Kernel panic when playing youtube on daisy/canary
Reported by
dubscr...@gmail.com,
Jun 27 2016
|
||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; CrOS armv7l 8481.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2773.0 Safari/537.36 Platform: 8481.0.0 (Official Build) dev-channel daisy Steps to reproduce the problem: 1. Was streaming live video via youtube: https://www.youtube.com/watch?v=y60wDzZt8yg 2. In another tab waited for the following page to render: http://www.bloomberg.com/quote/GBPUSD:CUR Those two together for whatever reason killed the computer. What is the expected behavior? The page should have loaded. What went wrong? The chromebook instantly powered off and restarted. Did this work before? N/A Chrome version: 53.0.2773.0 Channel: n/a OS Version: 8481.0.0 Flash Version: n/a On reboot, pstore included: [ 121.598430] s5p_mfc_handle_irq_error:214: Invalid header error in unexpected state [ 121.598438] s5p_mfc_fatal_error:114: Got a fatal error, will clean up context if present. [ 121.598570] vidioc_dqbuf:1144: Call on DQBUF after unrecoverable error [ 121.628420] s5p_mfc_wait_for_done_ctx:66: Waiting for ctx ecf80000 ended with error [ 121.628451] s5p_mfc_wait_for_done_ctx:66: Waiting for ctx ecf80000 ended with error [ 121.755747] s5p_mfc_wait_for_done_ctx:66: Waiting for ctx ecf80000 ended with error [ 121.755760] s5p_mfc_release_mfc_inst:279: Err returning instance [ 121.761226] s5p-mfc 11000000.codec: System MMU 'mfc_r' Generated FAULT! [ 121.761226] [ 121.761243] PAGE FAULT occurred at 0x22a01bc0(Page table base: 0x6e8f8000) [ 121.761251] Lv1 entry: 0x0 [ 121.761257] Generating Kernel OOPS... because it is unrecoverable. [ 121.761265] NO SYSTEM MMU FAULT HANDLER REGISTERED FOR 11000000.codec [ 121.761287] ------------[ cut here ]------------ [ 121.761295] kernel BUG at /mnt/host/source/src/third_party/kernel/v3.8/drivers/iommu/exynos-iommu.c:690! [ 121.761303] Internal error: Oops - BUG: 0 [#1] SMP ARM [ 121.761312] Modules linked in: uinput rfcomm i2c_dev sbs_battery isl29018(C) btmrvl_sdio btmrvl bluetooth rtc_s3c z ram(C) fuse zsmalloc(C) nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables mwifiex_sdio mwifiex cfg80211 uvcv ideo videobuf2_vmalloc joydev snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device ppp_async ppp_generic slhc tun [ 121.761476] CPU: 0 Tainted: G C (3.8.11 #1) [ 121.761490] PC is at exynos_sysmmu_irq+0x1b0/0x214 [ 121.761501] LR is at console_unlock+0x32c/0x370 [ 121.761512] pc : [<c0509df0>] lr : [<c0124a7c>] psr: 60000193 [ 121.761512] sp : e95fde80 ip : e95fdd90 fp : e95fdeac [ 121.761521] r10: a721ab88 r9 : 00000000 r8 : 00000000 [ 121.761528] r7 : 00000000 r6 : ef2f5f18 r5 : 00000000 r4 : ef37c0d8 [ 121.761535] r3 : 271ae517 r2 : 271ae517 r1 : 011ed000 r0 : 00000039 [ 121.761543] Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user [ 121.761551] Control: 10c5387d Table: 6cee406a DAC: 00000015 [ 121.761559] Process V4L2DecoderThre (pid: 8773, stack limit = 0xe95fc240) also... [ 121.761686] Backtrace: [ 121.761706] [<c0509df0>] (exynos_sysmmu_irq+0x1b0/0x214) from [<c0188fc0>] (handle_irq_event_percpu+0x50/0x214) [ 121.761721] [<c0188fc0>] (handle_irq_event_percpu+0x50/0x214) from [<c01891d0>] (handle_irq_event+0x4c/0x6c) [ 121.761736] [<c01891d0>] (handle_irq_event+0x4c/0x6c) from [<c018c428>] (handle_level_irq+0xf4/0x12c) [ 121.761749] [<c018c428>] (handle_level_irq+0xf4/0x12c) from [<c0188874>] (generic_handle_irq+0x30/0x40) [ 121.761763] [<c0188874>] (generic_handle_irq+0x30/0x40) from [<c0119f00>] (combiner_handle_cascade_irq+0xec/0x108) [ 121.761777] [<c0119f00>] (combiner_handle_cascade_irq+0xec/0x108) from [<c0188874>] (generic_handle_irq+0x30/0x40) [ 121.761790] [<c0188874>] (generic_handle_irq+0x30/0x40) from [<c01069a8>] (handle_IRQ+0x7c/0xa4) [ 121.761803] [<c01069a8>] (handle_IRQ+0x7c/0xa4) from [<c01003f0>] (gic_handle_irq+0x48/0x6c) [ 121.761815] [<c01003f0>] (gic_handle_irq+0x48/0x6c) from [<c0105d40>] (__irq_usr+0x40/0x60) and [ 121.763091] Kernel panic - not syncing: Fatal exception in interrupt [ 121.763106] CPU1: stopping [ 121.763116] Backtrace: [ 121.763136] [<c010d138>] (unwind_backtrace+0x0/0x110) from [<c0635c8c>] (dump_stack+0x28/0x30) [ 121.763149] [<c0635c8c>] (dump_stack+0x28/0x30) from [<c010bb2c>] (handle_IPI+0xdc/0x158) [ 121.763161] [<c010bb2c>] (handle_IPI+0xdc/0x158) from [<c010040c>] (gic_handle_irq+0x64/0x6c) [ 121.763172] [<c010040c>] (gic_handle_irq+0x64/0x6c) from [<c0105d40>] (__irq_usr+0x40/0x60) [ 121.763180] Exception stack(0xecfc7fb0 to 0xecfc7ff8) [ 121.763188] 7fa0: 000006bc 00000000 00000000 b72a8ca8 [ 121.763196] 7fc0: b7296a04 000006bc 048309b8 bed16980 048309b6 00000000 b264aeb0 bae6e620 [ 121.763203] 7fe0: b31486f5 bed16938 b2df3423 b2ab3fa6 200f0030 ffffffff [ 121.763219] CPU0 PC: <c011c7b8> exynos5_panic_notify+0x64/0xbc Hoping that's enough and I didn't cut out the good bits. Trying to be terse here. Cheers!
,
Jun 28 2016
Reproduced on 53.0.2773.0/8493.0.0(crash id https://crash.corp.google.com/browse?stbtiq=173a449600000000#0) Reproduced on 53.0.2773.0/8508.0.0 (crash id https://crash.corp.google.com/browse?stbtiq=4673532600000000)
,
Jun 28 2016
Issue not reproduced on 53.0.2773.0/8493.0.0 on pi device. Also it is not reproduced on 52.0.2743.49/8350.38.0 on daisy.
,
Jun 28 2016
,
Jun 28 2016
,
Jun 28 2016
Henry. PTAL.
,
Jun 28 2016
henryhsu@ Please confirm you are the right owner or re-assign as necessary. This bug is currently a dev release blocker.
,
Jun 29 2016
Seems like this issue only happened on daisy. Reproduced on 8481.0.0 Reproduced on 8350.42.0 Reproduced on 8350.38.0 This issue exists for a long time. I have to check more versions.
,
Jun 29 2016
Reproduced on 52-8178.0.0 Reproduced on 51-7983.0.0 Reproduced on 50-7856.0.0 Reproduced on 48-7647.73.0 Reproduced on 48-7527.0.0 Reassign to Tomasz.
,
Jun 29 2016
[ 164.247653] s5p_mfc_handle_irq_error:204: Interrupt Error: 00000066 [ 164.247667] s5p_mfc_handle_irq_error:214: Invalid header error in unexpected state: 103 103 is MFCINST_RUNNING
,
Jun 29 2016
We have also reproduced this issue on R52, Removing regression and blocker labels.
,
Jul 2 2016
Moving this nonessential bug to the next milestone. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 12 2016
,
Jul 13 2016
Can someone give some testing to the following CL that should be fixing the problem of IOMMU faults on context error? https://chromium-review.googlesource.com/360005
,
Jul 13 2016
,
Jul 13 2016
I can help test it
,
Jul 14 2016
I tested daisy on 8581.0.0 with #14 patch. This issue has been fixed.
,
Jul 14 2016
I tested it on 8481.0.0 with tot kernel. Here is the dmesg log. Reproduced this issue without kernel panic. So #14 patch fixed it. [ 32.534749] Unhandled prefetch abort: breakpoint debug exception (0x002) at 0x00000000 [ 32.534771] Unhandled prefetch abort: breakpoint debug exception (0x002) at 0x00000000 [ 49.739328] s5p_mfc_handle_irq_error:204: Interrupt Error: 00000066 [ 49.739342] s5p_mfc_handle_irq_error:214: Invalid header error in unexpected state: 103 [ 49.739351] s5p_mfc_fatal_error:114: Got a fatal error, will clean up context if present. [ 49.742018] vidioc_qbuf:1124: Call on QBUF after unrecoverable error [ 49.747811] s5p_mfc_wait_for_done_ctx:66: Waiting for ctx eebd4000 ended with error [ 49.747852] s5p_mfc_wait_for_done_ctx:66: Waiting for ctx eebd4000 ended with error
,
Jul 15 2016
If I bypass "if(inst_release) return" in s5p_mfc_ctrl.c, the log is the same as #18.
,
Jul 19 2016
Pawel will review Tomasz's patch.
,
Jul 19 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/5e089f30f6a4e74847d63bf51cd474637e37f4f2 commit 5e089f30f6a4e74847d63bf51cd474637e37f4f2 Author: Tomasz Figa <tfiga@chromium.org> Date: Wed Jul 13 06:57:11 2016 CHROMIUM: [media] s5p-mfc: Make sure instance resources are released Instance resources have to be released even on instance error before the driver will free them. So we need to make sure that respective code makes sure the resources are released even if it means resetting the whole hardware and signalling errors to other instances. BUG= chromium:398243 BUG= chromium:623470 TEST=Instance crash does not cause IOMMU faults TEST=Failing to release an instance triggers resetting the MFC Change-Id: Ib03db06ba3b223fc5f367d1049137c0daa0a98ba Signed-off-by: Tomasz Figa <tfiga@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/360005 Reviewed-by: Pawel Osciak <posciak@chromium.org> [modify] https://crrev.com/5e089f30f6a4e74847d63bf51cd474637e37f4f2/drivers/media/platform/s5p-mfc/s5p_mfc_ctrl.c [modify] https://crrev.com/5e089f30f6a4e74847d63bf51cd474637e37f4f2/drivers/media/platform/s5p-mfc/s5p_mfc_dec.c [modify] https://crrev.com/5e089f30f6a4e74847d63bf51cd474637e37f4f2/drivers/media/platform/s5p-mfc/s5p_mfc_enc.c
,
Jul 19 2016
Note that the CL above fixes only the kernel crash in case of error handling. We still need to investigate why the error is happening. I'm guessing that enabling MFC and V4L2 debugging messages and reproducing the instance error would give much more information.
,
Jul 26 2016
I filed 631301 for the error. The crash was fixed. I'm closing this.
,
Sep 21 2016
Verified on build 8743.35.0 |
||||||||||||||||||
►
Sign in to add a comment |
||||||||||||||||||
Comment 1 by rohi...@chromium.org
, Jun 27 2016Components: OS>Kernel>Video