mate-volume-control-applet killed by SIGSEGV in gvc_stream_applet_icon_set_control()

[davidwagner]

Actual behaviour

mate-volume-control-applet crashed immediately when I started an audio player for the first time after boot.

Steps to reproduce the behaviour

I haven't reproduced it since then.

Package version

mate-media-1.26.1-1.fc38

Linux Distribution

Fedora

Link to bugreport of your Distribution (requirement)

https://bugzilla.redhat.com/show_bug.cgi?id=2217648

(contains core dump, backtrace, etc.)

[lukefromdc]

This is looking like a different backtrace than the crashes in https://github.com/mate-desktop/libmatemixer/issues/39 https://github.com/mate-desktop/mate-media/issues/167 and https://github.com/mate-desktop/mate-media/issues/159 but I'm wondering if this is another instance of memory data corruption caused by improper weak pointer handling, which was in libmatemixer and fixed by https://github.com/mate-desktop/libmatemixer/pull/40 in https://github.com/mate-desktop/libmatemixer/commit/e9995a70b1ff951cca3471894db2c289d9b0e4f9

Note that this commit has not reached any releases yet, so you have the old version. If you can build libmatemixer from source, try current git master and see if this problem stops.

We do need to do a backport of this commit to 1.26 it seems and release new versions of both 1.26 and 1.27 it seems, I have not seen a single report of crashes with the new version installed and it's been out since Sep 18 in git master

[raveit65]

@lukefromdc This commit is in 1.26 branch and 1.26.1 release. https://github.com/mate-desktop/libmatemixer/commit/d0c6df12a42e2339d323048ff51ae25eea1a3c07 Fedora use 1.26.1 release already. And user told in another rhbz report that he use 1.26.1. But it sounds that reporter had this crash only one time. https://bugzilla.redhat.com/show_bug.cgi?id=2217648#c15 No idea why he open a report when it isn't reproducible.

[lukefromdc]

Ahh-I only looked at the top line in "network" and was fooled by that

[cwendling]

My ASM reading skills are close to non-existent, but it looks like it crashes accessing control member of priv in the icon->priv->control == control. Which is kind of odd, as priv is properly set at init time and never touched later, and the rest is basic offset access (no dereference or anything). Could be very subtle memory corruption past the object but… meh.

Anyway, it'd be interesting to actually have a way to reproduce this, a one-shot crash is hard to diagnose :slightly_smiling_face:

[cwendling]

PS: note that Fedora applies 2 (upstream) patches in f38, which offset the relevant backtrace lines by +1. But I guess @raveit65 is aware :smile:

[raveit65]

Yes, i ship mate-media with 2 master commits in fedora since 8 months. https://src.fedoraproject.org/rpms/mate-media/blob/f38/f/mate-media.spec

# from upstream
# https://github.com/mate-desktop/mate-media/commit/44df49d
Patch1:        mate-media_0001-Add-setting-for-adjustment-of-audio-volume-above-100.patch
# https://github.com/mate-desktop/mate-media/commit/0ae3d7f
Patch2:        mate-media_0001-gvc-stream-status-icon-fix-a-volume-rounding-error-1.patch

Not sure, but i am thinking the crash happened before user did install libmatemixer-1.26.1 with the fix for some crashes. That would explain why it isn't reproducible for him.