From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:46078)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <programmingkidx@gmail.com>) id 1YsFOu-00063j-Qw
	for qemu-devel@nongnu.org; Tue, 12 May 2015 14:59:34 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <programmingkidx@gmail.com>) id 1YsFOp-0002JA-2F
	for qemu-devel@nongnu.org; Tue, 12 May 2015 14:59:32 -0400
Received: from mail-qc0-x231.google.com ([2607:f8b0:400d:c01::231]:33093)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <programmingkidx@gmail.com>) id 1YsFOo-0002Io-TM
	for qemu-devel@nongnu.org; Tue, 12 May 2015 14:59:27 -0400
Received: by qcvo8 with SMTP id o8so9996909qcv.0
	for <qemu-devel@nongnu.org>; Tue, 12 May 2015 11:59:25 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: Programmingkid <programmingkidx@gmail.com>
In-Reply-To: <5551AFB0.5020908@redhat.com>
Date: Tue, 12 May 2015 14:59:22 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <75FE3A13-B569-4768-9B81-357D64EC8DFD@gmail.com>
References: <18C7C30B-DC02-4CF1-8190-EFB063692272@gmail.com>
	<554F7124.8020900@redhat.com>
	<1D282622-B470-4916-BC6A-689EC83B1B42@gmail.com>
	<5551AFB0.5020908@redhat.com>
Subject: Re: [Qemu-devel] Help with deadlock when using sound
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-devel qemu-devel <qemu-devel@nongnu.org>


On May 12, 2015, at 3:45 AM, Paolo Bonzini wrote:

> On 12/05/2015 00:43, Programmingkid wrote:
>>=20
>> On May 10, 2015, at 10:54 AM, Paolo Bonzini wrote:
>>=20
>>>=20
>>>=20
>>> On 06/05/2015 18:40, Programmingkid wrote:
>>>> When I try to use the pcspk sound hardware, QEMU freezes and uses
>>>> 100% of the cpu time. This is the command I use:
>>>>=20
>>>> qemu-system-i386 -cdrom <anything you wan here> -soundhw pcspk
>>>>=20
>>>> This looks like a deadlock situation because some unknown code =
called
>>>> qemu_mutex_lock(). Here is the stack trace at the freeze:
>>>>=20
>>>> (gdb) bt #0  0x00007fff824e2db6 in semaphore_wait_trap () #1
>>>> 0x00007fff824e8417 in pthread_mutex_lock () #2  0x0000000100267199 =
in
>>>> qemu_mutex_lock (mutex=3D<value temporarily unavailable, due to
>>>> optimizations>) at util/qemu-thread-posix.c:73 #3  =
0x003c44016e95153b
>>>> in ?? ()
>>>>=20
>>>> My host is Mac OS 10.6.8. My guest isn't really anything. I have =
used
>>>> Windows XP before but it isn't necessary to reproduce the problem.
>>>>=20
>>>> The ?? is what appears to be the problem. I can't even print
>>>> instructions at that address. Any ideas as to what is calling the
>>>> qemu_mutex_lock() function could help.
>=20
> The unknown code here is probably some place where gdb cannot find the
> frame pointer.  Not a surprise if you are using a 5 year old debugger
> with (presumably) a newer compiler.
>=20
>>> Reproduced with a FreeDOS image from QEMU Advent Calendar.  It locks =
up
>>> as soon as you type "beep".
>>>=20
>>> It works with the PulseAudio and ALSA backends, but it doesn't with =
the
>>> SDL backend, even on Linux.
>>>=20
>>> Also, it deadlocks even with KVM enabled.
>>>=20
>>> Paolo
>>=20
>> OK, I see a pattern. SDL and CoreAudio both don't support audio =
input. Both of them have this code:
>> .voice_size_in  =3D 0
>>=20
>> Alsa and PulseAudio do support audio input and work. Coincidence?
>=20
> Yes.  Locking in SDL is completely broken.  sdl_callback runs with the
> SDL audio lock taken, but then it waits on a semaphore so you cannot
> call any other SDL audio function from the main thread.  As soon as =
you
> do that, you get a deadlock.  I'm strongly tempted to just remove the
> driver.

This sounds very similar to what happens to CoreAudio.

> On the other hand, CoreAudio seems to be okay.  Can you try "thread
> apply all bt full" from gdb?
>=20
> Paolo

Here is the output you wanted.=20
Note: used run -soundhw ac97 -cdrom ~/debian.iso

Thread 9 (process 44956):
#0  0x00007fff824e2dda in semaphore_timedwait_signal_trap ()
No symbol table info available.
#1  0x00007fff82521772 in _pthread_cond_wait ()
No symbol table info available.
#2  0x00007fff8423468c in CAGuard::WaitFor ()
No symbol table info available.
#3  0x00007fff84236c1b in CAGuard::WaitUntil ()
No symbol table info available.
#4  0x00007fff84234d85 in HP_IOThread::WorkLoop ()
No symbol table info available.
#5  0x00007fff84234827 in HP_IOThread::ThreadEntry ()
No symbol table info available.
#6  0x00007fff84234755 in CAPThread::Entry ()
No symbol table info available.
#7  0x00007fff8251bfd6 in _pthread_start ()
No symbol table info available.
#8  0x00007fff8251be89 in thread_start ()
No symbol table info available.

Thread 8 (process 44956):
#0  addr_add (env=3D0x121ff2e78, addr=3D1, arg=3D247) at =
/Users/user/Documents/Development/Projects/Qemu/qemu-git/target-ppc/mem_he=
lper.c:42
No locals.
#1  0x0000000100158f4b in helper_lmw (env=3D0x101db1220, addr=3D132087416,=
 reg=3D30) at =
/Users/user/Documents/Development/Projects/Qemu/qemu-git/target-ppc/mem_he=
lper.c:61
No locals.
#2  0x0000000116426c97 in ?? ()
No symbol table info available.
Current language:  auto; currently c

Thread 6 (process 44956):
#0  0x00007fff8254499e in __sigwait ()
No symbol table info available.
#1  0x00007fff82544977 in sigwait ()
No symbol table info available.
#2  0x00000001003add68 in sigwait_compat (opaque=3D0x101eb7350) at =
util/compatfd.c:36
	sig =3D 0
	err =3D 0
	info =3D (struct sigfd_compat_info *) 0x101eb7350
#3  0x00007fff8251bfd6 in _pthread_start ()
No symbol table info available.
#4  0x00007fff8251be89 in thread_start ()
No symbol table info available.

Thread 3 (process 44956):
#0  0x00007fff824fbc0a in kevent ()
No symbol table info available.
#1  0x00007fff824fdadd in _dispatch_mgr_invoke ()
No symbol table info available.
#2  0x00007fff824fd7b4 in _dispatch_queue_invoke ()
No symbol table info available.
#3  0x00007fff824fd2de in _dispatch_worker_thread2 ()
No symbol table info available.
#4  0x00007fff824fcc08 in _pthread_wqthread ()
No symbol table info available.
#5  0x00007fff824fcaa5 in start_wqthread ()
No symbol table info available.

Thread 2 (process 44956):
#0  0x00007fff824e2dc2 in semaphore_wait_signal_trap ()
No symbol table info available.
#1  0x00007fff824e840d in pthread_mutex_lock ()
No symbol table info available.
#2  0x00000001003a98c2 in qemu_mutex_lock (mutex=3D0x10070e080) at =
util/qemu-thread-posix.c:73
	err =3D 0
#3  0x000000010004da9d in qemu_mutex_lock_iothread () at =
/Users/user/Documents/Development/Projects/Qemu/qemu-git/cpus.c:1128
No locals.
#4  0x00000001003be885 in call_rcu_thread (opaque=3D0x0) at =
util/rcu.c:241
	tries =3D 1
	n =3D 41
	node =3D (struct rcu_head *) 0x101a98cf0
#5  0x00007fff8251bfd6 in _pthread_start ()
No symbol table info available.
#6  0x00007fff8251be89 in thread_start ()
No symbol table info available.

Thread 1 (process 44956):
#0  0x00007fff824e2dc2 in semaphore_wait_signal_trap ()
No symbol table info available.
#1  0x00007fff824e840d in pthread_mutex_lock ()
No symbol table info available.
#2  0x00000001003a98c2 in qemu_mutex_lock (mutex=3D0x10070e080) at =
util/qemu-thread-posix.c:73
	err =3D 0
#3  0x000000010004da9d in qemu_mutex_lock_iothread () at =
/Users/user/Documents/Development/Projects/Qemu/qemu-git/cpus.c:1128
No locals.
#4  0x000000010031035a in os_host_main_loop_wait (timeout=3D29193000) at =
main-loop.c:242
	ret =3D 0
	spin_counter =3D 0
#5  0x000000010031041f in main_loop_wait (nonblocking=3D0) at =
main-loop.c:494
	ret =3D 1
	timeout =3D 1000
	timeout_ns =3D 29193000
#6  0x00000001001713c1 in main_loop () at vl.c:1799
	nonblocking =3D false
	last_io =3D 0
#7  0x0000000100178ebe in qemu_main (argc=3D5, argv=3D0x7fff5fbff458, =
envp=3D0x7fff5fbff488) at vl.c:4385
	i =3D 32767
	snapshot =3D 0
	linux_boot =3D 0
	initrd_filename =3D 0x0
	kernel_filename =3D 0x0
	kernel_cmdline =3D 0x1003ccfc8 ""
	boot_order =3D 0x1003d30c4 "cd"
	boot_once =3D 0x0
	ds =3D (DisplayState *) 0x101a64f90
	cyls =3D 0
	heads =3D 0
	secs =3D 0
	translation =3D 0
	hda_opts =3D (QemuOpts *) 0x0
	opts =3D (QemuOpts *) 0x0
	machine_opts =3D (QemuOpts *) 0x101eb6ea0
	icount_opts =3D (QemuOpts *) 0x0
	olist =3D (QemuOptsList *) 0x100b31218
	optind =3D 5
	optarg =3D 0x0
	loadvm =3D 0x0
	machine_class =3D (MachineClass *) 0x101e8de10
	cpu_model =3D 0x0
	vga_model =3D 0x1003ec714 "std"
	qtest_chrdev =3D 0x0
	qtest_log =3D 0x0
	pid_file =3D 0x0
	incoming =3D 0x0
	show_vnc_port =3D 0
	defconfig =3D true
	userconfig =3D true
	log_mask =3D 0x0
	log_file =3D 0x0
	mem_trace =3D {
  malloc =3D 0x1001745b9 <malloc_and_trace>,=20
  realloc =3D 0x1001745ee <realloc_and_trace>,=20
  free =3D 0x100174632 <free_and_trace>,=20
  calloc =3D 0,=20
  try_malloc =3D 0,=20
  try_realloc =3D 0
}
	trace_events =3D 0x0
	trace_file =3D 0x0
	maxram_size =3D 134217728
	ram_slots =3D 0
	vmstate_dump_file =3D (FILE *) 0x0
	main_loop_err =3D (Error *) 0x0
	__func__ =3D "qemu_main"
#8  0x00000001002e0569 in -[QemuCocoaAppController =
startEmulationWithArgc:argv:] (self=3D0x101e117a0, _cmd=3D0x100446830, =
argc=3D5, argv=3D0x7fff5fbff458) at cocoa.m:937
	status =3D 1
#9  0x00000001002e03c2 in -[QemuCocoaAppController =
applicationDidFinishLaunching:] (self=3D0x101e117a0, =
_cmd=3D0x7fff8064d906, note=3D0x101e347f0) at cocoa.m:915
No locals.
#10 0x00007fff8a50dbc5 in _nsnote_callback ()
No symbol table info available.
#11 0x00007fff83a7b000 in __CFXNotificationPost ()
No symbol table info available.
#12 0x00007fff83a67578 in _CFXNotificationPostNotification ()
No symbol table info available.
#13 0x00007fff8a504b26 in -[NSNotificationCenter =
postNotificationName:object:userInfo:] ()
No symbol table info available.
#14 0x00007fff80a1c44a in -[NSApplication _postDidFinishNotification] ()
No symbol table info available.
#15 0x00007fff80a1c37f in -[NSApplication =
_sendFinishLaunchingNotification] ()
No symbol table info available.
#16 0x00007fff80ae735d in -[NSApplication(NSAppleEventHandling) =
_handleAEOpen:] ()
No symbol table info available.
#17 0x00007fff80ae6fd9 in -[NSApplication(NSAppleEventHandling) =
_handleCoreEvent:withReplyEvent:] ()
No symbol table info available.
#18 0x00007fff8a53c1c6 in -[NSAppleEventManager =
dispatchRawAppleEvent:withRawReply:handlerRefCon:] ()
No symbol table info available.
#19 0x00007fff8a53bff6 in _NSAppleEventManagerGenericHandler ()
No symbol table info available.
#20 0x00007fff84a6f32b in aeDispatchAppleEvent ()
No symbol table info available.
#21 0x00007fff84a6f224 in dispatchEventAndSendReply ()
No symbol table info available.
#22 0x00007fff84a6f12b in aeProcessAppleEvent ()
No symbol table info available.
#23 0x00007fff87300619 in AEProcessAppleEvent ()
No symbol table info available.
#24 0x00007fff809ec095 in _DPSNextEvent ()
No symbol table info available.
#25 0x00007fff809eb801 in -[NSApplication =
nextEventMatchingMask:untilDate:inMode:dequeue:] ()
No symbol table info available.
#26 0x00007fff809b168f in -[NSApplication run] ()
No symbol table info available.
#27 0x00000001002e1d4a in main (argc=3D5, argv=3D0x7fff5fbff458) at =
cocoa.m:1169
	i =3D 5
	pool =3D (NSAutoreleasePool *) 0x101a2eb10
	psn =3D {
  highLongOfPSN =3D 0,=20
  lowLongOfPSN =3D 2
}
	menuItem =3D (NSMenuItem *) 0x101e15410
	appController =3D (QemuCocoaAppController *) 0x101e117a0
	menu =3D (NSMenu *) 0x101e15070