Another crash site appears to be: #0 0xb760f0d0 in ifs_insque (ifm=0xba711478, ifmhead=0x0) at slirp/if.c:16 #1 0xb760f2dd in if_output (so=0xba60db70, ifm=0xba711478) at slirp/if.c:98 #2 0xb7610bb5 in ip_output (so=0xba60db70, m0=0xba711478) at slirp/ip_output.c:84 #3 0xb761959c in tcp_output (tp=0xba4b4540) at slirp/tcp_output.c:456 #4 0xb761bb9b in tcp_timers (tp=0xba4b4540, timer=0) at slirp/tcp_timer.c:242 #5 0xb761b8d4 in tcp_slowtimo (slirp=0xb9d9eeb0) at slirp/tcp_timer.c:88 #6 0xb761365a in slirp_select_poll (readfds=0xbff7a78c, writefds=0xbff7a80c, xfds=0xbff7a88c, select_error=0) at slirp/slirp.c:433 #7 0xb75c82a0 in main_loop_wait (nonblocking=0) at main-loop.c:465 #8 0xb75bd042 in main_loop () at /home/craig/build/qemu-1.0.1/vl.c:1481 #9 0xb75c28a0 in main (argc=20, argv=0xbff7ac94, envp=0xbff7ace8) at /home/craig/build/qemu-1.0.1/vl.c:3485 Full trace: Thread 5 (Thread 0xb1f68b70 (LWP 6148)): #0 0xb746e424 in __kernel_vsyscall () No symbol table info available. #1 0xb72bce04 in pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_timedwait.S:236 No locals. #2 0xb75d938a in cond_timedwait (cond=0xb7cb81e0, mutex=0xb7cb81c0, ts=0xb1f6835c) at posix-aio-compat.c:104 ret = 0 #3 0xb75d9b6c in aio_thread (unused=0x0) at posix-aio-compat.c:334 aiocb = 0xba432348 ret = 0 tv = {tv_sec = 1331775274, tv_usec = 188038} ts = {tv_sec = 1331775284, tv_nsec = 0} #4 0xb72b8d31 in start_thread (arg=0xb1f68b70) at pthread_create.c:304 __res = pd = 0xb1f68b70 now = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1221812236, 0, 4001536, -1309244296, -366533283, 1345980240}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = { prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = robust = pagesize_m1 = sp = freesize = __PRETTY_FUNCTION__ = "start_thread" #5 0xb6d290ce in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 No locals. Backtrace stopped: Not enough registers or memory available to unwind further Thread 4 (Thread 0xb0d62b70 (LWP 6149)): #0 0xb746e424 in __kernel_vsyscall () No symbol table info available. #1 0xb72bf619 in __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/lowlevellock.S:142 No locals. #2 0xb72c27a0 in _L_cond_lock_704 () from /lib/i386-linux-gnu/libpthread.so.0 libgcc_s_getcfa = 0 libgcc_s_resume = 0 libgcc_s_forcedunwind = 0 libgcc_s_personality = 0 libgcc_s_handle = 0x0 #3 0xb72c2521 in __pthread_mutex_cond_lock (mutex=0xb7e8cc00) at ../nptl/pthread_mutex_lock.c:61 __PRETTY_FUNCTION__ = "__pthread_mutex_cond_lock" type = 3085487104 id = 6149 #4 0xb72bcb0e in pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_wait.S:255 No locals. #5 0xb75f854a in qemu_cond_wait (cond=0xb7cc8aa0, mutex=0xb7e8cc00) at qemu-thread-posix.c:113 err = -1168134704 __func__ = "qemu_cond_wait" #6 0xb7686409 in qemu_tcg_wait_io_event () at /home/craig/build/qemu-1.0.1/cpus.c:699 env = 0x10000 #7 0xb76866cf in qemu_tcg_cpu_thread_fn (arg=0xba5fadd0) at /home/craig/build/qemu-1.0.1/cpus.c:778 env = 0x0 #8 0xb72b8d31 in start_thread (arg=0xb0d62b70) at pthread_create.c:304 __res = pd = 0xb0d62b70 now = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1221812236, 0, 4001536, -1328143240, -1419303585, 1345980240}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = { prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = robust = pagesize_m1 = sp = freesize = __PRETTY_FUNCTION__ = "start_thread" #9 0xb6d290ce in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 No locals. Backtrace stopped: Not enough registers or memory available to unwind further Thread 3 (Thread 0xb296ab70 (LWP 6147)): #0 0xb746e424 in __kernel_vsyscall () No symbol table info available. #1 0xb72bce04 in pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_timedwait.S:236 No locals. #2 0xb75d938a in cond_timedwait (cond=0xb7cb81e0, mutex=0xb7cb81c0, ts=0xb296a35c) at posix-aio-compat.c:104 ret = 0 #3 0xb75d9b6c in aio_thread (unused=0x0) at posix-aio-compat.c:334 aiocb = 0xba432348 ret = 0 tv = {tv_sec = 1331775274, tv_usec = 185444} ts = {tv_sec = 1331775284, tv_nsec = 0} #4 0xb72b8d31 in start_thread (arg=0xb296ab70) at pthread_create.c:304 __res = pd = 0xb296ab70 now = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1221812236, 0, 4001536, -1298750344, 711402843, 1345980240}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = { prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = robust = pagesize_m1 = sp = freesize = __PRETTY_FUNCTION__ = "start_thread" #5 0xb6d290ce in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 No locals. Backtrace stopped: Not enough registers or memory available to unwind further Thread 2 (Thread 0xb316bb70 (LWP 6146)): #0 0xb746e424 in __kernel_vsyscall () No symbol table info available. #1 0xb72bce04 in pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_timedwait.S:236 No locals. #2 0xb75d938a in cond_timedwait (cond=0xb7cb81e0, mutex=0xb7cb81c0, ts=0xb316b35c) at posix-aio-compat.c:104 ret = 0 #3 0xb75d9b6c in aio_thread (unused=0x0) at posix-aio-compat.c:334 aiocb = 0xba432348 ret = 0 tv = {tv_sec = 1331775274, tv_usec = 185217} ts = {tv_sec = 1331775284, tv_nsec = 0} #4 0xb72b8d31 in start_thread (arg=0xb316bb70) at pthread_create.c:304 __res = pd = 0xb316bb70 now = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1221812236, 0, 4001536, -1290357640, 709305688, 1345980240}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = { prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = robust = pagesize_m1 = sp = freesize = __PRETTY_FUNCTION__ = "start_thread" #5 0xb6d290ce in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 No locals. Backtrace stopped: Not enough registers or memory available to unwind further Thread 1 (Thread 0xb636e6e0 (LWP 6145)): #0 0xb760f0d0 in ifs_insque (ifm=0xba711478, ifmhead=0x0) at slirp/if.c:16 No locals. #1 0xb760f2dd in if_output (so=0xba60db70, ifm=0xba711478) at slirp/if.c:98 slirp = 0xb9d9eeb0 ifq = 0xba711478 on_fastq = 1 #2 0xb7610bb5 in ip_output (so=0xba60db70, m0=0xba711478) at slirp/ip_output.c:84 slirp = 0xb9d9eeb0 ip = 0xba7114e4 m = 0xba711478 hlen = 20 len = -1166994312 off = -1176899780 error = 0 #3 0xb761959c in tcp_output (tp=0xba4b4540) at slirp/tcp_output.c:456 so = 0xba60db70 len = 0 win = 8760 off = 0 flags = 2 error = 179984 m = 0xba711478 ti = 0xba7114e4 opt = "\002\004\005\264\001\000\000\000$\246\367\277\266\064ζ·_\267\064\246\367\277\260\237\001\000\063T$\024" optlen = 4 hdrlen = 44 idle = 0 sendalot = 0 #4 0xb761bb9b in tcp_timers (tp=0xba4b4540, timer=0) at slirp/tcp_timer.c:242 rexmt = 96 #5 0xb761b8d4 in tcp_slowtimo (slirp=0xb9d9eeb0) at slirp/tcp_timer.c:88 ip = 0xba60db70 ipnxt = 0xb9d9f8b0 tp = 0xba4b4540 i = 0 #6 0xb761365a in slirp_select_poll (readfds=0xbff7a78c, writefds=0xbff7a80c, xfds=0xbff7a88c, select_error=0) at slirp/slirp.c:433 slirp = 0xb9d9eeb0 so = 0x0 so_next = 0x0 ret = -1074288756 #7 0xb75c82a0 in main_loop_wait (nonblocking=0) at main-loop.c:465 rfds = {fds_bits = {2048, 0 }} wfds = {fds_bits = {0 }} xfds = {fds_bits = {0 }} ret = 1 nfds = 18 tv = {tv_sec = 0, tv_usec = 997895} timeout = 1000 #8 0xb75bd042 in main_loop () at /home/craig/build/qemu-1.0.1/vl.c:1481 nonblocking = false last_io = 0 #9 0xb75c28a0 in main (argc=20, argv=0xbff7ac94, envp=0xbff7ace8) at /home/craig/build/qemu-1.0.1/vl.c:3485 gdbstub_dev = 0x0 i = 64 snapshot = 1 linux_boot = 0 icount_option = 0x0 initrd_filename = 0x0 kernel_filename = 0x0 kernel_cmdline = 0xb778290f "" boot_devices = "cad", '\000' ds = 0xba0a8f78 dcl = 0x0 cyls = 0 heads = 0 secs = 0 translation = 0 hda_opts = 0x0 opts = 0xb72cd000 olist = 0xbff7ab58 optind = 20 optarg = 0x0 loadvm = 0x0 machine = 0xb78abe60 cpu_model = 0x0 pid_file = 0x0 incoming = 0x0 show_vnc_port = 0 defconfig = 1 log_mask = 0x0 log_file = 0x0 mem_trace = {malloc = 0xb75becb1 , realloc = 0xb75bed0e , free = 0xb75bed7f , calloc = 0, try_malloc = 0, try_realloc = 0} trace_events = 0x0 trace_file = 0x0