From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:58694) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RwxoL-0000rI-AL for qemu-devel@nongnu.org; Mon, 13 Feb 2012 10:27:31 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RwxoK-0006qL-3t for qemu-devel@nongnu.org; Mon, 13 Feb 2012 10:27:25 -0500 Received: from mail-pz0-f45.google.com ([209.85.210.45]:62050) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RwxoJ-0006q8-Uh for qemu-devel@nongnu.org; Mon, 13 Feb 2012 10:27:24 -0500 Received: by dadp14 with SMTP id p14so5278746dad.4 for ; Mon, 13 Feb 2012 07:27:22 -0800 (PST) MIME-Version: 1.0 In-Reply-To: <4F381FE4.3050009@web.de> References: <20120212183407.GA4534@redhat.com> <4F381FE4.3050009@web.de> Date: Mon, 13 Feb 2012 23:27:22 +0800 Message-ID: From: Zhi Yong Wu Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] slirp-related crash List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Jan Kiszka Cc: Stefan Hajnoczi , qemu-devel@nongnu.org, "Michael S. Tsirkin" On Mon, Feb 13, 2012 at 4:24 AM, Jan Kiszka wrote: > On 2012-02-12 19:34, Michael S. Tsirkin wrote: >> It seems somewhat easy to crash qemu with slirp if we queue multiple pac= kets. >> I didn't investigate further yet so I don't know if this >> is a regression. Anyone knowledgeable about slirp wants to take a look? >> >> /home/mst/qemu-test/bin/qemu-system-x86_64 =A0-enable-kvm -m 1G -drive >> file=3D/home/mst/rhel6.qcow2 -netdev user,id=3Dbar -net >> nic,netdev=3Dbar,model=3De1000,macaddr=3D52:54:00:12:34:57 =A0-redir >> tcp:8022::22 =A0-vnc :1 -monitor stdio >> >> While guest is booting, quickly do this >> >> ssh localhost -p 8022 >> CTRL-C >> ssh localhost -p 8022 >> CTRL-C >> ssh localhost -p 8022 >> CTRL-C >> ssh localhost -p 8022 >> CTRL-C > > Confirmed. A single canceled connection prior the interface setup is > enough. Possibly something is not properly removed / cleaned up here. > Will see if I find some time to debug, can't promise. Interesting thing, pls give me some time, and i am trying to debug this iss= ue. > > Jan > >> >> When guest triest to bring up link, >> qemu crashes: >> >> Program received signal SIGSEGV, Segmentation fault. >> 0x00007ffff7e4f8a7 in slirp_insque (a=3D0x0, b=3D0x7ffff91681f0) at >> slirp/misc.c:27 >> 27 =A0 =A0 =A0 =A0 =A0 =A0 =A0element->qh_link =3D head->qh_link; >> (gdb) where >> #0 =A00x00007ffff7e4f8a7 in slirp_insque (a=3D0x0, b=3D0x7ffff91681f0) a= t >> slirp/misc.c:27 >> #1 =A00x00007ffff7e4ddd8 in if_start (slirp=3D0x7ffff8b0e4f0) at >> slirp/if.c:194 >> #2 =A00x00007ffff7e51290 in slirp_select_poll (readfds=3D0x7fffffffdfe0, >> writefds=3D >> =A0 =A0 0x7fffffffdf60, xfds=3D0x7fffffffdee0, select_error=3D0) at >> slirp/slirp.c:588 >> #3 =A00x00007ffff7e114c3 in main_loop_wait (nonblocking=3D> out>) >> =A0 =A0 at main-loop.c:466 >> #4 =A00x00007ffff7e09ed4 in main_loop (argc=3D, >> =A0 =A0 argv=3D, envp=3D) >> =A0 =A0 at /home/mst/scm/qemu/vl.c:1482 >> #5 =A0main (argc=3D, argv=3D, >> =A0 =A0 envp=3D) at /home/mst/scm/qemu/vl.c:3525 >> (gdb) p element >> $1 =3D (struct quehead *) 0x0 >> >> > > --=20 Regards, Zhi Yong Wu