Opened 8 years ago
Closed 8 years ago
#2318 closed defect (fixed)
Crash signal 11 in demux_open with webm/vp9
| Reported by: | redxii | Owned by: | beastd |
|---|---|---|---|
| Priority: | high | Component: | libavcodec |
| Version: | HEAD | Severity: | critical |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | ||
| Reproduced by developer: | yes | Analyzed by developer: | yes |
Description
MPlayer is crashing with some webm files. A sample is provided: https://streams.videolan.org/MPlayer/incoming/sample.clip.crashes.mplayer-r37927.webm
(gdb) run mplayer -v -v -v ../sample.clip.crashes.mplayer-r37927.webm
Starting program: C:\Users\Joshua\Downloads\mplayer-svn-37927-d\mplayer.exe mplayer -v -v -v ../sample.clip.crashes.mplayer-r37927.webm
[New Thread 3820.0x4b8]
this_opt = option: v
Setting v=../sample.clip.crashes.mplayer-r37927.webm
Adding file ../sample.clip.crashes.mplayer-r37927.webm
Config pushed level is now 2
Config pushed level is now 3
MPlayer SVN-r37927-6.2.0 (C) 2000-2017 MPlayer Team
CPU vendor name: GenuineIntel max cpuid level: 13
CPU: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz (Family: 6, Model: 42, Stepping: 7)
extended cpuid-level: 8
extended cache-info: 16801856
Detected cache-line size is 64 bytes
Testing OS support for SSE... yes.
CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNowExt: 0 SSE: 1 SSE2: 1 SSE3: 1 SSSE3: 1 SSE4: 1 SSE4.2: 1 AVX: 1
Compiled with runtime CPU detection.
Setting PATH to C:\Users\Joshua\Downloads\mplayer-svn-37927-d\codecs
get_path('codecs.conf') -> 'C:/Users/Joshua/Downloads/mplayer-svn-37927-d/mplayer/codecs.conf'
Reading optional codecs config file C:/Users/Joshua/Downloads/mplayer-svn-37927-d/mplayer/codecs.conf: No such file or directory
Reading optional codecs config file /usr/local/etc/mplayer/codecs.conf: No such file or directory
Using built-in default codecs.conf.
init_freetype
Using MMX (with tiny bit MMX2) Optimized OnScreenDisplay
get_path('fonts') -> 'C:/Users/Joshua/Downloads/mplayer-svn-37927-d/mplayer/fonts'
Configuration: --enable-static --enable-runtime-cpudetection --enable-menu --disable-liba52 --disable-libmpeg2-internal --disable-tv --disable-vidix --disable-f
aac-lavc --disable-mencoder --enable-debug=3
CommandLine: 'mplayer' '-v' '-v' '-v' '../sample.clip.crashes.mplayer-r37927.webm'
Using Windows native timing
get_path('input.conf') -> 'C:/Users/Joshua/Downloads/mplayer-svn-37927-d/mplayer/input.conf'
Parsing input config file C:/Users/Joshua/Downloads/mplayer-svn-37927-d/mplayer/input.conf
Input config file C:/Users/Joshua/Downloads/mplayer-svn-37927-d/mplayer/input.conf parsed: 92 binds
get_path('mplayer.conf') -> 'C:/Users/Joshua/Downloads/mplayer-svn-37927-d/mplayer/mplayer.conf'
[[[init getch2]]]
Playing mplayer.
get_path('sub/') -> 'C:/Users/Joshua/Downloads/mplayer-svn-37927-d/mplayer/sub/'
WINSOCK2 init: 0
WINSOCK2 init: 0
File not found: 'mplayer'
Failed to open mplayer.
*** uninit(0x8)
[[[uninit getch2]]]
Config poped level=2
Config pushed level is now 3
get_path('sample.clip.crashes.mplayer-r37927.webm.conf') -> 'C:/Users/Joshua/Downloads/mplayer-svn-37927-d/mplayer/sample.clip.crashes.mplayer-r37927.webm.conf'
[[[init getch2]]]
Playing ../sample.clip.crashes.mplayer-r37927.webm.
get_path('sub/') -> 'C:/Users/Joshua/Downloads/mplayer-svn-37927-d/mplayer/sub/'
WINSOCK2 init: 0
WINSOCK2 init: 0
[file] File size is 4774919 bytes
STREAM: [file] ../sample.clip.crashes.mplayer-r37927.webm
STREAM: Description: File
STREAM: Author: Albeu
STREAM: Comment: based on the code from ??? (probably Arpi)
seek to 0x0
libavformat version 57.67.100 (internal)
Configuration: --enable-gpl --enable-postproc
Probing h263 score:25 size:2048
Probing matroska,webm score:100 size:2048
Probing mp3 score:1 size:2048
LAVF_check: Matroska / WebM
libavformat file format detected.
seek to 0x0
32768=mp_read(29390450, 29393680, 32768), pos: 32768, eof:0
mp_seek(29390450, 0, 65536)
st:0 removing common factor 1000000 from timebase
[matroska,webm @ 014f68a0]Before avformat_find_stream_info() pos: 423 bytes read:32768 seeks:0 nb_streams:1
Program received signal SIGSEGV, Segmentation fault.
0x00a65011 in ff_vp9_ipred_h_32x32_avx ()
(gdb) bt
#0 0x00a65011 in ff_vp9_ipred_h_32x32_avx ()
#1 0x0097f43b in intra_recon (bytesperpixel=1, uv_off=<optimized out>, y_off=<optimized out>, ctx=<optimized out>) at libavcodec/vp9.c:2694
#2 intra_recon_8bpp (y_off=<optimized out>, uv_off=0, ctx=<optimized out>) at libavcodec/vp9.c:2736
#3 0x009b59a4 in decode_b (ctx=ctx@entry=0x2939cd20, row=row@entry=0, col=col@entry=0, lflvl=<optimized out>, lflvl@entry=0x293b7a70, yoff=<optimized out>,
yoff@entry=0, uvoff=<optimized out>, uvoff@entry=0, bl=<optimized out>, bl@entry=BL_64X64, bp=<optimized out>, bp@entry=PARTITION_H)
at libavcodec/vp9.c:3327
#4 0x009cbef6 in decode_sb (ctx=ctx@entry=0x2939cd20, row=row@entry=0, col=col@entry=0, lflvl=lflvl@entry=0x293b7a70, yoff=yoff@entry=0,
uvoff=uvoff@entry=0, bl=bl@entry=BL_64X64) at libavcodec/vp9.c:3434
#5 0x009d0701 in vp9_decode_frame (ctx=<optimized out>, frame=<optimized out>, got_frame=<optimized out>, pkt=<optimized out>) at libavcodec/vp9.c:4209
#6 0x0090edc9 in avcodec_decode_video2 (avctx=avctx@entry=0x2939cd20, picture=0x2939d580, got_picture_ptr=got_picture_ptr@entry=0x28e11c,
avpkt=avpkt@entry=0x28e218) at libavcodec/utils.c:2275
#7 0x0090fa98 in do_decode (avctx=avctx@entry=0x2939cd20, pkt=pkt@entry=0x28e218) at libavcodec/utils.c:2822
#8 0x009107f9 in avcodec_send_packet (avctx=avctx@entry=0x2939cd20, avpkt=<optimized out>, avpkt@entry=0x28e218) at libavcodec/utils.c:2917
#9 0x0067dd00 in try_decode_frame (s=s@entry=0x29393118, st=st@entry=0x2939c4e0, avpkt=avpkt@entry=0x28e368, options=0x0) at libavformat/utils.c:3004
#10 0x00686929 in avformat_find_stream_info (ic=0x29393118, options=options@entry=0x0) at libavformat/utils.c:3705
#11 0x005201c0 in demux_open_lavf (demuxer=0x29381e70) at libmpdemux/demux_lavf.c:611
#12 0x004998cd in demux_open_stream (stream=stream@entry=0x29390450, file_format=44, file_format@entry=0, force=force@entry=0, audio_id=-1,
video_id=video_id@entry=-1, dvdsub_id=-1, filename=filename@entry=0x2937ee98 "../sample.clip.crashes.mplayer-r37927.webm") at libmpdemux/demuxer.c:1112
#13 0x0049a184 in demux_open (vs=0x29390450, file_format=0, audio_id=-1, video_id=-1, dvdsub_id=-1,
filename=0x2937ee98 "../sample.clip.crashes.mplayer-r37927.webm") at libmpdemux/demuxer.c:1286
#14 0x01313a20 in main (argc=<optimized out>, argv=<optimized out>) at mplayer.c:3380
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0xa64ff1 to 0xa65031:
0x00a64ff1 <ff_vp9_ipred_h_32x32_avx+33>: cmp $0x17492e0,%eax
0x00a64ff6 <ff_vp9_ipred_h_32x32_avx+38>: vpxor %xmm4,%xmm4,%xmm4
0x00a64ffa <ff_vp9_ipred_h_32x32_avx+42>: lea (%ecx,%ecx,2),%ebx
0x00a64ffd <ff_vp9_ipred_h_32x32_avx+45>: mov $0x7,%esi
0x00a65002 <ff_vp9_ipred_h_32x32_avx+50>: vmovd (%edx,%esi,4),%xmm3
0x00a65007 <ff_vp9_ipred_h_32x32_avx+55>: vpshufb %xmm7,%xmm3,%xmm0
0x00a6500c <ff_vp9_ipred_h_32x32_avx+60>: vpshufb %xmm6,%xmm3,%xmm1
=> 0x00a65011 <ff_vp9_ipred_h_32x32_avx+65>: vmovdqa %xmm0,(%eax)
0x00a65015 <ff_vp9_ipred_h_32x32_avx+69>: vmovdqa %xmm0,0x10(%eax)
0x00a6501a <ff_vp9_ipred_h_32x32_avx+74>: vmovdqa %xmm1,(%eax,%ecx,1)
0x00a6501f <ff_vp9_ipred_h_32x32_avx+79>: vmovdqa %xmm1,0x10(%eax,%ecx,1)
0x00a65025 <ff_vp9_ipred_h_32x32_avx+85>: vpshufb %xmm5,%xmm3,%xmm2
0x00a6502a <ff_vp9_ipred_h_32x32_avx+90>: vpshufb %xmm4,%xmm3,%xmm3
0x00a6502f <ff_vp9_ipred_h_32x32_avx+95>: vmovdqa %xmm2,(%eax,%ecx,2)
End of assembler dump.
(gdb) info all-registers
eax 0x293b80a8 691765416
ecx 0x1e0 480
edx 0x28dc80 2677888
ebx 0x5a0 1440
esp 0x28db84 0x28db84
ebp 0x28dd48 0x28dd48
esi 0x7 7
edi 0x2939d778 691656568
eip 0xa65011 0xa65011 <ff_vp9_ipred_h_32x32_avx+65>
eflags 0x10216 [ PF AF IF RF ]
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x53 83
gs 0x2b 43
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 1 (raw 0x3fff8000000000000000)
st4 1 (raw 0x3fff8000000000000000)
st5 1 (raw 0x3fff8000000000000000)
st6 0 (raw 0x00000000000000000000)
st7 8000 (raw 0x400bfa00000000000000)
fctrl 0x37f 895
fstat 0x120 288
ftag 0xffff 65535
fiseg 0x23 35
fioff 0x5d6ea0 6123168
foseg 0x2b 43
fooff 0x2939c038 691650616
fop 0x0 0
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x12 <repeats 16 times>}, v8_int16 = {0x1212, 0x1212, 0x1212, 0x1212,
0x1212, 0x1212, 0x1212, 0x1212}, v4_int32 = {0x12121212, 0x12121212, 0x12121212, 0x12121212}, v2_int64 = {0x1212121212121212, 0x1212121212121212},
uint128 = 0x12121212121212121212121212121212}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x12 <repeats 16 times>}, v8_int16 = {0x1212, 0x1212, 0x1212, 0x1212,
0x1212, 0x1212, 0x1212, 0x1212}, v4_int32 = {0x12121212, 0x12121212, 0x12121212, 0x12121212}, v2_int64 = {0x1212121212121212, 0x1212121212121212},
uint128 = 0x12121212121212121212121212121212}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x8000000000000000, 0x8000000000000000}, v16_int8 = {0x91, 0xff, 0x90, 0xff, 0x90, 0xff, 0x90,
0xff, 0x90, 0xff, 0x90, 0xff, 0x90, 0xff, 0x90, 0xff}, v8_int16 = {0xff91, 0xff90, 0xff90, 0xff90, 0xff90, 0xff90, 0xff90, 0xff90}, v4_int32 = {
0xff90ff91, 0xff90ff90, 0xff90ff90, 0xff90ff90}, v2_int64 = {0xff90ff90ff90ff91, 0xff90ff90ff90ff90}, uint128 = 0xff90ff90ff90ff90ff90ff90ff90ff91}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x12, 0x12, 0x12, 0x12, 0x0 <repeats 12 times>}, v8_int16 = {0x1212,
0x1212, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x12121212, 0x0, 0x0, 0x0}, v2_int64 = {0x12121212, 0x0}, uint128 = 0x00000000000000000000000012121212}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x1 <repeats 16 times>}, v8_int16 = {0x101, 0x101, 0x101, 0x101, 0x101,
0x101, 0x101, 0x101}, v4_int32 = {0x1010101, 0x1010101, 0x1010101, 0x1010101}, v2_int64 = {0x101010101010101, 0x101010101010101},
uint128 = 0x01010101010101010101010101010101}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x2 <repeats 16 times>}, v8_int16 = {0x202, 0x202, 0x202, 0x202, 0x202,
---Type <return> to continue, or q <return> to quit---
0x202, 0x202, 0x202}, v4_int32 = {0x2020202, 0x2020202, 0x2020202, 0x2020202}, v2_int64 = {0x202020202020202, 0x202020202020202},
uint128 = 0x02020202020202020202020202020202}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x3 <repeats 16 times>}, v8_int16 = {0x303, 0x303, 0x303, 0x303, 0x303,
0x303, 0x303, 0x303}, v4_int32 = {0x3030303, 0x3030303, 0x3030303, 0x3030303}, v2_int64 = {0x303030303030303, 0x303030303030303},
uint128 = 0x03030303030303030303030303030303}
mxcsr 0x9fc0 [ DAZ IM DM ZM OM UM PM FZ ]
mm0 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm1 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm2 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm3 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x80}}
mm4 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x80}}
mm5 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x80}}
mm6 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm7 {uint64 = 0xfa00000000000000, v2_int32 = {0x0, 0xfa000000}, v4_int16 = {0x0, 0x0, 0x0, 0xfa00}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0xfa}}
(gdb)
Current configuration:
r37927 compile with FFmpeg b3a2adaac6526428843a1fa74eb9f896e898a78a
Last working version:
r37926 compiled with FFmpeg 6e913f212907048d7009cf2f15551781c69b9985
Attachments (2)
Change History (16)
comment:1 by , 8 years ago
| Component: | libavcodec → undetermined |
|---|
comment:3 by , 8 years ago
| Component: | undetermined → libavcodec |
|---|---|
| Priority: | normal → high |
comment:4 by , 8 years ago
| Reproduced by developer: | set |
|---|---|
| Status: | new → open |
I can reproduce at least a similar crash.
No analysis yet.
comment:5 by , 8 years ago
Seems that we do not fulfill the alignment requirements on those memory locations.
In your case vmovdqa, eax is only 8-byte aligned and but needs 16-byte alignment.
In my case vmovaps, r9 is only 16-byte aligned, but needs 32-byte alignment AFAICT.
comment:6 by , 8 years ago
| Analyzed by developer: | set |
|---|
Ok, found it now - it is because of the removal of the memalign hack in FFmpeg.
I was able to get it working by activating HAVE_ALIGNED_MALLOC in config.h and appending -D__MSVCRT_VERSION__=0x0700 to CFLAGS in config.mak.
Working on a fix for MPlayer's configure now.
comment:7 by , 8 years ago
Seems to be a combination of FFmpeg commit 6c4665d (one your referred to in your comment) and of FFmpeg commit 3835283 (removal of the memalign hack).
I have posted a patch set on the MPlayer devel ml:
[MPlayer-dev-eng] [PATCH 0/2][ticket 2318] Problems with memory alignment
http://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/2017-April/thread.html#73588
Can you test if it fixes the problems for you too?
comment:8 by , 8 years ago
Unfortunately it didn't seem to fix it for the particular sample I uploaded. I'm certain the patches are applied correctly, this is the FFmpeg I'm using, the latest master is broken for a different reason relating to libavcodec/qsvdec_other.c & libmxf headers:
b613245c9715c34358522737bf0cf6a4f9392ca3 Mon Mar 27 20:37:29 2017 -0300 ffprobe: free log buffer's parent_name during cleanup
Debug output (32-bit)
(gdb) run -v -v -v ../sample.clip.crashes.mplayer-r37927.webm
Starting program: C:\Users\Joshua\Downloads\mplayer-svn-37927-d\mplayer.exe -v -v -v ../sample.clip.crashes.mplayer-r37927.webm
[New Thread 256.0xa64]
this_opt = option: v
Setting v=../sample.clip.crashes.mplayer-r37927.webm
Adding file ../sample.clip.crashes.mplayer-r37927.webm
Config pushed level is now 2
Config pushed level is now 3
MPlayer SVN-r37927-6.2.0 (C) 2000-2017 MPlayer Team
CPU vendor name: GenuineIntel max cpuid level: 13
CPU: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz (Family: 6, Model: 42, Stepping: 7)
extended cpuid-level: 8
extended cache-info: 16801856
Detected cache-line size is 64 bytes
Testing OS support for SSE... yes.
CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNowExt: 0 SSE: 1 SSE2: 1 SSE3: 1 SSSE3: 1 SSE4: 1 SSE4.2: 1 AVX: 1
Compiled with runtime CPU detection.
Setting PATH to C:\Users\Joshua\Downloads\mplayer-svn-37927-d\codecs
get_path('codecs.conf') -> 'C:/Users/Joshua/Downloads/mplayer-svn-37927-d/mplayer/codecs.conf'
Reading optional codecs config file C:/Users/Joshua/Downloads/mplayer-svn-37927-d/mplayer/codecs.conf: No such file or directory
Reading optional codecs config file /usr/local/etc/mplayer/codecs.conf: No such file or directory
Using built-in default codecs.conf.
init_freetype
Using MMX (with tiny bit MMX2) Optimized OnScreenDisplay
get_path('fonts') -> 'C:/Users/Joshua/Downloads/mplayer-svn-37927-d/mplayer/fonts'
Configuration: --enable-static --enable-runtime-cpudetection --enable-menu --disable-liba52 --disable-libmpeg2-internal --disable-tv --disable-vidix --disable-f
aac-lavc --disable-mencoder --enable-debug=3
CommandLine: '-v' '-v' '-v' '../sample.clip.crashes.mplayer-r37927.webm'
Using Windows native timing
get_path('input.conf') -> 'C:/Users/Joshua/Downloads/mplayer-svn-37927-d/mplayer/input.conf'
Parsing input config file C:/Users/Joshua/Downloads/mplayer-svn-37927-d/mplayer/input.conf
Input config file C:/Users/Joshua/Downloads/mplayer-svn-37927-d/mplayer/input.conf parsed: 92 binds
get_path('sample.clip.crashes.mplayer-r37927.webm.conf') -> 'C:/Users/Joshua/Downloads/mplayer-svn-37927-d/mplayer/sample.clip.crashes.mplayer-r37927.webm.conf'
[[[init getch2]]]
Playing ../sample.clip.crashes.mplayer-r37927.webm.
get_path('sub/') -> 'C:/Users/Joshua/Downloads/mplayer-svn-37927-d/mplayer/sub/'
WINSOCK2 init: 0
WINSOCK2 init: 0
[file] File size is 4774919 bytes
STREAM: [file] ../sample.clip.crashes.mplayer-r37927.webm
STREAM: Description: File
STREAM: Author: Albeu
STREAM: Comment: based on the code from ??? (probably Arpi)
seek to 0x0
libavformat version 57.68.100 (internal)
Configuration: --enable-gpl --enable-postproc
Probing h263 score:25 size:2048
Probing matroska,webm score:100 size:2048
Probing mp3 score:1 size:2048
LAVF_check: Matroska / WebM
libavformat file format detected.
seek to 0x0
32768=mp_read(29440658, 29443900, 32768), pos: 32768, eof:0
mp_seek(29440658, 0, 65536)
st:0 removing common factor 1000000 from timebase
[matroska,webm @ 014f87c0]Before avformat_find_stream_info() pos: 423 bytes read:32768 seeks:0 nb_streams:1
Program received signal SIGSEGV, Segmentation fault.
0x00a604d1 in ff_vp9_ipred_v_32x32_avx ()
(gdb) bt
#0 0x00a604d1 in ff_vp9_ipred_v_32x32_avx ()
#1 0x0097ba9b in intra_recon (bytesperpixel=1, uv_off=<optimized out>, y_off=<optimized out>, avctx=<optimized out>) at libavcodec/vp9block.c:1398
#2 intra_recon_8bpp (y_off=<optimized out>, uv_off=23168, avctx=<optimized out>) at libavcodec/vp9block.c:1411
#3 0x009b1491 in ff_vp9_decode_block (avctx=<optimized out>, avctx@entry=0x2944d140, row=<optimized out>, row@entry=24, col=<optimized out>, col@entry=32,
lflvl=<optimized out>, lflvl@entry=0x29468680, yoff=<optimized out>, yoff@entry=92416, uvoff=<optimized out>, uvoff@entry=23168, bl=<optimized out>,
bl@entry=BL_64X64, bp=<optimized out>, bp@entry=PARTITION_NONE) at libavcodec/vp9block.c:2005
#4 0x00970b46 in decode_sb (avctx=avctx@entry=0x2944d140, row=row@entry=24, col=col@entry=32, lflvl=lflvl@entry=0x29468680, yoff=yoff@entry=92416,
uvoff=uvoff@entry=23168, bl=bl@entry=BL_64X64) at libavcodec/vp9.c:953
#5 0x00975726 in vp9_decode_frame (avctx=<optimized out>, frame=<optimized out>, got_frame=<optimized out>, pkt=<optimized out>) at libavcodec/vp9.c:1492
#6 0x00906979 in avcodec_decode_video2 (avctx=avctx@entry=0x2944d140, picture=0x2944dd20, got_picture_ptr=got_picture_ptr@entry=0x28e11c,
avpkt=avpkt@entry=0x28e218) at libavcodec/utils.c:2275
#7 0x00907648 in do_decode (avctx=avctx@entry=0x2944d140, pkt=pkt@entry=0x28e218) at libavcodec/utils.c:2822
#8 0x009083a9 in avcodec_send_packet (avctx=avctx@entry=0x2944d140, avpkt=<optimized out>, avpkt@entry=0x28e218) at libavcodec/utils.c:2917
#9 0x0067dc80 in try_decode_frame (s=s@entry=0x29443380, st=st@entry=0x2944c840, avpkt=avpkt@entry=0x28e368, options=0x0) at libavformat/utils.c:3004
#10 0x006868a9 in avformat_find_stream_info (ic=0x29443380, options=options@entry=0x0) at libavformat/utils.c:3705
#11 0x005201c0 in demux_open_lavf (demuxer=0x294426d8) at libmpdemux/demux_lavf.c:611
#12 0x004998cd in demux_open_stream (stream=stream@entry=0x29440658, file_format=44, file_format@entry=0, force=force@entry=0, audio_id=-1,
video_id=video_id@entry=-1, dvdsub_id=-1, filename=filename@entry=0x2942ed88 "../sample.clip.crashes.mplayer-r37927.webm") at libmpdemux/demuxer.c:1112
#13 0x0049a184 in demux_open (vs=0x29440658, file_format=0, audio_id=-1, video_id=-1, dvdsub_id=-1,
filename=0x2942ed88 "../sample.clip.crashes.mplayer-r37927.webm") at libmpdemux/demuxer.c:1286
#14 0x013181a0 in main (argc=<optimized out>, argv=<optimized out>) at mplayer.c:3380
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0xa604b1 to 0xa604f1:
0x00a604b1 <ff_vp9_ipred_v_32x32_avx+1>: mov 0x8(%esp),%eax
0x00a604b5 <ff_vp9_ipred_v_32x32_avx+5>: mov 0xc(%esp),%ecx
0x00a604b9 <ff_vp9_ipred_v_32x32_avx+9>: mov 0x10(%esp),%edx
0x00a604bd <ff_vp9_ipred_v_32x32_avx+13>: mov 0x14(%esp),%ebx
0x00a604c1 <ff_vp9_ipred_v_32x32_avx+17>: vmovaps (%ebx),%ymm0
0x00a604c5 <ff_vp9_ipred_v_32x32_avx+21>: lea (%ecx,%ecx,2),%edx
0x00a604c8 <ff_vp9_ipred_v_32x32_avx+24>: mov $0x4,%ebx
0x00a604cd <ff_vp9_ipred_v_32x32_avx+29>: vmovaps %ymm0,(%eax)
=> 0x00a604d1 <ff_vp9_ipred_v_32x32_avx+33>: vmovaps %ymm0,(%eax,%ecx,1)
0x00a604d6 <ff_vp9_ipred_v_32x32_avx+38>: vmovaps %ymm0,(%eax,%ecx,2)
0x00a604db <ff_vp9_ipred_v_32x32_avx+43>: vmovaps %ymm0,(%eax,%edx,1)
0x00a604e0 <ff_vp9_ipred_v_32x32_avx+48>: lea (%eax,%ecx,4),%eax
0x00a604e3 <ff_vp9_ipred_v_32x32_avx+51>: vmovaps %ymm0,(%eax)
0x00a604e7 <ff_vp9_ipred_v_32x32_avx+55>: vmovaps %ymm0,(%eax,%ecx,1)
0x00a604ec <ff_vp9_ipred_v_32x32_avx+60>: vmovaps %ymm0,(%eax,%ecx,2)
End of assembler dump.
(gdb) info all-registers
eax 0x2949b720 692696864
ecx 0xf0 240
edx 0x2d0 720
ebx 0x4 4
esp 0x28db88 0x28db88
ebp 0x28dd48 0x28dd48
esi 0x2944df60 692379488
edi 0xf0 240
eip 0xa604d1 0xa604d1 <ff_vp9_ipred_v_32x32_avx+33>
eflags 0x10216 [ PF AF IF RF ]
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x53 83
gs 0x2b 43
st0 -nan(0x8080808080808080) (raw 0xffff8080808080808080)
st1 -nan(0x0000003f8) (raw 0xffff00000000000003f8)
st2 -inf (raw 0xffff0000000000000000)
st3 1 (raw 0x3fff8000000000000000)
st4 1 (raw 0x3fff8000000000000000)
st5 1 (raw 0x3fff8000000000000000)
st6 0 (raw 0x00000000000000000000)
st7 8000 (raw 0x400bfa00000000000000)
fctrl 0x37f 895
fstat 0x120 288
ftag 0x102a 4138
fiseg 0x23 35
fioff 0x5d6da0 6122912
foseg 0x2b 43
fooff 0x2944c258 692372056
fop 0x0 0
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x8000000000000000, 0x8000000000000000}, v16_int8 = {0x7f <repeats 16 times>}, v8_int16 = {
0x7f7f, 0x7f7f, 0x7f7f, 0x7f7f, 0x7f7f, 0x7f7f, 0x7f7f, 0x7f7f}, v4_int32 = {0x7f7f7f7f, 0x7f7f7f7f, 0x7f7f7f7f, 0x7f7f7f7f}, v2_int64 = {
0x7f7f7f7f7f7f7f7f, 0x7f7f7f7f7f7f7f7f}, uint128 = 0x7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x12 <repeats 16 times>}, v8_int16 = {0x1212, 0x1212, 0x1212, 0x1212,
0x1212, 0x1212, 0x1212, 0x1212}, v4_int32 = {0x12121212, 0x12121212, 0x12121212, 0x12121212}, v2_int64 = {0x1212121212121212, 0x1212121212121212},
uint128 = 0x12121212121212121212121212121212}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
---Type <return> to continue, or q <return> to quit---
0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
mxcsr 0x9fc0 [ DAZ IM DM ZM OM UM PM FZ ]
mm0 {uint64 = 0x8080808080808080, v2_int32 = {0x80808080, 0x80808080}, v4_int16 = {0x8080, 0x8080, 0x8080, 0x8080}, v8_int8 = {0x80, 0x80, 0x80,
0x80, 0x80, 0x80, 0x80, 0x80}}
mm1 {uint64 = 0x3f8, v2_int32 = {0x3f8, 0x0}, v4_int16 = {0x3f8, 0x0, 0x0, 0x0}, v8_int8 = {0xf8, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm2 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm3 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x80}}
mm4 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x80}}
mm5 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x80}}
mm6 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm7 {uint64 = 0xfa00000000000000, v2_int32 = {0x0, 0xfa000000}, v4_int16 = {0x0, 0x0, 0x0, 0xfa00}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0xfa}}
(gdb)
comment:9 by , 8 years ago
Thanks for testing.
Can you upload your config.log file here?
Or at least paste output of:
grep ALIGN config.h
by , 8 years ago
by , 8 years ago
| Attachment: | config.log added |
|---|
comment:10 by , 8 years ago
Uploaded both. config.h:
#define ATTRIBUTE_ALIGNED_MAX 16 #define HAVE_MEMALIGN 0 #define ASMALIGN(ZEROBITS) ".align 1<<" #ZEROBITS "\n\t" #define CONFIG_MEMALIGN_HACK 1 #define HAVE_FAST_UNALIGNED 1 #define HAVE_LOCAL_ALIGNED_8 1 #define HAVE_LOCAL_ALIGNED_16 1 #define HAVE_LOCAL_ALIGNED_32 1 #define HAVE_ALIGNED_MALLOC 1 #define HAVE_POSIX_MEMALIGN 0 #define HAVE_ALIGNED_STACK 1 #define HAVE_SIMD_ALIGN_16 1 #define HAVE_SIMD_ALIGN_32 0
comment:11 by , 8 years ago
I was using runtime cpu detection, it doesn't run the individual check for AVX and enable HAVE_SIMD_ALIGN_32.
'Forcing' HAVE_SIMD_ALIGN_32 to 1 so it's enabled when using --enable-runtime-cpudetection no longer crashes on my sample.
follow-up: 13 comment:12 by , 8 years ago
Yes, I somehow forgot about runtime cpu detection :(
I have posted a replacement for the 2nd patch here:
http://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/2017-April/073592.html
comment:13 by , 8 years ago
Everything is good now, HAVE_SIMD_ALIGN_32 enables properly and no longer crashes. Thanks.
comment:14 by , 8 years ago
| Resolution: | → fixed |
|---|---|
| Status: | open → closed |
Thanks again for testing quickly.
Should be fixed in MPlayer SVN with revision 37929 and 37930
Note:
See TracTickets
for help on using tickets.
The problem seems to be some combination of:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=b5122b040fe9441871b3d275d7f5e9eb352d4f28
and
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6c4665deb4d20e3e305e54b4fb4431e57497d374
A user reported this happening with webm/vp9 files, but it is possible that other formats/use of instruction sets are affected.