#5368 closed defect (worksforme)
I am Trying to find crashes in fffuzz using zzuf.
Reported by: | neerajsinghi | Owned by: | |
---|---|---|---|
Priority: | important | Component: | avcodec |
Version: | git-master | Keywords: | msmpeg4 deadlock |
Cc: | Blocked By: | ||
Blocking: | Reproduced by developer: | no | |
Analyzed by developer: | no |
Description
Problem Encountered: fffuzz crashed while converting these video files with seed .
Seed File Name
2035 Ikari_and_Rei_in_the_hospital-Shadowcry.avi
22413 Ikari_and_Rei_in_the_hospital-Shadowcry.avi
27310 Mansha.avi
1621 Ikari_and_Rei_in_the_hospital-Shadowcry.avi
With Signal 15.
Command Used: while true; SEED=$RANDOM; do
zzuf -M -1 -q -U 60 -s $SEED ./fffuzz "$file" /dev/null echo $SEED $file >> fuzz
done
Signal 15 Ikari_and_Rei_in_the_hospital-Shadowcry.avi
This was on the console and there is an file fuzz with the above output the seed and filename.
GDB Backtrace output
I first zzufed these files with the seeds using
zzuf -s 27310 cat Mansha.avi > fuzz3.avi
I ran gdb on the above four files .
For Ikari_and_Rei_in_the_hospital-Shadowcry.avi there was no crash in gdb.
But for Mansha.avi
There was an endless loop for fuzz3.avi it was not converting. I waited for arround 8 hours for it to finish but it was still running. So I forcefully terminated it.and Here is the backtrack output.
(gdb) bt
#0 0x00007ffff63aa344 in ?? () from /usr/local/lib/libavcodec.so.57
#1 0x00007ffff642b489 in ?? () from /usr/local/lib/libavcodec.so.57
#2 0x00007ffff69045a6 in avcodec_decode_video2 ()
from /usr/local/lib/libavcodec.so.57
#3 0x00000000004025e6 in decode_packet (dec_ctx=0x615e20, dst_file=0x61cc50,
frame=<optimized out>, got_frame=0x7fffffffdd2c,
frame_count=0x7fffffffdd28, pkt=0x7fffffffdcd0) at main.c:55
#4 0x0000000000402199 in main (argc=<optimized out>, argv=<optimized out>)
at main.c:342
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x7ffff63aa324 to 0x7ffff63aa364:
0x00007ffff63aa324: and $0x28,%al
0x00007ffff63aa326: mov 0x42c(%rbp),%edx
0x00007ffff63aa32c: movq $0x0,0x170(%rsp)
0x00007ffff63aa338: movq $0x0,0x178(%rsp)
=> 0x00007ffff63aa344: rep stos %rax,%es:(%rdi)
0x00007ffff63aa347: mov 0x11c(%rsp),%eax
0x00007ffff63aa34e: mov 0x58(%rsp),%ecx
0x00007ffff63aa352: movq $0x0,0x180(%rsp)
0x00007ffff63aa35e: movq $0x0,0x188(%rsp)
End of assembler dump.
(gdb) info all-registers
rax 0x0 0
rbx 0x1720140 24248640
rcx 0x2 2
rdx 0x17 23
rsi 0xf 15
rdi 0x7fffffffd8b0 140737488345264
rbp 0x627f90 0x627f90
rsp 0x7fffffffd6f0 0x7fffffffd6f0
r8 0x16 22
r9 0x0 0
r10 0x6267b8 6449080
r11 0x626e40 6450752
---Type <return> to continue, or q <return> to quit---
Attachments (2)
Change History (10)
by , 9 years ago
comment:1 by , 9 years ago
More backtrace
---Type <return> to continue, or q <return> to quit---
r12 0x52bb 21179
r13 0xd 13
r14 0x7fffffffd880 140737488345216
r15 0x628ae0 6458080
rip 0x7ffff63aa344 0x7ffff63aa344
eflags 0x10246 [ PF ZF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
---Type <return> to continue, or q <return> to quit---
st0 -nan(0x74787d81868a8c8c) (raw 0xffff74787d81868a8c8c)
st1 -nan(0x74787d81868a8c8c) (raw 0xffff74787d81868a8c8c)
st2 -nan(0x74787d81868a8c8c) (raw 0xffff74787d81868a8c8c)
st3 -nan(0x74787d81868a8c8c) (raw 0xffff74787d81868a8c8c)
st4 -nan(0x703060205010400) (raw 0xffff0703060205010400)
st5 -nan(0x101010101010101) (raw 0xffff0101010101010101)
st6 -nan(0x1000100010001) (raw 0xffff0001000100010001)
st7 -nan(0x3000300030003) (raw 0xffff0003000300030003)
fctrl 0x37f 895
fstat 0x0 0
ftag 0xaaaa 43690
fiseg 0x0 0
---Type <return> to continue, or q <return> to quit---
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ]
ymm0 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x80, 0x80, 0x80,
0x80, 0x80, 0x80, 0x81, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x81, 0x81, 0x80, 0x0 <repeats 16 times>}, v16_int16 = {0x8080,
0x8080, 0x8080, 0x8281, 0x8282, 0x8282, 0x8182, 0x8081, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x80808080,
0x82818080, 0x82828282, 0x80818182, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x8281808080808080, 0x8081818282828282, 0x0, 0x0},
v2_int128 = {0x80818182828282828281808080808080, 0x00000000000000000000000000000000}}
ymm1 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x80, 0x80, 0x80,
0x80, 0x80, 0x80, 0x81, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x81, 0x81, 0x80, 0x0 <repeats 16 times>}, v16_int16 = {0x8080,
---Type <return> to continue, or q <return> to quit---
0x8080, 0x8080, 0x8281, 0x8282, 0x8282, 0x8182, 0x8081, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x80808080,
0x82818080, 0x82828282, 0x80818182, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x8281808080808080, 0x8081818282828282, 0x0, 0x0},
v2_int128 = {0x80818182828282828281808080808080, 0x00000000000000000000000000000000}}
ymm2 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x80, 0x80, 0x80,
0x80, 0x80, 0x80, 0x81, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x81, 0x81, 0x80, 0x0 <repeats 16 times>}, v16_int16 = {0x8080,
0x8080, 0x8080, 0x8281, 0x8282, 0x8282, 0x8182, 0x8081, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x80808080,
0x82818080, 0x82828282, 0x80818182, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x8281808080808080, 0x8081818282828282, 0x0, 0x0},
v2_int128 = {0x80818182828282828281808080808080, 0x00000000000000000000000000000000}}
ymm3 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x80, 0x80, 0x80,
0x80, 0x80, 0x80, 0x81, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x81, 0x81, 0x80, 0x0 <repeats 16 times>}, v16_int16 = {0x8080,
0x8080, 0x8080, 0x8281, 0x8282, 0x8282, 0x8182, 0x8081, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x80808080,
0x82818080, 0x82828282, 0x80818182, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x8281808080808080, 0x8081818282828282, 0x0, 0x0},
---Type <return> to continue, or q <return> to quit---
v2_int128 = {0x80818182828282828281808080808080, 0x00000000000000000000000000000000}}
ymm4 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x8, 0x1, 0x9,
0x2, 0xa, 0x3, 0xb, 0x4, 0xc, 0x5, 0xd, 0x6, 0xe, 0x7, 0xf, 0x0 <repeats 16 times>}, v16_int16 = {0x800, 0x901, 0xa02, 0xb03,
0xc04, 0xd05, 0xe06, 0xf07, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x9010800, 0xb030a02, 0xd050c04, 0xf070e06, 0x0,
0x0, 0x0, 0x0}, v4_int64 = {0xb030a0209010800, 0xf070e060d050c04, 0x0, 0x0}, v2_int128 = {0x0f070e060d050c040b030a0209010800,
0x00000000000000000000000000000000}}
ymm5 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x1 <repeats 16 times>, 0x0 <repeats 16 times>}, v16_int16 = {0x101, 0x101, 0x101, 0x101, 0x101, 0x101, 0x101, 0x101, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x1010101, 0x1010101, 0x1010101, 0x1010101, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
0x101010101010101, 0x101010101010101, 0x0, 0x0}, v2_int128 = {0x01010101010101010101010101010101,
0x00000000000000000000000000000000}}
ymm6 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 0x0, 0x0, 0x0}, v32_int8 = {
---Type <return> to continue, or q <return> to quit---
0x22, 0xee, 0xe9, 0xbb, 0xef, 0x7d, 0xaf, 0x7b, 0x1, 0xb5, 0x89, 0x22, 0x42, 0x40, 0x7c, 0x86, 0x0 <repeats 16 times>},
v16_int16 = {0xee22, 0xbbe9, 0x7def, 0x7baf, 0xb501, 0x2289, 0x4042, 0x867c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {
0xbbe9ee22, 0x7baf7def, 0x2289b501, 0x867c4042, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x7baf7defbbe9ee22, 0x867c40422289b501, 0x0,
0x0}, v2_int128 = {0x867c40422289b5017baf7defbbe9ee22, 0x00000000000000000000000000000000}}
ymm7 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm8 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0},
v32_int8 = {0x0, 0xff <repeats 15 times>, 0x0 <repeats 16 times>}, v16_int16 = {0xff00, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xffffff00, 0xffffffff, 0xffffffff, 0xffffffff, 0x0, 0x0,
0x0, 0x0}, v4_int64 = {0xffffffffffffff00, 0xffffffffffffffff, 0x0, 0x0}, v2_int128 = {0xffffffffffffffffffffffffffffff00,
0x00000000000000000000000000000000}}
---Type <return> to continue, or q <return> to quit---
ymm9 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0},
v32_int8 = {0xff <repeats 16 times>, 0x0 <repeats 16 times>}, v16_int16 = {0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0}, v2_int128 = {0xffffffffffffffffffffffffffffffff,
0x00000000000000000000000000000000}}
ymm10 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0},
v32_int8 = {0xff <repeats 16 times>, 0x0 <repeats 16 times>}, v16_int16 = {0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0}, v2_int128 = {0xffffffffffffffffffffffffffffffff,
0x00000000000000000000000000000000}}
ymm11 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0},
v32_int8 = {0xff <repeats 16 times>, 0x0 <repeats 16 times>}, v16_int16 = {0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
---Type <return> to continue, or q <return> to quit---
0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0}, v2_int128 = {0xffffffffffffffffffffffffffffffff,
0x00000000000000000000000000000000}}
ymm12 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm13 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x81, 0x81, 0x81,
0x81, 0x81, 0x81, 0x82, 0x82, 0x83, 0x84, 0x85, 0x85, 0x85, 0x84, 0x84, 0x83, 0x0 <repeats 16 times>}, v16_int16 = {0x8181,
0x8181, 0x8181, 0x8282, 0x8483, 0x8585, 0x8485, 0x8384, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x81818181,
0x82828181, 0x85858483, 0x83848485, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x8282818181818181, 0x8384848585858483, 0x0, 0x0},
v2_int128 = {0x83848485858584838282818181818181, 0x00000000000000000000000000000000}}
ymm14 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x84, 0x84, 0x83,
---Type <return> to continue, or q <return> to quit---
0x82, 0x81, 0x80 <repeats 11 times>, 0x0 <repeats 16 times>}, v16_int16 = {0x8484, 0x8283, 0x8081, 0x8080, 0x8080, 0x8080, 0x8080,
0x8080, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x82838484, 0x80808081, 0x80808080, 0x80808080, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0x8080808182838484, 0x8080808080808080, 0x0, 0x0}, v2_int128 = {0x80808080808080808080808182838484,
0x00000000000000000000000000000000}}
ymm15 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x80 <repeats 16 times>, 0x0 <repeats 16 times>}, v16_int16 = {0x8080, 0x8080, 0x8080, 0x8080, 0x8080, 0x8080, 0x8080, 0x8080,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x80808080, 0x80808080, 0x80808080, 0x80808080, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0x8080808080808080, 0x8080808080808080, 0x0, 0x0}, v2_int128 = {0x80808080808080808080808080808080,
0x00000000000000000000000000000000}}
comment:2 by , 9 years ago
Component: | undetermined → avcodec |
---|---|
Keywords: | msmpeg4 deadlock added; fffuzz removed |
Priority: | normal → important |
Resolution: | → worksforme |
Status: | new → closed |
Type: | sponsoring request → defect |
Version: | unspecified → git-master |
I don't think there is an issue: Decoding can take an arbitrary amount of time for arbitrary resolutions.
follow-up: 4 comment:3 by , 9 years ago
I know that decoding can take arbitrary amount of time but there was a signal 15 interupt when I ran the zzuf on this file with the same seed
comment:4 by , 9 years ago
Replying to neerajsinghi:
I know that decoding can take arbitrary amount of time but
there was a signal 15 interupt when I ran the zzuf on this file with the same seed
You wrote above that you forcefully terminated the FFmpeg process.
If there is a crash for the attached file, please provide backtrace, disassembly and register dump as explained on https://ffmpeg.org/bugreports.html
follow-up: 7 comment:5 by , 9 years ago
Actually it crashed during the zzuf test with signal 15 so i was not able to get the backtrack information but when i tried rerunning it with same seed in the gdb it was not terminating i waited for around 8-10 hours for it to terminate at the end i forcefully terminated it using Ctrl+C then i ran bt for getting the backtrack info
and i got
(gdb) bt
#0 0x00007ffff63aa344 in ?? () from /usr/local/lib/libavcodec.so.57
#1 0x00007ffff642b489 in ?? () from /usr/local/lib/libavcodec.so.57
#2 0x00007ffff69045a6 in avcodec_decode_video2 ()
from /usr/local/lib/libavcodec.so.57
#3 0x00000000004025e6 in decode_packet (dec_ctx=0x615e20, dst_file=0x61cc50,
frame=<optimized out>, got_frame=0x7fffffffdd2c,
frame_count=0x7fffffffdd28, pkt=0x7fffffffdcd0) at main.c:55
#4 0x0000000000402199 in main (argc=<optimized out>, argv=<optimized out>)
at main.c:342
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x7ffff63aa324 to 0x7ffff63aa364:
0x00007ffff63aa324: and $0x28,%al
0x00007ffff63aa326: mov 0x42c(%rbp),%edx
0x00007ffff63aa32c: movq $0x0,0x170(%rsp)
0x00007ffff63aa338: movq $0x0,0x178(%rsp)
=> 0x00007ffff63aa344: rep stos %rax,%es:(%rdi)
0x00007ffff63aa347: mov 0x11c(%rsp),%eax
0x00007ffff63aa34e: mov 0x58(%rsp),%ecx
0x00007ffff63aa352: movq $0x0,0x180(%rsp)
0x00007ffff63aa35e: movq $0x0,0x188(%rsp)
End of assembler dump.
(gdb) info all-registers
rax 0x0 0
rbx 0x1720140 24248640
rcx 0x2 2
rdx 0x17 23
rsi 0xf 15
rdi 0x7fffffffd8b0 140737488345264
rbp 0x627f90 0x627f90
rsp 0x7fffffffd6f0 0x7fffffffd6f0
r8 0x16 22
r9 0x0 0
r10 0x6267b8 6449080
r11 0x626e40 6450752
---Type <return> to continue, or q <return> to quit---
r12 0x52bb 21179
r13 0xd 13
r14 0x7fffffffd880 140737488345216
r15 0x628ae0 6458080
rip 0x7ffff63aa344 0x7ffff63aa344
eflags 0x10246 [ PF ZF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
---Type <return> to continue, or q <return> to quit---
st0 -nan(0x74787d81868a8c8c) (raw 0xffff74787d81868a8c8c)
st1 -nan(0x74787d81868a8c8c) (raw 0xffff74787d81868a8c8c)
st2 -nan(0x74787d81868a8c8c) (raw 0xffff74787d81868a8c8c)
st3 -nan(0x74787d81868a8c8c) (raw 0xffff74787d81868a8c8c)
st4 -nan(0x703060205010400) (raw 0xffff0703060205010400)
st5 -nan(0x101010101010101) (raw 0xffff0101010101010101)
st6 -nan(0x1000100010001) (raw 0xffff0001000100010001)
st7 -nan(0x3000300030003) (raw 0xffff0003000300030003)
fctrl 0x37f 895
fstat 0x0 0
ftag 0xaaaa 43690
fiseg 0x0 0
---Type <return> to continue, or q <return> to quit---
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ]
ymm0 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x80, 0x80, 0x80,
0x80, 0x80, 0x80, 0x81, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x81, 0x81, 0x80, 0x0 <repeats 16 times>}, v16_int16 = {0x8080,
0x8080, 0x8080, 0x8281, 0x8282, 0x8282, 0x8182, 0x8081, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x80808080,
0x82818080, 0x82828282, 0x80818182, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x8281808080808080, 0x8081818282828282, 0x0, 0x0},
v2_int128 = {0x80818182828282828281808080808080, 0x00000000000000000000000000000000}}
ymm1 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x80, 0x80, 0x80,
0x80, 0x80, 0x80, 0x81, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x81, 0x81, 0x80, 0x0 <repeats 16 times>}, v16_int16 = {0x8080,
---Type <return> to continue, or q <return> to quit---
0x8080, 0x8080, 0x8281, 0x8282, 0x8282, 0x8182, 0x8081, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x80808080,
0x82818080, 0x82828282, 0x80818182, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x8281808080808080, 0x8081818282828282, 0x0, 0x0},
v2_int128 = {0x80818182828282828281808080808080, 0x00000000000000000000000000000000}}
ymm2 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x80, 0x80, 0x80,
0x80, 0x80, 0x80, 0x81, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x81, 0x81, 0x80, 0x0 <repeats 16 times>}, v16_int16 = {0x8080,
0x8080, 0x8080, 0x8281, 0x8282, 0x8282, 0x8182, 0x8081, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x80808080,
0x82818080, 0x82828282, 0x80818182, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x8281808080808080, 0x8081818282828282, 0x0, 0x0},
v2_int128 = {0x80818182828282828281808080808080, 0x00000000000000000000000000000000}}
ymm3 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x80, 0x80, 0x80,
0x80, 0x80, 0x80, 0x81, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x81, 0x81, 0x80, 0x0 <repeats 16 times>}, v16_int16 = {0x8080,
0x8080, 0x8080, 0x8281, 0x8282, 0x8282, 0x8182, 0x8081, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x80808080,
0x82818080, 0x82828282, 0x80818182, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x8281808080808080, 0x8081818282828282, 0x0, 0x0},
---Type <return> to continue, or q <return> to quit---
v2_int128 = {0x80818182828282828281808080808080, 0x00000000000000000000000000000000}}
ymm4 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x8, 0x1, 0x9,
0x2, 0xa, 0x3, 0xb, 0x4, 0xc, 0x5, 0xd, 0x6, 0xe, 0x7, 0xf, 0x0 <repeats 16 times>}, v16_int16 = {0x800, 0x901, 0xa02, 0xb03,
0xc04, 0xd05, 0xe06, 0xf07, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x9010800, 0xb030a02, 0xd050c04, 0xf070e06, 0x0,
0x0, 0x0, 0x0}, v4_int64 = {0xb030a0209010800, 0xf070e060d050c04, 0x0, 0x0}, v2_int128 = {0x0f070e060d050c040b030a0209010800,
0x00000000000000000000000000000000}}
ymm5 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x1 <repeats 16 times>, 0x0 <repeats 16 times>}, v16_int16 = {0x101, 0x101, 0x101, 0x101, 0x101, 0x101, 0x101, 0x101, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x1010101, 0x1010101, 0x1010101, 0x1010101, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
0x101010101010101, 0x101010101010101, 0x0, 0x0}, v2_int128 = {0x01010101010101010101010101010101,
0x00000000000000000000000000000000}}
ymm6 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 0x0, 0x0, 0x0}, v32_int8 = {
---Type <return> to continue, or q <return> to quit---
0x22, 0xee, 0xe9, 0xbb, 0xef, 0x7d, 0xaf, 0x7b, 0x1, 0xb5, 0x89, 0x22, 0x42, 0x40, 0x7c, 0x86, 0x0 <repeats 16 times>},
v16_int16 = {0xee22, 0xbbe9, 0x7def, 0x7baf, 0xb501, 0x2289, 0x4042, 0x867c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {
0xbbe9ee22, 0x7baf7def, 0x2289b501, 0x867c4042, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x7baf7defbbe9ee22, 0x867c40422289b501, 0x0,
0x0}, v2_int128 = {0x867c40422289b5017baf7defbbe9ee22, 0x00000000000000000000000000000000}}
ymm7 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm8 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0},
v32_int8 = {0x0, 0xff <repeats 15 times>, 0x0 <repeats 16 times>}, v16_int16 = {0xff00, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xffffff00, 0xffffffff, 0xffffffff, 0xffffffff, 0x0, 0x0,
0x0, 0x0}, v4_int64 = {0xffffffffffffff00, 0xffffffffffffffff, 0x0, 0x0}, v2_int128 = {0xffffffffffffffffffffffffffffff00,
0x00000000000000000000000000000000}}
---Type <return> to continue, or q <return> to quit---
ymm9 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0},
v32_int8 = {0xff <repeats 16 times>, 0x0 <repeats 16 times>}, v16_int16 = {0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0}, v2_int128 = {0xffffffffffffffffffffffffffffffff,
0x00000000000000000000000000000000}}
ymm10 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0},
v32_int8 = {0xff <repeats 16 times>, 0x0 <repeats 16 times>}, v16_int16 = {0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0}, v2_int128 = {0xffffffffffffffffffffffffffffffff,
0x00000000000000000000000000000000}}
ymm11 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x8000000000000000, 0x8000000000000000, 0x0, 0x0},
v32_int8 = {0xff <repeats 16 times>, 0x0 <repeats 16 times>}, v16_int16 = {0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
---Type <return> to continue, or q <return> to quit---
0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0}, v2_int128 = {0xffffffffffffffffffffffffffffffff,
0x00000000000000000000000000000000}}
ymm12 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {
0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x00000000000000000000000000000000, 0x00000000000000000000000000000000}}
ymm13 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x81, 0x81, 0x81,
0x81, 0x81, 0x81, 0x82, 0x82, 0x83, 0x84, 0x85, 0x85, 0x85, 0x84, 0x84, 0x83, 0x0 <repeats 16 times>}, v16_int16 = {0x8181,
0x8181, 0x8181, 0x8282, 0x8483, 0x8585, 0x8485, 0x8384, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x81818181,
0x82828181, 0x85858483, 0x83848485, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x8282818181818181, 0x8384848585858483, 0x0, 0x0},
v2_int128 = {0x83848485858584838282818181818181, 0x00000000000000000000000000000000}}
ymm14 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x84, 0x84, 0x83,
---Type <return> to continue, or q <return> to quit---
0x82, 0x81, 0x80 <repeats 11 times>, 0x0 <repeats 16 times>}, v16_int16 = {0x8484, 0x8283, 0x8081, 0x8080, 0x8080, 0x8080, 0x8080,
0x8080, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x82838484, 0x80808081, 0x80808080, 0x80808080, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0x8080808182838484, 0x8080808080808080, 0x0, 0x0}, v2_int128 = {0x80808080808080808080808182838484,
0x00000000000000000000000000000000}}
ymm15 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {
0x80 <repeats 16 times>, 0x0 <repeats 16 times>}, v16_int16 = {0x8080, 0x8080, 0x8080, 0x8080, 0x8080, 0x8080, 0x8080, 0x8080,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x80808080, 0x80808080, 0x80808080, 0x80808080, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0x8080808080808080, 0x8080808080808080, 0x0, 0x0}, v2_int128 = {0x80808080808080808080808080808080,
0x00000000000000000000000000000000}}
This was the output i got after using bt and the commands in the https://ffmpeg.org/bugreports.html page
comment:6 by , 9 years ago
After some time i tried again with the same file but it was still not completing execution
comment:7 by , 9 years ago
Replying to neerajsinghi:
Actually it crashed during the zzuf test with signal 15 so i was not able to get the backtrack information but when i tried rerunning it with same seed in the gdb it was not terminating i waited for around 8-10 hours for it to terminate at the end i forcefully terminated it using Ctrl+C then i ran bt for getting the backtrack info
Which unfortunately is useless because it does not show the relevant information from the crash.
comment:8 by , 9 years ago
I am trying to reproduce this crash again if i find it i will report it on this thread
These are the main file and fuzzed file for which i got an endless loop