TG Desktop crashes sometimes. Frequently after screen locking (Linux Fedora 37)

[socketpair]

Steps to reproduce

If during a call, a remote person starts his video, TG crashes with segfault.
If the screen is locked, TG also crashes.

Expected behaviour

Does not crash

Actual behaviour

Crash

Operating system

Fedora Linux 37 with latest updates

Version of Telegram Desktop

telegram-desktop-4.6.1-1.fc37.x86_64 (from RPM Fusion)

Installation source

Both, flatpak, and rpmfusion-free-updates, behavior the same.

Logs

Found two addresses:

telegram-deskto[338715]: segfault at 40 ip 00007f1bc95b188d sp 00007ffded2dee78 error 4 in libc.so.6[7f1bc9485000+156000] likely on CPU 6 (core 12, socket 0)
telegram-deskto[397952]: segfault at f586ceefd ip 00007fab8a5b9ac7 sp 00007ffc1036f8b8 error 4 in libQt6WaylandClient.so.6.4.2[7fab8a57a000+57000] likely on CPU 14 (core 22, socket 0)

[ilya-fedin]

Please install the binary with crash reporting system from https://desktop.telegram.org, enable crash reports by enabling installation of beta versions in advanced settings, reproduce the crash, copy the report tag (not the user tag!), send the report and post the tag here.

[socketpair]

@ilya-fedin not reproduced on official build.

[ilya-fedin]

You should report to your distro maintainer then

[socketpair]

Your Report Tag: 3fe7cc8a-549e-408d-d3645284-7301723f
@ilya-fedin

[socketpair]

I can't explain when it crashes. I just don't know. After some time...

[socketpair]

QPainter::begin: Paint device returned engine == 0, type: 2
QWidget::render: Cannot render with an inactive painter
qt.core.qobject.connect: QObject::connect: No such signal QPlatformNativeInterface::systemTrayWindowChanged(QScreen*)
qt.gui.imageio.jpeg: Corrupt JPEG data: premature end of data segment
qt.gui.imageio.jpeg: Corrupt JPEG data: premature end of data segment
qt.gui.imageio.jpeg: Corrupt JPEG data: premature end of data segment
qt.gui.imageio.jpeg: Corrupt JPEG data: premature end of data segment
  OpenType support missing for "DAOpenSansSemibold", script 18
  OpenType support missing for "davazirmedium", script 18
qt.gui.imageio.jpeg: Corrupt JPEG data: premature end of data segment
qt.gui.imageio.jpeg: Corrupt JPEG data: premature end of data segment
qt.gui.imageio.jpeg: Corrupt JPEG data: premature end of data segment
qt.gui.imageio.jpeg: Corrupt JPEG data: premature end of data segment
qt.gui.imageio.jpeg: Corrupt JPEG data: premature end of data segment
qt.gui.imageio.jpeg: Corrupt JPEG data: premature end of data segment
qt.gui.imageio.jpeg: Corrupt JPEG data: premature end of data segment
qt.gui.imageio.jpeg: Corrupt JPEG data: premature end of data segment
qt.gui.imageio.jpeg: Corrupt JPEG data: premature end of data segment
qt.gui.imageio.jpeg: Corrupt JPEG data: premature end of data segment
qt.gui.imageio.jpeg: Corrupt JPEG data: premature end of data segment
qt.gui.imageio.jpeg: Corrupt JPEG data: premature end of data segment
qt.gui.imageio.jpeg: Corrupt JPEG data: premature end of data segment
qt.gui.icc: fromIccProfile: failed minimal tag size sanity
qt.gui.imageio.jpeg: Corrupt JPEG data: premature end of data segment
D/tgvoip: === Updating voip config ===
D/tgvoip: {"enable_vp8_encoder":true,"enable_vp8_decoder":true,"enable_vp9_encoder":true,"enable_vp9_decoder":true,"enable_h265_encoder":true,"enable_h265_decoder":true,"enable_h264_encoder":true,"enable_h264_decoder":true,"audio_frame_size":60,"jitter_min_delay_60":2,"jitter_max_delay_60":10,"jitter_max_slots_60":20,"jitter_losses_to_reset":20,"jitter_resync_threshold":0.5,"audio_congestion_window":1024,"audio_max_bitrate":20000,"audio_max_bitrate_edge":16000,"audio_max_bitrate_gprs":8000,"audio_max_bitrate_saving":8000,"audio_init_bitrate":16000,"audio_init_bitrate_edge":8000,"audio_init_bitrate_gprs":8000,"audio_init_bitrate_saving":8000,"audio_bitrate_step_incr":1000,"audio_bitrate_step_decr":1000,"use_system_ns":true,"use_system_aec":true,"force_tcp":false,"jitter_initial_delay_60":2,"adsp_good_impls":"(Qualcomm Fluence)","bad_call_rating":true,"use_ios_vpio_agc":false,"use_tcp":false,"audio_medium_fec_bitrate":20000,"audio_medium_fec_multiplier":0.1,"audio_strong_fec_bitrate":7000}
qt.gui.imageio.jpeg: Corrupt JPEG data: premature end of data segment
qt.gui.imageio.jpeg: Corrupt JPEG data: premature end of data segment
qt.qpa.wayland: Creating a fake screen in order for Qt not to crash
Ошибка сегментирования (образ памяти сброшен на диск)

[socketpair]

one more tag:
Your Report Tag: e37af181-0cd6-4986-d0bdd1a5-0b133f2c

[john-preston]

@socketpair unfortunately, I can't see anything in that crashdump :(

Crash reason:  SIGSEGV /SEGV_MAPERR
Crash address: 0x100000021
Process uptime: not available

Thread 0 (crashed)
 0  Telegram + 0x3e8db7d
    rax = 0x0000000100000001   rdx = 0x0000000000000aa1
    rcx = 0x00007f5840ef7280   rbx = 0x0000000000000001
    rsi = 0x00007f57e6f60ba0   rdi = 0x00007f5843e26bf0
    rbp = 0x00007ffdf579a3a0   rsp = 0x00007ffdf579a340
     r8 = 0x00007f58415d52c0    r9 = 0x00007ffdf579a4e0
    r10 = 0x0000000000000000   r11 = 0x000000000428db60
    r12 = 0x00007ffdf579a640   r13 = 0x00007ffdf579a560
    r14 = 0x00007ffdf579a460   r15 = 0x00007ffdf579a590
    rip = 0x000000000428db7d
    Found by: given as instruction pointer in context
 1  libffi.so.8 + 0x7a06
    rbp = 0x00007ffdf579a3b0   rsp = 0x00007ffdf579a3b0
    rip = 0x00007f585daefa06
    Found by: previous frame's frame pointer
 2  libffi.so.8 + 0x449d
    rsp = 0x00007ffdf579a3d0   rip = 0x00007f585daec49d
    Found by: stack scanning
 3  libffi.so.8 + 0x2bfc
    rsp = 0x00007ffdf579a470   rip = 0x00007f585daeabfc
    Found by: stack scanning
 4  libffi.so.8 + 0x7083
    rsp = 0x00007ffdf579a4c0   rip = 0x00007f585daef083
    Found by: stack scanning
 5  libwayland-client.so.0 + 0x7e53
    rsp = 0x00007ffdf579a530   rip = 0x00007f585d596e53
    Found by: stack scanning

[john-preston]

The same with the second :( I don't know how to debug that.

[john-preston]

@socketpair

I see strange lines in the dump reader log, like:

2023-02-15 11:52:18: source_line_resolver_base.cc:236: INFO: Loading symbols for module /home/mmarkk/Загрузки/Telegram/Telegram^@^@^@^@^@^@^@^@ from memory buffer

Can you please try putting the downloaded binary to /home/mmarkk/Telegram/ folder? Just in case this is the reason and it doesn't handle such paths too well. Then reproduce the crash once again and send the report once again and post the report tag once again.

[socketpair]

5c0d6648-5ee5-445c-3a641485-523a1190 - from Russian folder.

[socketpair]

Okay, I will try to put to another folder. Anyway, if Russian folders do not work—it's also a bug

[socketpair]

Sometimes Telegram icon disappears in list of applications in ALT-TAB switching. No messages in log and no crashes. Next pressing ALT-TAB shows the icon again.

[john-preston]

🤷‍♂️

[MonstraG]

Can confirm crashes on peer video start on 5.15.93-1-MANJARO on version from official repo, 4.6.1-1.

Everything seems fine on 4.6.2 Flatpack.

[socketpair]

qt.qpa.wayland: Creating a fake screen in order for Qt not to crash
Ошибка сегментирования (образ памяти сброшен на диск)

The last line - "Segmentation fault (core dumped to disk)"

Your Report Tag: b26e26d7-e087-421c-69a5e59b-233bb920

The crash is always happening after qt.qpa.wayland: Creating a fake screen in order for Qt not to crash

[socketpair]

So, Telegram official build doesn't crash now on peer video. But another crashes happen

[socketpair]

[mmarkk@asus Telegram]$ ./Telegram
qt.qpa.wayland: Creating a fake screen in order for Qt not to crash
Ошибка сегментирования (образ памяти сброшен на диск)
[mmarkk@asus Telegram]$ pwd
/home/mmarkk/Telegram

Your Report Tag: c7ecfdc8-0b72-4559-033938be-a2d82283

[socketpair]

@ilya-fedin @john-preston

[ilya-fedin]

I have no access to crash dumps, you have to wait @john-preston

[ilya-fedin]

Maybe it's because we have a static copy of libffi in the binary... Does flatpak package segfault as well (it may exit, but not segfault)?

[socketpair]

Flatpak, rpm and official -- all three crash. But possibly by different reasons. I need to figure out.

Please help how to debug official build. I can even send core dump after logging in by second account with 2fa. No sensitive data inside, and 2fa guarantee no one can take my account.

[ilya-fedin]

@socketpair the last crash dump from Engllish dir shows that it crashes in Qt's checkWaylandError function, going to some function in libwayland-client.so.0, then a loop of libwayland-client.so.0-libglib-2.0.so.0-libffi.so.8 going multiple times and crashing somewhere in shared_ptr.h in Telegram binary (as libstdc++ is linked statically). I suspect that Qt should show a error instead of crashing (and then do exit(1)), but something apparently is wrong with library linking in static binary, so it crashes before returning from libwayland function back to checkWaylandError, possibliy due to a static copy of libffi linked in the binary. And I see no other way of checking that theory than checking whether flatpak package crashes as well or just exits abnormally.

[socketpair]

Crash ID: 9a233aff-419b-4956-c5967894-2875c3d0

New version. Still crashes.

[ilya-fedin]

@socketpair I've asked you to check the flatpak package in details

[socketpair]

Crash ID: 30c12824-696b-4bf2-36ad13b9-d81d5f5c (it's official build). Again after qt.qpa.wayland: Creating a fake screen in order for Qt not to crash.

Okay, will try Flatpak version. How to enable crash-dump sending in it. The same ? Hope yes.

[socketpair]

@ilya-fedin Yes, but I think it's not because of some parallel access from TG. If it is about threads—I think we are speaking about threads inside qt-wayland. But anyway, I will test.

[socketpair]

@ilya-fedin

фев 24 14:40:10 asus org.telegram.desktop._ae37cd7d54f46a3863ba4aec95f3f6be.desktop[313793]: The Wayland connection broke. Did the Wayland compositor die?
фев 24 14:40:10 asus gnome-shell[313092]: (EE) failed to read Wayland events: Connection reset by peer
фев 24 14:40:10 asus systemd[4516]: org.gnome.Shell@wayland.service: Main process exited, code=dumped, status=11/SEGV
фев 24 14:40:10 asus systemd[4516]: org.gnome.Shell@wayland.service: Failed with result 'core-dump'.

Actually it really dies. What a crap! so wit your binary, wayland crashes itself. What can I do next ?

And no, I run memtest on my laptop.

[socketpair]

Possibly, it better to communicate in telegram @socketpair and not in github chat. Feel free to write me.

[ilya-fedin]

Yes, but I think it's not because of some parallel access from TG.

Huh? It's parallel access in qtwayland code, it has a separate event thread, so access to the same variables happens from both qtgui main thread and qtwayland event thread.

[ilya-fedin]

Actually it really dies. What a crap! so wit your binary, wayland crashes itself. What can I do next ?

Some bug in GNOME now apparently

[socketpair]

@ilya-fedin I know, you don't like Gnome, but why you decide it's a gnome bug? Without running your TG version, there were no crashes of wayland. I think bug in wayland so.

[ilya-fedin]

@socketpair client shouldn't be able to crash the compositor, if the compositor crashes, it's solely the compositor's bug.

"Bug in wayland" means "bug in xml files" as Wayland is just a spec written in xml files. GNOME Shell / mutter is your implementation of it.

[socketpair]

@ilya-fedin I can test not in Gnome. Just say what to do. Sway? What compositor to use?

[ilya-fedin]

I use Plasma, but I guess that's GNOME-specific

[ilya-fedin]

4.6.6 beta uses Qt 6.5.0-beta3 (only static binary and snap)

[ilya-fedin]

I treat the silence as the issue being fixed

[socketpair]

@ilya-fedin now even official version crashes wayland :( dunno what to do.

[ilya-fedin]

Right after Telegram launch?

[socketpair]

@ilya-fedin no. When screen locking starts. In my configuration (actually nothing special)

[ilya-fedin]

Ok, I feel this is going to be a long-standing issue

[socketpair]

gnome-shell[660893]: segfault at 0 ip 00007fd2eda73709 sp 00007fff0f6cc3f0 error 4 in libwayland-server.so.0.21.0[7fd2eda71000+8000] likely on CPU 0 (core 0, socket 0)

@ilya-fedin It falls regularly. On EVERY screen locking. ONLY when Telegram is running. Definitely somewhere not in Telegram, but who should I complain ? Gnome-shell ? Wayland ?

[ilya-fedin]

gnome-shell or mutter

[socketpair]

https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6503

[ilya-fedin]

The flatpak package of version 4.6.12 beta in flathub-beta got Qt 6.4.2->6.4.3 update that should have the fix for unprotected multi-thread variable access as well, you can try it if you want, maybe it won't crash entire session like 6.5.0 does. It should be available in multiple hours.

[socketpair]

@ilya-fedin seems the problem not in threading at all: I have reported the bug, but they say it's the same as this: https://gitlab.gnome.org/GNOME/mutter/-/issues/2570

[ilya-fedin]

Well, it's partially in threading as Qt 6.4.2 crashes due to memory corruption before sending a reply to the compositor that causes compositor's crash due to the compositor's bug.

[Paval-from-Belarus]

Don't know, it's correct topic or not, but Telegram still crashed on fedora 37 by launching wallet in chat (has loading few seconds and suddenly crashed)

[ilya-fedin]

What is 'wallet in chat' and how is that related to screen locking?

[Paval-from-Belarus]

Nothing common with screen locking (but it's supposed to be similar issue). Simplify, trouble with popup window over Telegram. Should I open new issue?

[ilya-fedin]

I don't quite understand what "trouble with popup window over Telegram" means, but if screen locking is not involved then it doesn't sound like a similar issue. After all, this issue is about GNOME itself crashes (and the issue creator thinks Telegram is causing it, although I don't agree), not Telegram.

[ilya-fedin]

Could this be closed?