[Bug 783647] New: gst-omx: Segfault in gst_omx_memory_map()

GStreamer (GNOME Bugzilla) bugzilla at gnome.org
Sat Jun 10 22:43:06 UTC 2017 

https://bugzilla.gnome.org/show_bug.cgi?id=783647

            Bug ID: 783647
           Summary: gst-omx: Segfault in gst_omx_memory_map()
    Classification: Platform
           Product: GStreamer
           Version: git master
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: Normal
         Component: gst-omx
          Assignee: gstreamer-bugs at lists.freedesktop.org
          Reporter: minfrin at sharp.fm
        QA Contact: gstreamer-bugs at lists.freedesktop.org
     GNOME version: ---

>From time to time, we segfault inside gst_omx_memory_map() as below.

Most specifically, omem->buf->omx_buf is NULL.

x #5  0x71b669bc in gst_omx_memory_map (mem=0x71a4cf18, maxsize=470016,
flags=GST_MAP_READ) at gstomxbufferpool.c:81
81      return omem->buf->omx_buf->pBuffer + omem->mem.offset;
(gdb) print omem
$1 = (GstOMXMemory *) 0x71a4cf18
(gdb) print omem->buf
$2 = (GstOMXBuffer *) 0x74c161c0
(gdb) print omem->buf->omx_buf
$3 = (OMX_BUFFERHEADERTYPE *) 0x0
(gdb) print omem->mem.offset
$4 = 0

The stacktrace is as below.

#0  0x76c8b730 in nanosleep () at ../sysdeps/unix/syscall-template.S:81
#1  0x76d423d0 in g_usleep (microseconds=<optimized out>) at
/build/glib2.0-tTvduh/glib2.0-2.42.1/./glib/gtimer.c:259
#2  0x00012bb8 in fault_spin () at gst-launch.c:113
#3  0x00012b38 in fault_handler_sighandler (signum=11) at gst-launch.c:94
#4  <signal handler called>
#5  0x71b669bc in gst_omx_memory_map (mem=0x71a4cf18, maxsize=470016,
flags=GST_MAP_READ) at gstomxbufferpool.c:81
#6  0x76ede508 in gst_memory_map (mem=0x71a4cf18, info=0x70efe09c,
flags=GST_MAP_READ) at gstmemory.c:306
#7  0x76e79fbc in _fallback_mem_copy (mem=0x71a4cf18, offset=0, size=470016) at
gstallocator.c:99
#8  0x76ede838 in gst_memory_copy (mem=0x71a4cf18, offset=0, size=470016) at
gstmemory.c:373
#9  0x76e8aa64 in gst_buffer_copy_into (dest=0x74c21540, src=0x694e2998,
flags=(GST_BUFFER_COPY_FLAGS | GST_BUFFER_COPY_TIMESTAMPS |
GST_BUFFER_COPY_META | GST_BUFFER_COPY_MEMORY), offset=0, 
    size=470016) at gstbuffer.c:582
#10 0x76e8ae74 in gst_buffer_copy_with_flags (buffer=0x694e2998,
flags=(GST_BUFFER_COPY_FLAGS | GST_BUFFER_COPY_TIMESTAMPS |
GST_BUFFER_COPY_META | GST_BUFFER_COPY_MEMORY)) at gstbuffer.c:663
#11 0x76e8aeec in _gst_buffer_copy (buffer=0x694e2998) at gstbuffer.c:675
#12 0x76eded94 in gst_mini_object_copy (mini_object=0x694e2998) at
gstminiobject.c:145
#13 0x76edf4a0 in gst_mini_object_make_writable (mini_object=0x694e2998) at
gstminiobject.c:314
#14 0x718fece0 in gst_video_rate_flush_prev (videorate=0x3f20f8, duplicate=0,
next_intime=3117751002) at gstvideorate.c:643
#15 0x71902d08 in gst_video_rate_transform_ip (trans=0x3f20f8,
buffer=0x694e2a38) at gstvideorate.c:1460
#16 0x767ab5d0 in default_generate_output (trans=0x3f20f8, outbuf=0x70efe41c)
at gstbasetransform.c:2118
#17 0x767abee4 in gst_base_transform_chain (pad=0x3ee188, parent=0x3f20f8,
buffer=0x694e2a38) at gstbasetransform.c:2276
#18 0x76eefbd0 in gst_pad_chain_data_unchecked (pad=0x3ee188, type=4112,
data=0x694e2a38) at gstpad.c:4205
#19 0x76ef0bfc in gst_pad_push_data (pad=0x3ee038, type=4112, data=0x694e2a38)
at gstpad.c:4457
#20 0x76ef14c0 in gst_pad_push (pad=0x3ee038, buffer=0x694e2a38) at
gstpad.c:4576
#21 0x767ac128 in gst_base_transform_chain (pad=0x3d6ea8, parent=0x3e83e8,
buffer=0x694e2a38) at gstbasetransform.c:2312
#22 0x76eefbd0 in gst_pad_chain_data_unchecked (pad=0x3d6ea8, type=4112,
data=0x694e2a38) at gstpad.c:4205
#23 0x76ef0bfc in gst_pad_push_data (pad=0x3d6d58, type=4112, data=0x694e2a38)
at gstpad.c:4457
#24 0x76ef14c0 in gst_pad_push (pad=0x3d6d58, buffer=0x694e2a38) at
gstpad.c:4576
#25 0x767ac128 in gst_base_transform_chain (pad=0x3d6c08, parent=0x3ec138,
buffer=0x694e2a38) at gstbasetransform.c:2312
#26 0x76eefbd0 in gst_pad_chain_data_unchecked (pad=0x3d6c08, type=4112,
data=0x694e2a38) at gstpad.c:4205
#27 0x76ef0bfc in gst_pad_push_data (pad=0x3d6ab8, type=4112, data=0x694e2a38)
at gstpad.c:4457
#28 0x76ef14c0 in gst_pad_push (pad=0x3d6ab8, buffer=0x694e2a38) at
gstpad.c:4576
#29 0x767ac128 in gst_base_transform_chain (pad=0x3d6968, parent=0x3e80a0,
buffer=0x694e2a38) at gstbasetransform.c:2312
#30 0x76eefbd0 in gst_pad_chain_data_unchecked (pad=0x3d6968, type=4112,
data=0x694e2a38) at gstpad.c:4205
#31 0x76ef0bfc in gst_pad_push_data (pad=0x3ee428, type=4112, data=0x694e2a38)
at gstpad.c:4457
#32 0x76ef14c0 in gst_pad_push (pad=0x3ee428, buffer=0x694e2a38) at
gstpad.c:4576
#33 0x75661b10 in gst_stream_splitter_chain (pad=0x3c8e98, parent=0x38c108,
buf=0x694e2a38) at gststreamsplitter.c:140
#34 0x76eefbd0 in gst_pad_chain_data_unchecked (pad=0x3c8e98, type=4112,
data=0x694e2a38) at gstpad.c:4205
#35 0x76ef0bfc in gst_pad_push_data (pad=0x3d6188, type=4112, data=0x694e2a38)
at gstpad.c:4457
#36 0x76ef14c0 in gst_pad_push (pad=0x3d6188, buffer=0x694e2a38) at
gstpad.c:4576
#37 0x75fd2f5c in gst_queue_push_one (queue=0x33eb98) at gstqueue.c:1365
#38 0x75fd4008 in gst_queue_loop (pad=0x3d6188) at gstqueue.c:1517
#39 0x76f399e8 in gst_task_func (task=0x363c18) at gsttask.c:332
#40 0x76f3b05c in default_func (tdata=0x3dbbb8, pool=0x1b9c58) at
gsttaskpool.c:69
#41 0x76d4145c in g_thread_pool_thread_proxy (data=<optimized out>) at
/build/glib2.0-tTvduh/glib2.0-2.42.1/./glib/gthreadpool.c:307
#42 0x76d408c4 in g_thread_proxy (data=0x3c9b20) at
/build/glib2.0-tTvduh/glib2.0-2.42.1/./glib/gthread.c:764
---Type <return> to continue, or q <return> to quit---
#43 0x76c82e90 in start_thread (arg=0x70eff460) at pthread_create.c:311
#44 0x76c0c598 in ?? () at
../ports/sysdeps/unix/sysv/linux/arm/nptl/../clone.S:92 from
/lib/arm-linux-gnueabihf/libc.so.6
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.

More information about the gstreamer-bugs mailing list