Context Navigation

#5231 closed defect (needs_more_info)

Crashes in ff_deblock_v_luma_8_sse2

Reported by:	Міхаіл	Owned by:
Priority:	important	Component:	avcodec
Version:	git-master	Keywords:	h264 crash SIGSEGV
Cc:		Blocked By:
Blocking:		Reproduced by developer:	yes
Analyzed by developer:	no

Description

After the recent upgrade of ffmpeg, which Firefox uses to play videos here, I started getting crashes (SIGBUS) with a variety of video-containing pages.

For example:

% firefox 'https://www.facebook.com/spotlightuse.jp/videos/938866406181882/?theater'

From the gdb:

Program received signal SIGBUS, Bus error.
[Switching to Thread 3bd5fc80 (LWP 100719/firefox)]
0x39ba4722 in ff_deblock_v_luma_8_sse2 () from /opt/lib/libavcodec.so.56
(gdb) bt
#0  0x39ba4722 in ff_deblock_v_luma_8_sse2 () from /opt/lib/libavcodec.so.56
#1  0x281c5258 in pthread_getspecific () from /lib/libthr.so.3
Previous frame inner to this frame (corrupt stack?)
(gdb) disass $pc-32,$pc+32
Dump of assembler code for function ff_deblock_v_luma_8_sse2:
0x39ba4700 <ff_deblock_v_luma_8_sse2+0>:        push   %ebx
0x39ba4701 <ff_deblock_v_luma_8_sse2+1>:        push   %esi
0x39ba4702 <ff_deblock_v_luma_8_sse2+2>:        sub    $0x24,%esp
0x39ba4705 <ff_deblock_v_luma_8_sse2+5>:        mov    0x30(%esp),%eax
0x39ba4709 <ff_deblock_v_luma_8_sse2+9>:        mov    0x34(%esp),%ecx
0x39ba470d <ff_deblock_v_luma_8_sse2+13>:       mov    0x38(%esp),%edx
0x39ba4711 <ff_deblock_v_luma_8_sse2+17>:       mov    0x3c(%esp),%ebx
0x39ba4715 <ff_deblock_v_luma_8_sse2+21>:       mov    0x40(%esp),%esi
0x39ba4719 <ff_deblock_v_luma_8_sse2+25>:       lea    (%ecx,%ecx,2),%esi
0x39ba471c <ff_deblock_v_luma_8_sse2+28>:       dec    %edx
0x39ba471d <ff_deblock_v_luma_8_sse2+29>:       neg    %esi
0x39ba471f <ff_deblock_v_luma_8_sse2+31>:       dec    %ebx
0x39ba4720 <ff_deblock_v_luma_8_sse2+32>:       add    %eax,%esi
0x39ba4722 <ff_deblock_v_luma_8_sse2+34>:       movdqa (%esi,%ecx,1),%xmm0
0x39ba4727 <ff_deblock_v_luma_8_sse2+39>:       movdqa (%esi,%ecx,2),%xmm1
0x39ba472c <ff_deblock_v_luma_8_sse2+44>:       movdqa (%eax),%xmm2
0x39ba4730 <ff_deblock_v_luma_8_sse2+48>:       movdqa (%eax,%ecx,1),%xmm3
0x39ba4735 <ff_deblock_v_luma_8_sse2+53>:       movd   %edx,%xmm4
0x39ba4739 <ff_deblock_v_luma_8_sse2+57>:       movd   %ebx,%xmm5
0x39ba473d <ff_deblock_v_luma_8_sse2+61>:       pshuflw $0x0,%xmm4,%xmm4
0x39ba4742 <ff_deblock_v_luma_8_sse2+66>:       punpcklqdq %xmm4,%xmm4
0x39ba4746 <ff_deblock_v_luma_8_sse2+70>:       pshuflw $0x0,%xmm5,%xmm5
0x39ba474b <ff_deblock_v_luma_8_sse2+75>:       punpcklqdq %xmm5,%xmm5
0x39ba474f <ff_deblock_v_luma_8_sse2+79>:       packuswb %xmm4,%xmm4
0x39ba4753 <ff_deblock_v_luma_8_sse2+83>:       packuswb %xmm5,%xmm5
0x39ba4757 <ff_deblock_v_luma_8_sse2+87>:       movdqa %xmm2,%xmm6
0x39ba475b <ff_deblock_v_luma_8_sse2+91>:       movdqa %xmm1,%xmm7
0x39ba475f <ff_deblock_v_luma_8_sse2+95>:       psubusb %xmm1,%xmm6
0x39ba4763 <ff_deblock_v_luma_8_sse2+99>:       psubusb %xmm2,%xmm7
0x39ba4767 <ff_deblock_v_luma_8_sse2+103>:      por    %xmm6,%xmm7
0x39ba476b <ff_deblock_v_luma_8_sse2+107>:      psubusb %xmm4,%xmm7
0x39ba476f <ff_deblock_v_luma_8_sse2+111>:      movdqa %xmm1,%xmm6
0x39ba4773 <ff_deblock_v_luma_8_sse2+115>:      movdqa %xmm0,%xmm4
0x39ba4777 <ff_deblock_v_luma_8_sse2+119>:      psubusb %xmm0,%xmm6
0x39ba477b <ff_deblock_v_luma_8_sse2+123>:      psubusb %xmm1,%xmm4
0x39ba477f <ff_deblock_v_luma_8_sse2+127>:      por    %xmm6,%xmm4
0x39ba4783 <ff_deblock_v_luma_8_sse2+131>:      psubusb %xmm5,%xmm4
0x39ba4787 <ff_deblock_v_luma_8_sse2+135>:      por    %xmm4,%xmm7
0x39ba478b <ff_deblock_v_luma_8_sse2+139>:      movdqa %xmm2,%xmm6
0x39ba478f <ff_deblock_v_luma_8_sse2+143>:      movdqa %xmm3,%xmm4
0x39ba4793 <ff_deblock_v_luma_8_sse2+147>:      psubusb %xmm3,%xmm6
0x39ba4797 <ff_deblock_v_luma_8_sse2+151>:      psubusb %xmm2,%xmm4
0x39ba479b <ff_deblock_v_luma_8_sse2+155>:      por    %xmm6,%xmm4
0x39ba479f <ff_deblock_v_luma_8_sse2+159>:      psubusb %xmm5,%xmm4
0x39ba47a3 <ff_deblock_v_luma_8_sse2+163>:      por    %xmm4,%xmm7
0x39ba47a7 <ff_deblock_v_luma_8_sse2+167>:      pxor   %xmm6,%xmm6
0x39ba47ab <ff_deblock_v_luma_8_sse2+171>:      pcmpeqb %xmm6,%xmm7
0x39ba47af <ff_deblock_v_luma_8_sse2+175>:      mov    0x40(%esp),%ebx
0x39ba47b3 <ff_deblock_v_luma_8_sse2+179>:      pcmpeqb %xmm3,%xmm3
0x39ba47b7 <ff_deblock_v_luma_8_sse2+183>:      movd   (%ebx),%xmm4
0x39ba47bb <ff_deblock_v_luma_8_sse2+187>:      punpcklbw %xmm4,%xmm4
0x39ba47bf <ff_deblock_v_luma_8_sse2+191>:      punpcklbw %xmm4,%xmm4
0x39ba47c3 <ff_deblock_v_luma_8_sse2+195>:      movdqa %xmm4,0x10(%esp)
0x39ba47c9 <ff_deblock_v_luma_8_sse2+201>:      pcmpgtb %xmm3,%xmm4
0x39ba47cd <ff_deblock_v_luma_8_sse2+205>:      movdqa (%esi),%xmm3
0x39ba47d1 <ff_deblock_v_luma_8_sse2+209>:      pand   %xmm7,%xmm4
0x39ba47d5 <ff_deblock_v_luma_8_sse2+213>:      movdqa %xmm4,(%esp)
0x39ba47da <ff_deblock_v_luma_8_sse2+218>:      movdqa %xmm3,%xmm7
0x39ba47de <ff_deblock_v_luma_8_sse2+222>:      movdqa %xmm1,%xmm6
0x39ba47e2 <ff_deblock_v_luma_8_sse2+226>:      psubusb %xmm1,%xmm7
0x39ba47e6 <ff_deblock_v_luma_8_sse2+230>:      psubusb %xmm3,%xmm6
0x39ba47ea <ff_deblock_v_luma_8_sse2+234>:      psubusb %xmm5,%xmm7
0x39ba47ee <ff_deblock_v_luma_8_sse2+238>:      psubusb %xmm5,%xmm6
0x39ba47f2 <ff_deblock_v_luma_8_sse2+242>:      pcmpeqb %xmm7,%xmm6
0x39ba47f6 <ff_deblock_v_luma_8_sse2+246>:      pand   %xmm4,%xmm6
0x39ba47fa <ff_deblock_v_luma_8_sse2+250>:      pand   0x10(%esp),%xmm4
0x39ba4800 <ff_deblock_v_luma_8_sse2+256>:      movdqa %xmm4,%xmm7
0x39ba4804 <ff_deblock_v_luma_8_sse2+260>:      psubb  %xmm6,%xmm7
0x39ba4808 <ff_deblock_v_luma_8_sse2+264>:      pand   %xmm4,%xmm6
0x39ba480c <ff_deblock_v_luma_8_sse2+268>:      movdqa %xmm1,%xmm4
0x39ba4810 <ff_deblock_v_luma_8_sse2+272>:      pavgb  %xmm2,%xmm4
0x39ba4814 <ff_deblock_v_luma_8_sse2+276>:      pavgb  %xmm4,%xmm3
0x39ba4818 <ff_deblock_v_luma_8_sse2+280>:      pxor   (%esi),%xmm4
0x39ba481c <ff_deblock_v_luma_8_sse2+284>:      pand   0x39ebc2e0,%xmm4
0x39ba4824 <ff_deblock_v_luma_8_sse2+292>:      psubusb %xmm4,%xmm3
0x39ba4828 <ff_deblock_v_luma_8_sse2+296>:      movdqa %xmm0,%xmm4
0x39ba482c <ff_deblock_v_luma_8_sse2+300>:      psubusb %xmm6,%xmm4
0x39ba4830 <ff_deblock_v_luma_8_sse2+304>:      paddusb %xmm0,%xmm6
0x39ba4834 <ff_deblock_v_luma_8_sse2+308>:      pmaxub %xmm4,%xmm3
0x39ba4838 <ff_deblock_v_luma_8_sse2+312>:      pminub %xmm6,%xmm3
0x39ba483c <ff_deblock_v_luma_8_sse2+316>:      movdqa %xmm3,(%esi,%ecx,1)
0x39ba4841 <ff_deblock_v_luma_8_sse2+321>:      movdqa (%eax,%ecx,2),%xmm4
0x39ba4846 <ff_deblock_v_luma_8_sse2+326>:      movdqa %xmm4,%xmm3
0x39ba484a <ff_deblock_v_luma_8_sse2+330>:      movdqa %xmm2,%xmm6
0x39ba484e <ff_deblock_v_luma_8_sse2+334>:      psubusb %xmm2,%xmm3
0x39ba4852 <ff_deblock_v_luma_8_sse2+338>:      psubusb %xmm4,%xmm6
0x39ba4856 <ff_deblock_v_luma_8_sse2+342>:      psubusb %xmm5,%xmm3
0x39ba485a <ff_deblock_v_luma_8_sse2+346>:      psubusb %xmm5,%xmm6
0x39ba485e <ff_deblock_v_luma_8_sse2+350>:      pcmpeqb %xmm3,%xmm6
0x39ba4862 <ff_deblock_v_luma_8_sse2+354>:      pand   (%esp),%xmm6
0x39ba4867 <ff_deblock_v_luma_8_sse2+359>:      movdqa 0x10(%esp),%xmm5
0x39ba486d <ff_deblock_v_luma_8_sse2+365>:      psubb  %xmm6,%xmm7
0x39ba4871 <ff_deblock_v_luma_8_sse2+369>:      pand   %xmm6,%xmm5
0x39ba4875 <ff_deblock_v_luma_8_sse2+373>:      movdqa (%eax,%ecx,1),%xmm3
0x39ba487a <ff_deblock_v_luma_8_sse2+378>:      movdqa %xmm1,%xmm6
0x39ba487e <ff_deblock_v_luma_8_sse2+382>:      pavgb  %xmm2,%xmm6
0x39ba4882 <ff_deblock_v_luma_8_sse2+386>:      pavgb  %xmm6,%xmm4
0x39ba4886 <ff_deblock_v_luma_8_sse2+390>:      pxor   (%eax,%ecx,2),%xmm6
0x39ba488b <ff_deblock_v_luma_8_sse2+395>:      pand   0x39ebc2e0,%xmm6
0x39ba4893 <ff_deblock_v_luma_8_sse2+403>:      psubusb %xmm6,%xmm4
0x39ba4897 <ff_deblock_v_luma_8_sse2+407>:      movdqa %xmm3,%xmm6
0x39ba489b <ff_deblock_v_luma_8_sse2+411>:      psubusb %xmm5,%xmm6
0x39ba489f <ff_deblock_v_luma_8_sse2+415>:      paddusb %xmm3,%xmm5
0x39ba48a3 <ff_deblock_v_luma_8_sse2+419>:      pmaxub %xmm6,%xmm4
0x39ba48a7 <ff_deblock_v_luma_8_sse2+423>:      pminub %xmm5,%xmm4
0x39ba48ab <ff_deblock_v_luma_8_sse2+427>:      movdqa %xmm4,(%eax,%ecx,1)
0x39ba48b0 <ff_deblock_v_luma_8_sse2+432>:      pcmpeqb %xmm4,%xmm4
0x39ba48b4 <ff_deblock_v_luma_8_sse2+436>:      movdqa %xmm1,%xmm5
0x39ba48b8 <ff_deblock_v_luma_8_sse2+440>:      pxor   %xmm2,%xmm5
0x39ba48bc <ff_deblock_v_luma_8_sse2+444>:      pxor   %xmm4,%xmm3
0x39ba48c0 <ff_deblock_v_luma_8_sse2+448>:      pand   0x39ebc2e0,%xmm5
0x39ba48c8 <ff_deblock_v_luma_8_sse2+456>:      pavgb  %xmm0,%xmm3
0x39ba48cc <ff_deblock_v_luma_8_sse2+460>:      pxor   %xmm1,%xmm4
0x39ba48d0 <ff_deblock_v_luma_8_sse2+464>:      pavgb  0x39ebc320,%xmm3
0x39ba48d8 <ff_deblock_v_luma_8_sse2+472>:      pavgb  %xmm2,%xmm4
0x39ba48dc <ff_deblock_v_luma_8_sse2+476>:      pavgb  %xmm5,%xmm3
0x39ba48e0 <ff_deblock_v_luma_8_sse2+480>:      movdqa 0x39ebcc20,%xmm6
0x39ba48e8 <ff_deblock_v_luma_8_sse2+488>:      paddusb %xmm4,%xmm3
0x39ba48ec <ff_deblock_v_luma_8_sse2+492>:      psubusb %xmm3,%xmm6
0x39ba48f0 <ff_deblock_v_luma_8_sse2+496>:      psubusb 0x39ebcc20,%xmm3
0x39ba48f8 <ff_deblock_v_luma_8_sse2+504>:      pminub %xmm7,%xmm6
0x39ba48fc <ff_deblock_v_luma_8_sse2+508>:      pminub %xmm7,%xmm3
0x39ba4900 <ff_deblock_v_luma_8_sse2+512>:      psubusb %xmm6,%xmm1
0x39ba4904 <ff_deblock_v_luma_8_sse2+516>:      psubusb %xmm3,%xmm2
0x39ba4908 <ff_deblock_v_luma_8_sse2+520>:      paddusb %xmm3,%xmm1
0x39ba490c <ff_deblock_v_luma_8_sse2+524>:      paddusb %xmm6,%xmm2
0x39ba4910 <ff_deblock_v_luma_8_sse2+528>:      movdqa %xmm1,(%esi,%ecx,2)
0x39ba4915 <ff_deblock_v_luma_8_sse2+533>:      movdqa %xmm2,(%eax)
0x39ba4919 <ff_deblock_v_luma_8_sse2+537>:      add    $0x24,%esp
0x39ba491c <ff_deblock_v_luma_8_sse2+540>:      pop    %esi
0x39ba491d <ff_deblock_v_luma_8_sse2+541>:      pop    %ebx
0x39ba491e <ff_deblock_v_luma_8_sse2+542>:      ret    
0x39ba491f <ff_deblock_v_luma_8_sse2+543>:      nop    
End of assembler dump.
(gdb) info all-registers
eax            0xb7f5cb8c       -1208628340
ecx            0x10     16
edx            0x9      9
ebx            0x3      3
esp            0xb7f5cb0c       0xb7f5cb0c
ebp            0x3bd98020       0x3bd98020
esi            0xb7f5cb5c       -1208628388
edi            0x4b     75
eip            0x39ba4722       0x39ba4722
eflags         0x210287 2163335
cs             0x33     51
ss             0x3b     59
ds             0xbfbf003b       -1078001605
es             0xbfbf003b       -1078001605
fs             0xbfbf003b       -1078001605
gs             0x1b     27
st0            -nan(0x282a2e32282a2e32) (raw 0xffff282a2e32282a2e32)
st1            -nan(0x27292f3236373736) (raw 0xffff27292f3236373736)
st2            -nan(0x27292f3227292f32) (raw 0xffff27292f3227292f32)
st3            -nan(0x27292f3236373736) (raw 0xffff27292f3236373736)
st4            -nan(0x27292f3227292f32) (raw 0xffff27292f3227292f32)
st5            -nan(0x282a2e3235373735) (raw 0xffff282a2e3235373735)
st6            -nan(0x282a2e3235373735) (raw 0xffff282a2e3235373735)
st7            -nan(0x282a2e3235373735) (raw 0xffff282a2e3235373735)
fctrl          0x127f   4735
fstat          0x0      0
ftag           0xaaaa   43690
fiseg          0x0      0
fioff          0x0      0
foseg          0x0      0
fooff          0x0      0
fop            0x0      0
xmm0           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x27, 0x27, 0x27, 0x27, 0x27, 0x27, 0x27, 0x27, 0x28, 0x28, 
    0x28, 0x28, 0x28, 0x28, 0x28, 0x28}, v8_int16 = {0x2727, 0x2727, 0x2727, 
    0x2727, 0x2828, 0x2828, 0x2828, 0x2828}, v4_int32 = {0x27272727, 
    0x27272727, 0x28282828, 0x28282828}, v2_int64 = {0x2727272727272727, 
    0x2828282828282828}, uint128 = 0x28282828282828282727272727272727}
xmm1           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x28 <repeats 16 times>}, v8_int16 = {0x2828, 0x2828, 0x2828, 
    0x2828, 0x2828, 0x2828, 0x2828, 0x2828}, v4_int32 = {0x28282828, 
    0x28282828, 0x28282828, 0x28282828}, v2_int64 = {0x2828282828282828, 
    0x2828282828282828}, uint128 = 0x28282828282828282828282828282828}
xmm2           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x32 <repeats 16 times>}, v8_int16 = {0x3232, 0x3232, 0x3232, 
    0x3232, 0x3232, 0x3232, 0x3232, 0x3232}, v4_int32 = {0x32323232, 
    0x32323232, 0x32323232, 0x32323232}, v2_int64 = {0x3232323232323232, 
    0x3232323232323232}, uint128 = 0x32323232323232323232323232323232}
xmm3           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x37 <repeats 16 times>}, v8_int16 = {0x3737, 0x3737, 0x3737, 
    0x3737, 0x3737, 0x3737, 0x3737, 0x3737}, v4_int32 = {0x37373737, 
    0x37373737, 0x37373737, 0x37373737}, v2_int64 = {0x3737373737373737, 
    0x3737373737373737}, uint128 = 0x37373737373737373737373737373737}
xmm4           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x29 <repeats 16 times>}, v8_int16 = {0x2929, 0x2929, 0x2929, 
    0x2929, 0x2929, 0x2929, 0x2929, 0x2929}, v4_int32 = {0x29292929, 
    0x29292929, 0x29292929, 0x29292929}, v2_int64 = {0x2929292929292929, 
    0x2929292929292929}, uint128 = 0x29292929292929292929292929292929}
xmm5           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x2b <repeats 16 times>}, v8_int16 = {0x2b2b, 0x2b2b, 0x2b2b, 
    0x2b2b, 0x2b2b, 0x2b2b, 0x2b2b, 0x2b2b}, v4_int32 = {0x2b2b2b2b, 
    0x2b2b2b2b, 0x2b2b2b2b, 0x2b2b2b2b}, v2_int64 = {0x2b2b2b2b2b2b2b2b, 
    0x2b2b2b2b2b2b2b2b}, uint128 = 0x2b2b2b2b2b2b2b2b2b2b2b2b2b2b2b2b}
xmm6           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, 
  uint128 = 0x00000000000000000000000000000000}
xmm7           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x2a <repeats 16 times>}, v8_int16 = {0x2a2a, 0x2a2a, 0x2a2a, 
    0x2a2a, 0x2a2a, 0x2a2a, 0x2a2a, 0x2a2a}, v4_int32 = {0x2a2a2a2a, 
    0x2a2a2a2a, 0x2a2a2a2a, 0x2a2a2a2a}, v2_int64 = {0x2a2a2a2a2a2a2a2a, 
    0x2a2a2a2a2a2a2a2a}, uint128 = 0x2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a}
mxcsr          0x1f80   8064
mm0            {uint64 = 0x282a2e32282a2e32, v2_int32 = {0x282a2e32, 
    0x282a2e32}, v4_int16 = {0x2e32, 0x282a, 0x2e32, 0x282a}, v8_int8 = {0x32, 
    0x2e, 0x2a, 0x28, 0x32, 0x2e, 0x2a, 0x28}}
mm1            {uint64 = 0x27292f3236373736, v2_int32 = {0x36373736, 
    0x27292f32}, v4_int16 = {0x3736, 0x3637, 0x2f32, 0x2729}, v8_int8 = {0x36, 
    0x37, 0x37, 0x36, 0x32, 0x2f, 0x29, 0x27}}
mm2            {uint64 = 0x27292f3227292f32, v2_int32 = {0x27292f32, 
    0x27292f32}, v4_int16 = {0x2f32, 0x2729, 0x2f32, 0x2729}, v8_int8 = {0x32, 
    0x2f, 0x29, 0x27, 0x32, 0x2f, 0x29, 0x27}}
mm3            {uint64 = 0x27292f3236373736, v2_int32 = {0x36373736, 
    0x27292f32}, v4_int16 = {0x3736, 0x3637, 0x2f32, 0x2729}, v8_int8 = {0x36, 
    0x37, 0x37, 0x36, 0x32, 0x2f, 0x29, 0x27}}
mm4            {uint64 = 0x27292f3227292f32, v2_int32 = {0x27292f32, 
    0x27292f32}, v4_int16 = {0x2f32, 0x2729, 0x2f32, 0x2729}, v8_int8 = {0x32, 
    0x2f, 0x29, 0x27, 0x32, 0x2f, 0x29, 0x27}}
mm5            {uint64 = 0x282a2e3235373735, v2_int32 = {0x35373735, 
    0x282a2e32}, v4_int16 = {0x3735, 0x3537, 0x2e32, 0x282a}, v8_int8 = {0x35, 
    0x37, 0x37, 0x35, 0x32, 0x2e, 0x2a, 0x28}}
mm6            {uint64 = 0x282a2e3235373735, v2_int32 = {0x35373735, 
    0x282a2e32}, v4_int16 = {0x3735, 0x3537, 0x2e32, 0x282a}, v8_int8 = {0x35, 
    0x37, 0x37, 0x35, 0x32, 0x2e, 0x2a, 0x28}}
mm7            {uint64 = 0x282a2e3235373735, v2_int32 = {0x35373735, 
    0x282a2e32}, v4_int16 = {0x3735, 0x3537, 0x2e32, 0x282a}, v8_int8 = {0x35, 
    0x37, 0x37, 0x35, 0x32, 0x2e, 0x2a, 0x28}}

This is on a FreeBSD-10.2/amd64 machine with the CPUs having the following features:

CPU: Pentium(R) Dual-Core  CPU      E6700  @ 3.20GHz (3200.06-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0x1067a  Family = 0x6  Model = 0x17  Stepping = 10
  Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0x400e3bd<SSE3,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,XSAVE>
  AMD Features=0x20100000<NX,LM>
  AMD Features2=0x1<LAHF>
  TSC: P-state invariant, performance statistics

ffmpeg identifies itself thus (version 2.8.6 is not listed as an option under "Version" in trac):

ffmpeg -version
ffmpeg version 2.8.6 Copyright (c) 2000-2016 the FFmpeg developers
built with FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
configuration: --prefix=/opt --mandir=/opt/man --datadir=/opt/share/ffmpeg --pkgconfigdir=/opt/libdata/pkgconfig --enable-shared --enable-gpl --enable-postproc --enable-avfilter --enable-avresample --enable-pthreads --disable-libstagefright-h264 --disable-libutvideo --disable-libsoxr --cc=cc --extra-cflags='-msse -I/opt/include/vorbis -I/opt/include' --extra-ldflags='-L/opt/lib ' --extra-libs=-lpthread --enable-memalign-hack --enable-libaacplus --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libass --enable-libbs2b --enable-libcaca --enable-libcdio --enable-libcelt --disable-libdc1394 --disable-debug --disable-htmlpages --enable-libfaac --enable-libfdk-aac --disable-ffserver --enable-libflite --enable-fontconfig --enable-libfreetype --enable-frei0r --disable-libfribidi --enable-libgme --enable-libgsm --enable-iconv --enable-libilbc --disable-indev=jack --disable-ladspa --enable-libmp3lame --enable-libbluray --enable-mmx --disable-libmodplug --enable-openal --enable-opencl --enable-libopencv --enable-opengl --enable-libopenh264 --enable-libopenjpeg --enable-libopus --disable-libpulse --disable-indev=pulse --disable-outdev=pulse --disable-libquvi --enable-runtime-cpudetect --enable-librtmp --enable-libschroedinger --enable-ffplay --enable-libsmbclient --enable-libsnappy --enable-libspeex --enable-sse --enable-libssh --enable-libtheora --enable-libtwolame --disable-libv4l2 --disable-indev=v4l2 --disable-outdev=v4l2 --enable-vaapi --disable-vdpau --enable-libvidstab --enable-libvorbis --enable-libvo-aacenc --enable-libvo-amrwbenc --enable-libvpx --enable-libwavpack --enable-libwebp --enable-x11grab --enable-libx264 --enable-libx265 --enable-libxcb --enable-libxvid --enable-libzmq --disable-libzvbi --disable-gnutls --enable-openssl --enable-version3 --enable-nonfree
libavutil      54. 31.100 / 54. 31.100
libavcodec     56. 60.100 / 56. 60.100
libavformat    56. 40.101 / 56. 40.101
libavdevice    56.  4.100 / 56.  4.100
libavfilter     5. 40.101 /  5. 40.101
libavresample   2.  1.  0 /  2.  1.  0
libswscale      3.  1.101 /  3.  1.101
libswresample   1.  2.101 /  1.  2.101
libpostproc    53.  3.100 / 53.  3.100

A very similarly configured box with Opteron CPUs does not exhibit this problem.

Attachments (3)

staples-short.mp4 (2.4 MB ) - added by Міхаіл 9 years ago.: An "offending" video
gdb-output.txt (19.3 KB ) - added by Міхаіл 9 years ago.: Output of gdb running the program, with post-mortem debugging steps
gdb-output.2.txt (19.3 KB ) - added by Міхаіл 9 years ago.: Output of gdb running the program, with post-mortem debugging steps -- after adding --disable-stripping to configure

Change History (35)

comment:1 by Міхаіл, 9 years ago

Meanwhile, I rebuilt the ffmpeg-port with the additional --disable-sse2 flag, and now firefox is able to open the above URL.

I can upload the video mp4-file, if requested, but it seems like a waste of space...

follow-up: 3 comment:2 by Carl Eugen Hoyos, 9 years ago

Keywords:	h264 crash SIGSEGV added

Is the crash reproducible with current FFmpeg git head?

in reply to: 2 ; follow-up: 5 comment:3 by Міхаіл, 9 years ago

Replying to cehoyos:

Is the crash reproducible with current FFmpeg git head?

It took me a while to build the master here -- without the aid of FreeBSD port.

And, yes, the problem is still here:

Program received signal SIGBUS, Bus error.
[Switching to Thread 2e003800 (LWP 101038/ffplay)]
0x28c02d42 in ff_deblock_v_luma_8_sse2 () from libavcodec/libavcodec.so.57
(gdb) where
#0  0x28c02d42 in ff_deblock_v_luma_8_sse2 () from libavcodec/libavcodec.so.57
#1  0x2e64dec0 in ?? ()
#2  0x2e425160 in ?? ()
#3  0x296315e0 in ff_sine_8192 () from libavcodec/libavcodec.so.57
#4  0x29636a60 in ff_sine_4096 () from libavcodec/libavcodec.so.57
#5  0x299120b7 in malloc () from /lib/libc.so.7
Previous frame inner to this frame (corrupt stack?)
(gdb) disass $pc-32,$pc+32
Dump of assembler code for function ff_deblock_v_luma_8_sse2:
0x28c02d20 <ff_deblock_v_luma_8_sse2+0>:        push   %ebx
0x28c02d21 <ff_deblock_v_luma_8_sse2+1>:        push   %esi
0x28c02d22 <ff_deblock_v_luma_8_sse2+2>:        sub    $0x24,%esp
0x28c02d25 <ff_deblock_v_luma_8_sse2+5>:        mov    0x30(%esp),%eax
0x28c02d29 <ff_deblock_v_luma_8_sse2+9>:        mov    0x34(%esp),%ecx
0x28c02d2d <ff_deblock_v_luma_8_sse2+13>:       mov    0x38(%esp),%edx
0x28c02d31 <ff_deblock_v_luma_8_sse2+17>:       mov    0x3c(%esp),%ebx
0x28c02d35 <ff_deblock_v_luma_8_sse2+21>:       mov    0x40(%esp),%esi
0x28c02d39 <ff_deblock_v_luma_8_sse2+25>:       lea    (%ecx,%ecx,2),%esi
0x28c02d3c <ff_deblock_v_luma_8_sse2+28>:       dec    %edx
0x28c02d3d <ff_deblock_v_luma_8_sse2+29>:       neg    %esi
0x28c02d3f <ff_deblock_v_luma_8_sse2+31>:       dec    %ebx
0x28c02d40 <ff_deblock_v_luma_8_sse2+32>:       add    %eax,%esi
0x28c02d42 <ff_deblock_v_luma_8_sse2+34>:       movdqa (%esi,%ecx,1),%xmm0
0x28c02d47 <ff_deblock_v_luma_8_sse2+39>:       movdqa (%esi,%ecx,2),%xmm1
0x28c02d4c <ff_deblock_v_luma_8_sse2+44>:       movdqa (%eax),%xmm2
0x28c02d50 <ff_deblock_v_luma_8_sse2+48>:       movdqa (%eax,%ecx,1),%xmm3
0x28c02d55 <ff_deblock_v_luma_8_sse2+53>:       movd   %edx,%xmm4
0x28c02d59 <ff_deblock_v_luma_8_sse2+57>:       movd   %ebx,%xmm5
0x28c02d5d <ff_deblock_v_luma_8_sse2+61>:       pshuflw $0x0,%xmm4,%xmm4
0x28c02d62 <ff_deblock_v_luma_8_sse2+66>:       punpcklqdq %xmm4,%xmm4
0x28c02d66 <ff_deblock_v_luma_8_sse2+70>:       pshuflw $0x0,%xmm5,%xmm5
0x28c02d6b <ff_deblock_v_luma_8_sse2+75>:       punpcklqdq %xmm5,%xmm5
0x28c02d6f <ff_deblock_v_luma_8_sse2+79>:       packuswb %xmm4,%xmm4
0x28c02d73 <ff_deblock_v_luma_8_sse2+83>:       packuswb %xmm5,%xmm5
0x28c02d77 <ff_deblock_v_luma_8_sse2+87>:       movdqa %xmm2,%xmm6
0x28c02d7b <ff_deblock_v_luma_8_sse2+91>:       movdqa %xmm1,%xmm7
0x28c02d7f <ff_deblock_v_luma_8_sse2+95>:       psubusb %xmm1,%xmm6
0x28c02d83 <ff_deblock_v_luma_8_sse2+99>:       psubusb %xmm2,%xmm7
0x28c02d87 <ff_deblock_v_luma_8_sse2+103>:      por    %xmm6,%xmm7
0x28c02d8b <ff_deblock_v_luma_8_sse2+107>:      psubusb %xmm4,%xmm7
0x28c02d8f <ff_deblock_v_luma_8_sse2+111>:      movdqa %xmm1,%xmm6
0x28c02d93 <ff_deblock_v_luma_8_sse2+115>:      movdqa %xmm0,%xmm4
0x28c02d97 <ff_deblock_v_luma_8_sse2+119>:      psubusb %xmm0,%xmm6
0x28c02d9b <ff_deblock_v_luma_8_sse2+123>:      psubusb %xmm1,%xmm4
0x28c02d9f <ff_deblock_v_luma_8_sse2+127>:      por    %xmm6,%xmm4
0x28c02da3 <ff_deblock_v_luma_8_sse2+131>:      psubusb %xmm5,%xmm4
0x28c02da7 <ff_deblock_v_luma_8_sse2+135>:      por    %xmm4,%xmm7
0x28c02dab <ff_deblock_v_luma_8_sse2+139>:      movdqa %xmm2,%xmm6
0x28c02daf <ff_deblock_v_luma_8_sse2+143>:      movdqa %xmm3,%xmm4
0x28c02db3 <ff_deblock_v_luma_8_sse2+147>:      psubusb %xmm3,%xmm6
0x28c02db7 <ff_deblock_v_luma_8_sse2+151>:      psubusb %xmm2,%xmm4
0x28c02dbb <ff_deblock_v_luma_8_sse2+155>:      por    %xmm6,%xmm4
0x28c02dbf <ff_deblock_v_luma_8_sse2+159>:      psubusb %xmm5,%xmm4
0x28c02dc3 <ff_deblock_v_luma_8_sse2+163>:      por    %xmm4,%xmm7
0x28c02dc7 <ff_deblock_v_luma_8_sse2+167>:      pxor   %xmm6,%xmm6
0x28c02dcb <ff_deblock_v_luma_8_sse2+171>:      pcmpeqb %xmm6,%xmm7
0x28c02dcf <ff_deblock_v_luma_8_sse2+175>:      mov    0x40(%esp),%ebx
0x28c02dd3 <ff_deblock_v_luma_8_sse2+179>:      pcmpeqb %xmm3,%xmm3
0x28c02dd7 <ff_deblock_v_luma_8_sse2+183>:      movd   (%ebx),%xmm4
0x28c02ddb <ff_deblock_v_luma_8_sse2+187>:      punpcklbw %xmm4,%xmm4
0x28c02ddf <ff_deblock_v_luma_8_sse2+191>:      punpcklbw %xmm4,%xmm4
0x28c02de3 <ff_deblock_v_luma_8_sse2+195>:      movdqa %xmm4,0x10(%esp)
0x28c02de9 <ff_deblock_v_luma_8_sse2+201>:      pcmpgtb %xmm3,%xmm4
0x28c02ded <ff_deblock_v_luma_8_sse2+205>:      movdqa (%esi),%xmm3
0x28c02df1 <ff_deblock_v_luma_8_sse2+209>:      pand   %xmm7,%xmm4
0x28c02df5 <ff_deblock_v_luma_8_sse2+213>:      movdqa %xmm4,(%esp)
0x28c02dfa <ff_deblock_v_luma_8_sse2+218>:      movdqa %xmm3,%xmm7
0x28c02dfe <ff_deblock_v_luma_8_sse2+222>:      movdqa %xmm1,%xmm6
0x28c02e02 <ff_deblock_v_luma_8_sse2+226>:      psubusb %xmm1,%xmm7
0x28c02e06 <ff_deblock_v_luma_8_sse2+230>:      psubusb %xmm3,%xmm6
0x28c02e0a <ff_deblock_v_luma_8_sse2+234>:      psubusb %xmm5,%xmm7
0x28c02e0e <ff_deblock_v_luma_8_sse2+238>:      psubusb %xmm5,%xmm6
0x28c02e12 <ff_deblock_v_luma_8_sse2+242>:      pcmpeqb %xmm7,%xmm6
0x28c02e16 <ff_deblock_v_luma_8_sse2+246>:      pand   %xmm4,%xmm6
0x28c02e1a <ff_deblock_v_luma_8_sse2+250>:      pand   0x10(%esp),%xmm4
0x28c02e20 <ff_deblock_v_luma_8_sse2+256>:      movdqa %xmm4,%xmm7
0x28c02e24 <ff_deblock_v_luma_8_sse2+260>:      psubb  %xmm6,%xmm7
0x28c02e28 <ff_deblock_v_luma_8_sse2+264>:      pand   %xmm4,%xmm6
0x28c02e2c <ff_deblock_v_luma_8_sse2+268>:      movdqa %xmm1,%xmm4
0x28c02e30 <ff_deblock_v_luma_8_sse2+272>:      pavgb  %xmm2,%xmm4
0x28c02e34 <ff_deblock_v_luma_8_sse2+276>:      pavgb  %xmm4,%xmm3
0x28c02e38 <ff_deblock_v_luma_8_sse2+280>:      pxor   (%esi),%xmm4
0x28c02e3c <ff_deblock_v_luma_8_sse2+284>:      pand   0x28f5f400,%xmm4
0x28c02e44 <ff_deblock_v_luma_8_sse2+292>:      psubusb %xmm4,%xmm3
0x28c02e48 <ff_deblock_v_luma_8_sse2+296>:      movdqa %xmm0,%xmm4
0x28c02e4c <ff_deblock_v_luma_8_sse2+300>:      psubusb %xmm6,%xmm4
0x28c02e50 <ff_deblock_v_luma_8_sse2+304>:      paddusb %xmm0,%xmm6
0x28c02e54 <ff_deblock_v_luma_8_sse2+308>:      pmaxub %xmm4,%xmm3
0x28c02e58 <ff_deblock_v_luma_8_sse2+312>:      pminub %xmm6,%xmm3
0x28c02e5c <ff_deblock_v_luma_8_sse2+316>:      movdqa %xmm3,(%esi,%ecx,1)
0x28c02e61 <ff_deblock_v_luma_8_sse2+321>:      movdqa (%eax,%ecx,2),%xmm4
0x28c02e66 <ff_deblock_v_luma_8_sse2+326>:      movdqa %xmm4,%xmm3
0x28c02e6a <ff_deblock_v_luma_8_sse2+330>:      movdqa %xmm2,%xmm6
0x28c02e6e <ff_deblock_v_luma_8_sse2+334>:      psubusb %xmm2,%xmm3
0x28c02e72 <ff_deblock_v_luma_8_sse2+338>:      psubusb %xmm4,%xmm6
0x28c02e76 <ff_deblock_v_luma_8_sse2+342>:      psubusb %xmm5,%xmm3
0x28c02e7a <ff_deblock_v_luma_8_sse2+346>:      psubusb %xmm5,%xmm6
0x28c02e7e <ff_deblock_v_luma_8_sse2+350>:      pcmpeqb %xmm3,%xmm6
0x28c02e82 <ff_deblock_v_luma_8_sse2+354>:      pand   (%esp),%xmm6
0x28c02e87 <ff_deblock_v_luma_8_sse2+359>:      movdqa 0x10(%esp),%xmm5
0x28c02e8d <ff_deblock_v_luma_8_sse2+365>:      psubb  %xmm6,%xmm7
0x28c02e91 <ff_deblock_v_luma_8_sse2+369>:      pand   %xmm6,%xmm5
0x28c02e95 <ff_deblock_v_luma_8_sse2+373>:      movdqa (%eax,%ecx,1),%xmm3
0x28c02e9a <ff_deblock_v_luma_8_sse2+378>:      movdqa %xmm1,%xmm6
0x28c02e9e <ff_deblock_v_luma_8_sse2+382>:      pavgb  %xmm2,%xmm6
0x28c02ea2 <ff_deblock_v_luma_8_sse2+386>:      pavgb  %xmm6,%xmm4
0x28c02ea6 <ff_deblock_v_luma_8_sse2+390>:      pxor   (%eax,%ecx,2),%xmm6
0x28c02eab <ff_deblock_v_luma_8_sse2+395>:      pand   0x28f5f400,%xmm6
0x28c02eb3 <ff_deblock_v_luma_8_sse2+403>:      psubusb %xmm6,%xmm4
0x28c02eb7 <ff_deblock_v_luma_8_sse2+407>:      movdqa %xmm3,%xmm6
0x28c02ebb <ff_deblock_v_luma_8_sse2+411>:      psubusb %xmm5,%xmm6
0x28c02ebf <ff_deblock_v_luma_8_sse2+415>:      paddusb %xmm3,%xmm5
0x28c02ec3 <ff_deblock_v_luma_8_sse2+419>:      pmaxub %xmm6,%xmm4
0x28c02ec7 <ff_deblock_v_luma_8_sse2+423>:      pminub %xmm5,%xmm4
0x28c02ecb <ff_deblock_v_luma_8_sse2+427>:      movdqa %xmm4,(%eax,%ecx,1)
0x28c02ed0 <ff_deblock_v_luma_8_sse2+432>:      pcmpeqb %xmm4,%xmm4
0x28c02ed4 <ff_deblock_v_luma_8_sse2+436>:      movdqa %xmm1,%xmm5
0x28c02ed8 <ff_deblock_v_luma_8_sse2+440>:      pxor   %xmm2,%xmm5
0x28c02edc <ff_deblock_v_luma_8_sse2+444>:      pxor   %xmm4,%xmm3
0x28c02ee0 <ff_deblock_v_luma_8_sse2+448>:      pand   0x28f5f400,%xmm5
0x28c02ee8 <ff_deblock_v_luma_8_sse2+456>:      pavgb  %xmm0,%xmm3
0x28c02eec <ff_deblock_v_luma_8_sse2+460>:      pxor   %xmm1,%xmm4
0x28c02ef0 <ff_deblock_v_luma_8_sse2+464>:      pavgb  0x28f5f440,%xmm3
0x28c02ef8 <ff_deblock_v_luma_8_sse2+472>:      pavgb  %xmm2,%xmm4
0x28c02efc <ff_deblock_v_luma_8_sse2+476>:      pavgb  %xmm5,%xmm3
0x28c02f00 <ff_deblock_v_luma_8_sse2+480>:      movdqa 0x28f5fda0,%xmm6
0x28c02f08 <ff_deblock_v_luma_8_sse2+488>:      paddusb %xmm4,%xmm3
0x28c02f0c <ff_deblock_v_luma_8_sse2+492>:      psubusb %xmm3,%xmm6
0x28c02f10 <ff_deblock_v_luma_8_sse2+496>:      psubusb 0x28f5fda0,%xmm3
0x28c02f18 <ff_deblock_v_luma_8_sse2+504>:      pminub %xmm7,%xmm6
0x28c02f1c <ff_deblock_v_luma_8_sse2+508>:      pminub %xmm7,%xmm3
0x28c02f20 <ff_deblock_v_luma_8_sse2+512>:      psubusb %xmm6,%xmm1
0x28c02f24 <ff_deblock_v_luma_8_sse2+516>:      psubusb %xmm3,%xmm2
0x28c02f28 <ff_deblock_v_luma_8_sse2+520>:      paddusb %xmm3,%xmm1
0x28c02f2c <ff_deblock_v_luma_8_sse2+524>:      paddusb %xmm6,%xmm2
0x28c02f30 <ff_deblock_v_luma_8_sse2+528>:      movdqa %xmm1,(%esi,%ecx,2)
0x28c02f35 <ff_deblock_v_luma_8_sse2+533>:      movdqa %xmm2,(%eax)
0x28c02f39 <ff_deblock_v_luma_8_sse2+537>:      add    $0x24,%esp
0x28c02f3c <ff_deblock_v_luma_8_sse2+540>:      pop    %esi
0x28c02f3d <ff_deblock_v_luma_8_sse2+541>:      pop    %ebx
0x28c02f3e <ff_deblock_v_luma_8_sse2+542>:      ret    
0x28c02f3f <ff_deblock_v_luma_8_sse2+543>:      nop    
End of assembler dump.
(gdb) info all-registers
eax            0xbb9fb604       -1147161084
ecx            0x10     16
edx            0x9      9
ebx            0x3      3
esp            0xbb9fb584       0xbb9fb584
ebp            0x2e544020       0x2e544020
esi            0xbb9fb5d4       -1147161132
edi            0x4b     75
eip            0x28c02d42       0x28c02d42
eflags         0x210287 2163335
cs             0x33     51
ss             0x3b     59
ds             0x3b     59
es             0x3b     59
fs             0x3b     59
gs             0x1b     27
st0            -nan(0x282a2e32282a2e32) (raw 0xffff282a2e32282a2e32)
st1            -nan(0x27292f3236373736) (raw 0xffff27292f3236373736)
st2            -nan(0x27292f3227292f32) (raw 0xffff27292f3227292f32)
st3            -nan(0x27292f3236373736) (raw 0xffff27292f3236373736)
st4            -nan(0x27292f3227292f32) (raw 0xffff27292f3227292f32)
st5            -nan(0x282a2e3235373735) (raw 0xffff282a2e3235373735)
st6            -nan(0x282a2e3235373735) (raw 0xffff282a2e3235373735)
st7            -nan(0x282a2e3235373735) (raw 0xffff282a2e3235373735)
fctrl          0x127f   4735
fstat          0x20     32
ftag           0xaaaa   43690
fiseg          0x33     51
fioff          0x28530f14       676531988
foseg          0x3b     59
fooff          0xbb9fb5a8       -1147161176
fop            0x19c    412
xmm0           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x27, 0x27, 0x27, 0x27, 0x27, 0x27, 0x27, 0x27, 0x28, 0x28, 
    0x28, 0x28, 0x28, 0x28, 0x28, 0x28}, v8_int16 = {0x2727, 0x2727, 0x2727, 
    0x2727, 0x2828, 0x2828, 0x2828, 0x2828}, v4_int32 = {0x27272727, 
    0x27272727, 0x28282828, 0x28282828}, v2_int64 = {0x2727272727272727, 
    0x2828282828282828}, uint128 = 0x28282828282828282727272727272727}
xmm1           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x28 <repeats 16 times>}, v8_int16 = {0x2828, 0x2828, 0x2828, 
    0x2828, 0x2828, 0x2828, 0x2828, 0x2828}, v4_int32 = {0x28282828, 
    0x28282828, 0x28282828, 0x28282828}, v2_int64 = {0x2828282828282828, 
    0x2828282828282828}, uint128 = 0x28282828282828282828282828282828}
xmm2           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x32 <repeats 16 times>}, v8_int16 = {0x3232, 0x3232, 0x3232, 
    0x3232, 0x3232, 0x3232, 0x3232, 0x3232}, v4_int32 = {0x32323232, 
    0x32323232, 0x32323232, 0x32323232}, v2_int64 = {0x3232323232323232, 
    0x3232323232323232}, uint128 = 0x32323232323232323232323232323232}
xmm3           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x37 <repeats 16 times>}, v8_int16 = {0x3737, 0x3737, 0x3737, 
    0x3737, 0x3737, 0x3737, 0x3737, 0x3737}, v4_int32 = {0x37373737, 
    0x37373737, 0x37373737, 0x37373737}, v2_int64 = {0x3737373737373737, 
    0x3737373737373737}, uint128 = 0x37373737373737373737373737373737}
xmm4           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x29 <repeats 16 times>}, v8_int16 = {0x2929, 0x2929, 0x2929, 
    0x2929, 0x2929, 0x2929, 0x2929, 0x2929}, v4_int32 = {0x29292929, 
    0x29292929, 0x29292929, 0x29292929}, v2_int64 = {0x2929292929292929, 
    0x2929292929292929}, uint128 = 0x29292929292929292929292929292929}
xmm5           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x2b <repeats 16 times>}, v8_int16 = {0x2b2b, 0x2b2b, 0x2b2b, 
    0x2b2b, 0x2b2b, 0x2b2b, 0x2b2b, 0x2b2b}, v4_int32 = {0x2b2b2b2b, 
    0x2b2b2b2b, 0x2b2b2b2b, 0x2b2b2b2b}, v2_int64 = {0x2b2b2b2b2b2b2b2b, 
    0x2b2b2b2b2b2b2b2b}, uint128 = 0x2b2b2b2b2b2b2b2b2b2b2b2b2b2b2b2b}
xmm6           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, 
  uint128 = 0x00000000000000000000000000000000}
xmm7           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
  v16_int8 = {0x2a <repeats 16 times>}, v8_int16 = {0x2a2a, 0x2a2a, 0x2a2a, 
    0x2a2a, 0x2a2a, 0x2a2a, 0x2a2a, 0x2a2a}, v4_int32 = {0x2a2a2a2a, 
    0x2a2a2a2a, 0x2a2a2a2a, 0x2a2a2a2a}, v2_int64 = {0x2a2a2a2a2a2a2a2a, 
    0x2a2a2a2a2a2a2a2a}, uint128 = 0x2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a}
mxcsr          0x1fa0   8096
mm0            {uint64 = 0x282a2e32282a2e32, v2_int32 = {0x282a2e32, 
    0x282a2e32}, v4_int16 = {0x2e32, 0x282a, 0x2e32, 0x282a}, v8_int8 = {0x32, 
    0x2e, 0x2a, 0x28, 0x32, 0x2e, 0x2a, 0x28}}
mm1            {uint64 = 0x27292f3236373736, v2_int32 = {0x36373736, 
    0x27292f32}, v4_int16 = {0x3736, 0x3637, 0x2f32, 0x2729}, v8_int8 = {0x36, 
    0x37, 0x37, 0x36, 0x32, 0x2f, 0x29, 0x27}}
mm2            {uint64 = 0x27292f3227292f32, v2_int32 = {0x27292f32, 
    0x27292f32}, v4_int16 = {0x2f32, 0x2729, 0x2f32, 0x2729}, v8_int8 = {0x32, 
    0x2f, 0x29, 0x27, 0x32, 0x2f, 0x29, 0x27}}
mm3            {uint64 = 0x27292f3236373736, v2_int32 = {0x36373736, 
    0x27292f32}, v4_int16 = {0x3736, 0x3637, 0x2f32, 0x2729}, v8_int8 = {0x36, 
    0x37, 0x37, 0x36, 0x32, 0x2f, 0x29, 0x27}}
mm4            {uint64 = 0x27292f3227292f32, v2_int32 = {0x27292f32, 
    0x27292f32}, v4_int16 = {0x2f32, 0x2729, 0x2f32, 0x2729}, v8_int8 = {0x32, 
    0x2f, 0x29, 0x27, 0x32, 0x2f, 0x29, 0x27}}
mm5            {uint64 = 0x282a2e3235373735, v2_int32 = {0x35373735, 
    0x282a2e32}, v4_int16 = {0x3735, 0x3537, 0x2e32, 0x282a}, v8_int8 = {0x35, 
    0x37, 0x37, 0x35, 0x32, 0x2e, 0x2a, 0x28}}
mm6            {uint64 = 0x282a2e3235373735, v2_int32 = {0x35373735, 
    0x282a2e32}, v4_int16 = {0x3735, 0x3537, 0x2e32, 0x282a}, v8_int8 = {0x35, 
    0x37, 0x37, 0x35, 0x32, 0x2e, 0x2a, 0x28}}
mm7            {uint64 = 0x282a2e3235373735, v2_int32 = {0x35373735, 
    0x282a2e32}, v4_int16 = {0x3735, 0x3537, 0x2e32, 0x282a}, v8_int8 = {0x35, 
    0x37, 0x37, 0x35, 0x32, 0x2e, 0x2a, 0x28}}

(That said, I don't think, the very question is fair -- I reported the bug against the latest release of your software. A release, not even two weeks old at this time...)

by Міхаіл, 9 years ago

Attachment:	staples-short.mp4 added

An "offending" video

comment:4 by Carl Eugen Hoyos, 9 years ago

The stack trace looks broken, could you test with --disable-optimizations and/or --enable-debug=3?
Unless you find the place where memory with insufficient alignment is allocated: I hope this isn't just a compiler bug...

in reply to: 3 comment:5 by Carl Eugen Hoyos, 9 years ago

Replying to mi:

(That said, I don't think, the very question is fair -- I reported the bug against the latest release of your software.

Which is not ok, see the first paragraph on https://ffmpeg.org/bugreports.html

A release, not even two weeks old at this time...)

It is actually over five month old;-(
This is of course not your fault but makes it even more important to test current FFmpeg.

by Міхаіл, 9 years ago

Attachment:	gdb-output.txt added

Output of gdb running the program, with post-mortem debugging steps

follow-ups: 8 9 comment:6 by Міхаіл, 9 years ago

Replying to cehoyos:

The stack trace looks broken, could you test with --disable-optimizations and/or --enable-debug=3?

Simply adding those two flags breaks build -- various *_sse4 and _ssse3 symbols remain "not found" at link-time. I had to also add --disable-sse4 and --disable-ssse3 to configure-arguments to get things to build. The crash is still here, I'll attach the output of gdb-session.

Unless you find the place where memory with insufficient alignment is allocated: I hope this isn't just a compiler bug...

Searching Internet for the name of the function brings up plenty of hits -- with work-arounds offered for gcc, but not for clang. BTW, you added "SIGSEGV" as the keyword to this bug -- it is SIGBUS I'm seeing, not segmentation fault.

Replying to cehoyos:

Which is not ok, see the first paragraph on https://ffmpeg.org/bugreports.html

Your having codified it does not make it fair. You could've demanded, every bug-submitter first reproduce their problem on SCO Unix, for example. Or see, if it is still there if they shake a dead chicken, while running your code. A good way to keep the bug-database nice and clean, is not it?

Reporting a problem in the latest release should be sufficient. If you have not seen fit to release, what is currently at the top of your master-branch, making users struggle with it -- in addition to struggling with the bug itself and the gdb -- is not fair.

follow-up: 10 comment:7 by Clément Bœsch, 9 years ago

I just tried ffplay_g -cpuflags none+sse2 /tmp/staples-short.mp4 (and confirmed with gdb that it indeed enters ff_deblock_v_luma_8_sse2) but couldn't reproduce the crash...

in reply to: 6 comment:8 by Carl Eugen Hoyos, 9 years ago

Replying to mi:

Reporting a problem in the latest release should be sufficient.

Please understand that it is not (and has never been).

If you have not seen fit to release, what is currently at the top of your master-branch, making users struggle with it

You don't know (or completely misunderstand) our development process: No code is (ever) committed that we believe isn't fit to release, releases are snapshots for distributions that by definition contain more bugs and less features than current FFmpeg and except for security fixes see no further care at all. (This was never different as far as I remember and is not different in projects that are being compared, no matter what they tell you.)

in reply to: 6 comment:9 by Carl Eugen Hoyos, 9 years ago

Replying to mi:

Replying to cehoyos:

The stack trace looks broken, could you test with --disable-optimizations and/or --enable-debug=3?

Simply adding those two flags breaks build -- various *_sse4 and _ssse3 symbols remain "not found" at link-time.

How can I reproduce this? I believe it is supposed to work (and it works fine here)...

in reply to: 7 ; follow-up: 13 comment:10 by Міхаіл, 9 years ago

Replying to cehoyos:

Replying to mi:

Reporting a problem in the latest release should be sufficient.

Please understand that it is not (and has never been).

Yes, it used to be worse -- the very idea of "release" was foreign to ffmpeg developers, I remember having this conversation with some of you before. We, downstream packagers, had to take date-based snapshots of your tree in order to provide something for our users.

You now have something referred to as "releases", which I consider progress. The next step for you would be to actually support them...

(This was never different as far as I remember and is not different in projects that
are being compared, no matter what they tell you.)

Whatever you may think of quality of other projects' releases -- and whether they are justified in using the name "release" for their snapshots at all -- no other project I've ever dealt with would force a bug-submitter to reproduce the bug on a non-released version of the software. Sometimes, if the buggy version is too old, the submitter may be asked to check, whether a more recent release still contains the problem, but the demand for use of the top of the trunk -- that's unique to ffmpeg.

Replying to cehoyos:

How can I reproduce this? I believe it is supposed to work (and it works fine here)...

See ticket #5234.

Replying to ubitux:

I just tried ffplay_g -cpuflags none+sse2 /tmp/staples-short.mp4 (and confirmed with
gdb that it indeed enters ff_deblock_v_luma_8_sse2) but couldn't reproduce the crash...

What is your actual CPU? Like I wrote, I don't have this problem on a similar machine, which has Opterons instead of "GenuineIntel" E6700...

Last edited 9 years ago by Міхаіл (previous) (diff)

comment:11 by Міхаіл, 9 years ago

Like I wrote, I don't have this problem on a similar machine, which has Opterons instead
of "GenuineIntel?" E6700...

My apologies... The Opteron-based system I was talking about is a 64-bit one (FreeBSD/amd64).

The one with the problem is 32-bit (FreeBSD/i386), which may explain the difference I'm observing here.

Sorry, I thought, they are both 64-bit.

by Міхаіл, 9 years ago

Attachment:	gdb-output.2.txt added

Output of gdb running the program, with post-mortem debugging steps -- after adding --disable-stripping to configure

follow-up: 14 comment:12 by Carl Eugen Hoyos, 9 years ago

How is the new attachment different from the last one you attached?

in reply to: 10 comment:13 by Carl Eugen Hoyos, 9 years ago

Replying to mi:

We, downstream packagers

Please clarify something, I had not realized you are a packager:

--enable-nonfree

Where does this option come from? Are you reporting issues with your local build or with a build that gets distributed?

in reply to: 12 ; follow-up: 15 comment:14 by Міхаіл, 9 years ago

Replying to cehoyos:

How is the new attachment different from the last one you attached?

It was obtained using binaries built with an additional configure-argument: --disable-stripping. As a result, it may contain additional information to help ffmpeg-developers figure out, what is wrong.

Replying to cehoyos:

I had not realized you are a packager

I happen to be a member of the FreeBSD ports-team. However, I do not maintain the ffmpeg-port(s).

--enable-nonfree

Where does this option come from?

The FreeBSD port http://www.freshports.org/multimedia/ffmpeg has a number of build-time options, enabling the stricter-licensed parts being one of them (NONFREE). As you can see from the above-linked port-page, the option is off by default so the binary-distribution remains properly licensed.

On my own systems, where I build everything from source (using ports maintained by myself and fellow ports-maintainers), I enable this option.

in reply to: 14 comment:15 by Carl Eugen Hoyos, 9 years ago

Replying to mi:

Replying to cehoyos:

How is the new attachment different from the last one you attached?

It was obtained using binaries built with an additional configure-argument: --disable-stripping. As a result, it may contain additional information to help ffmpeg-developers figure out, what is wrong.

No, shared libraries are not stripped by default. Only useless labels that gdb cannot parse correctly are removed from compiled yasm source files.

Replying to cehoyos:

I had not realized you are a packager

I happen to be a member of the FreeBSD ports-team. However, I do not maintain the ffmpeg-port(s).

--enable-nonfree

Where does this option come from?

The FreeBSD port http://www.freshports.org/multimedia/ffmpeg has a number of build-time options, enabling the stricter-licensed parts being one of them (NONFREE). As you can see from the above-linked port-page, the option is off by default so the binary-distribution remains properly licensed.

On my own systems, where I build everything from source (using ports maintained by myself and fellow ports-maintainers), I enable this option.

Thank you for the explanation.
Please understand that generally tests with sane configure lines are required (although I don't know if it makes any difference for this ticket): I will comment in ticket #5234.

comment:16 by Carl Eugen Hoyos, 8 years ago

Priority:	normal → important
Resolution:	→ needs_more_info
Status:	new → closed

I don't think this can be analyzed and fixed without gdb output from a debug build.

comment:17 by coypu, 8 years ago

Hi, for context on a working fix, -mstackrealign on GCC

-mstackrealign

Realign the stack at entry. On the Intel x86, the -mstackrealign
option generates an alternate prologue and epilogue that realigns
the run-time stack if necessary. This supports mixing legacy codes
that keep 4-byte stack alignment with modern codes that keep
16-byte stack alignment for SSE compatibility. See also the
attribute "force_align_arg_pointer", applicable to individual
functions.

comment:18 by Міхаіл, 8 years ago

Resolution:	needs_more_info
Status:	closed → reopened

-mstackrealign

Yes, after [patching the configure-script|https://lists.freebsd.org/pipermail/freebsd-ports/2016-September/104946.html] thus the problem goes away:

--- configure      2015-06-19 20:47:55 UTC
+++ configure
@@ -5682,7 +5677,11 @@ elif enabled gcc; then
 elif enabled llvm_gcc; then
     check_cflags -mllvm -stack-alignment=16
 elif enabled clang; then
-    check_cflags -mllvm -stack-alignment=16
+    if enabled x86_32; then
+        check_cflags -mllvm -stack-alignment=16
+        check_cflags -mstack-alignment=16
+        check_cflags -mstackrealign
+    fi
     check_cflags -Qunused-arguments
     check_cflags -Werror=implicit-function-declaration
     check_cflags -Werror=missing-prototypes

Not sure, what the cost of these flags is -- is the entire package being pessimized instead of fixing one or two troublesome function(s)?

follow-up: 20 comment:19 by Carl Eugen Hoyos, 8 years ago

Is this issue reproducible with OpenBSD or NetBSD?
With vanilla clang?

Last edited 8 years ago by Carl Eugen Hoyos (previous) (diff)

in reply to: 19 comment:20 by Міхаіл, 8 years ago

Replying to cehoyos:

Is this issue reproducible with OpenBSD or NetBSD?

Sorry, I don't have access to any such boxes...

With vanilla clang?

FreeBSD uses clang by default:

% cc -v
FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
Target: i386-unknown-freebsd10.3
Thread model: posix
Selected GCC installation:

Do you want me to try it with the newer clang-3.8 or 3.7?

comment:21 by Carl Eugen Hoyos, 8 years ago

Please test two things separately:
First please test unpatched FFmpeg, run configure and then change the line in config.h containing HAVE_ALIGNED_STACK into:

#define HAVE_ALIGNED_STACK 0

Then please test if this patch alone (without any other changes and without changes to config.h) fixes the issue you see:

diff --git a/configure b/configure
index ee7e852..e014615 100755
--- a/configure
+++ b/configure
@@ -6202,6 +6202,7 @@ elif enabled llvm_gcc; then
     check_cflags -mllvm -stack-alignment=16
 elif enabled clang; then
     check_cflags -mllvm -stack-alignment=16
+    check_cflags -mstack-alignment=16
     check_cflags -Qunused-arguments
     check_cflags -Werror=implicit-function-declaration
     check_cflags -Werror=missing-prototypes

comment:22 by Carl Eugen Hoyos, 8 years ago

Please also test this change:

diff --git a/libavutil/internal.h b/libavutil/internal.h
index e995af9..ce77c81 100644
--- a/libavutil/internal.h
+++ b/libavutil/internal.h
@@ -52,7 +52,7 @@
 #endif

 #ifndef attribute_align_arg
-#if ARCH_X86_32 && AV_GCC_VERSION_AT_LEAST(4,2)
+#if ARCH_X86_32
 #    define attribute_align_arg __attribute__((force_align_arg_pointer))
 #else
 #    define attribute_align_arg

comment:23 by Міхаіл, 8 years ago

Can I, perhaps, just give you access to the machine instead? It is ssh-accessible from the Internet. Just send me your ssh public key and, optionally, your passwd entry...

follow-up: 25 comment:24 by Carl Eugen Hoyos, 8 years ago

Reproduced by developer:	set
Resolution:	→ fixed
Status:	reopened → closed
Version:	unspecified → git-master

I have fixed the issues I could reproduce (with ffmpeg, not with firefox) in d2af93ac160872124b4066a77415eb06007c7326
Thanks to Mikhail and the FreeBSD people for the hint about the stack alignment.

in reply to: 24 ; follow-up: 26 comment:25 by Міхаіл, 8 years ago

Replying to cehoyos:

--- a/configure
+++ b/configure
@@ -6202,6 +6202,7 @@ elif enabled llvm_gcc; then
     check_cflags -mllvm -stack-alignment=16
 elif enabled clang; then
     check_cflags -mllvm -stack-alignment=16
+    check_cflags -mstack-alignment=16
     check_cflags -Qunused-arguments
     check_cflags -Werror=implicit-function-declaration
     check_cflags -Werror=missing-prototypes

Does this not cause a pessimization in other parts of the code, though? That was my worry -- that by setting the stack-alignment to a non-default value to solve a problem in one function slows things down (or increases memory use) everywhere else...

Thanks to Mikhail

You are welcome. I'll keep your account on the box active. In addition to clang-3.4.1 (a.k.a. cc) and gcc-4.2.1 (a.k.a. gcc), it has the latest versions of clang-3.6 (clang36), 3.7 (clang37), 3.8 (clang38) and gcc-6 (gcc6). You are most welcome -- indeed encouraged -- to routinely test with any/all of these compilers. Thank you!

in reply to: 25 comment:26 by Carl Eugen Hoyos, 8 years ago

Replying to mi:

Replying to cehoyos:

--- a/configure
+++ b/configure
@@ -6202,6 +6202,7 @@ elif enabled llvm_gcc; then
     check_cflags -mllvm -stack-alignment=16
 elif enabled clang; then
     check_cflags -mllvm -stack-alignment=16
+    check_cflags -mstack-alignment=16
     check_cflags -Qunused-arguments
     check_cflags -Werror=implicit-function-declaration
     check_cflags -Werror=missing-prototypes

Does this not cause a pessimization in other parts of the code, though?

I don't think so, as explained by the BSD developers, this is the default on (all) other systems, it was also always meant to be used (see the line -mllvm -stack-alignment=16 above).

That was my worry -- that by setting the stack-alignment to a non-default value to solve a problem in one function slows things down (or increases memory use) everywhere else...

That would be true for -mstackrealign which I fear may be necessary to fix the original issue with firefox;-(
As said, I did not test with firefox.

Thanks to Mikhail

You are welcome. I'll keep your account on the box active. In addition to clang-3.4.1 (a.k.a. cc) and gcc-4.2.1 (a.k.a. gcc), it has the latest versions of clang-3.6 (clang36), 3.7 (clang37), 3.8 (clang38)

I only tested clang 3.8 (and gcc 4.2, see below).

and gcc-6 (gcc6).

I had not found this one;-(
It is the only compiler that really works for FFmpeg on FreeBSD (gcc 4.2 is broken, configure warns about it)

Ideally, you would first test with clang and --extra-cflags=-mstack-alignment=16, if this does not help, you can try --cc=gcc6. If both still crash with firefox, one alternative is to also compile firefox with increased stack alignment.

comment:27 by Міхаіл, 8 years ago

this is the default on (all) other systems

And yet, FreeBSD chose to not make it a default -- perhaps, because the option is not quite optimal in all cases. That said, I have no idea, what it "costs", if anything...

As said, I did not test with firefox.

I did :) It really is the only use-case I care about -- on this machine, at least. It is used by an older relative, who was complaining for a while, that YouTube was not working...

I had not found this one;-(

I added gcc6 (and rsync) after noticing you looking for it.

gcc 4.2 is broken, configure warns about it

The default compiler on the still-supported FreeBSD releases is clang (3.4.1).

Ideally, you would first test with ...

No, no :) I'm happy to leave the testing to you -- and you are welcome to partake of this machine for the purpose. And, if you use anything like Jenkins for automated builds, I can make this box a proper client too. But I don't have the bandwidth to get personally involved in yet another project, sorry...

comment:28 by Carl Eugen Hoyos, 7 years ago

Resolution:	fixed
Status:	closed → reopened

This is now completely broken by several merge commits.

comment:29 by Elon Musk, 4 years ago

Is this still an issue?

follow-up: 31 comment:30 by Міхаіл, 4 years ago

Is this still an issue?

No idea. I certainly haven't had Firefox crash on me in a long time. But, I'm pretty sure, they now have their own fork of ffmpeg -- bundled with the firefox sources -- so that's not a good indicator...

in reply to: 30 comment:31 by Balling, 4 years ago

Replying to mi:

Is this still an issue?

No idea. I certainly haven't had Firefox crash on me in a long time. But, I'm pretty sure, they now have their own fork of ffmpeg -- bundled with the firefox sources -- so that's not a good indicator...

So is chromium. And we also have a fork of openjpeg. With actual patches of difference with upstream...

comment:32 by Elon Musk, 3 years ago

Resolution:	→ needs_more_info
Status:	reopened → closed

Note: See TracTickets for help on using tickets.

Download in other formats: