[ 154s] [ 5%] Building ASM object projects/compiler-rt/lib/builtins/CMakeFiles/clang_rt.builtins-arm.dir/arm/sync_fetch_and_umax_4.S.o
[ 154s] [ 5%] Building ASM object projects/compiler-rt/lib/builtins/CMakeFiles/clang_rt.builtins-arm.dir/arm/sync_fetch_and_umax_8.S.o
[ 154s] /home/abuild/rpmbuild/BUILD/llvm-19.1.4/compiler-rt/lib/builtins/truncdfbf2.c: In function '__truncdfbf2':
[ 154s] /home/abuild/rpmbuild/BUILD/llvm-19.1.4/compiler-rt/lib/builtins/truncdfbf2.c:13:74: error: unrecognizable insn:
[ 154s] 13 | COMPILER_RT_ABI dst_t __truncdfbf2(double a) { return truncXfYf2(a); }
[ 154s] | ^
[ 154s] (insn 298 297 302 57 (set (reg:BF 156 [ ])
[ 154s] (subreg:BF (reg:HI 273) 0)) "/home/abuild/rpmbuild/BUILD/llvm-19.1.4/compiler-rt/lib/builtins/truncdfbf2.c":13:55 discrim 1 -1
[ 154s] (nil))
[ 154s] during RTL pass: vregs
[ 154s] /home/abuild/rpmbuild/BUILD/llvm-19.1.4/compiler-rt/lib/builtins/truncdfbf2.c:13:74: internal compiler error: in extract_insn, at recog.cc:2812
[ 154s] 0x1a7c782 internal_error(char const*, ...)
[ 154s] ???:0
[ 154s] 0x725e97 fancy_abort(char const*, int, char const*)
[ 154s] ???:0
[ 154s] 0x70298b _fatal_insn(char const*, rtx_def const*, char const*, int, char const*)
[ 154s] ???:0
[ 154s] 0x7029aa _fatal_insn_not_found(rtx_def const*, char const*, int, char const*)
[ 154s] ???:0
[ 154s] Please submit a full bug report, with preprocessed source (by using -freport-bug).
[ 154s] Please include the complete backtrace with any bug report.
[ 154s] See http://bugs.tizen.org/ for instructions.
[ 154s] make[2]: *** [projects/compiler-rt/lib/builtins/CMakeFiles/clang_rt.builtins-armv4t.dir/build.make:2044: projects/compiler-rt/lib/builtins/CMakeFiles/clang_rt.builtins-armv4t.dir/truncdfbf2.c.o] Error 1
[ 154s] make[1]: *** [CMakeFiles/Makefile2:31284: projects/compiler-rt/lib/builtins/CMakeFiles/clang_rt.builtins-armv4t.dir/all] Error 2
[ 154s] make[1]: *** Waiting for unfinished jobs....
问题分析
看日志这是在编 compiler-rt 的 builtins(目标库:clang_rt.builtins-armv4t)时,文件 truncdfbf2.c 里实现 double -> bfloat16 转换的例程在 GCC 上崩了(reg:BF / BF=bfloat16)。ARMv4T 后端并不真正支持 BFLOAT16 的指令/模式,GCC 前端虽然能接受 __bf16 这个类型,但到后端生成 RTL 时就炸在 extract_insn(“unrecognizable insn … reg:BF … during RTL pass: vregs”),这属于编译器/目标组合不支持 BFMODE 的经典坑,不是你的工程代码问题。对应的源文件确实是 bfloat16 截断实现:lib/builtins/truncdfbf2.c(就是把 DST_BFLOAT 打开后包含通用实现)
Code Browser
。
在 CMake 里,compiler-rt 只有在检测到 __bf16 类型“可编译”时才会把这批 BF16 源加入构建(BF16_SOURCES 列表);每个目标架构都会做一次 check_c_source_compiles("_bf16 ...", COMPILER_RT_HAS${arch}_BFLOAT16),若为真就把 BF16_SOURCES 追加进该架构的源码列表。你的环境里这一步误判为“可用”,于是把 truncdfbf2.c 等文件编进去,随后在 ARMv4T 的 GCC 后端挂了。相关 CMake 逻辑可见这里(定义 BF16 源并按每个 arch 判断是否加入)
fossies.org
。LLVM 也专门有改动说明“只在(确实)支持时构建 (b)float16 代码”
尝试方案
rm -rf build && mkdir build
cd build
cmake -G Ninja ../llvm
-DLLVM_ENABLE_PROJECTS="clang;compiler-rt"
-DLLVM_ENABLE_RUNTIMES="compiler-rt"
-DLLVM_BUILTIN_TARGETS="armv4t-linux-gnueabi"
-DBUILTINS_armv4t-linux-gnueabi_CMAKE_SYSTEM_NAME=Linux
-DBUILTINS_armv4t-linux-gnueabi_TARGET_TRIPLE=armv4t-linux-gnueabi
-DBUILTINS_armv4t-linux-gnueabi_CMAKE_C_FLAGS="-march=armv4t -mfloat-abi=soft"
-DCOMPILER_RT_HAS_armv4t_BFLOAT16=OFF
ninja clang_rt.builtins-armv4t
[ 1965s] [ 82%] Building CXX object tools/llvm-exegesis/lib/CMakeFiles/LLVMExegesis.dir/BenchmarkResult.cpp.o
[ 1965s] In member function 'resizePath',
[ 1965s] inlined from 'resizePath' at /home/abuild/rpmbuild/BUILD/llvm-19.1.4/clang/lib/AST/APValue.cpp:236:8,
[ 1965s] inlined from 'setLValueUninit' at /home/abuild/rpmbuild/BUILD/llvm-19.1.4/clang/lib/AST/APValue.cpp:1035:18,
[ 1965s] inlined from 'readAPValue' at /home/abuild/rpmbuild/BUILD/llvm-19.1.4/build/tools/clang/include/clang/AST/AbstractBasicReader.inc:770:60:
[ 1965s] /home/abuild/rpmbuild/BUILD/llvm-19.1.4/clang/lib/AST/APValue.cpp:243:43: warning: argument 1 value '4294967295' exceeds maximum object size 2147483647 [-Walloc-size-larger-than=]
[ 1965s] 243 | PathPtr = new LValuePathEntry[Length];
[ 1965s] | ^
[ 1965s] /usr/lib/gcc/armv7l-tizen-linux-gnueabi/14.2.0/include/c++/new: In member function 'readAPValue':
[ 1965s] /usr/lib/gcc/armv7l-tizen-linux-gnueabi/14.2.0/include/c++/new:133:26: note: in a call to allocation function 'operator new []' declared here
[ 1965s] 133 | _GLIBCXX_NODISCARD void* operator new _GLIBCXX_THROW (std::bad_alloc)
[ 1965s] | ^
[ 1965s] In member function 'setVectorUninit',
[ 1965s] inlined from 'readAPValue' at /home/abuild/rpmbuild/BUILD/llvm-19.1.4/build/tools/clang/include/clang/AST/AbstractBasicReader.inc:630:33:
[ 1965s] /home/abuild/rpmbuild/BUILD/llvm-19.1.4/clang/include/clang/AST/APValue.h:690:28: warning: argument 1 value '4294967295' exceeds maximum object size 2147483647 [-Walloc-size-larger-than=]
[ 1965s] 690 | V->Elts = new APValue[N];
[ 1965s] | ^
[ 1965s] /usr/lib/gcc/armv7l-tizen-linux-gnueabi/14.2.0/include/c++/new: In member function 'readAPValue':
[ 1965s] /usr/lib/gcc/armv7l-tizen-linux-gnueabi/14.2.0/include/c++/new:133:26: note: in a call to allocation function 'operator new []' declared here
[ 1965s] 133 | _GLIBCXX_NODISCARD void* operator new _GLIBCXX_THROW (std::bad_alloc)
[ 1965s] | ^
[ 1967s] [ 82%] Building CXX object lib/Target/AArch64/CMakeFiles/LLVMAArch64CodeGen.dir/AArch64CallingConvention.cpp.o
[ 1970s] [ 82%] Built target llvm-profgen
[ 1975s] [ 82%] Building CXX object lib/Target/AArch64/CMakeFiles/LLVMAArch64CodeGen.dir/AArch64CleanupLocalDynamicTLSPass.cpp.o
[ 1975s] [ 82%] Building CXX object lib/Target/BPF/CMakeFiles/LLVMBPFCodeGen.dir/BPFInstrInfo.cpp.o
[ 1979s] armv7l-tizen-linux-gnueabi-g++: fatal error: Killed signal terminated program lto1
[ 1979s] compilation terminated.
[ 1979s] lto-wrapper: fatal error: /bin/armv7l-tizen-linux-gnueabi-g++ returned 1 exit status
[ 1979s] compilation terminated.
[ 1979s] /usr/lib/gcc/armv7l-tizen-linux-gnueabi/14.2.0/../../../../armv7l-tizen-linux-gnueabi/bin/ld: error: lto-wrapper failed
[ 1980s] [ 82%] Building CXX object lib/Target/ARM/CMakeFiles/LLVMARMCodeGen.dir/ARMInstructionSelector.cpp.o
[ 1980s] collect2: error: ld returned 1 exit status
[ 1980s] make[2]: *** [tools/clang/tools/extra/clang-tidy/tool/CMakeFiles/clang-tidy.dir/build.make:238: bin/clang-tidy] Error 1
[ 1980s] make[1]: *** [CMakeFiles/Makefile2:63410: tools/clang/tools/extra/clang-tidy/tool/CMakeFiles/clang-tidy.dir/all] Error 2
[ 1980s] make[1]: *** Waiting for unfinished jobs....
致命错误:armv7l-...-g++: fatal error: Killed signal terminated program lto1 / lto-wrapper failed,最终 link clang-tidy 时失败。
→ 这基本是 GCC LTO(-flto)在 32-bit ARM 构建时内存被 OOM 干掉 的典型栈。lto1 是 GCC 的 LTO 进程,链接阶段要把大量 IR 合并,armv7l 的用户态地址空间小(2–3GB),很容易被杀。真正的失败发生在 链接 clang-tidy(对象极多、最吃内存)。
尝试方案
cmake -G Ninja ../llvm
-DLLVM_ENABLE_PROJECTS="clang;lld;compiler-rt"
-DLLVM_ENABLE_RUNTIMES="compiler-rt"
-DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++
-DLLVM_ENABLE_LTO=OFF
-DCMAKE_INTERPROCEDURAL_OPTIMIZATION=OFF
-DLLVM_ENABLE_LLD=ON
-DCMAKE_C_FLAGS="-fno-lto"
-DCMAKE_CXX_FLAGS="-fno-lto"
ninja
[ 140s] [ 0%] Building CXX object projects/compiler-rt/lib/lsan/CMakeFiles/RTLSanCommon.arm.dir/lsan_common.cpp.o
[ 140s] /home/abuild/rpmbuild/BUILD/llvm-19.1.4/compiler-rt/lib/builtins/arm/bswapdi2.S: Assembler messages:
[ 140s] /home/abuild/rpmbuild/BUILD/llvm-19.1.4/compiler-rt/lib/builtins/arm/bswapdi2.S:25: Error: cannot honor width suffix -- eor r2,r0,r0,ror#16' [ 140s] /home/abuild/rpmbuild/BUILD/llvm-19.1.4/compiler-rt/lib/builtins/arm/bswapdi2.S:26: Error: cannot honor width suffix -- bic r2,r2,#0xff0000'
[ 140s] /home/abuild/rpmbuild/BUILD/llvm-19.1.4/compiler-rt/lib/builtins/arm/bswapdi2.S:27: Error: cannot honor width suffix -- mov r2,r2,lsr#8' [ 140s] /home/abuild/rpmbuild/BUILD/llvm-19.1.4/compiler-rt/lib/builtins/arm/bswapdi2.S:28: Error: cannot honor width suffix -- eor r2,r2,r0,ror#8'
[ 140s] /home/abuild/rpmbuild/BUILD/llvm-19.1.4/compiler-rt/lib/builtins/arm/bswapdi2.S:30: Error: cannot honor width suffix -- eor r0,r1,r1,ror#16' [ 140s] /home/abuild/rpmbuild/BUILD/llvm-19.1.4/compiler-rt/lib/builtins/arm/bswapdi2.S:31: Error: cannot honor width suffix -- bic r0,r0,#0xff0000'
[ 140s] /home/abuild/rpmbuild/BUILD/llvm-19.1.4/compiler-rt/lib/builtins/arm/bswapdi2.S:32: Error: cannot honor width suffix -- mov r0,r0,lsr#8' [ 140s] /home/abuild/rpmbuild/BUILD/llvm-19.1.4/compiler-rt/lib/builtins/arm/bswapdi2.S:33: Error: cannot honor width suffix -- eor r0,r0,r1,ror#8'
[ 140s] /home/abuild/rpmbuild/BUILD/llvm-19.1.4/compiler-rt/lib/builtins/arm/bswapdi2.S:38: Error: MOV Rd, Rs with two low registers is not permitted on this architecture -- `mov r1,r2'
[ 140s] make[2]: *** [projects/compiler-rt/lib/builtins/CMakeFiles/clang_rt.builtins-armv4t.dir/build.make:92: projects/compiler-rt/lib/builtins/CMakeFiles/clang_rt.builtins-armv4t.dir/arm/bswapdi2.S.o] Error 1
[ 140s] make[1]: *** [CMakeFiles/Makefile2:31284: projects/compiler-rt/lib/builtins/CMakeFiles/clang_rt.builtins-armv4t.dir/all] Error 2
[ 140s] make[1]: *** Waiting for unfinished jobs....
[ 140s] [ 0%] Copying compiler-rt's sanitizer/asan_interface.h...
[ 140s] cc1plus: warning: '-Wformat-security' ignored without '-Wformat' [-Wformat-security]
原因是:你在构建 clang_rt.builtins-armv4t 时启用了 Thumb-1(-mthumb),但 compiler-rt/lib/builtins/arm/bswapdi2.S 里用的是 ARM 状态才有的指令/编码(例如 EOR ... , ROR #imm 这种“带桶形移位”的第二操作数形式、以及需要 32 位宽编码的变体)。
ARMv4T 的 Thumb-1 不支持这些编码,于是出现:
cannot honor width suffix(提示无法满足 32 位宽指令 .w/宽编码的需求)
MOV Rd, Rs with two low registers is not permitted on this architecture(在它试图选用 Thumb 的 16 位变体时触发的约束错误)
一系列 eor/bic/mov ... ror#... 的报错
实际上用的是armv7l, 所以需要修正配置
尝试方案
单独构建 compiler-rt(或在 monorepo 的 runtimes 里等价传参)
cmake -S compiler-rt -B build-rt
-DCMAKE_BUILD_TYPE=Release
-DCMAKE_C_COMPILER=clang
-DCMAKE_ASM_COMPILER=clang
-DLLVM_CONFIG_PATH=/path/to/llvm-config
-DCOMPILER_RT_BUILD_BUILTINS=ON
-DCOMPILER_RT_BUILD_SANITIZERS=OFF
-DCOMPILER_RT_DEFAULT_TARGET_TRIPLE=armv7a-linux-gnueabihf
-DCOMPILER_RT_DEFAULT_TARGET_ONLY=ON
-DCMAKE_C_FLAGS="--target=armv7a-linux-gnueabihf -march=armv7-a -marm"
-DCMAKE_ASM_FLAGS="--target=armv7a-linux-gnueabihf -march=armv7-a -marm"
cmake --build build-rt -j
Coredump 分析
Backtrace from coredump: Coredump.DN_artThingsApp.video_appsrc-sr(dotnet-loader).14355.__TIZEN-TRUNK2025-PontusM-RELEASE_20250905.4__T-PTMFAKUC-0090_debug
Process path: /usr/bin/dotnet-loader
From Package: dotnet-launcher
GNU gdb (GDB) 8.3.50.20191012-git
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "--host=x86_64-pc-linux-gnu --target=armv7l-tizen-linux-gnueabi".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
http://bugs.tizen.org/.
Find the GDB manual and other documentation resources online at:
http://www.gnu.org/software/gdb/documentation/.
For help, type "help".
Type "apropos word" to search for commands related to "word".
[New LWP 14355]
[New LWP 14105]
[New LWP 13804]
[New LWP 13835]
[New LWP 14354]
[New LWP 14347]
[New LWP 14341]
[New LWP 14058]
[New LWP 14256]
[New LWP 14241]
[New LWP 13828]
[New LWP 14266]
[New LWP 14111]
[New LWP 13108]
[New LWP 13832]
[New LWP 13107]
[New LWP 13897]
[New LWP 13800]
[New LWP 13838]
[New LWP 13112]
[New LWP 14348]
[New LWP 14340]
[New LWP 13902]
[New LWP 13894]
[New LWP 14240]
[New LWP 14318]
[New LWP 13831]
[New LWP 7608]
[New LWP 13837]
[New LWP 14098]
[New LWP 14243]
[New LWP 14391]
[New LWP 14258]
[New LWP 14374]
[New LWP 14260]
[New LWP 14250]
[New LWP 13907]
[New LWP 13822]
[New LWP 14368]
[New LWP 13834]
[New LWP 14319]
[New LWP 14101]
[New LWP 13817]
[New LWP 14102]
[New LWP 13810]
[New LWP 13821]
[New LWP 13829]
[New LWP 13807]
[New LWP 14373]
[New LWP 13809]
[New LWP 13798]
[New LWP 13808]
[New LWP 14357]
[New LWP 13833]
[New LWP 14342]
[New LWP 14252]
[New LWP 13999]
[New LWP 14310]
[New LWP 14317]
[New LWP 14261]
[New LWP 13830]
[New LWP 13106]
[New LWP 13812]
[New LWP 14249]
[New LWP 14242]
[New LWP 14320]
[New LWP 13134]
[New LWP 13103]
[New LWP 13802]
[New LWP 13819]
[New LWP 13892]
[New LWP 13895]
[New LWP 13903]
[New LWP 13906]
[New LWP 13909]
[New LWP 14025]
[New LWP 14033]
[New LWP 14104]
[New LWP 14245]
[New LWP 14251]
[New LWP 14262]
[New LWP 14269]
[New LWP 14321]
[New LWP 14311]
[New LWP 14346]
[New LWP 14353]
[New LWP 14356]
[New LWP 14308]
[New LWP 14360]
[New LWP 14314]
[New LWP 14361]
[New LWP 14367]
[New LWP 13791]
[New LWP 14369]
[New LWP 14371]
[New LWP 14370]
[New LWP 14372]
[New LWP 14375]
[New LWP 14377]
[New LWP 13801]
[New LWP 14309]
[New LWP 14343]
[New LWP 14339]
[New LWP 14313]
[New LWP 14344]
[New LWP 14312]
[New LWP 14337]
[New LWP 13806]
[New LWP 13811]
[New LWP 13820]
[New LWP 14378]
[New LWP 14376]
[New LWP 14366]
[New LWP 14338]
[New LWP 14322]
[New LWP 14300]
[New LWP 14268]
[New LWP 14267]
[New LWP 14263]
[New LWP 14254]
[New LWP 14253]
[New LWP 14239]
[New LWP 14187]
[New LWP 14059]
[New LWP 14055]
[New LWP 14030]
[New LWP 14000]
[New LWP 13921]
[New LWP 13920]
[New LWP 13910]
[New LWP 13905]
[New LWP 13904]
[New LWP 13896]
[New LWP 13836]
[New LWP 14359]
[New LWP 14358]
[New LWP 14315]
[New LWP 13786]
[New LWP 13102]
[New LWP 13799]
[New LWP 14259]
[New LWP 14257]
[New LWP 14255]
[New LWP 14248]
Core was generated by `/opt/usr/apps/com.samsung.tv.SmartThingsApp/bin/SmartThingsApp.dll '.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __GI_raise (sig=sig@entry=11) at ../sysdeps/unix/sysv/linux/raise.c:50
[Current thread is 1 (LWP 14355)]
(gdb)bt
#0 __GI_raise (sig=sig@entry=11) at /usr/src/debug/glibc-2.30-3.16.arm/signal/../sysdeps/unix/sysv/linux/raise.c:50
#1 0xb42dfb18 in onSigsegv (signum=11) at /usr/src/debug/dotnet-launcher-tv-plugin-6.0.95-1.arm/plugin/src/dotnet-signal-handler.cpp:76
#2 0xb3790a06 in invoke_previous_action (action=, code=11, siginfo=0xa41fbc88, context=0xa41fbd08, signalRestarts=true) at /usr/src/debug/coreclr-6.0.9-1.arm/src/coreclr/pal/src/exception/signal.cpp:415
#3 sigsegv_handler (code=11, siginfo=0xa41fbc88, context=0xa41fbd08) at /usr/src/debug/coreclr-6.0.9-1.arm/src/coreclr/pal/src/exception/signal.cpp:627
#4
#5 memcpy () at /usr/src/debug/glibc-2.30-3.16.arm/string/../sysdeps/arm/memcpy.S:108
#6 0xa402bd16 in memcpy (__len=3110400, __src=, __dest=) at /usr/include/bits/string_fortified.h:34
#7 sysmem_copy (mem=0x8b7bdde0, offset=, size=3110400) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/gst/gstallocator.c:486
#8 0xa4037286 in gst_buffer_copy_into (size=4953600, offset=0, flags=(GST_BUFFER_COPY_FLAGS | GST_BUFFER_COPY_TIMESTAMPS | GST_BUFFER_COPY_META | GST_BUFFER_COPY_MEMORY | GST_BUFFER_COPY_DEEP), src=0x8b7ddcc8, dest=0xaf5cbcf0) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/gst/gstbuffer.c:639
#9 gst_buffer_copy_into (dest=0xaf5cbcf0, src=0x8b7ddcc8, flags=(GST_BUFFER_COPY_FLAGS | GST_BUFFER_COPY_TIMESTAMPS | GST_BUFFER_COPY_META | GST_BUFFER_COPY_MEMORY | GST_BUFFER_COPY_DEEP), offset=0, size=) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/gst/gstbuffer.c:543
#10 0xa4037b5c in gst_buffer_copy_with_flags (buffer=0x8b7ddcc8, flags=(GST_BUFFER_COPY_FLAGS | GST_BUFFER_COPY_TIMESTAMPS | GST_BUFFER_COPY_META | GST_BUFFER_COPY_MEMORY | GST_BUFFER_COPY_DEEP)) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/gst/gstbuffer.c:744
#11 0xa36037f2 in gst_base_sink_drain (basesink=0xb3dcfee8) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/libs/gst/base/gstbasesink.c:6197
#12 0xa360b5c8 in gst_base_sink_default_query (basesink=0xb3dcfee8, query=0x8b7b1bd0) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/libs/gst/base/gstbasesink.c:6220
#13 0x9145318e in gst_fake_sink_query (bsink=, query=) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/plugins/elements/gstfakesink.c:617
#14 0xa406b842 in gst_pad_query (pad=pad@entry=0xb3dcbbb0, query=query@entry=0x8b7b1bd0) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/gst/gstpad.c:4225
#15 0xa406be52 in gst_pad_peer_query (pad=0xb3dcc708, query=query@entry=0x8b7b1bd0) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/gst/gstpad.c:4357
#16 0xa3204596 in gst_video_decoder_negotiate_pool (decoder=decoder@entry=0xb3dcc368, caps=) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gst-plugins-base/gst-libs/gst/video/gstvideodecoder.c:4363
#17 0xa3204aca in gst_video_decoder_negotiate_default (decoder=0xb3dcc368) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gst-plugins-base/gst-libs/gst/video/gstvideodecoder.c:4569
#18 0xa32088a4 in gst_video_decoder_negotiate (decoder=decoder@entry=0xb3dcc368) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gst-plugins-base/gst-libs/gst/video/gstvideodecoder.c:4610
#19 0x8e880dfc in gst_ffmpegviddec_negotiate (picture=, context=, ffmpegdec=0xb3dcc368) at /usr/src/debug/gst-ffmpeg-1.45.0.tv-74.arm/ext/ffmpeg/gstffmpegviddec.c:1749
#20 gst_ffmpegviddec_video_frame (ret=0xa7a85500, frame=, ffmpegdec=0xb3dcc368) at /usr/src/debug/gst-ffmpeg-1.45.0.tv-74.arm/ext/ffmpeg/gstffmpegviddec.c:2280
#21 gst_ffmpegviddec_frame (ffmpegdec=ffmpegdec@entry=0xb3dcc368, frame=frame@entry=0x8b7d9e90, ret=ret@entry=0x8421962c) at /usr/src/debug/gst-ffmpeg-1.45.0.tv-74.arm/ext/ffmpeg/gstffmpegviddec.c:2483
#22 0x8e8820e2 in gst_ffmpegviddec_handle_frame (decoder=0xb3dcc368, frame=0x8b7d9e90) at /usr/src/debug/gst-ffmpeg-1.45.0.tv-74.arm/ext/ffmpeg/gstffmpegviddec.c:2645
#23 0xa320a08e in gst_video_decoder_decode_frame (decoder=decoder@entry=0xb3dcc368, frame=frame@entry=0x8b7d9e90) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gst-plugins-base/gst-libs/gst/video/gstvideodecoder.c:4026
#24 0xa320a4fe in gst_video_decoder_chain_forward (decoder=decoder@entry=0xb3dcc368, buf=, buf@entry=0xa5fc7ce8, at_eos=at_eos@entry=0) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gst-plugins-base/gst-libs/gst/video/gstvideodecoder.c:2498
#25 0xa320c4fa in gst_video_decoder_chain (pad=, parent=0xb3dcc368, buf=0xa5fc7ce8) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gst-plugins-base/gst-libs/gst/video/gstvideodecoder.c:2840
#26 0xa4064dd0 in gst_pad_chain_data_unchecked (pad=pad@entry=0xa7a90358, type=type@entry=4112, data=, data@entry=0xa5fc7ce8) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/gst/gstpad.c:4486
#27 0xa4066a6a in gst_pad_push_data (pad=pad@entry=0xb3dcd868, type=type@entry=4112, data=data@entry=0xa5fc7ce8) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/gst/gstpad.c:4762
#28 0xa406c7c6 in gst_pad_push (pad=pad@entry=0xb3dcd868, buffer=0xa5fc7ce8) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/gst/gstpad.c:4881
#29 0xa361578e in gst_base_src_loop (pad=0xb3dcd868) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/libs/gst/base/gstbasesrc.c:3143
#30 0xa4093a7e in gst_task_func (task=0xb3dd0578) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/gst/gsttask.c:384
#31 0xb5d93ada in g_thread_pool_free (pool=0x36ab998, immediate=-1987151296, wait=-1430260240) at /usr/src/debug/glib2-2.80.5-0.arm/_build/../glib/gthreadpool.c:913
#32 0xaabff5f0 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb)bt full
#0 __GI_raise (sig=sig@entry=11) at /usr/src/debug/glibc-2.30-3.16.arm/signal/../sysdeps/unix/sysv/linux/raise.c:50
set = {_val = {0, 2, 808637559, 3183137896, 15, 3183137624, 3183137896, 0, 3022947500, 3183137792, 3183137944, 3183138164, 3053187216, 0, 3045093848, 4222451713, 3183137896, 3183137896, 520, 3183137896, 3183137898, 3183137911, 3183137896, 3183137911, 0, 0, 0, 0, 0, 0, 0, 0}}
pid =
tid =
ret =
#1 0xb42dfb18 in onSigsegv (signum=11) at /usr/src/debug/dotnet-launcher-tv-plugin-6.0.95-1.arm/plugin/src/dotnet-signal-handler.cpp:76
buffer = "DotNET onSigsegv called on com.samsung.tv.SmartThingsApp / video_appsrc-sr(7608)\n\000\360?\000\000\000\000\000\000\000\200\000\000\000\000\000\000\000\000<TUUUU\305?\000\000\372\376B.v\277\000\000\000\000\000\000\000\000\303?&\213+\000\360?,\252\333u\300\v#@\236\236\020\020\034\261d\277\211f\243\367U!\231?\361\323\330\203b\004@", '\000' <repeats 76 times>...
thread_name = "video_appsrc-sr", '\000' <repeats 21 times>, "\020\000\000@p\275\037\244\070\220!\204\234\220!\204\b\275\037\244\230\272\037\244\004\000\000\000\210\274\037\244\330\270\037\244\004\000\000\000\000\000\000\000\v\000\000\000\v\000 \000\v\000\000\000\210\274\037\244\b\275\037\244\260\272\037\244\070\220!\204\234\220!\204\b\275\037\244\070\220!\204\004\000\000\000\210\274\037\244\330\270\037\244\004\000\000\000\f\000\000\000\070\220!\204\037{\263q\ry\263\020\000\000@\021\000\000`\000\000\000\000", '\200' <repeats 32 times>, "\355R\222\221"...
ret =
#2 0xb3790a06 in invoke_previous_action (action=, code=11, siginfo=0xa41fbc88, context=0xa41fbd08, signalRestarts=true) at /usr/src/debug/coreclr-6.0.9-1.arm/src/coreclr/pal/src/exception/signal.cpp:415
No locals.
#3 sigsegv_handler (code=11, siginfo=0xa41fbc88, context=0xa41fbd08) at /usr/src/debug/coreclr-6.0.9-1.arm/src/coreclr/pal/src/exception/signal.cpp:627
No locals.
#4
No locals.
#5 memcpy () at /usr/src/debug/glibc-2.30-3.16.arm/string/../sysdeps/arm/memcpy.S:108
No locals.
#6 0xa402bd16 in memcpy (__len=3110400, __src=, __dest=) at /usr/include/bits/string_fortified.h:34
No locals.
#7 _sysmem_copy (mem=0x8b7bdde0, offset=, size=3110400) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/gst/gstallocator.c:486
copy = 0x7b86a008
func = "_sysmem_copy"
#8 0xa4037286 in gst_buffer_copy_into (size=4953600, offset=0, flags=(GST_BUFFER_COPY_FLAGS | GST_BUFFER_COPY_TIMESTAMPS | GST_BUFFER_COPY_META | GST_BUFFER_COPY_MEMORY | GST_BUFFER_COPY_DEEP), src=0x8b7ddcc8, dest=0xaf5cbcf0) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/gst/gstbuffer.c:639
newmem =
tocopy = 3110400
mem = 0x8b7bdde0
len = 2
dest_len = 0
i = 1
bsize =
deep = 32
skip =
left = 3110400
walk =
bufsize =
region =
sharing_mem = 0
walk =
bufsize =
region =
sharing_mem =
func = "gst_buffer_copy_into"
_g_boolean_var_25 =
_g_boolean_var_26 =
_g_boolean_var_27 =
_g_boolean_var_28 =
_g_boolean_var_29 =
_g_boolean_var_30 =
_g_boolean_var_31 =
flags_mask =
skip =
left =
len =
dest_len =
i =
bsize =
deep =
mem =
newmem =
tocopy =
mem =
deep =
meta =
info =
_g_boolean_var_32 =
_g_boolean_var_33 =
copy_data =
_g_boolean_var_34 =
#9 gst_buffer_copy_into (dest=0xaf5cbcf0, src=0x8b7ddcc8, flags=(GST_BUFFER_COPY_FLAGS | GST_BUFFER_COPY_TIMESTAMPS | GST_BUFFER_COPY_META | GST_BUFFER_COPY_MEMORY | GST_BUFFER_COPY_DEEP), offset=0, size=) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/gst/gstbuffer.c:543
walk =
bufsize =
func = "gst_buffer_copy_into"
_g_boolean_var_29 =
_g_boolean_var_30 =
_g_boolean_var_31 =
flags_mask =
skip =
left =
len =
dest_len =
i =
bsize =
deep =
mem =
newmem =
tocopy =
mem =
deep =
meta =
info =
_g_boolean_var_32 =
_g_boolean_var_33 =
copy_data =
_g_boolean_var_34 =
#10 0xa4037b5c in gst_buffer_copy_with_flags (buffer=0x8b7ddcc8, flags=(GST_BUFFER_COPY_FLAGS | GST_BUFFER_COPY_TIMESTAMPS | GST_BUFFER_COPY_META | GST_BUFFER_COPY_MEMORY | GST_BUFFER_COPY_DEEP)) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/gst/gstbuffer.c:744
copy = 0xaf5cbcf0
func = "gst_buffer_copy_with_flags"
#11 0xa36037f2 in gst_base_sink_drain (basesink=0xb3dcfee8) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/libs/gst/base/gstbasesink.c:6197
old = 0x8b7ddcc8
old_list =
#12 0xa360b5c8 in gst_base_sink_default_query (basesink=0xb3dcfee8, query=0x8b7b1bd0) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/libs/gst/base/gstbasesink.c:6220
res =
bclass =
func = "gst_base_sink_default_query"
#13 0x9145318e in gst_fake_sink_query (bsink=, query=) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/plugins/elements/gstfakesink.c:617
ret =
fmt =
#14 0xa406b842 in gst_pad_query (pad=pad@entry=0xb3dcbbb0, query=query@entry=0x8b7b1bd0) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/gst/gstpad.c:4225
parent = 0xb3dcfee8
res =
serialized =
func =
type = GST_PAD_PROBE_TYPE_QUERY_DOWNSTREAM
ret =
func = "gst_pad_query"
_g_boolean_var_280 =
_g_boolean_var_284 =
_g_boolean_var_286 =
_g_boolean_var_288 =
_g_boolean_var_289 =
_g_boolean_var_291 =
_g_boolean_var_293 =
#15 0xa406be52 in gst_pad_peer_query (pad=0xb3dcc708, query=query@entry=0x8b7b1bd0) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/gst/gstpad.c:4357
peerpad = 0xb3dcbbb0
type = GST_PAD_PROBE_TYPE_QUERY_DOWNSTREAM
res =
serialized =
ret =
func = "gst_pad_peer_query"
#16 0xa3204596 in gst_video_decoder_negotiate_pool (decoder=decoder@entry=0xb3dcc368, caps=) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gst-plugins-base/gst-libs/gst/video/gstvideodecoder.c:4363
klass = 0xaf5bb708
query = 0x8b7b1bd0
pool = 0x0
allocator = 0x8b7d9a30
params = {flags = GST_MEMORY_FLAG_ZERO_PADDED, align = 0, prefix = 0, padding = 2340264496, _gst_reserved = {0xb05da800, 0xa40c55c4, 0x1, 0xb3dcc368}}
ret = 1
func = "gst_video_decoder_negotiate_pool"
#17 0xa3204aca in gst_video_decoder_negotiate_default (decoder=0xb3dcc368) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gst-plugins-base/gst-libs/gst/video/gstvideodecoder.c:4569
state = 0x8b7d6c10
ret =
frame =
prevcaps = 0xaf55c4a0
incaps =
func = "gst_video_decoder_negotiate_default"
#18 0xa32088a4 in gst_video_decoder_negotiate (decoder=decoder@entry=0xb3dcc368) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gst-plugins-base/gst-libs/gst/video/gstvideodecoder.c:4610
klass =
ret = 1
func = "gst_video_decoder_negotiate"
#19 0x8e880dfc in gst_ffmpegviddec_negotiate (picture=, context=, ffmpegdec=0xb3dcc368) at /usr/src/debug/gst-ffmpeg-1.45.0.tv-74.arm/ext/ffmpeg/gstffmpegviddec.c:1749
in_info =
output_state = 0x8b7d6c10
fps_n =
latency =
sink_mimetype =
width =
height =
fmt =
out_info = 0x8b7d6c14
in_s = 0xa7a85500
fps_d =
version = 0
fmt =
in_info =
out_info =
output_state =
fps_n =
fps_d =
latency =
in_s =
sink_mimetype =
version =
width =
height =
func =
_g_boolean_var_86 =
_g_boolean_var_87 =
_g_boolean_var_88 =
_g_boolean_var_89 =
_g_boolean_var_90 =
_g_boolean_var_91 =
_g_boolean_var_92 =
_g_boolean_var_93 =
_g_boolean_var_94 =
_g_boolean_var_95 =
#20 gst_ffmpegviddec_video_frame (ret=0xa7a85500, frame=, ffmpegdec=0xb3dcc368) at /usr/src/debug/gst-ffmpeg-1.45.0.tv-74.arm/ext/ffmpeg/gstffmpegviddec.c:2280
out_dframe =
pool =
info =
res =
got_frame = 1
mode_switch =
out_frame = 0x8b7d9fc0
res =
got_frame =
mode_switch =
out_frame =
out_dframe =
pool =
info =
func =
_g_boolean_var_122 =
_g_boolean_var_123 =
_g_boolean_var_124 =
_g_boolean_var_125 =
_g_boolean_var_126 =
_g_boolean_var_127 =
_g_boolean_var_128 =
_g_boolean_var_129 =
_g_boolean_var_130 =
_g_boolean_var_131 =
_g_boolean_var_132 =
_g_boolean_var_133 =
in_info =
side_data =
stereo =
frame =
i =
cc_data =
_g_boolean_var_134 =
_g_boolean_var_135 =
_g_boolean_var_136 =
_g_boolean_var_137 =
_g_boolean_var_138 =
_g_boolean_var_139 =
_g_boolean_var_140 =
_g_boolean_var_141 =
_g_boolean_var_142 =
_g_boolean_var_143 =
_g_boolean_var_144 =
_g_boolean_var_145 =
_g_boolean_var_146 =
tmp =
vmeta =
info =
_g_boolean_var_147 =
_g_boolean_var_148 =
_g_boolean_var_149 =
_g_boolean_var_150 =
side_data =
cc_meta =
iter =
found_708_raw_meta =
_g_boolean_var_151 =
_g_boolean_var_152 =
_g_boolean_var_153 =
l =
ol =
dec =
old =
tmp =
_g_boolean_var_154 =
srccaps =
new_caps =
structure =
_g_boolean_var_155 =
par_dar =
_g_boolean_var_156 =
_g_boolean_var_157 =
_g_boolean_var_158 =
_g_boolean_var_159 =
_g_boolean_var_160 =
#21 gst_ffmpegviddec_frame (ffmpegdec=ffmpegdec@entry=0xb3dcc368, frame=frame@entry=0x8b7d9e90, ret=ret@entry=0x8421962c) at /usr/src/debug/gst-ffmpeg-1.45.0.tv-74.arm/ext/ffmpeg/gstffmpegviddec.c:2483
func = "gst_ffmpegviddec_frame"
_g_boolean_var_162 =
#22 0x8e8820e2 in gst_ffmpegviddec_handle_frame (decoder=0xb3dcc368, frame=0x8b7d9e90) at /usr/src/debug/gst-ffmpeg-1.45.0.tv-74.arm/ext/ffmpeg/gstffmpegviddec.c:2645
ffmpegdec = 0xb3dcc368
oclass =
data =
size =
got_frame =
minfo = {memory = 0xa5fdfd20, flags = GST_MAP_READ, data = 0xa5fdfd70 "", size = 350, maxsize = 353, user_data = {0xb3dcc2d8, 0xffffffff, 0xaf5bb708, 0x0}, _gst_reserved = {0xb5fcc2c0 <__GI___libc_malloc+348>, 0xc, 0xaf5c9430, 0xa40f88ec <_gst_debug_min>}}
ret = GST_FLOW_OK
packet = {buf = 0x0, pts = 0, dts = 0, data = 0x8b7c62f0 "", size = 350, stream_index = 0, flags = 0, side_data = 0x0, side_data_elems = 0, duration = 0, pos = 0, convergence_duration = 0, discontinuity_info = {discontinuous_flag = 0, audio_properties_changed = 0, timescale = 0, sample_rate = 0, channels = 0, extradata = 0x0, extradata_size = 0, bits_per_coded_sample = 0, block_align = 0, bit_rate = 0, engine_bitrate = 0, codec_tag = 0, codec_id = AV_CODEC_ID_NONE, discontinuousFlagSubtitle = 0, subtitle_index = 0}, user_flag = 0, skipped_rubbish_data = 0, psa_param = 0x0}
func = "gst_ffmpegviddec_handle_frame"
#23 0xa320a08e in gst_video_decoder_decode_frame (decoder=decoder@entry=0xb3dcc368, frame=frame@entry=0x8b7d9e90) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gst-plugins-base/gst-libs/gst/video/gstvideodecoder.c:4026
priv =
decoder_class = 0xaf5bb708
ret = GST_FLOW_OK
func = "gst_video_decoder_decode_frame"
#24 0xa320a4fe in gst_video_decoder_chain_forward (decoder=decoder@entry=0xb3dcc368, buf=, buf@entry=0xa5fc7ce8, at_eos=at_eos@entry=0) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gst-plugins-base/gst-libs/gst/video/gstvideodecoder.c:2498
frame = 0x8b7d9e90
was_keyframe =
priv = 0xb3dcc1d0
klass =
ret = GST_FLOW_OK
func = "gst_video_decoder_chain_forward"
#25 0xa320c4fa in gst_video_decoder_chain (pad=, parent=0xb3dcc368, buf=0xa5fc7ce8) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gst-plugins-base/gst-libs/gst/video/gstvideodecoder.c:2840
decoder = 0xb3dcc368
ret = GST_FLOW_OK
func = "gst_video_decoder_chain"
#26 0xa4064dd0 in gst_pad_chain_data_unchecked (pad=pad@entry=0xa7a90358, type=type@entry=4112, data=, data@entry=0xa5fc7ce8) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/gst/gstpad.c:4486
chainfunc = 0xa320c2d1 <gst_video_decoder_chain>
ret =
parent = 0xb3dcc368
handled = 0
func = "gst_pad_chain_data_unchecked"
_g_boolean_var_327 =
g_boolean_var_333 =
#27 0xa4066a6a in gst_pad_push_data (pad=pad@entry=0xb3dcd868, type=type@entry=4112, data=data@entry=0xa5fc7ce8) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/gst/gstpad.c:4762
peer = 0xa7a90358
ret = GST_FLOW_OK
handled = 0
func = "gst_pad_push_data"
#28 0xa406c7c6 in gst_pad_push (pad=pad@entry=0xb3dcd868, buffer=0xa5fc7ce8) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/gst/gstpad.c:4881
res =
func = "gst_pad_push"
#29 0xa361578e in gst_base_src_loop (pad=0xb3dcd868) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/libs/gst/base/gstbasesrc.c:3143
src = 0x898e8dd0
buf = 0xa5fc7ce8
ret =
position =
eos = 0
blocksize =
pending_events =
tmp =
func = "gst_base_src_loop"
#30 0xa4093a7e in gst_task_func (task=0xb3dd0578) at /usr/src/debug/gstreamer-1.22.8-1.arm/build/../subprojects/gstreamer/gst/gsttask.c:384
lock = 0xb3dcd8b4
tself = 0x89a7f030
priv = 0xb3dd0548
func = "gst_task_func"
#31 0xb5d93ada in g_thread_pool_free (pool=0x36ab998, immediate=-1987151296, wait=-1430260240) at /usr/src/debug/glib2-2.80.5-0.arm/_build/../glib/gthreadpool.c:913
real = 0x36ab998
func = "g_thread_pool_free"
#32 0xaabff5f0 in ?? ()
No symbol table info available.
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
#GDB_PC_Start#
$1 = 0xb5f87c20
#GDB_PC_End#
#GDB_LR_Start#
$2 = 0xa41fb760
#GDB_LR_End#
下面是我对这次崩溃(SIGSEGV)的快速“体检报告”和可执行的定位/止血方案。结论先行:在 gst_buffer_copy_into() 的一次深拷贝(basesink drain / last-sample)过程中,发生了对视频帧内存的非法 memcpy。堆栈与局部变量显示内存结构已被破坏(结构体字段被写成了指针值),高度怀疑是ABI/版本不匹配或插件越界导致的系统内存型 (GstSystemMemory) 复制崩溃。
- 现场证据(来自你贴的 bt / bt full)
触发点:
#5 memcpy -> #7 _sysmem_copy -> #8 gst_buffer_copy_into -> #11 gst_base_sink_drain -> #12 gst_base_sink_default_query -> #13 gst_fake_sink_query ...
这条链路说明:下游 sink(这里是 fakesink)在做 query / drain 时,对最后一帧(last-sample)做了深拷贝,结果在 memcpy 时崩了。
正在拷贝的大小:tocopy = 3110400。
这是 1920×1080 的 YUV420 (NV12/I420) 典型大小:1920×1080×1.5 = 3,110,400(确认无误)。
但同一帧调用里也出现了 size = 4,953,600(在其中一次 gst_buffer_copy_into() 的参数里能看到)。这不是常见的未对齐 stride 值(反常)。
单纯 stride=2560(对齐到256/512常见)时,NV12 总大小是 2560×1080×1.5 = 4,147,200;要到 4,953,600 需要一个奇怪的 stride≈3056。说明“视图尺寸/stride/plane信息”和“实际内存布局”之间可能不一致。
关键的“内存破坏”线索(致命):在
#16 gst_video_decoder_negotiate_pool 里打印的局部变量:
allocator = 0x8b7d9a30
params = { flags = GST_MEMORY_FLAG_ZERO_PADDED,
align = 0, prefix = 0,
padding = 2340264496, // ← 这数值巨大且异常
_gst_reserved = {0xb05da800, 0xa40c55c4, 0x1, 0xb3dcc368} }
其中 padding = 2340264496 非常异常(padding 应该是个很小的字节数,常为 0/几几十字节),而 2340264496 == 0x8B7D9A30,恰好等于上面的 allocator 指针值。
这几乎可以断定:某处把结构体的字段踩成了指针(典型的 ABI 不匹配 / 结构体大小不一致 / 越界写 / 未初始化内存被当作有效结构使用)。
参与者:gst-ffmpeg-1.45.0.tv-74.arm/ext/ffmpeg/gstffmpegviddec.c(厂商定制版),gstreamer-1.22.8,glibc-2.30。线程名 video_appsrc-sr,显示是你们的 appsrc 推流线程在跑。
结论:崩在 sink 的深拷贝,但元凶更可能在上游(解码器或之前)已经把内存/结构踩坏了。
- 更可能的根因(按概率排序)
ABI / 版本不匹配
你运行环境是 gstreamer-1.22.8,而视频解码插件来自 gst-ffmpeg-1.45.0.tv-74.arm(显然是供应商 fork)。
若插件是用与运行时不同的小版本头文件编出来,或者开了与运行时不同的编译选项(结构体对齐/packing/宏定义),就会出现结构体布局不一致,进而把诸如 GstAllocatorParams 等结构体字段打乱,把 padding 写成了 allocator 指针这样的典型事故。
这类问题高度吻合你现在看到的字段值。
插件或上游元素越界写 / 未正确设置 VideoMeta / stride / plane 信息
输出 GstBuffer 未携带正确的 GstVideoMeta 或 plane/stride 信息,或把 planar 数据当成线性内存,在后续深拷贝时 memcpy 走错总长度。
或者复用/释放了仍在使用的内存(pool 回收后仍被 last-sample 深拷贝访问)。
应用侧 appsrc 传的 caps/对齐/尺寸不一致(概率略低,因为崩点出现在 decode→sink 路径,且 mem=system memory)
如果你们上游是从非标准对齐的帧(带奇怪 stride)转换过来,且中途 meta 丢失或被误用,也会造成“看上去要拷 X 字节,实际只有 Y 字节”的 memcpy。
- 立刻可做的“止血”措施(不改源码也能验证/规避)
这些动作的目的:绕开 basesink 的“last-sample 深拷贝”,并强制一段更“保守/标准”的视频路径,看看是否不再崩溃,从而验证问题点。
禁用 sink 的 last-sample 深拷贝
给下游 fakesink 加:enable-last-sample=false(这行最关键)。
还可临时加上 sync=false 把同步影响排除(仅用于定位)。
如果你不是 fakesink,而是其他 sink,同理加上相应属性(很多基于 GstBaseSink 的元素都有 enable-last-sample)。
在 decoder 和 sink 之间插一段“规范化”链路
例如:... ! videoconvert ! videoscale ! video/x-raw,format=NV12, width=..., height=..., interlace-mode=progressive ! ...
目的:强制生成严格一致的 plane/stride/caps,避免 vendor 插件输出的“奇怪内存布局”直接落到 sink。
插入 identity check-live=true silent=false 看看是否会报错,以及在不改变内存的情况下跟踪 buffer 的生命周期(加日志)。
若按上面两点后崩溃消失,可以基本锁定:basesink 的深拷贝碰到了被破坏/不一致的内存。
- 必做的版本/ABI 健康检查(高价值)
在目标设备上跑:
gst-inspect-1.0 | grep -i ffmpeg / gst-inspect-1.0 | grep -i libav
确认用的到底是 gst-libav 还是 gst-ffmpeg fork,版本号、路径(和你堆栈里的一致吗)。
确认这套插件**是用同一个 GStreamer 头文件版本(1.22.x)**编的,并与运行时完全一致(小版本差异也可能踩雷)。
如果能做到:用同版本的 GStreamer SDK 重新干净编译这个 ffmpeg 插件,关闭不必要的 vendor patch 尝试一次。
运行时调试环境变量(能极大帮助定位):
export GST_DEBUG="GST_BUFFER:6,GST_MEMORY:6,gstbasesink:6,gstvideo*:6,ffmpeg*:6"
export GST_DEBUG_FILE=/tmp/gst-crash.log
export G_SLICE=always-malloc
export G_DEBUG=gc-friendly
export MALLOC_PERTURB_=153 # 或 123 等,帮助暴露越界
观察崩溃前的几帧:caps、stride、plane、buffer size、pool/allocator 以及 last-sample 的拷贝路径。
- 用 gdb/coredump 继续佐证“内存被踩”的快速命令
在 coredump 里(你已有符号信息):
看看崩点这一帧的 src/dest 指针和值是否像样
frame 8
p mem
p *mem
p mem->size
p mem->maxsize
p mem->data
x/32bx mem->data
看看目标新内存 newmem 的情况
p newmem
p *newmem
再回到 #16 看 negotiate_pool 的 params 是否总是异常
frame 16
p allocator
p params
如果你每次崩溃时 params.padding 都是一个“像指针”的巨大值(甚至等于 allocator),那就能非常自信地把锅指向 ABI/结构体踩踏。
- 如果必须继续运行:工程侧的临时规避组合(建议)
... ! ffmpegdec ! videoconvert ! videoscale ! capsfilter(标准NV12/对齐) ! queue max-size-buffers=1 leaky=downstream ! fakesink enable-last-sample=false sync=false
若你们不是用 fakesink,而是自己写的 sink(或 appsink):同样禁用 last-sample或避免在 query/drain 时做深拷贝。
- 根治路线(源码/打包层面)
统一 GStreamer 运行时与编译时版本
用 同一版本(例如 1.22.8 全家桶) 重新编译你们的 gst-ffmpeg(或改用 upstream gst-libav 对应小版本)。
检查编译选项(结构体对齐、交叉编译 ABI、-mfloat-abi/-mfpu 等)全部一致。
审查 gstffmpegviddec.c 的输出路径
确保为 planar 格式填充正确的 GstVideoMeta(stride/offset/plane),不要把多 plane 当作一块线性内存。
确保没有把 ffmpeg 的 AVFrame 直接用“错误大小”的 GstMemory 包装。
确保 buffer/pool 回收前不会被 “last-sample 深拷贝”再访问——如果可能,给输出加上 gst_buffer_make_writable 并复制必要元数据。
回退/替换插件验证
临时换成 upstream 的 gst-libav 相同小版本插件包测试(不带 vendor patch)。
如果问题消失,说明 vendor fork 有越界/ABI 问题;可用最小差异法逐步引入 patch 找元凶。
- 小结(一句话)
表象:在 GstBaseSink 深拷贝 last-sample 时 memcpy 崩溃。
铁证:GstAllocatorParams.padding 被写成了一个指针大小(等于 allocator 地址)。
高概率根因:gst-ffmpeg(vendor 版)与 GStreamer 运行时 ABI/结构体布局不匹配或插件越界写。
止血:禁用 enable-last-sample,插入 videoconvert/videoscale/capsfilter 规范化链路。
根治:统一版本重编插件/改用 upstream,同步检查 VideoMeta/plane/stride 的正确性。
需要我根据你当前的 pipeline 把“止血版命令/代码片段”直接改好(比如 .NET/Tizen 里如何设置 fakesink 属性、如何插 videoconvert / capsfilter),我就直接给到可粘贴的版本。