pavucontrol crashes (or invalid memory gets read) when pulseaudio server exits.
Hello, in this debian bug report a crash of pavucontrol is shown.
I tried to reproduce it, but did not get a segfault, a valgrind run shows at least an invalid read, of already deleted memory:
==2375== Invalid read of size 8
==2375== at 0x5B86C90: local_Rb_tree_increment (tree.cc:62)
==2375== by 0x5B86C90: std::_Rb_tree_increment(std::_Rb_tree_node_base*) (tree.cc:85)
==2375== by 0x15A2F2: operator++ (stl_tree.h:287)
==2375== by 0x15A2F2: MainWindow::removeAllWidgets() (mainwindow.cc:1250)
==2375== by 0x15D786: context_state_callback(pa_context*, void*) (pavucontrol.cc:561)
==2375== by 0x5A874A8: pa_context_set_state (context.c:308)
==2375== by 0x6B04605: do_pstream_read_write (pstream.c:271)
==2375== by 0x5A733E5: dispatch_func (glib-mainloop.c:584)
==2375== by 0x59995FC: g_main_dispatch (gmain.c:3309)
==2375== by 0x59995FC: g_main_context_dispatch (gmain.c:3974)
==2375== by 0x599987F: g_main_context_iterate.isra.0 (gmain.c:4047)
==2375== by 0x599990E: g_main_context_iteration (gmain.c:4108)
==2375== by 0x624C02C: g_application_run (gapplication.c:2559)
==2375== by 0x140004: main (pavuapplication.cc:182)
==2375== Address 0xa2a63b8 is 24 bytes inside a block of size 48 free'd
==2375== at 0x4839EAB: operator delete(void*) (vg_replace_malloc.c:584)
==2375== by 0x15AD08: deallocate (new_allocator.h:128)
==2375== by 0x15AD08: deallocate (alloc_traits.h:470)
==2375== by 0x15AD08: _M_put_node (stl_tree.h:584)
==2375== by 0x15AD08: _M_drop_node (stl_tree.h:651)
==2375== by 0x15AD08: std::_Rb_tree<unsigned int, std::pair<unsigned int const, SinkWidget*>, std::_Select1st<std::pair<unsigned int const, SinkWidget*> >, std::less<unsigned int>, std::allocator<std::pair<unsigned int const, SinkWidget*> > >::_M_erase(std::_Rb_tree_node<std::pair<unsigned int const, SinkWidget*> >*) (stl_tree.h:1915)
==2375== by 0x15B135: clear (stl_tree.h:1266)
==2375== by 0x15B135: _M_erase_aux (stl_tree.h:2522)
==2375== by 0x15B135: _M_erase_aux (stl_tree.h:2518)
==2375== by 0x15B135: std::_Rb_tree<unsigned int, std::pair<unsigned int const, SinkWidget*>, std::_Select1st<std::pair<unsigned int const, SinkWidget*> >, std::less<unsigned int>, std::allocator<std::pair<unsigned int const, SinkWidget*> > >::erase(unsigned int const&) (stl_tree.h:2536)
==2375== by 0x158058: erase (stl_map.h:1068)
==2375== by 0x158058: MainWindow::removeSink(unsigned int) (mainwindow.cc:1209)
==2375== by 0x15A2EA: MainWindow::removeAllWidgets() (mainwindow.cc:1251)
==2375== by 0x15D786: context_state_callback(pa_context*, void*) (pavucontrol.cc:561)
==2375== by 0x5A874A8: pa_context_set_state (context.c:308)
==2375== by 0x6B04605: do_pstream_read_write (pstream.c:271)
==2375== by 0x5A733E5: dispatch_func (glib-mainloop.c:584)
==2375== by 0x59995FC: g_main_dispatch (gmain.c:3309)
==2375== by 0x59995FC: g_main_context_dispatch (gmain.c:3974)
==2375== by 0x599987F: g_main_context_iterate.isra.0 (gmain.c:4047)
==2375== by 0x599990E: g_main_context_iteration (gmain.c:4108)
==2375== Block was alloc'd at
==2375== at 0x4838DEF: operator new(unsigned long) (vg_replace_malloc.c:342)
==2375== by 0x15C45C: allocate (new_allocator.h:114)
==2375== by 0x15C45C: allocate (alloc_traits.h:444)
==2375== by 0x15C45C: _M_get_node (stl_tree.h:580)
==2375== by 0x15C45C: _M_create_node<const std::piecewise_construct_t&, std::tuple<unsigned int const&>, std::tuple<> > (stl_tree.h:630)
==2375== by 0x15C45C: std::_Rb_tree_iterator<std::pair<unsigned int const, SinkWidget*> > std::_Rb_tree<unsigned int, std::pair<unsigned int const, SinkWidget*>, std::_Select1st<std::pair<unsigned int const, SinkWidget*> >, std::less<unsigned int>, std::allocator<std::pair<unsigned int const, SinkWidget*> > >::_M_emplace_hint_unique<std::piecewise_construct_t const&, std::tuple<unsigned int const&>, std::tuple<> >(std::_Rb_tree_const_iterator<std::pair<unsigned int const, SinkWidget*> >, std::piecewise_construct_t const&, std::tuple<unsigned int const&>&&, std::tuple<>&&) (stl_tree.h:2455)
==2375== by 0x158A1C: operator[] (stl_map.h:499)
==2375== by 0x158A1C: MainWindow::updateSink(pa_sink_info const&) (mainwindow.cc:481)
==2375== by 0x15D2CA: sink_cb(pa_context*, pa_sink_info const*, int, void*) (pavucontrol.cc:112)
==2375== by 0x5A93474: context_get_sink_info_callback (introspect.c:261)
==2375== by 0x6AFEB42: run_action (pdispatch.c:288)
==2375== by 0x6AFEEAE: pa_pdispatch_run (pdispatch.c:341)
==2375== by 0x5A87DBE: pstream_packet_callback (context.c:352)
==2375== by 0x6B01826: do_read (pstream.c:1012)
==2375== by 0x6B045AA: do_pstream_read_write (pstream.c:248)
==2375== by 0x5A73287: dispatch_func (glib-mainloop.c:556)
==2375== by 0x59995FC: g_main_dispatch (gmain.c:3309)
==2375== by 0x59995FC: g_main_context_dispatch (gmain.c:3974)
To trigger this the pulseaudio server was stopped with pulseaudio -k
.
Could you see this too?