Launchpad has imported 2 comments from the remote bug at https://bugs.freedesktop.org/show_bug.cgi?id=71365.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2013-11-07T23:54:18+00:00 Freedesktop-treblig wrote: I'm running a FC20 x86-64 pre-beta with an Ubuntu guest under KVM with spice and can reliably trigger an oops in the guest. The host is running qemu-kvm-1.6.1-1.fc20.x86_64 The oops happens on both Ubuntu's distro kernels (since about 3.10) and anything else recent including current drm-next (212c444ba 7th November) that I've built. The user space is Ubuntu Trusty, and X (with Unity etc) works fine. Note there is also a corrupt text console prior to the oops. To trigger: Boot guest and let it sit at lightdm ssh in send a ctrl-alt-f1 via virt-manager * see a very corrupt text console send a ctrl-alt-f2 (might oops at this point - check with dmesg via the ssh) send a ctrl-alt-f3 send a ctrl-alt-f4 I've never had it get past the 4th one without oopsing, with debug on it does it at the second switch. Here is a log which I turned some drm debug on; It is sitting at lightdm waiting for me to log in, so I ssh in and do: echo 255 > debug and do ctrl-alt-f1 [ 266.165815] [drm:drm_crtc_helper_set_config], [ 266.165817] [drm:drm_crtc_helper_set_config], [CRTC:3] [FB:33] #connectors=1 (x y) (0 0) [ 266.165821] [drm:drm_crtc_helper_set_config], crtc has no fb, full mode set [ 266.165823] [drm:qxl_best_encoder], [ 266.165823] [drm:drm_crtc_helper_set_config], encoder changed, full mode switch [ 266.165824] [drm:drm_crtc_helper_set_config], crtc changed, full mode switch [ 266.165825] [drm:drm_crtc_helper_set_config], [CONNECTOR:4:Virtual-1] to [CRTC:3] [ 266.165826] [drm:drm_crtc_helper_set_config], attempting to set mode from userspace [ 266.165828] [drm:drm_mode_debug_printmodeline], Modeline 32:"1024x768" 60 63500 1024 1072 1176 1328 768 771 775 798 0x8 0x6 [ 266.165830] [drm:qxl_enc_mode_fixup], [ 266.165845] [drm:drm_crtc_helper_set_mode], [CRTC:3] [ 266.165846] [drm:qxl_enc_prepare], [ 266.165847] [drm:qxl_enc_dpms], [ 266.165847] [drm:qxl_enc_dpms], [ 266.165848] [drm:qxl_enc_dpms], [ 266.165849] [drm:qxl_crtc_prepare], current: 1024x768+0+0 (1). [ 266.165850] [drm:qxl_crtc_mode_set], 0x0: not a native mode [ 266.165851] [drm:qxl_crtc_mode_set], +0+0 (1024,768) => (1024,768) We have now got a heavily corrupt text console (nothing readable) I then do a ctrl-alt-f2 here. [ 276.164189] [drm:qxl_monitors_config_set], 0:1024x768+0+0 [ 276.164207] [drm:drm_crtc_helper_set_mode], [ENCODER:5:Virtual-5] set [MODE:32:1024x768] [ 276.164209] [drm:qxl_enc_mode_set], [ 276.164212] [drm:qxl_crtc_commit], [ 276.164215] [drm:qxl_write_monitors_config_for_encoder], setting head 0 to +0+0 1024x768 out of 1 [ 276.164239] ------------[ cut here ]------------ [ 276.164240] Kernel BUG at ffffffffa00c42d6 [verbose debug info unavailable] [ 276.164244] invalid opcode: 0000 [#1] SMP [ 276.164267] Modules linked in: rfcomm bnep bluetooth ppdev(F) nfsd(F) auth_rpcgss(F) nfs_acl(F) nfs(F) lockd(F) sunrpc(F) fscache(F) snd_hda_intel snd_hda_codec snd_hwdep(F) snd_pcm(F) microcode(F) psmouse(F) snd_page_alloc(F) serio_raw(F) snd_seq_midi(F) snd_seq_midi_event(F) snd_rawmidi(F) virtio_console snd_seq(F) snd_seq_device(F) snd_timer(F) snd(F) soundcore(F) qxl parport_pc(F) ttm drm_kms_helper drm i2c_piix4 mac_hid lp(F) parport(F) floppy(F) [ 276.164271] CPU: 1 PID: 972 Comm: Xorg Tainted: GF 3.12.0-1-generic #3-Ubuntu [ 276.164273] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 276.164275] task: ffff88006d8017b0 ti: ffff88006e3fe000 task.ti: ffff88006e3fe000 [ 276.164285] RIP: 0010:[<ffffffffa00c42d6>] [<ffffffffa00c42d6>] qxl_send_monitors_config+0x136/0x140 [qxl] [ 276.164287] RSP: 0018:ffff88006e3ff7a8 EFLAGS: 00010246 [ 276.164288] RAX: ffffc900003b4000 RBX: ffff880036944d68 RCX: 0000000000001e60 [ 276.164290] RDX: 000000001e601e60 RSI: 000000004dc64dc4 RDI: ffff88007c35a000 [ 276.164291] RBP: ffff88006e3ff7b0 R08: 0000000000000092 R09: ffffffff81ebf069 [ 276.164293] R10: 0000000000000002 R11: 0000000000040000 R12: ffff88007c35a000 [ 276.164294] R13: ffffc9000039e004 R14: ffff880079590420 R15: ffff880036945c18 [ 276.164297] FS: 00007fb7227dc980(0000) GS:ffff88007fd00000(0000) knlGS:0000000000000000 [ 276.164299] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 276.164300] CR2: 00007fb4bff2f000 CR3: 000000006d827000 CR4: 00000000000006e0 [ 276.164313] Stack: [ 276.164317] 0000000000000000 ffff88006e3ff800 ffffffffa00c45da ffff880000000000 [ 276.164320] ffff880000000400 0000000000000300 ffffffff00000001 0000000000000092 [ 276.164323] ffff880036944d68 ffff880036898000 ffff880036945c20 ffff88006e3ffa50 [ 276.164324] Call Trace: [ 276.164333] [<ffffffffa00c45da>] qxl_enc_commit+0x12a/0x220 [qxl] [ 276.164340] [<ffffffffa00a41b1>] drm_crtc_helper_set_mode+0x381/0x510 [drm_kms_helper] [ 276.164349] [<ffffffffa00a57d5>] drm_crtc_helper_set_config+0x9c5/0xb20 [drm_kms_helper] [ 276.164370] [<ffffffffa004c5fd>] drm_mode_set_config_internal+0x5d/0xe0 [drm] [ 276.164376] [<ffffffffa00a3681>] drm_fb_helper_set_par+0x71/0xf0 [drm_kms_helper] [ 276.164382] [<ffffffff813d1db1>] fb_set_var+0x191/0x430 [ 276.164388] [<ffffffff8109694d>] ? ttwu_do_activate.constprop.75+0x5d/0x70 [ 276.164393] [<ffffffff813deb41>] fbcon_blank+0x1d1/0x2d0 [ 276.164399] [<ffffffff8145e674>] do_unblank_screen+0xb4/0x1e0 [ 276.164402] [<ffffffff814543ba>] complete_change_console+0x5a/0xe0 [ 276.164405] [<ffffffff814553ea>] vt_ioctl+0xfaa/0x11c0 [ 276.164408] [<ffffffff8109b45d>] ? sched_clock_local+0x1d/0x80 [ 276.164411] [<ffffffff8109b5e8>] ? sched_clock_cpu+0xa8/0x100 [ 276.164415] [<ffffffff81448d5d>] tty_ioctl+0x26d/0xbc0 [ 276.164420] [<ffffffff8104f46f>] ? kvm_clock_read+0x1f/0x30 [ 276.164425] [<ffffffff8101b8a9>] ? sched_clock+0x9/0x10 [ 276.164427] [<ffffffff8109b45d>] ? sched_clock_local+0x1d/0x80 [ 276.164432] [<ffffffff811c4615>] do_vfs_ioctl+0x2e5/0x4d0 [ 276.164436] [<ffffffff8109c0b4>] ? vtime_account_user+0x54/0x60 [ 276.164439] [<ffffffff811c4881>] SyS_ioctl+0x81/0xa0 [ 276.164443] [<ffffffff8171ba7f>] tracesys+0xe1/0xe6 [ 276.164471] Code: d8 0c a0 31 c0 e8 3b 3f 00 00 c9 c3 45 8b 4a 14 45 8b 42 10 31 d2 41 8b 4a 0c eb a9 45 8b 42 10 41 8b 4a 0c 41 89 c1 31 d2 eb 9a <0f> 0b 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41 57 [ 276.164478] RIP [<ffffffffa00c42d6>] qxl_send_monitors_config+0x136/0x140 [qxl] [ 276.164479] RSP <ffff88006e3ff7a8> [ 276.164482] ---[ end trace ca96233a7ea696e9 ]--- It's still happily responsive via the ssh at this point but the console is still toast. The addresses in the trace don't make too much sense to me; the qxl_send_monitors_config+0x136 seems to correspond to a ud2 undefined after the last jmp in qxl_send_monitors_config, and the qxl_enc_commit+0x12a I think corresponds to the jump just before the DRM_DEBUG print at the end of the routine. I have a FC19 guest also on the same host that doesn't seem to exhibit any problems. For reference this corresponds to Ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1247906 Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1247906/comments/8 ------------------------------------------------------------------------ On 2013-11-08T00:50:08+00:00 Freedesktop-treblig wrote: The heavily corrupted console got me thinking and there's a more telling/simpler way to see the problem: Boot guest to lighdm ssh in twice and get root. in the 1st ssh do a chvt 1 This doesn't return so that's probably the underlying problem. In the 2nd vt I did an echo t > /proc/sysrq-trigger and for chvt I got: [ 85.553746] chvt S ffff88007fd14500 0 1800 1799 0x00000000 [ 85.553746] ffff88006b8ddd08 0000000000000002 ffff88006b8ddfd8 0000000000014500 [ 85.553746] ffff88006b8ddfd8 0000000000014500 ffff880067815ec0 ffff88006b8ddd9c [ 85.553746] ffff880067815ec0 0000000000005607 ffff880036991c00 00000000fffffffa [ 85.553746] Call Trace: [ 85.553746] [<ffffffff81710659>] schedule+0x29/0x70 [ 85.553746] [<ffffffff8145409a>] __vt_event_wait.isra.0.part.1+0x5a/0x90 [ 85.553746] [<ffffffff81089020>] ? wake_up_atomic_t+0x30/0x30 [ 85.553746] [<ffffffff81454285>] vt_waitactive+0x65/0xb0 [ 85.553746] [<ffffffff8106e069>] ? ns_capable+0x29/0x50 [ 85.553746] [<ffffffff81454bf7>] vt_ioctl+0x7b7/0x11c0 [ 85.553746] [<ffffffff81448d5d>] tty_ioctl+0x26d/0xbc0 [ 85.553746] [<ffffffff8104f46f>] ? kvm_clock_read+0x1f/0x30 [ 85.553746] [<ffffffff8101b8a9>] ? sched_clock+0x9/0x10 [ 85.553746] [<ffffffff8109b45d>] ? sched_clock_local+0x1d/0x80 [ 85.553746] [<ffffffff811c4615>] do_vfs_ioctl+0x2e5/0x4d0 [ 85.553746] [<ffffffff8109c0b4>] ? vtime_account_user+0x54/0x60 [ 85.553746] [<ffffffff811c4881>] SyS_ioctl+0x81/0xa0 [ 85.553746] [<ffffffff8171ba7f>] tracesys+0xe1/0xe6 with the X processes in: [ 85.553746] Xorg x ffff88007fc14500 0 950 928 0x00000000 [ 85.553746] ffff88006e48b510 0000000000000002 ffff88006e48bfd8 0000000000014500 [ 85.553746] ffff88006e48bfd8 0000000000014500 ffff880078968000 ffff880078968650 [ 85.553746] ffff880078967ff0 ffff88006d995ec0 ffff880078967ff0 ffff880078968000 [ 85.553746] Call Trace: [ 85.553746] [<ffffffff81710659>] schedule+0x29/0x70 [ 85.553746] [<ffffffff81066edf>] do_exit+0x6ff/0xa50 [ 85.553746] [<ffffffff817142af>] oops_end+0xaf/0x150 [ 85.553746] [<ffffffff810172bb>] die+0x4b/0x70 [ 85.553746] [<ffffffff817139f0>] do_trap+0x60/0x170 [ 85.553746] [<ffffffff81014512>] do_invalid_op+0xa2/0x100 [ 85.553746] [<ffffffffa00d12d6>] ? qxl_send_monitors_config+0x136/0x140 [qxl] [ 85.553746] [<ffffffff81088ec8>] ? finish_wait+0x58/0x70 [ 85.553746] [<ffffffffa00d4a2a>] ? wait_for_io_cmd_user+0x20a/0x3c0 [qxl] [ 85.553746] [<ffffffff8171d09e>] invalid_op+0x1e/0x30 [ 85.553746] [<ffffffffa00d12d6>] ? qxl_send_monitors_config+0x136/0x140 [qxl] [ 85.553746] [<ffffffffa00d15da>] qxl_enc_commit+0x12a/0x220 [qxl] [ 85.553746] [<ffffffffa00ac1b1>] drm_crtc_helper_set_mode+0x381/0x510 [drm_kms_helper] [ 85.553746] [<ffffffffa00ad7d5>] drm_crtc_helper_set_config+0x9c5/0xb20 [drm_kms_helper] [ 85.553746] [<ffffffffa00545fd>] drm_mode_set_config_internal+0x5d/0xe0 [drm] [ 85.553746] [<ffffffffa00ab681>] drm_fb_helper_set_par+0x71/0xf0 [drm_kms_helper] [ 85.553746] [<ffffffff813d1db1>] fb_set_var+0x191/0x430 [ 85.553746] [<ffffffff8109694d>] ? ttwu_do_activate.constprop.75+0x5d/0x70 [ 85.553746] [<ffffffff813deb41>] fbcon_blank+0x1d1/0x2d0 [ 85.553746] [<ffffffff8145e674>] do_unblank_screen+0xb4/0x1e0 [ 85.553746] [<ffffffff814543ba>] complete_change_console+0x5a/0xe0 [ 85.553746] [<ffffffff814553ea>] vt_ioctl+0xfaa/0x11c0 [ 85.553746] [<ffffffff81448d5d>] tty_ioctl+0x26d/0xbc0 [ 85.553746] [<ffffffff8104f46f>] ? kvm_clock_read+0x1f/0x30 [ 85.553746] [<ffffffff8101b8a9>] ? sched_clock+0x9/0x10 [ 85.553746] [<ffffffff8109b45d>] ? sched_clock_local+0x1d/0x80 [ 85.553746] [<ffffffff811c4615>] do_vfs_ioctl+0x2e5/0x4d0 [ 85.553746] [<ffffffff8109c0b4>] ? vtime_account_user+0x54/0x60 [ 85.553746] [<ffffffff811c4881>] SyS_ioctl+0x81/0xa0 [ 85.553746] [<ffffffff8171ba7f>] tracesys+0xe1/0xe6 [ 85.553746] Xorg S ffff88007fd14500 0 1168 928 0x00400000 [ 85.553746] ffff88006d83bce0 0000000000000006 ffff88006d83bfd8 0000000000014500 [ 85.553746] ffff88006d83bfd8 0000000000014500 ffff88006d995ec0 ffff88006d995ec0 [ 85.553746] 0000000000000000 ffff88006d995ec0 ffff88006d83bd88 ffffffff81f17608 [ 85.553746] Call Trace: [ 85.553746] [<ffffffff81710659>] schedule+0x29/0x70 [ 85.553746] [<ffffffff810cd55d>] futex_wait_queue_me+0xdd/0x140 [ 85.553746] [<ffffffff810ce202>] futex_wait+0x182/0x290 [ 85.553746] [<ffffffff81098810>] ? wake_up_state+0x10/0x20 [ 85.553746] [<ffffffff810cd626>] ? wake_futex+0x66/0x80 [ 85.553746] [<ffffffff8104f46f>] ? kvm_clock_read+0x1f/0x30 [ 85.553746] [<ffffffff8104f46f>] ? kvm_clock_read+0x1f/0x30 [ 85.553746] [<ffffffff810d040e>] do_futex+0xde/0x670 [ 85.553746] [<ffffffff8110b1ac>] ? acct_account_cputime+0x1c/0x20 [ 85.553746] [<ffffffff8109ba8c>] ? account_user_time+0x8c/0xa0 [ 85.553746] [<ffffffff810d0a11>] SyS_futex+0x71/0x150 [ 85.553746] [<ffffffff81020e15>] ? syscall_trace_enter+0x145/0x250 [ 85.553746] [<ffffffff8171ba7f>] tracesys+0xe1/0xe6 [ 85.553746] Xorg S ffff88007fd14500 0 1169 928 0x00400000 [ 85.553746] ffff88006d861ce0 0000000000000006 ffff88006d861fd8 0000000000014500 [ 85.553746] ffff88006d861fd8 0000000000014500 ffff88006d994710 ffff88006d994710 [ 85.553746] 0000000000000000 ffff88006d994710 ffff88006d861d88 ffffffff81f16180 [ 85.553746] Call Trace: [ 85.553746] [<ffffffff81710659>] schedule+0x29/0x70 [ 85.553746] [<ffffffff810cd55d>] futex_wait_queue_me+0xdd/0x140 [ 85.553746] [<ffffffff810ce202>] futex_wait+0x182/0x290 [ 85.553746] [<ffffffff8104f46f>] ? kvm_clock_read+0x1f/0x30 [ 85.553746] [<ffffffff8104f46f>] ? kvm_clock_read+0x1f/0x30 [ 85.553746] [<ffffffff810d040e>] do_futex+0xde/0x670 [ 85.553746] [<ffffffff8110b1ac>] ? acct_account_cputime+0x1c/0x20 [ 85.553746] [<ffffffff8109ba8c>] ? account_user_time+0x8c/0xa0 [ 85.553746] [<ffffffff810d0a11>] SyS_futex+0x71/0x150 [ 85.553746] [<ffffffff81020e15>] ? syscall_trace_enter+0x145/0x250 [ 85.553746] [<ffffffff8171ba7f>] tracesys+0xe1/0xe6 Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1247906/comments/10 ** Changed in: linux Status: Unknown => Confirmed ** Changed in: linux Importance: Unknown => Medium -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1247906 Title: Repeatable oops qxl_enc_commit Status in The Linux Kernel: Confirmed Status in “linux” package in Ubuntu: Confirmed Bug description: I've got an Ubuntu Trusty guest running under a Fedora 20-pre-beta, the guest oops reliably. To repeat: Setup KVM with the guest configured with QXL graphics, Install openssh-server in the guest Boot it and then send a ctrl-alt-f1 Problem 1 : Corrupt graphics instead of console Now ssh into the guest Send a ctrl-alt-f2 Problem 2 : dmesg on the guest to see backtrace. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: linux-image-3.12.0-1-generic 3.12.0-1.3 ProcVersionSignature: Ubuntu 3.12.0-1.3-generic 3.12.0-rc7 Uname: Linux 3.12.0-1-generic x86_64 ApportVersion: 2.12.6-0ubuntu1 Architecture: amd64 AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/by-path', '/dev/snd/controlC0', '/dev/snd/hwC0D0', '/dev/snd/pcmC0D0c', '/dev/snd/pcmC0D0p', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: Date: Mon Nov 4 17:08:38 2013 HibernationDevice: RESUME=UUID=0190ef1f-ced8-4fbc-9fc3-bd9f73c329db InstallationDate: Installed on 2013-10-20 (14 days ago) InstallationMedia: Ubuntu 13.10 "Saucy Salamander" - Beta amd64 (20131012) IwConfig: eth0 no wireless extensions. lo no wireless extensions. Lsusb: Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub MachineType: Bochs Bochs MarkForUpload: True ProcFB: 0 qxldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.12.0-1-generic root=UUID=3072ba2d-eda3-4789-9a31-38240b2aae52 ro quiet splash vt.handoff=7 PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon. RelatedPackageVersions: linux-restricted-modules-3.12.0-1-generic N/A linux-backports-modules-3.12.0-1-generic N/A linux-firmware 1.117 RfKill: SourcePackage: linux UpgradeStatus: Upgraded to trusty on 2013-11-02 (2 days ago) dmi.bios.date: 01/01/2011 dmi.bios.vendor: Bochs dmi.bios.version: Bochs dmi.chassis.type: 1 dmi.chassis.vendor: Bochs dmi.modalias: dmi:bvnBochs:bvrBochs:bd01/01/2011:svnBochs:pnBochs:pvr:cvnBochs:ct1:cvr: dmi.product.name: Bochs dmi.sys.vendor: Bochs To manage notifications about this bug go to: https://bugs.launchpad.net/linux/+bug/1247906/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
