Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

#1692 closed defect (fixed)

Using atempo filter causes segfault with AVX

Reported by: Takis Issaris Owned by:
Priority: important Component: avfilter
Version: git-master Keywords: avx crash SIGSEGV atempo
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: yes

Description

Summary of the bug:
Using the atempo filter causes a segmentation fault.

How to reproduce:

./audiogen original.wav
% ffmpeg -i original.wav -af atempo=0.8 test.wav
ffmpeg version N-43928-g60924df Copyright (c) 2000-2012 the FFmpeg developers
  built on Aug 27 2012 14:19:01 with gcc 4.6 (Ubuntu/Linaro 4.6.3-1ubuntu5)
  configuration: --enable-avfilter --enable-frei0r --enable-gpl --enable-libfaac --enable-libmp3lame --enable-libschroedinger --enable-libspeex --enable-libtheora --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libxvid --enable-nonfree --enable-pic --enable-pthreads --enable-shared --enable-version3 --enable-x11grab
  libavutil      51. 70.100 / 51. 70.100
  libavcodec     54. 54.100 / 54. 54.100
  libavformat    54. 25.104 / 54. 25.104
  libavdevice    54.  2.100 / 54.  2.100
  libavfilter     3. 13.101 /  3. 13.101
  libswscale      2.  1.101 /  2.  1.101
  libswresample   0. 15.100 /  0. 15.100
  libpostproc    52.  0.100 / 52.  0.100
[wav @ 0x2172240] max_analyze_duration 5000000 reached at 5015510
Guessed Channel Layout for  Input Stream #0.0 : mono
Input #0, wav, from 'original.wav':
  Duration: 00:00:06.00, bitrate: 705 kb/s
    Stream #0:0: Audio: pcm_s16le ([1][0][0][0] / 0x0001), 44100 Hz, mono, s16, 705 kb/s
File 'test.wav' already exists. Overwrite ? [y/N] y
Output #0, wav, to 'test.wav':
  Metadata:
    encoder         : Lavf54.25.104
    Stream #0:0: Audio: pcm_s16le ([1][0][0][0] / 0x0001), 44100 Hz, mono, s16, 705 kb/s
Stream mapping:
  Stream #0:0 -> #0:0 (pcm_s16le -> pcm_s16le)
Press [q] to stop, [?] for help
Segmentation fault (core dumped)

Change History (21)

comment:1 by Cigaes, 12 years ago

Works for me with current git head. If it still happens for you, can you be more specific about your environment (looks like Ubuntu: 32 or 64 bits) and produce a valgrind backtrace (using ffmpeg_g and no shared libraries)?

comment:2 by Takis Issaris, 12 years ago

(gdb) r -y -i audiogen.wav -af atempo=0.8 asdf.wav
Starting program: /usr/local/src/ff/ffmpeg.org/build-gcc/ffmpeg_g -y -i audiogen.wav -af atempo=0.8 asdf.wav
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
ffmpeg version N-43928-g60924df Copyright (c) 2000-2012 the FFmpeg developers

built on Aug 27 2012 14:19:01 with gcc 4.6 (Ubuntu/Linaro 4.6.3-1ubuntu5)
configuration: --enable-avfilter --enable-frei0r --enable-gpl --enable-libfaac --enable-libmp3lame --enable-libschroedinger --enable-libspeex --enable-libtheora --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libxvid --enable-nonfree --enable-pic --enable-pthreads --enable-shared --enable-version3 --enable-x11grab
libavutil 51. 70.100 / 51. 70.100
libavcodec 54. 54.100 / 54. 54.100
libavformat 54. 25.104 / 54. 25.104
libavdevice 54. 2.100 / 54. 2.100
libavfilter 3. 13.101 / 3. 13.101
libswscale 2. 1.101 / 2. 1.101
libswresample 0. 15.100 / 0. 15.100
libpostproc 52. 0.100 / 52. 0.100

[wav @ 0x632240] max_analyze_duration 5000000 reached at 5015510
Guessed Channel Layout for Input Stream #0.0 : stereo
Input #0, wav, from 'audiogen.wav':

Duration: 00:00:06.00, bitrate: 1411 kb/s

Stream #0:0: Audio: pcm_s16le ([1][0][0][0] / 0x0001), 44100 Hz, stereo, s16, 1411 kb/s

Output #0, wav, to 'asdf.wav':

Metadata:

encoder : Lavf54.25.104
Stream #0:0: Audio: pcm_s16le ([1][0][0][0] / 0x0001), 44100 Hz, stereo, s16, 1411 kb/s

Stream mapping:

Stream #0:0 -> #0:0 (pcm_s16le -> pcm_s16le)

Press [q] to stop, ? for help

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6c691d0 in ?? () from /usr/local/lib/libavcodec.so.54
(gdb) bt
#0 0x00007ffff6c691d0 in ?? () from /usr/local/lib/libavcodec.so.54
#1 0x00007ffff6c69315 in ?? () from /usr/local/lib/libavcodec.so.54
#2 0x00007ffff6c69d15 in ?? () from /usr/local/lib/libavcodec.so.54
#3 0x00007ffff6c69d55 in ?? () from /usr/local/lib/libavcodec.so.54
#4 0x00007ffff6c69d95 in ?? () from /usr/local/lib/libavcodec.so.54
#5 0x00007ffff6c69dd5 in ?? () from /usr/local/lib/libavcodec.so.54
#6 0x00007ffff6c69e15 in ?? () from /usr/local/lib/libavcodec.so.54
#7 0x00007ffff6c6a185 in ?? () from /usr/local/lib/libavcodec.so.54
#8 0x00007ffff6c699d0 in ?? () from /usr/local/lib/libavcodec.so.54
#9 0x00007ffff6b20fdb in ?? () from /usr/local/lib/libavcodec.so.54
#10 0x00007ffff793d673 in ?? () from /usr/local/lib/libavfilter.so.3
#11 0x00007ffff794149b in ?? () from /usr/local/lib/libavfilter.so.3
#12 0x00007ffff7946f4d in ?? () from /usr/local/lib/libavfilter.so.3
#13 0x00007ffff7947176 in av_buffersrc_add_ref () from /usr/local/lib/libavfilter.so.3
#14 0x00007ffff79472e8 in av_buffersrc_add_frame () from /usr/local/lib/libavfilter.so.3
#15 0x0000000000417aa3 in decode_audio (got_output=0x7fffffffd70c, pkt=0x7fffffffd600, ist=0x71b3c0)

at /usr/local/src/ff/ffmpeg.org/ffmpeg.c:1524

#16 output_packet (ist=<optimized out>, pkt=<optimized out>) at /usr/local/src/ff/ffmpeg.org/ffmpeg.c:1753
#17 0x00000000004188d9 in process_input (file_index=<optimized out>) at /usr/local/src/ff/ffmpeg.org/ffmpeg.c:2818
#18 0x0000000000407512 in transcode_step () at /usr/local/src/ff/ffmpeg.org/ffmpeg.c:2914
#19 transcode () at /usr/local/src/ff/ffmpeg.org/ffmpeg.c:2966
#20 main (argc=<optimized out>, argv=<optimized out>) at /usr/local/src/ff/ffmpeg.org/ffmpeg.c:3146
(gdb)

comment:3 by Takis Issaris, 12 years ago

Valgrind shows no errors:

/usr/local/src/ff/ffmpeg.org/tests$ valgrind ../build-gcc/ffmpeg_g -y -i audiogen.wav -af atempo=0.8 asdfasd.wav
==27154== Memcheck, a memory error detector
==27154== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==27154== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==27154== Command: ../build-gcc/ffmpeg_g -y -i audiogen.wav -af atempo=0.8 asdfasd.wav
==27154==
ffmpeg version N-43928-g60924df Copyright (c) 2000-2012 the FFmpeg developers

built on Aug 27 2012 14:19:01 with gcc 4.6 (Ubuntu/Linaro 4.6.3-1ubuntu5)
configuration: --enable-avfilter --enable-frei0r --enable-gpl --enable-libfaac --enable-libmp3lame --enable-libschroedinger --enable-libspeex --enable-libtheora --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libxvid --enable-nonfree --enable-pic --enable-pthreads --enable-shared --enable-version3 --enable-x11grab
libavutil 51. 70.100 / 51. 70.100
libavcodec 54. 54.100 / 54. 54.100
libavformat 54. 25.104 / 54. 25.104
libavdevice 54. 2.100 / 54. 2.100
libavfilter 3. 13.101 / 3. 13.101
libswscale 2. 1.101 / 2. 1.101
libswresample 0. 15.100 / 0. 15.100
libpostproc 52. 0.100 / 52. 0.100

[wav @ 0xd6c1380] max_analyze_duration 5000000 reached at 5015510
Guessed Channel Layout for Input Stream #0.0 : stereo
Input #0, wav, from 'audiogen.wav':

Duration: 00:00:06.00, bitrate: 1411 kb/s

Stream #0:0: Audio: pcm_s16le ([1][0][0][0] / 0x0001), 44100 Hz, stereo, s16, 1411 kb/s

Output #0, wav, to 'asdfasd.wav':

Metadata:

encoder : Lavf54.25.104
Stream #0:0: Audio: pcm_s16le ([1][0][0][0] / 0x0001), 44100 Hz, stereo, s16, 1411 kb/s

Stream mapping:

Stream #0:0 -> #0:0 (pcm_s16le -> pcm_s16le)

Press [q] to stop, ? for help
size= 1291kB time=00:00:07.49 bitrate=1411.2kbits/s
video:0kB audio:1291kB subtitle:0 global headers:0kB muxing overhead 0.003480%
==27154==
==27154== HEAP SUMMARY:
==27154== in use at exit: 0 bytes in 0 blocks
==27154== total heap usage: 4,677 allocs, 4,677 frees, 5,608,663 bytes allocated
==27154==
==27154== All heap blocks were freed -- no leaks are possible
==27154==
==27154== For counts of detected and suppressed errors, rerun with: -v
==27154== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2)

comment:4 by Cigaes, 12 years ago

The gdb backtrace you show was produced using dynamically-linked installed libraries: they lack the debugging symbols, and therefore the backtrace is unusable.

Can you find the exact revision of the libraries installed in /usr/local/lib? Running a recent ffmpeg binary with older libraries should not cause a segfault, but developers are not always as careful as when using the same version.

comment:5 by Takis Issaris, 12 years ago

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
ffmpeg version N-43943-g4f92d31 Copyright (c) 2000-2012 the FFmpeg developers

built on Aug 28 2012 13:23:13 with gcc 4.6 (Ubuntu/Linaro 4.6.3-1ubuntu5)
configuration: --enable-avfilter --enable-frei0r --enable-gpl --enable-libfaac --enable-libmp3lame --enable-libschroedinger --enable-libspeex --enable-libtheora --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libxvid --enable-nonfree --enable-pic --enable-pthreads --disable-shared --enable-static --enable-version3 --enable-x11grab --disable-optimizations
libavutil 51. 70.100 / 51. 70.100
libavcodec 54. 54.100 / 54. 54.100
libavformat 54. 25.104 / 54. 25.104
libavdevice 54. 2.100 / 54. 2.100
libavfilter 3. 13.101 / 3. 13.101
libswscale 2. 1.101 / 2. 1.101
libswresample 0. 15.100 / 0. 15.100
libpostproc 52. 0.100 / 52. 0.100

[wav @ 0x1760240] max_analyze_duration 5000000 reached at 5015510
Guessed Channel Layout for Input Stream #0.0 : stereo
Input #0, wav, from '../tests/audiogen.wav':

Duration: 00:00:06.00, bitrate: 1411 kb/s

Stream #0:0: Audio: pcm_s16le ([1][0][0][0] / 0x0001), 44100 Hz, stereo, s16, 1411 kb/s

Output #0, wav, to 'asdf.wav':

Metadata:

encoder : Lavf54.25.104
Stream #0:0: Audio: pcm_s16le ([1][0][0][0] / 0x0001), 44100 Hz, stereo, s16, 1411 kb/s

Stream mapping:

Stream #0:0 -> #0:0 (pcm_s16le -> pcm_s16le)

Press [q] to stop, ? for help

Program received signal SIGSEGV, Segmentation fault.
fft16_avx () at /usr/local/src/ff/ffmpeg.org/libavcodec/x86/fft_mmx.asm:321
321 mova m2, Z(2)

comment:6 by Takis Issaris, 12 years ago

(gdb) bt
#0 fft16_avx () at /usr/local/src/ff/ffmpeg.org/libavcodec/x86/fft_mmx.asm:321
#1 0x0000000000b59e75 in fft32_avx () at /usr/local/src/ff/ffmpeg.org/libavcodec/x86/fft_mmx.asm:358
#2 0x0000000000b5a875 in fft64_avx () at /usr/local/src/ff/ffmpeg.org/libavcodec/x86/fft_mmx.asm:799
#3 0x0000000000b5a8b5 in fft128_avx () at /usr/local/src/ff/ffmpeg.org/libavcodec/x86/fft_mmx.asm:799
#4 0x0000000000b5a8f5 in fft256_avx () at /usr/local/src/ff/ffmpeg.org/libavcodec/x86/fft_mmx.asm:799
#5 0x0000000000b5a935 in fft512_avx () at /usr/local/src/ff/ffmpeg.org/libavcodec/x86/fft_mmx.asm:799
#6 0x0000000000b5a975 in fft1024_avx () at /usr/local/src/ff/ffmpeg.org/libavcodec/x86/fft_mmx.asm:799
#7 0x0000000000b5ace5 in fft2048_interleave_avx () at /usr/local/src/ff/ffmpeg.org/libavcodec/x86/fft_mmx.asm:800
#8 0x0000000000b5a530 in ff_fft_calc_avx () at /usr/local/src/ff/ffmpeg.org/libavcodec/x86/fft_mmx.asm:575
#9 0x00000000009b3436 in ff_rdft_calc_c (s=0x1814200, data=0x18678d0)

at /usr/local/src/ff/ffmpeg.org/libavcodec/rdft.c:69

#10 0x0000000000605ddd in av_rdft_calc (s=0x1814200, data=0x18678d0)

at /usr/local/src/ff/ffmpeg.org/libavcodec/avfft.c:106

#11 0x000000000049ca55 in yae_apply (atempo=0x1766fa0, src_ref=0x7fffffffd3f0, src_end=0x1886ce0 "",

dst_ref=0x1767078, dst_end=0x1888320 "") at /usr/local/src/ff/ffmpeg.org/libavfilter/af_atempo.c:815

#12 0x000000000049d286 in filter_samples (inlink=0x1814060, src_buffer=0x1886e20)

at /usr/local/src/ff/ffmpeg.org/libavfilter/af_atempo.c:1066

#13 0x0000000000453e3d in ff_filter_samples_framed (link=0x1814060, samplesref=0x1886e20)

at /usr/local/src/ff/ffmpeg.org/libavfilter/audio.c:214

#14 0x0000000000453efe in ff_filter_samples (link=0x1814060, samplesref=0x1886e20)

at /usr/local/src/ff/ffmpeg.org/libavfilter/audio.c:229

#15 0x000000000045d35b in request_frame (link=0x1814060) at /usr/local/src/ff/ffmpeg.org/libavfilter/buffersrc.c:384
#16 0x000000000045c9c1 in av_buffersrc_add_ref (s=0x17e9800, buf=0x1886e20, flags=4)

at /usr/local/src/ff/ffmpeg.org/libavfilter/buffersrc.c:152

#17 0x000000000045c67c in av_buffersrc_add_frame (buffer_src=0x17e9800, frame=0x1884a40, flags=4)

at /usr/local/src/ff/ffmpeg.org/libavfilter/buffersrc.c:91

#18 0x000000000043e9f3 in decode_audio (ist=0x18493c0, pkt=0x7fffffffd780, got_output=0x7fffffffd838)

at /usr/local/src/ff/ffmpeg.org/ffmpeg.c:1524

#19 0x000000000043fcb0 in output_packet (ist=0x18493c0, pkt=0x7fffffffd8e0)
---Type <return> to continue, or q <return> to quit---

at /usr/local/src/ff/ffmpeg.org/ffmpeg.c:1753

#20 0x0000000000444a7a in process_input (file_index=0) at /usr/local/src/ff/ffmpeg.org/ffmpeg.c:2818
#21 0x0000000000444e0c in transcode_step () at /usr/local/src/ff/ffmpeg.org/ffmpeg.c:2914
#22 0x0000000000444f26 in transcode () at /usr/local/src/ff/ffmpeg.org/ffmpeg.c:2966
#23 0x000000000044551c in main (argc=7, argv=0x7fffffffdfa8) at /usr/local/src/ff/ffmpeg.org/ffmpeg.c:3146

comment:7 by Takis Issaris, 12 years ago

(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0xb59d10 to 0xb59d50:
   0x0000000000b59d10 <fft8_avx+112>:	vblendps $0x55,%ymm0,%ymm4,%ymm0
   0x0000000000b59d16 <fft8_avx+118>:	vsubps %ymm0,%ymm3,%ymm1
   0x0000000000b59d1a <fft8_avx+122>:	vaddps %ymm0,%ymm3,%ymm0
   0x0000000000b59d1e <fft8_avx+126>:	vmovaps %ymm0,(%rdi)
   0x0000000000b59d22 <fft8_avx+130>:	vmovaps %ymm1,0x20(%rdi)
   0x0000000000b59d27 <fft8_avx+135>:	retq   
   0x0000000000b59d28 <fft8_avx+136>:	nopl   0x0(%rax,%rax,1)
=> 0x0000000000b59d30 <fft16_avx+0>:	vmovaps 0x40(%rdi),%ymm2
   0x0000000000b59d35 <fft16_avx+5>:	vmovaps 0x60(%rdi),%ymm3
   0x0000000000b59d3a <fft16_avx+10>:	vsubps %ymm3,%ymm2,%ymm7
   0x0000000000b59d3e <fft16_avx+14>:	vaddps %ymm3,%ymm2,%ymm2
   0x0000000000b59d42 <fft16_avx+18>:	vxorps 0x347196(%rip),%ymm7,%ymm7        # 0xea0ee0 <ps_p1p1m1p1>
   0x0000000000b59d4a <fft16_avx+26>:	vshufps $0xbe,%ymm7,%ymm2,%ymm3
   0x0000000000b59d4f <fft16_avx+31>:	vshufps $0x44,%ymm7,%ymm2,%ymm2
End of assembler dump.

comment:8 by Takis Issaris, 12 years ago

(gdb) info all-registers
rax            0x18678d0	25589968
rbx            0x1000	4096
rcx            0xb59ca0	11902112
rdx            0xb5ace0	11906272
rsi            0xb	11
rdi            0x18678d0	25589968
rbp            0x7fffffffd370	0x7fffffffd370
rsp            0x7fffffffd2c8	0x7fffffffd2c8
r8             0x1764b20	24529696
r9             0x1873920	25639200
r10            0x0	0
r11            0x7ffff426db1d	140737289575197
r12            0x42cb00	4377344
r13            0x7fffffffdfa0	140737488347040
r14            0x0	0
r15            0x0	0
rip            0xb59d30	0xb59d30 <fft16_avx>
eflags         0x10202	[ IF RF ]
cs             0x33	51
ss             0x2b	43
ds             0x0	0
es             0x0	0
fs             0x0	0
gs             0x0	0
st0            0	(raw 0x00000000000000000000)
st1            0	(raw 0x00000000000000000000)
st2            0	(raw 0x00000000000000000000)
st3            0	(raw 0x00000000000000000000)
st4            0	(raw 0x00000000000000000000)
---Type <return> to continue, or q <return> to quit---
st5            0	(raw 0x00000000000000000000)
st6            0	(raw 0x00000000000000000000)
st7            0	(raw 0x00000000000000000000)
fctrl          0x37f	895
fstat          0x0	0
ftag           0xffff	65535
fiseg          0x0	0
fioff          0x0	0
foseg          0x0	0
fooff          0x0	0
fop            0x0	0
mxcsr          0x1fa0	[ PE IM DM ZM OM UM PM ]
ymm0           {v8_float = {0x0, 0x0, 0xffffdba0, 0xffffde04, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 
    0x8000000000000000, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x11, 0xc6, 0x0, 
    0xf0, 0x7, 0xc6, 0x0 <repeats 16 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x0, 0x8000, 0xc611, 0xf000, 0xc607, 0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x0, 0x0, 0xc6118000, 0xc607f000, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x0, 0xc607f000c6118000, 0x0, 0x0}, v2_int128 = {0xc607f000c61180000000000000000000, 
    0x00000000000000000000000000000000}}
ymm1           {v8_float = {0x0, 0x0, 0x127, 0x6af, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x8000000000000000, 0x0, 
    0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x93, 0x43, 0x0, 0xe0, 0xd5, 0x44, 
    0x0 <repeats 16 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x0, 0x8000, 0x4393, 0xe000, 0x44d5, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x0, 0x0, 0x43938000, 0x44d5e000, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 
    0x44d5e00043938000, 0x0, 0x0}, v2_int128 = {0x44d5e000439380000000000000000000, 
    0x00000000000000000000000000000000}}
ymm2           {v8_float = {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0, 0x3f, 0x0 <repeats 24 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x3fe0, 
    0x0 <repeats 12 times>}, v8_int32 = {0x0, 0x3fe00000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0x3fe0000000000000, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003fe0000000000000, 
    0x00000000000000000000000000000000}}
---Type <return> to continue, or q <return> to quit---
ymm3           {v8_float = {0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 
    0x8000000000000000, 0x0, 0x0}, v32_int8 = {0xb, 0xe0, 0xb, 0xe0, 0x2e, 0xdd, 0x2e, 0xdd, 0x4, 0xdb, 0x4, 0xdb, 
    0x9b, 0xd9, 0x9b, 0xd9, 0x0 <repeats 16 times>}, v16_int16 = {0xe00b, 0xe00b, 0xdd2e, 0xdd2e, 0xdb04, 0xdb04, 
    0xd99b, 0xd99b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xe00be00b, 0xdd2edd2e, 0xdb04db04, 
    0xd99bd99b, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xdd2edd2ee00be00b, 0xd99bd99bdb04db04, 0x0, 0x0}, v2_int128 = {
    0xd99bd99bdb04db04dd2edd2ee00be00b, 0x00000000000000000000000000000000}}
ymm4           {v8_float = {0x38000000, 0xf0000000, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {
    0x8000000000000000, 0x8000000000000000, 0x0, 0x0}, v32_int8 = {0xf9, 0xd8, 0xf9, 0xd8, 0x21, 0xd9, 0x21, 0xd9, 
    0x13, 0xda, 0x13, 0xda, 0xca, 0xdb, 0xca, 0xdb, 0x0 <repeats 16 times>}, v16_int16 = {0xd8f9, 0xd8f9, 0xd921, 
    0xd921, 0xda13, 0xda13, 0xdbca, 0xdbca, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xd8f9d8f9, 
    0xd921d921, 0xda13da13, 0xdbcadbca, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0xd921d921d8f9d8f9, 0xdbcadbcada13da13, 0x0, 
    0x0}, v2_int128 = {0xdbcadbcada13da13d921d921d8f9d8f9, 0x00000000000000000000000000000000}}
ymm5           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
    0x10, 0x27, 0x10, 0x27, 0xaa, 0x26, 0xaa, 0x26, 0x7c, 0x25, 0x7c, 0x25, 0x8c, 0x23, 0x8c, 0x23, 
    0x0 <repeats 16 times>}, v16_int16 = {0x2710, 0x2710, 0x26aa, 0x26aa, 0x257c, 0x257c, 0x238c, 0x238c, 0x0, 0x0, 
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x27102710, 0x26aa26aa, 0x257c257c, 0x238c238c, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x26aa26aa27102710, 0x238c238c257c257c, 0x0, 0x0}, v2_int128 = {0x238c238c257c257c26aa26aa27102710, 
    0x00000000000000000000000000000000}}
ymm6           {v8_float = {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
    0x2f, 0x87, 0x29, 0xe8, 0x10, 0x11, 0x81, 0x3f, 0x0 <repeats 24 times>}, v16_int16 = {0x872f, 0xe829, 0x1110, 
    0x3f81, 0x0 <repeats 12 times>}, v8_int32 = {0xe829872f, 0x3f811110, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0x3f811110e829872f, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003f811110e829872f, 
    0x00000000000000000000000000000000}}
ymm7           {v8_float = {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0, 0x3f, 0x0 <repeats 24 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x3fe0, 
    0x0 <repeats 12 times>}, v8_int32 = {0x0, 0x3fe00000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0x3fe0000000000000, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003fe0000000000000, 
    0x00000000000000000000000000000000}}
ymm8           {v8_float = {0x53500000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, 
---Type <return> to continue, or q <return> to quit---
  v32_int8 = {0x35, 0x55, 0x55, 0x55, 0x55, 0x55, 0xa5, 0x3f, 0x0 <repeats 24 times>}, v16_int16 = {0x5535, 0x5555, 
    0x5555, 0x3fa5, 0x0 <repeats 12 times>}, v8_int32 = {0x55555535, 0x3fa55555, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 
  v4_int64 = {0x3fa5555555555535, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003fa5555555555535, 
    0x00000000000000000000000000000000}}
ymm9           {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
    0x39, 0xe2, 0xd9, 0xed, 0x6b, 0xc1, 0x56, 0x3f, 0x0 <repeats 24 times>}, v16_int16 = {0xe239, 0xedd9, 0xc16b, 
    0x3f56, 0x0 <repeats 12 times>}, v8_int32 = {0xedd9e239, 0x3f56c16b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0x3f56c16bedd9e239, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003f56c16bedd9e239, 
    0x00000000000000000000000000000000}}
ymm10          {v8_float = {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x1, 0x0, 0x0, 0x0}, v32_int8 = {
    0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0 <repeats 24 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x3ff0, 
    0x0 <repeats 12 times>}, v8_int32 = {0x0, 0x3ff00000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0x3ff0000000000000, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003ff0000000000000, 
    0x00000000000000000000000000000000}}
ymm11          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
    0x7, 0x5c, 0x14, 0x33, 0x26, 0xa6, 0xb1, 0x3c, 0x0 <repeats 24 times>}, v16_int16 = {0x5c07, 0x3314, 0xa626, 
    0x3cb1, 0x0 <repeats 12 times>}, v8_int32 = {0x33145c07, 0x3cb1a626, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0x3cb1a62633145c07, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000003cb1a62633145c07, 
    0x00000000000000000000000000000000}}
ymm12          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
    0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000, 
    0x00000000000000000000000000000000}}
ymm13          {v8_float = {0x0, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x300000000000, 0x0, 0x0, 0x0}, 
  v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc8, 0x42, 0x0 <repeats 24 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x42c8, 
    0x0 <repeats 12 times>}, v8_int32 = {0x0, 0x42c80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0x42c8000000000000, 0x0, 0x0, 0x0}, v2_int128 = {0x000000000000000042c8000000000000, 
    0x00000000000000000000000000000000}}
ymm14          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
---Type <return> to continue, or q <return> to quit---
    0x9d, 0x9f, 0x7a, 0xe2, 0x66, 0xf4, 0x63, 0xb9, 0x0 <repeats 24 times>}, v16_int16 = {0x9f9d, 0xe27a, 0xf466, 
    0xb963, 0x0 <repeats 12 times>}, v8_int32 = {0xe27a9f9d, 0xb963f466, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
    0xb963f466e27a9f9d, 0x0, 0x0, 0x0}, v2_int128 = {0x0000000000000000b963f466e27a9f9d, 
    0x00000000000000000000000000000000}}
ymm15          {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
    0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000, 
    0x00000000000000000000000000000000}}

comment:9 by Takis Issaris, 12 years ago

Sure, I used a static build now, as I find that easier to debug. Furthermore, it is not related to the specific sample, using any audiofile gives the same result.

comment:10 by Takis Issaris, 12 years ago

I wanted to git-bisect it, but is seems it has been happing from the first revision of libavfilter/af_atempo.c.

pissaris@takis-Latitude-E6520:/usr/local/src/ff/ffmpeg.org/build-static$ ./ffmpeg_g -t 10 -i /opt/android-sdk-linux_x86/samples/android-14/ApiDemos/res/raw/test_cbr.mp3 -af atempo=0.8 asdf.wav
ffmpeg version N-41650-ga1aac8d Copyright (c) 2000-2012 the FFmpeg developers
  built on Aug 28 2012 13:37:26 with gcc 4.6.3
  configuration: --enable-avfilter --enable-frei0r --enable-gpl --enable-libfaac --enable-libmp3lame --enable-libschroedinger --enable-libspeex --enable-libtheora --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libxvid --enable-nonfree --enable-pic --enable-pthreads --disable-shared --enable-static --enable-version3 --enable-x11grab --disable-optimizations
  libavutil      51. 58.100 / 51. 58.100
  libavcodec     54. 25.100 / 54. 25.100
  libavformat    54.  6.101 / 54.  6.101
  libavdevice    54.  0.100 / 54.  0.100
  libavfilter     2. 81.100 /  2. 81.100
  libswscale      2.  1.100 /  2.  1.100
  libswresample   0. 15.100 /  0. 15.100
  libpostproc    52.  0.100 / 52.  0.100
[mp3 @ 0x185a120] max_analyze_duration 5000000 reached at 5015510
[mp3 @ 0x185a120] Estimating duration from bitrate, this may be inaccurate
Input #0, mp3, from '/opt/android-sdk-linux_x86/samples/android-14/ApiDemos/res/raw/test_cbr.mp3':
  Duration: 00:00:52.86, start: 0.000000, bitrate: 55 kb/s
    Stream #0:0: Audio: mp3, 44100 Hz, mono, s16, 56 kb/s
File 'asdf.wav' already exists. Overwrite ? [y/N] y
Output #0, wav, to 'asdf.wav':
  Metadata:
    encoder         : Lavf54.6.101
    Stream #0:0: Audio: pcm_s16le ([1][0][0][0] / 0x0001), 44100 Hz, mono, s16, 705 kb/s
Stream mapping:
  Stream #0:0 -> #0:0 (mp3 -> pcm_s16le)
Press [q] to stop, [?] for help
Segmentation fault (core dumped)

comment:11 by Takis Issaris, 12 years ago

(gdb) bt
#0  fft16_avx () at /usr/local/src/ff/ffmpeg.org/libavcodec/x86/fft_mmx.asm:315
#1  0x0000000000aa76d5 in fft32_avx () at /usr/local/src/ff/ffmpeg.org/libavcodec/x86/fft_mmx.asm:352
#2  0x0000000000aa8515 in fft64_avx () at /usr/local/src/ff/ffmpeg.org/libavcodec/x86/fft_mmx.asm:649
#3  0x0000000000aa8555 in fft128_avx () at /usr/local/src/ff/ffmpeg.org/libavcodec/x86/fft_mmx.asm:649
#4  0x0000000000aa8595 in fft256_avx () at /usr/local/src/ff/ffmpeg.org/libavcodec/x86/fft_mmx.asm:649
#5  0x0000000000aa85d5 in fft512_avx () at /usr/local/src/ff/ffmpeg.org/libavcodec/x86/fft_mmx.asm:649
#6  0x0000000000aa8615 in fft1024_avx () at /usr/local/src/ff/ffmpeg.org/libavcodec/x86/fft_mmx.asm:649
#7  0x0000000000aa89a5 in fft2048_interleave_avx () at /usr/local/src/ff/ffmpeg.org/libavcodec/x86/fft_mmx.asm:650
#8  0x0000000000aa8ba8 in ff_fft_dispatch_interleave_avx ()
    at /usr/local/src/ff/ffmpeg.org/libavcodec/x86/fft_mmx.asm:650
#9  0x0000000000aaa82d in ff_fft_calc_avx (s=0x177f640, z=0x17b9c30)
    at /usr/local/src/ff/ffmpeg.org/libavcodec/x86/fft_sse.c:37
#10 0x000000000094854c in ff_rdft_calc_c (s=0x177f620, data=0x17b9c30)
    at /usr/local/src/ff/ffmpeg.org/libavcodec/rdft.c:69
#11 0x000000000065778e in av_rdft_calc (s=0x177f620, data=0x17b9c30)
    at /usr/local/src/ff/ffmpeg.org/libavcodec/avfft.c:106
#12 0x000000000049addd in yae_apply (atempo=0x17af760, src_ref=0x7fffffffd590, src_end=0x17d9f60 "", 
    dst_ref=0x17af838, dst_end=0x17dad40 "") at /usr/local/src/ff/ffmpeg.org/libavfilter/af_atempo.c:815
#13 0x000000000049b61e in filter_samples (inlink=0x177f020, src_buffer=0x17863e0)
    at /usr/local/src/ff/ffmpeg.org/libavfilter/af_atempo.c:1066
#14 0x0000000000451ebc in ff_filter_samples (link=0x177f020, samplesref=0x17863e0)
    at /usr/local/src/ff/ffmpeg.org/libavfilter/audio.c:214
#15 0x00000000004595c0 in request_frame (link=0x177f020) at /usr/local/src/ff/ffmpeg.org/libavfilter/buffersrc.c:445
#16 0x0000000000453902 in ff_request_frame (link=0x177f020) at /usr/local/src/ff/ffmpeg.org/libavfilter/avfilter.c:325
#17 0x00000000004544ae in avfilter_request_frame (link=0x177f020)
    at /usr/local/src/ff/ffmpeg.org/libavfilter/avfilter.c:594
#18 0x000000000049b6db in request_frame (outlink=0x177f400)
    at /usr/local/src/ff/ffmpeg.org/libavfilter/af_atempo.c:1086
#19 0x0000000000453902 in ff_request_frame (link=0x177f400) at /usr/local/src/ff/ffmpeg.org/libavfilter/avfilter.c:325
---Type <return> to continue, or q <return> to quit--- 
#20 0x000000000045392d in ff_request_frame (link=0x177f6e0) at /usr/local/src/ff/ffmpeg.org/libavfilter/avfilter.c:327
#21 0x000000000045812d in av_buffersink_read (ctx=0x177ede0, buf=0x7fffffffd770)
    at /usr/local/src/ff/ffmpeg.org/libavfilter/buffersink.c:109
#22 0x0000000000430614 in poll_filters () at /usr/local/src/ff/ffmpeg.org/ffmpeg.c:1927
#23 0x0000000000437ef2 in transcode () at /usr/local/src/ff/ffmpeg.org/ffmpeg.c:3608
#24 0x0000000000440e67 in main (argc=8, argv=0x7fffffffdf58) at /usr/local/src/ff/ffmpeg.org/ffmpeg.c:5917

comment:12 by Cigaes, 12 years ago

Thanks for the backtraces. It looks related to the AVX optimizations. I do not have the hardware to test. Does it make it work to build with --disable-avx?

comment:13 by Takis Issaris, 12 years ago

From /proc/cpuinfo:

processor	: 3
vendor_id	: GenuineIntel
cpu family	: 6
model		: 42
model name	: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
stepping	: 7
microcode	: 0x15
cpu MHz		: 2501.000
cache size	: 3072 KB
physical id	: 0
siblings	: 4
core id		: 1
cpu cores	: 2
apicid		: 3
initial apicid	: 3
fpu		: yes
fpu_exception	: yes
cpuid level	: 13
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36
 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc 
arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 
monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt 
tsc_deadline_timer aes xsave avx lahf_lm ida arat epb xsaveopt pln pts dtherm tpr_shadow 
vnmi flexpriority ept vpid
bogomips	: 4988.44
clflush size	: 64
cache_alignment	: 64
address sizes	: 36 bits physical, 48 bits virtual

comment:14 by Takis Issaris, 12 years ago

Yes, disabling AVX with the configure flag avoids the segfault.

comment:15 by Cigaes, 12 years ago

Keywords: avx added
Summary: Using atempo filter causes segfaultUsing atempo filter causes segfault with AVX

comment:16 by Carl Eugen Hoyos, 12 years ago

Priority: normalimportant
Status: newopen

comment:17 by Cigaes, 12 years ago

Analyzed by developer: set
Reproduced by developer: set

It is an alignment problem: AVX requires 32, the memory used is provided by av_realloc and only aligned to 16.

comment:18 by Cigaes, 12 years ago

Can you test if the following patch fixes the problem for you:
http://ffmpeg.org/pipermail/ffmpeg-devel/2012-August/130215.html
?

comment:19 by Takis Issaris, 12 years ago

Yes, the patch works for me.

Thanks!

comment:20 by Cigaes, 12 years ago

Resolution: fixed
Status: openclosed

comment:21 by Carl Eugen Hoyos, 12 years ago

Keywords: crash SIGSEGV atempo added
Note: See TracTickets for help on using tickets.