From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:39530)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <sw@weilnetz.de>) id 1S2rNj-0002V4-E1
	for qemu-devel@nongnu.org; Wed, 29 Feb 2012 16:48:39 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <sw@weilnetz.de>) id 1S2rNg-0007WS-0Q
	for qemu-devel@nongnu.org; Wed, 29 Feb 2012 16:48:18 -0500
Received: from v220110690675601.yourvserver.net ([78.47.199.172]:45324)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <sw@weilnetz.de>) id 1S2rNf-0007Vm-MZ
	for qemu-devel@nongnu.org; Wed, 29 Feb 2012 16:48:15 -0500
Message-ID: <4F4E9D1C.3070707@weilnetz.de>
Date: Wed, 29 Feb 2012 22:48:12 +0100
From: Stefan Weil <sw@weilnetz.de>
MIME-Version: 1.0
References: <cover.1330542945.git.jan.kiszka@siemens.com>	<4F4E9208.6020207@weilnetz.de>
	<4F4E99BC.50109@web.de>
In-Reply-To: <4F4E99BC.50109@web.de>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH 0/4] slirp: Fix for requeuing crash,
	cleanups
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Jan Kiszka <jan.kiszka@web.de>
Cc: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>, qemu-devel@nongnu.org, Fabien Chouteau <chouteau@adacore.com>, "Michael S. Tsirkin" <mst@redhat.com>

Am 29.02.2012 22:33, schrieb Jan Kiszka:
> On 2012-02-29 22:00, Stefan Weil wrote:
>> Am 29.02.2012 20:15, schrieb Jan Kiszka:
>>> This is an alternative, more complete approach to fix the requeuing-
>>> related crashes reported recently. See patch 2 for details. The rest are
>>> simple cleanups.
>>>
>>> Please check carefully if I messed something up.
>>>
>>
>> Hi Jan,
>>
>> here is the result of MIPS Malta with your patch series applied:
>>
>> Program received signal SIGSEGV, Segmentation fault.
>> 0x000055555577db5b in slirp_remque (a=0x555556cff360) at
>> /home/stefan/src/qemu/repo.or.cz/qemu/ar7/slirp/misc.c:39
>> 39 ((struct quehead *)(element->qh_rlink))->qh_link =
>> element->qh_link;
>> (gdb) i s
>> #0 0x000055555577db5b in slirp_remque (a=0x555556cff360) at
>> /home/stefan/src/qemu/repo.or.cz/qemu/ar7/slirp/misc.c:39
>> #1 0x000055555577b7a2 in if_start (slirp=0x5555564bfb80) at
>> /home/stefan/src/qemu/repo.or.cz/qemu/ar7/slirp/if.c:208
>> #2 0x000055555577b607 in if_output (so=0x555556ea0b70,
>> ifm=0x555556cff9e0) at
>> /home/stefan/src/qemu/repo.or.cz/qemu/ar7/slirp/if.c:139
>> #3 0x000055555577d040 in ip_output (so=0x555556ea0b70,
>> m0=0x555556cff9e0) at
>> /home/stefan/src/qemu/repo.or.cz/qemu/ar7/slirp/ip_output.c:84
>> #4 0x00005555557865d6 in tcp_output (tp=0x555556ea0c20) at
>> /home/stefan/src/qemu/repo.or.cz/qemu/ar7/slirp/tcp_output.c:456
>> #5 0x000055555577ff5a in slirp_select_poll (readfds=0x7fffffffda10,
>> writefds=0x7fffffffda90, xfds=0x7fffffffdb10, select_error=0)
>> at /home/stefan/src/qemu/repo.or.cz/qemu/ar7/slirp/slirp.c:480
>> #6 0x000055555572d8c0 in main_loop_wait (nonblocking=0) at
>> /home/stefan/src/qemu/repo.or.cz/qemu/ar7/main-loop.c:469
>> #7 0x0000555555721a61 in main_loop () at
>> /home/stefan/src/qemu/repo.or.cz/qemu/ar7/vl.c:1558
>> #8 0x00005555557284a2 in main (argc=25, argv=0x7fffffffdfe8,
>> envp=0x7fffffffe0b8) at 
>> /home/stefan/src/qemu/repo.or.cz/qemu/ar7/vl.c:3667
>> (gdb) p element
>> $1 = (struct quehead *) 0x555556cff360
>> (gdb) p *element
>> $2 = {qh_link = 0x555556cff360, qh_rlink = 0x0}
>> (gdb) p (struct quehead *)(element->qh_rlink)
>> $3 = (struct quehead *) 0x0
>
> Hmm. Two options:
>
> - you try to debug what happens to that mbuf, why its queue anchors
> get corrupted (maybe while in if_encap?)
> - you tell me how to reproduce it (image file, host characteristics)
>
> Jan

I'm afraid that the first variant won't happen this or next week
because lack of time.

This is my test environment:

Debian Squeeze x86_64 host, Debian Squeeze mips guest.

I use NFS root, and the latest crash happened during boot.
All other crashes happened after the guest had booted
when I startet apt-get update, so maybe booting from a
Debian CDROM might also reproduce the crash.

I compiled QEMU with a default configuration, but used
CFLAGS=-g (no optimization) and startet QEMU like this:

gdb --args 
/home/stefan/src/qemu/repo.or.cz/qemu/ar7/bin/debug/x86/mips-softmmu/qemu-system-mips 
--kernel /tftpboot/malta/boot/vmlinux-2.6.26-2-4kc-malta --initrd 
/tftpboot/malta/boot/initrd.img-2.6.26-2-4kc-malta --append "debug 
nohz=off root=/dev/nfs rw ip=::::malta::dhcp 
nfsroot=10.0.2.2:/tftpboot/malta -bootp abc -tftp /tftpboot/malta" -M 
malta --cpu 4KEc -m 256 --net nic,model=pcnet --net user,hostname=malta 
--redir tcp:5800::5800 --redir tcp:5900::5900 --redir tcp:10022::22 
--redir tcp:10080::80

Kernel and initrd are from Debian Squeeze (mips).

I had no slirp problems with that test environment during the last two 
years.

Regards,

Stefan W.