gnome-shell crashes when closing a RDP session
Running Fedora 38 with latest updates applied:
- gnome-shell-44.2-1.fc38.x86_64
- mutter-44.2-2.fc38.x86_64
gnome-shell crashes when closing a RDP session:
Jun 12 19:14:37 localhost gnome-shell[189663]: Removed virtual monitor Meta-0
Jun 12 19:14:37 localhost gnome-shell[189663]: (../clutter/clutter/clutter-frame-clock.c:966):clutter_frame_clock_dispose: runtime check failed: (frame_clock->state != CLUTTER_FRAME_CLOCK_STATE_DISPATCHING)
Jun 12 19:14:37 localhost gnome-shell[189663]: (../clutter/clutter/clutter-frame-clock.c:966):clutter_frame_clock_dispose: runtime check failed: (frame_clock->state != CLUTTER_FRAME_CLOCK_STATE_DISPATCHING)
Rebuilding mutter with ASAN, I obtain this trace
==156652==ERROR: AddressSanitizer: heap-use-after-free on address 0x6120008f3930 at pc 0x7ffff6d60767 bp 0x7fffffffd6c0 sp 0x7fffffffd6b8
READ of size 4 at 0x6120008f3930 thread T0
#0 0x7ffff6d60766 in clutter_frame_clock_dispatch ../clutter/clutter/clutter-frame-clock.c:791
#1 0x7ffff6d60c7e in frame_clock_source_dispatch ../clutter/clutter/clutter-frame-clock.c:845
#2 0x7ffff771339b in g_main_dispatch ../glib/gmain.c:3462
#3 0x7ffff7771437 in g_main_context_iterate.isra.0 ../glib/gmain.c:4278
#4 0x7ffff771299e in g_main_loop_run (/lib64/libglib-2.0.so.0+0x5b99e) (BuildId: 5a22434839bc0ffd81d62e696ef98f3046962fce)
#5 0x7ffff66cab9f in meta_context_run_main_loop ../src/core/meta-context.c:482
#6 0x555555557f86 in main (/usr/bin/gnome-shell.bin+0x3f86) (BuildId: 0bcf90ed2c0084ea46c251f192cf7a38dc912205)
#7 0x7ffff6249b49 in __libc_start_call_main (/lib64/libc.so.6+0x27b49) (BuildId: 245240a31888ad5c11bbc55b18e02d87388f59a9)
#8 0x7ffff6249c0a in __libc_start_main_alias_2 (/lib64/libc.so.6+0x27c0a) (BuildId: 245240a31888ad5c11bbc55b18e02d87388f59a9)
#9 0x555555558264 in _start (/usr/bin/gnome-shell.bin+0x4264) (BuildId: 0bcf90ed2c0084ea46c251f192cf7a38dc912205)
0x6120008f3930 is located 112 bytes inside of 264-byte region [0x6120008f38c0,0x6120008f39c8)
freed by thread T0 here:
#0 0x7ffff78d7fc8 in __interceptor_free.part.0 (/lib64/libasan.so.8+0xd7fc8) (BuildId: bac59ca9f1e357781008d7f6982314d30ca62672)
#1 0x7ffff77180c4 in g_free_sized (/lib64/libglib-2.0.so.0+0x610c4) (BuildId: 5a22434839bc0ffd81d62e696ef98f3046962fce)
#2 0x7ffff7f72042 in g_type_free_instance ../gobject/gtype.c:2062
#3 0x7ffff6e27232 in g_set_object /usr/include/glib-2.0/gobject/gobject.h:769
#4 0x7ffff6e281a2 in set_frame_clock_internal ../clutter/clutter/clutter-timeline.c:370
#5 0x7ffff6e2896f in update_frame_clock ../clutter/clutter/clutter-timeline.c:450
#6 0x7ffff6e289cd in on_actor_stage_views_changed ../clutter/clutter/clutter-timeline.c:457
#7 0x7ffff7f4c4e9 in g_closure_invoke (/lib64/libgobject-2.0.so.0+0x144e9) (BuildId: 544ec6e6b78d8fcd97662c95e04fea6e8a9870f8)
#8 0x7ffff7f7ae65 in signal_emit_unlocked_R.isra.0 ../gobject/gsignal.c:3812
#9 0x7ffff7f6bd0c in g_signal_emit_valist ../gobject/gsignal.c:3565
#10 0x7ffff7f6bf82 in g_signal_emit (/lib64/libgobject-2.0.so.0+0x33f82) (BuildId: 544ec6e6b78d8fcd97662c95e04fea6e8a9870f8)
#11 0x7ffff6d01789 in maybe_emit_stage_views_changed_cb ../clutter/clutter/clutter-actor.c:15285
#12 0x7ffff6d03ef1 in _clutter_actor_traverse_depth ../clutter/clutter/clutter-actor.c:15914
#13 0x7ffff6d03f98 in _clutter_actor_traverse_depth ../clutter/clutter/clutter-actor.c:15926
#14 0x7ffff6d03f98 in _clutter_actor_traverse_depth ../clutter/clutter/clutter-actor.c:15926
#15 0x7ffff6d03f98 in _clutter_actor_traverse_depth ../clutter/clutter/clutter-actor.c:15926
#16 0x7ffff6d03f98 in _clutter_actor_traverse_depth ../clutter/clutter/clutter-actor.c:15926
#17 0x7ffff6d0409b in _clutter_actor_traverse ../clutter/clutter/clutter-actor.c:15975
#18 0x7ffff6d017ea in clutter_actor_clear_stage_views_recursive ../clutter/clutter/clutter-actor.c:15300
#19 0x7ffff6df1d0c in clutter_stage_clear_stage_views ../clutter/clutter/clutter-stage.c:3150
#20 0x7ffff6969502 in meta_stage_native_rebuild_views ../src/backends/native/meta-stage-native.c:68
#21 0x7ffff68d15e5 in meta_backend_native_update_screen_size ../src/backends/native/meta-backend-native.c:457
#22 0x7ffff65a035e in meta_backend_sync_screen_size ../src/backends/meta-backend.c:266
#23 0x7ffff65a074e in meta_backend_monitors_changed ../src/backends/meta-backend.c:337
#24 0x7ffff6610fb0 in meta_monitor_manager_notify_monitors_changed ../src/backends/meta-monitor-manager.c:3590
#25 0x7ffff66114c8 in meta_monitor_manager_rebuild ../src/backends/meta-monitor-manager.c:3678
#26 0x7ffff68fe5bc in meta_monitor_manager_native_apply_monitors_config ../src/backends/native/meta-monitor-manager-native.c:343
#27 0x7ffff660412c in meta_monitor_manager_apply_monitors_config ../src/backends/meta-monitor-manager.c:706
#28 0x7ffff66045ce in meta_monitor_manager_ensure_configured ../src/backends/meta-monitor-manager.c:779
#29 0x7ffff661177f in meta_monitor_manager_reconfigure ../src/backends/meta-monitor-manager.c:3738
[...]