Bug 14607 - Mageia KVM guests crash on VT switch when using the QXL X11 driver
Summary: Mageia KVM guests crash on VT switch when using the QXL X11 driver
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: x86_64 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Kernel and Drivers maintainers
QA Contact:
URL:
Whiteboard: MGA4TOO
Keywords: NEEDINFO
Depends on:
Blocks:
 
Reported: 2014-11-19 14:33 CET by Theodoros Kalamatianos
Modified: 2016-08-26 11:50 CEST (History)
5 users (show)

See Also:
Source RPM: kernel, x11-driver-video-qxl
CVE:
Status comment:


Attachments

Description Theodoros Kalamatianos 2014-11-19 14:33:58 CET
Description of problem:

I have a couple of Mageia guests (Mageia 4.1 and 5b1) on a Mageia Cauldron KVM host. Both VMs have a QXL/spice video card and the Mageia setup process has automatically selected the QXL X11 driver, as expected. Both VMs have a minimal X environment with the MATE desktop.

In both cases, after the X server has been started the whole system will crash as soon as a VT switch is initiated either via the Ctrl-Alt-Fn keys, or because the switch user function was selected. This happens with both the desktop and server kernel versions for the guests.

It is not always possible to capture a stack trace. I was able to do it successfully only once via a serial console:

[  244.594721] ------------[ cut here ]------------
[  244.594722] kernel BUG at drivers/gpu/drm/qxl/qxl_display.c:479!
[  244.594724] invalid opcode: 0000 [#1] SMP 
[  244.594732] Modules linked in: nls_utf8 isofs ipt_IFWLOG ipt_psd xt_set ip_set_hash_ip ip_set nf_log_ipv4 iptable_nat nf_nat_ipv4 ipt_REJECT iptable_mangle iptable_raw nf_conntrack_ipv4 nf_defrag_ipv4 nf_log_ipv6 nf_log_common xt_LOG xt_recent ip6table_nat nf_nat_ipv6 xt_comment ip6t_REJECT xt_addrtype bridge stp llc xt_mark ip6table_mangle xt_tcpudp xt_CT ip6table_raw xt_multiport nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_tftp nf_nat_snmp_basic nf_conntrack_snmp nf_nat_sip nf_nat_pptp xt_conntrack nf_nat_proto_gre nf_nat_irc nf_nat_h323 nf_nat_ftp nf_nat_amanda nf_nat nf_conntrack_tftp nf_conntrack_sip nf_conntrack_sane nf_conntrack_proto_udplite nf_conntrack_proto_sctp nf_conntrack_pptp nf_conntrack_proto_gre nf_conntrack_netlink nfnetlink nf_conntrack_netbios_ns nf_conntrack_broadcast nf_conntrack_irc
[  244.594742]  nf_conntrack_h323 ts_kmp nf_conntrack_ftp nf_conntrack_amanda nf_conntrack iptable_filter ip_tables ip6table_filter ip6_tables x_tables af_packet msr snd_hda_codec_generic crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel snd_hda_intel snd_hda_controller snd_hda_codec ppdev joydev snd_hwdep aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper snd_pcm cryptd microcode snd_timer serio_raw snd parport_pc virtio_balloon parport virtio_console soundcore pvpanic i2c_piix4 processor button evdev sch_fq_codel ipv6 autofs4 hid_generic usbhid hid uhci_hcd virtio_net ehci_pci ehci_hcd usbcore usb_common virtio_pci sr_mod qxl drm_kms_helper ttm drm ide_pci_generic piix ide_core virtio_scsi virtio_ring virtio ata_generic pata_acpi ata_piix
[  244.594743] CPU: 0 PID: 2254 Comm: X Not tainted 3.17.2-server-3.mga5 #1
[  244.594744] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.7.5-0-ge51488c-20140602_164612-nilsson.home.kraxel.org 04/01/2014
[  244.594745] task: ffff8800640105d0 ti: ffff88007b7b4000 task.ti: ffff88007b7b4000
[  244.594749] RIP: 0010:[<ffffffffc03774e0>]  [<ffffffffc03774e0>] qxl_send_monitors_config+0x170/0x190 [qxl]
[  244.594750] RSP: 0018:ffff88007b7b79c0  EFLAGS: 00010246
[  244.594750] RAX: ffffc900003d8000 RBX: ffff880037f07c00 RCX: 0000000000000000
[  244.594751] RDX: 0000000000000000 RSI: ffffc9000000201c RDI: ffff88007aae1000
[  244.594751] RBP: ffff88007b7b79c8 R08: 0000000000000000 R09: 0000000000000000
[  244.594751] R10: 0000000000000001 R11: 0000000000000000 R12: ffff880037f07c00
[  244.594752] R13: ffff88007aae1000 R14: 0000000000000001 R15: 0000000000000000
[  244.594753] FS:  00007f48208758c0(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000
[  244.594753] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  244.594753] CR2: 0000000001147590 CR3: 000000007ad95000 CR4: 00000000001406f0
[  244.594756] Stack:
[  244.594757]  0000000000000000 ffff88007b7b7a08 ffffffffc03775c2 ffff880000000000
[  244.594757]  ffff880037f07c00 ffff880037ed5368 ffffffffc03807c0 0000000000000001
[  244.594758]  0000000000000000 ffff88007b7b7a30 ffffffffc032c5a7 ffff88007aaa1538
[  244.594758] Call Trace:
[  244.594763]  [<ffffffffc03775c2>] qxl_crtc_disable+0xc2/0x160 [qxl]
[  244.594768]  [<ffffffffc032c5a7>] __drm_helper_disable_unused_functions+0xb7/0xf0 [drm_kms_helper]
[  244.594772]  [<ffffffffc032ce46>] drm_crtc_helper_set_config+0x116/0xb40 [drm_kms_helper]
[  244.594781]  [<ffffffffc02ec734>] drm_mode_set_config_internal+0x64/0xe0 [drm]
[  244.594785]  [<ffffffffc03349b3>] restore_fbdev_mode+0xb3/0xe0 [drm_kms_helper]
[  244.594789]  [<ffffffffc0334a03>] drm_fb_helper_restore_fbdev_mode_unlocked+0x23/0x40 [drm_kms_helper]
[  244.594792]  [<ffffffffc03364d8>] drm_fb_helper_set_par+0x28/0x70 [drm_kms_helper]
[  244.594795]  [<ffffffff81424eda>] fb_set_var+0x18a/0x410
[  244.594797]  [<ffffffff81097728>] ? __enqueue_entity+0x78/0x80
[  244.594798]  [<ffffffff8141f1a9>] fbcon_blank+0x229/0x300
[  244.594800]  [<ffffffff8149b50a>] do_unblank_screen+0xaa/0x1d0
[  244.594801]  [<ffffffff814914e9>] complete_change_console+0x59/0xe0
[  244.594802]  [<ffffffff814926f0>] vt_ioctl+0x1180/0x1430
[  244.594804]  [<ffffffff8116ec0c>] ? tlb_flush_mmu_free+0x2c/0x50
[  244.594805]  [<ffffffff814860e5>] tty_ioctl+0x285/0xbc0
[  244.594806]  [<ffffffff811cab08>] do_vfs_ioctl+0x2c8/0x490
[  244.594807]  [<ffffffff811cad51>] SyS_ioctl+0x81/0xa0
[  244.594809]  [<ffffffff816a642d>] system_call_fastpath+0x1a/0x1f
[  244.594816] Code: 44 00 00 48 63 c2 48 8d 0c 85 00 00 00 00 48 c1 e0 05 48 29 c8 49 01 c3 45 8b 43 10 41 8b 4b 0c e9 7d ff ff ff 66 0f 1f 44 00 00 <0f> 0b 45 8b 43 10 41 8b 4b 0c 31 d2 e9 66 ff ff ff 31 d2 e9 5f 
[  244.594819] RIP  [<ffffffffc03774e0>] qxl_send_monitors_config+0x170/0x190 [qxl]
[  244.594819]  RSP <ffff88007b7b79c0>
[  244.594820] ---[ end trace 3e6e4bec988664e0 ]---

I have a i7-3770 (IvyBridge) CPU on the host, with kernel 3.17.2-desktop-4.mga5.

Version-Release number of selected component (if applicable):


How reproducible:

Always

Steps to Reproduce:
1. Create a new KVM VM using virt-manager
2. Change its video card to use the QXL model
3. Install Mageia
4. Start the VM
5. As soon as the X login screen appears, use the viewer menu to send an "Ctrl-Alt-F2" key combination to switch the VM VT
6. The VM will freeze with a garbled video display


Reproducible: 

Steps to Reproduce:
Comment 1 Theodoros Kalamatianos 2014-11-19 17:26:34 CET
A stock Fedora 20 installation that worked without a problem gave me the needed hint: it had no support for KMS with QXL. Adding "qxl.modeset=0" at the kernel command line of my Mageia VMs "fixed" the problem by disabling KMS.

At the moment I am not clear on what benefit is derived by using KMS on a VM, considering that the X11 QXL driver is capable of switching resolutions on its own. Sure, it would be best if the actual issue was corrected in the kernel, but for the time being perhaps the Mageia installer could add the "qxl.modeset=0" option by default?
Comment 2 Theodoros Kalamatianos 2014-11-19 17:49:54 CET
On both the Cauldron and Mageia 4.1 VMs running the following command as root:

# echo 'options qxl modeset=0' >> /etc/modprobe.d/qxl-no-kms.conf

and executing `dracut --force' to rebuild the initramfs seems to have fixed the issue permanently.

IMHO, this is a cleaner fix than adjusting the kernel command line. It means that we can fix this during a package update, and undo the fix easily once the QXL KMS driver has been fixed upstream.
Comment 3 claire robinson 2014-11-19 18:42:50 CET
Adding some CC's

Not really sure which way to assign this, maybe Thierry?

CC: (none) => oe, thierry.vignaud, tmb

claire robinson 2014-11-19 18:44:02 CET

CC: (none) => eeeemail

claire robinson 2014-11-19 18:44:22 CET

Whiteboard: (none) => MGA4TOO

Comment 4 Thierry Vignaud 2014-11-20 10:23:12 CET
There's a new version (xf86-video-qxl 0.1.3)
I'll push it to cauldron
Comment 5 Thierry Vignaud 2014-11-20 10:25:52 CET
In the mean time, while we can hope that the new driver doesn't use the same code pathes in the drm driver, the later needs to be fixed

Assignee: bugsquad => tmb
Source RPM: (none) => kernel, x11-driver-video-qxl

Comment 6 Christiaan Welvaart 2014-11-20 14:50:18 CET
VM still crashes with x11-driver-video-qxl 0.1.3 installed in the VM.

I have to add   -global qxl-vga.revision=4   to the qemu options to see this bug, maybe an OK workaround is to set that option to 3? Or disable the KMS fb driver in the guest instead.

CC: (none) => cjw

Comment 7 Samuel Verschelde 2015-05-20 00:34:29 CEST
Can I suppose this bug is still present in latest cauldron?

Keywords: (none) => NEEDINFO

Comment 8 Marja Van Waes 2016-08-26 11:43:22 CEST
Mass-reassigning all bugs with "kernel" in the Source RPM field that are assigned to tmb, to the kernel packagers group, because tmb is currently MIA.

Assignee: tmb => kernel

Comment 9 Thierry Vignaud 2016-08-26 11:50:03 CEST
This one is ol (no real activity since 2014) whereas cauldron qemu stack has been improved quite a lot this year.

Status: NEW => RESOLVED
Resolution: (none) => OLD


Note You need to log in before you can comment on or make changes to this bug.