pulseaudio crashed with SIGSEGV in publish_service() from once_callback() from dispatch_defer() from pa_mainloop_dispatch() from pa_mainloop_iterate()

From my own debugging, the crash appears to be in this line:

if (!s->userdata->client || avahi_client_get_state(s->userdata->client) != AVAHI_CLIENT_S_RUNNING)
        return;

adding a check for !s->userdata seems to fix the issue (for some reason, probably due to a race condition, userdata is null at the time of the call).

Looks like the crash stopped happening in PulseAudio 12. Can you please try Ubuntu 18.10?

I was really hoping to keep this machine on LTS, is the fix not going to be backported?

There is no known fix to backport. I am just trying to confirm if it really has stopped happening in version 12.

I am still getting the crash, but the location of it has changed. Now it dies at
    txt = avahi_string_list_add_pair(txt, "device", s->name);

Thread 4 "avahi-ml" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffe5984700 (LWP 5939)]
0x000055555590f820 in ?? ()
(gdb) bt
#0 0x000055555590f820 in ?? ()
#1 0x00007ffff7657566 in pa_hashmap_get (h=h@entry=0x5555557ee040, key=key@entry=0x7fffe5faa028)
    at pulsecore/hashmap.c:182
#2 0x00007ffff7642901 in pa_proplist_gets (p=0x5555557ee040, key=key@entry=0x7fffe5faa028 "device.description")
    at pulse/proplist.c:283
#3 0x00007fffe5fa846c in publish_service (api=<optimized out>, service=0x5555558bc280)
    at modules/module-zeroconf-publish.c:318
#4 0x00007ffff73fd578 in once_callback (m=0x5555559484b8, e=0x555555831ac0, userdata=<optimized out>)
    at pulse/mainloop-api.c:45
#5 0x00007ffff74002ad in dispatch_defer (m=0x555555948460) at pulse/mainloop.c:680
#6 pa_mainloop_dispatch (m=m@entry=0x555555948460) at pulse/mainloop.c:889
#7 0x00007ffff74004de in pa_mainloop_iterate (m=0x555555948460, block=<optimized out>, retval=0x0)
    at pulse/mainloop.c:929
#8 0x00007ffff7400560 in pa_mainloop_run (m=0x555555948460, retval=retval@entry=0x0) at pulse/mainloop.c:944
#9 0x00007ffff740e3c9 in thread (userdata=0x555555823ae0) at pulse/thread-mainloop.c:100
#10 0x00007ffff767e318 in internal_thread_func (userdata=0x555555874580) at pulsecore/thread-posix.c:81
#11 0x00007ffff6b676db in start_thread (arg=0x7fffe5984700) at pthread_create.c:463
#12 0x00007ffff60e688f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
(gdb)

this is with pulseaudio_11.1-1ubuntu7.2

Owen, that sounds like bug 1679744.

so it is, thanks! So I think we can say this original bug is obsolete / already fixed