[FFmpeg-trac] #1481(build system:new): BUS error on misaligned memory access on some ARM

FFmpeg trac at avcodec.org
Sat Jun 23 14:47:37 CEST 2012


#1481: BUS error on misaligned memory access on some ARM
-------------------------------------+-------------------------------------
             Reporter:  notzed       |                    Owner:
                 Type:  defect       |                   Status:  new
             Priority:  normal       |                Component:  build
              Version:  unspecified  |  system
             Keywords:  arm crash    |               Resolution:
  SIGBUS                             |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
Changes (by cehoyos):

 * keywords:   => arm crash SIGBUS


Old description:

> By default configure on armv6+ enables misaligned memory accesses using
> the HAVE_FAST_UNALIGNED define.
>
> I think some(?) ARM cpu's have run-time configurable exception behaviour
> for misaligned memory accesses, and unaligned access causes BUS errors if
> so configured.  On locked android machines this cannot be changed by the
> user, and in general it's a global system setting so not appropriate to
> change anyway.  Crash is reported for a Tegra 3 tablet - ASUS transformer
> prime.
>
> example crash below, where:
>    ldr     r3, [r0, r1, lsr #3]
> equates to: *((unsigned int *)(r0 + r1 >> 3))
>
> Strangely this error is still quite rare and un-predictable, so I'm not
> certain this is the cause.  But manually disabling HAVE_FAST_UNALIGNED
> seems to fix it.
>
> I don't really know what to suggest, perhaps allow HAVE_FAST_UNALIGNED to
> be overridden by a configure option.
>

> Program received signal SIGBUS, Bus error.
> [Switching to Thread 12614]
> mpeg4_decode_block (s=0x1f97f40, block=<value optimized out>, n=1576,
> coded=<value optimized out>, intra=488, rvlc=1534662004) at
> /home/notzed/svn/jjmpeg-0.11/jjmpeg-
> core/jni/ffmpeg-0.11/libavutil/arm/intreadwrite.h:54
> 54          __asm__ ("ldr  %0, %1" : "=r"(v) : "m"(*q));
> (gdb) where
> #0  mpeg4_decode_block (s=0x1f97f40, block=<value optimized out>, n=1576,
> coded=<value optimized out>, intra=488, rvlc=1534662004) at
> /home/notzed/svn/jjmpeg-0.11/jjmpeg-
> core/jni/ffmpeg-0.11/libavutil/arm/intreadwrite.h:54
> #1  0x5b791574 in mpeg4_decode_mb (s=0x1f97f40, block=<value optimized
> out>) at /home/notzed/svn/jjmpeg-0.11/jjmpeg-
> core/jni/ffmpeg-0.11/libavcodec/mpeg4videodec.c:1486
> #2  0x5b710860 in decode_slice (s=0x1f97f40) at
> /home/notzed/svn/jjmpeg-0.11/jjmpeg-
> core/jni/ffmpeg-0.11/libavcodec/h263dec.c:217
> #3  0x5b711b4c in ff_h263_decode_frame (avctx=0x1f66570, data=<value
> optimized out>, data_size=<value optimized out>, avpkt=<value optimized
> out>) at /home/notzed/svn/jjmpeg-0.11/jjmpeg-
> core/jni/ffmpeg-0.11/libavcodec/h263dec.c:675
> #4  0x5b7cfab8 in frame_worker_thread (arg=<value optimized out>) at
> /home/notzed/svn/jjmpeg-0.11/jjmpeg-
> core/jni/ffmpeg-0.11/libavcodec/pthread.c:381
> #5  0x40073e30 in __thread_entry () from /home/notzed/svn/jjmpeg-0.11
> /jjmpeg-android/obj/local/armeabi-v7a/libc.so
> #6  0x40073984 in pthread_create () from /home/notzed/svn/jjmpeg-0.11
> /jjmpeg-android/obj/local/armeabi-v7a/libc.so
> #7  0x00000000 in ?? ()
> (gdb) disassemble $pc-16 $pc+16
> Dump of assembler code from 0x5b790514 to 0x5b790534:
> 0x5b790514 <mpeg4_decode_block+532>:    ldr     r1, [r4, r3]
> 0x5b790518 <mpeg4_decode_block+536>:    movw    r12, #10732     ; 0x29ec
> 0x5b79051c <mpeg4_decode_block+540>:    and     r2, r1, #7      ; 0x7
> 0x5b790520 <mpeg4_decode_block+544>:    ldr     r0, [r4, r12]
> 0x5b790524 <mpeg4_decode_block+548>:    ldr     r3, [r0, r1, lsr #3]
> 0x5b790528 <mpeg4_decode_block+552>:    rev     r3, r3
> 0x5b79052c <mpeg4_decode_block+556>:    mov     r3, r3, lsl r2
> 0x5b790530 <mpeg4_decode_block+560>:    mov     r12, r3, lsr #23
> End of assembler dump.
> (gdb) info registers all
> r0             0x21d18c0        35461312
> r1             0x9998   39320
> r2             0x0      0
> r3             0x12     18
> r4             0x1f97f40        33128256
> r5             0x4      4
> r6             0x5bb01568       1538266472
> r7             0x628    1576
> r8             0x1      1
> r9             0x2314   8980
> r10            0x0      0
> r11            0x1      1
> r12            0x29ec   10732
> sp             0x5ca95ce8       0x5ca95ce8
> lr             0x5b791574       1534662004
> pc             0x5b790524       0x5b790524 <mpeg4_decode_block+548>
> f0             0        (raw 0x000000000000000000000000)
> f1             0        (raw 0x000000000000000000000000)
> f2             0        (raw 0x000000000000000000000000)
> f3             0        (raw 0x000000000000000000000000)
> f4             0        (raw 0x000000000000000000000000)
> f5             0        (raw 0x000000000000000000000000)
> f6             0        (raw 0x000000000000000000000000)
> f7             0        (raw 0x000000000000000000000000)
> fps            0x0      0
> cpsr           0x80000010       2147483664

New description:

 By default configure on armv6+ enables misaligned memory accesses using
 the HAVE_FAST_UNALIGNED define.

 I think some(?) ARM cpu's have run-time configurable exception behaviour
 for misaligned memory accesses, and unaligned access causes BUS errors if
 so configured.  On locked android machines this cannot be changed by the
 user, and in general it's a global system setting so not appropriate to
 change anyway.  Crash is reported for a Tegra 3 tablet - ASUS transformer
 prime.

 example crash below, where:
 {{{
    ldr     r3, [r0, r1, lsr #3]
 }}}
 equates to: *((unsigned int *)(r0 + r1 >> 3))

 Strangely this error is still quite rare and un-predictable, so I'm not
 certain this is the cause.  But manually disabling HAVE_FAST_UNALIGNED
 seems to fix it.

 I don't really know what to suggest, perhaps allow HAVE_FAST_UNALIGNED to
 be overridden by a configure option.

 {{{
 Program received signal SIGBUS, Bus error.
 [Switching to Thread 12614]
 mpeg4_decode_block (s=0x1f97f40, block=<value optimized out>, n=1576,
 coded=<value optimized out>, intra=488, rvlc=1534662004) at
 /home/notzed/svn/jjmpeg-0.11/jjmpeg-
 core/jni/ffmpeg-0.11/libavutil/arm/intreadwrite.h:54
 54          __asm__ ("ldr  %0, %1" : "=r"(v) : "m"(*q));
 (gdb) where
 #0  mpeg4_decode_block (s=0x1f97f40, block=<value optimized out>, n=1576,
 coded=<value optimized out>, intra=488, rvlc=1534662004) at
 /home/notzed/svn/jjmpeg-0.11/jjmpeg-
 core/jni/ffmpeg-0.11/libavutil/arm/intreadwrite.h:54
 #1  0x5b791574 in mpeg4_decode_mb (s=0x1f97f40, block=<value optimized
 out>) at /home/notzed/svn/jjmpeg-0.11/jjmpeg-
 core/jni/ffmpeg-0.11/libavcodec/mpeg4videodec.c:1486
 #2  0x5b710860 in decode_slice (s=0x1f97f40) at
 /home/notzed/svn/jjmpeg-0.11/jjmpeg-
 core/jni/ffmpeg-0.11/libavcodec/h263dec.c:217
 #3  0x5b711b4c in ff_h263_decode_frame (avctx=0x1f66570, data=<value
 optimized out>, data_size=<value optimized out>, avpkt=<value optimized
 out>) at /home/notzed/svn/jjmpeg-0.11/jjmpeg-
 core/jni/ffmpeg-0.11/libavcodec/h263dec.c:675
 #4  0x5b7cfab8 in frame_worker_thread (arg=<value optimized out>) at
 /home/notzed/svn/jjmpeg-0.11/jjmpeg-
 core/jni/ffmpeg-0.11/libavcodec/pthread.c:381
 #5  0x40073e30 in __thread_entry () from /home/notzed/svn/jjmpeg-0.11
 /jjmpeg-android/obj/local/armeabi-v7a/libc.so
 #6  0x40073984 in pthread_create () from /home/notzed/svn/jjmpeg-0.11
 /jjmpeg-android/obj/local/armeabi-v7a/libc.so
 #7  0x00000000 in ?? ()
 (gdb) disassemble $pc-16 $pc+16
 Dump of assembler code from 0x5b790514 to 0x5b790534:
 0x5b790514 <mpeg4_decode_block+532>:    ldr     r1, [r4, r3]
 0x5b790518 <mpeg4_decode_block+536>:    movw    r12, #10732     ; 0x29ec
 0x5b79051c <mpeg4_decode_block+540>:    and     r2, r1, #7      ; 0x7
 0x5b790520 <mpeg4_decode_block+544>:    ldr     r0, [r4, r12]
 0x5b790524 <mpeg4_decode_block+548>:    ldr     r3, [r0, r1, lsr #3]
 0x5b790528 <mpeg4_decode_block+552>:    rev     r3, r3
 0x5b79052c <mpeg4_decode_block+556>:    mov     r3, r3, lsl r2
 0x5b790530 <mpeg4_decode_block+560>:    mov     r12, r3, lsr #23
 End of assembler dump.
 (gdb) info registers all
 r0             0x21d18c0        35461312
 r1             0x9998   39320
 r2             0x0      0
 r3             0x12     18
 r4             0x1f97f40        33128256
 r5             0x4      4
 r6             0x5bb01568       1538266472
 r7             0x628    1576
 r8             0x1      1
 r9             0x2314   8980
 r10            0x0      0
 r11            0x1      1
 r12            0x29ec   10732
 sp             0x5ca95ce8       0x5ca95ce8
 lr             0x5b791574       1534662004
 pc             0x5b790524       0x5b790524 <mpeg4_decode_block+548>
 f0             0        (raw 0x000000000000000000000000)
 f1             0        (raw 0x000000000000000000000000)
 f2             0        (raw 0x000000000000000000000000)
 f3             0        (raw 0x000000000000000000000000)
 f4             0        (raw 0x000000000000000000000000)
 f5             0        (raw 0x000000000000000000000000)
 f6             0        (raw 0x000000000000000000000000)
 f7             0        (raw 0x000000000000000000000000)
 fps            0x0      0
 cpsr           0x80000010       2147483664
 }}}

--

Comment:

 Thank you for porting this from ffmpeg-user!

 Could you add complete output, ie everything (including command line,
 maybe r -i file -f null -) above "Program received"?

-- 
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/1481#comment:1>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list