NvJPEGEncoder::encodeFromBuffer trigger segmentation fault

Robotics & Edge Computing Jetson & Embedded Systems Jetson Orin Nano
,
1

Hi,

We are using Jetson Orin Nano and jetpack 5.1.3.

We have multiple threads creating multiple nvjpegencoder objects. But it occasionally triggers sigfault. The destination array is statically allocated and quite large. We did not find any evidence of relocation. Using a mutex to prevent encoding nesting does not help either.

Would you mind sharing some suggestions to further troubleshooting?

Here is the error message

 Thread 1 "nano" received signal SIGSEGV, Segmentation fault.
 __memcpy_generic () at ../sysdeps/aarch64/multiarch/../memcpy.S:199
 199     ../sysdeps/aarch64/multiarch/../memcpy.S: No such file or directory.
 (gdb) bt
 #0  __memcpy_generic () at ../sysdeps/aarch64/multiarch/../memcpy.S:199
 #1  0x0000fffff7f77cdc in jpeg_write_raw_data ()
    from /usr/lib/aarch64-linux-gnu/tegra/libnvjpeg.so
 #2  0x0000aaaaaaad87b4 in NvJPEGEncoder::encodeFromBuffer(NvBuffer&, J_COLOR_SPACE, unsigned char**, unsigned long&, int) ()
 #3  0x0000aaaaaaac5c2c in CroppingModule::compressCroppedImageJPG (
     this=0xffffd9b98010,
     rgbaCroppedBuffer=0xaaaabbc58210 "48+\377\071>4\377:?7\377\066;2\377\070<3\377<@7\377;?5\377\070;4\377\071<7\377:=9\377\066\071\066\377\060\064\061\377\060\064\061\377/2,\377*+\"\377*+ \377%(\031\377\031\035\t\377\035!\025\377\"%\026\377')\030\377+,!\377'(\037\377-/)\377\067:7\377<@?\377?CC\377>CB\377@GD\377BF@\377IKA\377KL@\377II;\377JJ=\377JJ>\377IJ?\377JLB\377JK?\377GG9\377HI<\377MOC\377MNB\377NNB\377MMA\377II=\377HH<\377MMA\377NMC\377IH?\377BB6\377"..., croppedImgWidth=1174,
     croppedImgHeight=1124)
     at /home/sh/ws/springhouse_rig35-nano/src/croppingModule.cpp:375
 #4  0x0000aaaaaaac4d60 in CroppingModule::cropImages (this=0xffffd9b98010,
     cameraCount=5)
     at /home/sh/ws/springhouse_rig35-nano/src/croppingModule.cpp:187
 #5  0x0000aaaaaaacbf08 in NanoCore::run (this=0xffffffffed38)
     at /home/sh/ws/springhouse_rig35-nano/src/nanoCore.cpp:321
 #6  0x0000aaaaaaad1fbc in main (argc=5, argv=0xffffffffefa8)
     at /home/sh/ws/springhouse_rig35-nano/nano.cpp:31
3

Hi,
Please share a patch to 05_jpeg_encode sample. So that we can set up developer kit to reproduce the issue, and investigate further.

4

Thank you, we will try to recreate the issue.

5

Hi DaneLLL.

It seems related to input image size. On our 5.1.3 Orin Nano, some resolution will trigger the error. (Version: 5.1.3-b29)

We’ve iterated all resolutions combinations between 1000 * 850 and 1200 * 950. It seems a smaller width will not have the issue.

Here is code we created to compress the image and it would take 2 parameters as width and height, then try to compress a black image. The binary complied on Nano can run on a Orin AGX without crash (Version: 6.0-b52). The zip package include minimal source code to trigger the bug, compile objects and binary, with a python script to do brutal search for crash.

jpgcompression_nvidia.zip (79.7 KB)

Here are all crash resolution on our setup.

invalidResults [(1026, 914), (1026, 916), (1026, 918), (1026, 920), (1028, 914), (1028, 916), (1028, 918), (1028, 920), (1030, 914), (1030, 916), (1030, 918), (1030, 920), (1032, 914), (1032, 916), (1032, 918), (1032, 920), (1034, 914), (1034, 916), (1034, 918), (1034, 920), (1036, 914), (1036, 916), (1036, 918), (1036, 920), (1038, 914), (1038, 916), (1038, 918), (1038, 920), (1040, 914), (1040, 916), (1040, 918), (1040, 920), (1042, 914), (1042, 916), (1042, 918), (1042, 920), (1044, 914), (1044, 916), (1044, 918), (1044, 920), (1046, 914), (1046, 916), (1046, 918), (1046, 920), (1048, 914), (1048, 916), (1048, 918), (1048, 920), (1050, 914), (1050, 916), (1050, 918), (1050, 920), (1052, 914), (1052, 916), (1052, 918), (1052, 920), (1054, 914), (1054, 916), (1054, 918), (1054, 920), (1056, 914), (1056, 916), (1056, 918), (1056, 920), (1058, 914), (1058, 916), (1058, 918), (1058, 920), (1060, 914), (1060, 916), (1060, 918), (1060, 920), (1062, 914), (1062, 916), (1062, 918), (1062, 920), (1064, 914), (1064, 916), (1064, 918), (1064, 920), (1066, 914), (1066, 916), (1066, 918), (1066, 920), (1068, 914), (1068, 916), (1068, 918), (1068, 920), (1070, 914), (1070, 916), (1070, 918), (1070, 920), (1072, 914), (1072, 916), (1072, 918), (1072, 920), (1074, 914), (1074, 916), (1074, 918), (1074, 920), (1076, 914), (1076, 916), (1076, 918), (1076, 920), (1078, 914), (1078, 916), (1078, 918), (1078, 920), (1080, 914), (1080, 916), (1080, 918), (1080, 920), (1082, 914), (1082, 916), (1082, 918), (1082, 920), (1084, 914), (1084, 916), (1084, 918), (1084, 920), (1086, 914), (1086, 916), (1086, 918), (1086, 920), (1088, 914), (1088, 916), (1088, 918), (1088, 920), (1090, 914), (1090, 916), (1090, 918), (1090, 920), (1092, 914), (1092, 916), (1092, 918), (1092, 920), (1094, 914), (1094, 916), (1094, 918), (1094, 920), (1096, 914), (1096, 916), (1096, 918), (1096, 920), (1098, 914), (1098, 916), (1098, 918), (1098, 920), (1100, 914), (1100, 916), (1100, 918), (1100, 920), (1102, 914), (1102, 916), (1102, 918), (1102, 920), (1104, 914), (1104, 916), (1104, 918), (1104, 920), (1106, 914), (1106, 916), (1106, 918), (1106, 920), (1108, 914), (1108, 916), (1108, 918), (1108, 920), (1110, 914), (1110, 916), (1110, 918), (1110, 920), (1112, 914), (1112, 916), (1112, 918), (1112, 920), (1114, 914), (1114, 916), (1114, 918), (1114, 920), (1116, 914), (1116, 916), (1116, 918), (1116, 920), (1118, 914), (1118, 916), (1118, 918), (1118, 920), (1120, 914), (1120, 916), (1120, 918), (1120, 920), (1122, 914), (1122, 916), (1122, 918), (1122, 920), (1124, 914), (1124, 916), (1124, 918), (1124, 920), (1126, 914), (1126, 916), (1126, 918), (1126, 920), (1128, 914), (1128, 916), (1128, 918), (1128, 920), (1130, 914), (1130, 916), (1130, 918), (1130, 920), (1132, 914), (1132, 916), (1132, 918), (1132, 920), (1134, 914), (1134, 916), (1134, 918), (1134, 920), (1136, 914), (1136, 916), (1136, 918), (1136, 920), (1138, 914), (1138, 916), (1138, 918), (1138, 920), (1140, 914), (1140, 916), (1140, 918), (1140, 920), (1142, 914), (1142, 916), (1142, 918), (1142, 920), (1144, 914), (1144, 916), (1144, 918), (1144, 920), (1146, 914), (1146, 916), (1146, 918), (1146, 920), (1148, 914), (1148, 916), (1148, 918), (1148, 920), (1150, 914), (1150, 916), (1150, 918), (1150, 920), (1152, 914), (1152, 916), (1152, 918), (1152, 920), (1154, 914), (1154, 916), (1154, 918), (1154, 920), (1156, 914), (1156, 916), (1156, 918), (1156, 920), (1158, 914), (1158, 916), (1158, 918), (1158, 920), (1160, 914), (1160, 916), (1160, 918), (1160, 920), (1162, 914), (1162, 916), (1162, 918), (1162, 920), (1164, 914), (1164, 916), (1164, 918), (1164, 920), (1166, 914), (1166, 916), (1166, 918), (1166, 920), (1168, 914), (1168, 916), (1168, 918), (1168, 920), (1170, 914), (1170, 916), (1170, 918), (1170, 920), (1172, 914), (1172, 916), (1172, 918), (1172, 920), (1174, 914), (1174, 916), (1174, 918), (1174, 920), (1176, 914), (1176, 916), (1176, 918), (1176, 920), (1178, 914), (1178, 916), (1178, 918), (1178, 920), (1180, 914), (1180, 916), (1180, 918), (1180, 920), (1182, 914), (1182, 916), (1182, 918), (1182, 920), (1184, 914), (1184, 916), (1184, 918), (1184, 920), (1186, 914), (1186, 916), (1186, 918), (1186, 920), (1188, 914), (1188, 916), (1188, 918), (1188, 920), (1190, 914), (1190, 916), (1190, 918), (1190, 920), (1192, 914), (1192, 916), (1192, 918), (1192, 920), (1194, 914), (1194, 916), (1194, 918), (1194, 920), (1196, 914), (1196, 916), (1196, 918), (1196, 920), (1198, 914), (1198, 916), (1198, 918), (1198, 920)]

6

Hi,
Please ensure you allocate outputImageBuffer to width*height*1.5 bytes. And the value of outputImageBufferSize is correct while calling encodeFromBuffer().

7

Hi DaneLLL,

We’ve verified

    int mallocSize = imgWidth * imgHeight * 3 / 2;
    pOutputImageBuffer = (unsigned char*)malloc(mallocSize);
    outputImageBufferSize = mallocSize;

    int ret = jpegencoder->encodeFromBuffer(*nvbuffer, JCS_YCbCr, &pOutputImageBuffer, outputImageBufferSize, 50);

does not work either when imgWidth=1150, imgHeight=918.

8

Hi,
Please try the default sample and see if the issue is still present:

/usr/src/jetson_multimedia_api/samples/05_jpeg_encode

And may try encodeFromFd()

9

Yes the sample code does crash

dd if=/dev/zero of=blank_1050_920_file.bin bs=1 count=$((1050 * 920 * 3 / 2))
gdb --arg ./jpeg_encode blank_1050_920_file.bin 1050 920 out.jpg --encode-buffer

It crash in the same way.

10

Hi,
It looks specific to the resolution and set --encode-buffer. Please try --encode-fd

12

Yes, yesterday we tried not using any parameter and the output is a green jpg image.

So we did think this is a bug in encodeFromBuffer.

13

Hi,
After some investigation, the segment fault occurs while copying data to NvBufSurface. encodeFromBuffer() works like:

allocate_nvbufsurface;
Raw2NvBufSurface();
encodeFromFd();

We need some time to check further. As a quick solution, we suggest call the NvBufSurface APIs and call encodeFromFd(). This works identically to encodeFromBuffer().

15

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.