How to use GDB to debug QEMU process?

Prerequisite

1
./configure --enable-debug

Steps

1
2
$ which qemu-system-x86_64
/usr/local/bin/qemu-system-x86_64
1
2
3
4
5
6
7
8
9
10
gdb --args /usr/local/bin/qemu-system-x86_64\
-enable-kvm \
-m 2048 \
-smp 2 \
-cpu host \
-drive format=raw,file=laag.img \
-serial mon:stdio \
-net nic,macaddr=00:16:3e:60:0a:50 \
-net tap \
-vnc :3
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
(gdb) b x86_cpu_get_supported_feature_word
Breakpoint 1 at 0x44f372: file /home/kvm/qemu/target/i386/cpu.c, line 5050.
(gdb) r
Starting program: /usr/local/bin/qemu-system-x86_64 -enable-kvm -m 2048 -smp 2 -cpu host -drive format=raw,file=laag.img -serial mon:stdio -net nic,macaddr=00:16:3e:60:0a:50 -net tap -vnc :3
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffe8d59700 (LWP 15519)]
++ brctl show
++ sed -n 2p
++ awk '{print $1}'
+ switch=br0
+ '[' -n br0 ']'
++ whoami
+ tunctl -u root -t tap0
TUNSETIFF: Device or resource busy
+ ip link set tap0 up
+ brctl addif br0 tap0
+ exit 0

Thread 1 "qemu-system-x86" hit Breakpoint 1, x86_cpu_get_supported_feature_word (w=FEAT_1_EDX, migratable_only=true) at /home/kvm/qemu/target/i386/cpu.c:5050
5050 FeatureWordInfo *wi = &feature_word_info[w];
(gdb) bt
#0 0x00005555559a3372 in x86_cpu_get_supported_feature_word (w=FEAT_1_EDX, migratable_only=true) at /home/kvm/qemu/target/i386/cpu.c:5050
#1 0x00005555559a67bf in x86_cpu_expand_features (cpu=0x555556acef90, errp=0x7fffffffda60) at /home/kvm/qemu/target/i386/cpu.c:6386
#2 0x00005555559a70a3 in x86_cpu_realizefn (dev=0x555556acef90, errp=0x7fffffffdae0) at /home/kvm/qemu/target/i386/cpu.c:6574
#3 0x0000555555aa54cf in device_set_realized (obj=0x555556acef90, value=true, errp=0x7fffffffdbe8) at /home/kvm/qemu/hw/core/qdev.c:864
#4 0x0000555555cf4adf in property_set_bool (obj=0x555556acef90, v=0x555556aecae0, name=0x555555fb5771 "realized", opaque=0x5555568916e0, errp=0x7fffffffdbe8) at /home/kvm/qemu/qom/object.c:2202
#5 0x0000555555cf2c00 in object_property_set (obj=0x555556acef90, name=0x555555fb5771 "realized", v=0x555556aecae0, errp=0x55555681c0a0 <error_fatal>) at /home/kvm/qemu/qom/object.c:1349
#6 0x0000555555cf5f45 in object_property_set_qobject (obj=0x555556acef90, name=0x555555fb5771 "realized", value=0x555556aea3a0, errp=0x55555681c0a0 <error_fatal>) at /home/kvm/qemu/qom/qom-qobject.c:28
#7 0x0000555555cf2f47 in object_property_set_bool (obj=0x555556acef90, name=0x555555fb5771 "realized", value=true, errp=0x55555681c0a0 <error_fatal>) at /home/kvm/qemu/qom/object.c:1416
#8 0x0000555555aa4083 in qdev_realize (dev=0x555556acef90, bus=0x0, errp=0x55555681c0a0 <error_fatal>) at /home/kvm/qemu/hw/core/qdev.c:379
#9 0x000055555594235d in x86_cpu_new (x86ms=0x555556a43800, apic_id=0, errp=0x55555681c0a0 <error_fatal>) at /home/kvm/qemu/hw/i386/x86.c:126
#10 0x00005555559424e8 in x86_cpus_init (x86ms=0x555556a43800, default_cpu_version=1) at /home/kvm/qemu/hw/i386/x86.c:164
#11 0x000055555594ac74 in pc_init1 (machine=0x555556a43800, host_type=0x555555f73516 "i440FX-pcihost", pci_type=0x555555f7350f "i440FX") at /home/kvm/qemu/hw/i386/pc_piix.c:159
#12 0x000055555594b791 in pc_init_v5_1 (machine=0x555556a43800) at /home/kvm/qemu/hw/i386/pc_piix.c:438
#13 0x0000555555ab385c in machine_run_board_init (machine=0x555556a43800) at /home/kvm/qemu/hw/core/machine.c:1135
#14 0x000055555599b752 in qemu_init (argc=18, argv=0x7fffffffe238, envp=0x7fffffffe2d0) at /home/kvm/qemu/softmmu/vl.c:4355
#15 0x0000555555ddeb86 in main (argc=18, argv=0x7fffffffe238, envp=0x7fffffffe2d0) at /home/kvm/qemu/softmmu/main.c:48

参考资料:

  1. Debug Qemu代码
  2. qemu 安装与调试
  3. GDB调试qemu源码纪录
  4. gdb 调试qemu