Opened 18 months ago

Last modified 15 months ago

#9060 reopened defect

libswscale crash with Neon - aarch64

Reported by: kuba Owned by:
Priority: important Component: swscale
Version: git-master Keywords: crash
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Hi there, this is my first post so please bare with me :)
I'm currently in the process of debugging a ffmpeg crash and I'm reaching out for some tips how to approach this. Reproducing the steps may be quite involved as the crash happens in the application which depends on ffmpeg library (libswscale). This is a custom build of Blender animation package (build on Aarch64) and the crash happens if ffmpeg is configured with Neon instructions. Here is the stack trace:

Thread 1 "blender" received signal SIGSEGV, Segmentation fault.
0x000000000257e320 in ff_yuv420p_to_rgba_neon () at libswscale/aarch64/yuv2rgb_neon.S:211
211	declare_rgb_funcs yuv420p
(gdb) bt
#0  0x000000000257e320 in ff_yuv420p_to_rgba_neon () at libswscale/aarch64/yuv2rgb_neon.S:211
#1  0x000000000257cfe0 in yuv420p_to_rgba_neon_wrapper () at libswscale/aarch64/swscale_unscaled.c:61
#2  0x000000000253361c in sws_scale () at libswscale/swscale.c:970
#3  0x0000000000dabd44 in IMB_anim_absolute ()
#4  0x0000000000b2384c in openanim ()
#5  0x0000000000a59850 in BKE_sequencer_add_movie_strip ()
#6  0x0000000000abd444 in sequencer_add_generic_strip_exec ()
#7  0x0000000000a06c38 in wm_operator_invoke ()
#8  0x0000000000a0a894 in wm_handlers_do_intern ()
#9  0x0000000000a0abf0 in wm_handlers_do ()
#10 0x0000000000a0b4b8 in wm_event_do_handlers ()
#11 0x0000000000a02590 in WM_main ()
#12 0x00000000009e27fc in main ()

Linux nano 4.9.140-tegra 2020 aarch64

If I reconfigure ffmpeg and disable Neon all works great.
I think my question at this point would be if anybody has seen similar issue in the past? Or could advise on the best way to narrow down the problem.

Thank you,
Kuba

Change History (5)

comment:1 by Carl Eugen Hoyos, 18 months ago

Is the issue reproducible with ffmpeg (the application)?

comment:2 by Carl Eugen Hoyos, 17 months ago

Keywords: crash added
Priority: normalimportant
Resolution: needs_more_info
Status: newclosed

Please reopen this ticket if you can explain how we can reproduce the issue.

comment:3 by Andrey, 17 months ago

Resolution: needs_more_info
Status: closedreopened

Reproduced on arm64.

Falls steadily if input/output stride is negative when converting YUV -> BGRA

Error is in libswscale/aarch64/yuv2rgb_neon.S around line 191
When padding is negative, pointer to the next line flies into space.

comment:4 by Carl Eugen Hoyos, 17 months ago

Please explain how we can reproduce the issue.

comment:5 by Christopher Snowhill, 15 months ago

They appear to be using for either input or output, a buffer which will be scanned from bottom to top. This appears to be using a pointer to the beginning of the last scanline, and a negative row stride increment so it steps backwards. Cheeky hack.

Note: See TracTickets for help on using tickets.