From owner-freebsd-bugs@FreeBSD.ORG Sat May 3 16:40:00 2014 Return-Path: Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 85EE0A94 for ; Sat, 3 May 2014 16:40:00 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 627ED1C86 for ; Sat, 3 May 2014 16:40:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s43Ge0Hp002117 for ; Sat, 3 May 2014 16:40:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s43Ge0eT002116; Sat, 3 May 2014 16:40:00 GMT (envelope-from gnats) Resent-Date: Sat, 3 May 2014 16:40:00 GMT Resent-Message-Id: <201405031640.s43Ge0eT002116@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Adrian Chadd Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C22844EE for ; Sat, 3 May 2014 16:33:18 +0000 (UTC) Received: from cgiserv.freebsd.org (cgiserv.freebsd.org [IPv6:2001:1900:2254:206a::50:4]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id ADC921C19 for ; Sat, 3 May 2014 16:33:18 +0000 (UTC) Received: from cgiserv.freebsd.org ([127.0.1.6]) by cgiserv.freebsd.org (8.14.8/8.14.8) with ESMTP id s43GXIiV017358 for ; Sat, 3 May 2014 16:33:18 GMT (envelope-from nobody@cgiserv.freebsd.org) Received: (from nobody@localhost) by cgiserv.freebsd.org (8.14.8/8.14.8/Submit) id s43GXICV017345; Sat, 3 May 2014 16:33:18 GMT (envelope-from nobody) Message-Id: <201405031633.s43GXICV017345@cgiserv.freebsd.org> Date: Sat, 3 May 2014 16:33:18 GMT From: Adrian Chadd To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: misc/189317: [chrome] [libffmpeg] SIGBUS in libffmpeg X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 May 2014 16:40:00 -0000 >Number: 189317 >Category: misc >Synopsis: [chrome] [libffmpeg] SIGBUS in libffmpeg >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat May 03 16:40:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Adrian Chadd >Release: 11-CURRENT >Organization: >Environment: FreeBSD lucy-11i386 11.0-CURRENT FreeBSD 11.0-CURRENT #0 r265255: Fri May 2 23:16:44 PDT 2014 adrian@lucy-11i386:/usr/home/adrian/work/freebsd/head/obj/usr/home/adrian/work/freebsd/head/src/sys/LUCY_11_i386 i386 >Description: I get bus errors in libffmeg when running inside Chrome. Core was generated by `chrome'. Program terminated with signal 10, Bus error. #0 0x309fa3e2 in ff_deblock_v_luma_8_sse2 () from /usr/local/share/chromium/libffmpegsumo.so (gdb) bt #0 0x309fa3e2 in ff_deblock_v_luma_8_sse2 () from /usr/local/share/chromium/libffmpegsumo.so #1 0xffffffff in ?? () #2 0x308aa2b1 in ?? () from /usr/local/share/chromium/libffmpegsumo.so #3 0x308929f5 in ?? () from /usr/local/share/chromium/libffmpegsumo.so Backtrace stopped: previous frame inner to this frame (corrupt stack?) (gdb) disassemble 0x309fa3e2 .. .. 0x309fa3e0 <+32>: add %eax,%esi => 0x309fa3e2 <+34>: movdqa (%esi,%ecx,1),%xmm0 0x309fa3e7 <+39>: movdqa (%esi,%ecx,2),%xmm1 0x309fa3ec <+44>: movdqa (%eax),%xmm2 0x309fa3f0 <+48>: movdqa (%eax,%ecx,1),%xmm3 (gdb) info all-registers eax 0xbf4d65c8 -1085446712 ecx 0x10 16 edx 0x7 7 ebx 0x2 2 esp 0xbf4d6548 0xbf4d6548 ebp 0xbf4d66cc 0xbf4d66cc esi 0xbf4d6598 -1085446760 edi 0x380 896 eip 0x309fa3e2 0x309fa3e2 eflags 0x210283 [ CF SF IF RF ID ] cs 0x33 51 ss 0x3b 59 ds 0xbfbf003b -1078001605 es 0x3b 59 fs 0xbfbf003b -1078001605 gs 0x1b 27 st0 -nan(0x2222222222222222) (raw 0xffff2222222222222222) st1 -nan(0x2323232323232323) (raw 0xffff2323232323232323) st2 -nan(0x2424242423232323) (raw 0xffff2424242423232323) st3 -nan(0x2424242424242424) (raw 0xffff2424242424242424) st4 -nan(0x202020201f1f1f1f) (raw 0xffff202020201f1f1f1f) st5 -nan(0x2222222222222222) (raw 0xffff2222222222222222) st6 -nan(0x2222222222222222) (raw 0xffff2222222222222222) st7 -nan(0x2222222222222222) (raw 0xffff2222222222222222) fctrl 0x127f 4735 fstat 0x20 32 ftag 0xaaff 43775 fiseg 0x33 51 fioff 0x309d253b 815605051 foseg 0x3b 59 fooff 0xbf4d6abc -1085445444 fop 0x59c 1436 xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 }, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = { 0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 }, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = { 0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 }, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = { 0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 }, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = { 0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 }, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = { 0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 }, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = { 0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 }, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = { 0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 }, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = { 0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} mxcsr 0x1f80 [ IM DM ZM OM UM PM ] mm0 {uint64 = 0x2222222222222222, v2_int32 = {0x22222222, 0x22222222}, v4_int16 = {0x2222, 0x2222, 0x2222, 0x2222}, v8_int8 = {0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22}} mm1 {uint64 = 0x2323232323232323, v2_int32 = {0x23232323, 0x23232323}, v4_int16 = {0x2323, 0x2323, 0x2323, 0x2323}, v8_int8 = {0x23, 0x23, 0x23, 0x23, 0x23, 0x23, ---Type to continue, or q to quit--- 0x23, 0x23}} mm2 {uint64 = 0x2424242423232323, v2_int32 = {0x23232323, 0x24242424}, v4_int16 = {0x2323, 0x2323, 0x2424, 0x2424}, v8_int8 = {0x23, 0x23, 0x23, 0x23, 0x24, 0x24, 0x24, 0x24}} mm3 {uint64 = 0x2424242424242424, v2_int32 = {0x24242424, 0x24242424}, v4_int16 = {0x2424, 0x2424, 0x2424, 0x2424}, v8_int8 = {0x24, 0x24, 0x24, 0x24, 0x24, 0x24, 0x24, 0x24}} mm4 {uint64 = 0x202020201f1f1f1f, v2_int32 = {0x1f1f1f1f, 0x20202020}, v4_int16 = {0x1f1f, 0x1f1f, 0x2020, 0x2020}, v8_int8 = {0x1f, 0x1f, 0x1f, 0x1f, 0x20, 0x20, 0x20, 0x20}} mm5 {uint64 = 0x2222222222222222, v2_int32 = {0x22222222, 0x22222222}, v4_int16 = {0x2222, 0x2222, 0x2222, 0x2222}, v8_int8 = {0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22}} mm6 {uint64 = 0x2222222222222222, v2_int32 = {0x22222222, 0x22222222}, v4_int16 = {0x2222, 0x2222, 0x2222, 0x2222}, v8_int8 = {0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22}} mm7 {uint64 = 0x2222222222222222, v2_int32 = {0x22222222, 0x22222222}, v4_int16 = {0x2222, 0x2222, 0x2222, 0x2222}, v8_int8 = {0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22}} . there's data at the given offset: (gdb) x/32x $esi 0xbf4d6598: 0x2022201c 0x21212121 0x20202020 0x20202020 0xbf4d65a8: 0x2225221e 0x24242424 0x23232323 0x23232323 0xbf4d65b8: 0x2326241f 0x25252525 0x24242424 0x24242424 0xbf4d65c8: 0x2224221e 0x23232323 0x22222222 0x22222222 0xbf4d65d8: 0x2224221e 0x23232323 0x22222222 0x22222222 0xbf4d65e8: 0x2224221e 0x23232323 0x22222222 0x22222222 0xbf4d65f8: 0x00000000 0x3f0c9000 0x30a6cfac 0x308b5088 0xbf4d6608: 0x3f21e814 0x00000380 0x00000008 0x00000003 . however it looks like the source address isn't double quadword aligned. So, what gives? >How-To-Repeat: Chrome; look at any news sites full of embedded video crap. >Fix: .. I'm not sure if it's a compiler generation bug or a dumb-source code bug. >Release-Note: >Audit-Trail: >Unformatted: