478057 – krfb crashes with ASSERT: "qimage.size() == streamSize"

Bug 478057 - krfb crashes with ASSERT: "qimage.size() == streamSize"

Summary: krfb crashes with ASSERT: "qimage.size() == streamSize"

Status:	RESOLVED FIXED

Alias:	None

Product:	krfb
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	Other Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	George Goldberg

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-12-04 16:11 UTC by Nicolas Fella
Modified:	2024-03-12 23:49 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:	https://invent.kde.org/network/krfb/-/commit/966ad6a1639732f882284ff6e708b0e37e624ca7
Version Fixed In:	24.02
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Nicolas Fella 2023-12-04 16:11:05 UTC

When starting

ASSERT: "qimage.size() == streamSize" in file /home/nico/kde5/src/kpipewire/src/dmabufhandler.cpp, line 175

#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x00007ffff58ae8a3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007ffff585c8ee in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007ffff58448ff in __GI_abort () at abort.c:79
#4  0x00007ffff5eb18bc in qt_message_fatal (message=<synthetic pointer>..., context=<optimized out>) at global/qlogging.cpp:1919
#5  QMessageLogger::fatal(char const*, ...) const (this=this@entry=0x7fffffffbd78, msg=msg@entry=0x7ffff6182000 "ASSERT: \"%s\" in file %s, line %d")
    at global/qlogging.cpp:898
#6  0x00007ffff5eb0a05 in qt_assert(char const*, char const*, int) (assertion=<optimized out>, file=<optimized out>, line=<optimized out>) at global/qglobal.cpp:3392
#7  0x00007fffe2e3d611 in DmaBufHandler::downloadFrame(QImage&, PipeWireFrame const&) (this=0x690100, qimage=..., frame=...)
    at /home/nico/kde5/src/kpipewire/src/dmabufhandler.cpp:175
#8  0x00007fffe004f0b7 in PWFrameBuffer::Private::handleFrame(PipeWireFrame const&) (this=0x690090, frame=...)
    at /home/nico/kde5/src/krfb/framebuffers/pipewire/pw_framebuffer.cpp:356
#9  0x00007fffe004c726 in operator()(PipeWireFrame const&) const (__closure=0x690c40, frame=...)
    at /home/nico/kde5/src/krfb/framebuffers/pipewire/pw_framebuffer.cpp:115
#10 0x00007fffe0050230 in QtPrivate::FunctorCall<QtPrivate::IndexesList<0>, QtPrivate::List<const PipeWireFrame&>, void, PWFrameBuffer::Private::Private(PWFrameBuffer*)::<lambda(const PipeWireFrame&)> >::call(struct {...} &, void **) (f=..., arg=0x7fffffffc180) at /usr/include/qt5/QtCore/qobjectdefs_impl.h:146
#11 0x00007fffe00501af in QtPrivate::Functor<PWFrameBuffer::Private::Private(PWFrameBuffer*)::<lambda(const PipeWireFrame&)>, 1>::call<QtPrivate::List<PipeWireFrame const&>, void>(struct {...} &, void *, void **) (f=..., arg=0x7fffffffc180) at /usr/include/qt5/QtCore/qobjectdefs_impl.h:256
#12 0x00007fffe005005a in QtPrivate::QFunctorSlotObject<PWFrameBuffer::Private::Private(PWFrameBuffer*)::<lambda(const PipeWireFrame&)>, 1, QtPrivate::List<const PipeWireFrame&>, void>::impl(int, QtPrivate::QSlotObjectBase *, QObject *, void **, bool *) (which=1, this_=0x690c30, r=0x6913a0, a=0x7fffffffc180, ret=0x0)
    at /usr/include/qt5/QtCore/qobjectdefs_impl.h:443
#13 0x00007ffff60e8871 in QtPrivate::QSlotObjectBase::call(QObject*, void**) (a=0x7fffffffc180, r=<optimized out>, this=0x690c30)
    at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#14 doActivate<false>(QObject*, int, void**) (sender=0x691110, signal_index=7, argv=0x7fffffffc180) at kernel/qobject.cpp:3925
#15 0x00007fffe0017d6d in PipeWireSourceStream::frameReceived(PipeWireFrame const&) (this=0x691110, _t1=...)
    at /home/nico/kde5/build/kpipewire/src/KPipeWire_autogen/EWIEGA46WW/moc_pipewiresourcestream.cpp:219
#16 0x00007fffe0027387 in PipeWireSourceStream::handleFrame(pw_buffer*) (this=0x691110, buffer=0xa04858)
    at /home/nico/kde5/src/kpipewire/src/pipewiresourcestream.cpp:533
#17 0x00007fffe0027562 in PipeWireSourceStream::process() (this=0x691110) at /home/nico/kde5/src/kpipewire/src/pipewiresourcestream.cpp:551
#18 0x00007fffe0025819 in onProcess(void*) (data=0x691110) at /home/nico/kde5/src/kpipewire/src/pipewiresourcestream.cpp:310
#19 0x00007fffc82716b8 in do_call_process
    (loop=<optimized out>, async=<optimized out>, seq=<optimized out>, data=<optimized out>, size=<optimized out>, user_data=0xa04420) at ../src/pipewire/stream.c:453
#20 do_call_process (loop=<optimized out>, async=<optimized out>, seq=<optimized out>, data=<optimized out>, size=<optimized out>, user_data=0xa04420)
    at ../src/pipewire/stream.c:446
#21 0x00007fffd190b27a in flush_items (impl=0x9e1008) at ../spa/plugins/support/loop.c:180
#22 0x00007fffd190a377 in source_event_func (source=0x770c40) at ../spa/plugins/support/loop.c:663
#23 0x00007fffd190bf16 in loop_iterate (object=0x9e1008, timeout=<optimized out>) at ../spa/plugins/support/loop.c:496
#24 0x00007fffe00184e4 in operator()() const (__closure=0x8508f0) at /home/nico/kde5/src/kpipewire/src/pipewirecore.cpp:78
#25 0x00007fffe00190e6 in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, PipeWireCore::init(int)::<lambda()> >::call(struct {...} &, void **) (f=..., arg=0x7fffffffcaf0) at /usr/include/qt5/QtCore/qobjectdefs_impl.h:146
#26 0x00007fffe00190c7 in QtPrivate::Functor<PipeWireCore::init(int)::<lambda()>, 0>::call<QtPrivate::List<>, void>(struct {...} &, void *, void **)
    (f=..., arg=0x7fffffffcaf0) at /usr/include/qt5/QtCore/qobjectdefs_impl.h:256
#27 0x00007fffe0019096 in QtPrivate::QFunctorSlotObject<PipeWireCore::init(int)::<lambda()>, 0, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase *, QObject *, void **, bool *) (which=1, this_=0x8508e0, r=0x7e5c00, a=0x7fffffffcaf0, ret=0x0) at /usr/include/qt5/QtCore/qobjectdefs_impl.h:443
#28 0x00007ffff60e8871 in QtPrivate::QSlotObjectBase::call(QObject*, void**) (a=0x7fffffffcaf0, r=<optimized out>, this=0x8508e0)
    at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
--Type <RET> for more, q to quit, c to continue without paging--c
#29 doActivate<false>(QObject*, int, void**) (sender=0x7fe490, signal_index=3, argv=0x7fffffffcaf0) at kernel/qobject.cpp:3925
#30 0x00007ffff60e3797 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**)
    (sender=sender@entry=0x7fe490, m=m@entry=0x7ffff6367420 <QSocketNotifier::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7fffffffcaf0) at kernel/qobject.cpp:3985
#31 0x00007ffff60eb27d in QSocketNotifier::activated(QSocketDescriptor, QSocketNotifier::Type, QSocketNotifier::QPrivateSignal)
    (this=this@entry=0x7fe490, _t1=..., _t2=<optimized out>, _t3=...) at .moc/moc_qsocketnotifier.cpp:178
#32 0x00007ffff60ebaeb in QSocketNotifier::event(QEvent*) (this=0x7fe490, e=<optimized out>) at kernel/qsocketnotifier.cpp:302
#33 0x00007ffff6daeb75 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x7fe490, e=0x7fffffffcc00)
    at kernel/qapplication.cpp:3640
#34 0x00007ffff60b4598 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x7fe490, event=0x7fffffffcc00) at kernel/qcoreapplication.cpp:1064
#35 0x00007ffff60b47b2 in QCoreApplication::sendEvent(QObject*, QEvent*) (receiver=<optimized out>, event=<optimized out>) at kernel/qcoreapplication.cpp:1462
#36 0x00007ffff610755f in socketNotifierSourceDispatch(GSource*, GSourceFunc, gpointer) (source=0x4b94d0) at kernel/qeventdispatcher_glib.cpp:107
#37 0x00007ffff4112e5c in g_main_dispatch (context=0x7fffdc000ec0) at ../glib/gmain.c:3476
#38 g_main_context_dispatch_unlocked (context=0x7fffdc000ec0) at ../glib/gmain.c:4284
#39 0x00007ffff416ddd8 in g_main_context_iterate_unlocked.isra.0
    (context=context@entry=0x7fffdc000ec0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4349
#40 0x00007ffff4110ad3 in g_main_context_iteration (context=0x7fffdc000ec0, may_block=1) at ../glib/gmain.c:4414
#41 0x00007ffff6106ad9 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x47e810, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#42 0x00007ffff60b2f5b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7fffffffcea0, flags=..., flags@entry=...)
    at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#43 0x00007ffff60bb1eb in QCoreApplication::exec() () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#44 0x000000000041e1b9 in main(int, char**) (argc=1, argv=0x7fffffffd4a8) at /home/nico/kde5/src/krfb/krfb/main.cpp:183

krfb master
kpipewire 5.27.9

Comment 1 Jordan Pryde 2024-03-12 23:49:22 UTC

(Manually making this comment since I didn't have a bug tracker account until now - I got an email that this failed)
Fixed by https://invent.kde.org/network/krfb/-/merge_requests/63 in master

@bug_id = 478057
@bug_status = RESOLVED
@resolution = FIXED
@cf_commitlink = https://invent.kde.org/network/krfb/-/commit/966ad6a1639732f882284ff6e708b0e37e624ca7

Git commit 966ad6a1639732f882284ff6e708b0e37e624ca7 by Jordan Pryde.
Committed on 12/03/2024 at 16:11.
Pushed by nicolasfella into branch 'release/24.02'.

DMA-BUF size may not match size from handleRemoteDesktopStarted()

QScreen::size() marshalled from xdg-desktop-portal-kde uses logical
scaled size but the DMA-BUF from pipewire is the physical pixel count.
We now check the DMA-BUF size each frame and resize the QImage buffer when
needed.
Related: bug 482929, bug 464547

M  +1    -0    framebuffers/pipewire/pw_framebuffer.cpp

https://invent.kde.org/network/krfb/-/commit/966ad6a1639732f882284ff6e708b0e37e624ca7