[Bug lto/85132] New: ffmpeg runtime segfault with lto

manuel.lauss at googlemail dot com gcc-bugzilla@gcc.gnu.org
Fri Mar 30 18:31:00 GMT 2018 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85132

            Bug ID: 85132
           Summary: ffmpeg runtime segfault with lto
           Product: gcc
           Version: 8.0.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: lto
          Assignee: unassigned at gcc dot gnu.org
          Reporter: manuel.lauss at googlemail dot com
                CC: marxin at gcc dot gnu.org
  Target Milestone: ---

ffmpeg-3.4.2 built with gcc-8 as of 20180330 and LTO enabled causes a runtime
segfault:

Thread 1 "mpv" received signal SIGSEGV, Segmentation fault.
0x00007ffff686b305 in ff_sine_window_init (window=0x7ffff739a2c0 <ff_sine_960>,
n=960) at src/libavcodec/sinewin_tablegen.h:73
73              window[i] = SIN_FIX(sinf((i + 0.5) * (M_PI / (2.0 * n))));
(gdb) bt
#0  0x00007ffff686b305 in ff_sine_window_init (window=0x7ffff739a2c0
<ff_sine_960>, n=960) at src/libavcodec/sinewin_tablegen.h:73
#1  0x00007ffff6861d54 in aac_static_table_init () at
src/libavcodec/aacdec_template.c:1142
#2  0x00007ffff511d187 in __pthread_once_slow (once_control=0x7ffff7b4cf20
<aac_table_init.lto_priv>, init_routine=0x7ffff6861256 <aac_static_table_init>)
at pthread_once.c:116
#3  0x00007ffff6862aae in aac_decode_init (avctx=0xa5ef00) at
src/libavcodec/aacdec_template.c:1159
#4  0x00007ffff6ecbef6 in avcodec_open2 (avctx=0xa5ef00, codec=<optimized out>,
options=<optimized out>) at src/libavcodec/utils.c:1020
#5  0x0000000000502b3a in ?? ()
#6  0x00000000004fb7be in ?? ()
#7  0x000000000045afb7 in ?? ()
#8  0x000000000045b8af in ?? ()
#9  0x00000000004d3246 in ?? ()
#10 0x000000000040fa21 in ?? ()
#11 0x00007ffff4c8854b in __libc_start_main (main=0x40f9d0, argc=2,
argv=0x7fffffffd1c8, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=0x7fffffffd1b8)
    at ../csu/libc-start.c:308
#12 0x000000000040fb9a in ?? ()
(gdb) disass
Dump of assembler code for function ff_sine_window_init:
   0x00007ffff686b2c9 <+0>:     push   %r12
   0x00007ffff686b2cb <+2>:     mov    %rdi,%r12
   0x00007ffff686b2ce <+5>:     push   %rbp
   0x00007ffff686b2cf <+6>:     mov    %esi,%ebp
   0x00007ffff686b2d1 <+8>:     push   %rbx
   0x00007ffff686b2d2 <+9>:     xor    %ebx,%ebx
   0x00007ffff686b2d4 <+11>:    cmp    %ebx,%ebp
   0x00007ffff686b2d6 <+13>:    jle    0x7ffff686b310 <ff_sine_window_init+71>
   0x00007ffff686b2d8 <+15>:    vmovsd 0x878108(%rip),%xmm2        #
0x7ffff70e33e8
   0x00007ffff686b2e0 <+23>:    vcvtsi2sd %ebp,%xmm0,%xmm0
   0x00007ffff686b2e4 <+27>:    vaddsd %xmm0,%xmm0,%xmm0
   0x00007ffff686b2e8 <+31>:    vcvtsi2sd %ebx,%xmm1,%xmm1
   0x00007ffff686b2ec <+35>:    vaddsd 0x87811c(%rip),%xmm1,%xmm1        #
0x7ffff70e3410
   0x00007ffff686b2f4 <+43>:    vdivsd %xmm0,%xmm2,%xmm0
   0x00007ffff686b2f8 <+47>:    vmulsd %xmm1,%xmm0,%xmm0
   0x00007ffff686b2fc <+51>:    vcvtsd2ss %xmm0,%xmm0,%xmm0
   0x00007ffff686b300 <+55>:    callq  0x7ffff6801db0 <sinf@plt>
=> 0x00007ffff686b305 <+60>:    vmovss %xmm0,(%r12,%rbx,4)
   0x00007ffff686b30b <+66>:    inc    %rbx
   0x00007ffff686b30e <+69>:    jmp    0x7ffff686b2d4 <ff_sine_window_init+11>
   0x00007ffff686b310 <+71>:    pop    %rbx
   0x00007ffff686b311 <+72>:    pop    %rbp
   0x00007ffff686b312 <+73>:    pop    %r12
   0x00007ffff686b314 <+75>:    retq   
End of assembler dump.
(gdb) info registers
rax            0x0                 0
rbx            0x0                 0
rcx            0x1                 1
rdx            0x78                120
rsi            0x3c0               960
rdi            0x7ffff739a2c0      140737341137600
rbp            0x3c0               0x3c0
rsp            0x7fffffffc840      0x7fffffffc840
r8             0x7fffffffa850      140737488332880
r9             0x7                 7
r10            0xfffffffffffffd07  -761
r11            0x7ffff5682c90      140737310633104
r12            0x7ffff739a2c0      140737341137600
r13            0x7fffffffc9f8      140737488341496
r14            0x0                 0
r15            0x0                 0
rip            0x7ffff686b305      0x7ffff686b305 <ff_sine_window_init+60>
eflags         0x10202             [ IF RF ]
cs             0x33                51
ss             0x2b                43
ds             0x0                 0
es             0x0                 0
fs             0x0                 0
gs             0x0                 0


Without LTO it's fine, the assembly of the faulting function is the same.
I tried to isolate a testcase but failed.

ffmpeg built with:
configure --prefix=/usr --libdir=/usr/lib64 --shlibdir=/usr/lib64
--docdir=/usr/share/doc/ffmpeg-3.4.2-r1/html --mandir=/usr/share/man
--enable-share
d --cc=x86_64-pc-linux-gnu-gcc --cxx=x86_64-pc-linux-gnu-g++
--ar=x86_64-pc-linux-gnu-ar --optflags=-O3 -ggdb -march=znver1 -mtune=znver1
-flto=16 -fno-fat-lto-objects -fno-strict-aliasing -fexpensive-optimizatio
ns -Wno-deprecated -pipe --disable-static --enable-avfilter --enable-avresample
--disable-stripping --enable-nonfree --enable-version3 --disable-indev=alsa
--disable-indev=oss --disable-indev=jack --disable-outde
v=alsa --disable-outdev=oss --enable-version3 --enable-version3 --enable-bzlib
--disable-runtime-cpudetect --disable-debug --disable-gcrypt --enable-gnutls
--enable-gmp --enable-gpl --enable-hardcoded-tables --en
able-iconv --enable-lzma --enable-network --disable-opencl --enable-openssl
--enable-postproc --disable-libsmbclient --enable-ffplay --enable-sdl2
--disable-vaapi --enable-vdpau --enable-xlib --enable-libxcb --en
able-libxcb-shm --enable-libxcb-xfixes --enable-zlib --disable-libcdio
--disable-libiec61883 --disable-libdc1394 --disable-libcaca --enable-openal
--enable-opengl --enable-libv4l2 --enable-libpulse --disable-libd
rm --enable-libopencore-amrwb --enable-libopencore-amrnb --disable-libfdk-aac
--enable-libopenjpeg --enable-libbluray --disable-libcelt --disable-libgme
--enable-libgsm --disable-mmal --disable-libmodplug --enabl
e-libopus --disable-libilbc --disable-librtmp --disable-libssh
--enable-libspeex --enable-librsvg --enable-libvorbis --enable-libvpx
--disable-libzvbi --disable-appkit --disable-libbs2b --disable-chromaprint --di
sable-libflite --disable-frei0r --disable-libfribidi --enable-fontconfig
--disable-ladspa --disable-libass --enable-libfreetype --disable-librubberband
--disable-libzmq --disable-libzimg --disable-libsoxr --enabl
e-pthreads --enable-libvo-amrwbenc --enable-libmp3lame --disable-libkvazaar
--enable-nvenc --disable-libopenh264 --disable-libsnappy --enable-libtheora
--disable-libtwolame --enable-libwavpack --enable-libwebp --
enable-libx264 --enable-libx265 --disable-libxvid --disable-armv5te
--disable-armv6 --disable-armv6t2 --disable-neon --disable-vfp --disable-vfpv3
--disable-armv8 --disable-mipsdsp --disable-mipsdspr2 --disable-m
ipsfpu --disable-altivec --disable-amd3dnow --disable-amd3dnowext
--disable-fma4 --disable-xop --enable-pic --cpu=znver1 --enable-lto
--disable-doc --disable-htmlpages --enable-manpages

Thanks!
      Manuel

More information about the Gcc-bugs mailing list