From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LPkS1-00044H-1p for qemu-devel@nongnu.org; Wed, 21 Jan 2009 16:17:29 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LPkRz-00043T-Dz for qemu-devel@nongnu.org; Wed, 21 Jan 2009 16:17:28 -0500 Received: from [199.232.76.173] (port=60252 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LPkRz-00043M-15 for qemu-devel@nongnu.org; Wed, 21 Jan 2009 16:17:27 -0500 Received: from moutng.kundenserver.de ([212.227.17.9]:57450) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LPkRy-0005Nd-Gy for qemu-devel@nongnu.org; Wed, 21 Jan 2009 16:17:26 -0500 Received: from localhost ([127.0.0.1] ident=stefan) by flocke.weilnetz.de with esmtp (Exim 4.69) (envelope-from ) id 1LPkRt-00044c-QE for qemu-devel@nongnu.org; Wed, 21 Jan 2009 22:17:22 +0100 Message-ID: <497790E0.7050905@mail.berlios.de> Date: Wed, 21 Jan 2009 22:17:20 +0100 From: Stefan Weil MIME-Version: 1.0 Subject: [Qemu-devel] [BUG] Regression in networking code (SIGSEGV) Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: QEMU Developers Hi, the SIGSEGV crash below can be reproduced with Qemu r6391 and "high" net load. I bootet a mips malta kernel from a debian nfs root. While this worked fine, aptitude update hangs during downloads, nfs root is lost and after some time Qemu gets a SIGSEGV. A similar crash occurs with a different mips machine (ar7) and different network hardware (ar7 emac / cpmac), so it is not restricted to pcnet. This second system does not survive the network boot. Up to now, I could not run tests with non-mips systems. I'm fairly sure that 2 weeks ago networking worked without problems in both cases. Regards Stefan Weil Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f3be89386e0 (LWP 14845)] 0x00000000004d1a6f in ip_reass (ip=0xfe96e0, fp=0x1109050) at ~/src/qemu/trunk/slirp/ip_input.c:408 408 ip->ip_len = next; (gdb) i s #0 0x00000000004d1a6f in ip_reass (ip=0xfe96e0, fp=0x1109050) at ~/src/qemu/trunk/slirp/ip_input.c:408 #1 0x00000000004d15ad in ip_input (m=0x110e010) at ~/src/qemu/trunk/slirp/ip_input.c:228 #2 0x00000000004b3d25 in slirp_input (pkt=0x12fcbd0 "RT", pkt_len=1294) at ~/src/qemu/trunk/slirp/slirp.c:679 #3 0x000000000049a07d in qemu_send_packet (vc1=0x10ff440, buf=0x12fcbd0 "RT", size=1294) at ~/src/qemu/trunk/net.c:399 #4 0x000000000042ea6a in pcnet_transmit (s=0x12fc810) at ~/src/qemu/trunk/hw/pcnet.c:1300 #5 0x000000000042ebd8 in pcnet_poll_timer (opaque=) at ~/src/qemu/trunk/hw/pcnet.c:1363 #6 0x000000000042f270 in pcnet_ioport_writew (opaque=0x7f3be72a79e0, addr=17884784, val=16684768) at ~/src/qemu/trunk/hw/pcnet.c:1645 #7 0x0000000000405eb8 in ioport_write (index=1, address=4146, data=0) at ~/src/qemu/trunk/vl.c:302 #8 0x00000000004062b5 in cpu_outw (env=0x0, addr=4146, val=0) at ~/src/qemu/trunk/vl.c:432 #9 0x00000000420ae755 in ?? () #10 0x0000000000000000 in ?? () (gdb) up #1 0x00000000004d15ad in ip_input (m=0x110e010) at ~/src/qemu/trunk/slirp/ip_input.c:228 228 ip = ip_reass(ip, fp); (gdb) p ip $1 = (struct ip *) 0x110e060 (gdb) do #0 0x00000000004d1a6f in ip_reass (ip=0xfe96e0, fp=0x1109050) at ~/src/qemu/trunk/slirp/ip_input.c:408 408 ip->ip_len = next; (gdb) p *ip Cannot access memory at address 0xfe96e0