#4416 closed defect (fixed)
H264 regression: Crash on slice multithreading with 2.6.1
| Reported by: | Carl Eugen Hoyos | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avcodec |
| Version: | 2.6.1 | Keywords: | h264 crash SIGSEGV regression |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description
The sample from ticket #4415 crashes 2.6.1 (and 2.6) when using slice multi-threading, this is a regression since 6fafc62b
(gdb) r -cpuflags 0 -thread_type slice -threads 2 -i Record1MDVideoX.h264 -f null -
Starting program: ffmpeg_g -cpuflags 0 -thread_type slice -threads 2 -i Record1MDVideoX.h264 -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version n2.6.1 Copyright (c) 2000-2015 the FFmpeg developers
built with gcc 4.7 (SUSE Linux)
configuration: --enable-gpl
libavutil 54. 20.100 / 54. 20.100
libavcodec 56. 26.100 / 56. 26.100
libavformat 56. 25.101 / 56. 25.101
libavdevice 56. 4.100 / 56. 4.100
libavfilter 5. 11.102 / 5. 11.102
libswscale 3. 1.101 / 3. 1.101
libswresample 1. 1.100 / 1. 1.100
libpostproc 53. 3.100 / 53. 3.100
Input #0, h264, from 'Record1MDVideoX.h264':
Duration: N/A, bitrate: N/A
Stream #0:0: Video: h264 (High), yuv420p, 1280x720 [SAR 1:1 DAR 16:9], 30 fps, 30 tbr, 1200k tbn, 60 tbc
[New Thread 0x7ffff14f0700 (LWP 2778)]
[New Thread 0x7ffff0cef700 (LWP 2780)]
[New Thread 0x7ffff04ee700 (LWP 2781)]
[New Thread 0x7fffefced700 (LWP 2782)]
[New Thread 0x7fffef4ec700 (LWP 2783)]
[New Thread 0x7fffeeceb700 (LWP 2784)]
[New Thread 0x7fffee4ea700 (LWP 2785)]
[New Thread 0x7fffedce9700 (LWP 2786)]
[New Thread 0x7fffed4e8700 (LWP 2787)]
[New Thread 0x7fffecce7700 (LWP 2788)]
[New Thread 0x7fffec4e6700 (LWP 2789)]
Output #0, null, to 'pipe:':
Metadata:
encoder : Lavf56.25.101
Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 1280x720 [SAR 1:1 DAR 16:9], q=2-31, 200 kb/s, 30 fps, 30 tbn, 30 tbc
Metadata:
encoder : Lavc56.26.100 rawvideo
Stream mapping:
Stream #0:0 -> #0:0 (h264 (native) -> rawvideo (native))
Press [q] to stop, [?] for help
[null @ 0x1af9880] Encoder did not produce proper pts, making some up.
[h264 @ 0x1b97040] SPS changed in the middle of the frame
[h264 @ 0x1b97040] decode_slice_header error
[h264 @ 0x1b97040] SPS changed in the middle of the frame
[h264 @ 0x1b97040] decode_slice_header error
[h264 @ 0x1b97040] SPS changed in the middle of the frame
[h264 @ 0x1b97040] decode_slice_header error
[h264 @ 0x1b97040] top block unavailable for requested intra4x4 mode -1 at 76 0
[h264 @ 0x1b97040] error while decoding MB 76 0, bytestream 3672
[h264 @ 0x1b97040] concealing 3573 DC, 3573 AC, 3573 MV errors in P frame
[h264 @ 0x1b97040] SPS changed in the middle of the frame
[h264 @ 0x1b97040] decode_slice_header error
[h264 @ 0x1b97040] SPS changed in the middle of the frame
[h264 @ 0x1b97040] decode_slice_header error
[h264 @ 0x1b97040] SPS changed in the middle of the frame
[h264 @ 0x1b97040] decode_slice_header error
[h264 @ 0x1b97040] top block unavailable for requested intra4x4 mode -1 at 51 0
[h264 @ 0x1b97040] error while decoding MB 51 0, bytestream 4298
[h264 @ 0x1b97040] concealing 3598 DC, 3598 AC, 3598 MV errors in P frame
[h264 @ 0x1b97040] SPS changed in the middle of the frame
[h264 @ 0x1b97040] decode_slice_header error
[h264 @ 0x1b97040] SPS changed in the middle of the frame
[h264 @ 0x1b97040] decode_slice_header error
[h264 @ 0x1b97040] SPS changed in the middle of the frame
[h264 @ 0x1b97040] decode_slice_header error
[h264 @ 0x1b97040] concealing 3571 DC, 3571 AC, 3571 MV errors in P frame
[h264 @ 0x1b97040] SPS changed in the middle of the frame
[h264 @ 0x1b97040] decode_slice_header error
[h264 @ 0x1b97040] SPS changed in the middle of the frame
[h264 @ 0x1b97040] decode_slice_header error
[h264 @ 0x1b97040] SPS changed in the middle of the frame
[h264 @ 0x1b97040] decode_slice_header error
Program received signal SIGSEGV, Segmentation fault.
put_h264_qpel16_mc00_8_c (dst=0x2500ec0 "", src=0x0, stride=1280)
at libavcodec/h264qpel_template.c:544
544 H264_MC(put_, 16)
(gdb) bt
#0 put_h264_qpel16_mc00_8_c (dst=0x2500ec0 "", src=0x0, stride=1280)
at libavcodec/h264qpel_template.c:544
#1 0x0000000000747bff in mc_dir_part (chroma_idc=1, pixel_shift=0,
chroma_op=0x776df0 <put_h264_chroma_mc8_8_c>, qpix_op=0x1beced0, src_y_offset=0,
src_x_offset=0, dest_cr=0x26213e0 "", dest_cb=0x25e7920 "", dest_y=0x2500ec0 "", list=0,
delta=0, height=16, square=1, n=0, pic=0x1c20180, h=0x1becd60)
at libavcodec/h264_mb.c:246
#2 mc_part_std (chroma_idc=1, pixel_shift=0, list1=0, list0=4096,
chroma_avg=0x777850 <avg_h264_chroma_mc8_8_c>, qpix_avg=0x1bed0d0,
chroma_put=0x776df0 <put_h264_chroma_mc8_8_c>, qpix_put=0x1beced0, y_offset=0,
x_offset=0, dest_cr=0x26213e0 "", dest_cb=0x25e7920 "", dest_y=0x2500ec0 "", delta=0,
height=16, square=1, n=0, h=0x1becd60) at libavcodec/h264_mb.c:349
#3 mc_part_420_simple_8 (h=0x1becd60, n=0, square=1, height=16, delta=0,
dest_y=<optimized out>, dest_cb=0x25e7920 "", dest_cr=0x26213e0 "", x_offset=0,
y_offset=0, qpix_put=0x1beced0, chroma_put=0x776df0 <put_h264_chroma_mc8_8_c>,
qpix_avg=0x1bed0d0, chroma_avg=0x777850 <avg_h264_chroma_mc8_8_c>, weight_op=0x1becd80,
weight_avg=0x1becda0, list0=4096, list1=0) at libavcodec/h264_mc_template.c:58
#4 0x00000000007627c8 in hl_motion_420_simple_8 (weight_avg=<optimized out>,
weight_op=<optimized out>, chroma_avg=<optimized out>, qpix_avg=<optimized out>,
chroma_put=<optimized out>, qpix_put=<optimized out>, dest_cr=<optimized out>,
dest_cb=<optimized out>, dest_y=<optimized out>, h=<optimized out>)
at libavcodec/h264_mc_template.c:82
#5 hl_decode_mb_simple_8 (h=h@entry=0x1becd60) at libavcodec/h264_mb_template.c:182
#6 0x000000000076372a in ff_h264_hl_decode_mb (h=h@entry=0x1becd60)
at libavcodec/h264_mb.c:826
#7 0x00000000007717e9 in decode_slice (avctx=<optimized out>, arg=arg@entry=0x7fffffffd2d8)
at libavcodec/h264_slice.c:2432
#8 0x000000000077686a in ff_h264_execute_decode_slices (h=h@entry=0x1becd60,
context_count=context_count@entry=1) at libavcodec/h264_slice.c:2582
#9 0x00000000007387bc in decode_nal_units (h=h@entry=0x1becd60, buf=buf@entry=0x1bb7b10 "",
buf_size=buf_size@entry=14735, parse_extradata=parse_extradata@entry=0)
at libavcodec/h264.c:1689
#10 0x00000000007398d1 in h264_decode_frame (avctx=0x1b97040, data=0x1afad80,
got_frame=0x7fffffffd75c, avpkt=<optimized out>) at libavcodec/h264.c:1826
#11 0x0000000000b00528 in avcodec_decode_video2 (avctx=0x1b97040,
picture=picture@entry=0x1afad80, got_picture_ptr=got_picture_ptr@entry=0x7fffffffd75c,
avpkt=avpkt@entry=0x7fffffffd9e0) at libavcodec/utils.c:2372
#12 0x0000000000484cfd in decode_video (ist=ist@entry=0x1ba6fe0,
pkt=pkt@entry=0x7fffffffd9e0, got_output=got_output@entry=0x7fffffffd75c)
at ffmpeg.c:1960
#13 0x0000000000488dcc in process_input_packet (pkt=0x7fffffffd980, ist=0x1ba6fe0)
at ffmpeg.c:2208
#14 process_input (file_index=28281760) at ffmpeg.c:3708
#15 0x000000000046f5e0 in transcode_step () at ffmpeg.c:3802
#16 transcode () at ffmpeg.c:3854
#17 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:4032
(gdb) disass $pc,$pc+32
Dump of assembler code from 0x8046f0 to 0x804710:
=> 0x00000000008046f0 <put_h264_qpel16_mc00_8_c+0>: mov (%rsi),%eax
0x00000000008046f2 <put_h264_qpel16_mc00_8_c+2>: lea (%rsi,%rdx,1),%rcx
0x00000000008046f6 <put_h264_qpel16_mc00_8_c+6>: mov %eax,(%rdi)
0x00000000008046f8 <put_h264_qpel16_mc00_8_c+8>: mov 0x4(%rsi),%eax
0x00000000008046fb <put_h264_qpel16_mc00_8_c+11>: mov %eax,0x4(%rdi)
0x00000000008046fe <put_h264_qpel16_mc00_8_c+14>: mov (%rcx),%r8d
0x0000000000804701 <put_h264_qpel16_mc00_8_c+17>: lea (%rdi,%rdx,1),%rax
0x0000000000804705 <put_h264_qpel16_mc00_8_c+21>: mov %r8d,(%rax)
0x0000000000804708 <put_h264_qpel16_mc00_8_c+24>: mov 0x4(%rcx),%r8d
0x000000000080470c <put_h264_qpel16_mc00_8_c+28>: add %rdx,%rcx
0x000000000080470f <put_h264_qpel16_mc00_8_c+31>: mov %r8d,0x4(%rax)
End of assembler dump.
(gdb) info register
rax 0x0 0
rbx 0x1becd60 29281632
rcx 0x1beced0 29282000
rdx 0x500 1280
rsi 0x0 0
rdi 0x2500ec0 38801088
rbp 0x0 0x0
rsp 0x7fffffffd018 0x7fffffffd018
r8 0x0 0
r9 0x0 0
r10 0x1beced0 29282000
r11 0x0 0
r12 0x0 0
r13 0x1c20180 29491584
r14 0x0 0
r15 0x2d0 720
rip 0x8046f0 0x8046f0 <put_h264_qpel16_mc00_8_c>
eflags 0x10287 [ CF PF SF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
Note:
See TracTickets
for help on using tickets.
seems fixed in 2.6.2