Re: [Qemu-devel] slirp-related crash

[Zhi Yong Wu]

On Mon, Feb 13, 2012 at 4:24 AM, Jan Kiszka <jan.kis...@web.de> wrote:
> On 2012-02-12 19:34, Michael S. Tsirkin wrote:
>> It seems somewhat easy to crash qemu with slirp if we queue multiple packets.
>> I didn't investigate further yet so I don't know if this
>> is a regression. Anyone knowledgeable about slirp wants to take a look?
>>
>> /home/mst/qemu-test/bin/qemu-system-x86_64  -enable-kvm -m 1G -drive
>> file=/home/mst/rhel6.qcow2 -netdev user,id=bar -net
>> nic,netdev=bar,model=e1000,macaddr=52:54:00:12:34:57  -redir
>> tcp:8022::22  -vnc :1 -monitor stdio
>>
>> While guest is booting, quickly do this
>>
>> ssh localhost -p 8022
>> CTRL-C
>> ssh localhost -p 8022
>> CTRL-C
>> ssh localhost -p 8022
>> CTRL-C
>> ssh localhost -p 8022
>> CTRL-C
>
> Confirmed. A single canceled connection prior the interface setup is
> enough. Possibly something is not properly removed / cleaned up here.
> Will see if I find some time to debug, can't promise.
Interesting thing, pls give me some time, and i am trying to debug this issue.

>
> Jan
>
>>
>> When guest triest to bring up link,
>> qemu crashes:
>>
>> Program received signal SIGSEGV, Segmentation fault.
>> 0x00007ffff7e4f8a7 in slirp_insque (a=0x0, b=0x7ffff91681f0) at
>> slirp/misc.c:27
>> 27              element->qh_link = head->qh_link;
>> (gdb) where
>> #0  0x00007ffff7e4f8a7 in slirp_insque (a=0x0, b=0x7ffff91681f0) at
>> slirp/misc.c:27
>> #1  0x00007ffff7e4ddd8 in if_start (slirp=0x7ffff8b0e4f0) at
>> slirp/if.c:194
>> #2  0x00007ffff7e51290 in slirp_select_poll (readfds=0x7fffffffdfe0,
>> writefds=
>>     0x7fffffffdf60, xfds=0x7fffffffdee0, select_error=0) at
>> slirp/slirp.c:588
>> #3  0x00007ffff7e114c3 in main_loop_wait (nonblocking=<value optimized
>> out>)
>>     at main-loop.c:466
>> #4  0x00007ffff7e09ed4 in main_loop (argc=<value optimized out>,
>>     argv=<value optimized out>, envp=<value optimized out>)
>>     at /home/mst/scm/qemu/vl.c:1482
>> #5  main (argc=<value optimized out>, argv=<value optimized out>,
>>     envp=<value optimized out>) at /home/mst/scm/qemu/vl.c:3525
>> (gdb) p element
>> $1 = (struct quehead *) 0x0
>>
>>
>
>



-- 
Regards,

Zhi Yong Wu