From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:56558)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jan.kiszka@web.de>) id 1Rwfy2-0004sr-GH
	for qemu-devel@nongnu.org; Sun, 12 Feb 2012 15:24:15 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <jan.kiszka@web.de>) id 1Rwfy0-0001g7-Bc
	for qemu-devel@nongnu.org; Sun, 12 Feb 2012 15:24:14 -0500
Received: from fmmailgate05.web.de ([217.72.192.243]:57681)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jan.kiszka@web.de>) id 1Rwfy0-0001ft-1Q
	for qemu-devel@nongnu.org; Sun, 12 Feb 2012 15:24:12 -0500
Received: from moweb002.kundenserver.de (moweb002.kundenserver.de
	[172.19.20.108])
	by fmmailgate05.web.de (Postfix) with ESMTP id 35FD1696DDF8
	for <qemu-devel@nongnu.org>; Sun, 12 Feb 2012 21:24:10 +0100 (CET)
Message-ID: <4F381FE4.3050009@web.de>
Date: Sun, 12 Feb 2012 21:24:04 +0100
From: Jan Kiszka <jan.kiszka@web.de>
MIME-Version: 1.0
References: <20120212183407.GA4534@redhat.com>
In-Reply-To: <20120212183407.GA4534@redhat.com>
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enig621AEA96167700F7633855FC"
Subject: Re: [Qemu-devel] slirp-related crash
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: qemu-devel@nongnu.org

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig621AEA96167700F7633855FC
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 2012-02-12 19:34, Michael S. Tsirkin wrote:
> It seems somewhat easy to crash qemu with slirp if we queue multiple pa=
ckets.
> I didn't investigate further yet so I don't know if this
> is a regression. Anyone knowledgeable about slirp wants to take a look?=

>=20
> /home/mst/qemu-test/bin/qemu-system-x86_64  -enable-kvm -m 1G -drive
> file=3D/home/mst/rhel6.qcow2 -netdev user,id=3Dbar -net
> nic,netdev=3Dbar,model=3De1000,macaddr=3D52:54:00:12:34:57  -redir
> tcp:8022::22  -vnc :1 -monitor stdio
>=20
> While guest is booting, quickly do this
>=20
> ssh localhost -p 8022
> CTRL-C
> ssh localhost -p 8022
> CTRL-C
> ssh localhost -p 8022
> CTRL-C
> ssh localhost -p 8022
> CTRL-C

Confirmed. A single canceled connection prior the interface setup is
enough. Possibly something is not properly removed / cleaned up here.
Will see if I find some time to debug, can't promise.

Jan

>=20
> When guest triest to bring up link,
> qemu crashes:
>=20
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007ffff7e4f8a7 in slirp_insque (a=3D0x0, b=3D0x7ffff91681f0) at
> slirp/misc.c:27
> 27              element->qh_link =3D head->qh_link;
> (gdb) where
> #0  0x00007ffff7e4f8a7 in slirp_insque (a=3D0x0, b=3D0x7ffff91681f0) at=

> slirp/misc.c:27
> #1  0x00007ffff7e4ddd8 in if_start (slirp=3D0x7ffff8b0e4f0) at
> slirp/if.c:194
> #2  0x00007ffff7e51290 in slirp_select_poll (readfds=3D0x7fffffffdfe0,
> writefds=3D
>     0x7fffffffdf60, xfds=3D0x7fffffffdee0, select_error=3D0) at
> slirp/slirp.c:588
> #3  0x00007ffff7e114c3 in main_loop_wait (nonblocking=3D<value optimize=
d
> out>)
>     at main-loop.c:466
> #4  0x00007ffff7e09ed4 in main_loop (argc=3D<value optimized out>,=20
>     argv=3D<value optimized out>, envp=3D<value optimized out>)
>     at /home/mst/scm/qemu/vl.c:1482
> #5  main (argc=3D<value optimized out>, argv=3D<value optimized out>,=20
>     envp=3D<value optimized out>) at /home/mst/scm/qemu/vl.c:3525
> (gdb) p element
> $1 =3D (struct quehead *) 0x0
>=20
>=20



--------------enig621AEA96167700F7633855FC
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk84H+kACgkQitSsb3rl5xT2lQCeMmfg9Nlw/D0Hr91YnDLti/LM
x7UAn2vXDCofn4YE6XpG8ZEsA6RG0fGZ
=A90V
-----END PGP SIGNATURE-----

--------------enig621AEA96167700F7633855FC--