Re: [Qemu-devel] Help with deadlock when using sound

[Programmingkid]

On May 12, 2015, at 3:45 AM, Paolo Bonzini wrote:

> On 12/05/2015 00:43, Programmingkid wrote:
>> 
>> On May 10, 2015, at 10:54 AM, Paolo Bonzini wrote:
>> 
>>> 
>>> 
>>> On 06/05/2015 18:40, Programmingkid wrote:
>>>> When I try to use the pcspk sound hardware, QEMU freezes and uses
>>>> 100% of the cpu time. This is the command I use:
>>>> 
>>>> qemu-system-i386 -cdrom <anything you wan here> -soundhw pcspk
>>>> 
>>>> This looks like a deadlock situation because some unknown code called
>>>> qemu_mutex_lock(). Here is the stack trace at the freeze:
>>>> 
>>>> (gdb) bt #0  0x00007fff824e2db6 in semaphore_wait_trap () #1
>>>> 0x00007fff824e8417 in pthread_mutex_lock () #2  0x0000000100267199 in
>>>> qemu_mutex_lock (mutex=<value temporarily unavailable, due to
>>>> optimizations>) at util/qemu-thread-posix.c:73 #3  0x003c44016e95153b
>>>> in ?? ()
>>>> 
>>>> My host is Mac OS 10.6.8. My guest isn't really anything. I have used
>>>> Windows XP before but it isn't necessary to reproduce the problem.
>>>> 
>>>> The ?? is what appears to be the problem. I can't even print
>>>> instructions at that address. Any ideas as to what is calling the
>>>> qemu_mutex_lock() function could help.
> 
> The unknown code here is probably some place where gdb cannot find the
> frame pointer.  Not a surprise if you are using a 5 year old debugger
> with (presumably) a newer compiler.
> 
>>> Reproduced with a FreeDOS image from QEMU Advent Calendar.  It locks up
>>> as soon as you type "beep".
>>> 
>>> It works with the PulseAudio and ALSA backends, but it doesn't with the
>>> SDL backend, even on Linux.
>>> 
>>> Also, it deadlocks even with KVM enabled.
>>> 
>>> Paolo
>> 
>> OK, I see a pattern. SDL and CoreAudio both don't support audio input. Both 
>> of them have this code:
>> .voice_size_in  = 0
>> 
>> Alsa and PulseAudio do support audio input and work. Coincidence?
> 
> Yes.  Locking in SDL is completely broken.  sdl_callback runs with the
> SDL audio lock taken, but then it waits on a semaphore so you cannot
> call any other SDL audio function from the main thread.  As soon as you
> do that, you get a deadlock.  I'm strongly tempted to just remove the
> driver.

This sounds very similar to what happens to CoreAudio.

> On the other hand, CoreAudio seems to be okay.  Can you try "thread
> apply all bt full" from gdb?
> 
> Paolo

Here is the output you wanted. 
Note: used run -soundhw ac97 -cdrom ~/debian.iso

Thread 9 (process 44956):
#0  0x00007fff824e2dda in semaphore_timedwait_signal_trap ()
No symbol table info available.
#1  0x00007fff82521772 in _pthread_cond_wait ()
No symbol table info available.
#2  0x00007fff8423468c in CAGuard::WaitFor ()
No symbol table info available.
#3  0x00007fff84236c1b in CAGuard::WaitUntil ()
No symbol table info available.
#4  0x00007fff84234d85 in HP_IOThread::WorkLoop ()
No symbol table info available.
#5  0x00007fff84234827 in HP_IOThread::ThreadEntry ()
No symbol table info available.
#6  0x00007fff84234755 in CAPThread::Entry ()
No symbol table info available.
#7  0x00007fff8251bfd6 in _pthread_start ()
No symbol table info available.
#8  0x00007fff8251be89 in thread_start ()
No symbol table info available.

Thread 8 (process 44956):
#0  addr_add (env=0x121ff2e78, addr=1, arg=247) at 
/Users/user/Documents/Development/Projects/Qemu/qemu-git/target-ppc/mem_helper.c:42
No locals.
#1  0x0000000100158f4b in helper_lmw (env=0x101db1220, addr=132087416, reg=30) 
at 
/Users/user/Documents/Development/Projects/Qemu/qemu-git/target-ppc/mem_helper.c:61
No locals.
#2  0x0000000116426c97 in ?? ()
No symbol table info available.
Current language:  auto; currently c

Thread 6 (process 44956):
#0  0x00007fff8254499e in __sigwait ()
No symbol table info available.
#1  0x00007fff82544977 in sigwait ()
No symbol table info available.
#2  0x00000001003add68 in sigwait_compat (opaque=0x101eb7350) at 
util/compatfd.c:36
        sig = 0
        err = 0
        info = (struct sigfd_compat_info *) 0x101eb7350
#3  0x00007fff8251bfd6 in _pthread_start ()
No symbol table info available.
#4  0x00007fff8251be89 in thread_start ()
No symbol table info available.

Thread 3 (process 44956):
#0  0x00007fff824fbc0a in kevent ()
No symbol table info available.
#1  0x00007fff824fdadd in _dispatch_mgr_invoke ()
No symbol table info available.
#2  0x00007fff824fd7b4 in _dispatch_queue_invoke ()
No symbol table info available.
#3  0x00007fff824fd2de in _dispatch_worker_thread2 ()
No symbol table info available.
#4  0x00007fff824fcc08 in _pthread_wqthread ()
No symbol table info available.
#5  0x00007fff824fcaa5 in start_wqthread ()
No symbol table info available.

Thread 2 (process 44956):
#0  0x00007fff824e2dc2 in semaphore_wait_signal_trap ()
No symbol table info available.
#1  0x00007fff824e840d in pthread_mutex_lock ()
No symbol table info available.
#2  0x00000001003a98c2 in qemu_mutex_lock (mutex=0x10070e080) at 
util/qemu-thread-posix.c:73
        err = 0
#3  0x000000010004da9d in qemu_mutex_lock_iothread () at 
/Users/user/Documents/Development/Projects/Qemu/qemu-git/cpus.c:1128
No locals.
#4  0x00000001003be885 in call_rcu_thread (opaque=0x0) at util/rcu.c:241
        tries = 1
        n = 41
        node = (struct rcu_head *) 0x101a98cf0
#5  0x00007fff8251bfd6 in _pthread_start ()
No symbol table info available.
#6  0x00007fff8251be89 in thread_start ()
No symbol table info available.

Thread 1 (process 44956):
#0  0x00007fff824e2dc2 in semaphore_wait_signal_trap ()
No symbol table info available.
#1  0x00007fff824e840d in pthread_mutex_lock ()
No symbol table info available.
#2  0x00000001003a98c2 in qemu_mutex_lock (mutex=0x10070e080) at 
util/qemu-thread-posix.c:73
        err = 0
#3  0x000000010004da9d in qemu_mutex_lock_iothread () at 
/Users/user/Documents/Development/Projects/Qemu/qemu-git/cpus.c:1128
No locals.
#4  0x000000010031035a in os_host_main_loop_wait (timeout=29193000) at 
main-loop.c:242
        ret = 0
        spin_counter = 0
#5  0x000000010031041f in main_loop_wait (nonblocking=0) at main-loop.c:494
        ret = 1
        timeout = 1000
        timeout_ns = 29193000
#6  0x00000001001713c1 in main_loop () at vl.c:1799
        nonblocking = false
        last_io = 0
#7  0x0000000100178ebe in qemu_main (argc=5, argv=0x7fff5fbff458, 
envp=0x7fff5fbff488) at vl.c:4385
        i = 32767
        snapshot = 0
        linux_boot = 0
        initrd_filename = 0x0
        kernel_filename = 0x0
        kernel_cmdline = 0x1003ccfc8 ""
        boot_order = 0x1003d30c4 "cd"
        boot_once = 0x0
        ds = (DisplayState *) 0x101a64f90
        cyls = 0
        heads = 0
        secs = 0
        translation = 0
        hda_opts = (QemuOpts *) 0x0
        opts = (QemuOpts *) 0x0
        machine_opts = (QemuOpts *) 0x101eb6ea0
        icount_opts = (QemuOpts *) 0x0
        olist = (QemuOptsList *) 0x100b31218
        optind = 5
        optarg = 0x0
        loadvm = 0x0
        machine_class = (MachineClass *) 0x101e8de10
        cpu_model = 0x0
        vga_model = 0x1003ec714 "std"
        qtest_chrdev = 0x0
        qtest_log = 0x0
        pid_file = 0x0
        incoming = 0x0
        show_vnc_port = 0
        defconfig = true
        userconfig = true
        log_mask = 0x0
        log_file = 0x0
        mem_trace = {
  malloc = 0x1001745b9 <malloc_and_trace>, 
  realloc = 0x1001745ee <realloc_and_trace>, 
  free = 0x100174632 <free_and_trace>, 
  calloc = 0, 
  try_malloc = 0, 
  try_realloc = 0
}
        trace_events = 0x0
        trace_file = 0x0
        maxram_size = 134217728
        ram_slots = 0
        vmstate_dump_file = (FILE *) 0x0
        main_loop_err = (Error *) 0x0
        __func__ = "qemu_main"
#8  0x00000001002e0569 in -[QemuCocoaAppController 
startEmulationWithArgc:argv:] (self=0x101e117a0, _cmd=0x100446830, argc=5, 
argv=0x7fff5fbff458) at cocoa.m:937
        status = 1
#9  0x00000001002e03c2 in -[QemuCocoaAppController 
applicationDidFinishLaunching:] (self=0x101e117a0, _cmd=0x7fff8064d906, 
note=0x101e347f0) at cocoa.m:915
No locals.
#10 0x00007fff8a50dbc5 in _nsnote_callback ()
No symbol table info available.
#11 0x00007fff83a7b000 in __CFXNotificationPost ()
No symbol table info available.
#12 0x00007fff83a67578 in _CFXNotificationPostNotification ()
No symbol table info available.
#13 0x00007fff8a504b26 in -[NSNotificationCenter 
postNotificationName:object:userInfo:] ()
No symbol table info available.
#14 0x00007fff80a1c44a in -[NSApplication _postDidFinishNotification] ()
No symbol table info available.
#15 0x00007fff80a1c37f in -[NSApplication _sendFinishLaunchingNotification] ()
No symbol table info available.
#16 0x00007fff80ae735d in -[NSApplication(NSAppleEventHandling) _handleAEOpen:] 
()
No symbol table info available.
#17 0x00007fff80ae6fd9 in -[NSApplication(NSAppleEventHandling) 
_handleCoreEvent:withReplyEvent:] ()
No symbol table info available.
#18 0x00007fff8a53c1c6 in -[NSAppleEventManager 
dispatchRawAppleEvent:withRawReply:handlerRefCon:] ()
No symbol table info available.
#19 0x00007fff8a53bff6 in _NSAppleEventManagerGenericHandler ()
No symbol table info available.
#20 0x00007fff84a6f32b in aeDispatchAppleEvent ()
No symbol table info available.
#21 0x00007fff84a6f224 in dispatchEventAndSendReply ()
No symbol table info available.
#22 0x00007fff84a6f12b in aeProcessAppleEvent ()
No symbol table info available.
#23 0x00007fff87300619 in AEProcessAppleEvent ()
No symbol table info available.
#24 0x00007fff809ec095 in _DPSNextEvent ()
No symbol table info available.
#25 0x00007fff809eb801 in -[NSApplication 
nextEventMatchingMask:untilDate:inMode:dequeue:] ()
No symbol table info available.
#26 0x00007fff809b168f in -[NSApplication run] ()
No symbol table info available.
#27 0x00000001002e1d4a in main (argc=5, argv=0x7fff5fbff458) at cocoa.m:1169
        i = 5
        pool = (NSAutoreleasePool *) 0x101a2eb10
        psn = {
  highLongOfPSN = 0, 
  lowLongOfPSN = 2
}
        menuItem = (NSMenuItem *) 0x101e15410
        appController = (QemuCocoaAppController *) 0x101e117a0
        menu = (NSMenu *) 0x101e15070