[FFmpeg-trac] #5368(avcodec:closed): I am Trying to find crashes in fffuzz using zzuf.

Thu Mar 24 10:38:03 CET 2016

#5368: I am Trying to find crashes in fffuzz using zzuf.
-------------------------------------+-------------------------------------
             Reporter:               |                    Owner:
  neerajsinghi                       |                   Status:  closed
                 Type:  defect       |                Component:  avcodec
             Priority:  important    |               Resolution:
              Version:  git-master   |  worksforme
             Keywords:  msmpeg4      |               Blocked By:
  deadlock                           |  Reproduced by developer:  0
             Blocking:               |
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------

Comment (by neerajsinghi):

 Actually it '''crashed during the zzuf test with signal 15''' so i was not
 able to get the backtrack information but when i tried rerunning it with
 same seed in the gdb it was not terminating '''i waited for around 8-10
 hours for it to terminate at the end i forcefully terminated it using
 Ctrl+C''' then i ran bt for getting the backtrack info
 and i got
 '''(gdb) bt
 '''#0 0x00007ffff63aa344 in ?? () from /usr/local/lib/libavcodec.so.57
 #1 0x00007ffff642b489 in ?? () from /usr/local/lib/libavcodec.so.57
 #2 0x00007ffff69045a6 in avcodec_decode_video2 ()
 from /usr/local/lib/libavcodec.so.57
 #3 0x00000000004025e6 in decode_packet (dec_ctx=0x615e20,
 dst_file=0x61cc50,
 frame=<optimized out>, got_frame=0x7fffffffdd2c,
 frame_count=0x7fffffffdd28, pkt=0x7fffffffdcd0) at main.c:55
 #4 0x0000000000402199 in main (argc=<optimized out>, argv=<optimized out>)
 at main.c:342
 (gdb) disass $pc-32,$pc+32
 Dump of assembler code from 0x7ffff63aa324 to 0x7ffff63aa364:
 0x00007ffff63aa324: and $0x28,%al
 0x00007ffff63aa326: mov 0x42c(%rbp),%edx
 0x00007ffff63aa32c: movq $0x0,0x170(%rsp)
 0x00007ffff63aa338: movq $0x0,0x178(%rsp)
 => 0x00007ffff63aa344: rep stos %rax,%es:(%rdi)
 0x00007ffff63aa347: mov 0x11c(%rsp),%eax
 0x00007ffff63aa34e: mov 0x58(%rsp),%ecx
 0x00007ffff63aa352: movq $0x0,0x180(%rsp)
 0x00007ffff63aa35e: movq $0x0,0x188(%rsp)
 End of assembler dump.
 (gdb) info all-registers
 rax 0x0 0
 rbx 0x1720140 24248640
 rcx 0x2 2
 rdx 0x17 23
 rsi 0xf 15
 rdi 0x7fffffffd8b0 140737488345264
 rbp 0x627f90 0x627f90
 rsp 0x7fffffffd6f0 0x7fffffffd6f0
 r8 0x16 22
 r9 0x0 0
 r10 0x6267b8 6449080
 r11 0x626e40 6450752
 ---Type <return> to continue, or q <return> to quit---
 r12 0x52bb 21179
 r13 0xd 13
 r14 0x7fffffffd880 140737488345216
 r15 0x628ae0 6458080
 rip 0x7ffff63aa344 0x7ffff63aa344
 eflags 0x10246 [ PF ZF IF RF ]
 cs 0x33 51
 ss 0x2b 43
 ds 0x0 0
 es 0x0 0
 fs 0x0 0
 gs 0x0 0
 ---Type <return> to continue, or q <return> to quit---
 st0 -nan(0x74787d81868a8c8c) (raw 0xffff74787d81868a8c8c)
 st1 -nan(0x74787d81868a8c8c) (raw 0xffff74787d81868a8c8c)
 st2 -nan(0x74787d81868a8c8c) (raw 0xffff74787d81868a8c8c)
 st3 -nan(0x74787d81868a8c8c) (raw 0xffff74787d81868a8c8c)
 st4 -nan(0x703060205010400) (raw 0xffff0703060205010400)
 st5 -nan(0x101010101010101) (raw 0xffff0101010101010101)
 st6 -nan(0x1000100010001) (raw 0xffff0001000100010001)
 st7 -nan(0x3000300030003) (raw 0xffff0003000300030003)
 fctrl 0x37f 895
 fstat 0x0 0
 ftag 0xaaaa 43690
 fiseg 0x0 0
 ---Type <return> to continue, or q <return> to quit---
 fioff 0x0 0
 foseg 0x0 0
 fooff 0x0 0
 fop 0x0 0
 mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ]
 ymm0 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double =
 {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x80, 0x80, 0x80,
 0x80, 0x80, 0x80, 0x81, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x81, 0x81,
 0x80, 0x0 <repeats 16 times>}, v16_int16 = {0x8080,
 0x8080, 0x8080, 0x8281, 0x8282, 0x8282, 0x8182, 0x8081, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x80808080,
 0x82818080, 0x82828282, 0x80818182, 0x0, 0x0, 0x0, 0x0}, v4_int64 =
 {0x8281808080808080, 0x8081818282828282, 0x0, 0x0},
 v2_int128 = {0x80818182828282828281808080808080,
 0x00000000000000000000000000000000}}
 ymm1 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double =
 {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x80, 0x80, 0x80,
 0x80, 0x80, 0x80, 0x81, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x81, 0x81,
 0x80, 0x0 <repeats 16 times>}, v16_int16 = {0x8080,
 ---Type <return> to continue, or q <return> to quit---
 0x8080, 0x8080, 0x8281, 0x8282, 0x8282, 0x8182, 0x8081, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x80808080,
 0x82818080, 0x82828282, 0x80818182, 0x0, 0x0, 0x0, 0x0}, v4_int64 =
 {0x8281808080808080, 0x8081818282828282, 0x0, 0x0},
 v2_int128 = {0x80818182828282828281808080808080,
 0x00000000000000000000000000000000}}
 ymm2 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double =
 {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x80, 0x80, 0x80,
 0x80, 0x80, 0x80, 0x81, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x81, 0x81,
 0x80, 0x0 <repeats 16 times>}, v16_int16 = {0x8080,
 0x8080, 0x8080, 0x8281, 0x8282, 0x8282, 0x8182, 0x8081, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x80808080,
 0x82818080, 0x82828282, 0x80818182, 0x0, 0x0, 0x0, 0x0}, v4_int64 =
 {0x8281808080808080, 0x8081818282828282, 0x0, 0x0},
 v2_int128 = {0x80818182828282828281808080808080,
 0x00000000000000000000000000000000}}
 ymm3 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double =
 {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x80, 0x80, 0x80,
 0x80, 0x80, 0x80, 0x81, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x81, 0x81,
 0x80, 0x0 <repeats 16 times>}, v16_int16 = {0x8080,
 0x8080, 0x8080, 0x8281, 0x8282, 0x8282, 0x8182, 0x8081, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x80808080,
 0x82818080, 0x82828282, 0x80818182, 0x0, 0x0, 0x0, 0x0}, v4_int64 =
 {0x8281808080808080, 0x8081818282828282, 0x0, 0x0},
 ---Type <return> to continue, or q <return> to quit---
 v2_int128 = {0x80818182828282828281808080808080,
 0x00000000000000000000000000000000}}
 ymm4 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double =
 {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x8, 0x1, 0x9,
 0x2, 0xa, 0x3, 0xb, 0x4, 0xc, 0x5, 0xd, 0x6, 0xe, 0x7, 0xf, 0x0 <repeats
 16 times>}, v16_int16 = {0x800, 0x901, 0xa02, 0xb03,
 0xc04, 0xd05, 0xe06, 0xf07, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
 v8_int32 = {0x9010800, 0xb030a02, 0xd050c04, 0xf070e06, 0x0,
 0x0, 0x0, 0x0}, v4_int64 = {0xb030a0209010800, 0xf070e060d050c04, 0x0,
 0x0}, v2_int128 = {0x0f070e060d050c040b030a0209010800,
 0x00000000000000000000000000000000}}
 ymm5 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double =
 {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
 0x1 <repeats 16 times>, 0x0 <repeats 16 times>}, v16_int16 = {0x101,
 0x101, 0x101, 0x101, 0x101, 0x101, 0x101, 0x101, 0x0, 0x0,
 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x1010101, 0x1010101,
 0x1010101, 0x1010101, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
 0x101010101010101, 0x101010101010101, 0x0, 0x0}, v2_int128 =
 {0x01010101010101010101010101010101,
 0x00000000000000000000000000000000}}
 ymm6 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double =
 {0x8000000000000000, 0x0, 0x0, 0x0}, v32_int8 = {
 ---Type <return> to continue, or q <return> to quit---
 0x22, 0xee, 0xe9, 0xbb, 0xef, 0x7d, 0xaf, 0x7b, 0x1, 0xb5, 0x89, 0x22,
 0x42, 0x40, 0x7c, 0x86, 0x0 <repeats 16 times>},
 v16_int16 = {0xee22, 0xbbe9, 0x7def, 0x7baf, 0xb501, 0x2289, 0x4042,
 0x867c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {
 0xbbe9ee22, 0x7baf7def, 0x2289b501, 0x867c4042, 0x0, 0x0, 0x0, 0x0},
 v4_int64 = {0x7baf7defbbe9ee22, 0x867c40422289b501, 0x0,
 0x0}, v2_int128 = {0x867c40422289b5017baf7defbbe9ee22,
 0x00000000000000000000000000000000}}
 ymm7 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double =
 {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
 0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 =
 {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
 0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000,
 0x00000000000000000000000000000000}}
 ymm8 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double =
 {0x8000000000000000, 0x8000000000000000, 0x0, 0x0},
 v32_int8 = {0x0, 0xff <repeats 15 times>, 0x0 <repeats 16 times>},
 v16_int16 = {0xff00, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 =
 {0xffffff00, 0xffffffff, 0xffffffff, 0xffffffff, 0x0, 0x0,
 0x0, 0x0}, v4_int64 = {0xffffffffffffff00, 0xffffffffffffffff, 0x0, 0x0},
 v2_int128 = {0xffffffffffffffffffffffffffffff00,
 0x00000000000000000000000000000000}}
 ---Type <return> to continue, or q <return> to quit---
 ymm9 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double =
 {0x8000000000000000, 0x8000000000000000, 0x0, 0x0},
 v32_int8 = {0xff <repeats 16 times>, 0x0 <repeats 16 times>}, v16_int16 =
 {0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xffffffff,
 0xffffffff, 0xffffffff, 0xffffffff, 0x0, 0x0, 0x0, 0x0},
 v4_int64 = {0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0}, v2_int128 =
 {0xffffffffffffffffffffffffffffffff,
 0x00000000000000000000000000000000}}
 ymm10 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double =
 {0x8000000000000000, 0x8000000000000000, 0x0, 0x0},
 v32_int8 = {0xff <repeats 16 times>, 0x0 <repeats 16 times>}, v16_int16 =
 {0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xffffffff,
 0xffffffff, 0xffffffff, 0xffffffff, 0x0, 0x0, 0x0, 0x0},
 v4_int64 = {0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0}, v2_int128 =
 {0xffffffffffffffffffffffffffffffff,
 0x00000000000000000000000000000000}}
 ymm11 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double =
 {0x8000000000000000, 0x8000000000000000, 0x0, 0x0},
 v32_int8 = {0xff <repeats 16 times>, 0x0 <repeats 16 times>}, v16_int16 =
 {0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
 ---Type <return> to continue, or q <return> to quit---
 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xffffffff,
 0xffffffff, 0xffffffff, 0xffffffff, 0x0, 0x0, 0x0, 0x0},
 v4_int64 = {0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0}, v2_int128 =
 {0xffffffffffffffffffffffffffffffff,
 0x00000000000000000000000000000000}}
 ymm12 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double =
 {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
 0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 =
 {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
 0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000,
 0x00000000000000000000000000000000}}
 ymm13 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double =
 {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x81, 0x81, 0x81,
 0x81, 0x81, 0x81, 0x82, 0x82, 0x83, 0x84, 0x85, 0x85, 0x85, 0x84, 0x84,
 0x83, 0x0 <repeats 16 times>}, v16_int16 = {0x8181,
 0x8181, 0x8181, 0x8282, 0x8483, 0x8585, 0x8485, 0x8384, 0x0, 0x0, 0x0,
 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x81818181,
 0x82828181, 0x85858483, 0x83848485, 0x0, 0x0, 0x0, 0x0}, v4_int64 =
 {0x8282818181818181, 0x8384848585858483, 0x0, 0x0},
 v2_int128 = {0x83848485858584838282818181818181,
 0x00000000000000000000000000000000}}
 ymm14 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double =
 {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x84, 0x84, 0x83,
 ---Type <return> to continue, or q <return> to quit---
 0x82, 0x81, 0x80 <repeats 11 times>, 0x0 <repeats 16 times>}, v16_int16 =
 {0x8484, 0x8283, 0x8081, 0x8080, 0x8080, 0x8080, 0x8080,
 0x8080, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x82838484,
 0x80808081, 0x80808080, 0x80808080, 0x0, 0x0, 0x0, 0x0},
 v4_int64 = {0x8080808182838484, 0x8080808080808080, 0x0, 0x0}, v2_int128 =
 {0x80808080808080808080808182838484,
 0x00000000000000000000000000000000}}
 ymm15 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double =
 {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
 0x80 <repeats 16 times>, 0x0 <repeats 16 times>}, v16_int16 = {0x8080,
 0x8080, 0x8080, 0x8080, 0x8080, 0x8080, 0x8080, 0x8080,
 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x80808080,
 0x80808080, 0x80808080, 0x80808080, 0x0, 0x0, 0x0, 0x0},
 v4_int64 = {0x8080808080808080, 0x8080808080808080, 0x0, 0x0}, v2_int128 =
 {0x80808080808080808080808080808080,
 0x00000000000000000000000000000000}}

 '''This was the output i got after using bt and the commands in the
 https://ffmpeg.org/bugreports.html page'''

--
Ticket URL: <https://trac.ffmpeg.org/ticket/5368#comment:5>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker