Pipewire 0.3.44 hits SIGABRT in spa/plugins/audioconvert/audioadapter.c due to double free
I got the following pipewire coredump (apologies for incomplete data, but might be enough to pinpoint cause hopefully):
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
set = {__val = {16386, 140133657860790, 0, 140133659102208, 255, 7, 0, 4096, 99, 4144, 64, 481036337409, 1, 8, 0, 511101108348}}
pid = <optimized out>
tid = <optimized out>
ret = <optimized out>
#1 0x00007f7368dfb536 in __GI_abort () at abort.c:79
save_stage = 1
act = {__sigaction_handler = {sa_handler = 0x56415ab69a90, sa_sigaction = 0x56415ab69a90}, sa_mask = {__val = {1024,
94838668318040, 94838668318040, 0, 0, 0, 0, 94838668317936, 3225590644487409152, 5621222032, 4, 4, 94838668317936,
94838668318040, 140133660166744, 140730224675008}}, sa_flags = 1761862397, sa_restorer = 0x7ffe4f0d0898}
sigs = {__val = {32, 94838745525056, 2, 94838745581352, 94838745579232, 1, 0, 140133634224465, 140133659085088,
18446744073709551496, 0, 94838668318736, 0, 140730224674936, 94838686813936, 140133657866276}}
#2 0x00007f7368e52658 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f7368f5a813 "%s\n")
at ../sysdeps/posix/libc_fatal.c:155
ap = {{gp_offset = 24, fp_offset = 0, overflow_arg_area = 0x7ffe4f0d09e0, reg_save_area = 0x7ffe4f0d0970}}
fd = <optimized out>
list = <optimized out>
nlist = <optimized out>
cp = <optimized out>
#3 0x00007f7368e5a04a in malloc_printerr (str=str@entry=0x7f7368f5cc10 "double free or corruption (!prev)") at malloc.c:5628
No locals.
#4 0x00007f7368e5b75c in _int_free (av=0x7f7368f8cba0 <main_arena>, p=0x56415ddd8d10, have_lock=<optimized out>) at malloc.c:4550
size = 7360
fb = <optimized out>
nextchunk = 0x56415ddda9d0
nextsize = <optimized out>
nextinuse = <optimized out>
prevsize = <optimized out>
bck = <optimized out>
fwd = <optimized out>
__PRETTY_FUNCTION__ = "_int_free"
#5 0x00007f7368e5f024 in __GI___libc_free (mem=<optimized out>) at malloc.c:3309
ar_ptr = <optimized out>
p = <optimized out>
hook = <optimized out>
err = 11
#6 0x00007f7367795088 in impl_clear (handle=0x56415dbbae08) at ../pipewire-0.3.44/spa/plugins/audioconvert/audioadapter.c:1384
this = 0x56415dbbae08
__func__ = "impl_clear"
#7 0x00007f7369025a8f in do_remove_port (loop=0x2, async=<optimized out>, seq=0, data=0x7f7368e1129e <__GI_raise+318>, size=0,
user_data=0x7ffe4f0d0640) at ../pipewire-0.3.44/src/pipewire/impl-port.c:1062
this = 0x7ffe4f0d0640
__func__ = "do_remove_port"
#8 0x00007f736909a340 in ?? ()
I believe this happened while attending (or trying to) a meeting in Google Chat in Firefox. Might have been switching things around (inputs/outputs etc).
I don't have a reproducer but if some additional info would help - let me know