Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#5507 closed defect (needs_more_info)

ffplay crashes when decoding h265 over rtsp

Reported by: brunorosa Owned by:
Priority: important Component: avcodec
Version: git-master Keywords: crash SIGSEGV
Cc: michael Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Summary of the bug:
I was experimenting with lossless h265 encoding of x11grab device and streaming it to a local rtsp server. When opening said stream using ffplay, it sometimes crashes with segfault.
How to reproduce:

% ~/ffmpeg$ ./ffmpeg_g -f x11grab -s 800x600 -r 60 -i :0.0 -c:v libx265 -qp 0 -preset ultrafast -tune zerolatency -pix_fmt yuv444p -threads 0 -f rtsp rtsp://localhost:50005/teste.sdp -report
ffmpeg version N-79753-g3395ad4 Copyright (c) 2000-2016 the FFmpeg developers
  built with gcc 5.3.1 (Ubuntu 5.3.1-14ubuntu2) 20160413
  configuration: --enable-shared --enable-opencl --enable-libx264 --enable-gpl --enable-openssl --enable-nonfree --enable-libx265
  libavutil      55. 23.100 / 55. 23.100
  libavcodec     57. 38.100 / 57. 38.100
  libavformat    57. 36.100 / 57. 36.100
  libavdevice    57.  0.101 / 57.  0.101
  libavfilter     6. 44.100 /  6. 44.100
  libswscale      4.  1.100 /  4.  1.100
  libswresample   2.  0.101 /  2.  0.101
  libpostproc    54.  0.100 / 54.  0.100
Hyper fast Audio and Video encoder

ffplay version N-79753-g3395ad4 Copyright (c) 2003-2016 the FFmpeg developers
  built with gcc 5.3.1 (Ubuntu 5.3.1-14ubuntu2) 20160413
  configuration: --enable-shared --enable-opencl --enable-libx264 --enable-gpl --enable-openssl --enable-nonfree --enable-libx265
  libavutil      55. 23.100 / 55. 23.100
  libavcodec     57. 38.100 / 57. 38.100
  libavformat    57. 36.100 / 57. 36.100
  libavdevice    57.  0.101 / 57.  0.101
  libavfilter     6. 44.100 /  6. 44.100
  libswscale      4.  1.100 /  4.  1.100
  libswresample   2.  0.101 /  2.  0.101
  libpostproc    54.  0.100 / 54.  0.100
Simple media player
usage: ffplay [options] input_file
Valgrind/GDB output:
(gdb) r rtsp://192.168.1.36:50000/teste.sdp -report
Starting program: /home/brunorosa/ffmpeg/ffplay rtsp://192.168.1.36:50000/teste.sdp -report
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
ffplay started on 2016-05-04 at 00:45:00
Report written to "ffplay-20160504-004500.log"
ffplay version N-79753-g3395ad4 Copyright (c) 2003-2016 the FFmpeg developers
  built with gcc 5.3.1 (Ubuntu 5.3.1-14ubuntu2) 20160413
  configuration: --enable-shared --enable-opencl --enable-libx264 --enable-gpl --enable-openssl --enable-nonfree --enable-libx265
  libavutil      55. 23.100 / 55. 23.100
  libavcodec     57. 38.100 / 57. 38.100
  libavformat    57. 36.100 / 57. 36.100
  libavdevice    57.  0.101 / 57.  0.101
  libavfilter     6. 44.100 /  6. 44.100
  libswscale      4.  1.100 /  4.  1.100
  libswresample   2.  0.101 /  2.  0.101
  libpostproc    54.  0.100 / 54.  0.100
[New Thread 0x7fffed8d8700 (LWP 13449)]
[New Thread 0x7fffec0fe700 (LWP 13450)]
[New Thread 0x7fffe78fc700 (LWP 13451)]
[Thread 0x7fffe78fc700 (LWP 13451) exited]
[New Thread 0x7fffe78fc700 (LWP 13452)]
Input #0, rtsp, from 'rtsp://192.168.1.36:50000/teste.sdp': f=0/0   
  Metadata:
    title           : No Name
  Duration: N/A, start: 0.016667, bitrate: N/A
    Stream #0:0: Video: hevc (Rext), yuv444p(tv), 800x600, 60 fps, 60 tbr, 90k tbn
[New Thread 0x7fffeb8fd700 (LWP 13453)]
[New Thread 0x7fffeb0fc700 (LWP 13454)]
[New Thread 0x7fffea8fb700 (LWP 13455)]
[New Thread 0x7fffea0fa700 (LWP 13456)]
[New Thread 0x7fffe98f9700 (LWP 13457)]
[New Thread 0x7fffe90f8700 (LWP 13458)]
[New Thread 0x7fffe88f7700 (LWP 13459)]
[New Thread 0x7fffe70fb700 (LWP 13460)]
[New Thread 0x7fffe68fa700 (LWP 13461)]
[New Thread 0x7fffe60f9700 (LWP 13462)]
[hevc @ 0x7fffe007c960] Could not find ref with POC -117
[New Thread 0x7fffe51b7700 (LWP 13463)]
[New Thread 0x7fffe493f700 (LWP 13464)]
[New Thread 0x7fffb7fff700 (LWP 13465)]vq=   54KB sq=    0B f=0/0   
[New Thread 0x7fffb77fe700 (LWP 13466)]
[New Thread 0x7fffb6ffd700 (LWP 13467)]
[New Thread 0x7fffb67fc700 (LWP 13468)]
[New Thread 0x7fffb5ffb700 (LWP 13469)]
[New Thread 0x7fffb57fa700 (LWP 13470)]
[New Thread 0x7fffb4ff9700 (LWP 13471)]
[rtsp @ 0x7fffe0009280] max delay reached. need to consume packet   
[rtsp @ 0x7fffe0009280] RTP: missed 102 packets
   2.22 M-V:  0.019 fd=   0 aq=    0KB vq=    2KB sq=    0B f=0/0   
Thread 13 "ffplay" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffe70fb700 (LWP 13460)]
0x00007ffff5feb168 in ?? () from /usr/local/lib/libavcodec.so.57
(gdb) bt
#0  0x00007ffff5feb168 in ?? () from /usr/local/lib/libavcodec.so.57
#1  0x00007ffff5fdd7f4 in ?? () from /usr/local/lib/libavcodec.so.57
#2  0x00007ffff5fe5692 in ?? () from /usr/local/lib/libavcodec.so.57
#3  0x00007ffff5fe6426 in ?? () from /usr/local/lib/libavcodec.so.57
#4  0x00007ffff5fe6c8c in ?? () from /usr/local/lib/libavcodec.so.57
#5  0x00007ffff63da4e5 in avcodec_default_execute () from /usr/local/lib/libavcodec.so.57
#6  0x00007ffff5fe27fe in ?? () from /usr/local/lib/libavcodec.so.57
#7  0x00007ffff5fe2f99 in ?? () from /usr/local/lib/libavcodec.so.57
#8  0x00007ffff62c9d16 in ?? () from /usr/local/lib/libavcodec.so.57
#9  0x00007ffff48f86fa in start_thread (arg=0x7fffe70fb700) at pthread_create.c:333
#10 0x00007ffff462eb5d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x7ffff5feb148 to 0x7ffff5feb188:
   0x00007ffff5feb148:	shl    $0x11,%r10d
   0x00007ffff5feb14c:	add    %eax,%eax
   0x00007ffff5feb14e:	sub    %r10d,%eax
   0x00007ffff5feb151:	cltd   
   0x00007ffff5feb152:	and    %edx,%r10d
   0x00007ffff5feb155:	add    %r10d,%eax
   0x00007ffff5feb158:	inc    %edx
   0x00007ffff5feb15a:	test   %ax,%ax
   0x00007ffff5feb15d:	jne    0x7ffff5feb17e
   0x00007ffff5feb15f:	mov    0x18(%r8),%r10
   0x00007ffff5feb163:	sub    $0xffff,%eax
=> 0x00007ffff5feb168:	movzwl (%r10),%ecx
   0x00007ffff5feb16c:	bswap  %ecx
   0x00007ffff5feb16e:	shr    $0xf,%ecx
   0x00007ffff5feb171:	add    %ecx,%eax
   0x00007ffff5feb173:	cmp    0x20(%r8),%r10
   0x00007ffff5feb177:	jge    0x7ffff5feb17e
   0x00007ffff5feb179:	addq   $0x2,0x18(%r8)
   0x00007ffff5feb17e:	mov    %eax,(%r8)
   0x00007ffff5feb181:	add    $0x1,%edi
   0x00007ffff5feb184:	or     %edx,%esi
   0x00007ffff5feb186:	cmp    %r9d,%edi
End of assembler dump.

(gdb) info all-registers
rax            0x1	1
rbx            0x0	0
rcx            0x0	0
rdx            0x0	0
rsi            0x0	0
rdi            0xb	11
rbp            0x10	0x10
rsp            0x7fffe70fa6d0	0x7fffe70fa6d0
r8             0x7fffe010e530	140736952591664
r9             0x10	16
r10            0x7fffb8049000	140736280694784
r11            0x0	0
r12            0x7fffe010aee0	140736952577760
r13            0x0	0
r14            0x7fffe70fa800	140737069950976
r15            0x0	0
rip            0x7ffff5feb168	0x7ffff5feb168
eflags         0x10212	[ AF IF RF ]
cs             0x33	51
ss             0x2b	43
ds             0x0	0
es             0x0	0
fs             0x0	0
gs             0x0	0
st0            -nan(0x081818181)	(raw 0xffff0000000081818181)
st1            0	(raw 0x00000000000000000000)
st2            0	(raw 0x00000000000000000000)
st3            0	(raw 0x00000000000000000000)
---Type <return> to continue, or q <return> to quit---
st4            0	(raw 0x00000000000000000000)
st5            0	(raw 0x00000000000000000000)
st6            0	(raw 0x00000000000000000000)
st7            0	(raw 0x00000000000000000000)
fctrl          0x37f	895
fstat          0x0	0
ftag           0x5556	21846
fiseg          0x0	0
fioff          0x0	0
foseg          0x0	0
fooff          0x0	0
fop            0x0	0
mxcsr          0x1fa0	[ PE IM DM ZM OM UM PM ]
ymm0           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 
    0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
    0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm1           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 
    0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
    0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm2           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 
    0x0}, v32_int8 = {0x40, 0xb, 0x0, 0x0, 0x40, 0xb, 0x0, 0x0, 0x40, 0xb, 0x0, 0x0, 0x40, 0xb, 
    0x0 <repeats 18 times>}, v16_int16 = {0xb40, 0x0, 0xb40, 0x0, 0xb40, 0x0, 0xb40, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xb40, 0xb40, 0xb40, 0xb40, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0xb4000000b40, 0xb4000000b40, 0x0, 0x0}, v2_int128 = {
    0x00000b4000000b4000000b4000000b40, 0x00000000000000000000000000000000}}
ymm3           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 
---Type <return> to continue, or q <return> to quit---
    0x0}, v32_int8 = {0xb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb4, 0x0 <repeats 23 times>}, 
  v16_int16 = {0xb4, 0x0, 0x0, 0x0, 0xb4, 0x0 <repeats 11 times>}, v8_int32 = {0xb4, 0x0, 0xb4, 
    0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xb4, 0xb4, 0x0, 0x0}, v2_int128 = {
    0x00000000000000b400000000000000b4, 0x00000000000000000000000000000000}}
ymm4           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 
    0x0}, v32_int8 = {0xc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0, 0x0 <repeats 23 times>}, 
  v16_int16 = {0xc0, 0x0, 0x0, 0x0, 0xc0, 0x0 <repeats 11 times>}, v8_int32 = {0xc0, 0x0, 0xc0, 
    0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xc0, 0xc0, 0x0, 0x0}, v2_int128 = {
    0x00000000000000c000000000000000c0, 0x00000000000000000000000000000000}}
ymm5           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 
    0x0}, v32_int8 = {0xe5, 0xb, 0x0, 0x0, 0xee, 0xb, 0x0, 0x0, 0xf7, 0xb, 0x0, 0x0, 0x0, 0xc, 
    0x0 <repeats 18 times>}, v16_int16 = {0xbe5, 0x0, 0xbee, 0x0, 0xbf7, 0x0, 0xc00, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xbe5, 0xbee, 0xbf7, 0xc00, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0xbee00000be5, 0xc0000000bf7, 0x0, 0x0}, v2_int128 = {
    0x00000c0000000bf700000bee00000be5, 0x00000000000000000000000000000000}}
ymm6           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 
    0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
    0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm7           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 
    0x0}, v32_int8 = {0xb8, 0x0, 0xb8, 0x0, 0xb9, 0x0, 0xb9, 0x0, 0xb9, 0x0, 0xb9, 0x0, 0xba, 0x0, 
    0xba, 0x0 <repeats 17 times>}, v16_int16 = {0xb8, 0xb8, 0xb9, 0xb9, 0xb9, 0xb9, 0xba, 0xba, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xb800b8, 0xb900b9, 0xb900b9, 0xba00ba, 
    0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xb900b900b800b8, 0xba00ba00b900b9, 0x0, 0x0}, v2_int128 = {
    0x00ba00ba00b900b900b900b900b800b8, 0x00000000000000000000000000000000}}
ymm8           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 
    0x0}, v32_int8 = {0x25, 0x2, 0x0, 0x0, 0x6e, 0x1, 0x0, 0x0, 0xb7, 0x0 <repeats 23 times>}, 
  v16_int16 = {0x225, 0x0, 0x16e, 0x0, 0xb7, 0x0 <repeats 11 times>}, v8_int32 = {0x225, 0x16e, 
---Type <return> to continue, or q <return> to quit---
    0xb7, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x16e00000225, 0xb7, 0x0, 0x0}, v2_int128 = {
    0x00000000000000b70000016e00000225, 0x00000000000000000000000000000000}}
ymm9           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 
    0x0}, v32_int8 = {0xc1, 0xb, 0x0, 0x0, 0xca, 0xb, 0x0, 0x0, 0xd3, 0xb, 0x0, 0x0, 0xdc, 0xb, 
    0x0 <repeats 18 times>}, v16_int16 = {0xbc1, 0x0, 0xbca, 0x0, 0xbd3, 0x0, 0xbdc, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xbc1, 0xbca, 0xbd3, 0xbdc, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0xbca00000bc1, 0xbdc00000bd3, 0x0, 0x0}, v2_int128 = {
    0x00000bdc00000bd300000bca00000bc1, 0x00000000000000000000000000000000}}
ymm10          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 
    0x0}, v32_int8 = {0xc0, 0x3, 0x0, 0x0, 0x80, 0x4, 0x0, 0x0, 0x40, 0x5, 0x0, 0x0, 0x0, 0x6, 
    0x0 <repeats 18 times>}, v16_int16 = {0x3c0, 0x0, 0x480, 0x0, 0x540, 0x0, 0x600, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x3c0, 0x480, 0x540, 0x600, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x480000003c0, 0x60000000540, 0x0, 0x0}, v2_int128 = {
    0x000006000000054000000480000003c0, 0x00000000000000000000000000000000}}
ymm11          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 
    0x0}, v32_int8 = {0xb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbc, 0x0 <repeats 23 times>}, 
  v16_int16 = {0xb4, 0x0, 0x0, 0x0, 0xbc, 0x0 <repeats 11 times>}, v8_int32 = {0xb4, 0x0, 0xbc, 
    0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xb4, 0xbc, 0x0, 0x0}, v2_int128 = {
    0x00000000000000bc00000000000000b4, 0x00000000000000000000000000000000}}
ymm12          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 
    0x0}, v32_int8 = {0x40, 0xb, 0x0, 0x0, 0x40, 0xb, 0x0, 0x0, 0x40, 0xb, 0x0, 0x0, 0x40, 0xb, 
    0x0 <repeats 18 times>}, v16_int16 = {0xb40, 0x0, 0xb40, 0x0, 0xb40, 0x0, 0xb40, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xb40, 0xb40, 0xb40, 0xb40, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0xb4000000b40, 0xb4000000b40, 0x0, 0x0}, v2_int128 = {
    0x00000b4000000b4000000b4000000b40, 0x00000000000000000000000000000000}}
ymm13          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 
    0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {
---Type <return> to continue, or q <return> to quit---
    0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm14          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 
    0x0}, v32_int8 = {0x40, 0xb, 0x0, 0x0, 0x40, 0xb, 0x0, 0x0, 0x40, 0xb, 0x0, 0x0, 0x40, 0xb, 
    0x0 <repeats 18 times>}, v16_int16 = {0xb40, 0x0, 0xb40, 0x0, 0xb40, 0x0, 0xb40, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xb40, 0xb40, 0xb40, 0xb40, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0xb4000000b40, 0xb4000000b40, 0x0, 0x0}, v2_int128 = {
    0x00000b4000000b4000000b4000000b40, 0x00000000000000000000000000000000}}
ymm15          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 
    0x0}, v32_int8 = {0xb6, 0xb6, 0xb6, 0xb7, 0xb7, 0xb7, 0xb7, 0xb8, 0xb8, 0xb8, 0xb9, 0xb9, 0xb9, 
    0xb9, 0xba, 0xba, 0x0 <repeats 16 times>}, v16_int16 = {0xb6b6, 0xb7b6, 0xb7b7, 0xb8b7, 0xb8b8, 
    0xb9b9, 0xb9b9, 0xbaba, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xb7b6b6b6, 
    0xb8b7b7b7, 0xb9b9b8b8, 0xbabab9b9, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xb8b7b7b7b7b6b6b6, 
    0xbabab9b9b9b9b8b8, 0x0, 0x0}, v2_int128 = {0xbabab9b9b9b9b8b8b8b7b7b7b7b6b6b6, 
    0x00000000000000000000000000000000}}

~/ffmpeg$ valgrind ./ffplay_g rtsp://192.168.1.36:50000/teste.sdp
==13493== Memcheck, a memory error detector
==13493== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==13493== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==13493== Command: ./ffplay_g rtsp://192.168.1.36:50000/teste.sdp
==13493== 

vex: the `impossible' happened:
   isZeroU
vex storage: T total 583134840 bytes allocated
vex storage: P total 640 bytes allocated

valgrind: the 'impossible' happened:
   LibVEX called failure_exit().

host stacktrace:
==13493==    at 0x38083F48: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==13493==    by 0x38084064: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==13493==    by 0x380842A1: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==13493==    by 0x380842CA: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==13493==    by 0x3809F682: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==13493==    by 0x38148008: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==13493==    by 0x3815514D: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==13493==    by 0x38159272: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==13493==    by 0x38159EA6: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==13493==    by 0x3815BD68: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==13493==    by 0x3815CDB6: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==13493==    by 0x38145DEC: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==13493==    by 0x380A1C0B: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==13493==    by 0x380D296B: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==13493==    by 0x380D45CF: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==13493==    by 0x380E3946: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable (lwpid 13493)
==13493==    at 0x93784E0: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==13493==    by 0x93576FF: EC_POINT_mul (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==13493==    by 0xF3957EF: ???
==13493==    by 0xF39274F: ???
==13493==    by 0x39E3B12062737FF: ???
==13493==    by 0xF3923FF: ???
==13493==    by 0x935FE47: EC_KEY_check_key (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==13493==    by 0x9360260: EC_KEY_set_public_key_affine_coordinates (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==13493==    by 0x9419882: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==13493==    by 0x941537F: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==13493==    by 0x9414A33: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==13493==    by 0x92E870C: FIPS_mode_set (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==13493==    by 0x92E4F89: OPENSSL_init_library (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==13493==    by 0x40104E9: call_init.part.0 (dl-init.c:72)
==13493==    by 0x40105FA: call_init (dl-init.c:30)
==13493==    by 0x40105FA: _dl_init (dl-init.c:120)
==13493==    by 0x4000CF9: ??? (in /lib/x86_64-linux-gnu/ld-2.23.so)
==13493==    by 0x1: ???
==13493==    by 0xFFF000142: ???
==13493==    by 0xFFF00014D: ???


Note: see also the FAQ in the source distribution.
It contains workarounds to several common problems.
In particular, if Valgrind aborted or crashed after
identifying problems in your program, there's a good chance
that fixing those problems will prevent Valgrind aborting or
crashing, especially if it happened in m_mallocfree.c.

If that doesn't help, please report this bug to: www.valgrind.org

In the bug report, send all the above text, the valgrind
version, and what OS and version you are using.  Thanks.



Patches should be submitted to the ffmpeg-devel mailing list and not this bug tracker.

Attachments (3)

ffmpeg-20160504-005734.log (159.0 KB) - added by brunorosa 3 years ago.
ffmpeg report
ffplay-20160504-005748.log (96.5 KB) - added by brunorosa 3 years ago.
ffplay report
ffplay-20160504-082636.log (87.6 KB) - added by brunorosa 3 years ago.
Updated ffplay log

Download all attachments as: .zip

Change History (13)

Changed 3 years ago by brunorosa

ffmpeg report

Changed 3 years ago by brunorosa

ffplay report

comment:1 Changed 3 years ago by cehoyos

  • Component changed from ffplay to avcodec
  • Keywords crash SIGSEGV added
  • Priority changed from normal to important

The backtrace you posted is missing all necessary information due to stripping: Please recompile, ideally without --enable-shared.

comment:2 Changed 3 years ago by brunorosa

For some reason, ffplay_g is still crashing/making valgrind crash even before the streaming starts.

brunorosa@ubuntu16:~/ffmpeg$ valgrind ./ffplay_g rtsp:/192.168.1.36:50000/teste.sdp
==11160== Memcheck, a memory error detector
==11160== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==11160== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==11160== Command: ./ffplay_g rtsp:/192.168.1.36:50000/teste.sdp
==11160== 

vex: the `impossible' happened:
   isZeroU
vex storage: T total 583637816 bytes allocated
vex storage: P total 640 bytes allocated

valgrind: the 'impossible' happened:
   LibVEX called failure_exit().

host stacktrace:
==11160==    at 0x38083F48: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==11160==    by 0x38084064: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==11160==    by 0x380842A1: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==11160==    by 0x380842CA: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==11160==    by 0x3809F682: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==11160==    by 0x38148008: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==11160==    by 0x3815514D: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==11160==    by 0x38159272: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==11160==    by 0x38159EA6: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==11160==    by 0x3815BD68: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==11160==    by 0x3815CDB6: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==11160==    by 0x38145DEC: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==11160==    by 0x380A1C0B: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==11160==    by 0x380D296B: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==11160==    by 0x380D45CF: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)
==11160==    by 0x380E3946: ??? (in /usr/lib/valgrind/memcheck-amd64-linux)

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable (lwpid 11160)
==11160==    at 0x5D624E0: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==11160==    by 0x5D416FF: EC_POINT_mul (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==11160==    by 0xC879CDF: ???
==11160==    by 0xC876C3F: ???
==11160==    by 0x5EFBE2E40845D4FF: ???
==11160==    by 0xC8768EF: ???
==11160==    by 0x5D49E47: EC_KEY_check_key (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==11160==    by 0x5D4A260: EC_KEY_set_public_key_affine_coordinates (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==11160==    by 0x5E03882: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==11160==    by 0x5DFF37F: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==11160==    by 0x5DFEA33: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==11160==    by 0x5CD270C: FIPS_mode_set (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==11160==    by 0x5CCEF89: OPENSSL_init_library (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==11160==    by 0x40104E9: call_init.part.0 (dl-init.c:72)
==11160==    by 0x40105FA: call_init (dl-init.c:30)
==11160==    by 0x40105FA: _dl_init (dl-init.c:120)
==11160==    by 0x4000CF9: ??? (in /lib/x86_64-linux-gnu/ld-2.23.so)
==11160==    by 0x1: ???
==11160==    by 0xFFF000142: ???
==11160==    by 0xFFF00014D: ???


Note: see also the FAQ in the source distribution.
It contains workarounds to several common problems.
In particular, if Valgrind aborted or crashed after
identifying problems in your program, there's a good chance
that fixing those problems will prevent Valgrind aborting or
crashing, especially if it happened in m_mallocfree.c.

If that doesn't help, please report this bug to: www.valgrind.org

In the bug report, send all the above text, the valgrind
version, and what OS and version you are using.  Thanks.

Backtrace

Thread 8 "ffplay_g" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffed417700 (LWP 11201)]
0x0000000000925cce in get_cabac_bypass_x86 (c=0x7fffe40c55f0) at libavcodec/x86/cabac.h:264
264	    __asm__ volatile(
(gdb) bt
#0  0x0000000000925cce in get_cabac_bypass_x86 (c=0x7fffe40c55f0) at libavcodec/x86/cabac.h:264
#1  coeff_sign_flag_decode (nb=<optimized out>, s=<optimized out>) at libavcodec/hevc_cabac.c:1002
#2  ff_hevc_hls_residual_coding (s=0x7fffe40c1fa0, x0=<optimized out>, y0=<optimized out>, log2_trafo_size=4, scan_idx=SCAN_DIAG, c_idx=0) at libavcodec/hevc_cabac.c:1384
#3  0x0000000000916bf0 in hls_transform_unit (cbf_cr=0x7fffed416940, cbf_cb=0x7fffed416930, cbf_luma=<optimized out>, blk_idx=0, log2_trafo_size=4, log2_cb_size=4, cb_yBase=272, cb_xBase=272, yBase=272, 
    xBase=720, y0=272, x0=272, s=0x7fffe40c1fa0) at libavcodec/hevc.c:1019
#4  hls_transform_tree (s=s@entry=0x7fffe40c1fa0, x0=x0@entry=720, y0=y0@entry=272, xBase=xBase@entry=720, yBase=yBase@entry=272, cb_xBase=cb_xBase@entry=720, cb_yBase=272, log2_cb_size=4, 
    log2_trafo_size=4, trafo_depth=0, blk_idx=0, base_cbf_cb=0x1393710 <cbf>, base_cbf_cr=0x1393710 <cbf>) at libavcodec/hevc.c:1253
#5  0x000000000091f393 in hls_coding_unit (s=s@entry=0x7fffe40c1fa0, x0=x0@entry=720, y0=y0@entry=272, log2_cb_size=log2_cb_size@entry=4) at libavcodec/hevc.c:2142
#6  0x0000000000920106 in hls_coding_quadtree (s=0x7fffe40c1fa0, x0=720, y0=272, log2_cb_size=4, cb_depth=<optimized out>) at libavcodec/hevc.c:2239
#7  0x0000000000920d08 in hls_coding_quadtree (cb_depth=0, log2_cb_size=<optimized out>, y0=256, x0=704, s=0x7fffe40c1fa0) at libavcodec/hevc.c:2224
#8  hls_decode_entry (avctxt=<optimized out>, isFilterThread=<optimized out>) at libavcodec/hevc.c:2344
#9  0x0000000000cc6b05 in avcodec_default_execute (c=0x7fffe40c1800, func=0x920700 <hls_decode_entry>, arg=<optimized out>, ret=<optimized out>, count=<optimized out>, size=4) at libavcodec/utils.c:990
#10 0x000000000091c53c in hls_slice_data (s=0x7fffe40c1fa0) at libavcodec/hevc.c:2371
#11 decode_nal_unit (nal=0x7fffd80008c0, s=0x7fffe40c1fa0) at libavcodec/hevc.c:2828
#12 decode_nal_units (s=s@entry=0x7fffe40c1fa0, buf=<optimized out>, length=length@entry=113652) at libavcodec/hevc.c:2885
#13 0x000000000091ccc1 in hevc_decode_frame (avctx=0x7fffe40c1800, data=0x7fffe40c1ca0, got_output=0x7fffe407f020, avpkt=0x7fffe407efc0) at libavcodec/hevc.c:2989
#14 0x0000000000bc85d6 in frame_worker_thread (arg=0x7fffe407eec0) at libavcodec/pthread_frame.c:146
#15 0x00007ffff52456fa in start_thread (arg=0x7fffed417700) at pthread_create.c:333
#16 0x00007ffff4f7bb5d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Register disassembly

(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x925cae to 0x925cee:
   0x0000000000925cae <ff_hevc_hls_residual_coding+7614>:	shl    $0x11,%r10d
   0x0000000000925cb2 <ff_hevc_hls_residual_coding+7618>:	add    %eax,%eax
   0x0000000000925cb4 <ff_hevc_hls_residual_coding+7620>:	sub    %r10d,%eax
   0x0000000000925cb7 <ff_hevc_hls_residual_coding+7623>:	cltd   
   0x0000000000925cb8 <ff_hevc_hls_residual_coding+7624>:	and    %edx,%r10d
   0x0000000000925cbb <ff_hevc_hls_residual_coding+7627>:	add    %r10d,%eax
   0x0000000000925cbe <ff_hevc_hls_residual_coding+7630>:	inc    %edx
   0x0000000000925cc0 <ff_hevc_hls_residual_coding+7632>:	test   %ax,%ax
   0x0000000000925cc3 <ff_hevc_hls_residual_coding+7635>:	jne    0x925ce4 <ff_hevc_hls_residual_coding+7668>
   0x0000000000925cc5 <ff_hevc_hls_residual_coding+7637>:	mov    0x18(%rdi),%r10
   0x0000000000925cc9 <ff_hevc_hls_residual_coding+7641>:	sub    $0xffff,%eax
=> 0x0000000000925cce <ff_hevc_hls_residual_coding+7646>:	movzwl (%r10),%ecx
   0x0000000000925cd2 <ff_hevc_hls_residual_coding+7650>:	bswap  %ecx
   0x0000000000925cd4 <ff_hevc_hls_residual_coding+7652>:	shr    $0xf,%ecx
   0x0000000000925cd7 <ff_hevc_hls_residual_coding+7655>:	add    %ecx,%eax
   0x0000000000925cd9 <ff_hevc_hls_residual_coding+7657>:	cmp    0x20(%rdi),%r10
   0x0000000000925cdd <ff_hevc_hls_residual_coding+7661>:	jge    0x925ce4 <ff_hevc_hls_residual_coding+7668>
   0x0000000000925cdf <ff_hevc_hls_residual_coding+7663>:	addq   $0x2,0x18(%rdi)
   0x0000000000925ce4 <ff_hevc_hls_residual_coding+7668>:	mov    %eax,(%rdi)
   0x0000000000925ce6 <ff_hevc_hls_residual_coding+7670>:	add    $0x1,%r8d
   0x0000000000925cea <ff_hevc_hls_residual_coding+7674>:	or     %edx,%esi
   0x0000000000925cec <ff_hevc_hls_residual_coding+7676>:	cmp    %r9d,%r8d
End of assembler dump.
(gdb)

Register info

(gdb) info all-registers
rax            0x1	1
rbx            0x0	0
rcx            0x0	0
rdx            0x0	0
rsi            0x0	0
rdi            0x7fffe40c55f0	140737019401712
rbp            0x0	0x0
rsp            0x7fffed4166f0	0x7fffed4166f0
r8             0x1	1
r9             0x10	16
r10            0x7fffd804f000	140736817590272
r11            0x8	8
r12            0x0	0
r13            0x10	16
r14            0xf	15
r15            0x7fffe40c1fa0	140737019387808
rip            0x925cce	0x925cce <ff_hevc_hls_residual_coding+7646>
eflags         0x10212	[ AF IF RF ]
cs             0x33	51
ss             0x2b	43
ds             0x0	0
es             0x0	0
fs             0x0	0
gs             0x0	0
st0            -nan(0x083838383)	(raw 0xffff0000000083838383)
st1            -nan(0x8080808080808080)	(raw 0xffff8080808080808080)
st2            0	(raw 0x00000000000000000000)
st3            0	(raw 0x00000000000000000000)
st4            0	(raw 0x00000000000000000000)
st5            0	(raw 0x00000000000000000000)
st6            0	(raw 0x00000000000000000000)
st7            0	(raw 0x00000000000000000000)
fctrl          0x37f	895
fstat          0x0	0
ftag           0x555a	21850
fiseg          0x0	0
fioff          0x0	0
foseg          0x0	0
fooff          0x0	0
fop            0x0	0
mxcsr          0x1fa0	[ PE IM DM ZM OM UM PM ]
ymm0           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm1           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm2           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xaf, 0xb3, 0xb2, 0xb1 <repeats 13 times>, 0x0 <repeats 16 times>}, v16_int16 = {
    0xb3af, 0xb1b2, 0xb1b1, 0xb1b1, 0xb1b1, 0xb1b1, 0xb1b1, 0xb1b1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xb1b2b3af, 0xb1b1b1b1, 0xb1b1b1b1, 0xb1b1b1b1, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0xb1b1b1b1b1b2b3af, 0xb1b1b1b1b1b1b1b1, 0x0, 0x0}, v2_int128 = {0xb1b1b1b1b1b1b1b1b1b1b1b1b1b2b3af, 0x00000000000000000000000000000000}}
ymm3           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x1, 0x0, 0x0, 0x1, 0x0 <repeats 27 times>}, v16_int16 = {0x100, 0x0, 0x1, 
    0x0 <repeats 13 times>}, v8_int32 = {0x100, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x100000100, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000100000100, 
    0x00000000000000000000000000000000}}
ymm4           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xb8, 0xb1, 0xb1, 0xb2, 0xb0, 0xb2, 0xb1, 0xb1, 0xb1, 0xb1, 0xb1, 0xb1, 0xb1, 0xb1, 
    0xb1, 0xb1, 0x0 <repeats 16 times>}, v16_int16 = {0xb1b8, 0xb2b1, 0xb2b0, 0xb1b1, 0xb1b1, 0xb1b1, 0xb1b1, 0xb1b1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xb2b1b1b8, 0xb1b1b2b0, 
    0xb1b1b1b1, 0xb1b1b1b1, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xb1b1b2b0b2b1b1b8, 0xb1b1b1b1b1b1b1b1, 0x0, 0x0}, v2_int128 = {0xb1b1b1b1b1b1b1b1b1b1b2b0b2b1b1b8, 0x00000000000000000000000000000000}}
ymm5           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm6           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm7           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x44, 0x0, 0x44, 0x0, 0x44, 0x0, 0x44, 0x0, 0x44, 0x0, 0x44, 0x0, 0x44, 0x0, 0x45, 
    0x0 <repeats 17 times>}, v16_int16 = {0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x45, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x440044, 0x440044, 0x440044, 0x450044, 0x0, 0x0, 0x0, 
    0x0}, v4_int64 = {0x44004400440044, 0x45004400440044, 0x0, 0x0}, v2_int128 = {0x00450044004400440044004400440044, 0x00000000000000000000000000000000}}
---Type <return> to continue, or q <return> to quit---
ymm8           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xcc, 0x0, 0x0, 0x0, 0x88, 0x0, 0x0, 0x0, 0x44, 0x0 <repeats 23 times>}, v16_int16 = {
    0xcc, 0x0, 0x88, 0x0, 0x44, 0x0 <repeats 11 times>}, v8_int32 = {0xcc, 0x88, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x88000000cc, 0x44, 0x0, 0x0}, v2_int128 = {
    0x000000000000004400000088000000cc, 0x00000000000000000000000000000000}}
ymm9           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x49, 0x4, 0x0, 0x0, 0x4a, 0x4, 0x0, 0x0, 0x4b, 0x4, 0x0, 0x0, 0x4c, 0x4, 
    0x0 <repeats 18 times>}, v16_int16 = {0x449, 0x0, 0x44a, 0x0, 0x44b, 0x0, 0x44c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x449, 0x44a, 0x44b, 0x44c, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x44a00000449, 0x44c0000044b, 0x0, 0x0}, v2_int128 = {0x0000044c0000044b0000044a00000449, 0x00000000000000000000000000000000}}
ymm10          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x59, 0x1, 0x0, 0x0, 0x9e, 0x1, 0x0, 0x0, 0xe3, 0x1, 0x0, 0x0, 0x28, 0x2, 
    0x0 <repeats 18 times>}, v16_int16 = {0x159, 0x0, 0x19e, 0x0, 0x1e3, 0x0, 0x228, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x159, 0x19e, 0x1e3, 0x228, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x19e00000159, 0x228000001e3, 0x0, 0x0}, v2_int128 = {0x00000228000001e30000019e00000159, 0x00000000000000000000000000000000}}
ymm11          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0 <repeats 23 times>}, v16_int16 = {
    0x44, 0x0, 0x0, 0x0, 0x44, 0x0 <repeats 11 times>}, v8_int32 = {0x44, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x44, 0x44, 0x0, 0x0}, v2_int128 = {0x00000000000000440000000000000044, 
    0x00000000000000000000000000000000}}
ymm12          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x40, 0x4, 0x0, 0x0, 0x40, 0x4, 0x0, 0x0, 0x40, 0x4, 0x0, 0x0, 0x40, 0x4, 
    0x0 <repeats 18 times>}, v16_int16 = {0x440, 0x0, 0x440, 0x0, 0x440, 0x0, 0x440, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x440, 0x440, 0x440, 0x440, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x44000000440, 0x44000000440, 0x0, 0x0}, v2_int128 = {0x00000440000004400000044000000440, 0x00000000000000000000000000000000}}
ymm13          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm14          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x40, 0x4, 0x0, 0x0, 0x40, 0x4, 0x0, 0x0, 0x40, 0x4, 0x0, 0x0, 0x40, 0x4, 
    0x0 <repeats 18 times>}, v16_int16 = {0x440, 0x0, 0x440, 0x0, 0x440, 0x0, 0x440, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x440, 0x440, 0x440, 0x440, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x44000000440, 0x44000000440, 0x0, 0x0}, v2_int128 = {0x00000440000004400000044000000440, 0x00000000000000000000000000000000}}
ymm15          {v8_float = {0x311, 0x311, 0x311, 0xc44, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x44 <repeats 15 times>, 0x45, 
    0x0 <repeats 16 times>}, v16_int16 = {0x4444, 0x4444, 0x4444, 0x4444, 0x4444, 0x4444, 0x4444, 0x4544, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x44444444, 0x44444444, 0x44444444, 
    0x45444444, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x4444444444444444, 0x4544444444444444, 0x0, 0x0}, v2_int128 = {0x45444444444444444444444444444444, 0x00000000000000000000000000000000}}
(gdb) 
Version 0, edited 3 years ago by brunorosa (next)

Changed 3 years ago by brunorosa

Updated ffplay log

comment:3 Changed 3 years ago by brunorosa

I've updated the log report for ffplay, but couldn't upload ffmpeg's log since I left it running for too long and its size exceed the limit. I can make a shorter run later today (T+12h or so).

comment:4 Changed 3 years ago by brunorosa

  • Summary changed from ffplay crashes when decoding lossless h265 over rtsp to ffplay crashes when decoding h265 over rtsp

comment:5 Changed 3 years ago by michael

  • Cc michael added

Can this be reproduced with a public rtsp stream or what needs to be done to reproduce it locally ?

comment:6 Changed 3 years ago by brunorosa

comment:7 follow-up: Changed 3 years ago by michael

Does this occur only with RTSP or also if you store the stream and play that ?

comment:8 in reply to: ↑ 7 Changed 3 years ago by brunorosa

Replying to michael:

Does this occur only with RTSP or also if you store the stream and play that ?

(sorry for the very late answer, michael)

As far as I recall, I've only tested it with RTSP.

However, today I tried to reproduce the bug, but it wasn't possible. Was it a fixed bug from an external dependecy (e.g. libx265), maybe?

comment:9 follow-up: Changed 3 years ago by cehoyos

  • Resolution set to needs_more_info
  • Status changed from new to closed

libx265 is not involved according to your backtrace (and cannot be used with ffplay).
Since no stream was provided that allows to reproduce and since it now works for you, I suggest to leave this ticket closed.

comment:10 in reply to: ↑ 9 Changed 3 years ago by brunorosa

Replying to cehoyos:

libx265 is not involved according to your backtrace (and cannot be used with ffplay).
Since no stream was provided that allows to reproduce and since it now works for you, I suggest to leave this ticket closed.

Sure, no problem! If I manage to reproduce it again (and hope not) I will let you know.

Thanks for the quick responses.

Note: See TracTickets for help on using tickets.