Bug 697236 – v4l2src: SEGFAULT when changing state of uvch264src pipeline

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 697236 - v4l2src: SEGFAULT when changing state of uvch264src pipeline


Summary:	v4l2src: SEGFAULT when changing state of uvch264src pipeline


Status:	RESOLVED DUPLICATE of bug 695981

Product:	GStreamer
Classification:	Platform
Component:	gst-plugins-good
Version:	git master
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	git master
Assigned To:	GStreamer Maintainers
QA Contact:	GStreamer Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2013-04-04 02:22 UTC by Tristan Matthews
Modified:	2013-04-17 19:38 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Check if pool is NULL before calling gst_v4l2_buffer_pool_process (487 bytes, patch) 2013-04-04 02:22 UTC, Tristan Matthews	none	Details \| Review
*log with GST_DEBUG=basesrc:8,v4l2:8 up until SEGFAULT* (243.51 KB, text/x-log) 2013-04-05 03:27 UTC, Tristan Matthews		Details
output of thread apply all bt (15.83 KB, text/plain) 2013-04-05 03:28 UTC, Tristan Matthews		Details
*log with GST_DEBUG=basesrc:8,v4l2:8 up until Abort* (1.05 MB, text/plain) 2013-04-17 06:52 UTC, Tristan Matthews		Details

Description Tristan Matthews 2013-04-04 02:22:00 UTC

Created attachment 240561 [details] [review]
Check if pool is NULL before calling gst_v4l2_buffer_pool_process

To reproduce, run the uvch264 test program, change the state to playing after hitting capture. 

This bug does not happen every time.

I've attached a patch which fixes the immediate problem of the NULL pointer access, however I'm not sure if it's the right approach.

Here's the backtrace.

+ Trace 231723

#0 gst_v4l2_buffer_pool_process
at gstv4l2bufferpool.c line 1073
#1 gst_v4l2src_fill
at gstv4l2src.c line 771
#2 gst_push_src_fill
at gstpushsrc.c line 169
#3 gst_base_src_default_create
at gstbasesrc.c line 1434
#4 gst_push_src_create
at gstpushsrc.c line 134
#5 gst_push_src_create
at gstpushsrc.c line 122
#6 gst_base_src_get_range
at gstbasesrc.c line 2357
#7 gst_base_src_loop
at gstbasesrc.c line 2618
#8 gst_task_func
at gsttask.c line 316
#9 default_func
at gsttaskpool.c line 70
#10 g_thread_pool_thread_proxy
at /build/buildd/glib2.0-2.34.1/./glib/gthreadpool.c line 309
#11 g_thread_proxy
at /build/buildd/glib2.0-2.34.1/./glib/gthread.c line 797
#12 start_thread
at pthread_create.c line 308
#13 clone
at ../sysdeps/unix/sysv/linux/i386/clone.S line 130

Comment 1 Tim-Philipp Müller 2013-04-04 09:09:07 UTC

I think there's a similar bug somewhere just with v4l2src, not sure if it got fixed or not.

Comment 2 Wim Taymans 2013-04-04 12:04:56 UTC

I don't understand in what condition the pool can be NULL. The only reason I can think of is when negotiation fails but then it should never reach the fill method.

Do you have a debug log? something like:

 GST_DEBUG=*basesrc*:8,*v4l2*:8

should be enough

Comment 3 Tim-Philipp Müller 2013-04-04 12:14:37 UTC

 Bug #695981 looks the same, and has a script to reproduce it.

Comment 4 Tristan Matthews 2013-04-05 03:27:33 UTC

Created attachment 240688 [details]
log with GST_DEBUG=*basesrc*:8,*v4l2*:8 up until SEGFAULT

Comment 5 Tristan Matthews 2013-04-05 03:28:44 UTC

Created attachment 240689 [details]
output of thread apply all bt

Comment 6 Tristan Matthews 2013-04-05 03:29:17 UTC

Ok I've added the logs plus the backtrace from GDB for all the threads, let me know if you need more info.

Comment 7 Olivier Crête 2013-04-15 22:26:28 UTC

I assume you have a Logitech C920 ?

Comment 8 Olivier Crête 2013-04-16 00:00:34 UTC

I can't reproduce the bug, but I'm pretty sure Tim is right that this is the same as #695981, can you please test the two patches attached there ?

*** This bug has been marked as a duplicate of bug 695981 ***

Comment 9 Tristan Matthews 2013-04-16 14:24:16 UTC

(In reply to comment #7)
> I assume you have a Logitech C920 ?

yup

Comment 10 Tristan Matthews 2013-04-16 14:24:41 UTC

(In reply to comment #8)
> I can't reproduce the bug, but I'm pretty sure Tim is right that this is the
> same as #695981, can you please test the two patches attached there ?
> 
> *** This bug has been marked as a duplicate of bug 695981 ***

Will do, I should be able to test that tonight.

Comment 11 Tristan Matthews 2013-04-17 03:28:21 UTC

Ok I've tested the patches from Bug #695981 and I'm no longer getting the segfault, but I do get a SIGABORT, here are the logs:

0:00:29.317479955 18999  0x82da430 ERROR                   v4l2 gstv4l2bufferpool.c:414:gst_v4l2_buffer_pool_set_config:<v4l2bufferpool5> error requesting 4 buffers: Device or resource busy
0:00:29.318569774 18999  0x82da430 ERROR                   v4l2 gstv4l2bufferpool.c:414:gst_v4l2_buffer_pool_set_config:<v4l2bufferpool5> error requesting 4 buffers: Device or resource busy
0:00:29.318629140 18999  0x82da430 ERROR                   v4l2 gstv4l2bufferpool.c:414:gst_v4l2_buffer_pool_set_config:<v4l2bufferpool5> error requesting 4 buffers: Device or resource busy
0:00:29.318681243 18999  0x82da430 ERROR             bufferpool gstbufferpool.c:485:gst_buffer_pool_set_active:<v4l2bufferpool5> pool was not configured
0:00:29.318717351 18999  0x82da430 ERROR                basesrc gstbasesrc.c:2871:gst_base_src_set_allocation:<v4l2src2> failed to activate bufferpool.
0:00:30.623800030 18999  0x82da430 ERROR                   v4l2 gstv4l2bufferpool.c:414:gst_v4l2_buffer_pool_set_config:<v4l2bufferpool6> error requesting 4 buffers: Device or resource busy
0:00:30.624452498 18999  0x82da430 ERROR                   v4l2 gstv4l2bufferpool.c:414:gst_v4l2_buffer_pool_set_config:<v4l2bufferpool6> error requesting 4 buffers: Device or resource busy
0:00:30.624511724 18999  0x82da430 ERROR                   v4l2 gstv4l2bufferpool.c:414:gst_v4l2_buffer_pool_set_config:<v4l2bufferpool6> error requesting 4 buffers: Device or resource busy
0:00:30.624550068 18999  0x82da430 ERROR             bufferpool gstbufferpool.c:485:gst_buffer_pool_set_active:<v4l2bufferpool6> pool was not configured
0:00:30.624580798 18999  0x82da430 ERROR                basesrc gstbasesrc.c:2871:gst_base_src_set_allocation:<v4l2src3> failed to activate bufferpool.
0:00:32.574675228 18999  0x82da430 ERROR                   v4l2 gstv4l2bufferpool.c:414:gst_v4l2_buffer_pool_set_config:<v4l2bufferpool7> error requesting 4 buffers: Device or resource busy
0:00:32.575328533 18999  0x82da430 ERROR                   v4l2 gstv4l2bufferpool.c:414:gst_v4l2_buffer_pool_set_config:<v4l2bufferpool7> error requesting 4 buffers: Device or resource busy
0:00:32.575386921 18999  0x82da430 ERROR                   v4l2 gstv4l2bufferpool.c:414:gst_v4l2_buffer_pool_set_config:<v4l2bufferpool7> error requesting 4 buffers: Device or resource busy
0:00:32.575420725 18999  0x82da430 ERROR             bufferpool gstbufferpool.c:485:gst_buffer_pool_set_active:<v4l2bufferpool7> pool was not configured
0:00:32.575449500 18999  0x82da430 ERROR                basesrc gstbasesrc.c:2871:gst_base_src_set_allocation:<v4l2src4> failed to activate bufferpool.
0:00:33.779579837 18999  0x82da430 ERROR                   v4l2 gstv4l2bufferpool.c:414:gst_v4l2_buffer_pool_set_config:<v4l2bufferpool8> error requesting 4 buffers: Device or resource busy
0:00:33.780233840 18999  0x82da430 ERROR                   v4l2 gstv4l2bufferpool.c:414:gst_v4l2_buffer_pool_set_config:<v4l2bufferpool8> error requesting 4 buffers: Device or resource busy
0:00:33.780291739 18999  0x82da430 ERROR                   v4l2 gstv4l2bufferpool.c:414:gst_v4l2_buffer_pool_set_config:<v4l2bufferpool8> error requesting 4 buffers: Device or resource busy
0:00:33.780330641 18999  0x82da430 ERROR             bufferpool gstbufferpool.c:485:gst_buffer_pool_set_active:<v4l2bufferpool8> pool was not configured
0:00:33.780353759 18999  0x82da430 ERROR                basesrc gstbasesrc.c:2871:gst_base_src_set_allocation:<v4l2src5> failed to activate bufferpool.
0:00:34.706867921 18999  0x82da430 ERROR                   v4l2 gstv4l2bufferpool.c:414:gst_v4l2_buffer_pool_set_config:<v4l2bufferpool9> error requesting 4 buffers: Device or resource busy
0:00:34.707544344 18999  0x82da430 ERROR                   v4l2 gstv4l2bufferpool.c:414:gst_v4l2_buffer_pool_set_config:<v4l2bufferpool9> error requesting 4 buffers: Device or resource busy
0:00:34.707602732 18999  0x82da430 ERROR                   v4l2 gstv4l2bufferpool.c:414:gst_v4l2_buffer_pool_set_config:<v4l2bufferpool9> error requesting 4 buffers: Device or resource busy
0:00:34.707636186 18999  0x82da430 ERROR             bufferpool gstbufferpool.c:485:gst_buffer_pool_set_active:<v4l2bufferpool9> pool was not configured
0:00:34.707660142 18999  0x82da430 ERROR                basesrc gstbasesrc.c:2871:gst_base_src_set_allocation:<v4l2src6> failed to activate bufferpool.
**
ERROR:gstv4l2bufferpool.c:922:gst_v4l2_buffer_pool_release_buffer: code should not be reached

Program received signal SIGABRT, Aborted.
0xb7fdd424 in __kernel_vsyscall ()

Comment 12 Tristan Matthews 2013-04-17 03:29:20 UTC

And the backtrace:

+ Trace 231804

Thread 1 (Thread 0xb6e4a840 (LWP 18999))

#0 __kernel_vsyscall
#1 __GI_raise
at ../nptl/sysdeps/unix/sysv/linux/raise.c line 64
#2 __GI_abort
at abort.c line 91
#3 g_assertion_message
at /build/buildd/glib2.0-2.34.1/./glib/gtestutils.c line 1877
#4 gst_v4l2_buffer_pool_release_buffer
at gstv4l2bufferpool.c line 922
#5 gst_buffer_pool_release_buffer
at gstbufferpool.c line 1155
#6 _gst_buffer_dispose
at gstbuffer.c line 540
#7 gst_mini_object_unref
at gstminiobject.c line 448
#8 gst_buffer_unref
at ../../../gst/gstbuffer.h line 354
#9 gst_base_sink_set_last_buffer_unlocked
at gstbasesink.c line 954
#10 gst_base_sink_set_last_buffer
at gstbasesink.c line 966
#11 gst_base_sink_set_last_buffer
at gstbasesink.c line 960
#12 gst_base_sink_change_state
at gstbasesink.c line 4957
#13 gst_xvimagesink_change_state
at xvimagesink.c line 856
#14 gst_element_change_state
at gstelement.c line 2605
#15 gst_element_set_state_func
at gstelement.c line 2561
#16 gst_element_set_state
at gstelement.c line 2462
#17 gst_bin_element_set_state
at gstbin.c line 2297
#18 gst_bin_change_state_func
at gstbin.c line 2599
#19 gst_pipeline_change_state
at gstpipeline.c line 471
#20 gst_element_change_state
at gstelement.c line 2605
#21 gst_element_continue_state
at gstelement.c line 2315
#22 gst_element_change_state
at gstelement.c line 2649
#23 gst_element_set_state_func
at gstelement.c line 2561
#24 gst_element_set_state
at gstelement.c line 2462
#25 on_button_ready_clicked
at test-uvch264.c line 267
#26 g_cclosure_marshal_VOID__VOIDv
at /build/buildd/glib2.0-2.34.1/./gobject/gmarshal.c line 115
#27 _g_closure_invoke_va
at /build/buildd/glib2.0-2.34.1/./gobject/gclosure.c line 840
#28 g_signal_emit_valist
at /build/buildd/glib2.0-2.34.1/./gobject/gsignal.c line 3211
#29 g_signal_emit
at /build/buildd/glib2.0-2.34.1/./gobject/gsignal.c line 3356
#30 gtk_button_clicked
from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0
#31 ??
from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0
#32 g_cclosure_marshal_VOID__VOID
at /build/buildd/glib2.0-2.34.1/./gobject/gmarshal.c line 85
#33 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.34.1/./gobject/gclosure.c line 970
#34 g_closure_invoke
#35 signal_emit_unlocked_R
at /build/buildd/glib2.0-2.34.1/./gobject/gsignal.c line 3481
#36 g_signal_emit_valist
at /build/buildd/glib2.0-2.34.1/./gobject/gsignal.c line 3300
#37 g_signal_emit
at /build/buildd/glib2.0-2.34.1/./gobject/gsignal.c line 3356
#38 gtk_button_released
from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0
#39 ??
from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0
#40 ??
from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0
#41 g_type_class_meta_marshal
at /build/buildd/glib2.0-2.34.1/./gobject/gclosure.c line 970
#42 g_closure_invoke
at /build/buildd/glib2.0-2.34.1/./gobject/gclosure.c line 777
#43 signal_emit_unlocked_R
#44 g_signal_emit_valist
at /build/buildd/glib2.0-2.34.1/./gobject/gsignal.c line 3310
#45 g_signal_emit
at /build/buildd/glib2.0-2.34.1/./gobject/gsignal.c line 3356
#46 ??
from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0
#47 gtk_propagate_event
from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0
#48 gtk_main_do_event
from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0
#49 ??
from /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0
#50 g_main_dispatch
at /build/buildd/glib2.0-2.34.1/./glib/gmain.c line 2715
#51 g_main_context_dispatch
at /build/buildd/glib2.0-2.34.1/./glib/gmain.c line 3219
#52 g_main_context_iterate
at /build/buildd/glib2.0-2.34.1/./glib/gmain.c line 3290
#53 g_main_loop_run
at /build/buildd/glib2.0-2.34.1/./glib/gmain.c line 3484
#54 gtk_main
from /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0
#55 main
at test-uvch264.c line 657

Comment 13 Olivier Crête 2013-04-17 05:37:24 UTC

Can you attach more of the log? with GST_DEBUG=*v4l2*:8,basesrc:8 ?

Comment 14 Tristan Matthews 2013-04-17 06:52:20 UTC

Created attachment 241713 [details]
log with GST_DEBUG=*basesrc*:8,*v4l2*:8 up until Abort

Comment 15 Olivier Crête 2013-04-17 19:19:15 UTC

I'm not sure what you're application is.. but with the current v4l2src, you have to shut down the entire pipeline while stopping v4l2src. Work to fix that has been done on bug #682770

Comment 16 Tristan Matthews 2013-04-17 19:38:23 UTC

All this testing was with:

http://cgit.freedesktop.org/gstreamer/gst-plugins-bad/tree/tests/examples/uvch264/test-uvch264.c