From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36122) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WVcoC-0000EW-PS for qemu-devel@nongnu.org; Thu, 03 Apr 2014 04:15:42 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WVco6-0006Cg-L8 for qemu-devel@nongnu.org; Thu, 03 Apr 2014 04:15:36 -0400 Received: from mail-bk0-f45.google.com ([209.85.214.45]:56460) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WVco5-0006CW-Tu for qemu-devel@nongnu.org; Thu, 03 Apr 2014 04:15:30 -0400 Received: by mail-bk0-f45.google.com with SMTP id na10so128929bkb.4 for ; Thu, 03 Apr 2014 01:15:28 -0700 (PDT) Message-ID: <533D18A7.3040100@m2r.biz> Date: Thu, 03 Apr 2014 10:15:35 +0200 From: Fabio Fantoni MIME-Version: 1.0 References: <533AD4BE.8080101@m2r.biz> <533AE841.1000606@redhat.com> <533BF0DB.70100@m2r.biz> <20140402160324.GD4563@perard.uk.xensource.com> In-Reply-To: <20140402160324.GD4563@perard.uk.xensource.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] Qemu 2.0 regression with xen: qemu crash on any domUs S.O. start List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Anthony PERARD Cc: xen-devel , Laszlo Ersek , "qemu-devel@nongnu.org" Il 02/04/2014 18:03, Anthony PERARD ha scritto: > On Wed, Apr 02, 2014 at 01:13:31PM +0200, Fabio Fantoni wrote: >>> - if you posted qemu's backtrace at the sigsegv. >> I tried to use gdb following this old post: >> https://lists.gnu.org/archive/html/qemu-devel/2011-12/msg02575.html >> but with same changes: >> >> /usr/lib/xen/bin# vi qemu-system-i386 >> #!/bin/sh >> exec gdbserver 0.0.0.0:1234 /usr/lib/xen/bin/qemu-system-i386.bak "$@" >> >> gdb /usr/lib/xen/bin/qemu-system-i386.bak >> target remote localhost:1234 >> >> This command with gdb on qemu fails: >> xl -vvv create /etc/xen/wheezy.cfg >> ... >> libxl: error: libxl_dm.c:1378:device_model_spawn_outcome: domain 13 device >> model: spawn failed (rc=-3) >> libxl: error: libxl_create.c:1207:domcreate_devmodel_started: device model >> did not start: -3 >> libxl: debug: libxl_dm.c:1485:kill_device_model: Device Model signaled >> ... >> >> the dom0 syslog show segfault also in this case and the qemu log is >> different on first lines (probably for gdbserver): >> less /var/log/xen/qemu-dm-wheezy.log >> Process /usr/lib/xen/bin/qemu-system-i386.bak created; pid = 8238 >> Listening on port 1234 >> Remote debugging from host 127.0.0.1 >> xc: error: linux_gnttab_set_max_grants: ioctl SET_MAX_GRANTS failed (22 = >> Invalid argument): Internal error >> xen be: qdisk-51712: xc_gnttab_set_max_grants failed: Invalid argument >> >> >> gdb on xl create show: >> (gdb) target remote localhost:1234 >> Remote debugging using localhost:1234 >> Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols >> found)...done. >> Loaded symbols for /lib64/ld-linux-x86-64.so.2 >> 0x00007ffff7dddaf0 in ?? () from /lib64/ld-linux-x86-64.so.2 >> (gdb) >> >> (gdb) bt full >> #0 0x00007ffff7dddaf0 in ?? () from /lib64/ld-linux-x86-64.so.2 >> No symbol table info available. >> #1 0x0000000000000013 in ?? () >> No symbol table info available. >> #2 0x00007fffffffe871 in ?? () >> No symbol table info available. >> #3 0x00007fffffffe897 in ?? () >> No symbol table info available. >> #4 0x00007fffffffe8a2 in ?? () >> No symbol table info available. >> #5 0x00007fffffffe8a5 in ?? () >> No symbol table info available. >> #6 0x00007fffffffe8ae in ?? () >> No symbol table info available. >> #7 0x00007fffffffe8ef in ?? () >> No symbol table info available. >> #8 0x00007fffffffe8f4 in ?? () >> No symbol table info available. >> #9 0x00007fffffffe913 in ?? () >> No symbol table info available. >> #10 0x00007fffffffe91f in ?? () >> No symbol table info available. >> #11 0x00007fffffffe92b in ?? () >> No symbol table info available. >> #12 0x00007fffffffe931 in ?? () >> ---Type to continue, or q to quit--- >> >> the qemu include debug and is not stripped: >> file /usr/lib/xen/bin/qemu-system-i386.bak >> /usr/lib/xen/bin/qemu-system-i386.bak: ELF 64-bit LSB shared object, x86-64, >> version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux >> 2.6.26, BuildID[sha1]=0x5aa043b5524d74d166ead62527343080384d586b, not >> stripped >> and I also tried: >> aptitude install libc6-dbg >> but same result. >> >> I not understand what I missed for correct xl create and/or gdb >> informations. >> Can someone help me please? > Using gdb on qemu is not easy, you need to be quick. > > When you "xl create", you have about 10 second to start gdb on qemu, > otherwise, xl will fail to create a guest. > > So I advise you to start "gdb /usr/lib/xen/bin/qemu-system-i386.bak" in > a second terminal, write "target remote localhost:1234" BUT not Enter, > to keep the command ready to run. > Then, start "xl create" and imediatly, run the "target" command in gdb > and "c" (for continue) which will start qemu. > > That should help you reach the point where you can get the backtrace, > after the segv. > Thanks for your reply. I following your istructions, after "c" xl create finish. gdb show: > (gdb) C > Continuing. > > Program received signal SIGSEGV, Segmentation fault. > 0x000055555584b4c1 in qemu_input_event_send (src=0x0, evt=0x55555630a420) > at ui/input.c:146 > 146 s->handler->event(s->dev, src, evt); > (gdb) bt full > #0 0x000055555584b4c1 in qemu_input_event_send (src=0x0, > evt=0x55555630a420) > at ui/input.c:146 > s = 0x0 > #1 0x000055555584baef in qemu_input_queue_rel (src=0x0, > axis=INPUT_AXIS_X, > value=1) at ui/input.c:272 > evt = 0x55555630a420 > #2 0x0000555555871043 in pointer_event (vs=0x55555630a4c0, > button_mask=0, > x=478, y=186) at ui/vnc.c:1531 > bmap = {1, 2, 4, 8, 16} > con = 0x0 > width = 640 > height = 480 > #3 0x0000555555872c00 in protocol_client_msg (vs=0x55555630a4c0, > data=0x5555562fe420 "\005", len=6) at ui/vnc.c:2139 > i = 1446028480 > limit = 22063 > vd = 0x7ffff7eb6010 > #4 0x0000555555870861 in vnc_client_read (opaque=0x55555630a4c0) > at ui/vnc.c:1389 > len = 6 > ret = 6 > vs = 0x55555630a4c0 > ret = 6 > #5 0x00005555557cd5cc in qemu_iohandler_poll (pollfds=0x5555562e6a00, > ret=1) > at iohandler.c:143 > ---Type to continue, or q to quit--- > revents = 1 > pioh = 0x5555562fa780 > ioh = 0x5555562f5560 > #6 0x00005555557ce678 in main_loop_wait (nonblocking=0) at > main-loop.c:485 > ret = 1 > timeout = 4294967295 > timeout_ns = 79570735 > #7 0x000055555587a070 in main_loop () at vl.c:2051 > nonblocking = false > last_io = 1 > #8 0x0000555555881a4a in main (argc=19, argv=0x7fffffffe5f8, > envp=0x7fffffffe698) at vl.c:4507 > i = 64 > snapshot = 0 > linux_boot = 0 > icount_option = 0x0 > initrd_filename = 0x0 > kernel_filename = 0x0 > kernel_cmdline = 0x555555a1a464 "" > boot_order = 0x0 > ds = 0x5555562f34a0 > cyls = 0 > heads = 0 > secs = 0 > translation = 0 > ---Type to continue, or q to quit--- > hda_opts = 0x0 > opts = 0x0 > machine_opts = 0x5555562e6600 > olist = 0x555555dffe00 > optind = 19 > optarg = 0x7fffffffe969 "1025" > loadvm = 0x0 > machine_class = 0x5555562d6d50 > machine = 0x555555e0d2c0 > cpu_model = 0x0 > vga_model = 0x0 > qtest_chrdev = 0x0 > qtest_log = 0x0 > pid_file = 0x0 > incoming = 0x0 > show_vnc_port = 0 > defconfig = true > userconfig = true > log_mask = 0x0 > log_file = 0x0 > mem_trace = {malloc = 0x55555587d902 , > realloc = 0x55555587d95a , > free = 0x55555587d9c1 , calloc = 0, > try_malloc = 0, > try_realloc = 0} > trace_events = 0x0 > ---Type to continue, or q to quit--- > trace_file = 0x0 > __func__ = "main" > args = {machine = 0x555555e0d2c0, ram_size = 1074790400, > boot_order = 0x0, kernel_filename = 0x0, > kernel_cmdline = 0x555555a1a464 "", initrd_filename = 0x0, > cpu_model = 0x0} > (gdb) Seems that do segfault when I connect to vnc or spice, in the test of this backtrace after connect to vnc, spice and other things of my patches are disabled, so do not think it is a problem caused by my patches. From mboxrd@z Thu Jan 1 00:00:00 1970 From: Fabio Fantoni Subject: Re: Qemu 2.0 regression with xen: qemu crash on any domUs S.O. start Date: Thu, 03 Apr 2014 10:15:35 +0200 Message-ID: <533D18A7.3040100@m2r.biz> References: <533AD4BE.8080101@m2r.biz> <533AE841.1000606@redhat.com> <533BF0DB.70100@m2r.biz> <20140402160324.GD4563@perard.uk.xensource.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20140402160324.GD4563@perard.uk.xensource.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+gceq-qemu-devel=gmane.org@nongnu.org Sender: qemu-devel-bounces+gceq-qemu-devel=gmane.org@nongnu.org To: Anthony PERARD Cc: xen-devel , Laszlo Ersek , "qemu-devel@nongnu.org" List-Id: xen-devel@lists.xenproject.org Il 02/04/2014 18:03, Anthony PERARD ha scritto: > On Wed, Apr 02, 2014 at 01:13:31PM +0200, Fabio Fantoni wrote: >>> - if you posted qemu's backtrace at the sigsegv. >> I tried to use gdb following this old post: >> https://lists.gnu.org/archive/html/qemu-devel/2011-12/msg02575.html >> but with same changes: >> >> /usr/lib/xen/bin# vi qemu-system-i386 >> #!/bin/sh >> exec gdbserver 0.0.0.0:1234 /usr/lib/xen/bin/qemu-system-i386.bak "$@" >> >> gdb /usr/lib/xen/bin/qemu-system-i386.bak >> target remote localhost:1234 >> >> This command with gdb on qemu fails: >> xl -vvv create /etc/xen/wheezy.cfg >> ... >> libxl: error: libxl_dm.c:1378:device_model_spawn_outcome: domain 13 device >> model: spawn failed (rc=-3) >> libxl: error: libxl_create.c:1207:domcreate_devmodel_started: device model >> did not start: -3 >> libxl: debug: libxl_dm.c:1485:kill_device_model: Device Model signaled >> ... >> >> the dom0 syslog show segfault also in this case and the qemu log is >> different on first lines (probably for gdbserver): >> less /var/log/xen/qemu-dm-wheezy.log >> Process /usr/lib/xen/bin/qemu-system-i386.bak created; pid = 8238 >> Listening on port 1234 >> Remote debugging from host 127.0.0.1 >> xc: error: linux_gnttab_set_max_grants: ioctl SET_MAX_GRANTS failed (22 = >> Invalid argument): Internal error >> xen be: qdisk-51712: xc_gnttab_set_max_grants failed: Invalid argument >> >> >> gdb on xl create show: >> (gdb) target remote localhost:1234 >> Remote debugging using localhost:1234 >> Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols >> found)...done. >> Loaded symbols for /lib64/ld-linux-x86-64.so.2 >> 0x00007ffff7dddaf0 in ?? () from /lib64/ld-linux-x86-64.so.2 >> (gdb) >> >> (gdb) bt full >> #0 0x00007ffff7dddaf0 in ?? () from /lib64/ld-linux-x86-64.so.2 >> No symbol table info available. >> #1 0x0000000000000013 in ?? () >> No symbol table info available. >> #2 0x00007fffffffe871 in ?? () >> No symbol table info available. >> #3 0x00007fffffffe897 in ?? () >> No symbol table info available. >> #4 0x00007fffffffe8a2 in ?? () >> No symbol table info available. >> #5 0x00007fffffffe8a5 in ?? () >> No symbol table info available. >> #6 0x00007fffffffe8ae in ?? () >> No symbol table info available. >> #7 0x00007fffffffe8ef in ?? () >> No symbol table info available. >> #8 0x00007fffffffe8f4 in ?? () >> No symbol table info available. >> #9 0x00007fffffffe913 in ?? () >> No symbol table info available. >> #10 0x00007fffffffe91f in ?? () >> No symbol table info available. >> #11 0x00007fffffffe92b in ?? () >> No symbol table info available. >> #12 0x00007fffffffe931 in ?? () >> ---Type to continue, or q to quit--- >> >> the qemu include debug and is not stripped: >> file /usr/lib/xen/bin/qemu-system-i386.bak >> /usr/lib/xen/bin/qemu-system-i386.bak: ELF 64-bit LSB shared object, x86-64, >> version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux >> 2.6.26, BuildID[sha1]=0x5aa043b5524d74d166ead62527343080384d586b, not >> stripped >> and I also tried: >> aptitude install libc6-dbg >> but same result. >> >> I not understand what I missed for correct xl create and/or gdb >> informations. >> Can someone help me please? > Using gdb on qemu is not easy, you need to be quick. > > When you "xl create", you have about 10 second to start gdb on qemu, > otherwise, xl will fail to create a guest. > > So I advise you to start "gdb /usr/lib/xen/bin/qemu-system-i386.bak" in > a second terminal, write "target remote localhost:1234" BUT not Enter, > to keep the command ready to run. > Then, start "xl create" and imediatly, run the "target" command in gdb > and "c" (for continue) which will start qemu. > > That should help you reach the point where you can get the backtrace, > after the segv. > Thanks for your reply. I following your istructions, after "c" xl create finish. gdb show: > (gdb) C > Continuing. > > Program received signal SIGSEGV, Segmentation fault. > 0x000055555584b4c1 in qemu_input_event_send (src=0x0, evt=0x55555630a420) > at ui/input.c:146 > 146 s->handler->event(s->dev, src, evt); > (gdb) bt full > #0 0x000055555584b4c1 in qemu_input_event_send (src=0x0, > evt=0x55555630a420) > at ui/input.c:146 > s = 0x0 > #1 0x000055555584baef in qemu_input_queue_rel (src=0x0, > axis=INPUT_AXIS_X, > value=1) at ui/input.c:272 > evt = 0x55555630a420 > #2 0x0000555555871043 in pointer_event (vs=0x55555630a4c0, > button_mask=0, > x=478, y=186) at ui/vnc.c:1531 > bmap = {1, 2, 4, 8, 16} > con = 0x0 > width = 640 > height = 480 > #3 0x0000555555872c00 in protocol_client_msg (vs=0x55555630a4c0, > data=0x5555562fe420 "\005", len=6) at ui/vnc.c:2139 > i = 1446028480 > limit = 22063 > vd = 0x7ffff7eb6010 > #4 0x0000555555870861 in vnc_client_read (opaque=0x55555630a4c0) > at ui/vnc.c:1389 > len = 6 > ret = 6 > vs = 0x55555630a4c0 > ret = 6 > #5 0x00005555557cd5cc in qemu_iohandler_poll (pollfds=0x5555562e6a00, > ret=1) > at iohandler.c:143 > ---Type to continue, or q to quit--- > revents = 1 > pioh = 0x5555562fa780 > ioh = 0x5555562f5560 > #6 0x00005555557ce678 in main_loop_wait (nonblocking=0) at > main-loop.c:485 > ret = 1 > timeout = 4294967295 > timeout_ns = 79570735 > #7 0x000055555587a070 in main_loop () at vl.c:2051 > nonblocking = false > last_io = 1 > #8 0x0000555555881a4a in main (argc=19, argv=0x7fffffffe5f8, > envp=0x7fffffffe698) at vl.c:4507 > i = 64 > snapshot = 0 > linux_boot = 0 > icount_option = 0x0 > initrd_filename = 0x0 > kernel_filename = 0x0 > kernel_cmdline = 0x555555a1a464 "" > boot_order = 0x0 > ds = 0x5555562f34a0 > cyls = 0 > heads = 0 > secs = 0 > translation = 0 > ---Type to continue, or q to quit--- > hda_opts = 0x0 > opts = 0x0 > machine_opts = 0x5555562e6600 > olist = 0x555555dffe00 > optind = 19 > optarg = 0x7fffffffe969 "1025" > loadvm = 0x0 > machine_class = 0x5555562d6d50 > machine = 0x555555e0d2c0 > cpu_model = 0x0 > vga_model = 0x0 > qtest_chrdev = 0x0 > qtest_log = 0x0 > pid_file = 0x0 > incoming = 0x0 > show_vnc_port = 0 > defconfig = true > userconfig = true > log_mask = 0x0 > log_file = 0x0 > mem_trace = {malloc = 0x55555587d902 , > realloc = 0x55555587d95a , > free = 0x55555587d9c1 , calloc = 0, > try_malloc = 0, > try_realloc = 0} > trace_events = 0x0 > ---Type to continue, or q to quit--- > trace_file = 0x0 > __func__ = "main" > args = {machine = 0x555555e0d2c0, ram_size = 1074790400, > boot_order = 0x0, kernel_filename = 0x0, > kernel_cmdline = 0x555555a1a464 "", initrd_filename = 0x0, > cpu_model = 0x0} > (gdb) Seems that do segfault when I connect to vnc or spice, in the test of this backtrace after connect to vnc, spice and other things of my patches are disabled, so do not think it is a problem caused by my patches.