Bug#872503: ffmpeg: armhf SIGBUS in ff_diff_pixels_armv6 running winff autopkgtest

James Cowgill jcowgill at debian.org
Thu Aug 17 20:59:12 UTC 2017 

Source: ffmpeg
Version: 7:3.3.3-3
Severity: important
Control: found -1 7:3.2.4-1
Control: affects -1 src:winff

Hi,

Just noticed that winff's autopkgtests fail on armhf because ffmpeg
receives a SIGBUS.

The failing command is:

> /usr/bin/ffmpeg -i test.avi -vcodec flv -f flv -r 29.97 -vf scale=w=320:h=240 -aspect 4:3 -b:v 300k -g 160 -cmp dct -subcmp dct -mbd 2 -flags +aic+mv0+mv4 -trellis 1 -ac 1 -ar 22050 -b:a 56k -y -t 1 test.flv

Where test.avi can be obtained from the winff source package:
https://sources.debian.net/src/winff/1.5.5-1/debian/tests/test.avi/

Backtrace:
> (gdb) bt
> #0  ff_diff_pixels_armv6 () at src/libavcodec/arm/pixblockdsp_armv6.S:46
> #1  0xf6540fe8 in dct_sad8x8_c (h=8, stride=352,
>     src2=0xaacf377f "ddefhiiihllllmmmnllllllllnnoopqqruuuvvvwwyyz{{|}}\200\200\201\201\202\203\203\203\202\202\202\203\203\203\204\204\206\205\205\204\204\203\203\203\200\201\201\201\201\202\202\202\206\206\206\206\206\206\206\206\210\212\215\220\222\222\221\220\220\220\220\221\221\222\222\222\223\223\224\225\225\226\226\227\235\235\236\236\236", '\237' <repeats 13 times>, "\240\240\241\241\242\242\243\243\243\244\245\245\246\246\247\250\250\251\251\252\252\253\251\251\252\252\252\253\253\253\255\255\255\255\255\255\255\255\256\256\257\257\257\260\260\260\261\261\261\261\261\261\261\261\263\263\263\264\264\264\265\265\264\264\264\264\264\264\264"...,
>     src1=0xaadf6990 "bcegijjkkklononnnmmmmmnnnoppqqqrvvuuuvwxy{|}}}}~~\177\200\201\201\202\203\202\202\203\204\204\204\204\205\205\206\206\206\206\205\205\205\204\203\203\203\202\202\202\202\202\203\204\204\205\205\207\211\210\211\213\215\220\222\222\221\221\221\221\220\220\220\220\221\223\223\224\225\226\225\225\225\227\232\233\234\235\235\234\234\235\235\235\236\237\236\237\240\237\236\236\237\237\237\240\241\241\241\241\242\243\243\243\244\245\244\245\246\246\246\247\247\250\251\252\253\253\253\253\252\252\254\254\254\254\254\255\255\256\257\257\257\257\257\257\257\257\260\260\261\262\262\261\260\261\261\262\262\262\263\264\264\264\264\264\264\264\264\264\264\263"..., s=0xaac58b10) at src/libavcodec/me_cmp.c:631
> #2  dct_sad16_c (s=0xaac58b10,
>     dst=0xaadf6990 "bcegijjkkklononnnmmmmmnnnoppqqqrvvuuuvwxy{|}}}}~~\177\200\201\201\202\203\202\202\203\204\204\204\204\205\205\206\206\206\206\205\205\205\204\203\203\203\202\202\202\202\202\203\204\204\205\205\207\211\210\211\213\215\220\222\222\221\221\221\221\220\220\220\220\221\223\223\224\225\226\225\225\225\227\232\233\234\235\235\234\234\235\235\235\236\237\236\237\240\237\236\236\237\237\237\240\241\241\241\241\242\243\243\243\244\245\244\245\246\246\246\247\247\250\251\252\253\253\253\253\252\252\254\254\254\254\254\255\255\256\257\257\257\257\257\257\257\257\260\260\261\262\262\261\260\261\261\262\262\262\263\264\264\264\264\264\264\264\264\264\264\263"...,
>     src=0xaacf377f "ddefhiiihllllmmmnllllllllnnoopqqruuuvvvwwyyz{{|}}\200\200\201\201\202\203\203\203\202\202\202\203\203\203\204\204\206\205\205\204\204\203\203\203\200\201\201\201\201\202\202\202\206\206\206\206\206\206\206\206\210\212\215\220\222\222\221\220\220\220\220\221\221\222\222\222\223\223\224\225\225\226\226\227\235\235\236\236\236", '\237' <repeats 13 times>, "\240\240\241\241\242\242\243\243\243\244\245\245\246\246\247\250\250\251\251\252\252\253\251\251\252\252\252\253\253\253\255\255\255\255\255\255\255\255\256\256\257\257\257\260\260\260\261\261\261\261\261\261\261\261\263\263\263\264\264\264\265\265\264\264\264\264\264\264\264"..., stride=352, h=16) at src/libavcodec/me_cmp.c:971
> #3  0xf6570cec in cmp_inline (chroma=0, qpel=0, chroma_cmp_func=<optimized out>, cmp_func=0x0, src_index=<optimized out>, ref_index=<optimized out>,
>     h=16, size=0, suby=0, subx=0, y=<optimized out>, x=-1, s=0x0) at src/libavcodec/motion_est.c:217
> #4  cmp_simple (chroma_cmp_func=<optimized out>, cmp_func=0x0, src_index=<optimized out>, ref_index=<optimized out>, y=<optimized out>, x=-1, s=0x0)
>     at src/libavcodec/motion_est.c:234
> #5  cmp (flags=0, chroma_cmp_func=<optimized out>, cmp_func=0x0, src_index=<optimized out>, ref_index=<optimized out>, h=16, size=0, suby=0, subx=0,
>     y=<optimized out>, x=-1, s=0x0) at src/libavcodec/motion_est.c:266
> #6  small_diamond_search (flags=0, h=16, size=0, penalty_factor=-16, ref_index=240, src_index=2, dmin=<optimized out>, best=0xfffee064, s=0x0)
>     at src/libavcodec/motion_est_template.c:445
> #7  diamond_search (flags=0, h=16, size=0, penalty_factor=-16, ref_index=240, src_index=2, dmin=<optimized out>, best=0xfffee064, s=0x0)
>     at src/libavcodec/motion_est_template.c:840
> #8  epzs_motion_search_internal (h=16, size=0, flags=0, ref_mv_scale=0, last_mv=0x0, ref_index=-162058212, src_index=0, P=0xfffee01c,
>     my_ptr=0xf77efce8 <__stack_chk_guard>, mx_ptr=0x15, s=0x1196a700) at src/libavcodec/motion_est_template.c:966
> #9  ff_epzs_motion_search (s=0x1196a700, s at entry=0xaac58b10, mx_ptr=0x15, mx_ptr at entry=0xfffee0e4, my_ptr=0xf77efce8 <__stack_chk_guard>,
>     my_ptr at entry=0xfffee0e8, P=P at entry=0xfffee0ec, src_index=src_index at entry=0, ref_index=ref_index at entry=0, last_mv=0xaaccf9b8, ref_mv_scale=32768,
>     ref_mv_scale at entry=65536, size=size at entry=0, h=h at entry=16) at src/libavcodec/motion_est_template.c:984
> #10 0xf657301c in ff_estimate_p_frame_motion (s=s at entry=0xaac58b10, mb_x=49, mb_y=-1428350416) at src/libavcodec/motion_est.c:978
> #11 0xf65c1cd4 in estimate_motion_thread (c=<optimized out>, arg=<optimized out>) at src/libavcodec/mpegvideo_enc.c:2876
> #12 0xf671d23c in avcodec_default_execute (c=0xaac5c580, func=0xf65c1c18 <estimate_motion_thread>, arg=<optimized out>, ret=<optimized out>,
>     count=1, size=4) at src/libavcodec/utils.c:1015
> #13 0xf65c9304 in encode_picture (picture_number=0, s=0xaac58b10) at src/libavcodec/mpegvideo_enc.c:3824
> #14 ff_mpv_encode_picture (avctx=avctx at entry=0xaac5c580, pkt=pkt at entry=0xaac698e0, pic_arg=pic_arg at entry=0xaacf1fd0,
>     got_packet=got_packet at entry=0xfffee308) at src/libavcodec/mpegvideo_enc.c:1962
> #15 0xf671e110 in avcodec_encode_video2 (avctx=avctx at entry=0xaac5c580, avpkt=0xaac698e0, frame=frame at entry=0xaacf1fd0,
>     got_packet_ptr=got_packet_ptr at entry=0xfffee308) at src/libavcodec/utils.c:2008
> #16 0xf671e488 in do_encode (avctx=0xaac5c580, frame=0xaacf1fd0, got_packet=0xfffee308) at src/libavcodec/utils.c:2979
> #17 0xf6725330 in avcodec_send_frame (avctx=0xaac5c580, frame=0xaacf1fd0) at src/libavcodec/utils.c:3028
> #18 0xaaacc824 in do_video_out (of=0xf4240, ost=0xaac5c3c0, next_picture=0xaac5bf10, sync_ipts=1) at src/ffmpeg.c:1289
> #19 0xaaad15bc in reap_filters (flush=-1431350620) at src/ffmpeg.c:1507
> #20 0xaaad5df4 in transcode_step () at src/ffmpeg.c:4538
> #21 transcode () at src/ffmpeg.c:4582
> #22 0xaaab1cf4 in main (argc=<optimized out>, argv=<optimized out>) at src/ffmpeg.c:4787

Note the backtrace is taken just before the SIGBUS because
ff_diff_pixels_armv6 reuses lr which makes obtaining a backtrace
difficult otherwise.

> (gdb) c
> Continuing.                                          
> 
> Thread 1 "ffmpeg" received signal SIGBUS, Bus error.        
> ff_diff_pixels_armv6 () at src/libavcodec/arm/pixblockdsp_armv6.S:52
> 52              ldrd_post       r6,  r7,  r2,  r3

It appears that the 3rd argument (r2 / src2) is misaligned which causes
the SIGBUS:

> (gdb) info reg
> r0             0xfffedf20       4294893344
> r1             0xaadf6af0       2866768624
> r2             0xaacf377f       2865706879
> r3             0x160    352

At this point I stopped looking into the bug for now.

James

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20170817/c2d3f505/attachment.sig>

More information about the pkg-multimedia-maintainers mailing list