On 4 September 2015 at 11:25, Richard Purdie
<richard.pur...@linuxfoundation.org> wrote:
> We're seeing repeated segfaults in qemu-system-arm when we heavily use
> the network. I have a coredump backtrace:
> (gdb) print s->tx_fifo_done
> $1 = {99614720, 99614720, 99614720, 99614720}
> (gdb) print s->tx_fifo_done_len
> $2 = 99614719
>
> so it looks like tx_fifo_done_len has been corrupted, going beyond that
> is harder for me to figure out. Does anyone happen to know what might be
> going on here? This is with qemu 2.4.0.
That would suggest the rx_fifo buffer is overrunning (assuming
none of the other fields in the struct look like they've
been corrupted). Can you try putting
assert(s->rx_fifo_len < NUM_PACKETS);
before
s->rx_fifo[s->rx_fifo_len++] = packetnum;
in smc91c111_receive(), and see if you hit that assertion?
Also, do you have a more specific reproduce case so I can try
to replicate the problem here?
thanks
-- PMM
