Opened 6 years ago
Closed 6 years ago
#7788 closed defect (invalid)
Custom-compiled FFmpeg 4.1.1 crashes on MacOS when reading files
| Reported by: | Jim | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | undetermined |
| Version: | unspecified | Keywords: | |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description
Hi there,
We bundle a version of FFmpeg with our software, in order to perform video transcoding. We compile this ourselves, to remove GPL-licensed code, and enable the VP9 codec.
Recently, we've upgraded our FFmpeg to version 4.1.1 (from 3.2.4); this has worked well on Windows and Linux platforms, but we're finding that our Mac version is segfaulting (signal 11) whenever it attempts to read certain video files. We don't have many different videos to test with, but it's been seen to crash with .wmv and .mpv files, but not with .mov files.
I've attached an archive that contains the binary executable and libraries we've built, the flags given to the configure script, and a test video that exhibits the issue.
The output when running FFmpeg through lldb is as follows:
$ lldb -- ffmpeg -i ~/Movies/Robotica_72011.mpv
(lldb) target create "ffmpeg"
Current executable set to 'ffmpeg' (x86_64).
(lldb) settings set -- target.run-args "-i" "/Users/buildbot/Movies/Robotica_72011.mpv"
(lldb) run
Process 91647 launched: '/usr/local/bin/ffmpeg' (x86_64)
ffmpeg version 4.1.1 Copyright (c) 2000-2019 the FFmpeg developers
built with Apple LLVM version 8.1.0 (clang-802.0.38)
configuration: --sysroot= --prefix=/usr/local/ --datadir=/usr/local/share/ffmpeg --enable-ffmpeg --disable-ffplay --disable-ffprobe --disable-doc --disable-network --enable-shared --disable-static --disable-gpl --disable-protocols --enable-protocol=data --enable-protocol=file --enable-protocol=pipe --enable-protocol=unix --enable-libvpx --disable-encoders --enable-encoder=pcm_s16le --enable-encoder=ljpeg --enable-encoder=mjpeg --enable-encoder=jpegls --enable-encoder=jpeg2000 --enable-encoder=png --enable-encoder=bmp --enable-encoder=libvpx_vp8 --enable-encoder=libvpx_vp9 --enable-decoder=png --enable-decoder=h264 --disable-bzlib --disable-lzma --enable-zlib --disable-openssl --disable-sdl2 --disable-securetransport --disable-libxcb --disable-devices --enable-lto --enable-pic --extra-ldflags=' libavutil 56. 22.100 / 56. 22.100
libavcodec 58. 35.100 / 58. 35.100
libavformat 58. 20.100 / 58. 20.100
libavdevice 58. 5.100 / 58. 5.100
libavfilter 7. 40.101 / 7. 40.101
libswscale 5. 3.100 / 5. 3.100
libswresample 3. 3.100 / 3. 3.100
Process 91647 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
frame #0: 0x00000001009dbd72 libavcodec.58.dylib`ff_blockdsp_init + 134
libavcodec.58.dylib`ff_blockdsp_init:
-> 0x1009dbd72 <+134>: movdqa %xmm0, (%rbx)
0x1009dbd76 <+138>: andl $0x8004000, %eax ; imm = 0x8004000
0x1009dbd7b <+143>: cmpl $0x4000, %eax ; imm = 0x4000
0x1009dbd80 <+148>: jne 0x1009dbd9a ; <+174>
As you can see, the only element of the backtrace is 'ff_blockdsp_init()'. We've reproduced this issue on three separate Mac computers (One running OSX 10.11, and two running OSX 10.13.6), and we've seen the exact same trace on all three, and with different video files.
Possibly related: In another part of the project, we're also making calls into libavcodec directly (in order to probe for video length, etc.), and we've been seeing similar Mac crashes on the same files; I suspect this is the same issue, although it doesn't happen reliably on all machines tested, and I've had a much harder time investigating it.
I'd be happy to provide more details if needed. Thanks for any assistance you can give.
Change History (9)
comment:1 by , 6 years ago
comment:2 by , 6 years ago
| Component: | ffmpeg → avcodec |
|---|
Can you compile ffmpeg with --enable-debug=gdb --disable-optimizations, and try to reproduce the crash again?
Also, post a backtrace and register state at the moment of the crash, not just the disassembly.
comment:3 by , 6 years ago
I compiled with --enable-debug=gdb and --disable-optimizations (on top of the previously used flags), and the crash wouldn't happen:
$ lldb -- ffmpeg -i ~/Movies/Stormchasers_720.wmv
(lldb) target create "ffmpeg"
Current executable set to 'ffmpeg' (x86_64).
(lldb) settings set -- target.run-args "-i" "/Users/buildbot/Movies/Stormchasers_720.wmv"
(lldb) run
Process 70612 launched: '/usr/local/bin/ffmpeg' (x86_64)
ffmpeg version 4.1.1 Copyright (c) 2000-2019 the FFmpeg developers
built with Apple LLVM version 8.1.0 (clang-802.0.38)
configuration: --sysroot= --prefix=/usr/local/ --datadir=/usr/local/share/ffmpeg --enable-ffmpeg --disable-ffplay --disable-ffprobe --disable-doc --disable-network --enable-shared --disable-static --disable-gpl --disable-protocols --enable-protocol=data --enable-protocol=file --enable-protocol=pipe --enable-protocol=unix --enable-libvpx --disable-encoders --enable-encoder=pcm_s16le --enable-encoder=ljpeg --enable-encoder=mjpeg --enable-encoder=jpegls --enable-encoder=jpeg2000 --enable-encoder=png --enable-encoder=bmp --enable-encoder=libvpx_vp8 --enable-encoder=libvpx_vp9 --enable-decoder=png --enable-decoder=h264 --disable-bzlib --disable-lzma --enable-zlib --disable-openssl --disable-sdl2 --disable-securetransport --disable-libxcb --disable-devices --enable-lto --enable-pic --extra-ldflags=' libavutil 56. 22.100 / 56. 22.100
libavcodec 58. 35.100 / 58. 35.100
libavformat 58. 20.100 / 58. 20.100
libavdevice 58. 5.100 / 58. 5.100
libavfilter 7. 40.101 / 7. 40.101
libswscale 5. 3.100 / 5. 3.100
libswresample 3. 3.100 / 3. 3.100
Input #0, asf, from '/Users/buildbot/Movies/Stormchasers_720.wmv':
Metadata:
WM/WMADRCAverageTarget: 8904
WMFSDKNeeded : 0.0.0.0000
WM/WMADRCPeakReference: 31279
WM/WMADRCPeakTarget: 31279
WM/WMADRCAverageReference: 8904
DeviceConformanceTemplate: MP@HL
WMFSDKVersion : 9.00.00.2980
IsVBR : 0
Duration: 00:01:31.18, start: 0.000000, bitrate: 6331 kb/s
Stream #0:0(eng): Audio: wmapro (b[1][0][0] / 0x0162), 48000 Hz, 5.1, fltp, 384 kb/s
Stream #0:1(eng): Video: wmv3 (Main) (WMV3 / 0x33564D57), yuv420p, 1280x720, 6000 kb/s, 23.98 fps, 23.98 tbr, 1k tbn, 1k tbc
At least one output file must be specified
Since this seems to be optimisation-dependent, I tried again with only --enable-debug=gdb (and also getting the full backtrace, disassembly and registers like I should have done the first time):
$ lldb -- ffmpeg -i ~/Movies/Stormchasers_720.wmv
(lldb) target create "ffmpeg"
Current executable set to 'ffmpeg' (x86_64).
(lldb) settings set -- target.run-args "-i" "/Users/buildbot/Movies/Stormchasers_720.wmv"
(lldb) run
Process 89551 launched: '/usr/local/bin/ffmpeg' (x86_64)
ffmpeg version 4.1.1 Copyright (c) 2000-2019 the FFmpeg developers
built with Apple LLVM version 8.1.0 (clang-802.0.38)
configuration: --sysroot= --prefix=/usr/local/ --datadir=/usr/local/share/ffmpeg --enable-ffmpeg --disable-ffplay --disable-ffprobe --disable-doc --disable-network --enable-shared --disable-static --disable-gpl --disable-protocols --enable-protocol=data --enable-protocol=file --enable-protocol=pipe --enable-protocol=unix --enable-libvpx --disable-encoders --enable-encoder=pcm_s16le --enable-encoder=ljpeg --enable-encoder=mjpeg --enable-encoder=jpegls --enable-encoder=jpeg2000 --enable-encoder=png --enable-encoder=bmp --enable-encoder=libvpx_vp8 --enable-encoder=libvpx_vp9 --enable-decoder=png --enable-decoder=h264 --disable-bzlib --disable-lzma --enable-zlib --disable-openssl --disable-sdl2 --disable-securetransport --disable-libxcb --disable-devices --enable-lto --enable-pic --extra-ldflags=' libavutil 56. 22.100 / 56. 22.100
libavcodec 58. 35.100 / 58. 35.100
libavformat 58. 20.100 / 58. 20.100
libavdevice 58. 5.100 / 58. 5.100
libavfilter 7. 40.101 / 7. 40.101
libswscale 5. 3.100 / 5. 3.100
libswresample 3. 3.100 / 3. 3.100
Process 89551 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
frame #0: 0x00000001009dbd72 libavcodec.58.dylib`ff_blockdsp_init + 134
libavcodec.58.dylib`ff_blockdsp_init:
-> 0x1009dbd72 <+134>: movdqa %xmm0, (%rbx)
0x1009dbd76 <+138>: andl $0x8004000, %eax ; imm = 0x8004000
0x1009dbd7b <+143>: cmpl $0x4000, %eax ; imm = 0x4000
0x1009dbd80 <+148>: jne 0x1009dbd9a ; <+174>
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
* frame #0: 0x00000001009dbd72 libavcodec.58.dylib`ff_blockdsp_init + 134
frame #1: 0x0000000100dd9ea3 libavcodec.58.dylib`ff_mpv_common_init + 695
frame #2: 0x0000000100b0e3bb libavcodec.58.dylib`ff_h263_decode_init + 409
frame #3: 0x0000000100e0dcf1 libavcodec.58.dylib`ff_msmpeg4_decode_init + 64
frame #4: 0x0000000100f4da62 libavcodec.58.dylib`vc1_decode_init + 563
frame #5: 0x0000000100f18937 libavcodec.58.dylib`avcodec_open2 + 3959
frame #6: 0x00000001004f9e1c libavformat.58.dylib`avformat_find_stream_info + 748
frame #7: 0x00000001000049a2 ffmpeg`open_input_file + 1682
frame #8: 0x0000000100005dc8 ffmpeg`open_files + 248
frame #9: 0x00000001000145ae ffmpeg`main + 2974
frame #10: 0x00007fff5c060015 libdyld.dylib`start + 1
frame #11: 0x00007fff5c060015 libdyld.dylib`start + 1
(lldb) reg read
General Purpose Registers:
rax = 0x00000000000fd3db
rbx = 0x000000010302e8c8
rcx = 0x0000000000000008
rdx = 0x7fffffffffffffff
rdi = 0x000000010302e8c8
rsi = 0x00000000000002d0
rbp = 0x0000000000000000
rsp = 0x00007ffeefbfedd0
r8 = 0x0000000000000000
r9 = 0x0000000103012800
r10 = 0x7fffffffffffffff
r11 = 0x0000000000000003
r12 = 0x0000000000000001
r13 = 0x00000001028075c8
r14 = 0x000000010302e160
r15 = 0x000000010302de00
rip = 0x00000001009dbd72 libavcodec.58.dylib`ff_blockdsp_init + 134
rflags = 0x0000000000010202
cs = 0x000000000000002b
fs = 0x0000000000000000
gs = 0x0000000000000000
(lldb) disass -s $pc-32 -e $pc+32
libavcodec.58.dylib`ff_blockdsp_init:
0x1009dbd52 <+102>: wait
0x1009dbd53 <+103>: addb %dh, %bl
0x1009dbd55 <+105>: movd %mm0, 0x9b456c(%rip) ; (void *)0x00000001005dce70: ff_clear_block_sse
0x1009dbd5c <+112>: jmp 0x1009dbd6e ; <+130>
0x1009dbd5e <+114>: movq 0x9b4572(%rip), %xmm1 ; (void *)0x00000001005dcec0: ff_clear_blocks_mmx, xmm1 = mem[0],zero
0x1009dbd66 <+122>: movq 0x9b4552(%rip), %xmm0 ; (void *)0x00000001005dce20: ff_clear_block_mmx, xmm0 = mem[0],zero
0x1009dbd6e <+130>: punpcklqdq %xmm1, %xmm0 ; xmm0 = xmm0[0],xmm1[0]
-> 0x1009dbd72 <+134>: movdqa %xmm0, (%rbx)
0x1009dbd76 <+138>: andl $0x8004000, %eax ; imm = 0x8004000
0x1009dbd7b <+143>: cmpl $0x4000, %eax ; imm = 0x4000
0x1009dbd80 <+148>: jne 0x1009dbd9a ; <+174>
0x1009dbd82 <+150>: movq 0x9b4546(%rip), %xmm0 ; (void *)0x00000001005dcf40: ff_clear_blocks_avx, xmm0 = mem[0],zero
0x1009dbd8a <+158>: movq 0x9b4526(%rip), %xmm1 ; (void *)0x00000001005dcea0: ff_clear_block_avx, xmm1 = mem[0],zero
comment:4 by , 6 years ago
I compiled with --enable-debug=gdb and --disable-optimizations (on top of the previously used flags), and the crash wouldn't happen
rbx = 0x000000010302e8c8
-> 0x1009dbd72 <+134>: movdqa %xmm0, (%rbx)
Looks like a compiler bug. The code it generates results in unaligned memory access when using movdqa, something that doesn't happen when you compile with --disable-optimizations as it removes -O3 and similar compiler optimization flags.
Is this the same compiler you used for ffmpeg 3.4.2, which you say worked? It's evidently ignoring the -fno-tree-vectorize flag we use precisely to prevent compilers from making mistakes like this.
comment:5 by , 6 years ago
I'm afraid there's been a fair amount of juggling with SDKs lately, so I'm not 100% certain that the exact same compiler is being used; however, both the new and previous versions of FFmpeg report that they were compiled with "Apple LLVM version 8.1.0 (clang-802.0.38)". We're now using SDK version 10.11, in any case.
Also, I'm afraid I made a mistake in my first post; the original FFmpeg version used was 3.3.1 on the Mac (it was 3.2.4 on the other platforms).
comment:6 by , 6 years ago
Can you try configuring with --extra-cflags="-fno-slp-vectorize" and see if that fixes the crash when you don't use --disable-optimizations?
comment:7 by , 6 years ago
I've tried "--extra-cflags="-fno-slp-vectorize""; it still crashes. It looks like the same issue (same backtrace and disassembly address, at least) but I can provide the full logs if you want.
comment:8 by , 6 years ago
Just to let you know, we've managed to fix this issue by upgrading XCode on our Mac build system to the latest version. Our new compiler version is "Apple LLVM version 10.0.0 (clang-1000.11.45.5)", so I guess this was a previously-fixed bug in the compiler.
Thanks for your advice, it was a great help!
comment:9 by , 6 years ago
| Component: | avcodec → undetermined |
|---|---|
| Resolution: | → invalid |
| Status: | new → closed |
| Version: | 4.1 → unspecified |
Thank you for the confirmation.
I can't upload the archive because it's 20 MiB, so it's linked here: https://we.tl/t-ZDjzfTJGqF