Skip to content

qemu typically crashes running web.basemark.com through chromium - assertion "view->context == st->pipe"

Probably related to #98 (closed), #103 (closed), and #110 (closed). Hopefully a near instantaneous and quite reliable reproducer for those.

Host and guest are up to date Arch Linux. mesa 19.1.2, virglrenderer 0.7.0, qemu 4.0.0, linux 5.2. First time really trying out virtio-gpu. Sapphire/AMD Radeon RX Vega 64.

First thing I did with it was try http://web.basemark.com in the freshly installed guest, in Firefox 68.0. It ran fine.

I then tried it in Chromium 75.0.3770.100, and it crashed with:

31094 Segmentation fault (core dumped) /usr/bin/qemu-system-x86_64 -nographic -pidfile /tmp/vm_virtio.pid -no-user-config -nodefaults -name virtio,process=qemu:virtio -uuid 8b0bc38a-5bd2-4ea8-b025-766d93d3b7b5 -machine q35,accel=kvm,vmport=off,dump-guest-core=off -cpu SandyBridge-IBRS -smp cpus=4,cores=2,threads=1,sockets=2 -m 4G -drive if=pflash,format=raw,readonly,file=/usr/share/ovmf/x64/OVMF_CODE.fd -drive if=pflash,format=raw,readonly,file=/var/qemu/efivars/vm_virtio.fd -monitor telnet:localhost:8008,server,nowait,nodelay -spice unix,addr=/tmp/spice.virtio.sock,disable-ticketing,gl=on -device ioh3420,id=pcie.1,bus=pcie.0,slot=0 -device ioh3420,id=pcie.2,bus=pcie.0,slot=1 -device virtio-vga,bus=pcie.1,addr=0 -device qemu-xhci,id=xhci -device usb-tablet,bus=xhci.0 -netdev bridge,id=network0,br=br0 -device virtio-net-pci,netdev=network0,mac=52:08:c6:2b:f1:33,bus=pcie.0,addr=6 -drive driver=raw,node-name=hd0,file=/dev/lvm/vm_virtio,if=none,discard=unmap -device virtio-blk-pci,drive=hd0,bus=pcie.2,addr=0,bootindex=0

I found it crashes somewhere around 75% of the time in test 6 of 20 through the GPU benchmark at http://web.bashmark.com, in Chromium only. The few times it passes test 6, if I restart the test, it crashes.

I built and installed a debug version of QEMU, and attached GDB, which showed:

0x00007f97a61f26ed in ?? () from /usr/lib/dri/radeonsi_dri.so
...
Couldn't get registers: No such process.
...
Program terminated with signal SIGSEV, Segmentation fault.
The program no longer exists.

So, I didn't get a backtrace here.

I built and installed a debug version of mesa, and attached GDB, which showed:

0x00007fd90e9f4755 in raise () from /usr/lib/libc.so.6
...
Couldn't get registers: No such process.
...
Program terminated with signal SIGSEV, Segmentation fault.
The program no longer exists.

So, again no backtrace here. But, the terminal running qemu did show the same assertion failure as #98 (closed), #103 (closed), and #110 (closed).

qemu-system-x86_64: ../mesa-19.1.2/src/mesa/state_tracker/st_context.c:280: st_save_zombie_sampler_view: Assertion 'view->context == st->pipe' failed.

I'm surprised that QEMU/debug and mesa/release points to crashing in radeonsi_dri.so, and when I switch to mesa/debug it points to crashing in libc.so.6. I ran this a few more times, to see it consistently now gives libc.so.6. And it does, but (to me at least) randomly it left qemu running the last time after it crashed, and gave the same assertion failure, which let me get a backtrace.

I see some level of optimization still occurred compiling my debug versions, since there are a few variables optimized out.

0x00007fb191e68755 in raise () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007fb191e68755 in raise () at /usr/lib/libc.so.6
#1  0x00007fb191e53851 in abort () at /usr/lib/libc.so.6
#2  0x00007fb191e53727 in _nl_load_domain.cold () at /usr/lib/libc.so.6
#3  0x00007fb191e61026 in  () at /usr/lib/libc.so.6
#4  0x00007fb18e7f310c in st_save_zombie_sampler_view (st=<optimized out>, view=<optimized out>) at ../mesa-19.1.2/include/c11/threads_posix.h:274
#5  0x00007fb18e726709 in st_texture_release_all_sampler_views (st=st@entry=0x7fb06f0b8400, stObj=stObj@entry=0x7fb06b235a00)
    at ../mesa-19.1.2/src/mesa/state_tracker/st_sampler_view.c:233
#6  0x00007fb18e726ebb in st_texture_release_all_sampler_views (stObj=0x7fb06b235a00, st=0x7fb06f0b8400)
    at ../mesa-19.1.2/src/mesa/state_tracker/st_sampler_view.c:221
#7  0x00007fb18e726ebb in st_delete_texture_sampler_views (st=st@entry=0x7fb06f0b8400, stObj=stObj@entry=0x7fb06b235a00)
    at ../mesa-19.1.2/src/mesa/state_tracker/st_sampler_view.c:253
#8  0x00007fb18e711326 in st_DeleteTextureObject (ctx=0x7fb06c021240, texObj=0x7fb06b235a00) at ../mesa-19.1.2/src/mesa/state_tracker/st_cb_texture.c:190
#9  0x00007fb18e6b7a68 in _mesa_reference_texobj_ (ptr=ptr@entry=0x7fb06c024600, tex=tex@entry=0x7fb038264d00) at ../mesa-19.1.2/src/mesa/main/texobj.c:582
#10 0x00007fb18e6b8050 in _mesa_reference_texobj (tex=0x7fb038264d00, ptr=0x7fb06c024600) at ../mesa-19.1.2/src/mesa/main/texobj.h:94
#11 0x00007fb18e6b8050 in bind_texture_object (ctx=0x7fb06c021240, unit=0, texObj=0x7fb038264d00) at ../mesa-19.1.2/src/mesa/main/texobj.c:1691
#12 0x00007fb19381f7de in vrend_renderer_blit_gl () at /usr/lib/libvirglrenderer.so.0
#13 0x00007fb1938047d8 in vrend_renderer_blit () at /usr/lib/libvirglrenderer.so.0
#14 0x00007fb19381d322 in vrend_decode_block () at /usr/lib/libvirglrenderer.so.0
#15 0x000055ea5b39c778 in virgl_cmd_submit_3d (cmd=0x7fb06c2a7a80, g=0x7fb06e2f74b0) at /build/qemu-debug/src/qemu-4.0.0/hw/display/virtio-gpu-3d.c:217
--Type <RET> for more, q to quit, c to continue without paging--
#16 0x000055ea5b39c778 in virtio_gpu_virgl_process_cmd (g=g@entry=0x7fb06e2f74b0, cmd=cmd@entry=0x7fb06c2a7a80)
    at /build/qemu-debug/src/qemu-4.0.0/hw/display/virtio-gpu-3d.c:422
#17 0x000055ea5b399aa4 in virtio_gpu_process_cmdq (g=g@entry=0x7fb06e2f74b0) at /build/qemu-debug/src/qemu-4.0.0/hw/display/virtio-gpu.c:938
#18 0x000055ea5b39b2b4 in virtio_gpu_handle_ctrl (vq=0x7fb06e459940, vdev=<optimized out>) at /build/qemu-debug/src/qemu-4.0.0/hw/display/virtio-gpu.c:986
#19 0x000055ea5b39b2b4 in virtio_gpu_ctrl_bh (opaque=<optimized out>) at /build/qemu-debug/src/qemu-4.0.0/hw/display/virtio-gpu.c:998
#20 0x000055ea5b7599de in aio_bh_poll (ctx=ctx@entry=0x7fb19048ac40) at /build/qemu-debug/src/qemu-4.0.0/util/async.c:118
#21 0x000055ea5b75d352 in aio_dispatch (ctx=0x7fb19048ac40) at /build/qemu-debug/src/qemu-4.0.0/util/aio-posix.c:460
#22 0x000055ea5b7598af in aio_ctx_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>)
    at /build/qemu-debug/src/qemu-4.0.0/util/async.c:261
#23 0x00007fb1936c7cf4 in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0
#24 0x000055ea5b75c309 in glib_pollfds_poll () at /build/qemu-debug/src/qemu-4.0.0/util/main-loop.c:213
#25 0x000055ea5b75c309 in os_host_main_loop_wait (timeout=<optimized out>) at /build/qemu-debug/src/qemu-4.0.0/util/main-loop.c:236
#26 0x000055ea5b75c309 in main_loop_wait (nonblocking=<optimized out>) at /build/qemu-debug/src/qemu-4.0.0/util/main-loop.c:512
#27 0x000055ea5b485503 in main_loop () at /build/qemu-debug/src/qemu-4.0.0/vl.c:1970
#28 0x000055ea5b2e0abd in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /build/qemu-debug/src/qemu-4.0.0/vl.c:4604

I'll leave the crashed instance of qemu running and the gdb attached to it until at least later today, in case gathering any additional information from it is helpful, since I'm not sure what caused it to remain in this state of the crashed qemu still existing, or how to get back here.

Feel free to ask me to run diagnostics, just give me the steps.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information