Suspicious crash after GStreamer upgrade to 1.22.9 on M3
The discussion has started here: https://discourse.gstreamer.org/t/suspicious-crash-after-gstreamer-upgrade-to-1-22-9-on-m3/928/2
Summarizing: Recently I upgraded GStreamer on an M3 macbook to the recent 1.22.9 version and my app running a simple pipeline started to crash while was working fine prior to the upgrade. While investigating the issue I noticed that even the basic tutorial app (gst-docs/examples/tutorials/basic-tutorial-2.c at master · GStreamer/gst-docs · GitHub) crashes as well.
pkg-config --libs --cflags gstreamer-1.0
-I/opt/homebrew/Cellar/gstreamer/1.22.9/include/gstreamer-1.0 -I/opt/homebrew/Cellar/glib/2.78.4/include -I/opt/homebrew/Cellar/glib/2.78.4/include/glib-2.0 -I/opt/homebrew/Cellar/glib/2.78.4/lib/glib-2.0/include -I/opt/homebrew/opt/gettext/include -I/opt/homebrew/Cellar/pcre2/10.42/include -I/Library/Developer/CommandLineTools/SDKs/MacOSX14.sdk/usr/include/ffi -L/opt/homebrew/Cellar/gstreamer/1.22.9/lib -L/opt/homebrew/Cellar/glib/2.78.4/lib -L/opt/homebrew/opt/gettext/lib -lgstreamer-1.0 -Wl,-rpath,/opt/homebrew/Cellar/gstreamer/1.22.9/lib -lgobject-2.0 -lglib-2.0 -lintl
clang basic-tutorial-2.c $(pkg-config --libs --cflags gstreamer-1.0) --debug -g0 -glldb -fsanitize=address
./a.out
AddressSanitizer:DEADLYSIGNAL
=================================================================
==20579==ERROR: AddressSanitizer: BUS on unknown address (pc 0x000103a2e6d4 bp 0x00016d479db0 sp 0x00016d479560 T7)
==20579==The signal is caused by a WRITE memory access.
==20579==Hint: this fault was caused by a dereference of a high value address (see register values below). Disassemble the provided pc to learn which register was used.
#0 0x103a2e6d4 in __sanitizer::internal_memmove(void*, void const*, unsigned long)+0x134 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x6a6d4)
#1 0x10817ff28 in orc_program_compile_full+0x105c (liborc-0.4.0.dylib:arm64+0x3f28)
#2 0x102f045e0 in video_test_src_orc_splat_u32+0xb8 (libgstvideotestsrc.dylib:arm64+0x45e0)
#3 0x102f06b04 in gst_video_test_src_smpte+0xec (libgstvideotestsrc.dylib:arm64+0x6b04)
#4 0x102f0691c in fill_image+0x6c (libgstvideotestsrc.dylib:arm64+0x691c)
#5 0x102f063fc in gst_video_test_src_fill+0x9c (libgstvideotestsrc.dylib:arm64+0x63fc)
#6 0x108133bfc in gst_base_src_default_create+0x7c (libgstbase-1.0.0.dylib:arm64+0x33bfc)
#7 0x1081353e8 in gst_base_src_get_range+0x104 (libgstbase-1.0.0.dylib:arm64+0x353e8)
#8 0x108134cb8 in gst_base_src_loop+0x428 (libgstbase-1.0.0.dylib:arm64+0x34cb8)
#9 0x1032d3474 in gst_task_func+0x118 (libgstreamer-1.0.0.dylib:arm64+0x8b474)
#10 0x1034f8e74 in g_thread_pool_thread_proxy+0xcc (libglib-2.0.0.dylib:arm64+0x60e74)
#11 0x1034f7dd0 in g_thread_proxy+0x40 (libglib-2.0.0.dylib:arm64+0x5fdd0)
#12 0x184312030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030)
#13 0x18430ce38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38)
==20579==Register values:
x[0] = 0x000000010c1b8000 x[1] = 0x0000000107614800 x[2] = 0x00000000000000c3 x[3] = 0x0000000000000018
x[4] = 0x00000001060e03b8 x[5] = 0x0000000000000000 x[6] = 0x000000016d3f8000 x[7] = 0x0000000000000001
x[8] = 0x00000000000000c0 x[9] = 0x00000000000000a3 x[10] = 0x000000010c1b80a3 x[11] = 0x0000000107614800
x[12] = 0x00000000000000c0 x[13] = 0x00000001076148a3 x[14] = 0x0000000000007e01 x[15] = 0x0000000000000006
x[16] = 0x00000001039dec7c x[17] = 0x0000000103a68750 x[18] = 0x0000000000000000 x[19] = 0x00000000000000c3
x[20] = 0x0000000107614800 x[21] = 0x000000010c1b8000 x[22] = 0x000000010820d5ac x[23] = 0x0000000000000060
x[24] = 0x0000000104491aa8 x[25] = 0x0000000000000082 x[26] = 0x000000010870c250 x[27] = 0x0000000108706200
x[28] = 0x000000010870d100 fp = 0x000000016d479db0 lr = 0x00000001039ded5c sp = 0x000000016d479560
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: BUS (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x6a6d4) in __sanitizer::internal_memmove(void*, void const*, unsigned long)+0x134
Thread T7 created by T6 here:
#0 0x103a101b0 in wrap_pthread_create+0x54 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x4c1b0)
#1 0x10351dc28 in g_system_thread_new+0x120 (libglib-2.0.0.dylib:arm64+0x85c28)
#2 0x1034f82b8 in g_thread_pool_spawn_thread+0x90 (libglib-2.0.0.dylib:arm64+0x602b8)
#3 0x1034f7dd0 in g_thread_proxy+0x40 (libglib-2.0.0.dylib:arm64+0x5fdd0)
#4 0x184312030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030)
#5 0x18430ce38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38)
Thread T6 created by T0 here:
#0 0x103a101b0 in wrap_pthread_create+0x54 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x4c1b0)
#1 0x10351dc28 in g_system_thread_new+0x120 (libglib-2.0.0.dylib:arm64+0x85c28)
#2 0x1034f7e50 in g_thread_new+0x30 (libglib-2.0.0.dylib:arm64+0x5fe50)
#3 0x1034f8158 in g_thread_pool_new_full+0xe0 (libglib-2.0.0.dylib:arm64+0x60158)
#4 0x1032d3e48 in default_prepare+0x3c (libgstreamer-1.0.0.dylib:arm64+0x8be48)
#5 0x1032d31e4 in gst_task_init+0x90 (libgstreamer-1.0.0.dylib:arm64+0x8b1e4)
#6 0x10319f6cc in g_type_create_instance+0x16c (libgobject-2.0.0.dylib:arm64+0x236cc)
#7 0x10318c20c in g_object_new_internal+0x40 (libgobject-2.0.0.dylib:arm64+0x1020c)
#8 0x10318bab8 in g_object_new_with_properties+0x1c8 (libgobject-2.0.0.dylib:arm64+0xfab8)
#9 0x1032d2640 in gst_task_new+0x2c (libgstreamer-1.0.0.dylib:arm64+0x8a640)
#10 0x1032a6528 in gst_pad_start_task+0xdc (libgstreamer-1.0.0.dylib:arm64+0x5e528)
#11 0x10813166c in gst_base_src_perform_seek+0x2fc (libgstbase-1.0.0.dylib:arm64+0x3166c)
#12 0x1081310a8 in gst_base_src_start_complete+0x198 (libgstbase-1.0.0.dylib:arm64+0x310a8)
#13 0x10813703c in gst_base_src_start+0x1e4 (libgstbase-1.0.0.dylib:arm64+0x3703c)
#14 0x1081342f8 in gst_base_src_activate_mode+0xc8 (libgstbase-1.0.0.dylib:arm64+0x342f8)
#15 0x10329bb6c in activate_mode_internal+0x2dc (libgstreamer-1.0.0.dylib:arm64+0x53b6c)
#16 0x10329b66c in gst_pad_set_active+0x14c (libgstreamer-1.0.0.dylib:arm64+0x5366c)
#17 0x103283de0 in activate_pads+0x24 (libgstreamer-1.0.0.dylib:arm64+0x3bde0)
#18 0x103292ba8 in gst_iterator_fold+0x6c (libgstreamer-1.0.0.dylib:arm64+0x4aba8)
#19 0x103283d6c in iterator_activate_fold_with_resync+0x54 (libgstreamer-1.0.0.dylib:arm64+0x3bd6c)
#20 0x103283b70 in gst_element_pads_activate+0x40 (libgstreamer-1.0.0.dylib:arm64+0x3bb70)
#21 0x103282c20 in gst_element_change_state_func+0x184 (libgstreamer-1.0.0.dylib:arm64+0x3ac20)
#22 0x1081320d8 in gst_base_src_change_state+0x7c (libgstbase-1.0.0.dylib:arm64+0x320d8)
#23 0x103281740 in gst_element_change_state+0xd8 (libgstreamer-1.0.0.dylib:arm64+0x39740)
#24 0x103282e8c in gst_element_set_state_func+0x168 (libgstreamer-1.0.0.dylib:arm64+0x3ae8c)
#25 0x10325cb88 in gst_bin_change_state_func+0x3f4 (libgstreamer-1.0.0.dylib:arm64+0x14b88)
#26 0x1032aafbc in gst_pipeline_change_state+0x160 (libgstreamer-1.0.0.dylib:arm64+0x62fbc)
#27 0x103281740 in gst_element_change_state+0xd8 (libgstreamer-1.0.0.dylib:arm64+0x39740)
#28 0x1032818ec in gst_element_change_state+0x284 (libgstreamer-1.0.0.dylib:arm64+0x398ec)
#29 0x103282e8c in gst_element_set_state_func+0x168 (libgstreamer-1.0.0.dylib:arm64+0x3ae8c)
#30 0x102ccb408 in main basic-tutorial-2.c:38
#31 0x183f910dc (<unknown module>)
==20579==ABORTING
zsh: abort ./a.out
As requested, the following is the output generated with the ORC_DEBUG=5:
ORC_DEBUG=5 ./a.out
ORC: INFO: ../orc/orcdebug.c(72): void _orc_debug_init(void)(): orc-0.4.36 debug init
ORC: DEBUG: ../orc/orccpu-arm.c(130): unsigned long orc_cpu_arm_getflags_cpuinfo()(): Failed to read /proc/cpuinfo
ORC: INFO: ../orc/orcprogram-neon.c(137): void orc_neon_init(void)(): marking neon backend non-executable
ORC: INFO: ../orc/orccompiler.c(308): OrcCompileResult orc_program_compile_full(OrcProgram *, OrcTarget *, unsigned int)(): initializing compiler for program "video_test_src_orc_splat_u32"
ORC: LOG: ../orc/orccompiler.c(340): OrcCompileResult orc_program_compile_full(OrcProgram *, OrcTarget *, unsigned int)(): variables
ORC: LOG: ../orc/orccompiler.c(347): OrcCompileResult orc_program_compile_full(OrcProgram *, OrcTarget *, unsigned int)(): 0: d size 4 type 2 alloc 0
ORC: LOG: ../orc/orccompiler.c(347): OrcCompileResult orc_program_compile_full(OrcProgram *, OrcTarget *, unsigned int)(): 24: p size 4 type 4 alloc 0
ORC: LOG: ../orc/orccompiler.c(350): OrcCompileResult orc_program_compile_full(OrcProgram *, OrcTarget *, unsigned int)(): instructions
ORC: LOG: ../orc/orccompiler.c(357): OrcCompileResult orc_program_compile_full(OrcProgram *, OrcTarget *, unsigned int)(): 0: storel 0 0 24 0
ORC: INFO: ../orc/orccompiler.c(459): OrcCompileResult orc_program_compile_full(OrcProgram *, OrcTarget *, unsigned int)(): allocating code memory
ORC: INFO: ../orc/orccompiler.c(465): OrcCompileResult orc_program_compile_full(OrcProgram *, OrcTarget *, unsigned int)(): compiling for target "sse"
ORC: WARNING: ../orc/orccodemem.c(261): int orc_code_region_allocate_codemem_dual_map(OrcCodeRegion *, const char *, int)(): failed to create exec map '/Users/me/orcexec.z80whc'. err=1
ORC: WARNING: ../orc/orccodemem.c(261): int orc_code_region_allocate_codemem_dual_map(OrcCodeRegion *, const char *, int)(): failed to create exec map '/var/folders/mk/r99zwhtj1lb6ylpbl3gnk80h0000gn/T//orcexec.0eFrhD'. err=1
ORC: WARNING: ../orc/orccodemem.c(261): int orc_code_region_allocate_codemem_dual_map(OrcCodeRegion *, const char *, int)(): failed to create exec map '/tmp/orcexec.EEk3j0'. err=1
AddressSanitizer:DEADLYSIGNAL