[FFmpeg-trac] #4416(avcodec:new): H264 regression: Crash on slice multithreading with 2.6.1

FFmpeg trac at avcodec.org
Wed Apr 1 01:47:12 CEST 2015 

#4416: H264 regression: Crash on slice multithreading with 2.6.1
-------------------------------------+-------------------------------------
               Reporter:  cehoyos    |                  Owner:
                   Type:  defect     |                 Status:  new
               Priority:  important  |              Component:  avcodec
                Version:  2.6.1      |               Keywords:  h264 crash
             Blocked By:             |  SIGSEGV regression
Reproduced by developer:  0          |               Blocking:
                                     |  Analyzed by developer:  0
-------------------------------------+-------------------------------------
 The sample from ticket #4415 crashes 2.6.1 (and 2.6) when using slice
 multi-threading, this is a regression since 6fafc62b
 {{{
 (gdb) r -cpuflags 0 -thread_type slice -threads 2 -i Record1MDVideoX.h264
 -f null -
 Starting program: ffmpeg_g -cpuflags 0 -thread_type slice -threads 2 -i
 Record1MDVideoX.h264 -f null -
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib64/libthread_db.so.1".
 ffmpeg version n2.6.1 Copyright (c) 2000-2015 the FFmpeg developers
   built with gcc 4.7 (SUSE Linux)
   configuration: --enable-gpl
   libavutil      54. 20.100 / 54. 20.100
   libavcodec     56. 26.100 / 56. 26.100
   libavformat    56. 25.101 / 56. 25.101
   libavdevice    56.  4.100 / 56.  4.100
   libavfilter     5. 11.102 /  5. 11.102
   libswscale      3.  1.101 /  3.  1.101
   libswresample   1.  1.100 /  1.  1.100
   libpostproc    53.  3.100 / 53.  3.100
 Input #0, h264, from 'Record1MDVideoX.h264':
   Duration: N/A, bitrate: N/A
     Stream #0:0: Video: h264 (High), yuv420p, 1280x720 [SAR 1:1 DAR 16:9],
 30 fps, 30 tbr, 1200k tbn, 60 tbc
 [New Thread 0x7ffff14f0700 (LWP 2778)]
 [New Thread 0x7ffff0cef700 (LWP 2780)]
 [New Thread 0x7ffff04ee700 (LWP 2781)]
 [New Thread 0x7fffefced700 (LWP 2782)]
 [New Thread 0x7fffef4ec700 (LWP 2783)]
 [New Thread 0x7fffeeceb700 (LWP 2784)]
 [New Thread 0x7fffee4ea700 (LWP 2785)]
 [New Thread 0x7fffedce9700 (LWP 2786)]
 [New Thread 0x7fffed4e8700 (LWP 2787)]
 [New Thread 0x7fffecce7700 (LWP 2788)]
 [New Thread 0x7fffec4e6700 (LWP 2789)]
 Output #0, null, to 'pipe:':
   Metadata:
     encoder         : Lavf56.25.101
     Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 1280x720
 [SAR 1:1 DAR 16:9], q=2-31, 200 kb/s, 30 fps, 30 tbn, 30 tbc
     Metadata:
       encoder         : Lavc56.26.100 rawvideo
 Stream mapping:
   Stream #0:0 -> #0:0 (h264 (native) -> rawvideo (native))
 Press [q] to stop, [?] for help
 [null @ 0x1af9880] Encoder did not produce proper pts, making some up.
 [h264 @ 0x1b97040] SPS changed in the middle of the frame
 [h264 @ 0x1b97040] decode_slice_header error
 [h264 @ 0x1b97040] SPS changed in the middle of the frame
 [h264 @ 0x1b97040] decode_slice_header error
 [h264 @ 0x1b97040] SPS changed in the middle of the frame
 [h264 @ 0x1b97040] decode_slice_header error
 [h264 @ 0x1b97040] top block unavailable for requested intra4x4 mode -1 at
 76 0
 [h264 @ 0x1b97040] error while decoding MB 76 0, bytestream 3672
 [h264 @ 0x1b97040] concealing 3573 DC, 3573 AC, 3573 MV errors in P frame
 [h264 @ 0x1b97040] SPS changed in the middle of the frame
 [h264 @ 0x1b97040] decode_slice_header error
 [h264 @ 0x1b97040] SPS changed in the middle of the frame
 [h264 @ 0x1b97040] decode_slice_header error
 [h264 @ 0x1b97040] SPS changed in the middle of the frame
 [h264 @ 0x1b97040] decode_slice_header error
 [h264 @ 0x1b97040] top block unavailable for requested intra4x4 mode -1 at
 51 0
 [h264 @ 0x1b97040] error while decoding MB 51 0, bytestream 4298
 [h264 @ 0x1b97040] concealing 3598 DC, 3598 AC, 3598 MV errors in P frame
 [h264 @ 0x1b97040] SPS changed in the middle of the frame
 [h264 @ 0x1b97040] decode_slice_header error
 [h264 @ 0x1b97040] SPS changed in the middle of the frame
 [h264 @ 0x1b97040] decode_slice_header error
 [h264 @ 0x1b97040] SPS changed in the middle of the frame
 [h264 @ 0x1b97040] decode_slice_header error
 [h264 @ 0x1b97040] concealing 3571 DC, 3571 AC, 3571 MV errors in P frame
 [h264 @ 0x1b97040] SPS changed in the middle of the frame
 [h264 @ 0x1b97040] decode_slice_header error
 [h264 @ 0x1b97040] SPS changed in the middle of the frame
 [h264 @ 0x1b97040] decode_slice_header error
 [h264 @ 0x1b97040] SPS changed in the middle of the frame
 [h264 @ 0x1b97040] decode_slice_header error

 Program received signal SIGSEGV, Segmentation fault.
 put_h264_qpel16_mc00_8_c (dst=0x2500ec0 "", src=0x0, stride=1280)
     at libavcodec/h264qpel_template.c:544
 544     H264_MC(put_, 16)
 (gdb) bt
 #0  put_h264_qpel16_mc00_8_c (dst=0x2500ec0 "", src=0x0, stride=1280)
     at libavcodec/h264qpel_template.c:544
 #1  0x0000000000747bff in mc_dir_part (chroma_idc=1, pixel_shift=0,
     chroma_op=0x776df0 <put_h264_chroma_mc8_8_c>, qpix_op=0x1beced0,
 src_y_offset=0,
     src_x_offset=0, dest_cr=0x26213e0 "", dest_cb=0x25e7920 "",
 dest_y=0x2500ec0 "", list=0,
     delta=0, height=16, square=1, n=0, pic=0x1c20180, h=0x1becd60)
     at libavcodec/h264_mb.c:246
 #2  mc_part_std (chroma_idc=1, pixel_shift=0, list1=0, list0=4096,
     chroma_avg=0x777850 <avg_h264_chroma_mc8_8_c>, qpix_avg=0x1bed0d0,
     chroma_put=0x776df0 <put_h264_chroma_mc8_8_c>, qpix_put=0x1beced0,
 y_offset=0,
     x_offset=0, dest_cr=0x26213e0 "", dest_cb=0x25e7920 "",
 dest_y=0x2500ec0 "", delta=0,
     height=16, square=1, n=0, h=0x1becd60) at libavcodec/h264_mb.c:349
 #3  mc_part_420_simple_8 (h=0x1becd60, n=0, square=1, height=16, delta=0,
     dest_y=<optimized out>, dest_cb=0x25e7920 "", dest_cr=0x26213e0 "",
 x_offset=0,
     y_offset=0, qpix_put=0x1beced0, chroma_put=0x776df0
 <put_h264_chroma_mc8_8_c>,
     qpix_avg=0x1bed0d0, chroma_avg=0x777850 <avg_h264_chroma_mc8_8_c>,
 weight_op=0x1becd80,
     weight_avg=0x1becda0, list0=4096, list1=0) at
 libavcodec/h264_mc_template.c:58
 #4  0x00000000007627c8 in hl_motion_420_simple_8 (weight_avg=<optimized
 out>,
     weight_op=<optimized out>, chroma_avg=<optimized out>,
 qpix_avg=<optimized out>,
     chroma_put=<optimized out>, qpix_put=<optimized out>,
 dest_cr=<optimized out>,
     dest_cb=<optimized out>, dest_y=<optimized out>, h=<optimized out>)
     at libavcodec/h264_mc_template.c:82
 #5  hl_decode_mb_simple_8 (h=h at entry=0x1becd60) at
 libavcodec/h264_mb_template.c:182
 #6  0x000000000076372a in ff_h264_hl_decode_mb (h=h at entry=0x1becd60)
     at libavcodec/h264_mb.c:826
 #7  0x00000000007717e9 in decode_slice (avctx=<optimized out>,
 arg=arg at entry=0x7fffffffd2d8)
     at libavcodec/h264_slice.c:2432
 #8  0x000000000077686a in ff_h264_execute_decode_slices
 (h=h at entry=0x1becd60,
     context_count=context_count at entry=1) at libavcodec/h264_slice.c:2582
 #9  0x00000000007387bc in decode_nal_units (h=h at entry=0x1becd60,
 buf=buf at entry=0x1bb7b10 "",
     buf_size=buf_size at entry=14735,
 parse_extradata=parse_extradata at entry=0)
     at libavcodec/h264.c:1689
 #10 0x00000000007398d1 in h264_decode_frame (avctx=0x1b97040,
 data=0x1afad80,
     got_frame=0x7fffffffd75c, avpkt=<optimized out>) at
 libavcodec/h264.c:1826
 #11 0x0000000000b00528 in avcodec_decode_video2 (avctx=0x1b97040,
     picture=picture at entry=0x1afad80,
 got_picture_ptr=got_picture_ptr at entry=0x7fffffffd75c,
     avpkt=avpkt at entry=0x7fffffffd9e0) at libavcodec/utils.c:2372
 #12 0x0000000000484cfd in decode_video (ist=ist at entry=0x1ba6fe0,
     pkt=pkt at entry=0x7fffffffd9e0,
 got_output=got_output at entry=0x7fffffffd75c)
     at ffmpeg.c:1960
 #13 0x0000000000488dcc in process_input_packet (pkt=0x7fffffffd980,
 ist=0x1ba6fe0)
     at ffmpeg.c:2208
 #14 process_input (file_index=28281760) at ffmpeg.c:3708
 #15 0x000000000046f5e0 in transcode_step () at ffmpeg.c:3802
 #16 transcode () at ffmpeg.c:3854
 #17 main (argc=<optimized out>, argv=<optimized out>) at ffmpeg.c:4032
 (gdb) disass $pc,$pc+32
 Dump of assembler code from 0x8046f0 to 0x804710:
 => 0x00000000008046f0 <put_h264_qpel16_mc00_8_c+0>:     mov    (%rsi),%eax
    0x00000000008046f2 <put_h264_qpel16_mc00_8_c+2>:     lea
 (%rsi,%rdx,1),%rcx
    0x00000000008046f6 <put_h264_qpel16_mc00_8_c+6>:     mov    %eax,(%rdi)
    0x00000000008046f8 <put_h264_qpel16_mc00_8_c+8>:     mov
 0x4(%rsi),%eax
    0x00000000008046fb <put_h264_qpel16_mc00_8_c+11>:    mov
 %eax,0x4(%rdi)
    0x00000000008046fe <put_h264_qpel16_mc00_8_c+14>:    mov    (%rcx),%r8d
    0x0000000000804701 <put_h264_qpel16_mc00_8_c+17>:    lea
 (%rdi,%rdx,1),%rax
    0x0000000000804705 <put_h264_qpel16_mc00_8_c+21>:    mov    %r8d,(%rax)
    0x0000000000804708 <put_h264_qpel16_mc00_8_c+24>:    mov
 0x4(%rcx),%r8d
    0x000000000080470c <put_h264_qpel16_mc00_8_c+28>:    add    %rdx,%rcx
    0x000000000080470f <put_h264_qpel16_mc00_8_c+31>:    mov
 %r8d,0x4(%rax)
 End of assembler dump.
 (gdb) info register
 rax            0x0      0
 rbx            0x1becd60        29281632
 rcx            0x1beced0        29282000
 rdx            0x500    1280
 rsi            0x0      0
 rdi            0x2500ec0        38801088
 rbp            0x0      0x0
 rsp            0x7fffffffd018   0x7fffffffd018
 r8             0x0      0
 r9             0x0      0
 r10            0x1beced0        29282000
 r11            0x0      0
 r12            0x0      0
 r13            0x1c20180        29491584
 r14            0x0      0
 r15            0x2d0    720
 rip            0x8046f0 0x8046f0 <put_h264_qpel16_mc00_8_c>
 eflags         0x10287  [ CF PF SF IF RF ]
 cs             0x33     51
 ss             0x2b     43
 ds             0x0      0
 es             0x0      0
 fs             0x0      0
 gs             0x0      0
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/4416>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list