New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 635609 link

Starred by 1 user
Status: Fixed
Owner:
marc...@chromium.org
Last visit > 30 days ago
Closed: Feb 2017
Cc:
dvyukov@chromium.org
bleung@chromium.org
vinc...@nvidia.com
smbar...@chromium.org
adudani@chromium.org
marc...@chromium.org
tfiga@chromium.org
jlarimer@google.com
seanpaul@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 3
Type: Bug



Sign in to add a comment

sleeping function called from invalid context in nouveau_bo_vma_find() on Pixel C

Project Member Reported by glider@chromium.org, Aug 8 2016 
The following bug has been reported while fuzzing the Ryu kernel with syzkaller:

BUG: sleeping function called from invalid context at /mnt/host/source/src/third_party/kernel/v3.18/kernel/locking/mutex.c:615
in_atomic(): 0, irqs_disabled(): 0, pid: 197, name: nouveau_pushbuf
INFO: lockdep is turned off.
Preemption disabled at:[<ffffffc000275d6c>] __might_sleep+0x284/0x2e0 kernel/sched/core.c:7431
CPU: 2 PID: 197 Comm: nouveau_pushbuf Tainted: G     U         3.18.0 #80
Hardware name: Google Tegra210 Smaug Rev 1,3+ (DT)
Call trace:
[<ffffffc00020b064>] dump_backtrace+0x0/0x17c arch/arm64/kernel/traps.c:91
[<ffffffc00020b1f8>] show_stack+0x18/0x24 arch/arm64/kernel/traps.c:173
[<     inline     >] __dump_stack lib/dump_stack.c:15
[<ffffffc0011853b0>] dump_stack+0x94/0x100 lib/dump_stack.c:50
[<ffffffc000275db0>] __might_sleep+0x2c8/0x2e0 kernel/sched/core.c:7433
[<ffffffc00118c1d0>] mutex_lock_nested+0x3c/0x4b8 kernel/locking/mutex.c:614
[<ffffffc0008fe924>] nouveau_bo_vma_find+0x2c/0xc8 drivers/gpu/drm/nouveau/nouveau_bo.c:1726
[<ffffffc0009200b4>] nv50_dma_push_bo+0x70/0xec drivers/gpu/drm/nouveau/nouveau_dma.c:89
[<     inline     >] FIRE_RING drivers/gpu/drm/nouveau/nouveau_dma.h:156
[<ffffffc000925d68>] nvc0_fence_sync32+0x1a8/0x2b4 drivers/gpu/drm/nouveau/nvc0_fence.c:58
[<ffffffc00092478c>] nv84_fence_sync+0xa0/0xb4 drivers/gpu/drm/nouveau/nv84_fence.c:100
[<ffffffc000922aa4>] nouveau_fence_sync+0x20c/0x2bc drivers/gpu/drm/nouveau/nouveau_fence.c:485
[<ffffffc000903300>] nouveau_gem_pushbuf_queue_kthread_fn+0x49c/0x89c drivers/gpu/drm/nouveau/nouveau_gem.c:1243
[<ffffffc00025e230>] kthread+0x13c/0x158 kernel/kthread.c:207
BUG: sleeping function called from invalid context at /mnt/host/source/src/third_party/kernel/v3.18/kernel/locking/mutex.c:615
in_atomic(): 0, irqs_disabled(): 0, pid: 197, name: nouveau_pushbuf
INFO: lockdep is turned off.
Preemption disabled at:[<ffffffc000275d6c>] __might_sleep+0x284/0x2e0 kernel/sched/core.c:7431
CPU: 3 PID: 197 Comm: nouveau_pushbuf Tainted: G     U         3.18.0 #80
Hardware name: Google Tegra210 Smaug Rev 1,3+ (DT)
Call trace:
[<ffffffc00020b064>] dump_backtrace+0x0/0x17c arch/arm64/kernel/traps.c:91
[<ffffffc00020b1f8>] show_stack+0x18/0x24 arch/arm64/kernel/traps.c:173
[<     inline     >] __dump_stack lib/dump_stack.c:15
[<ffffffc0011853b0>] dump_stack+0x94/0x100 lib/dump_stack.c:50
[<ffffffc000275db0>] __might_sleep+0x2c8/0x2e0 kernel/sched/core.c:7433
[<ffffffc00118c1d0>] mutex_lock_nested+0x3c/0x4b8 kernel/locking/mutex.c:614
[<ffffffc0008fe924>] nouveau_bo_vma_find+0x2c/0xc8 drivers/gpu/drm/nouveau/nouveau_bo.c:1726
[<ffffffc0009200b4>] nv50_dma_push_bo+0x70/0xec drivers/gpu/drm/nouveau/nouveau_dma.c:89
[<     inline     >] FIRE_RING drivers/gpu/drm/nouveau/nouveau_dma.h:156
[<ffffffc000925d68>] nvc0_fence_sync32+0x1a8/0x2b4 drivers/gpu/drm/nouveau/nvc0_fence.c:58
[<ffffffc00092478c>] nv84_fence_sync+0xa0/0xb4 drivers/gpu/drm/nouveau/nv84_fence.c:100
[<ffffffc000922aa4>] nouveau_fence_sync+0x20c/0x2bc drivers/gpu/drm/nouveau/nouveau_fence.c:485
[<ffffffc000903300>] nouveau_gem_pushbuf_queue_kthread_fn+0x49c/0x89c drivers/gpu/drm/nouveau/nouveau_gem.c:1243
[<ffffffc00025e230>] kthread+0x13c/0x158 kernel/kthread.c:207

Comment 1 by glider@chromium.org, Aug 10 2016

Owner: marc...@chromium.org
Status: Assigned (was: Untriaged)
Stéphane, can you please help to find an owner for this bug?
It's perfectly reproducible if you build with CONFIG_DEBUG_LOCK_ALLOC. The report is printed to the console every time you turn the screen on and off using the power button.

Comment 2 by glider@chromium.org, Aug 30 2016

Cc: bleung@chromium.org

Comment 3 by bleung@chromium.org, Aug 30 2016

Cc: seanpaul@chromium.org

Comment 4 by glider@chromium.org, Aug 31 2016

Cc: vinc...@nvidia.com adudani@chromium.org smbar...@chromium.org
Throwing in more people who looked at https://chromium-review.googlesource.com/#/c/355162/

Comment 5 by vinc...@nvidia.com, Sep 1 2016 

Previously I proposed a solution for this, but it's not merged yet.

https://chromium-review.googlesource.com/#/c/356610/

Comment 6 by glider@chromium.org, Sep 1 2016 

That solution works for me.
Project Member

Comment 7 by bugdroid1@chromium.org, Sep 22 2016

Labels: merge-merged-chromeos-3.18
The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/30312996920b1fdfc5b1e137aaa54720d304cbab

commit 30312996920b1fdfc5b1e137aaa54720d304cbab
Author: Vince Hsu <vince.h@nvidia.com>
Date: Tue Jun 28 07:04:51 2016

CHROMIUM: drm/nouveau/bo: fix warning while enabling lock debugging

We hit the warning below when the lock debugging is enabled. The
nouveau_fence_sync holds the RCU read lock and then calls into mutex_lock.
To get rid of this warning, we don't hold the vma_list lock if that's not
necessary.

BUG: sleeping function called from invalid context at kernel/locking/mutex.c:97
in_atomic(): 0, irqs_disabled(): 0, pid: 7064, name: nouveau_pushbuf
Preemption disabled at:[<ffffffc000a962a8>] printk+0x6c/0x78
CPU: 3 PID: 7064 Comm: nouveau_pushbuf Tainted: G     U         3.18.0-00019-gf7ed90de5956 #421
Hardware name: Google Tegra210 Smaug Rev 1,3+ (DT)
Call trace:
[<ffffffc0002073f8>] dump_backtrace+0x0/0x10c
[<ffffffc000207514>] show_stack+0x10/0x1c
[<ffffffc000a96f9c>] dump_stack+0x74/0xb8
[<ffffffc0002449ac>] __might_sleep+0x158/0x168
[<ffffffc000a9cc18>] mutex_lock+0x20/0x48
[<ffffffc0005f1f1c>] nouveau_bo_vma_find+0x24/0x80
[<ffffffc000603c6c>] nv50_dma_push_bo+0x3c/0xa0
[<ffffffc000606afc>] nvc0_fence_sync32+0xec/0x158
[<ffffffc000605f88>] nv84_fence_sync+0x40/0x4c
[<ffffffc000604f64>] nouveau_fence_sync+0xc8/0xfc
[<ffffffc0005f4644>] nouveau_gem_pushbuf_queue_kthread_fn+0x2b0/0x554
[<ffffffc000237790>] kthread+0xdc/0xe8

BUG=chrome-os-partner:54432, chromium:635609 
TEST=Boot to UI

Change-Id: I65b693d0f115808486d744aa06bf7df1358cf737
Signed-off-by: Vince Hsu <vince.h@nvidia.com>
Reviewed-on: https://chromium-review.googlesource.com/356610
Commit-Ready: Alexander Potapenko <glider@chromium.org>
Reviewed-by: Tomasz Figa <tfiga@chromium.org>
Reviewed-by: Alexander Potapenko <glider@chromium.org>

[modify] https://crrev.com/30312996920b1fdfc5b1e137aaa54720d304cbab/drivers/gpu/drm/nouveau/nv50_fence.c
[modify] https://crrev.com/30312996920b1fdfc5b1e137aaa54720d304cbab/drivers/gpu/drm/nouveau/nv84_fence.c
[modify] https://crrev.com/30312996920b1fdfc5b1e137aaa54720d304cbab/drivers/gpu/drm/nouveau/nouveau_bo.c
[modify] https://crrev.com/30312996920b1fdfc5b1e137aaa54720d304cbab/drivers/gpu/drm/nouveau/nv17_fence.c
[modify] https://crrev.com/30312996920b1fdfc5b1e137aaa54720d304cbab/drivers/gpu/drm/nouveau/dispnv04/crtc.c
[modify] https://crrev.com/30312996920b1fdfc5b1e137aaa54720d304cbab/drivers/gpu/drm/nouveau/nouveau_bo.h
[modify] https://crrev.com/30312996920b1fdfc5b1e137aaa54720d304cbab/drivers/gpu/drm/nouveau/nouveau_gem.c
[modify] https://crrev.com/30312996920b1fdfc5b1e137aaa54720d304cbab/drivers/gpu/drm/nouveau/nouveau_prime.c
[modify] https://crrev.com/30312996920b1fdfc5b1e137aaa54720d304cbab/drivers/gpu/drm/nouveau/nouveau_chan.c
[modify] https://crrev.com/30312996920b1fdfc5b1e137aaa54720d304cbab/drivers/gpu/drm/nouveau/nv50_display.c

Comment 8 by marc...@chromium.org, Feb 9 2017

Status: Fixed (was: Assigned)

Sign in to add a comment