Issue metadata
Sign in to add a comment
|
[Kevin, Bob] Loading flash webpage causes kernel crash CPU: 2 PID: 1701 Comm: DrmThread Not tainted) |
||||||||||||||||||||||
Issue descriptionGoogle Chrome: 66.0.3359.43 (Official Build) dev (32-bit) Revision: 0 Platform: 10452.19.0 (Official Build) dev-channel kevin Firmware Version: Google_Kevin.8785.220.0 Customization ID: SAMSUNG-KEVIN1 What steps will reproduce the problem? (1) Recover kevin device with 10452.19.0 (2) Navigate to https://online-voice-recorder.com - or any other flash based site a) If necessary, click the Flash content to enable running Flash (3) Observe crash What is the expected result? Chrome should render the website What happens instead? Screen goes black and then the Kernel crashes kernel-(WATCHDOG)-*ERROR* Failed to enable vop (-16-359F8C7B) (handling) *NOTES I've tried to reproduce on Kevin, Orco, Terra, Eve, and Caroline. So far, I can only reproduce on Kevin. Kernel Crashes: - https://crash.corp.google.com/browse?q=reportid=%278038d2bdd01cc879%27 - https://crash.corp.google.com/browse?q=reportid=%27afc18a6c28c7a43e%27 - https://crash.corp.google.com/browse?q=reportid=%272f327371e9e4d4cd%27 Kernel Warnings: - https://crash.corp.google.com/browse?q=reportid=%2794a9814a7fc28d1d%27 - https://crash.corp.google.com/browse?q=reportid=%27b0bfe6be67da43e7%27 I'm able to reproduce this 100% of the time. Looking at dmesg shows about 70 entries of the following error: [ 388.099742] rk_iommu ff903f00.iommu: Page fault at 0x0000000014016900 of type read [ 388.099768] rk_iommu ff903f00.iommu: iova = 0x0000000014016900: dte_index: 0x50 pte_index: 0x16 page_offset: 0x900 [ 388.099779] rk_iommu ff903f00.iommu: mmu_dte_addr: 0x00000000ede50000 dte@0x00000000ede50140: 0xad7c3001 valid: 1 pte@0x00000000ad7c3058: 0x1e7a6006 valid: 0 page@0x0000000000000000 flags: 0x0 [ 388.116386] rk_iommu ff903f00.iommu: Page fault at 0x0000000014017000 of type read [ 388.116408] rk_iommu ff903f00.iommu: iova = 0x0000000014017000: dte_index: 0x50 pte_index: 0x17 page_offset: 0x0 [ 388.116418] rk_iommu ff903f00.iommu: mmu_dte_addr: 0x00000000ede50000 dte@0x00000000ede50140: 0xad7c3001 valid: 1 pte@0x00000000ad7c305c: 0x1e7a7006 valid: 0 page@0x0000000000000000 flags: 0x0
,
Mar 20 2018
,
Mar 20 2018
,
Mar 20 2018
Issue is reproducible on bob as well. Likely will reproduce on gru boards.
,
Mar 20 2018
,
Mar 20 2018
This doesn't occur when loading the same page in Guest Mode. Occurs only when logged in with a user account.
,
Mar 20 2018
[ 1725.365727] ------------[ cut here ]------------ [ 1725.365753] WARNING: CPU: 2 PID: 1701 at ../../../../../tmp/portage/sys-kernel/chromeos-kernel-4_4-4.4.118-r1396/work/chromeos-kernel-4_4-4.4.118/drivers/iommu/iommu.c:1280 __iommu_detach_group+0x54/0xa0 [ 1725.365762] Modules linked in: snd_usb_audio snd_hwdep snd_usbmidi_lib snd_rawmidi ip6t_REJECT nf_reject_ipv6 veth cmac rfcomm btusb btrtl btbcm btintel bluetooth uinput ip6table_filter uvcvideo mwifiex_pcie mwifiex zram bridge stp llc ipt_MASQUERADE nf_nat_masquerade_ipv4 xt_mark fuse snd_seq_dummy snd_seq snd_seq_device cfg80211 joydev [ 1725.365913] [ 1725.365928] CPU: 2 PID: 1701 Comm: DrmThread Not tainted 4.4.118-13169-g3b0f04b2f8fc #1 [ 1725.365935] Hardware name: Google Kevin (DT) [ 1725.365944] task: ffffffc0ef188d00 ti: ffffffc0daf84000 task.ti: ffffffc0daf84000 [ 1725.365954] PC is at __iommu_detach_group+0x54/0xa0 [ 1725.365963] LR is at __iommu_detach_group+0x50/0xa0 [ 1725.365971] pc : [<ffffffc000579098>] lr : [<ffffffc000579094>] pstate: 60000145 [ 1725.365978] sp : ffffffc0daf879d0 [ 1725.365985] x29: ffffffc0daf879f0 x28: ffffffc0010f6890 [ 1725.365998] x27: 0000000000000000 x26: ffffffc000a57d58 [ 1725.366012] x25: 0000000000000001 x24: 0000000000000028 [ 1725.366025] x23: ffffffc0edaea028 x22: ffffffc0ede03100 [ 1725.366038] x21: ffffffc0ee5ea448 x20: ffffffc0ede02880 [ 1725.366051] x19: ffffffc0ee5ea400 x18: ffffffc00108d000 [ 1725.366064] x17: ffffffc00108d000 x16: ffffffc0e9ce3ca8 [ 1725.366077] x15: 0000000000000000 x14: 6330303030783020 [ 1725.366090] x13: 3a73757461747320 x12: 2c74756f2064656d [ 1725.366103] x11: ffffffc0ef188d00 x10: 0000000000000000 [ 1725.366116] x9 : 0000000000000000 x8 : ffffffc0ef188d00 [ 1725.366128] x7 : ffffffc0010d1028 x6 : 0000000000000059 [ 1725.366141] x5 : 0000000000000000 x4 : ffffffc001199329 [ 1725.366153] x3 : 0000000000000059 x2 : ffffffc0f7b2e4d0 [ 1725.366166] x1 : 0000000000000140 x0 : 00000000ffffff92 [ 1725.366180] [ 1725.366180] PC: 0xffffffc000579018: ... [ 1725.371911] [ 1725.371921] ---[ end trace 46a780f3efcf4b12 ]--- [ 1725.371929] Call trace: [ 1725.371938] [<ffffffc000579098>] __iommu_detach_group+0x54/0xa0 [ 1725.371951] [<ffffffc000578f6c>] iommu_detach_device+0x80/0xa0 [ 1725.371968] [<ffffffc0005ab564>] rockchip_drm_dma_detach_device+0x34/0x40 [ 1725.371981] [<ffffffc0005b0894>] vop_crtc_disable+0x1f0/0x234 [ 1725.371993] [<ffffffc0005865f0>] drm_atomic_helper_commit_modeset_disables+0x1a4/0x32c [ 1725.372007] [<ffffffc0005ac29c>] rockchip_atomic_commit_complete+0x284/0x4a0 [ 1725.372018] [<ffffffc0005aca44>] rockchip_drm_atomic_commit+0x168/0x18c [ 1725.372033] [<ffffffc00059eb08>] drm_atomic_commit+0x58/0x64 [ 1725.372043] [<ffffffc000587364>] drm_atomic_helper_set_config+0x80/0xb0 [ 1725.372055] [<ffffffc000593f7c>] drm_mode_set_config_internal+0x5c/0xdc [ 1725.372065] [<ffffffc000594934>] drm_mode_setcrtc+0x1ec/0x48c [ 1725.372082] [<ffffffc0007a838c>] drm_ioctl+0x1d8/0x3f8 [ 1725.372093] [<ffffffc0005a64a8>] drm_compat_ioctl+0x3c/0x9c [ 1725.372107] [<ffffffc00039e274>] compat_SyS_ioctl+0x400/0x191c [ 1725.372121] [<ffffffc000203e90>] __sys_trace_return+0x0/0x4 [ 1725.385854] atmel_mxt_ts 3-004b: Status: 10 Config Checksum: 573e89 [ 1725.393387] atmel_mxt_ts 3-004b: Status: 00 Config Checksum: 573e89 [ 1772.732095] rockchip-vop ff900000.vop: Failed to attach iommu device [ 1772.732126] rockchip-vop ff900000.vop: failed to attach dma mapping, -16 [ 1772.732235] rockchip-vop ff900000.vop: [drm:vop_crtc_enable] *ERROR* Failed to enable vop (-16) [ 1779.996778] BUG: spinlock lockup suspected on CPU#5, swapper/5/0 [ 1779.996811] lock: 0xffffffc0010aec98, .magic: dead4ead, .owner: swapper/2/0, .owner_cpu: 2 [ 1779.996834] CPU: 5 PID: 0 Comm: swapper/5 Tainted: G W 4.4.118-13169-g3b0f04b2f8fc #1 [ 1779.996845] Hardware name: Google Kevin (DT) [ 1779.996854] Call trace: [ 1779.996885] [<ffffffc0002083c4>] dump_backtrace+0x0/0x16c [ 1779.996901] [<ffffffc0002083b8>] show_stack+0x20/0x2c [ 1779.996922] [<ffffffc0004d32a8>] __dump_stack+0x20/0x28 [ 1779.996935] [<ffffffc0004d3264>] dump_stack+0x70/0x94 [ 1779.996952] [<ffffffc00025b218>] spin_dump+0x98/0xa8 [ 1779.996968] [<ffffffc0002eff90>] do_raw_spin_lock+0x168/0x1a8 [ 1779.996984] [<ffffffc0009401c8>] _raw_spin_lock+0x30/0x3c [ 1779.996998] [<ffffffc00027df38>] __tick_broadcast_oneshot_control+0x44/0x234 [ 1779.997011] [<ffffffc00027cf98>] tick_broadcast_oneshot_control+0x3c/0x48 [ 1779.997027] [<ffffffc0007c2a2c>] cpuidle_enter_state+0x100/0x184 [ 1779.997039] [<ffffffc0007c2bf8>] cpuidle_enter+0x30/0x40 [ 1779.997051] [<ffffffc0002eee00>] cpu_startup_entry+0x11c/0x2a8 [ 1779.997064] [<ffffffc00020d2a4>] secondary_start_kernel+0x144/0x150 [ 1779.997074] [<0000000000400c0c>] 0x400c0c
,
Mar 20 2018
,
Mar 20 2018
,
Mar 20 2018
,
Mar 20 2018
issue also reproduce on https://webcamera.io
,
Mar 20 2018
,
Mar 20 2018
on https://webcamera.io issue reproduce if use Flash but no reproduce if use HTML5
,
Mar 20 2018
Dominik, could you please take a look at the issue? The uprev was M-67 only, right?
,
Mar 20 2018
was this issue seen on the last dev?
,
Mar 20 2018
issue can reproduce on last dev 10452.11.0/66.0.3359.31
,
Mar 20 2018
moving to RBB as per c#16
,
Mar 27 2018
Any update on this blocking issue?
,
Mar 27 2018
Looks like reverting this stuff: 63a8f4b61aab (HEAD) Revert "Revert "CHROMIUM: drm/rockchip: YUV overlays BT.601 color conversion."" 48a8e27fccd0 Revert "CHROMIUM: drm/rockchip: YUV overlays BT.601 color conversion." 190055d71e83 Revert "CHROMIUM: rockchip: Implement drm plane->ctm property." 3ae397b65827 Revert "CHROMIUM: rockchip: Enable 'PLANE_CTM' drm property." Fixes the problem.
,
Mar 28 2018
how confident are we on that? Also, any side effect? I can try reverting in M66 branch
,
Mar 28 2018
Those patches are needed for efficient night mode, we are targeting 67 for that, so if that is causing issues in 66, please go ahead and revert, I'll try to investigate and find a fix for 67.
,
Mar 28 2018
dbehr, have you tried reverting only the last two patches (plane ctm)? Is it necessary to revert the first two patches (the BT.601) too to fix the issue?
,
Mar 28 2018
,
Apr 2 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/e72a9fe83d2ab82514032beb5f3b6a1fad5563ca commit e72a9fe83d2ab82514032beb5f3b6a1fad5563ca Author: Daniele Castagna <dcastagna@chromium.org> Date: Mon Apr 02 23:26:43 2018 CHROMIUM: drm/rockchip: Fix a gone-wrong revert crrev.com/c/922542 was supposed to revert a patch that added BT.601 YUV conversion. Something went wrong and y-mirror support partially went away with it, causing iommu issues since we scanout y-flipped buffers starting from the last line. BUG= chromium:823761 TEST=on kevin following the instruction in chromium:823761 Change-Id: I49f75b192acf7906521d4d2e20d0818c1dee3e93 Reviewed-on: https://chromium-review.googlesource.com/988495 Commit-Ready: Daniele Castagna <dcastagna@chromium.org> Commit-Ready: Kristian H. Kristensen <hoegsberg@chromium.org> Tested-by: Daniele Castagna <dcastagna@chromium.org> Reviewed-by: Kristian H. Kristensen <hoegsberg@chromium.org> [modify] https://crrev.com/e72a9fe83d2ab82514032beb5f3b6a1fad5563ca/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
,
Apr 2 2018
,
Apr 2 2018
,
Apr 2 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/21c1bbdb387ef1f58dfda5ac13adddfbdc47eb8a commit 21c1bbdb387ef1f58dfda5ac13adddfbdc47eb8a Author: Daniele Castagna <dcastagna@chromium.org> Date: Mon Apr 02 23:41:42 2018 CHROMIUM: drm/rockchip: Fix a gone-wrong revert crrev.com/c/922542 was supposed to revert a patch that added BT.601 YUV conversion. Something went wrong and y-mirror support partially went away with it, causing iommu issues since we scanout y-flipped buffers starting from the last line. BUG= chromium:823761 TEST=on kevin following the instruction in chromium:823761 Change-Id: I49f75b192acf7906521d4d2e20d0818c1dee3e93 Reviewed-on: https://chromium-review.googlesource.com/988495 Commit-Ready: Daniele Castagna <dcastagna@chromium.org> Commit-Ready: Kristian H. Kristensen <hoegsberg@chromium.org> Tested-by: Daniele Castagna <dcastagna@chromium.org> Reviewed-by: Kristian H. Kristensen <hoegsberg@chromium.org> (cherry picked from commit e72a9fe83d2ab82514032beb5f3b6a1fad5563ca) Reviewed-on: https://chromium-review.googlesource.com/990833 Reviewed-by: Grace Kihumba <gkihumba@chromium.org> Commit-Queue: Grace Kihumba <gkihumba@chromium.org> Tested-by: Grace Kihumba <gkihumba@chromium.org> [modify] https://crrev.com/21c1bbdb387ef1f58dfda5ac13adddfbdc47eb8a/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
,
Apr 2 2018
,
Apr 3 2018
verified on 10452.42.0/66.0.3359.79
,
Apr 6 2018
This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible! If all merges have been completed, please remove any remaining Merge-Approved labels from this issue. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 6 2018
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by matthewjoseph@chromium.org
, Mar 20 2018