[fedora-arm] Debugging our kernels under qemu + gdb

Richard W.M. Jones rjones at redhat.com
Fri May 11 20:04:40 UTC 2012 

Has anyone tried to debug our Fedora/arm kernels under qemu-system-arm?
(In this case, the host is also arm, but I don't think that matters.)

After a lot of effort, I've managed to get to the point where prints
this on the serial port:

  Uncompressing Linux... done, booting the kernel.

and then hangs.  Under gdb the hang is in this code:

  => 0x005fe934:	 nop   	       ; (mov r0, r0)
     0x005fe938:	 b	       0x5fe934

It seems it's meant to be an infinite loop (ie. panic) because
something previously has failed.

However I can't get gdb to make sense of the symbols in the
kernel-debuginfo package, so I've really no idea where to start
looking for this ...  The symbols refer to addresses 0xcxxxxxxx, but
there's no code at those addresses, just zeroes.  Unless it's so early
in the boot that pagetables need to be setup or code needs to be
copied around -- anyone know how all this works on arm?

Rich.

kernel=3.3.4-4.fc17.armv7hl

# Homebrew qemu because qemu from Fedora package doesn't work at all.
QEMUDIR=$HOME/d/qemu
$QEMUDIR/arm-softmmu/qemu-system-arm \
-s \
-M versatilepb \
-cpu cortex-a9 \
-nodefaults \
-nographic \
-serial stdio \
-m 256 \
-kernel /boot/vmlinuz-$kernel \
-initrd /boot/initramfs-$kernel.img \
-append 'console=ttyAMA0'

# Invocation of gdb.
$ gdb 
GNU gdb (GDB) Fedora (7.4.50.20120120-42.fc17)
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "armv7hl-redhat-linux-gnueabi".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
(gdb) file /usr/lib/debug/lib/modules/3.3.4-4.fc17.armv7hl/vmlinux
Reading symbols from /usr/lib/debug/lib/modules/3.3.4-4.fc17.armv7hl/vmlinux...done.
(gdb) target remote :1234
Remote debugging using :1234
0x0066904c in ?? ()
(gdb) cont
Continuing.
^C
Program received signal SIGINT, Interrupt.
0x005fe934 in ?? ()
(gdb) bt
#0  0x005fe934 in ?? ()
#1  0x0000800c in ?? ()
#2  0x0000800c in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) disassemble 0x005fe934
No function contains specified address.
(gdb) disassemble 0x005fe934,+0x100
Dump of assembler code from 0x5fe934 to 0x5fea34:
=> 0x005fe934:	  nop  	    	     ; (mov r0, r0)
   0x005fe938:	  b		     0x5fe934
   0x005fe93c:	  mov		     r0, #0
   0x005fe940:	  bx		     lr
   0x005fe944:	  push		     {r0, r1, r2, r4, r5, r6, r7, r8, r9, r10, r11, lr}
   0x005fe948:	  ldr		     r3, [pc, #22576152]  ; 0x5feb04
   0x005fe94c:	  ldr		     r4, [r3]
   0x005fe950:	  cmp		     r4, #0
   0x005fe954:	  ldrne		     r0, [pc, #23115160]	; 0x5feb08
   0x005fe958:	  bne		     0x5fe97c
   0x005fe95c:	  ldr		     r3, [pc, #22576152]	; 0x5feb0c
   0x005fe960:	  ldr		     r4, [r3]
   0x005fe964:	  ldrb		     r2, [r3, #3118736]
   0x005fe968:	  cmp		     r4, #0
   0x005fe96c:	  beq		     0x5fe984
   0x005fe970:	  cmp		     r2, #0
   0x005fe974:	  bne		     0x5fea9c
   0x005fe978:	  ldr		     r0, [pc, #23115160]	; 0x5feb10
   0x005fe97c:	  bl		     0x429448
   0x005fe980:	  b		     0x5fea9c
   0x005fe984:	  cmp		     r2, #0
   0x005fe988:	  bne		     0x5fe99c
---Type <return> to continue, or q <return> to quit---q
Quit

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines.  Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.
http://et.redhat.com/~rjones/virt-p2v

More information about the arm mailing list