Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Oleg_F_
Beginner
117 Views

Segmentation fault in MFXVideoVPP_Init

Jump to solution

Hi,

I'm using MediaSDK 2015 R5 on CentOS 7.1

In this scenario I have 1 h.264 decoder and 1 VPP in different sessions that are joined.

In addition I use memory pools for memory allocation in my application. Operators new and delete are overloaded.

When the VPP is initialized, the process crashes. gdb gives the following stack:

(gdb) bt full
#0  0x0000000000466a2b in surf::MemPool::freeBlock (this=0x7f2c00000000, ptr=0x7f2c4806b530) at framework/mem_pool.cpp:124
        hdr = 0x7f2c4806b4b0
        __func__ = "freeBlock"
#1  0x0000000000466e67 in surf::MemManager::free (ptr=0x7f2c4806b530) at framework/mem_pool.cpp:220
        hdr = 0x7f2c4806b4b0
        __func__ = "free"
#2  0x0000000000466659 in operator delete (ptr=0x7f2c4806b530) at framework/mem_pool.cpp:18
No locals.
#3  0x00007f2c6d43fda3 in ?? () from /opt/intel/mediasdk/lib64/iHD_drv_video.so
No symbol table info available.
#4  0x00007f2c6d440a4b in ?? () from /opt/intel/mediasdk/lib64/iHD_drv_video.so
No symbol table info available.
#5  0x00007f2c6d4e71a2 in ?? () from /opt/intel/mediasdk/lib64/iHD_drv_video.so
No symbol table info available.
#6  0x00007f2c6d4e4b39 in ?? () from /opt/intel/mediasdk/lib64/iHD_drv_video.so
No symbol table info available.
#7  0x00007f2c6d52f36e in ?? () from /opt/intel/mediasdk/lib64/iHD_drv_video.so
No symbol table info available.
#8  0x00007f2c6c4ec311 in ?? () from /opt/intel/mediasdk/lib64/libmfxhw64-p.so.1.15
No symbol table info available.
#9  0x00007f2c6c4ec61c in ?? () from /opt/intel/mediasdk/lib64/libmfxhw64-p.so.1.15
No symbol table info available.
#10 0x00007f2c6c4ec709 in ?? () from /opt/intel/mediasdk/lib64/libmfxhw64-p.so.1.15
No symbol table info available.
#11 0x00007f2c6c5f5bc4 in ?? () from /opt/intel/mediasdk/lib64/libmfxhw64-p.so.1.15
No symbol table info available.
#12 0x00007f2c6c5ecc23 in ?? () from /opt/intel/mediasdk/lib64/libmfxhw64-p.so.1.15
No symbol table info available.
#13 0x00007f2c6c5ed714 in ?? () from /opt/intel/mediasdk/lib64/libmfxhw64-p.so.1.15
No symbol table info available.
#14 0x00007f2c6c5edac4 in ?? () from /opt/intel/mediasdk/lib64/libmfxhw64-p.so.1.15
No symbol table info available.
#15 0x00007f2c6c5ee12e in ?? () from /opt/intel/mediasdk/lib64/libmfxhw64-p.so.1.15
No symbol table info available.
#16 0x00007f2c6c56374c in ?? () from /opt/intel/mediasdk/lib64/libmfxhw64-p.so.1.15
No symbol table info available.
#17 0x00007f2c6c55c961 in ?? () from /opt/intel/mediasdk/lib64/libmfxhw64-p.so.1.15
No symbol table info available.
#18 0x00007f2c6c4e5b6a in MFXVideoVPP_Init () from /opt/intel/mediasdk/lib64/libmfxhw64-p.so.1.15
No symbol table info available.
#19 0x0000000000449720 in surf::VideoMixerTool::initVpp (this=0x7f2c6001daf0) at video_mixer/video_mixer.cpp:541
        sts = MFX_ERR_NONE
        __func__ = "initVpp"

From this info I see that the crash occurs when MSDK calls delete.

IMPORTANT NOTICE: when I don't overload operators new and delete - the problem does not occur

From internal implementation of memory pool it seems that MSDK tries to call delete with buffer that was not obtained using overloaded new operator, may be it is obtained erroneously by malloc instead new. Given the fact that without using my memory pool the crash does not occur - it seems that the pointer is correct (otherwise it would crash), but it is not allocated using new.

OTHER IMPORTANT NOTICE: this problem does not occur in MSDK 2015 R4.

Thanks for your support,

Oleg

 

0 Kudos
1 Solution
117 Views

Hi Oleg,

We were able to root cause the issue you were observing to some missing operator definitions in your application. Your application is missing definitions for new[], new(nothrow), new(nothrow[] and delete[], delete(nothrow), delete(nothrow)[].

Can you use the following code please:

#include <new> 

void* operator new(size_t count) 

    printf("new called count[%d]\n", count); 
    uint8_t* ptr = (uint8_t*)malloc(count + 32); 
    return (void*)(ptr + 32); 


void* operator new(size_t count, const std::nothrow_t& tag) 

    printf("new(nothrow) called count[%d]\n", count); 
    uint8_t* ptr = (uint8_t*)malloc(count + 32); 
    return (void*)(ptr + 32); 


void* operator new[](size_t count) 

    printf("new[] called count[%d]\n", count); 
    uint8_t* ptr = (uint8_t*)malloc(count + 32); 
    return (void*)(ptr + 32); 


void* operator new[](size_t count, const std::nothrow_t& tag) 

    printf("new(nothrow)[] called count[%d]\n", count); 
    uint8_t* ptr = (uint8_t*)malloc(count + 32); 
    return (void*)(ptr + 32); 


void operator delete(void* delptr) 

    printf("delete called ptr[%p]\n", delptr); 
    if(!delptr) 
        return; 
    uint8_t* ptr = (uint8_t*)delptr; 
    ptr = ptr - 32; 
    free(ptr); 

void operator delete[](void* delptr) 

    printf("delete[] called ptr[%p]\n", delptr); 
    if(!delptr) 
        return; 
    uint8_t* ptr = (uint8_t*)delptr; 
    ptr = ptr - 32; 
    free(ptr); 

void operator delete(void* delptr, const std::nothrow_t& tag) 

    printf("delete(nothrow) called ptr[%p]\n", delptr); 
    if(!delptr) 
        return; 
    uint8_t* ptr = (uint8_t*)delptr; 
    ptr = ptr - 32; 
    free(ptr); 

void operator delete[](void* delptr, const std::nothrow_t& tag) 

    printf("delete(nothrow)[] called ptr[%p]\n", delptr); 
    if(!delptr) 
        return; 
    uint8_t* ptr = (uint8_t*)delptr; 
    ptr = ptr - 32; 
    free(ptr); 
}

View solution in original post

7 Replies
Shaojuan_Z_Intel
Employee
117 Views

Hi Oleg,

Since you are running joined decoder and VPP, you may want to take a look at our sample_multi_transcode, then modify your code accordingly and see if you still see the same problem. Thanks!

Nina_K_Intel
Employee
117 Views

Hi Oleg,

This looks like a bug of ours. Would it be possible to add your new/delete overloading in sample_vpp and send this reproducer to us?

Thanks,

Nina 

Oleg_F_
Beginner
117 Views

Hi guys,

Thanks for the quick reply

I'll try to do that on sunday

Oleg

Oleg_F_
Beginner
117 Views

Hi,

Attached is the reproducer of this issue based on the tutorials,

See simple_4_vpp_resize_denoise_vmem example, I added overloaded operators new and delete at the beginning of simple_vpp_vmem.cpp file.

I ran it as follows:

../_build/simple_vpp_vmem -hw -g 352x288 in.yuv  out.yuv

where in.yuv contains just few bytes, but this does not matter because the crash occurs at the initialization stage of the program.

Tell me if you need anything else to work on this crash.

Thanks,

Oleg

Nina_K_Intel
Employee
117 Views

Oleg, thank you so much for the reproducer, we will check it shortly.

Nina

118 Views

Hi Oleg,

We were able to root cause the issue you were observing to some missing operator definitions in your application. Your application is missing definitions for new[], new(nothrow), new(nothrow[] and delete[], delete(nothrow), delete(nothrow)[].

Can you use the following code please:

#include <new> 

void* operator new(size_t count) 

    printf("new called count[%d]\n", count); 
    uint8_t* ptr = (uint8_t*)malloc(count + 32); 
    return (void*)(ptr + 32); 


void* operator new(size_t count, const std::nothrow_t& tag) 

    printf("new(nothrow) called count[%d]\n", count); 
    uint8_t* ptr = (uint8_t*)malloc(count + 32); 
    return (void*)(ptr + 32); 


void* operator new[](size_t count) 

    printf("new[] called count[%d]\n", count); 
    uint8_t* ptr = (uint8_t*)malloc(count + 32); 
    return (void*)(ptr + 32); 


void* operator new[](size_t count, const std::nothrow_t& tag) 

    printf("new(nothrow)[] called count[%d]\n", count); 
    uint8_t* ptr = (uint8_t*)malloc(count + 32); 
    return (void*)(ptr + 32); 


void operator delete(void* delptr) 

    printf("delete called ptr[%p]\n", delptr); 
    if(!delptr) 
        return; 
    uint8_t* ptr = (uint8_t*)delptr; 
    ptr = ptr - 32; 
    free(ptr); 

void operator delete[](void* delptr) 

    printf("delete[] called ptr[%p]\n", delptr); 
    if(!delptr) 
        return; 
    uint8_t* ptr = (uint8_t*)delptr; 
    ptr = ptr - 32; 
    free(ptr); 

void operator delete(void* delptr, const std::nothrow_t& tag) 

    printf("delete(nothrow) called ptr[%p]\n", delptr); 
    if(!delptr) 
        return; 
    uint8_t* ptr = (uint8_t*)delptr; 
    ptr = ptr - 32; 
    free(ptr); 

void operator delete[](void* delptr, const std::nothrow_t& tag) 

    printf("delete(nothrow)[] called ptr[%p]\n", delptr); 
    if(!delptr) 
        return; 
    uint8_t* ptr = (uint8_t*)delptr; 
    ptr = ptr - 32; 
    free(ptr); 
}

View solution in original post

Oleg_F_
Beginner
117 Views

Hi,

Sorry for long answer and thank you for the help

Adding additional signatures of new and delete operators fixes the issue

Oleg

Reply