[Qemu-devel] qemu-fast 0.6.0 hanging...

[Qemu-devel] qemu-fast 0.6.0 hanging...

[Damien Mascord]

Hi,

I am trying to get qemu 0.6.0 running on Debian testing, running vanilla 
2.4.26 kernel.

If I use the qemu 0.6.0 binaries from the qemu website, qemu-fast and 
qemu binaries do in fact load the kernel as expected, though both hang 
upon shutdown.

Though, if I compile the 0.6.0 from source on the host itself, I see the 
following behaviour:

If I run qemu without the "-fast" affix, then it will load the 
linux-test image (as provided on the qemu website), though on shutdown, 
it hangs and uses 99-100% CPU.

If I run qemu-fast, then it hangs on startup, and uses 99-100% CPU 
straight away.

I am using gcc (GCC) 3.3.4 (Debian 1:3.3.4-3), with libc6 2.3.2.

I am compiling with the following options:

CFLAGS="-Wall -g -O2" ./configure --target-list="i386-user i386 
i386-softmmu arm-user sparc-user ppc-user ppc-softmmu" --prefix=/usr 
--enable-slirp
Install prefix    /usr
BIOS directory    /usr/share/qemu
binary directory  /usr/bin
Manual directory  /usr/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path       /home/tusker/qemu-0.6.0
C compiler        gcc
make              make
host CPU          i386
host big endian   no
target list       i386-user i386 i386-softmmu arm-user sparc-user 
ppc-user ppc-softmmu
gprof enabled     no
static build      no
SDL support       yes
SDL static link   yes
mingw32 support   no

If I change the -O2 to -O0, it fails to compile.  If I change to -O1 it 
compiles correctly, though still behaves like -O2. (ie, hangs on startup 
for qemu-fast, hangs on shutdown for qemu.)

The compile error for -O0 is as follows:

gcc -Wall -g -O0 -fno-strict-aliasing -fomit-frame-pointer -I. 
-I/home/tusker/qemu-0.6.0/target-i386 -I/home/tusker/qemu-0.6.0 
-I/home/tusker/qemu-0.6.0/linux-user 
-I/home/tusker/qemu-0.6.0/linux-user/i386 -D_GNU_SOURCE 
-I/home/tusker/qemu-0.6.0/slirp -c -o cpu-exec.o 
/home/tusker/qemu-0.6.0/cpu-exec.c
/home/tusker/qemu-0.6.0/exec-all.h: In function `testandset':
/home/tusker/qemu-0.6.0/exec-all.h:413: error: can't find a register in 
class `GENERAL_REGS' while reloading `asm'
make[2]: *** [cpu-exec.o] Error 1
make[2]: Leaving directory `/home/tusker/qemu-0.6.0/i386-user'
make[1]: *** [all] Error 1
make[1]: Leaving directory `/home/tusker/qemu-0.6.0'
make: *** [build-stamp] Error 2

Is there an easy way to debug what is going wrong here?

According to the user documention, attaching with gdb, and then issueing 
a few commands through gdb should help, but I'm not very familiar with 
gdb... :)

For interest sake, here is the following when normal qemu is shutting down:

1) On the console it says:

flushing ide devices: hda hdc
Restarting system.

2) gdb 'info reg' shows:
eax            0x909d   37021
ecx            0x30001  196609
edx            0x80     128
ebx            0x80     128
esp            0x8ff8   0x8ff8
ebp            0x0      0x0
esi            0x9d     157
edi            0xffe4   65508
eip            0xff53   0xff53
eflags         0x86     134
cs             0xf000   61440
ss             0x9000   36864
ds             0x9000   36864
es             0x9000   36864
fs             0x9000   36864
gs             0x9000   36864

3) gdb 'x/10i $eip' shows:
0xff53: (bad)
0xff54: jbe    0xff55
0xff56: add    %al,(%eax)
0xff58: aad    $0x3
0xff5a: outsb  %ds:(%esi),(%dx)
0xff5b: call   *%ebp
0xff5d: aas
0xff5e: aad    $0x3
0xff60: push   %eax
0xff61: add    %dl,%ah

For the qemu-fast binary, gdb can't seem to attach to anything, and the 
following message comes up:

Interrupted while waiting for the program.
Give up (and stop debugging it)? (y or n) n


Is there anything I can do to work out what is going on ?

Damien

-- 
Damien Mascord (tusker at tusker dot org)
GPG key 2CB181BE / 93B2 EF21 0C7C F022 F467  7966 219E 92B3 2CB1 81BE

Re: [Qemu-devel] qemu-fast 0.6.0 hanging... [follow up in case this email got lost...]

[Damien Mascord]

Damien Mascord wrote:

> Hi,
> 
> I am trying to get qemu 0.6.0 running on Debian testing, running vanilla 
> 2.4.26 kernel.
> 
> If I use the qemu 0.6.0 binaries from the qemu website, qemu-fast and 
> qemu binaries do in fact load the kernel as expected, though both hang 
> upon shutdown.
> 
> Though, if I compile the 0.6.0 from source on the host itself, I see the 
> following behaviour:
> 
> If I run qemu without the "-fast" affix, then it will load the 
> linux-test image (as provided on the qemu website), though on shutdown, 
> it hangs and uses 99-100% CPU.
> 
> If I run qemu-fast, then it hangs on startup, and uses 99-100% CPU 
> straight away.
> 
> I am using gcc (GCC) 3.3.4 (Debian 1:3.3.4-3), with libc6 2.3.2.
> 
> I am compiling with the following options:
> 
> CFLAGS="-Wall -g -O2" ./configure --target-list="i386-user i386 
> i386-softmmu arm-user sparc-user ppc-user ppc-softmmu" --prefix=/usr 
> --enable-slirp
> Install prefix    /usr
> BIOS directory    /usr/share/qemu
> binary directory  /usr/bin
> Manual directory  /usr/share/man
> ELF interp prefix /usr/gnemul/qemu-%M
> Source path       /home/tusker/qemu-0.6.0
> C compiler        gcc
> make              make
> host CPU          i386
> host big endian   no
> target list       i386-user i386 i386-softmmu arm-user sparc-user 
> ppc-user ppc-softmmu
> gprof enabled     no
> static build      no
> SDL support       yes
> SDL static link   yes
> mingw32 support   no
> 
> If I change the -O2 to -O0, it fails to compile.  If I change to -O1 it 
> compiles correctly, though still behaves like -O2. (ie, hangs on startup 
> for qemu-fast, hangs on shutdown for qemu.)
> 
> The compile error for -O0 is as follows:
> 
> gcc -Wall -g -O0 -fno-strict-aliasing -fomit-frame-pointer -I. 
> -I/home/tusker/qemu-0.6.0/target-i386 -I/home/tusker/qemu-0.6.0 
> -I/home/tusker/qemu-0.6.0/linux-user 
> -I/home/tusker/qemu-0.6.0/linux-user/i386 -D_GNU_SOURCE 
> -I/home/tusker/qemu-0.6.0/slirp -c -o cpu-exec.o 
> /home/tusker/qemu-0.6.0/cpu-exec.c
> /home/tusker/qemu-0.6.0/exec-all.h: In function `testandset':
> /home/tusker/qemu-0.6.0/exec-all.h:413: error: can't find a register in 
> class `GENERAL_REGS' while reloading `asm'
> make[2]: *** [cpu-exec.o] Error 1
> make[2]: Leaving directory `/home/tusker/qemu-0.6.0/i386-user'
> make[1]: *** [all] Error 1
> make[1]: Leaving directory `/home/tusker/qemu-0.6.0'
> make: *** [build-stamp] Error 2
> 
> Is there an easy way to debug what is going wrong here?
> 
> According to the user documention, attaching with gdb, and then issueing 
> a few commands through gdb should help, but I'm not very familiar with 
> gdb... :)
> 
> For interest sake, here is the following when normal qemu is shutting down:
> 
> 1) On the console it says:
> 
> flushing ide devices: hda hdc
> Restarting system.
> 
> 2) gdb 'info reg' shows:
> eax            0x909d   37021
> ecx            0x30001  196609
> edx            0x80     128
> ebx            0x80     128
> esp            0x8ff8   0x8ff8
> ebp            0x0      0x0
> esi            0x9d     157
> edi            0xffe4   65508
> eip            0xff53   0xff53
> eflags         0x86     134
> cs             0xf000   61440
> ss             0x9000   36864
> ds             0x9000   36864
> es             0x9000   36864
> fs             0x9000   36864
> gs             0x9000   36864
> 
> 3) gdb 'x/10i $eip' shows:
> 0xff53: (bad)
> 0xff54: jbe    0xff55
> 0xff56: add    %al,(%eax)
> 0xff58: aad    $0x3
> 0xff5a: outsb  %ds:(%esi),(%dx)
> 0xff5b: call   *%ebp
> 0xff5d: aas
> 0xff5e: aad    $0x3
> 0xff60: push   %eax
> 0xff61: add    %dl,%ah
> 
> For the qemu-fast binary, gdb can't seem to attach to anything, and the 
> following message comes up:
> 
> Interrupted while waiting for the program.
> Give up (and stop debugging it)? (y or n) n
> 
> 
> Is there anything I can do to work out what is going on ?
> 
> Damien
> 


-- 
Damien Mascord (tusker at tusker dot org)
GPG key 2CB181BE / 93B2 EF21 0C7C F022 F467  7966 219E 92B3 2CB1 81BE

Re: [Qemu-devel] qemu-fast 0.6.0 hanging... [follow up in case this email got lost...]

[Damien Mascord]

Damien Mascord wrote:
> Damien Mascord wrote:
> 
>> Hi,
>>
>> I am trying to get qemu 0.6.0 running on Debian testing, running 
>> vanilla 2.4.26 kernel.

Ok, further debugging using strace this time reveals something funny...

As you can see at the end, we have hit a loop, about 24 SIGSEGV, then 
one SIGIO, then about 24 SIGSEGV ad finitum.

It won't stop until a kill is issued.

Damien

--- SIGSEGV (Segmentation fault) @ 0 (0) ---
rt_sigprocmask(SIG_SETMASK, [RTMIN], NULL, 8) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
rt_sigprocmask(SIG_SETMASK, [RTMIN], NULL, 8) = 0
.
.
.
--- SIGIO (I/O possible) @ 0 (0) ---
times({tms_utime=1, tms_stime=2, tms_cutime=0, tms_cstime=0}) = 103937920
sigreturn()                             = ? (mask now [RTMIN])
.
.
.


-------------------------------------


open("/etc/localtime", O_RDONLY)        = 7
fstat64(7, {st_mode=S_IFREG|0644, st_size=152, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, 
-1, 0) = 0x40000000
read(7, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\7\0\0\0\7\0"..., 
4096) = 152
close(7)                                = 0
munmap(0x40000000, 4096)                = 0
old_mmap(0xab076000, 8192, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xab076000
old_mmap(0xab078000, 8192, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xab078000
old_mmap(0xab07a000, 8192, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xab07a000
times({tms_utime=1, tms_stime=1, tms_cutime=0, tms_cstime=0}) = 103937919
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo 
...}) = 0
fcntl64(0, F_GETFL)                     = 0x8002 (flags O_RDWR|O_LARGEFILE)
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo 
...}) = 0
ioctl(0, SNDCTL_TMR_START or TCSETS, {B38400 opost -isig -icanon -echo 
...}) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost -isig -icanon 
-echo ...}) = 0
fcntl64(0, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
old_mmap(0xab07c000, 16384, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xab07c000
old_mmap(0xab080000, 16384, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xab080000
mprotect(0xfe000, 4096, PROT_READ)      = -1 ENOMEM (Cannot allocate memory)
old_mmap(0xab084000, 16384, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xab084000
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
old_mmap(0xab088000, 16384, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xab088000
old_mmap(NULL, 4096, PROT_READ, MAP_SHARED|MAP_FIXED, 4, 0) = 0
rt_sigreturn(0)                         = 0
--- SIGIO (I/O possible) @ 0 (0) ---
times({tms_utime=1, tms_stime=1, tms_cutime=0, tms_cstime=0}) = 103937919
sigreturn()                             = ? (mask now [RTMIN])
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
mprotect(0, 4096, PROT_READ|PROT_WRITE) = 0
rt_sigreturn(0)                         = 0
poll([{fd=0, events=POLLIN}], 1, 0)     = 0
select(0, [], [], [], {0, 0})           = 0 (Timeout)
gettimeofday({1090320144, 481225}, NULL) = 0
times({tms_utime=1, tms_stime=1, tms_cutime=0, tms_cstime=0}) = 103937919
times({tms_utime=1, tms_stime=1, tms_cutime=0, tms_cstime=0}) = 103937919
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
old_mmap(0xf000, 4096, PROT_READ, MAP_SHARED|MAP_FIXED, 4, 0xf000) = 0xf000
rt_sigreturn(0xe0ad)                    = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
mprotect(0xf000, 4096, PROT_READ|PROT_WRITE) = 0
rt_sigreturn(0xe0ad)                    = 0
mprotect(0xf0000, 4096, PROT_READ)      = -1 ENOMEM (Cannot allocate memory)
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
old_mmap(0xfd000, 4096, PROT_READ, MAP_SHARED|MAP_FIXED, 4, 0x840d000) = 
0xfd000
rt_sigreturn(0xda73)                    = 983040
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
old_mmap(0xf0000, 4096, PROT_READ, MAP_SHARED|MAP_FIXED, 4, 0x8400000) = 
0xf0000
rt_sigreturn(0x168)                     = 983040
mprotect(0xf9000, 4096, PROT_READ)      = -1 ENOMEM (Cannot allocate memory)
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
old_mmap(0x9f000, 4096, PROT_READ, MAP_SHARED|MAP_FIXED, 4, 0x9f000) = 
0x9f000
rt_sigreturn(0x1)                       = 654336
--- SIGIO (I/O possible) @ 0 (0) ---
times({tms_utime=1, tms_stime=1, tms_cutime=0, tms_cstime=0}) = 103937919
sigreturn()                             = ? (mask now [RTMIN])
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
mprotect(0x9f000, 4096, PROT_READ|PROT_WRITE) = 0
rt_sigreturn(0x1)                       = 654336
--- SIGIO (I/O possible) @ 0 (0) ---
times({tms_utime=1, tms_stime=1, tms_cutime=0, tms_cstime=0}) = 103937919
sigreturn()                             = ? (mask now [RTMIN])
--- SIGIO (I/O possible) @ 0 (0) ---
times({tms_utime=1, tms_stime=1, tms_cutime=0, tms_cstime=0}) = 103937919
sigreturn()                             = ? (mask now [RTMIN])
--- SIGIO (I/O possible) @ 0 (0) ---
times({tms_utime=1, tms_stime=1, tms_cutime=0, tms_cstime=0}) = 103937919
sigreturn()                             = ? (mask now [RTMIN])
--- SIGIO (I/O possible) @ 0 (0) ---
times({tms_utime=1, tms_stime=1, tms_cutime=0, tms_cstime=0}) = 103937919
sigreturn()                             = ? (mask now [RTMIN])
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
old_mmap(0xc0000, 4096, PROT_READ, MAP_SHARED|MAP_FIXED, 4, 0x8440000) = 
0xc0000
rt_sigreturn(0x4)                       = 786432
mprotect(0xc0000, 4096, PROT_READ)      = 0
mprotect(0xc3000, 4096, PROT_READ)      = -1 ENOMEM (Cannot allocate memory)
mprotect(0xc6000, 4096, PROT_READ)      = -1 ENOMEM (Cannot allocate memory)
--- SIGIO (I/O possible) @ 0 (0) ---
times({tms_utime=1, tms_stime=1, tms_cutime=0, tms_cstime=0}) = 103937919
sigreturn()                             = ? (mask now [RTMIN])
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
old_mmap(0xc3000, 4096, PROT_READ, MAP_SHARED|MAP_FIXED, 4, 0x8443000) = 
0xc3000
rt_sigreturn(0x321d)                    = 786432
mprotect(0xc7000, 4096, PROT_READ)      = -1 ENOMEM (Cannot allocate memory)
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
old_mmap(0xc3000, 4096, PROT_READ, MAP_SHARED|MAP_FIXED, 4, 0x8443000) = 
0xc3000
rt_sigreturn(0x321d)                    = 786432
mprotect(0xc7000, 4096, PROT_READ)      = -1 ENOMEM (Cannot allocate memory)
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
old_mmap(0xc6000, 4096, PROT_READ, MAP_SHARED|MAP_FIXED, 4, 0x8446000) = 
0xc6000
rt_sigreturn(0x6fb1)                    = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
old_mmap(0xc7000, 4096, PROT_READ, MAP_SHARED|MAP_FIXED, 4, 0x8447000) = 
0xc7000
rt_sigreturn(0x7019)                    = 2418
mprotect(0xc5000, 4096, PROT_READ)      = -1 ENOMEM (Cannot allocate memory)
--- SIGIO (I/O possible) @ 0 (0) ---
times({tms_utime=1, tms_stime=1, tms_cutime=0, tms_cstime=0}) = 103937919
sigreturn()                             = ? (mask now [RTMIN])
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
rt_sigprocmask(SIG_SETMASK, [RTMIN], NULL, 8) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
rt_sigprocmask(SIG_SETMASK, [RTMIN], NULL, 8) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
rt_sigprocmask(SIG_SETMASK, [RTMIN], NULL, 8) = 0




-- 
Damien Mascord (tusker at tusker dot org)
GPG key 2CB181BE / 93B2 EF21 0C7C F022 F467  7966 219E 92B3 2CB1 81BE