On Thu, Oct 20, 2016 at 10:53:50PM +0100, Brian Candler wrote: CCing slirp maintainers to get attention on this bug
> I have some reproducible-ish segfaults in qemu 2.7.0 (built from source) > running under ubuntu 16.04, on a quad-core i7 Mac Mini Server. > > I can reproduce these problems on a different Mac Mini, and I also replaced > the RAM on mine, so I'm sure it's not hardware related. > > It's somewhat painful to reproduce (taking about 30 minutes each attempt, > and using a lot of network bandwidth). > > This is using packer (packer.io) to create a VM and then using ansible to do > a whole load of package installation and provisioning inside that VM. > packer starts qemu with a user-mode network interface. > > If I part-build the VM, I can continue the build by restarting it under gdb > and qemu directly at the command line, and get a backtrace. Here's the first > one: > > Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault. > 0x00007ffff6a1bb5b in _int_free (av=0x7ffff6d5fb20 <main_arena>, > p=<optimised out>, have_lock=0) at malloc.c:4006 > 4006 malloc.c: No such file or directory. > (gdb) bt > #0 0x00007ffff6a1bb5b in _int_free (av=0x7ffff6d5fb20 <main_arena>, > p=<optimised out>, have_lock=0) > at malloc.c:4006 > #1 0x00007ffff6a1fabc in __GI___libc_free (mem=<optimised out>) at > malloc.c:2969 > #2 0x00005555559a6c0f in tcp_close (tp=tp@entry=0x555556621ed0) at > slirp/tcp_subr.c:334 > #3 0x00005555559a6c8f in tcp_drop (tp=tp@entry=0x555556621ed0, > err=<optimised out>) at slirp/tcp_subr.c:298 > #4 0x00005555559a816b in tcp_timers (timer=<optimised out>, > tp=0x555556621ed0) at slirp/tcp_timer.c:179 > #5 tcp_slowtimo (slirp=slirp@entry=0x55555658ecf0) at slirp/tcp_timer.c:89 > #6 0x00005555559a0be8 in slirp_pollfds_poll (pollfds=0x555556531f20, > select_error=select_error@entry=0) > at slirp/slirp.c:576 > #7 0x00005555559d4b0c in main_loop_wait (nonblocking=<optimised out>) at > main-loop.c:508 > #8 0x000055555573fea1 in main_loop () at vl.c:1908 > #9 main (argc=<optimised out>, argv=<optimised out>, envp=<optimised out>) > at vl.c:4604 > (gdb) > > So: > > * Is this of interest? Yes. Thank you for reporting it. > * If so, what additional gdb output would you like me to provide? I wonder if this connection has already been closed/freed before and the timer fires shortly afterward. That's just a guess based on the backtrace. > * If developers want to reproduce this, let me know and I can probably send > the VM qcow2 file and/or packer source privately off-list [I need to check > permission for that] > > Thanks, > > Brian Candler. > >
signature.asc
Description: PGP signature
