NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

kern/58898: Crash when testing camera in chromium



>Number:         58898
>Category:       kern
>Synopsis:       Crash when testing camera in chromium
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Dec 12 15:55:00 +0000 2024
>Originator:     Robert Bagdan
>Release:        10.0_STABLE (GENERIC)
>Organization:
-
>Environment:
NetBSD test 10.0_STABLE NetBSD 10.0_STABLE (GENERIC) #0: Fri Dec  6 20:38:43 UTC 2024  mkrepro%mkrepro.NetBSD.org@localhost :/usr/src/sys/arch/amd64/compile/GENERIC amd64

>Description:
I?m porting chromium to NetBSD, but I got a random system crash when testing camera support.

I try to found the problem:
1) cd /var/crash && sudo gunzip -d *gz
2) sudo dmesg -M netbsd.4.core -N netbsd.4  
[   429.761546] video_enum_framesizes: type mismatch 56595559 47504a4d
? (919 messages from video_enum_framesizes)
[   512.917593] fatal protection fault in supervisor mode
[   512.917593] trap type 4 code 0 rip 0xffffffff80db14f4 cs 0x8 rflags 0x10206 cr2 0x7dbd48c2e600 ilevel 0 rsp 0xffffc18242975d40
[   512.917593] curlwp 0xffffe53d60a3ca00 pid 3297.3302 lowest kstack 0xffffc182429712c0
[   512.917593] panic: trap
[   512.917593] cpu2: Begin traceback...
[   512.918047] vpanic() at netbsd:vpanic+0x183
[   512.919505] panic() at netbsd:panic+0x3c
[   512.920481] trap() at netbsd:trap+0xbaf
[   512.920481] --- trap (number 4) ---
[   512.920969] videoclose() at netbsd:videoclose+0xbb
[   512.921941] cdev_close() at netbsd:cdev_close+0x92
[   512.922414] spec_close() at netbsd:spec_close+0x188
[   512.923403] VOP_CLOSE() at netbsd:VOP_CLOSE+0x44
[   512.924378] vn_close() at netbsd:vn_close+0x51
[   512.924873] closef() at netbsd:closef+0x58
[   512.925838] fd_close() at netbsd:fd_close+0x140
[   512.926349] sys_close() at netbsd:sys_close+0x22
[   512.927307] syscall() at netbsd:syscall+0x1fc
[   512.927770] --- syscall (number 6) ---
[   512.927770] netbsd:syscall+0x1fc:
[   512.927770] cpu2: End traceback...

[   512.928265] dumping to dev 168,1 (offset=8, size=2097039):
[   512.928265] dump 

3) sudo gdb /netbsd --eval-command="target kvm netbsd.4.core"
GNU gdb (GDB) 11.0.50.20200914-git
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64--netbsd".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
   <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /netbsd...
Reading symbols from /usr/libdata/debug//netbsd-GENERIC.debug...
0xffffffff80239985 in cpu_reboot (howto=260, bootstr=<optimized out>) at /usr/src/sys/arch/amd64/amd64/machdep.c:717
warning: Source file is more recent than executable.
717                     dumpsys();
(gdb) bt
#0  0xffffffff80239985 in cpu_reboot (howto=260, bootstr=<optimized out>)
   at /usr/src/sys/arch/amd64/amd64/machdep.c:717
#1  0xffffffff80ce5a9b in debugged_child_exists (parent=0x104, si=0xffffd2fccac4d400, options=260, id=0, idtype=1112612864) at /usr/src/sys/kern/kern_exit.c:986
#2  find_stopped_child (si=0xffffd2fccac4d400, wru=0x0, child_p=<synthetic pointer>, options=260, id=0,  
   idtype=1112612864, parent=0x104) at /usr/src/sys/kern/kern_exit.c:1124
#3  do_sys_waitid (idtype=<optimized out>, id=<optimized out>, pid=<optimized out>, status=<optimized out>,  
   options=260, wru=0x0, si=<optimized out>) at /usr/src/sys/kern/kern_exit.c:673
#4  0xffffffff80d1be6f in device_pmf_driver_deregister (dev=<unavailable>) at /usr/src/sys/kern/subr_autoconf.c:3182
#5  0xffffffff80d1bf44 in device_pmf_lock1 (dev=0xffffd2fceb993b00) at ./machine/cpu.h:72
#6  device_pmf_lock (dev=0xffffd2fceb993b00) at /usr/src/sys/kern/subr_autoconf.c:3269
#7  0xffffffff8023c155 in trap (frame=0x0) at /usr/src/sys/arch/amd64/amd64/trap.c:326
#8  0xffffffff80234a7b in alltraps ()
#9  0xffffd2fca47ec3c8 in ?? ()
#10 0xffffd2fca455c080 in ?? ()
#11 0xffffd2fca47ec3a0 in ?? ()
#12 0x0000000000000000 in ?? ()
(gdb) list *0xffffffff80db14f4
0xffffffff80db14f4 is in videoclose (/usr/src/sys/dev/video.c:2481).
warning: Source file is more recent than executable.
2476                             "tearing down bufs while streaming\n"));
2477            }
2478
2479            /* dequeue all buffers */
2480            while (SIMPLEQ_FIRST(&vs->vs_ingress) != NULL)
2481                    SIMPLEQ_REMOVE_HEAD(&vs->vs_ingress, entries);
2482            while (SIMPLEQ_FIRST(&vs->vs_egress) != NULL)
2483                    SIMPLEQ_REMOVE_HEAD(&vs->vs_egress, entries);
2484
2485            err = video_stream_free_bufs(vs);
(gdb)


I got this system crash only on chromium, firefox with the same steps did not cause system crash. I checked the differences in the codebases, I found chromium uses VIDIOC_ENUM_FRAMEINTERVALS and VIDIOC_ENUM_FRAMESIZES, while firefox does not. I don?t know is it relevant, but my dmesg output has many ?video_enum_framesizes: type mismatch 47504a4d 56595559? lines, what is come from video_enum_framesizes():https://github.com/NetBSD/src/blob/52fe981959bae952bc9fc0d6e7829963ece5abbc/sys/dev/video.c#L830.



>How-To-Repeat:
1) Build chromium from pkgsrc-wip/chromium (many hours as it is a kaiju..)
2) Open in chromium the https://webcamtests.com/ page, and run the testing
3) Not always but often I got a system crash while the test is running

>Fix:



Home | Main Index | Thread Index | Old Index