From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:48553)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jan.kiszka@web.de>) id 1S2r9r-0007cv-IZ
	for qemu-devel@nongnu.org; Wed, 29 Feb 2012 16:34:01 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <jan.kiszka@web.de>) id 1S2r9m-0001fY-D7
	for qemu-devel@nongnu.org; Wed, 29 Feb 2012 16:33:59 -0500
Received: from fmmailgate06.web.de ([217.72.192.247]:54881)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jan.kiszka@web.de>) id 1S2r9m-0001eu-21
	for qemu-devel@nongnu.org; Wed, 29 Feb 2012 16:33:54 -0500
Received: from moweb001.kundenserver.de (moweb001.kundenserver.de
	[172.19.20.114])
	by fmmailgate06.web.de (Postfix) with ESMTP id 251EFD46BD2
	for <qemu-devel@nongnu.org>; Wed, 29 Feb 2012 22:33:52 +0100 (CET)
Message-ID: <4F4E99BC.50109@web.de>
Date: Wed, 29 Feb 2012 22:33:48 +0100
From: Jan Kiszka <jan.kiszka@web.de>
MIME-Version: 1.0
References: <cover.1330542945.git.jan.kiszka@siemens.com>
	<4F4E9208.6020207@weilnetz.de>
In-Reply-To: <4F4E9208.6020207@weilnetz.de>
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enig90D732F1388E1F4FB7532D26"
Subject: Re: [Qemu-devel] [PATCH 0/4] slirp: Fix for requeuing crash,
	cleanups
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Stefan Weil <sw@weilnetz.de>
Cc: Zhi Yong Wu <wuzhy@linux.vnet.ibm.com>, qemu-devel@nongnu.org, Fabien Chouteau <chouteau@adacore.com>, "Michael S. Tsirkin" <mst@redhat.com>

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig90D732F1388E1F4FB7532D26
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable

On 2012-02-29 22:00, Stefan Weil wrote:
> Am 29.02.2012 20:15, schrieb Jan Kiszka:
>> This is an alternative, more complete approach to fix the requeuing-
>> related crashes reported recently. See patch 2 for details. The rest a=
re
>> simple cleanups.
>>
>> Please check carefully if I messed something up.
>>
>=20
> Hi Jan,
>=20
> here is the result of MIPS Malta with your patch series applied:
>=20
> Program received signal SIGSEGV, Segmentation fault.
> 0x000055555577db5b in slirp_remque (a=3D0x555556cff360) at
> /home/stefan/src/qemu/repo.or.cz/qemu/ar7/slirp/misc.c:39
> 39        ((struct quehead *)(element->qh_rlink))->qh_link =3D
> element->qh_link;
> (gdb) i s
> #0  0x000055555577db5b in slirp_remque (a=3D0x555556cff360) at
> /home/stefan/src/qemu/repo.or.cz/qemu/ar7/slirp/misc.c:39
> #1  0x000055555577b7a2 in if_start (slirp=3D0x5555564bfb80) at
> /home/stefan/src/qemu/repo.or.cz/qemu/ar7/slirp/if.c:208
> #2  0x000055555577b607 in if_output (so=3D0x555556ea0b70,
> ifm=3D0x555556cff9e0) at
> /home/stefan/src/qemu/repo.or.cz/qemu/ar7/slirp/if.c:139
> #3  0x000055555577d040 in ip_output (so=3D0x555556ea0b70,
> m0=3D0x555556cff9e0) at
> /home/stefan/src/qemu/repo.or.cz/qemu/ar7/slirp/ip_output.c:84
> #4  0x00005555557865d6 in tcp_output (tp=3D0x555556ea0c20) at
> /home/stefan/src/qemu/repo.or.cz/qemu/ar7/slirp/tcp_output.c:456
> #5  0x000055555577ff5a in slirp_select_poll (readfds=3D0x7fffffffda10,
> writefds=3D0x7fffffffda90, xfds=3D0x7fffffffdb10, select_error=3D0)
>     at /home/stefan/src/qemu/repo.or.cz/qemu/ar7/slirp/slirp.c:480
> #6  0x000055555572d8c0 in main_loop_wait (nonblocking=3D0) at
> /home/stefan/src/qemu/repo.or.cz/qemu/ar7/main-loop.c:469
> #7  0x0000555555721a61 in main_loop () at
> /home/stefan/src/qemu/repo.or.cz/qemu/ar7/vl.c:1558
> #8  0x00005555557284a2 in main (argc=3D25, argv=3D0x7fffffffdfe8,
> envp=3D0x7fffffffe0b8) at /home/stefan/src/qemu/repo.or.cz/qemu/ar7/vl.=
c:3667
> (gdb) p element
> $1 =3D (struct quehead *) 0x555556cff360
> (gdb) p *element
> $2 =3D {qh_link =3D 0x555556cff360, qh_rlink =3D 0x0}
> (gdb) p (struct quehead *)(element->qh_rlink)
> $3 =3D (struct quehead *) 0x0

Hmm. Two options:

 - you try to debug what happens to that mbuf, why its queue anchors
   get corrupted (maybe while in if_encap?)
 - you tell me how to reproduce it (image file, host characteristics)

Jan


--------------enig90D732F1388E1F4FB7532D26
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9OmbwACgkQitSsb3rl5xQW0wCgqNiIRG9sZ49vkZPZyd2BUjZ9
SWwAoIyE3xs4q21zPcvmfeZ6rQ6QUVry
=KLaN
-----END PGP SIGNATURE-----

--------------enig90D732F1388E1F4FB7532D26--