Bug 69511

Summary: BUG at drivers/gpu/drm/qxl/qxl_display.c:472
Product: Drivers Reporter: Ingo Theiss (ingo.theiss)
Component: Video(DRI - non Intel)Assignee: drivers_video-dri
Status: NEW ---    
Severity: normal    
Priority: P1    
Hardware: x86-64   
OS: Linux   
Kernel Version: 3.13.0 Subsystem:
Regression: No Bisected commit-id:

Description Ingo Theiss 2014-01-27 11:57:41 UTC 
When I issue an 'init 6' or shutdown in my qemu vm nothing happens and I can see the following message in dmesg.

[ 4981.573373] ------------[ cut here ]------------
[ 4981.573374] kernel BUG at drivers/gpu/drm/qxl/qxl_display.c:472!
[ 4981.573376] invalid opcode: 0000 [#1] SMP 
[ 4981.573391] Modules linked in: ppdev lp uinput pci_stub nfsd auth_rpcgss oid_registry nfs_acl nfs lockd fscache sunrpc fuse snd_hda_codec_hdmi snd_hda_codec_realtek crct10dif_pclmul crct10dif_common crc32_pclmul crc32c_intel ghash_clmulni_intel snd_hda_intel nvidia(PO) snd_hda_codec aesni_intel snd_hwdep aes_x86_64 lrw snd_pcm gf128mul snd_page_alloc glue_helper ablk_helper cryptd snd_seq snd_seq_device snd_timer qxl ttm snd psmouse parport_pc drm_kms_helper i2c_i801 serio_raw microcode evdev pcspkr drm soundcore processor parport virtio_console lpc_ich button i2c_core thermal_sys ext4 crc16 jbd2 mbcache virtio_blk ahci libahci libata scsi_mod floppy virtio_pci virtio_ring virtio e1000 [last unloaded: vboxdrv]
[ 4981.573393] CPU: 0 PID: 2562 Comm: Xorg Tainted: P           O 3.13.0-spoc #1
[ 4981.573394] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS Bochs 01/01/2011
[ 4981.573394] task: ffff880244390010 ti: ffff88024447a000 task.ti: ffff88024447a000
[ 4981.573399] RIP: 0010:[<ffffffffa02aea6d>]  [<ffffffffa02aea6d>] qxl_send_monitors_config+0x12/0xa4 [qxl]
[ 4981.573400] RSP: 0018:ffff88024447bab0  EFLAGS: 00010246
[ 4981.573400] RAX: ffffc90010e04000 RBX: ffff88024221a400 RCX: ffffffffa02b5e60
[ 4981.573401] RDX: ffffffffa02b5510 RSI: ffffc90000c5c01c RDI: ffff880244e1a000
[ 4981.573401] RBP: ffff880036e99b58 R08: 0000000000000001 R09: 0000000000000000
[ 4981.573401] R10: ffff880036e99af8 R11: ffff880243cafa40 R12: ffffffffa02b56b0
[ 4981.573402] R13: 0000000000000000 R14: 0000000000000001 R15: ffff88024447bc18
[ 4981.573403] FS:  00007ff1b4ff9980(0000) GS:ffff88024fc00000(0000) knlGS:0000000000000000
[ 4981.573403] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4981.573403] CR2: 00007ff1b5b258e8 CR3: 0000000244122000 CR4: 00000000001407f0
[ 4981.573407] Stack:
[ 4981.573409]  ffffc90000c5c01c ffffffffa0160236 ffff880242220db8 0000000000000000
[ 4981.573410]  ffff880036e99800 ffffffffa0160c75 ffff880200000004 ffff880200000000
[ 4981.573411]  ffffffff00000000 ffff88024260e600 ffff8802428f1000 ffff880036e99af8
[ 4981.573411] Call Trace:
[ 4981.573414]  [<ffffffffa0160236>] ? drm_helper_disable_unused_functions+0xc8/0xed [drm_kms_helper]
[ 4981.573417]  [<ffffffffa0160c75>] ? drm_crtc_helper_set_config+0x18a/0x838 [drm_kms_helper]
[ 4981.573425]  [<ffffffffa01dd659>] ? drm_mode_set_config_internal+0x44/0xac [drm]
[ 4981.573427]  [<ffffffffa016397b>] ? drm_fb_helper_set_par+0x55/0x6da [drm_kms_helper]
[ 4981.573437]  [<ffffffff81218488>] ? fb_set_var+0x250/0x33b
[ 4981.573441]  [<ffffffffa00bc655>] ? jbd_lock_bh_journal_head+0x11/0x25 [jbd2]
[ 4981.573444]  [<ffffffffa00be47c>] ? jbd2_journal_put_journal_head+0x10a/0x10f [jbd2]
[ 4981.573446]  [<ffffffffa00b6b49>] ? jbd2_journal_dirty_metadata+0x1ba/0x1d5 [jbd2]
[ 4981.573449]  [<ffffffff812211e3>] ? fbcon_blank+0x75/0x1c0
[ 4981.573452]  [<ffffffffa00be36c>] ? jbd2_journal_grab_journal_head+0x2d/0x33 [jbd2]
[ 4981.573457]  [<ffffffff8127fe73>] ? do_unblank_screen+0xd8/0x144
[ 4981.573458]  [<ffffffff812785ca>] ? vt_ioctl+0x4d6/0xf2c
[ 4981.573467]  [<ffffffff81137701>] ? __inode_wait_for_writeback+0x6c/0xaa
[ 4981.573468]  [<ffffffff81270830>] ? tty_ioctl+0x8f7/0x95d
[ 4981.573472]  [<ffffffff81107e19>] ? kmem_cache_free+0x3c/0x72
[ 4981.573474]  [<ffffffff8112980c>] ? dentry_kill+0x1b2/0x1ca
[ 4981.573475]  [<ffffffff81126d0d>] ? do_vfs_ioctl+0x350/0x41b
[ 4981.573477]  [<ffffffff8112fa3f>] ? mntput_no_expire+0x15/0x100
[ 4981.573481]  [<ffffffff8105ad37>] ? task_work_run+0x7d/0x8c
[ 4981.573482]  [<ffffffff81126e26>] ? SyS_ioctl+0x4e/0x7b
[ 4981.573488]  [<ffffffff813bbbb9>] ? system_call_fastpath+0x16/0x1b
[ 4981.573495] Code: e8 43 97 e5 e0 48 89 ef e8 29 f7 ff ff 31 ff 5b 5d 41 5c 48 89 f8 41 5d c3 56 48 8b 87 38 07 00 00 48 83 b8 dc 14 00 00 00 75 02 <0f> 0b 48 8b 4f 68 66 8b 01 66 85 c0 74 08 31 d2 44 0f b7 c0 eb 
[ 4981.573498] RIP  [<ffffffffa02aea6d>] qxl_send_monitors_config+0x12/0xa4 [qxl]
[ 4981.573498]  RSP <ffff88024447bab0>
[ 4981.573499] ---[ end trace d240c5351e4cc641 ]---

I start qemu with the following parameters (if that matters):

qemu-system-x86_64 -name ltsp -nographic -enable-kvm -M q35 -m 8192 -cpu host -smp 8,sockets=1,cores=4,threads=2 -bios /usr/share/qemu/bios.bin -boot menu=on -device ioh3420,bus=pcie.0,addr=1c.0,multifunction=on,port=1,chassis=1,id=root.1 -device vfio-pci,host=01:00.0,bus=root.1,addr=00.0,multifunction=on,x-vga=on -device vfio-pci,host=01:00.1,bus=root.1,addr=00.1 -device vfio-pci,host=00:1b.0,id=audio -drive if=none,id=drive0,cache=none,aio=native,format=raw,file=/dev/sdc -device virtio-blk-pci,drive=drive0,scsi=off,x-data-plane=on,config-wce=off -device virtio-serial-pci -device virtserialport,chardev=spicechannel0,name=com.redhat.spice.0 -chardev spicevmc,id=spicechannel0,name=vdagent -monitor telnet:localhost:7100,server,nowait,nodelay -net nic,vlan=0 -net tap,vlan=0,ifname=tap0,script=/etc/qemu-ifup -vga qxl -spice port=5900,disable-ticketing

Everything is working fine (even the vga passthough) except I am unable to shut down the vm normaly.