elm: kernel crash at vdec_vp9_decode when loading www.lyft.com |
||||||
Issue descriptionChrome Version: 57.0.2987.75 Chrome OS Version: 9202.37.0 Chrome OS Platform: elm Steps To Reproduce: (1) Navigate to www.lyft.com (2) (3) Expected Result: www.lyft.com loads, any videos play, no system crash. Actual Result: Instant full system (kernel) crash. How frequently does this problem reproduce? (Always, sometimes, hard to reproduce?) Always. What is the impact to the user, and is there a workaround? If so, what is it? System crashes when visiting www.lyft.com Please provide any additional information below. Attach a screen shot or log if possible. Feedback report: https://feedback.corp.google.com/product/208/neutron?lView=rd&lReport=53977476627 Crash report: https://crash.corp.google.com/browse?q=ReportID=a1fba43300000000 (kcrash attached) Relevant logs: <6>[ 3377.759502] [MTK_V4L2] level=0 fops_vcodec_open(),170: decoder capability 6ca20004 <6>[ 3377.759512] [MTK_V4L2] level=0 fops_vcodec_open(),178: 16000000.vcodec decoder [9] <6>[ 3377.759589] [MTK_V4L2] level=0 fops_vcodec_release(),201: [9] decoder <6>[ 3377.759744] [MTK_V4L2] level=0 fops_vcodec_open(),170: decoder capability 6ca20004 <6>[ 3377.759750] [MTK_V4L2] level=0 fops_vcodec_open(),178: 16000000.vcodec decoder [10] <6>[ 3377.772571] [MTK_MDP] level=0 mtk_mdp_m2m_open(),1174: 14001000.rdma [3] <6>[ 3377.772978] [MTK_MDP] level=0 mtk_mdp_m2m_release(),1208: 14001000.rdma [3] <6>[ 3377.774446] [MTK_MDP] level=0 mtk_mdp_m2m_open(),1174: 14001000.rdma [4] <6>[ 3377.774792] [MTK_MDP] level=0 mtk_mdp_m2m_release(),1208: 14001000.rdma [4] <6>[ 3377.776369] [MTK_MDP] level=0 mtk_mdp_m2m_open(),1174: 14001000.rdma [5] <6>[ 3377.776756] [MTK_MDP] level=0 mtk_mdp_m2m_release(),1208: 14001000.rdma [5] <6>[ 3377.778240] [MTK_MDP] level=0 mtk_mdp_m2m_open(),1174: 14001000.rdma [6] <6>[ 3377.778617] [MTK_MDP] level=0 mtk_mdp_m2m_release(),1208: 14001000.rdma [6] <6>[ 3377.780178] [MTK_MDP] level=0 mtk_mdp_m2m_open(),1174: 14001000.rdma [7] <6>[ 3377.780616] [MTK_MDP] level=0 mtk_mdp_m2m_release(),1208: 14001000.rdma [7] <6>[ 3377.796885] [MTK_V4L2] level=0 fops_vcodec_open(),178: 16000000.vcodec decoder [11] <6>[ 3377.797036] [MTK_V4L2] level=0 fops_vcodec_release(),201: [11] decoder <6>[ 3377.797217] [MTK_V4L2] level=0 fops_vcodec_open(),178: 16000000.vcodec decoder [12] <6>[ 3377.809764] [MTK_MDP] level=0 mtk_mdp_m2m_open(),1174: 14001000.rdma [8] <6>[ 3377.810176] [MTK_MDP] level=0 mtk_mdp_m2m_release(),1208: 14001000.rdma [8] <6>[ 3377.811766] [MTK_MDP] level=0 mtk_mdp_m2m_open(),1174: 14001000.rdma [9] <6>[ 3377.812182] [MTK_MDP] level=0 mtk_mdp_m2m_release(),1208: 14001000.rdma [9] <6>[ 3377.813721] [MTK_MDP] level=0 mtk_mdp_m2m_open(),1174: 14001000.rdma [10] <6>[ 3377.814130] [MTK_MDP] level=0 mtk_mdp_m2m_release(),1208: 14001000.rdma [10] <6>[ 3377.815690] [MTK_MDP] level=0 mtk_mdp_m2m_open(),1174: 14001000.rdma [11] <6>[ 3377.816960] [MTK_MDP] level=0 mtk_mdp_m2m_release(),1208: 14001000.rdma [11] <6>[ 3377.818565] [MTK_MDP] level=0 mtk_mdp_m2m_open(),1174: 14001000.rdma [12] <6>[ 3377.819358] [MTK_MDP] level=0 mtk_mdp_m2m_release(),1208: 14001000.rdma [12] <3>[ 3377.841084] [MTK_VCODEC][ERROR][10]: vp9_alloc_work_buf() Invalid w/h 240/57479 <6>[ 3377.841113] [MTK_V4L2] level=0 vb2ops_vdec_buf_queue(),1056: [10] vdec_if_decode() src_buf=7, size=155262, fail=-22, res_chg=0 <3>[ 3377.849193] [MTK_VCODEC][ERROR][10]: vdec_vp9_decode() vpu_dec_start failed <6>[ 3377.849262] [MTK_V4L2] level=0 vb2ops_vdec_buf_queue(),1056: [10] vdec_if_decode() src_buf=7, size=47195, fail=1, res_chg=0 <3>[ 3377.849544] [MTK_VCODEC][ERROR][12]: vp9_alloc_work_buf() Invalid w/h 240/57479 <6>[ 3377.849570] [MTK_V4L2] level=0 vb2ops_vdec_buf_queue(),1056: [12] vdec_if_decode() src_buf=7, size=155262, fail=-22, res_chg=0 <3>[ 3377.850390] [MTK_VCODEC][ERROR][10]: vdec_vp9_decode() vpu_dec_start failed <6>[ 3377.850455] [MTK_V4L2] level=0 vb2ops_vdec_buf_queue(),1056: [10] vdec_if_decode() src_buf=7, size=974, fail=1, res_chg=0 <3>[ 3377.850830] [MTK_VCODEC][ERROR][10]: vdec_vp9_decode() vpu_dec_start failed <6>[ 3377.850900] [MTK_V4L2] level=0 vb2ops_vdec_buf_queue(),1056: [10] vdec_if_decode() src_buf=7, size=756, fail=1, res_chg=0 <3>[ 3377.851406] [MTK_VCODEC][ERROR][10]: vdec_vp9_decode() vpu_dec_start failed <6>[ 3377.851444] [MTK_V4L2] level=0 vb2ops_vdec_buf_queue(),1056: [10] vdec_if_decode() src_buf=7, size=1091, fail=1, res_chg=0 ... <3>[ 3378.056180] [MTK_VCODEC][ERROR][10]: vdec_vp9_decode() vpu_dec_start failed <6>[ 3378.056213] [MTK_V4L2] level=0 vb2ops_vdec_buf_queue(),1056: [10] vdec_if_decode() src_buf=7, size=67, fail=1, res_chg=0 <1>[ 3378.068177] Unable to handle kernel paging request at virtual address 10006b6800 <1>[ 3378.068193] pgd = ffffffc0f9628000 <1>[ 3378.068198] [10006b6800] *pgd=0000000000000000, *pud=0000000000000000 <0>[ 3378.068211] Internal error: Oops: 96000045 [#1] PREEMPT SMP <4>[ 3378.068216] Modules linked in: rfcomm uinput ip6t_REJECT nf_reject_ipv6 uvcvideo videobuf2_vmalloc btmrvl_sdio btmrvl i2c_dev ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat xt_mark bluetooth bridge stp llc fuse zram snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq ip6table_filter snd_seq_device mwifiex_sdio mwifiex cfg80211 joydev <4>[ 3378.068298] CPU: 0 PID: 9544 Comm: V4L2DecoderThre Not tainted 3.18.0-13745-gf83aa11 #1 <4>[ 3378.068302] Hardware name: Mediatek Elm rev2, rev1 board (DT) <4>[ 3378.068308] task: ffffffc00a19a4c0 ti: ffffffc0f808c000 task.ti: ffffffc0f808c000 <4>[ 3378.068321] PC is at vdec_vp9_decode+0x3fc/0x938 <4>[ 3378.068328] LR is at vdec_vp9_decode+0x3b8/0x938 <4>[ 3378.068333] pc : [<ffffffc0006b76f4>] lr : [<ffffffc0006b76b0>] pstate: 60000145 <4>[ 3378.068338] sp : ffffffc0f808f790 <4>[ 3378.068342] x29: ffffffc0f808f790 x28: ffffffc000a7eec8 <4>[ 3378.068351] x27: ffffff8000bb4000 x26: ffffff8000bb4218 <4>[ 3378.068359] x25: ffffffc0f808f8db x24: 0000000000000000 <4>[ 3378.068367] x23: ffffffc0f808f8e0 x22: ffffff80006b6540 <4>[ 3378.068375] x21: ffffffc000a7ee40 x20: ffffffc0011cb000 <4>[ 3378.068384] x19: ffffff80006b6540 x18: 0000000000000000 <4>[ 3378.068392] x17: 0000000000000000 x16: ffffffc0003876e0 <4>[ 3378.068400] x15: 0000000000000000 x14: 0000000000000000 <4>[ 3378.068408] x13: 0000000000000001 x12: 0000000100000000 <4>[ 3378.068416] x11: 000000000000017d x10: ffffffc00107e5f0 <4>[ 3378.068424] x9 : 0000000000000000 x8 : ffffff80027d50c0 <4>[ 3378.068432] x7 : 0000000000000000 x6 : 000000000000003f <4>[ 3378.068440] x5 : 0000000000000040 x4 : 0000000000000000 <4>[ 3378.068448] x3 : 0000000000000004 x2 : 0000000000000090 <4>[ 3378.068456] x1 : 0000000000000000 x0 : 00000010006b64b0 <0>[ 3378.070434] Process V4L2DecoderThre (pid: 9544, stack limit = 0xffffffc0f808c078) Backtrace: <4>[ 3378.070968] [<ffffffc0006b76f4>] vdec_vp9_decode+0x3fc/0x938 <4>[ 3378.070975] [<ffffffc0006b88a4>] vdec_if_decode+0xdc/0x120 <4>[ 3378.070983] [<ffffffc0006b9cfc>] vb2ops_vdec_buf_queue+0x188/0x3e8 <4>[ 3378.070990] [<ffffffc0006ad13c>] __enqueue_in_driver+0x4c/0x5c <4>[ 3378.070997] [<ffffffc0006b022c>] vb2_internal_qbuf+0x1e4/0x278 <4>[ 3378.071003] [<ffffffc0006b031c>] vb2_qbuf+0x5c/0x74 <4>[ 3378.071009] [<ffffffc0006ac128>] v4l2_m2m_qbuf+0x2c/0x50 <4>[ 3378.071016] [<ffffffc0006ba85c>] vidioc_vdec_qbuf+0x68/0x78 <4>[ 3378.071023] [<ffffffc00069c874>] v4l_qbuf+0x4c/0x60 <4>[ 3378.071030] [<ffffffc00069d770>] __video_do_ioctl+0x180/0x288 <4>[ 3378.071036] [<ffffffc00069d354>] video_usercopy+0x2d8/0x530 <4>[ 3378.071042] [<ffffffc00069d5e0>] video_ioctl2+0x34/0x44 <4>[ 3378.071050] [<ffffffc00069644c>] v4l2_ioctl+0x84/0x13c <4>[ 3378.071057] [<ffffffc0006a91a8>] do_video_ioctl+0x1078/0x1f28 <4>[ 3378.071064] [<ffffffc0006aa0bc>] v4l2_compat_ioctl32+0x64/0xc0 <4>[ 3378.071074] [<ffffffc000387810>] compat_SyS_ioctl+0x130/0x14d0 <0>[ 3378.071081] Code: b9488260 d2801202 f9410761 9b024c00 (f901a801) <4>[ 3378.071121] ---[ end trace be71a7634b4fe366 ]--- <0>[ 3378.095674] Kernel panic - not syncing: Fatal exception
,
Mar 1 2017
We should abort the whole decode if vdec_if_decode fails because the resolution is too large.
,
Mar 3 2017
I filed partner bug https://b/35936915 on MTK.
,
Mar 3 2017
The offending video is https://cdn.lyft.com/brochure/videos/hero-video-opt.webm. avprobe says the resolution is 1920x1080. But hw decoder says the resolution is 240/57479. It's a bug in VPU firmware. $ avprobe hero-video-opt.webm avprobe version 9.20-6:9.20-0ubuntu0.14.04.1, Copyright (c) 2007-2014 the Libav developers built on Dec 7 2016 21:22:31 with gcc 4.8 (Ubuntu 4.8.4-2ubuntu1~14.04.3) [matroska,webm @ 0x1cc72e0] Unknown entry 0x55B0 [matroska,webm @ 0x1cc72e0] Unknown/unsupported AVCodecID V_VP9. [matroska,webm @ 0x1cc72e0] max_analyze_duration reached Input #0, matroska,webm, from 'hero-video-opt.webm': Duration: 00:00:10.01, start: 0.000000, bitrate: N/A Stream #0.0(eng): Video: [0][0][0][0] / 0x0000, 1920x1080, PAR 1:1 DAR 16:9, 29.97 fps, 29.97 tbr, 1k tbn (default) Unsupported codec with id 0 for input stream 0 # avprobe output
,
Mar 7 2017
I uploaded a patch to guard against invalid buffer index. https://patchwork.linuxtv.org/patch/39829/.
,
Mar 8 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/192de100e380700d07d4c4a76042f1892b7dc253 commit 192de100e380700d07d4c4a76042f1892b7dc253 Author: Wu-Cheng Li <wuchengli@google.com> Date: Wed Mar 08 07:53:41 2017 FROMLIST: mtk-vcodec: check the vp9 decoder buffer index from VPU. VPU firmware has a bug and may return invalid buffer index for some vp9 videos. Check the buffer indexes before accessing the buffer. (cherry-picked from https://patchwork.linuxtv.org/patch/39859/) Signed-off-by: Wu-Cheng Li <wuchengli@chromium.org> BUG= chromium:696904 BUG=b/35936915 TEST=Play https://cdn.lyft.com/brochure/videos/hero-video-opt.webm on elm. Play a VP9 youtube video. Run VDA unittest. Change-Id: I398db363b876ae7906bcba9a6515af6f5cc5ea3f Reviewed-on: https://chromium-review.googlesource.com/449494 Commit-Ready: Wu-cheng Li <wuchengli@chromium.org> Tested-by: Wu-cheng Li <wuchengli@chromium.org> Reviewed-by: Wu-cheng Li <wuchengli@chromium.org> [modify] https://crrev.com/192de100e380700d07d4c4a76042f1892b7dc253/drivers/media/platform/mtk-vcodec/vdec_drv_if.h [modify] https://crrev.com/192de100e380700d07d4c4a76042f1892b7dc253/drivers/media/platform/mtk-vcodec/mtk_vcodec_dec.h [modify] https://crrev.com/192de100e380700d07d4c4a76042f1892b7dc253/drivers/media/platform/mtk-vcodec/mtk_vcodec_dec.c [modify] https://crrev.com/192de100e380700d07d4c4a76042f1892b7dc253/drivers/media/platform/mtk-vcodec/vdec/vdec_vp9_if.c
,
Mar 13 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/e311201d8100c1b86a36265b55739c2750a49e7a commit e311201d8100c1b86a36265b55739c2750a49e7a Author: Wu-Cheng Li <wuchengli@google.com> Date: Mon Mar 13 03:00:29 2017 FROMLIST: mtk-vcodec: check the vp9 decoder buffer index from VPU. VPU firmware has a bug and may return invalid buffer index for some vp9 videos. Check the buffer indexes before accessing the buffer. (cherry-picked from https://patchwork.linuxtv.org/patch/39859/) Signed-off-by: Wu-Cheng Li <wuchengli@chromium.org> BUG= chromium:696904 BUG=b/35936915 TEST=Play https://cdn.lyft.com/brochure/videos/hero-video-opt.webm on elm. Play a VP9 youtube video. Run VDA unittest. Change-Id: I398db363b876ae7906bcba9a6515af6f5cc5ea3f Reviewed-on: https://chromium-review.googlesource.com/449494 Commit-Ready: Wu-cheng Li <wuchengli@chromium.org> Tested-by: Wu-cheng Li <wuchengli@chromium.org> Reviewed-by: Wu-cheng Li <wuchengli@chromium.org> (cherry picked from commit 192de100e380700d07d4c4a76042f1892b7dc253) Reviewed-on: https://chromium-review.googlesource.com/453518 [modify] https://crrev.com/e311201d8100c1b86a36265b55739c2750a49e7a/drivers/media/platform/mtk-vcodec/vdec_drv_if.h [modify] https://crrev.com/e311201d8100c1b86a36265b55739c2750a49e7a/drivers/media/platform/mtk-vcodec/mtk_vcodec_dec.h [modify] https://crrev.com/e311201d8100c1b86a36265b55739c2750a49e7a/drivers/media/platform/mtk-vcodec/mtk_vcodec_dec.c [modify] https://crrev.com/e311201d8100c1b86a36265b55739c2750a49e7a/drivers/media/platform/mtk-vcodec/vdec/vdec_vp9_if.c
,
Mar 14 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/c65690b35ccf87f951fd2e2b1782354c62444b61 commit c65690b35ccf87f951fd2e2b1782354c62444b61 Author: Wu-Cheng Li <wuchengli@google.com> Date: Tue Mar 14 07:59:09 2017 FROMLIST: mtk-vcodec: check the vp9 decoder buffer index from VPU. VPU firmware has a bug and may return invalid buffer index for some vp9 videos. Check the buffer indexes before accessing the buffer. (cherry-picked from https://patchwork.linuxtv.org/patch/39859/) Signed-off-by: Wu-Cheng Li <wuchengli@chromium.org> BUG= chromium:696904 BUG=b/35936915 TEST=Play https://cdn.lyft.com/brochure/videos/hero-video-opt.webm on elm. Play a VP9 youtube video. Run VDA unittest. Change-Id: I398db363b876ae7906bcba9a6515af6f5cc5ea3f Reviewed-on: https://chromium-review.googlesource.com/449494 Commit-Ready: Wu-cheng Li <wuchengli@chromium.org> Tested-by: Wu-cheng Li <wuchengli@chromium.org> Reviewed-by: Wu-cheng Li <wuchengli@chromium.org> (cherry picked from commit 192de100e380700d07d4c4a76042f1892b7dc253) Reviewed-on: https://chromium-review.googlesource.com/453869 [modify] https://crrev.com/c65690b35ccf87f951fd2e2b1782354c62444b61/drivers/media/platform/mtk-vcodec/vdec_drv_if.h [modify] https://crrev.com/c65690b35ccf87f951fd2e2b1782354c62444b61/drivers/media/platform/mtk-vcodec/mtk_vcodec_dec.h [modify] https://crrev.com/c65690b35ccf87f951fd2e2b1782354c62444b61/drivers/media/platform/mtk-vcodec/mtk_vcodec_dec.c [modify] https://crrev.com/c65690b35ccf87f951fd2e2b1782354c62444b61/drivers/media/platform/mtk-vcodec/vdec/vdec_vp9_if.c
,
Mar 22 2017
,
Apr 12 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/d1cfb5503b763a511e6c44cfb8fe2ee09e994420 commit d1cfb5503b763a511e6c44cfb8fe2ee09e994420 Author: Daniel Kurtz <djkurtz@chromium.org> Date: Wed Apr 12 06:25:56 2017 FROMLIST: mtk-vcodec: check the vp9 decoder buffer index from VPU. VPU firmware has a bug and may return invalid buffer index for some vp9 videos. Check the buffer indexes before accessing the buffer. (cherry-picked from https://patchwork.linuxtv.org/patch/39859/) Signed-off-by: Wu-Cheng Li <wuchengli@chromium.org> BUG= chromium:696904 BUG=b/35936915 TEST=Play https://cdn.lyft.com/brochure/videos/hero-video-opt.webm on elm. Play a VP9 youtube video. Run VDA unittest. Reviewed-on: https://chromium-review.googlesource.com/449494 Commit-Ready: Wu-cheng Li <wuchengli@chromium.org> Tested-by: Wu-cheng Li <wuchengli@chromium.org> Reviewed-by: Wu-cheng Li <wuchengli@chromium.org> Change-Id: I398db363b876ae7906bcba9a6515af6f5cc5ea3f Reviewed-on: https://chromium-review.googlesource.com/465457 Commit-Ready: Daniel Kurtz <djkurtz@chromium.org> Tested-by: Daniel Kurtz <djkurtz@chromium.org> Reviewed-by: Wu-cheng Li <wuchengli@chromium.org> [modify] https://crrev.com/d1cfb5503b763a511e6c44cfb8fe2ee09e994420/drivers/media/platform/mtk-vcodec/vdec_drv_if.h [modify] https://crrev.com/d1cfb5503b763a511e6c44cfb8fe2ee09e994420/drivers/media/platform/mtk-vcodec/mtk_vcodec_dec.h [modify] https://crrev.com/d1cfb5503b763a511e6c44cfb8fe2ee09e994420/drivers/media/platform/mtk-vcodec/mtk_vcodec_dec.c [modify] https://crrev.com/d1cfb5503b763a511e6c44cfb8fe2ee09e994420/drivers/media/platform/mtk-vcodec/vdec/vdec_vp9_if.c
,
Jun 19 2017
Verified on 9663.0.0, 61.0.3130.0 |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by posciak@chromium.org
, Feb 28 2017