On Di, 2016-11-08 at 22:37 +0200, Michael S. Tsirkin wrote:> On Mon, Nov 07, 2016 at 09:43:24AM +0100, Jiri Slaby wrote: > > Hi, > > > > I can relatively easily reproduce this bug:How?> > BUG: 'list_empty(&vgdev->free_vbufs)' is true!> The following might be helpful for debugging - if kernel still will > not stop panicing, we are looking at some kind > of memory corruption.Looking carefully through the code I think it isn't impossible to trigger this, but you need for that: (1) command queue full (quite possible), (2) cursor queue full too (unlikely), and (3) multiple threads trying to submit commands and waiting for free space in the command queue (possible with virgl enabled). Do things improve if you allocate some extra bufs? int virtio_gpu_alloc_vbufs(struct virtio_gpu_device *vgdev) { struct virtio_gpu_vbuffer *vbuf; - int i, size, count = 0; + int i, size, count = 16; void *ptr; INIT_LIST_HEAD(&vgdev->free_vbufs); Memory corruption sounds plausible too. Redirect console to ttyS0 for trouble-shooting, trying to dump the oops to the display device which triggered the oops in the first place isn't going to work very well ... cheers, Gerd
On 11/09/2016, 09:01 AM, Gerd Hoffmann wrote:> On Di, 2016-11-08 at 22:37 +0200, Michael S. Tsirkin wrote: >> On Mon, Nov 07, 2016 at 09:43:24AM +0100, Jiri Slaby wrote: >>> Hi, >>> >>> I can relatively easily reproduce this bug: > > How?Run dmesg -w in the qemu window (virtio_gpu) to see a lot of output. Run pps [1] without exit(0); on e.g. serial console. Wait a bit. The lot of output causes the BUG. [1] https://github.com/jirislaby/collected_sources/blob/master/pps.c>>> BUG: 'list_empty(&vgdev->free_vbufs)' is true! > >> The following might be helpful for debugging - if kernel still will >> not stop panicing, we are looking at some kind >> of memory corruption. > > Looking carefully through the code I think it isn't impossible to > trigger this, but you need for that: > > (1) command queue full (quite possible), > (2) cursor queue full too (unlikely), and > (3) multiple threads trying to submit commands and waiting for free > space in the command queue (possible with virgl enabled).I use -vga virtio with no -display option, so no virtgl, I suppose: [drm] virgl 3d acceleration not available> Do things improve if you allocate some extra bufs? > > int virtio_gpu_alloc_vbufs(struct virtio_gpu_device *vgdev) > { > struct virtio_gpu_vbuffer *vbuf; > - int i, size, count = 0; > + int i, size, count = 16;This seems to help. thanks, -- js suse labs
On Fr, 2016-11-11 at 17:28 +0100, Jiri Slaby wrote:> On 11/09/2016, 09:01 AM, Gerd Hoffmann wrote: > > On Di, 2016-11-08 at 22:37 +0200, Michael S. Tsirkin wrote: > >> On Mon, Nov 07, 2016 at 09:43:24AM +0100, Jiri Slaby wrote: > >>> Hi, > >>> > >>> I can relatively easily reproduce this bug: > > > > How? > > Run dmesg -w in the qemu window (virtio_gpu) to see a lot of output.fbcon? Or xorg/wayland with terminal app?> Run pps [1] without exit(0); on e.g. serial console. > Wait a bit. The lot of output causes the BUG. > > [1] https://github.com/jirislaby/collected_sources/blob/master/pps.c > > >>> BUG: 'list_empty(&vgdev->free_vbufs)' is true! > > > >> The following might be helpful for debugging - if kernel still will > >> not stop panicing, we are looking at some kind > >> of memory corruption. > > > > Looking carefully through the code I think it isn't impossible to > > trigger this, but you need for that: > > > > (1) command queue full (quite possible), > > (2) cursor queue full too (unlikely), and > > (3) multiple threads trying to submit commands and waiting for free > > space in the command queue (possible with virgl enabled). > > I use -vga virtio with no -display option, so no virtgl, I suppose: > [drm] virgl 3d acceleration not available > > > Do things improve if you allocate some extra bufs? > > > > int virtio_gpu_alloc_vbufs(struct virtio_gpu_device *vgdev) > > { > > struct virtio_gpu_vbuffer *vbuf; > > - int i, size, count = 0; > > + int i, size, count = 16; > > This seems to help. > > thanks,
On Fr, 2016-11-11 at 17:28 +0100, Jiri Slaby wrote:> On 11/09/2016, 09:01 AM, Gerd Hoffmann wrote: > > On Di, 2016-11-08 at 22:37 +0200, Michael S. Tsirkin wrote: > >> On Mon, Nov 07, 2016 at 09:43:24AM +0100, Jiri Slaby wrote: > >>> Hi, > >>> > >>> I can relatively easily reproduce this bug: > > > > How? > > Run dmesg -w in the qemu window (virtio_gpu) to see a lot of output. > Run pps [1] without exit(0); on e.g. serial console. > Wait a bit. The lot of output causes the BUG. > > [1] https://github.com/jirislaby/collected_sources/blob/master/pps.cDoesn't reproduce here. Running "while true; do dmesg; done" on the virtio-gpu fbcon. Running the pps fork bomb on the serial console. Can watch dmesg printing the kernel messages over and over, until the shell can't spawn dmesg any more due to the fork bomb hitting the process limit. No BUG() triggered. Tried spice, gtk and sdl. Hmm. Any ideas what else might be needed to reproduce it? cheers, Gerd