWLBL=52591 PROTO=UDP SPT=5353 DPT=5353 LEN=124 Mar 04 14:25:17 kernel: "filter_IN_drop_DROP: "IN=enp1s0 OUT= MAC= SRC=192.168.2.10 DST=224.0.0.251 LEN=144 TOS=0x00 PREC=0x00 TTL=255 ID=19937 DF PROTO=UDP SPT=5353 DPT=5353 LEN=124 Mar 04 14:25:17 kernel: "filter_IN_drop_DROP: "IN=enp1s0 OUT= MAC= SRC=fe80:0000:0000:0000:265c:5b24:c7aa:102b DST=ff02:0000:0000:0000:0000:0000:0000:00fb LEN=164 TC=0 HOPLIMIT=255 FLOWLBL=52591 PROTO=UDP SPT=5353 DPT=5353 LEN=124 Mar 04 14:25:17 kernel: "filter_IN_drop_DROP: "IN=enp1s0 OUT= MAC= SRC=192.168.2.10 DST=224.0.0.251 LEN=144 TOS=0x00 PREC=0x00 TTL=255 ID=19946 DF PROTO=UDP SPT=5353 DPT=5353 LEN=124 Mar 04 14:25:17 plasmashell[1329]: kf.plasma.quick: Couldn't create KWindowShadow for ToolTipDialog(0x555f7b44d5a0) Mar 04 14:25:17 plasmashell[1329]: kf.plasma.quick: Couldn't create KWindowShadow for ToolTipDialog(0x555f7b44d5a0) Mar 04 14:25:17 plasmashell[1329]: kf.plasma.quick: Couldn't create KWindowShadow for ToolTipDialog(0x555f7b44d5a0) Mar 04 14:25:17 kernel: "filter_IN_drop_DROP: "IN=enp1s0 OUT= MAC= SRC=192.168.2.10 DST=224.0.0.251 LEN=233 TOS=0x00 PREC=0x00 TTL=255 ID=20065 DF PROTO=UDP SPT=5353 DPT=5353 LEN=213 Mar 04 14:25:17 kernel: "filter_IN_drop_DROP: "IN=enp1s0 OUT= MAC= SRC=fe80:0000:0000:0000:265c:5b24:c7aa:102b DST=ff02:0000:0000:0000:0000:0000:0000:00fb LEN=237 TC=0 HOPLIMIT=255 FLOWLBL=52591 PROTO=UDP SPT=5353 DPT=5353 LEN=197 Mar 04 14:25:18 kernel: "filter_IN_drop_DROP: "IN=enp1s0 OUT= MAC= SRC=192.168.2.10 DST=224.0.0.251 LEN=233 TOS=0x00 PREC=0x00 TTL=255 ID=20230 DF PROTO=UDP SPT=5353 DPT=5353 LEN=213 Mar 04 14:25:18 kernel: "filter_IN_drop_DROP: "IN=enp1s0 OUT= MAC= SRC=fe80:0000:0000:0000:265c:5b24:c7aa:102b DST=ff02:0000:0000:0000:0000:0000:0000:00fb LEN=237 TC=0 HOPLIMIT=255 FLOWLBL=52591 PROTO=UDP SPT=5353 DPT=5353 LEN=197 Mar 04 14:25:21 systemd[1]: systemd-localed.service: Deactivated successfully. Mar 04 14:25:21 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-localed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Mar 04 14:25:21 kernel: "filter_IN_drop_DROP: "IN=enp1s0 OUT= MAC= SRC=192.168.2.10 DST=224.0.0.251 LEN=233 TOS=0x00 PREC=0x00 TTL=255 ID=21147 DF PROTO=UDP SPT=5353 DPT=5353 LEN=213 Mar 04 14:25:21 kernel: "filter_IN_drop_DROP: "IN=enp1s0 OUT= MAC= SRC=fe80:0000:0000:0000:265c:5b24:c7aa:102b DST=ff02:0000:0000:0000:0000:0000:0000:00fb LEN=237 TC=0 HOPLIMIT=255 FLOWLBL=52591 PROTO=UDP SPT=5353 DPT=5353 LEN=197 Mar 04 14:25:21 audit: BPF prog-id=0 op=UNLOAD Mar 04 14:25:21 audit: BPF prog-id=0 op=UNLOAD Mar 04 14:25:21 audit: BPF prog-id=0 op=UNLOAD Mar 04 14:25:23 kwin_wayland[1220]: This plugin does not support raise() Mar 04 14:25:24 plasmashell[1329]: kf.plasma.quick: Couldn't create KWindowShadow for ToolTipDialog(0x555f7b44d5a0) Mar 04 14:25:24 plasmashell[1329]: kf.plasma.quick: Couldn't create KWindowShadow for ToolTipDialog(0x555f7b44d5a0) Mar 04 14:25:24 plasmashell[1329]: kf.plasma.quick: Couldn't create KWindowShadow for ToolTipDialog(0x555f7b44d5a0) Mar 04 14:25:27 konsole[2203]: qt.qpa.wayland: setGrabPopup called with a parent, QtWaylandClient::QWaylandXdgSurface(0x55cfbb079d10) which does not match the current topmost grabbing popup, QtWaylandClient::QWaylandXdgSurface(0x55cfbb0fd410) According to the xdg-shell protocol, this is not allowed. The wayland QPA plugin is currently handling it by setting the parent to the topmost grabbing popup. Note, however, that this may cause positioning errors and popups closing unxpectedly because xdg-shell mandate that child popups close before parents Mar 04 14:25:32 chronyd[889]: Selected source 68.69.221.61 (2.fedora.pool.ntp.org) Mar 04 14:25:32 audit[1637]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=1637 comm="pool-/usr/libex" exe="/usr/libexec/xdg-desktop-portal" sig=11 res=1 Mar 04 14:25:32 kernel: pool-/usr/libex[2262]: segfault at 7eff00000008 ip 00007effafb34f51 sp 00007effa1028ca0 error 4 in libglib-2.0.so.0.7102.0[7effafae0000+91000] Mar 04 14:25:32 kernel: Code: 41 5d 41 5e 41 5f c3 48 8b 39 e9 9c fe ff ff 48 8b 0a 48 8b 71 08 e9 7a fe ff ff 48 8b 10 48 8b 7a 08 e9 58 fe ff ff 48 8b 06 <48> 8b 48 08 e9 36 fe ff ff 66 0f 1f 44 00 00 48 c7 02 00 00 00 00 Mar 04 14:25:32 systemd[1]: Created slice system-systemd\x2dcoredump.slice - Slice /system/systemd-coredump. Mar 04 14:25:32 audit: BPF prog-id=82 op=LOAD Mar 04 14:25:32 audit: BPF prog-id=83 op=LOAD Mar 04 14:25:32 audit: BPF prog-id=84 op=LOAD Mar 04 14:25:32 systemd[1]: Started systemd-coredump@0-2325-0.service - Process Core Dump (PID 2325/UID 0). Mar 04 14:25:32 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-coredump@0-2325-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Mar 04 14:25:32 [2327]: [164B blob data] Mar 04 14:25:32 systemd-coredump[2326]: Process 1637 (xdg-desktop-por) of user 1000 dumped core. Module linux-vdso.so.1 with build-id 3ec51a120a13b692141ad0b0179c397a86d998d8 Module libpipewire-module-session-manager.so with build-id 60286a5b1745da768bb63216a7d161fff95718e0 Metadata for module libpipewire-module-session-manager.so owned by FDO found: { "type" : "rpm", "name" : "pipewire", "version" : "0.3.48-1.fc36", "architecture" : "x86_64", "osCpe" : "cpe:/o:fedoraproject:fedora:36" } Module libpipewire-module-metadata.so with build-id bcb66190d5f0c65df59520fe709b2bc972645b5e Metadata for module libpipewire-module-metadata.so owned by FDO found: { "type" : "rpm", "name" : "pipewire", "version" : "0.3.48-1.fc36", "architecture" : "x86_64", "osCpe" : "cpe:/o:fedoraproject:fedora:36" } Module libpipewire-module-adapter.so with build-id 2e14762caeb4de6e512c31cd508e21eefe0b2616 Metadata for module libpipewire-module-adapter.so owned by FDO found: { "type" : "rpm", "name" : "pipewire", "version" : "0.3.48-1.fc36", "architecture" : "x86_64", "osCpe" : "cpe:/o:fedoraproject:fedora:36" } Module libpipewire-module-client-device.so with build-id 9532fc815a1cb28c1ad7299383e585613879d71e Metadata for module libpipewire-module-client-device.so owned by FDO found: { "type" : "rpm", "name" : "pipewire", "version" : "0.3.48-1.fc36", "architecture" : "x86_64", "osCpe" : "cpe:/o:fedoraproject:fedora:36" } Module libpipewire-module-client-node.so with build-id 752f109307af611877762b02b2204d9cac7c39e6 Metadata for module libpipewire-module-client-node.so owned by FDO found: { "type" : "rpm", "name" : "pipewire", "version" : "0.3.48-1.fc36", "architecture" : "x86_64", "osCpe" : "cpe:/o:fedoraproject:fedora:36" } Module libpipewire-module-protocol-native.so with build-id c1a7f58fc1cd3ee0f222824363b17fd1e490826b Metadata for module libpipewire-module-protocol-native.so owned by FDO found: { "type" : "rpm", "name" : "pipewire", "version" : "0.3.48-1.fc36", "architecture" : "x86_64", "osCpe" : "cpe:/o:fedoraproject:fedora:36" } Module libdbus-1.so.3 with build-id f373262806cd4ddb50f7ec75a901c0779f545ea1 Metadata for module libdbus-1.so.3 owned by FDO found: { "type" : "rpm", "name" : "dbus", "version" : "1.13.22-1.fc36", "architecture" : "x86_64", "osCpe" : "cpe:/o:fedoraproject:fedora:36" } Module libspa-dbus.so with build-id 17362ed881ca2be392cedaab26fcc6bed3898ea7 Metadata for module libspa-dbus.so owned by FDO found: { "type" : "rpm", "name" : "pipewire", "version" : "0.3.48-1.fc36", "architecture" : "x86_64", "osCpe" : "cpe:/o:fedoraproject:fedora:36" } Module libspa-journal.so with build-id c4b6aafead5d95cdfc358f122d56b81db5958f5c Metadata for module libspa-journal.so owned by FDO found: { "type" : "rpm", "name" : "pipewire", "version" : "0.3.48-1.fc36", "architecture" : "x86_64", "osCpe" : "cpe:/o:fedoraproject:fedora:36" } Module libspa-support.so with build-id b132e6dc22e60a09408d5bb97d5989a24bfc7b2f Metadata for module libspa-support.so owned by FDO found: { "type" : "rpm", "name" : "pipewire", "version" : "0.3.48-1.fc36", "architecture" : "x86_64", "osCpe" : "cpe:/o:fedoraproject:fedora:36" } Module libgpg-error.so.0 with build-id e062a2af731dc1e3f23e92ce956ae91ee0c5942e Metadata for module libgpg-error.so.0 owned by FDO found: { "type" : "rpm", "name" : "libgpg-error", "version" : "1.44-1.fc36", "architecture" : "x86_64", "osCpe" : "cpe:/o:fedoraproject:fedora:36" } Module libgcrypt.so.20 with build-id c36b6d3a266e2fcc2484f0f1dcbaf620c63bbba8 Stack trace of thread 2262: #0 0x00007effafb34f51 magazine_cache_push_magazine (libglib-2.0.so.0 + 0x71f51) #1 0x00007effafb350f6 private_thread_memory_cleanup (libglib-2.0.so.0 + 0x720f6) #2 0x00007effaf929181 __GI___nptl_deallocate_tsd (libc.so.6 + 0x8e181) #3 0x00007effaf92be98 start_thread (libc.so.6 + 0x90e98) #4 0x00007effaf9b16d0 __clone3 (libc.so.6 + 0x1166d0) Stack trace of thread 1637: #0 0x00007effaf9a4e8f __GI___poll (libc.so.6 + 0x109e8f) #1 0x00007effafb6d42d g_main_context_iterate.constprop.0 (libglib-2.0.so.0 + 0xaa42d) #2 0x00007effafb178ef g_main_loop_run (libglib-2.0.so.0 + 0x548ef) #3 0x000055c9a645fc66 main (xdg-desktop-portal + 0x24c66) #4 0x00007effaf8c8590 __libc_start_call_main (libc.so.6 + 0x2d590) #5 0x00007effaf8c8649 __libc_start_main_impl (libc.so.6 + 0x2d649) #6 0x000055c9a6460235 _start (xdg-desktop-portal + 0x25235) Stack trace of thread 1643: #0 0x00007effaf9a4e8f __GI___poll (libc.so.6 + 0x109e8f) #1 0x00007effafb6d42d g_main_context_iterate.constprop.0 (libglib-2.0.so.0 + 0xaa42d) #2 0x00007effafb15b40 g_main_context_iteration (libglib-2.0.so.0 + 0x52b40) #3 0x00007effafb15b91 glib_worker_main (libglib-2.0.so.0 + 0x52b91) #4 0x00007effafb424d2 g_thread_proxy (libglib-2.0.so.0 + 0x7f4d2) #5 0x00007effaf92c017 start_thread (libc.so.6 + 0x91017) #6 0x00007effaf9b16d0 __clone3 (libc.so.6 + 0x1166d0) Stack trace of thread 1645: #0 0x00007effaf9a4e8f __GI___poll (libc.so.6 + 0x109e8f) #1 0x00007effafb6d42d g_main_context_iterate.constprop.0 (libglib-2.0.so.0 + 0xaa42d) #2 0x00007effafb178ef g_main_loop_run (libglib-2.0.so.0 + 0x548ef) #3 0x00007effafd775fa gdbus_shared_thread_func (libgio-2.0.so.0 + 0x1145fa) #4 0x00007effafb424d2 g_thread_proxy (libglib-2.0.so.0 + 0x7f4d2) #5 0x00007effaf92c017 start_thread (libc.so.6 + 0x91017) #6 0x00007effaf9b16d0 __clone3 (libc.so.6 + 0x1166d0) Stack trace of thread 1713: #0 0x00007effaf978005 __GI___clock_nanosleep (libc.so.6 + 0xdd005) #1 0x00007effaf97c867 __GI___nanosleep (libc.so.6 + 0xe1867) #2 0x00007effaf97c79e __sleep (libc.so.6 + 0xe179e) #3 0x000055c9a647a042 background_monitor.lto_priv.0 (xdg-desktop-portal + 0x3f042) #4 0x00007effafb424d2 g_thread_proxy (libglib-2.0.so.0 + 0x7f4d2) #5 0x00007effaf92c017 start_thread (libc.so.6 + 0x91017) #6 0x00007effaf9b16d0 __clone3 (libc.so.6 + 0x1166d0) Stack trace of thread 1675: #0 0x00007effaf9a4e8f __GI___poll (libc.so.6 + 0x109e8f) #1 0x00007effafb6d42d g_main_context_iterate.constprop.0 (libglib-2.0.so.0 + 0xaa42d) #2 0x00007effafb15b40 g_main_context_iteration (libglib-2.0.so.0 + 0x52b40) #3 0x00007effa00123ad dconf_gdbus_worker_thread (libdconfsettings.so + 0x73ad) #4 0x00007effafb424d2 g_thread_proxy (libglib-2.0.so.0 + 0x7f4d2) #5 0x00007effaf92c017 start_thread (libc.so.6 + 0x91017) #6 0x00007effaf9b16d0 __clone3 (libc.so.6 + 0x1166d0) Stack trace of thread 1712: #0 0x00007effaf9b0cae epoll_wait (libc.so.6 + 0x115cae) #1 0x00007eff9178f818 impl_pollfd_wait (libspa-support.so + 0x14818) #2 0x00007eff91781d6c loop_iterate (libspa-support.so + 0x6d6c) #3 0x00007effafe83c87 do_loop (libpipewire-0.3.so.0 + 0x40c87) #4 0x00007effaf92c017 start_thread (libc.so.6 + 0x91017) #5 0x00007effaf9b16d0 __clone3 (libc.so.6 + 0x1166d0) ELF object binary architecture: AMD x86-64 Mar 04 14:25:32 systemd[1]: systemd-coredump@0-2325-0.service: Deactivated successfully. Mar 04 14:25:32 systemd[1156]: xdg-desktop-portal.service: Main process exited, code=dumped, status=11/SEGV Mar 04 14:25:32 systemd[1156]: xdg-desktop-portal.service: Failed with result 'core-dump'. Mar 04 14:25:32 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-coredump@0-2325-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Mar 04 14:25:32 audit: BPF prog-id=0 op=UNLOAD Mar 04 14:25:32 audit: BPF prog-id=0 op=UNLOAD Mar 04 14:25:32 audit: BPF prog-id=0 op=UNLOAD Mar 04 14:25:38 abrt-server[2334]: Retrieving coredump with coredumpctl Mar 04 14:25:39 abrt-server[2334]: Deleting problem directory ccpp-2022-03-04-14:25:33.59059-1637 (dup of ccpp-2022-03-04-02:38:33.971535-7567) Mar 04 14:25:40 abrt-notification[2378]: Process 7567 (xdg-desktop-portal) crashed in magazine_cache_push_magazine() xdg-desktop-portal crashed 7/10 times when starting krfb. krfb kept running even though the xdg-desktop-portal crash happened. I usually clicked to remove the check mark beside Enable Screen Sharing though I don't know if that is necessary for the crash to happen. STEPS TO REPRODUCE 1. Boot a Fedora 36 KDE Plasma installation updated to 2022-3-4 with updates-testing enabled 2. Log in to Plasma on Wayland 3. Start Konsole 4. Run krfb in Konsole 5. click to remove the check mark beside Enable Screen Sharing. I'm unsure if this step is necessary. OBSERVED RESULT Starting krfb from konsole sometimes resulted in a crash of xdg-desktop-portal EXPECTED RESULT xdg-desktop-portal wouldn't crash. SOFTWARE/OS VERSIONS Linux/KDE Plasma: Fedora 36 (available in About System) KDE Plasma Version: 5.24.2 KDE Frameworks Version: 5.91.0 Qt Version: 5.15.2 + KDE repo patches ADDITIONAL INFORMATION I ran xdg-desktop-portal under valgrind by editing /usr/lib/systemd/user/xdg-desktop-portal.service to have a line like ExecStart=valgrind /usr/libexec/xdg-desktop-portal and rebooting. I ran krfb from konsole. An invalid write and invalid read were found by valgrind in UnknownInlinedFun at screen-cast.c:587-589 in xdg-desktop-portal-1.12.1-2.fc36.x86_64 which might've been an out-of-bounds write and read given messages like "Address 0x1a573970 is 0 bytes after a block of size 256 alloc'd" ==2350== Thread 7 pool-/usr/libex: ==2350== Invalid write of size 4 ==2350== at 0x14C2EA: UnknownInlinedFun (screen-cast.c:587) ==2350== by 0x14C2EA: handle_select_sources (screen-cast.c:785) ==2350== by 0x4FB2745: ffi_call_unix64 (unix64.S:105) ==2350== by 0x4FAF4D1: ffi_call_int.lto_priv.0 (ffi64.c:672) ==2350== by 0x4B70082: g_cclosure_marshal_generic (gclosure.c:1534) ==2350== by 0x4B69E5F: g_closure_invoke (gclosure.c:830) ==2350== by 0x4B96884: signal_emit_unlocked_R.isra.0 (gsignal.c:3783) ==2350== by 0x16BB6A: _xdp_screen_cast_skeleton_handle_method_call (xdp-dbus.c:37045) ==2350== by 0x4A9FF6A: dispatch_in_thread_func (gdbusinterfaceskeleton.c:540) ==2350== by 0x4A2DFB2: g_task_thread_pool_thread (gtask.c:1434) ==2350== by 0x4C36EF1: g_thread_pool_thread_proxy.lto_priv.0 (gthreadpool.c:354) ==2350== by 0x4C344D1: g_thread_proxy (gthread.c:827) ==2350== by 0x4DA4016: start_thread (pthread_create.c:442) ==2350== Address 0x1a573970 is 0 bytes after a block of size 256 alloc'd ==2350== at 0x484586F: malloc (vg_replace_malloc.c:381) ==2350== by 0x4C0F498: g_malloc (gmem.c:125) ==2350== by 0x4C27DA5: g_slice_alloc (gslice.c:1072) ==2350== by 0x4C29DEC: g_slice_alloc0 (gslice.c:1098) ==2350== by 0x4B92236: g_type_create_instance (gtype.c:1901) ==2350== by 0x4B79FA7: g_object_new_internal (gobject.c:2011) ==2350== by 0x4B7B75C: g_object_new_valist (gobject.c:2355) ==2350== by 0x49F705D: g_initable_new_valist (ginitable.c:244) ==2350== by 0x49F713C: g_initable_new (ginitable.c:162) ==2350== by 0x147D29: UnknownInlinedFun (remote-desktop.c:160) ==2350== by 0x147D29: handle_create_session.lto_priv.1 (remote-desktop.c:272) ==2350== by 0x4FB2745: ffi_call_unix64 (unix64.S:105) ==2350== by 0x4FAF4D1: ffi_call_int.lto_priv.0 (ffi64.c:672) ==2350== ==2350== Invalid read of size 4 ==2350== at 0x14C315: UnknownInlinedFun (screen-cast.c:589) ==2350== by 0x14C315: handle_select_sources (screen-cast.c:785) ==2350== by 0x4FB2745: ffi_call_unix64 (unix64.S:105) ==2350== by 0x4FAF4D1: ffi_call_int.lto_priv.0 (ffi64.c:672) ==2350== by 0x4B70082: g_cclosure_marshal_generic (gclosure.c:1534) ==2350== by 0x4B69E5F: g_closure_invoke (gclosure.c:830) ==2350== by 0x4B96884: signal_emit_unlocked_R.isra.0 (gsignal.c:3783) ==2350== by 0x16BB6A: _xdp_screen_cast_skeleton_handle_method_call (xdp-dbus.c:37045) ==2350== by 0x4A9FF6A: dispatch_in_thread_func (gdbusinterfaceskeleton.c:540) ==2350== by 0x4A2DFB2: g_task_thread_pool_thread (gtask.c:1434) ==2350== by 0x4C36EF1: g_thread_pool_thread_proxy.lto_priv.0 (gthreadpool.c:354) ==2350== by 0x4C344D1: g_thread_proxy (gthread.c:827) ==2350== by 0x4DA4016: start_thread (pthread_create.c:442) ==2350== Address 0x1a573970 is 0 bytes after a block of size 256 alloc'd ==2350== at 0x484586F: malloc (vg_replace_malloc.c:381) ==2350== by 0x4C0F498: g_malloc (gmem.c:125) ==2350== by 0x4C27DA5: g_slice_alloc (gslice.c:1072) ==2350== by 0x4C29DEC: g_slice_alloc0 (gslice.c:1098) ==2350== by 0x4B92236: g_type_create_instance (gtype.c:1901) ==2350== by 0x4B79FA7: g_object_new_internal (gobject.c:2011) ==2350== by 0x4B7B75C: g_object_new_valist (gobject.c:2355) ==2350== by 0x49F705D: g_initable_new_valist (ginitable.c:244) ==2350== by 0x49F713C: g_initable_new (ginitable.c:162) ==2350== by 0x147D29: UnknownInlinedFun (remote-desktop.c:160) ==2350== by 0x147D29: handle_create_session.lto_priv.1 (remote-desktop.c:272) ==2350== by 0x4FB2745: ffi_call_unix64 (unix64.S:105) ==2350== by 0x4FAF4D1: ffi_call_int.lto_priv.0 (ffi64.c:672) ==2350== ==2350== xdg-desktop-portal didn't crash under valgrind, but I only ran it a couple times with the same invalid writes and reads shown. I reported this problem at https://bugzilla.redhat.com/show_bug.cgi?id=2060990