[Qemu-devel] [Bug 824650] [NEW] Latest GIT assert error in arp_table.c

[Qemu-devel] [Bug 824650] [NEW] Latest GIT assert error in arp_table.c

[Nigel Horne]

Public bug reported:

The latest git version of qemu (commit
8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
All was fine up to a few days ago.  This is wth both x86 and sparc
emulation, on an x86_64 host.

e.g. qemu-system-sparc -drive
file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
-nographic -redir tcp:2232::22:

 qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
`(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf <<
28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000) >>
24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
(((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
"0" (__x)); __v; }))) != 0' failed.

** Affects: qemu
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/824650

Title:
  Latest GIT assert error in arp_table.c

Status in QEMU:
  New

Bug description:
  The latest git version of qemu (commit
  8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
  All was fine up to a few days ago.  This is wth both x86 and sparc
  emulation, on an x86_64 host.

  e.g. qemu-system-sparc -drive
  file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
  -nographic -redir tcp:2232::22:

   qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
  `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf
  << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000)
  >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
  (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
  "0" (__x)); __v; }))) != 0' failed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions

[Qemu-devel] [Bug 824650] Re: Latest GIT assert error in arp_table.c

[Nigel Horne]

I am wondering if it's the use of the "-redir tcp:2232::22:" argument
which is broken in GIT.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/824650

Title:
  Latest GIT assert error in arp_table.c

Status in QEMU:
  New

Bug description:
  The latest git version of qemu (commit
  8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
  All was fine up to a few days ago.  This is wth both x86 and sparc
  emulation, on an x86_64 host.

  e.g. qemu-system-sparc -drive
  file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
  -nographic -redir tcp:2232::22:

   qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
  `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf
  << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000)
  >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
  (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
  "0" (__x)); __v; }))) != 0' failed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions

Re: [Qemu-devel] [Bug 824650] Re: Latest GIT assert error in arp_table.c

[Jan Kiszka]

[-- Attachment #1: Type: text/plain, Size: 293 bytes --]

On 2011-08-31 23:03, Nigel Horne wrote:
> I am wondering if it's the use of the "-redir tcp:2232::22:" argument
> which is broken in GIT.

Could you try attaching gdb to the failing qemu and catch a backtrace or
even more information? I've tried to reproduce but failed so far.

Jan


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]

[Qemu-devel] [Bug 824650] Re: Latest GIT assert error in arp_table.c

[Nigel Horne]

No - that's not relevant.  The latest git
(07ff2c4475df77e38a31d50ee7f3932631806c15) still crashes after just a
couple of minutes with just about any guest on a Linux host.

These are the args for my FreeBSD guest:

qemu-system-i386 -drive
file=freebsd8.1-i386,index=0,media=disk,cache=unsafe -drive
file=/dev/cdrom,index=1,media=cdrom -boot c -enable-kvm -m 128

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/824650

Title:
  Latest GIT assert error in arp_table.c

Status in QEMU:
  New

Bug description:
  The latest git version of qemu (commit
  8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
  All was fine up to a few days ago.  This is wth both x86 and sparc
  emulation, on an x86_64 host.

  e.g. qemu-system-sparc -drive
  file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
  -nographic -redir tcp:2232::22:

   qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
  `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf
  << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000)
  >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
  (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
  "0" (__x)); __v; }))) != 0' failed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions

Re: [Qemu-devel] [Bug 824650] [NEW] Latest GIT assert error in arp_table.c

[Roy Tam]

2011/8/12 Nigel Horne <824650@bugs.launchpad.net>:
> Public bug reported:
>
> The latest git version of qemu (commit
> 8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
> All was fine up to a few days ago.  This is wth both x86 and sparc
> emulation, on an x86_64 host.
>
> e.g. qemu-system-sparc -drive
> file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
> -nographic -redir tcp:2232::22:
>
>  qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
> `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf <<
> 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000) >>
> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
> (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
> "0" (__x)); __v; }))) != 0' failed.
>
> ** Affects: qemu
>     Importance: Undecided
>         Status: New
>
> --
> You received this bug notification because you are a member of qemu-
> devel-ml, which is subscribed to QEMU.
> https://bugs.launchpad.net/bugs/824650
>
> Title:
>  Latest GIT assert error in arp_table.c
>
> Status in QEMU:
>  New
>
> Bug description:
>  The latest git version of qemu (commit
>  8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
>  All was fine up to a few days ago.  This is wth both x86 and sparc
>  emulation, on an x86_64 host.
>
>  e.g. qemu-system-sparc -drive
>  file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
>  -nographic -redir tcp:2232::22:
>
>   qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
>  `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf
>  << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000)
>  >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
>  (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
>  "0" (__x)); __v; }))) != 0' failed.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions
>
>

I'm hitting same assertion too.

Assertion failed: (ip_addr & htonl(~(0xf << 28))) != 0, file
slirp/arp_table.c, line 75

Environment: Win XP SP3 host, MinGW gcc 4.3.3-tdm-1
Build: qemu.git rev 44520db10b1b92f272348ab7028e7afc68ac3edf
CommandLine: qemu -hda e:\xp.vmdk -soundhw sb16 -m 320 -localtime -usb
-usbdevice tablet -net user -net nic,model=ne2k_pci -drive
if=none,id=usbstick,file=e:\4m.img -device
usb-storage,bus=usb.0,drive=usbstick

Re: [Qemu-devel] [Bug 824650] [NEW] Latest GIT assert error in arp_table.c

[Jan Kiszka]

[-- Attachment #1: Type: text/plain, Size: 2870 bytes --]

On 2011-09-15 06:11, Roy Tam wrote:
> 2011/8/12 Nigel Horne <824650@bugs.launchpad.net>:
>> Public bug reported:
>>
>> The latest git version of qemu (commit
>> 8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
>> All was fine up to a few days ago.  This is wth both x86 and sparc
>> emulation, on an x86_64 host.
>>
>> e.g. qemu-system-sparc -drive
>> file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
>> -nographic -redir tcp:2232::22:
>>
>>  qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
>> `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf <<
>> 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000) >>
>> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
>> (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
>> "0" (__x)); __v; }))) != 0' failed.
>>
>> ** Affects: qemu
>>     Importance: Undecided
>>         Status: New
>>
>> --
>> You received this bug notification because you are a member of qemu-
>> devel-ml, which is subscribed to QEMU.
>> https://bugs.launchpad.net/bugs/824650
>>
>> Title:
>>  Latest GIT assert error in arp_table.c
>>
>> Status in QEMU:
>>  New
>>
>> Bug description:
>>  The latest git version of qemu (commit
>>  8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
>>  All was fine up to a few days ago.  This is wth both x86 and sparc
>>  emulation, on an x86_64 host.
>>
>>  e.g. qemu-system-sparc -drive
>>  file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
>>  -nographic -redir tcp:2232::22:
>>
>>   qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
>>  `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf
>>  << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000)
>>  >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
>>  (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
>>  "0" (__x)); __v; }))) != 0' failed.
>>
>> To manage notifications about this bug go to:
>> https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions
>>
>>
> 
> I'm hitting same assertion too.
> 
> Assertion failed: (ip_addr & htonl(~(0xf << 28))) != 0, file
> slirp/arp_table.c, line 75
> 
> Environment: Win XP SP3 host, MinGW gcc 4.3.3-tdm-1
> Build: qemu.git rev 44520db10b1b92f272348ab7028e7afc68ac3edf
> CommandLine: qemu -hda e:\xp.vmdk -soundhw sb16 -m 320 -localtime -usb
> -usbdevice tablet -net user -net nic,model=ne2k_pci -drive
> if=none,id=usbstick,file=e:\4m.img -device
> usb-storage,bus=usb.0,drive=usbstick

Same request here: Please try to catch a bit more context (backtrace,
variable states etc.) via gdb. Or if you have a way to reproduce the
issue, let me know the details.

Thanks,
Jan


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]

Re: [Qemu-devel] [Bug 824650] [NEW] Latest GIT assert error in arp_table.c

[Roy Tam]

2011/9/15 Jan Kiszka <jan.kiszka@web.de>:
> On 2011-09-15 06:11, Roy Tam wrote:
>> 2011/8/12 Nigel Horne <824650@bugs.launchpad.net>:
>>> Public bug reported:
>>>
>>> The latest git version of qemu (commit
>>> 8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
>>> All was fine up to a few days ago.  This is wth both x86 and sparc
>>> emulation, on an x86_64 host.
>>>
>>> e.g. qemu-system-sparc -drive
>>> file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
>>> -nographic -redir tcp:2232::22:
>>>
>>>  qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
>>> `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf <<
>>> 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000) >>
>>> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
>>> (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
>>> "0" (__x)); __v; }))) != 0' failed.
>>>
>>> ** Affects: qemu
>>>     Importance: Undecided
>>>         Status: New
>>>
>>> --
>>> You received this bug notification because you are a member of qemu-
>>> devel-ml, which is subscribed to QEMU.
>>> https://bugs.launchpad.net/bugs/824650
>>>
>>> Title:
>>>  Latest GIT assert error in arp_table.c
>>>
>>> Status in QEMU:
>>>  New
>>>
>>> Bug description:
>>>  The latest git version of qemu (commit
>>>  8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
>>>  All was fine up to a few days ago.  This is wth both x86 and sparc
>>>  emulation, on an x86_64 host.
>>>
>>>  e.g. qemu-system-sparc -drive
>>>  file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
>>>  -nographic -redir tcp:2232::22:
>>>
>>>   qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
>>>  `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf
>>>  << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000)
>>>  >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
>>>  (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
>>>  "0" (__x)); __v; }))) != 0' failed.
>>>
>>> To manage notifications about this bug go to:
>>> https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions
>>>
>>>
>>
>> I'm hitting same assertion too.
>>
>> Assertion failed: (ip_addr & htonl(~(0xf << 28))) != 0, file
>> slirp/arp_table.c, line 75
>>
>> Environment: Win XP SP3 host, MinGW gcc 4.3.3-tdm-1
>> Build: qemu.git rev 44520db10b1b92f272348ab7028e7afc68ac3edf
>> CommandLine: qemu -hda e:\xp.vmdk -soundhw sb16 -m 320 -localtime -usb
>> -usbdevice tablet -net user -net nic,model=ne2k_pci -drive
>> if=none,id=usbstick,file=e:\4m.img -device
>> usb-storage,bus=usb.0,drive=usbstick
>
> Same request here: Please try to catch a bit more context (backtrace,
> variable states etc.) via gdb. Or if you have a way to reproduce the
> issue, let me know the details.
>
> Thanks,
> Jan
>
>

Hope it helps.

C:\msys\home\User\qemu>gdb --args i386-softmmu\qemu-system-i386.exe
-hda i386-softmmu\xp.vmdk -soundhw sb16 -m 320 -localtime -usb
-usbdevice tablet -net user -net nic,model=ne2k_pci -L pc-bios
GNU gdb (GDB) 7.3
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "mingw32".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from C:\msys\home\User\qemu/i386-softmmu\qemu-system-i386.exe...
done.
(gdb) list:arp_table.c:75
No source file named .
(gdb) list arp_table.c:75
70
71          DEBUG_CALL("arp_table_search");
72          DEBUG_ARG("ip = 0x%x", ip_addr);
73
74          /* Check 0.0.0.0/8 invalid source-only addresses */
75          assert((ip_addr & htonl(~(0xf << 28))) != 0);
76
77          /* If broadcast address */
78          if (ip_addr == 0xffffffff || ip_addr == broadcast_addr) {
79              /* return Ethernet broadcast address */
(gdb) break arp_table.c:75
Breakpoint 1 at 0x4b7ee1: file slirp/arp_table.c, line 75.
(gdb) r
Starting program:
C:\msys\home\User\qemu/i386-softmmu\qemu-system-i386.exe -hda
i386-softmmu\\xp.vmdk -soundhw sb16 -m 320 -localtime -usb -usbdevice
tablet -net user -net nic,model=ne2k_pci -L pc-bios
[New Thread 8744.0x313c]
[New Thread 8744.0x3098]
[New Thread 8744.0x2108]
[New Thread 8744.0x2c4c]
[New Thread 8744.0x365c]
sb16: warning: command 0xf,1 is not truly understood yet
sb16: warning: command 0xe,2 is not truly understood yet
[Switching to Thread 8744.0x2108]

Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=4294967295,
    out_ethaddr=0x20af64a "\311\001") at slirp/arp_table.c:75
75          assert((ip_addr & htonl(~(0xf << 28))) != 0);
(gdb) c
Continuing.
[New Thread 8744.0x36d4]
[Switching to Thread 8744.0x313c]

Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=0,
    out_ethaddr=0x22f642 "\"") at slirp/arp_table.c:75
75          assert((ip_addr & htonl(~(0xf << 28))) != 0);
(gdb) bt
#0  arp_table_search (slirp=0x19f7380, ip_addr=0, out_ethaddr=0x22f642 "\"")
    at slirp/arp_table.c:75
#1  0x004bafbd in if_encap (slirp=0x19f7488, ifm=0x1caf5a8)
    at slirp/slirp.c:709
#2  0x004b8a73 in if_start (slirp=0x19f7380) at slirp/if.c:210
#3  0x004b9c9e in ip_output (so=0x1caf5a8, m0=0x0) at slirp/ip_output.c:84
#4  0x004bf737 in tcp_output (tp=0x21f57d0) at slirp/tcp_output.c:456
#5  0x004c09ad in tcp_drop (tp=0x21f57d0, err=0) at slirp/tcp_subr.c:225
#6  0x004c1182 in tcp_timers (timer=<optimized out>, tp=<optimized out>)
    at slirp/tcp_timer.c:287
#7  tcp_slowtimo (slirp=0x0) at slirp/tcp_timer.c:88
#8  0x004bb6f1 in slirp_select_poll (readfds=0x22fae0, writefds=0x22f9dc,
    xfds=0x22f8d8, select_error=2291816) at slirp/slirp.c:433
#9  0x0048fb87 in main_loop_wait (nonblocking=0)
    at C:/msys/home/User/qemu/vl.c:1436
#10 0x00490d10 in main_loop () at C:/msys/home/User/qemu/vl.c:1466
#11 qemu_main (argc=0, argv=0x19f5100, envp=0x0)
    at C:/msys/home/User/qemu/vl.c:3453
#12 0x0049322d in SDL_main (argc=17, argv=0x19f5100)
    at C:/msys/home/User/qemu/vl.c:102
#13 0x005eb784 in console_main ()
#14 0x005eb844 in WinMain@16 ()
#15 0x005eb068 in main ()
(gdb) c
Continuing.
Assertion failed: (ip_addr & htonl(~(0xf << 28))) != 0, file slirp/arp_table.c,
line 75

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
[Inferior 1 (process 8744) exited with code 03]
(gdb)

Re: [Qemu-devel] [Bug 824650] [NEW] Latest GIT assert error in arp_table.c

[Jan Kiszka]

[-- Attachment #1: Type: text/plain, Size: 7529 bytes --]

On 2011-09-15 09:38, Roy Tam wrote:
> 2011/9/15 Jan Kiszka <jan.kiszka@web.de>:
>> On 2011-09-15 06:11, Roy Tam wrote:
>>> 2011/8/12 Nigel Horne <824650@bugs.launchpad.net>:
>>>> Public bug reported:
>>>>
>>>> The latest git version of qemu (commit
>>>> 8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
>>>> All was fine up to a few days ago.  This is wth both x86 and sparc
>>>> emulation, on an x86_64 host.
>>>>
>>>> e.g. qemu-system-sparc -drive
>>>> file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
>>>> -nographic -redir tcp:2232::22:
>>>>
>>>>  qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
>>>> `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf <<
>>>> 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000) >>
>>>> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
>>>> (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
>>>> "0" (__x)); __v; }))) != 0' failed.
>>>>
>>>> ** Affects: qemu
>>>>     Importance: Undecided
>>>>         Status: New
>>>>
>>>> --
>>>> You received this bug notification because you are a member of qemu-
>>>> devel-ml, which is subscribed to QEMU.
>>>> https://bugs.launchpad.net/bugs/824650
>>>>
>>>> Title:
>>>>  Latest GIT assert error in arp_table.c
>>>>
>>>> Status in QEMU:
>>>>  New
>>>>
>>>> Bug description:
>>>>  The latest git version of qemu (commit
>>>>  8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
>>>>  All was fine up to a few days ago.  This is wth both x86 and sparc
>>>>  emulation, on an x86_64 host.
>>>>
>>>>  e.g. qemu-system-sparc -drive
>>>>  file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
>>>>  -nographic -redir tcp:2232::22:
>>>>
>>>>   qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
>>>>  `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf
>>>>  << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000)
>>>>  >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
>>>>  (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
>>>>  "0" (__x)); __v; }))) != 0' failed.
>>>>
>>>> To manage notifications about this bug go to:
>>>> https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions
>>>>
>>>>
>>>
>>> I'm hitting same assertion too.
>>>
>>> Assertion failed: (ip_addr & htonl(~(0xf << 28))) != 0, file
>>> slirp/arp_table.c, line 75
>>>
>>> Environment: Win XP SP3 host, MinGW gcc 4.3.3-tdm-1
>>> Build: qemu.git rev 44520db10b1b92f272348ab7028e7afc68ac3edf
>>> CommandLine: qemu -hda e:\xp.vmdk -soundhw sb16 -m 320 -localtime -usb
>>> -usbdevice tablet -net user -net nic,model=ne2k_pci -drive
>>> if=none,id=usbstick,file=e:\4m.img -device
>>> usb-storage,bus=usb.0,drive=usbstick
>>
>> Same request here: Please try to catch a bit more context (backtrace,
>> variable states etc.) via gdb. Or if you have a way to reproduce the
>> issue, let me know the details.
>>
>> Thanks,
>> Jan
>>
>>
> 
> Hope it helps.
> 
> C:\msys\home\User\qemu>gdb --args i386-softmmu\qemu-system-i386.exe
> -hda i386-softmmu\xp.vmdk -soundhw sb16 -m 320 -localtime -usb
> -usbdevice tablet -net user -net nic,model=ne2k_pci -L pc-bios
> GNU gdb (GDB) 7.3
> Copyright (C) 2011 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "mingw32".
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>...
> Reading symbols from C:\msys\home\User\qemu/i386-softmmu\qemu-system-i386.exe...
> done.
> (gdb) list:arp_table.c:75
> No source file named .
> (gdb) list arp_table.c:75
> 70
> 71          DEBUG_CALL("arp_table_search");
> 72          DEBUG_ARG("ip = 0x%x", ip_addr);
> 73
> 74          /* Check 0.0.0.0/8 invalid source-only addresses */
> 75          assert((ip_addr & htonl(~(0xf << 28))) != 0);
> 76
> 77          /* If broadcast address */
> 78          if (ip_addr == 0xffffffff || ip_addr == broadcast_addr) {
> 79              /* return Ethernet broadcast address */
> (gdb) break arp_table.c:75
> Breakpoint 1 at 0x4b7ee1: file slirp/arp_table.c, line 75.
> (gdb) r
> Starting program:
> C:\msys\home\User\qemu/i386-softmmu\qemu-system-i386.exe -hda
> i386-softmmu\\xp.vmdk -soundhw sb16 -m 320 -localtime -usb -usbdevice
> tablet -net user -net nic,model=ne2k_pci -L pc-bios
> [New Thread 8744.0x313c]
> [New Thread 8744.0x3098]
> [New Thread 8744.0x2108]
> [New Thread 8744.0x2c4c]
> [New Thread 8744.0x365c]
> sb16: warning: command 0xf,1 is not truly understood yet
> sb16: warning: command 0xe,2 is not truly understood yet
> [Switching to Thread 8744.0x2108]
> 
> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=4294967295,
>     out_ethaddr=0x20af64a "\311\001") at slirp/arp_table.c:75
> 75          assert((ip_addr & htonl(~(0xf << 28))) != 0);
> (gdb) c
> Continuing.
> [New Thread 8744.0x36d4]
> [Switching to Thread 8744.0x313c]
> 
> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=0,
>     out_ethaddr=0x22f642 "\"") at slirp/arp_table.c:75
> 75          assert((ip_addr & htonl(~(0xf << 28))) != 0);
> (gdb) bt
> #0  arp_table_search (slirp=0x19f7380, ip_addr=0, out_ethaddr=0x22f642 "\"")
>     at slirp/arp_table.c:75
> #1  0x004bafbd in if_encap (slirp=0x19f7488, ifm=0x1caf5a8)
>     at slirp/slirp.c:709
> #2  0x004b8a73 in if_start (slirp=0x19f7380) at slirp/if.c:210
> #3  0x004b9c9e in ip_output (so=0x1caf5a8, m0=0x0) at slirp/ip_output.c:84
> #4  0x004bf737 in tcp_output (tp=0x21f57d0) at slirp/tcp_output.c:456
> #5  0x004c09ad in tcp_drop (tp=0x21f57d0, err=0) at slirp/tcp_subr.c:225
> #6  0x004c1182 in tcp_timers (timer=<optimized out>, tp=<optimized out>)
>     at slirp/tcp_timer.c:287
> #7  tcp_slowtimo (slirp=0x0) at slirp/tcp_timer.c:88
> #8  0x004bb6f1 in slirp_select_poll (readfds=0x22fae0, writefds=0x22f9dc,
>     xfds=0x22f8d8, select_error=2291816) at slirp/slirp.c:433
> #9  0x0048fb87 in main_loop_wait (nonblocking=0)
>     at C:/msys/home/User/qemu/vl.c:1436
> #10 0x00490d10 in main_loop () at C:/msys/home/User/qemu/vl.c:1466
> #11 qemu_main (argc=0, argv=0x19f5100, envp=0x0)
>     at C:/msys/home/User/qemu/vl.c:3453
> #12 0x0049322d in SDL_main (argc=17, argv=0x19f5100)
>     at C:/msys/home/User/qemu/vl.c:102
> #13 0x005eb784 in console_main ()
> #14 0x005eb844 in WinMain@16 ()
> #15 0x005eb068 in main ()
> (gdb) c
> Continuing.
> Assertion failed: (ip_addr & htonl(~(0xf << 28))) != 0, file slirp/arp_table.c,
> line 75
> 
> This application has requested the Runtime to terminate it in an unusual way.
> Please contact the application's support team for more information.
> [Inferior 1 (process 8744) exited with code 03]
> (gdb)

I suspect a half-baked TCP socket times out, and slirp tries to
terminate this socket by sending a FIN to an invalid client IP. Pending
bug that now surfaced thanks to the assertion.

To confirm this, you could check the state of the socket, specifically
the tcpip header template.

Obviously, this triggers early in the boot, right? Maybe you could debug
the lifecycle of the affected socket?

Thanks,
Jan


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]

Re: [Qemu-devel] [Bug 824650] [NEW] Latest GIT assert error in arp_table.c

[Roy Tam]

2011/9/15 Jan Kiszka <jan.kiszka@web.de>:
> On 2011-09-15 09:38, Roy Tam wrote:
>> 2011/9/15 Jan Kiszka <jan.kiszka@web.de>:
>>> On 2011-09-15 06:11, Roy Tam wrote:
>>>> 2011/8/12 Nigel Horne <824650@bugs.launchpad.net>:
>>>>> Public bug reported:
>>>>>
>>>>> The latest git version of qemu (commit
>>>>> 8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
>>>>> All was fine up to a few days ago.  This is wth both x86 and sparc
>>>>> emulation, on an x86_64 host.
>>>>>
>>>>> e.g. qemu-system-sparc -drive
>>>>> file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
>>>>> -nographic -redir tcp:2232::22:
>>>>>
>>>>>  qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
>>>>> `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf <<
>>>>> 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000) >>
>>>>> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
>>>>> (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
>>>>> "0" (__x)); __v; }))) != 0' failed.
>>>>>
>>>>> ** Affects: qemu
>>>>>     Importance: Undecided
>>>>>         Status: New
>>>>>
>>>>> --
>>>>> You received this bug notification because you are a member of qemu-
>>>>> devel-ml, which is subscribed to QEMU.
>>>>> https://bugs.launchpad.net/bugs/824650
>>>>>
>>>>> Title:
>>>>>  Latest GIT assert error in arp_table.c
>>>>>
>>>>> Status in QEMU:
>>>>>  New
>>>>>
>>>>> Bug description:
>>>>>  The latest git version of qemu (commit
>>>>>  8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
>>>>>  All was fine up to a few days ago.  This is wth both x86 and sparc
>>>>>  emulation, on an x86_64 host.
>>>>>
>>>>>  e.g. qemu-system-sparc -drive
>>>>>  file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
>>>>>  -nographic -redir tcp:2232::22:
>>>>>
>>>>>   qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
>>>>>  `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf
>>>>>  << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000)
>>>>>  >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
>>>>>  (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
>>>>>  "0" (__x)); __v; }))) != 0' failed.
>>>>>
>>>>> To manage notifications about this bug go to:
>>>>> https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions
>>>>>
>>>>>
>>>>
>>>> I'm hitting same assertion too.
>>>>
>>>> Assertion failed: (ip_addr & htonl(~(0xf << 28))) != 0, file
>>>> slirp/arp_table.c, line 75
>>>>
>>>> Environment: Win XP SP3 host, MinGW gcc 4.3.3-tdm-1
>>>> Build: qemu.git rev 44520db10b1b92f272348ab7028e7afc68ac3edf
>>>> CommandLine: qemu -hda e:\xp.vmdk -soundhw sb16 -m 320 -localtime -usb
>>>> -usbdevice tablet -net user -net nic,model=ne2k_pci -drive
>>>> if=none,id=usbstick,file=e:\4m.img -device
>>>> usb-storage,bus=usb.0,drive=usbstick
>>>
>>> Same request here: Please try to catch a bit more context (backtrace,
>>> variable states etc.) via gdb. Or if you have a way to reproduce the
>>> issue, let me know the details.
>>>
>>> Thanks,
>>> Jan
>>>
>>>
>>
>> Hope it helps.
>>
>> C:\msys\home\User\qemu>gdb --args i386-softmmu\qemu-system-i386.exe
>> -hda i386-softmmu\xp.vmdk -soundhw sb16 -m 320 -localtime -usb
>> -usbdevice tablet -net user -net nic,model=ne2k_pci -L pc-bios
>> GNU gdb (GDB) 7.3
>> Copyright (C) 2011 Free Software Foundation, Inc.
>> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
>> This is free software: you are free to change and redistribute it.
>> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
>> and "show warranty" for details.
>> This GDB was configured as "mingw32".
>> For bug reporting instructions, please see:
>> <http://www.gnu.org/software/gdb/bugs/>...
>> Reading symbols from C:\msys\home\User\qemu/i386-softmmu\qemu-system-i386.exe...
>> done.
>> (gdb) list:arp_table.c:75
>> No source file named .
>> (gdb) list arp_table.c:75
>> 70
>> 71          DEBUG_CALL("arp_table_search");
>> 72          DEBUG_ARG("ip = 0x%x", ip_addr);
>> 73
>> 74          /* Check 0.0.0.0/8 invalid source-only addresses */
>> 75          assert((ip_addr & htonl(~(0xf << 28))) != 0);
>> 76
>> 77          /* If broadcast address */
>> 78          if (ip_addr == 0xffffffff || ip_addr == broadcast_addr) {
>> 79              /* return Ethernet broadcast address */
>> (gdb) break arp_table.c:75
>> Breakpoint 1 at 0x4b7ee1: file slirp/arp_table.c, line 75.
>> (gdb) r
>> Starting program:
>> C:\msys\home\User\qemu/i386-softmmu\qemu-system-i386.exe -hda
>> i386-softmmu\\xp.vmdk -soundhw sb16 -m 320 -localtime -usb -usbdevice
>> tablet -net user -net nic,model=ne2k_pci -L pc-bios
>> [New Thread 8744.0x313c]
>> [New Thread 8744.0x3098]
>> [New Thread 8744.0x2108]
>> [New Thread 8744.0x2c4c]
>> [New Thread 8744.0x365c]
>> sb16: warning: command 0xf,1 is not truly understood yet
>> sb16: warning: command 0xe,2 is not truly understood yet
>> [Switching to Thread 8744.0x2108]
>>
>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=4294967295,
>>     out_ethaddr=0x20af64a "\311\001") at slirp/arp_table.c:75
>> 75          assert((ip_addr & htonl(~(0xf << 28))) != 0);
>> (gdb) c
>> Continuing.
>> [New Thread 8744.0x36d4]
>> [Switching to Thread 8744.0x313c]
>>
>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=0,
>>     out_ethaddr=0x22f642 "\"") at slirp/arp_table.c:75
>> 75          assert((ip_addr & htonl(~(0xf << 28))) != 0);
>> (gdb) bt
>> #0  arp_table_search (slirp=0x19f7380, ip_addr=0, out_ethaddr=0x22f642 "\"")
>>     at slirp/arp_table.c:75
>> #1  0x004bafbd in if_encap (slirp=0x19f7488, ifm=0x1caf5a8)
>>     at slirp/slirp.c:709
>> #2  0x004b8a73 in if_start (slirp=0x19f7380) at slirp/if.c:210
>> #3  0x004b9c9e in ip_output (so=0x1caf5a8, m0=0x0) at slirp/ip_output.c:84
>> #4  0x004bf737 in tcp_output (tp=0x21f57d0) at slirp/tcp_output.c:456
>> #5  0x004c09ad in tcp_drop (tp=0x21f57d0, err=0) at slirp/tcp_subr.c:225
>> #6  0x004c1182 in tcp_timers (timer=<optimized out>, tp=<optimized out>)
>>     at slirp/tcp_timer.c:287
>> #7  tcp_slowtimo (slirp=0x0) at slirp/tcp_timer.c:88
>> #8  0x004bb6f1 in slirp_select_poll (readfds=0x22fae0, writefds=0x22f9dc,
>>     xfds=0x22f8d8, select_error=2291816) at slirp/slirp.c:433
>> #9  0x0048fb87 in main_loop_wait (nonblocking=0)
>>     at C:/msys/home/User/qemu/vl.c:1436
>> #10 0x00490d10 in main_loop () at C:/msys/home/User/qemu/vl.c:1466
>> #11 qemu_main (argc=0, argv=0x19f5100, envp=0x0)
>>     at C:/msys/home/User/qemu/vl.c:3453
>> #12 0x0049322d in SDL_main (argc=17, argv=0x19f5100)
>>     at C:/msys/home/User/qemu/vl.c:102
>> #13 0x005eb784 in console_main ()
>> #14 0x005eb844 in WinMain@16 ()
>> #15 0x005eb068 in main ()
>> (gdb) c
>> Continuing.
>> Assertion failed: (ip_addr & htonl(~(0xf << 28))) != 0, file slirp/arp_table.c,
>> line 75
>>
>> This application has requested the Runtime to terminate it in an unusual way.
>> Please contact the application's support team for more information.
>> [Inferior 1 (process 8744) exited with code 03]
>> (gdb)
>
> I suspect a half-baked TCP socket times out, and slirp tries to
> terminate this socket by sending a FIN to an invalid client IP. Pending
> bug that now surfaced thanks to the assertion.
>
> To confirm this, you could check the state of the socket, specifically
> the tcpip header template.
>

Please explain this in detail for doing it in Win32 environment. Is
there a DEBUG #define that can debug slirp?

> Obviously, this triggers early in the boot, right? Maybe you could debug
> the lifecycle of the affected socket?
>

No. The guest XP SP3 goes into the desktop, waits for the automatic
update tray icon appear and start to download updates(almost 5~6
minutes), then QEMU assertion fails.

> Thanks,
> Jan
>
>

Re: [Qemu-devel] [Bug 824650] [NEW] Latest GIT assert error in arp_table.c

[Jan Kiszka]

[-- Attachment #1: Type: text/plain, Size: 8402 bytes --]

On 2011-09-15 12:53, Roy Tam wrote:
> 2011/9/15 Jan Kiszka <jan.kiszka@web.de>:
>> On 2011-09-15 09:38, Roy Tam wrote:
>>> 2011/9/15 Jan Kiszka <jan.kiszka@web.de>:
>>>> On 2011-09-15 06:11, Roy Tam wrote:
>>>>> 2011/8/12 Nigel Horne <824650@bugs.launchpad.net>:
>>>>>> Public bug reported:
>>>>>>
>>>>>> The latest git version of qemu (commit
>>>>>> 8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
>>>>>> All was fine up to a few days ago.  This is wth both x86 and sparc
>>>>>> emulation, on an x86_64 host.
>>>>>>
>>>>>> e.g. qemu-system-sparc -drive
>>>>>> file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
>>>>>> -nographic -redir tcp:2232::22:
>>>>>>
>>>>>>  qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
>>>>>> `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf <<
>>>>>> 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000) >>
>>>>>> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
>>>>>> (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
>>>>>> "0" (__x)); __v; }))) != 0' failed.
>>>>>>
>>>>>> ** Affects: qemu
>>>>>>     Importance: Undecided
>>>>>>         Status: New
>>>>>>
>>>>>> --
>>>>>> You received this bug notification because you are a member of qemu-
>>>>>> devel-ml, which is subscribed to QEMU.
>>>>>> https://bugs.launchpad.net/bugs/824650
>>>>>>
>>>>>> Title:
>>>>>>  Latest GIT assert error in arp_table.c
>>>>>>
>>>>>> Status in QEMU:
>>>>>>  New
>>>>>>
>>>>>> Bug description:
>>>>>>  The latest git version of qemu (commit
>>>>>>  8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
>>>>>>  All was fine up to a few days ago.  This is wth both x86 and sparc
>>>>>>  emulation, on an x86_64 host.
>>>>>>
>>>>>>  e.g. qemu-system-sparc -drive
>>>>>>  file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
>>>>>>  -nographic -redir tcp:2232::22:
>>>>>>
>>>>>>   qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
>>>>>>  `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf
>>>>>>  << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000)
>>>>>>  >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
>>>>>>  (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
>>>>>>  "0" (__x)); __v; }))) != 0' failed.
>>>>>>
>>>>>> To manage notifications about this bug go to:
>>>>>> https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions
>>>>>>
>>>>>>
>>>>>
>>>>> I'm hitting same assertion too.
>>>>>
>>>>> Assertion failed: (ip_addr & htonl(~(0xf << 28))) != 0, file
>>>>> slirp/arp_table.c, line 75
>>>>>
>>>>> Environment: Win XP SP3 host, MinGW gcc 4.3.3-tdm-1
>>>>> Build: qemu.git rev 44520db10b1b92f272348ab7028e7afc68ac3edf
>>>>> CommandLine: qemu -hda e:\xp.vmdk -soundhw sb16 -m 320 -localtime -usb
>>>>> -usbdevice tablet -net user -net nic,model=ne2k_pci -drive
>>>>> if=none,id=usbstick,file=e:\4m.img -device
>>>>> usb-storage,bus=usb.0,drive=usbstick
>>>>
>>>> Same request here: Please try to catch a bit more context (backtrace,
>>>> variable states etc.) via gdb. Or if you have a way to reproduce the
>>>> issue, let me know the details.
>>>>
>>>> Thanks,
>>>> Jan
>>>>
>>>>
>>>
>>> Hope it helps.
>>>
>>> C:\msys\home\User\qemu>gdb --args i386-softmmu\qemu-system-i386.exe
>>> -hda i386-softmmu\xp.vmdk -soundhw sb16 -m 320 -localtime -usb
>>> -usbdevice tablet -net user -net nic,model=ne2k_pci -L pc-bios
>>> GNU gdb (GDB) 7.3
>>> Copyright (C) 2011 Free Software Foundation, Inc.
>>> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
>>> This is free software: you are free to change and redistribute it.
>>> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
>>> and "show warranty" for details.
>>> This GDB was configured as "mingw32".
>>> For bug reporting instructions, please see:
>>> <http://www.gnu.org/software/gdb/bugs/>...
>>> Reading symbols from C:\msys\home\User\qemu/i386-softmmu\qemu-system-i386.exe...
>>> done.
>>> (gdb) list:arp_table.c:75
>>> No source file named .
>>> (gdb) list arp_table.c:75
>>> 70
>>> 71          DEBUG_CALL("arp_table_search");
>>> 72          DEBUG_ARG("ip = 0x%x", ip_addr);
>>> 73
>>> 74          /* Check 0.0.0.0/8 invalid source-only addresses */
>>> 75          assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>> 76
>>> 77          /* If broadcast address */
>>> 78          if (ip_addr == 0xffffffff || ip_addr == broadcast_addr) {
>>> 79              /* return Ethernet broadcast address */
>>> (gdb) break arp_table.c:75
>>> Breakpoint 1 at 0x4b7ee1: file slirp/arp_table.c, line 75.
>>> (gdb) r
>>> Starting program:
>>> C:\msys\home\User\qemu/i386-softmmu\qemu-system-i386.exe -hda
>>> i386-softmmu\\xp.vmdk -soundhw sb16 -m 320 -localtime -usb -usbdevice
>>> tablet -net user -net nic,model=ne2k_pci -L pc-bios
>>> [New Thread 8744.0x313c]
>>> [New Thread 8744.0x3098]
>>> [New Thread 8744.0x2108]
>>> [New Thread 8744.0x2c4c]
>>> [New Thread 8744.0x365c]
>>> sb16: warning: command 0xf,1 is not truly understood yet
>>> sb16: warning: command 0xe,2 is not truly understood yet
>>> [Switching to Thread 8744.0x2108]
>>>
>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=4294967295,
>>>     out_ethaddr=0x20af64a "\311\001") at slirp/arp_table.c:75
>>> 75          assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>> (gdb) c
>>> Continuing.
>>> [New Thread 8744.0x36d4]
>>> [Switching to Thread 8744.0x313c]
>>>
>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=0,
>>>     out_ethaddr=0x22f642 "\"") at slirp/arp_table.c:75
>>> 75          assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>> (gdb) bt
>>> #0  arp_table_search (slirp=0x19f7380, ip_addr=0, out_ethaddr=0x22f642 "\"")
>>>     at slirp/arp_table.c:75
>>> #1  0x004bafbd in if_encap (slirp=0x19f7488, ifm=0x1caf5a8)
>>>     at slirp/slirp.c:709
>>> #2  0x004b8a73 in if_start (slirp=0x19f7380) at slirp/if.c:210
>>> #3  0x004b9c9e in ip_output (so=0x1caf5a8, m0=0x0) at slirp/ip_output.c:84
>>> #4  0x004bf737 in tcp_output (tp=0x21f57d0) at slirp/tcp_output.c:456
>>> #5  0x004c09ad in tcp_drop (tp=0x21f57d0, err=0) at slirp/tcp_subr.c:225
>>> #6  0x004c1182 in tcp_timers (timer=<optimized out>, tp=<optimized out>)
>>>     at slirp/tcp_timer.c:287
>>> #7  tcp_slowtimo (slirp=0x0) at slirp/tcp_timer.c:88
>>> #8  0x004bb6f1 in slirp_select_poll (readfds=0x22fae0, writefds=0x22f9dc,
>>>     xfds=0x22f8d8, select_error=2291816) at slirp/slirp.c:433
>>> #9  0x0048fb87 in main_loop_wait (nonblocking=0)
>>>     at C:/msys/home/User/qemu/vl.c:1436
>>> #10 0x00490d10 in main_loop () at C:/msys/home/User/qemu/vl.c:1466
>>> #11 qemu_main (argc=0, argv=0x19f5100, envp=0x0)
>>>     at C:/msys/home/User/qemu/vl.c:3453
>>> #12 0x0049322d in SDL_main (argc=17, argv=0x19f5100)
>>>     at C:/msys/home/User/qemu/vl.c:102
>>> #13 0x005eb784 in console_main ()
>>> #14 0x005eb844 in WinMain@16 ()
>>> #15 0x005eb068 in main ()
>>> (gdb) c
>>> Continuing.
>>> Assertion failed: (ip_addr & htonl(~(0xf << 28))) != 0, file slirp/arp_table.c,
>>> line 75
>>>
>>> This application has requested the Runtime to terminate it in an unusual way.
>>> Please contact the application's support team for more information.
>>> [Inferior 1 (process 8744) exited with code 03]
>>> (gdb)
>>
>> I suspect a half-baked TCP socket times out, and slirp tries to
>> terminate this socket by sending a FIN to an invalid client IP. Pending
>> bug that now surfaced thanks to the assertion.
>>
>> To confirm this, you could check the state of the socket, specifically
>> the tcpip header template.
>>
> 
> Please explain this in detail for doing it in Win32 environment. Is
> there a DEBUG #define that can debug slirp?

After hitting the assert with gdb, go to frame 4 and print *tp.
Interesting is the content of t_template.

> 
>> Obviously, this triggers early in the boot, right? Maybe you could debug
>> the lifecycle of the affected socket?
>>
> 
> No. The guest XP SP3 goes into the desktop, waits for the automatic
> update tray icon appear and start to download updates(almost 5~6
> minutes), then QEMU assertion fails.

Too bad...

Jan


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]

Re: [Qemu-devel] [Bug 824650] [NEW] Latest GIT assert error in arp_table.c

[Roy Tam]

2011/9/15 Jan Kiszka <jan.kiszka@web.de>:
> On 2011-09-15 12:53, Roy Tam wrote:
>> 2011/9/15 Jan Kiszka <jan.kiszka@web.de>:
>>> On 2011-09-15 09:38, Roy Tam wrote:
>>>> 2011/9/15 Jan Kiszka <jan.kiszka@web.de>:
>>>>> On 2011-09-15 06:11, Roy Tam wrote:
>>>>>> 2011/8/12 Nigel Horne <824650@bugs.launchpad.net>:
>>>>>>> Public bug reported:
>>>>>>>
>>>>>>> The latest git version of qemu (commit
>>>>>>> 8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
>>>>>>> All was fine up to a few days ago.  This is wth both x86 and sparc
>>>>>>> emulation, on an x86_64 host.
>>>>>>>
>>>>>>> e.g. qemu-system-sparc -drive
>>>>>>> file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
>>>>>>> -nographic -redir tcp:2232::22:
>>>>>>>
>>>>>>>  qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
>>>>>>> `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf <<
>>>>>>> 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000) >>
>>>>>>> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
>>>>>>> (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
>>>>>>> "0" (__x)); __v; }))) != 0' failed.
>>>>>>>
>>>>>>> ** Affects: qemu
>>>>>>>     Importance: Undecided
>>>>>>>         Status: New
>>>>>>>
>>>>>>> --
>>>>>>> You received this bug notification because you are a member of qemu-
>>>>>>> devel-ml, which is subscribed to QEMU.
>>>>>>> https://bugs.launchpad.net/bugs/824650
>>>>>>>
>>>>>>> Title:
>>>>>>>  Latest GIT assert error in arp_table.c
>>>>>>>
>>>>>>> Status in QEMU:
>>>>>>>  New
>>>>>>>
>>>>>>> Bug description:
>>>>>>>  The latest git version of qemu (commit
>>>>>>>  8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
>>>>>>>  All was fine up to a few days ago.  This is wth both x86 and sparc
>>>>>>>  emulation, on an x86_64 host.
>>>>>>>
>>>>>>>  e.g. qemu-system-sparc -drive
>>>>>>>  file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
>>>>>>>  -nographic -redir tcp:2232::22:
>>>>>>>
>>>>>>>   qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
>>>>>>>  `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf
>>>>>>>  << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000)
>>>>>>>  >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
>>>>>>>  (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
>>>>>>>  "0" (__x)); __v; }))) != 0' failed.
>>>>>>>
>>>>>>> To manage notifications about this bug go to:
>>>>>>> https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> I'm hitting same assertion too.
>>>>>>
>>>>>> Assertion failed: (ip_addr & htonl(~(0xf << 28))) != 0, file
>>>>>> slirp/arp_table.c, line 75
>>>>>>
>>>>>> Environment: Win XP SP3 host, MinGW gcc 4.3.3-tdm-1
>>>>>> Build: qemu.git rev 44520db10b1b92f272348ab7028e7afc68ac3edf
>>>>>> CommandLine: qemu -hda e:\xp.vmdk -soundhw sb16 -m 320 -localtime -usb
>>>>>> -usbdevice tablet -net user -net nic,model=ne2k_pci -drive
>>>>>> if=none,id=usbstick,file=e:\4m.img -device
>>>>>> usb-storage,bus=usb.0,drive=usbstick
>>>>>
>>>>> Same request here: Please try to catch a bit more context (backtrace,
>>>>> variable states etc.) via gdb. Or if you have a way to reproduce the
>>>>> issue, let me know the details.
>>>>>
>>>>> Thanks,
>>>>> Jan
>>>>>
>>>>>
>>>>
>>>> Hope it helps.
>>>>
>>>> C:\msys\home\User\qemu>gdb --args i386-softmmu\qemu-system-i386.exe
>>>> -hda i386-softmmu\xp.vmdk -soundhw sb16 -m 320 -localtime -usb
>>>> -usbdevice tablet -net user -net nic,model=ne2k_pci -L pc-bios
>>>> GNU gdb (GDB) 7.3
>>>> Copyright (C) 2011 Free Software Foundation, Inc.
>>>> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
>>>> This is free software: you are free to change and redistribute it.
>>>> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
>>>> and "show warranty" for details.
>>>> This GDB was configured as "mingw32".
>>>> For bug reporting instructions, please see:
>>>> <http://www.gnu.org/software/gdb/bugs/>...
>>>> Reading symbols from C:\msys\home\User\qemu/i386-softmmu\qemu-system-i386.exe...
>>>> done.
>>>> (gdb) list:arp_table.c:75
>>>> No source file named .
>>>> (gdb) list arp_table.c:75
>>>> 70
>>>> 71          DEBUG_CALL("arp_table_search");
>>>> 72          DEBUG_ARG("ip = 0x%x", ip_addr);
>>>> 73
>>>> 74          /* Check 0.0.0.0/8 invalid source-only addresses */
>>>> 75          assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>>> 76
>>>> 77          /* If broadcast address */
>>>> 78          if (ip_addr == 0xffffffff || ip_addr == broadcast_addr) {
>>>> 79              /* return Ethernet broadcast address */
>>>> (gdb) break arp_table.c:75
>>>> Breakpoint 1 at 0x4b7ee1: file slirp/arp_table.c, line 75.
>>>> (gdb) r
>>>> Starting program:
>>>> C:\msys\home\User\qemu/i386-softmmu\qemu-system-i386.exe -hda
>>>> i386-softmmu\\xp.vmdk -soundhw sb16 -m 320 -localtime -usb -usbdevice
>>>> tablet -net user -net nic,model=ne2k_pci -L pc-bios
>>>> [New Thread 8744.0x313c]
>>>> [New Thread 8744.0x3098]
>>>> [New Thread 8744.0x2108]
>>>> [New Thread 8744.0x2c4c]
>>>> [New Thread 8744.0x365c]
>>>> sb16: warning: command 0xf,1 is not truly understood yet
>>>> sb16: warning: command 0xe,2 is not truly understood yet
>>>> [Switching to Thread 8744.0x2108]
>>>>
>>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=4294967295,
>>>>     out_ethaddr=0x20af64a "\311\001") at slirp/arp_table.c:75
>>>> 75          assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>>> (gdb) c
>>>> Continuing.
>>>> [New Thread 8744.0x36d4]
>>>> [Switching to Thread 8744.0x313c]
>>>>
>>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=0,
>>>>     out_ethaddr=0x22f642 "\"") at slirp/arp_table.c:75
>>>> 75          assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>>> (gdb) bt
>>>> #0  arp_table_search (slirp=0x19f7380, ip_addr=0, out_ethaddr=0x22f642 "\"")
>>>>     at slirp/arp_table.c:75
>>>> #1  0x004bafbd in if_encap (slirp=0x19f7488, ifm=0x1caf5a8)
>>>>     at slirp/slirp.c:709
>>>> #2  0x004b8a73 in if_start (slirp=0x19f7380) at slirp/if.c:210
>>>> #3  0x004b9c9e in ip_output (so=0x1caf5a8, m0=0x0) at slirp/ip_output.c:84
>>>> #4  0x004bf737 in tcp_output (tp=0x21f57d0) at slirp/tcp_output.c:456
>>>> #5  0x004c09ad in tcp_drop (tp=0x21f57d0, err=0) at slirp/tcp_subr.c:225
>>>> #6  0x004c1182 in tcp_timers (timer=<optimized out>, tp=<optimized out>)
>>>>     at slirp/tcp_timer.c:287
>>>> #7  tcp_slowtimo (slirp=0x0) at slirp/tcp_timer.c:88
>>>> #8  0x004bb6f1 in slirp_select_poll (readfds=0x22fae0, writefds=0x22f9dc,
>>>>     xfds=0x22f8d8, select_error=2291816) at slirp/slirp.c:433
>>>> #9  0x0048fb87 in main_loop_wait (nonblocking=0)
>>>>     at C:/msys/home/User/qemu/vl.c:1436
>>>> #10 0x00490d10 in main_loop () at C:/msys/home/User/qemu/vl.c:1466
>>>> #11 qemu_main (argc=0, argv=0x19f5100, envp=0x0)
>>>>     at C:/msys/home/User/qemu/vl.c:3453
>>>> #12 0x0049322d in SDL_main (argc=17, argv=0x19f5100)
>>>>     at C:/msys/home/User/qemu/vl.c:102
>>>> #13 0x005eb784 in console_main ()
>>>> #14 0x005eb844 in WinMain@16 ()
>>>> #15 0x005eb068 in main ()
>>>> (gdb) c
>>>> Continuing.
>>>> Assertion failed: (ip_addr & htonl(~(0xf << 28))) != 0, file slirp/arp_table.c,
>>>> line 75
>>>>
>>>> This application has requested the Runtime to terminate it in an unusual way.
>>>> Please contact the application's support team for more information.
>>>> [Inferior 1 (process 8744) exited with code 03]
>>>> (gdb)
>>>
>>> I suspect a half-baked TCP socket times out, and slirp tries to
>>> terminate this socket by sending a FIN to an invalid client IP. Pending
>>> bug that now surfaced thanks to the assertion.
>>>
>>> To confirm this, you could check the state of the socket, specifically
>>> the tcpip header template.
>>>
>>
>> Please explain this in detail for doing it in Win32 environment. Is
>> there a DEBUG #define that can debug slirp?
>
> After hitting the assert with gdb, go to frame 4 and print *tp.
> Interesting is the content of t_template.
>

Here you go.

sb16: warning: command 0xf,1 is not truly understood yet
sb16: warning: command 0xe,2 is not truly understood yet
[Switching to Thread 13840.0x3140]

Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=4294967295,
    out_ethaddr=0x20af64a "") at slirp/arp_table.c:75
75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
(gdb) c
Continuing.
[New Thread 13840.0x31b8]
[Switching to Thread 13840.0x3628]

Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=0,
    out_ethaddr=0x22f642 "\"") at slirp/arp_table.c:75
75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
(gdb) bt
#0  arp_table_search (slirp=0x19f7380, ip_addr=0, out_ethaddr=0x22f642 "\"")
    at slirp/arp_table.c:75
#1  0x004bafbd in if_encap (slirp=0x19f7488, ifm=0x2255978)
    at slirp/slirp.c:709
#2  0x004b8a73 in if_start (slirp=0x19f7380) at slirp/if.c:210
#3  0x004b9c9e in ip_output (so=0x2255978, m0=0x0) at slirp/ip_output.c:84
#4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
#5  0x004c09ad in tcp_drop (tp=0x1cac848, err=0) at slirp/tcp_subr.c:225
#6  0x004c1182 in tcp_timers (timer=<optimized out>, tp=<optimized out>)
    at slirp/tcp_timer.c:287
#7  tcp_slowtimo (slirp=0x0) at slirp/tcp_timer.c:88
#8  0x004bb6f1 in slirp_select_poll (readfds=0x22fae0, writefds=0x22f9dc,
    xfds=0x22f8d8, select_error=2291816) at slirp/slirp.c:433
#9  0x0048fb87 in main_loop_wait (nonblocking=0)
    at C:/msys/home/User/qemu/vl.c:1436
#10 0x00490d10 in main_loop () at C:/msys/home/User/qemu/vl.c:1466
#11 qemu_main (argc=0, argv=0x19f5100, envp=0x0)
    at C:/msys/home/User/qemu/vl.c:3453
#12 0x0049322d in SDL_main (argc=17, argv=0x19f5100)
    at C:/msys/home/User/qemu/vl.c:102
#13 0x005eb784 in console_main ()
#14 0x005eb844 in WinMain@16 ()
#15 0x005eb068 in main ()
(gdb) frame 4
#4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
456             error = ip_output(so, m);
(gdb) print *tp
$1 = {seg_next = 0x1cac848, seg_prev = 0x1cac848, t_state = 0, t_timer = {0,
    0, 0, 0}, t_rxtshift = 0, t_rxtcur = 12, t_dupacks = 0, t_maxseg = 1460,
  t_force = 0 '\000', t_flags = 0, t_template = {ti_i = {ih_mbuf = {
        mptr = 0x0, dummy = 0}, ih_x1 = 0 '\000', ih_pr = 0 '\000',
      ih_len = 0, ih_src = {S_un = {S_un_b = {s_b1 = 0 '\000',
            s_b2 = 0 '\000', s_b3 = 0 '\000', s_b4 = 0 '\000'}, S_un_w = {
            s_w1 = 0, s_w2 = 0}, S_addr = 0}}, ih_dst = {S_un = {S_un_b = {
            s_b1 = 0 '\000', s_b2 = 0 '\000', s_b3 = 0 '\000',
            s_b4 = 0 '\000'}, S_un_w = {s_w1 = 0, s_w2 = 0}, S_addr = 0}}},
    ti_t = {th_sport = 0, th_dport = 0, th_seq = 0, th_ack = 0,
      th_x2 = 0 '\000', th_off = 0 '\000', th_flags = 0 '\000', th_win = 0,
      th_sum = 0, th_urp = 0}}, t_socket = 0x2182af0, snd_una = 0,
  snd_nxt = 0, snd_up = 0, snd_wl1 = 0, snd_wl2 = 0, iss = 0, snd_wnd = 0,
  rcv_wnd = 8192, rcv_nxt = 0, rcv_up = 0, irs = 0, rcv_adv = 0, snd_max = 0,
  snd_cwnd = 1460, snd_ssthresh = 1073725440, t_idle = 149, t_rtt = 0,
  t_rtseq = 0, t_srtt = 0, t_rttvar = 24, t_rttmin = 2, max_sndwnd = 0,
  t_oobflags = 0 '\000', t_iobc = 0 '\000', t_softerror = 0,
  snd_scale = 0 '\000', rcv_scale = 0 '\000', request_r_scale = 0 '\000',
  requested_s_scale = 0 '\000', ts_recent = 0, ts_recent_age = 0,
  last_ack_sent = 0}
(gdb)

>>
>>> Obviously, this triggers early in the boot, right? Maybe you could debug
>>> the lifecycle of the affected socket?
>>>
>>
>> No. The guest XP SP3 goes into the desktop, waits for the automatic
>> update tray icon appear and start to download updates(almost 5~6
>> minutes), then QEMU assertion fails.
>
> Too bad...
>
> Jan
>
>

Re: [Qemu-devel] [Bug 824650] [NEW] Latest GIT assert error in arp_table.c

[Jan Kiszka]

[-- Attachment #1: Type: text/plain, Size: 3233 bytes --]

On 2011-09-15 14:05, Roy Tam wrote:
> Here you go.
> 
> sb16: warning: command 0xf,1 is not truly understood yet
> sb16: warning: command 0xe,2 is not truly understood yet
> [Switching to Thread 13840.0x3140]
> 
> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=4294967295,
>     out_ethaddr=0x20af64a "") at slirp/arp_table.c:75
> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
> (gdb) c
> Continuing.
> [New Thread 13840.0x31b8]
> [Switching to Thread 13840.0x3628]
> 
> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=0,
>     out_ethaddr=0x22f642 "\"") at slirp/arp_table.c:75
> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
> (gdb) bt
> #0  arp_table_search (slirp=0x19f7380, ip_addr=0, out_ethaddr=0x22f642 "\"")
>     at slirp/arp_table.c:75
> #1  0x004bafbd in if_encap (slirp=0x19f7488, ifm=0x2255978)
>     at slirp/slirp.c:709
> #2  0x004b8a73 in if_start (slirp=0x19f7380) at slirp/if.c:210
> #3  0x004b9c9e in ip_output (so=0x2255978, m0=0x0) at slirp/ip_output.c:84
> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
> #5  0x004c09ad in tcp_drop (tp=0x1cac848, err=0) at slirp/tcp_subr.c:225
> #6  0x004c1182 in tcp_timers (timer=<optimized out>, tp=<optimized out>)
>     at slirp/tcp_timer.c:287
> #7  tcp_slowtimo (slirp=0x0) at slirp/tcp_timer.c:88
> #8  0x004bb6f1 in slirp_select_poll (readfds=0x22fae0, writefds=0x22f9dc,
>     xfds=0x22f8d8, select_error=2291816) at slirp/slirp.c:433
> #9  0x0048fb87 in main_loop_wait (nonblocking=0)
>     at C:/msys/home/User/qemu/vl.c:1436
> #10 0x00490d10 in main_loop () at C:/msys/home/User/qemu/vl.c:1466
> #11 qemu_main (argc=0, argv=0x19f5100, envp=0x0)
>     at C:/msys/home/User/qemu/vl.c:3453
> #12 0x0049322d in SDL_main (argc=17, argv=0x19f5100)
>     at C:/msys/home/User/qemu/vl.c:102
> #13 0x005eb784 in console_main ()
> #14 0x005eb844 in WinMain@16 ()
> #15 0x005eb068 in main ()
> (gdb) frame 4
> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
> 456             error = ip_output(so, m);
> (gdb) print *tp
> $1 = {seg_next = 0x1cac848, seg_prev = 0x1cac848, t_state = 0, t_timer = {0,
>     0, 0, 0}, t_rxtshift = 0, t_rxtcur = 12, t_dupacks = 0, t_maxseg = 1460,
>   t_force = 0 '\000', t_flags = 0, t_template = {ti_i = {ih_mbuf = {
>         mptr = 0x0, dummy = 0}, ih_x1 = 0 '\000', ih_pr = 0 '\000',
>       ih_len = 0, ih_src = {S_un = {S_un_b = {s_b1 = 0 '\000',
>             s_b2 = 0 '\000', s_b3 = 0 '\000', s_b4 = 0 '\000'}, S_un_w = {
>             s_w1 = 0, s_w2 = 0}, S_addr = 0}}, ih_dst = {S_un = {S_un_b = {
>             s_b1 = 0 '\000', s_b2 = 0 '\000', s_b3 = 0 '\000',
>             s_b4 = 0 '\000'}, S_un_w = {s_w1 = 0, s_w2 = 0}, S_addr = 0}}},

That confirms my theory: the template is not yet initialized.

A shot from the hips: does this patch help?

diff --git a/slirp/tcp_input.c b/slirp/tcp_input.c
index c1214c0..5a79c68 100644
--- a/slirp/tcp_input.c
+++ b/slirp/tcp_input.c
@@ -610,6 +610,7 @@ findso:
 	    so->so_ti = ti;
 	    tp->t_timer[TCPT_KEEP] = TCPTV_KEEP_INIT;
 	    tp->t_state = TCPS_SYN_RECEIVED;
+	    tcp_template(tp);
 	  }
 	  return;


Jan


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]

Re: [Qemu-devel] [Bug 824650] [NEW] Latest GIT assert error in arp_table.c

[Roy Tam]

2011/9/15 Jan Kiszka <jan.kiszka@web.de>:
> On 2011-09-15 14:05, Roy Tam wrote:
>> Here you go.
>>
>> sb16: warning: command 0xf,1 is not truly understood yet
>> sb16: warning: command 0xe,2 is not truly understood yet
>> [Switching to Thread 13840.0x3140]
>>
>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=4294967295,
>>     out_ethaddr=0x20af64a "") at slirp/arp_table.c:75
>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>> (gdb) c
>> Continuing.
>> [New Thread 13840.0x31b8]
>> [Switching to Thread 13840.0x3628]
>>
>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=0,
>>     out_ethaddr=0x22f642 "\"") at slirp/arp_table.c:75
>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>> (gdb) bt
>> #0  arp_table_search (slirp=0x19f7380, ip_addr=0, out_ethaddr=0x22f642 "\"")
>>     at slirp/arp_table.c:75
>> #1  0x004bafbd in if_encap (slirp=0x19f7488, ifm=0x2255978)
>>     at slirp/slirp.c:709
>> #2  0x004b8a73 in if_start (slirp=0x19f7380) at slirp/if.c:210
>> #3  0x004b9c9e in ip_output (so=0x2255978, m0=0x0) at slirp/ip_output.c:84
>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>> #5  0x004c09ad in tcp_drop (tp=0x1cac848, err=0) at slirp/tcp_subr.c:225
>> #6  0x004c1182 in tcp_timers (timer=<optimized out>, tp=<optimized out>)
>>     at slirp/tcp_timer.c:287
>> #7  tcp_slowtimo (slirp=0x0) at slirp/tcp_timer.c:88
>> #8  0x004bb6f1 in slirp_select_poll (readfds=0x22fae0, writefds=0x22f9dc,
>>     xfds=0x22f8d8, select_error=2291816) at slirp/slirp.c:433
>> #9  0x0048fb87 in main_loop_wait (nonblocking=0)
>>     at C:/msys/home/User/qemu/vl.c:1436
>> #10 0x00490d10 in main_loop () at C:/msys/home/User/qemu/vl.c:1466
>> #11 qemu_main (argc=0, argv=0x19f5100, envp=0x0)
>>     at C:/msys/home/User/qemu/vl.c:3453
>> #12 0x0049322d in SDL_main (argc=17, argv=0x19f5100)
>>     at C:/msys/home/User/qemu/vl.c:102
>> #13 0x005eb784 in console_main ()
>> #14 0x005eb844 in WinMain@16 ()
>> #15 0x005eb068 in main ()
>> (gdb) frame 4
>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>> 456             error = ip_output(so, m);
>> (gdb) print *tp
>> $1 = {seg_next = 0x1cac848, seg_prev = 0x1cac848, t_state = 0, t_timer = {0,
>>     0, 0, 0}, t_rxtshift = 0, t_rxtcur = 12, t_dupacks = 0, t_maxseg = 1460,
>>   t_force = 0 '\000', t_flags = 0, t_template = {ti_i = {ih_mbuf = {
>>         mptr = 0x0, dummy = 0}, ih_x1 = 0 '\000', ih_pr = 0 '\000',
>>       ih_len = 0, ih_src = {S_un = {S_un_b = {s_b1 = 0 '\000',
>>             s_b2 = 0 '\000', s_b3 = 0 '\000', s_b4 = 0 '\000'}, S_un_w = {
>>             s_w1 = 0, s_w2 = 0}, S_addr = 0}}, ih_dst = {S_un = {S_un_b = {
>>             s_b1 = 0 '\000', s_b2 = 0 '\000', s_b3 = 0 '\000',
>>             s_b4 = 0 '\000'}, S_un_w = {s_w1 = 0, s_w2 = 0}, S_addr = 0}}},
>
> That confirms my theory: the template is not yet initialized.
>
> A shot from the hips: does this patch help?
>

Yeah the assertion doesn't fail anymore. Thanks.

> diff --git a/slirp/tcp_input.c b/slirp/tcp_input.c
> index c1214c0..5a79c68 100644
> --- a/slirp/tcp_input.c
> +++ b/slirp/tcp_input.c
> @@ -610,6 +610,7 @@ findso:
>            so->so_ti = ti;
>            tp->t_timer[TCPT_KEEP] = TCPTV_KEEP_INIT;
>            tp->t_state = TCPS_SYN_RECEIVED;
> +           tcp_template(tp);
>          }
>          return;
>
>
> Jan
>
>

Re: [Qemu-devel] [Bug 824650] [NEW] Latest GIT assert error in arp_table.c

[Jan Kiszka]

[-- Attachment #1: Type: text/plain, Size: 3258 bytes --]

On 2011-09-15 15:20, Roy Tam wrote:
> 2011/9/15 Jan Kiszka <jan.kiszka@web.de>:
>> On 2011-09-15 14:05, Roy Tam wrote:
>>> Here you go.
>>>
>>> sb16: warning: command 0xf,1 is not truly understood yet
>>> sb16: warning: command 0xe,2 is not truly understood yet
>>> [Switching to Thread 13840.0x3140]
>>>
>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=4294967295,
>>>     out_ethaddr=0x20af64a "") at slirp/arp_table.c:75
>>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>> (gdb) c
>>> Continuing.
>>> [New Thread 13840.0x31b8]
>>> [Switching to Thread 13840.0x3628]
>>>
>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=0,
>>>     out_ethaddr=0x22f642 "\"") at slirp/arp_table.c:75
>>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>> (gdb) bt
>>> #0  arp_table_search (slirp=0x19f7380, ip_addr=0, out_ethaddr=0x22f642 "\"")
>>>     at slirp/arp_table.c:75
>>> #1  0x004bafbd in if_encap (slirp=0x19f7488, ifm=0x2255978)
>>>     at slirp/slirp.c:709
>>> #2  0x004b8a73 in if_start (slirp=0x19f7380) at slirp/if.c:210
>>> #3  0x004b9c9e in ip_output (so=0x2255978, m0=0x0) at slirp/ip_output.c:84
>>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>>> #5  0x004c09ad in tcp_drop (tp=0x1cac848, err=0) at slirp/tcp_subr.c:225
>>> #6  0x004c1182 in tcp_timers (timer=<optimized out>, tp=<optimized out>)
>>>     at slirp/tcp_timer.c:287
>>> #7  tcp_slowtimo (slirp=0x0) at slirp/tcp_timer.c:88
>>> #8  0x004bb6f1 in slirp_select_poll (readfds=0x22fae0, writefds=0x22f9dc,
>>>     xfds=0x22f8d8, select_error=2291816) at slirp/slirp.c:433
>>> #9  0x0048fb87 in main_loop_wait (nonblocking=0)
>>>     at C:/msys/home/User/qemu/vl.c:1436
>>> #10 0x00490d10 in main_loop () at C:/msys/home/User/qemu/vl.c:1466
>>> #11 qemu_main (argc=0, argv=0x19f5100, envp=0x0)
>>>     at C:/msys/home/User/qemu/vl.c:3453
>>> #12 0x0049322d in SDL_main (argc=17, argv=0x19f5100)
>>>     at C:/msys/home/User/qemu/vl.c:102
>>> #13 0x005eb784 in console_main ()
>>> #14 0x005eb844 in WinMain@16 ()
>>> #15 0x005eb068 in main ()
>>> (gdb) frame 4
>>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>>> 456             error = ip_output(so, m);
>>> (gdb) print *tp
>>> $1 = {seg_next = 0x1cac848, seg_prev = 0x1cac848, t_state = 0, t_timer = {0,
>>>     0, 0, 0}, t_rxtshift = 0, t_rxtcur = 12, t_dupacks = 0, t_maxseg = 1460,
>>>   t_force = 0 '\000', t_flags = 0, t_template = {ti_i = {ih_mbuf = {
>>>         mptr = 0x0, dummy = 0}, ih_x1 = 0 '\000', ih_pr = 0 '\000',
>>>       ih_len = 0, ih_src = {S_un = {S_un_b = {s_b1 = 0 '\000',
>>>             s_b2 = 0 '\000', s_b3 = 0 '\000', s_b4 = 0 '\000'}, S_un_w = {
>>>             s_w1 = 0, s_w2 = 0}, S_addr = 0}}, ih_dst = {S_un = {S_un_b = {
>>>             s_b1 = 0 '\000', s_b2 = 0 '\000', s_b3 = 0 '\000',
>>>             s_b4 = 0 '\000'}, S_un_w = {s_w1 = 0, s_w2 = 0}, S_addr = 0}}},
>>
>> That confirms my theory: the template is not yet initialized.
>>
>> A shot from the hips: does this patch help?
>>
> 
> Yeah the assertion doesn't fail anymore. Thanks.

Now I just need to invent some good "why this is correct"... ;)

Thanks for testing,
Jan


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]

Re: [Qemu-devel] [Bug 824650] [NEW] Latest GIT assert error in arp_table.c

[Roy Tam]

Hi,

2011/9/15 Jan Kiszka <jan.kiszka@web.de>:
> On 2011-09-15 15:20, Roy Tam wrote:
>> 2011/9/15 Jan Kiszka <jan.kiszka@web.de>:
>>> On 2011-09-15 14:05, Roy Tam wrote:
>>>> Here you go.
>>>>
>>>> sb16: warning: command 0xf,1 is not truly understood yet
>>>> sb16: warning: command 0xe,2 is not truly understood yet
>>>> [Switching to Thread 13840.0x3140]
>>>>
>>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=4294967295,
>>>>     out_ethaddr=0x20af64a "") at slirp/arp_table.c:75
>>>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>>> (gdb) c
>>>> Continuing.
>>>> [New Thread 13840.0x31b8]
>>>> [Switching to Thread 13840.0x3628]
>>>>
>>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=0,
>>>>     out_ethaddr=0x22f642 "\"") at slirp/arp_table.c:75
>>>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>>> (gdb) bt
>>>> #0  arp_table_search (slirp=0x19f7380, ip_addr=0, out_ethaddr=0x22f642 "\"")
>>>>     at slirp/arp_table.c:75
>>>> #1  0x004bafbd in if_encap (slirp=0x19f7488, ifm=0x2255978)
>>>>     at slirp/slirp.c:709
>>>> #2  0x004b8a73 in if_start (slirp=0x19f7380) at slirp/if.c:210
>>>> #3  0x004b9c9e in ip_output (so=0x2255978, m0=0x0) at slirp/ip_output.c:84
>>>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>>>> #5  0x004c09ad in tcp_drop (tp=0x1cac848, err=0) at slirp/tcp_subr.c:225
>>>> #6  0x004c1182 in tcp_timers (timer=<optimized out>, tp=<optimized out>)
>>>>     at slirp/tcp_timer.c:287
>>>> #7  tcp_slowtimo (slirp=0x0) at slirp/tcp_timer.c:88
>>>> #8  0x004bb6f1 in slirp_select_poll (readfds=0x22fae0, writefds=0x22f9dc,
>>>>     xfds=0x22f8d8, select_error=2291816) at slirp/slirp.c:433
>>>> #9  0x0048fb87 in main_loop_wait (nonblocking=0)
>>>>     at C:/msys/home/User/qemu/vl.c:1436
>>>> #10 0x00490d10 in main_loop () at C:/msys/home/User/qemu/vl.c:1466
>>>> #11 qemu_main (argc=0, argv=0x19f5100, envp=0x0)
>>>>     at C:/msys/home/User/qemu/vl.c:3453
>>>> #12 0x0049322d in SDL_main (argc=17, argv=0x19f5100)
>>>>     at C:/msys/home/User/qemu/vl.c:102
>>>> #13 0x005eb784 in console_main ()
>>>> #14 0x005eb844 in WinMain@16 ()
>>>> #15 0x005eb068 in main ()
>>>> (gdb) frame 4
>>>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>>>> 456             error = ip_output(so, m);
>>>> (gdb) print *tp
>>>> $1 = {seg_next = 0x1cac848, seg_prev = 0x1cac848, t_state = 0, t_timer = {0,
>>>>     0, 0, 0}, t_rxtshift = 0, t_rxtcur = 12, t_dupacks = 0, t_maxseg = 1460,
>>>>   t_force = 0 '\000', t_flags = 0, t_template = {ti_i = {ih_mbuf = {
>>>>         mptr = 0x0, dummy = 0}, ih_x1 = 0 '\000', ih_pr = 0 '\000',
>>>>       ih_len = 0, ih_src = {S_un = {S_un_b = {s_b1 = 0 '\000',
>>>>             s_b2 = 0 '\000', s_b3 = 0 '\000', s_b4 = 0 '\000'}, S_un_w = {
>>>>             s_w1 = 0, s_w2 = 0}, S_addr = 0}}, ih_dst = {S_un = {S_un_b = {
>>>>             s_b1 = 0 '\000', s_b2 = 0 '\000', s_b3 = 0 '\000',
>>>>             s_b4 = 0 '\000'}, S_un_w = {s_w1 = 0, s_w2 = 0}, S_addr = 0}}},
>>>
>>> That confirms my theory: the template is not yet initialized.
>>>
>>> A shot from the hips: does this patch help?
>>>
>>
>> Yeah the assertion doesn't fail anymore. Thanks.
>
> Now I just need to invent some good "why this is correct"... ;)
>
> Thanks for testing,

I just have time now to make some tests about -net user.
And I found that the User mode networking doesn't work anymore after
your slirp patch series.

> Jan
>
>

Re: [Qemu-devel] [Bug 824650] [NEW] Latest GIT assert error in arp_table.c

[Jan Kiszka]

On 2011-10-26 10:03, Roy Tam wrote:
> Hi,
> 
> 2011/9/15 Jan Kiszka <jan.kiszka@web.de>:
>> On 2011-09-15 15:20, Roy Tam wrote:
>>> 2011/9/15 Jan Kiszka <jan.kiszka@web.de>:
>>>> On 2011-09-15 14:05, Roy Tam wrote:
>>>>> Here you go.
>>>>>
>>>>> sb16: warning: command 0xf,1 is not truly understood yet
>>>>> sb16: warning: command 0xe,2 is not truly understood yet
>>>>> [Switching to Thread 13840.0x3140]
>>>>>
>>>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=4294967295,
>>>>>     out_ethaddr=0x20af64a "") at slirp/arp_table.c:75
>>>>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>>>> (gdb) c
>>>>> Continuing.
>>>>> [New Thread 13840.0x31b8]
>>>>> [Switching to Thread 13840.0x3628]
>>>>>
>>>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=0,
>>>>>     out_ethaddr=0x22f642 "\"") at slirp/arp_table.c:75
>>>>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>>>> (gdb) bt
>>>>> #0  arp_table_search (slirp=0x19f7380, ip_addr=0, out_ethaddr=0x22f642 "\"")
>>>>>     at slirp/arp_table.c:75
>>>>> #1  0x004bafbd in if_encap (slirp=0x19f7488, ifm=0x2255978)
>>>>>     at slirp/slirp.c:709
>>>>> #2  0x004b8a73 in if_start (slirp=0x19f7380) at slirp/if.c:210
>>>>> #3  0x004b9c9e in ip_output (so=0x2255978, m0=0x0) at slirp/ip_output.c:84
>>>>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>>>>> #5  0x004c09ad in tcp_drop (tp=0x1cac848, err=0) at slirp/tcp_subr.c:225
>>>>> #6  0x004c1182 in tcp_timers (timer=<optimized out>, tp=<optimized out>)
>>>>>     at slirp/tcp_timer.c:287
>>>>> #7  tcp_slowtimo (slirp=0x0) at slirp/tcp_timer.c:88
>>>>> #8  0x004bb6f1 in slirp_select_poll (readfds=0x22fae0, writefds=0x22f9dc,
>>>>>     xfds=0x22f8d8, select_error=2291816) at slirp/slirp.c:433
>>>>> #9  0x0048fb87 in main_loop_wait (nonblocking=0)
>>>>>     at C:/msys/home/User/qemu/vl.c:1436
>>>>> #10 0x00490d10 in main_loop () at C:/msys/home/User/qemu/vl.c:1466
>>>>> #11 qemu_main (argc=0, argv=0x19f5100, envp=0x0)
>>>>>     at C:/msys/home/User/qemu/vl.c:3453
>>>>> #12 0x0049322d in SDL_main (argc=17, argv=0x19f5100)
>>>>>     at C:/msys/home/User/qemu/vl.c:102
>>>>> #13 0x005eb784 in console_main ()
>>>>> #14 0x005eb844 in WinMain@16 ()
>>>>> #15 0x005eb068 in main ()
>>>>> (gdb) frame 4
>>>>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>>>>> 456             error = ip_output(so, m);
>>>>> (gdb) print *tp
>>>>> $1 = {seg_next = 0x1cac848, seg_prev = 0x1cac848, t_state = 0, t_timer = {0,
>>>>>     0, 0, 0}, t_rxtshift = 0, t_rxtcur = 12, t_dupacks = 0, t_maxseg = 1460,
>>>>>   t_force = 0 '\000', t_flags = 0, t_template = {ti_i = {ih_mbuf = {
>>>>>         mptr = 0x0, dummy = 0}, ih_x1 = 0 '\000', ih_pr = 0 '\000',
>>>>>       ih_len = 0, ih_src = {S_un = {S_un_b = {s_b1 = 0 '\000',
>>>>>             s_b2 = 0 '\000', s_b3 = 0 '\000', s_b4 = 0 '\000'}, S_un_w = {
>>>>>             s_w1 = 0, s_w2 = 0}, S_addr = 0}}, ih_dst = {S_un = {S_un_b = {
>>>>>             s_b1 = 0 '\000', s_b2 = 0 '\000', s_b3 = 0 '\000',
>>>>>             s_b4 = 0 '\000'}, S_un_w = {s_w1 = 0, s_w2 = 0}, S_addr = 0}}},
>>>>
>>>> That confirms my theory: the template is not yet initialized.
>>>>
>>>> A shot from the hips: does this patch help?
>>>>
>>>
>>> Yeah the assertion doesn't fail anymore. Thanks.
>>
>> Now I just need to invent some good "why this is correct"... ;)
>>
>> Thanks for testing,
> 
> I just have time now to make some tests about -net user.
> And I found that the User mode networking doesn't work anymore after
> your slirp patch series.

Can you be more verbose? What precisely does not work? Same setup as
before (host, guest, command line, steps to reproduce)? I'm not facing
problems here ATM.

Thanks,
Jan

-- 
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux

Re: [Qemu-devel] [Bug 824650] [NEW] Latest GIT assert error in arp_table.c

[Roy Tam]

Hi,

2011/10/26 Jan Kiszka <jan.kiszka@siemens.com>:
> On 2011-10-26 10:03, Roy Tam wrote:
>> Hi,
>>
>> 2011/9/15 Jan Kiszka <jan.kiszka@web.de>:
>>> On 2011-09-15 15:20, Roy Tam wrote:
>>>> 2011/9/15 Jan Kiszka <jan.kiszka@web.de>:
>>>>> On 2011-09-15 14:05, Roy Tam wrote:
>>>>>> Here you go.
>>>>>>
>>>>>> sb16: warning: command 0xf,1 is not truly understood yet
>>>>>> sb16: warning: command 0xe,2 is not truly understood yet
>>>>>> [Switching to Thread 13840.0x3140]
>>>>>>
>>>>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=4294967295,
>>>>>>     out_ethaddr=0x20af64a "") at slirp/arp_table.c:75
>>>>>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>>>>> (gdb) c
>>>>>> Continuing.
>>>>>> [New Thread 13840.0x31b8]
>>>>>> [Switching to Thread 13840.0x3628]
>>>>>>
>>>>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=0,
>>>>>>     out_ethaddr=0x22f642 "\"") at slirp/arp_table.c:75
>>>>>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>>>>> (gdb) bt
>>>>>> #0  arp_table_search (slirp=0x19f7380, ip_addr=0, out_ethaddr=0x22f642 "\"")
>>>>>>     at slirp/arp_table.c:75
>>>>>> #1  0x004bafbd in if_encap (slirp=0x19f7488, ifm=0x2255978)
>>>>>>     at slirp/slirp.c:709
>>>>>> #2  0x004b8a73 in if_start (slirp=0x19f7380) at slirp/if.c:210
>>>>>> #3  0x004b9c9e in ip_output (so=0x2255978, m0=0x0) at slirp/ip_output.c:84
>>>>>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>>>>>> #5  0x004c09ad in tcp_drop (tp=0x1cac848, err=0) at slirp/tcp_subr.c:225
>>>>>> #6  0x004c1182 in tcp_timers (timer=<optimized out>, tp=<optimized out>)
>>>>>>     at slirp/tcp_timer.c:287
>>>>>> #7  tcp_slowtimo (slirp=0x0) at slirp/tcp_timer.c:88
>>>>>> #8  0x004bb6f1 in slirp_select_poll (readfds=0x22fae0, writefds=0x22f9dc,
>>>>>>     xfds=0x22f8d8, select_error=2291816) at slirp/slirp.c:433
>>>>>> #9  0x0048fb87 in main_loop_wait (nonblocking=0)
>>>>>>     at C:/msys/home/User/qemu/vl.c:1436
>>>>>> #10 0x00490d10 in main_loop () at C:/msys/home/User/qemu/vl.c:1466
>>>>>> #11 qemu_main (argc=0, argv=0x19f5100, envp=0x0)
>>>>>>     at C:/msys/home/User/qemu/vl.c:3453
>>>>>> #12 0x0049322d in SDL_main (argc=17, argv=0x19f5100)
>>>>>>     at C:/msys/home/User/qemu/vl.c:102
>>>>>> #13 0x005eb784 in console_main ()
>>>>>> #14 0x005eb844 in WinMain@16 ()
>>>>>> #15 0x005eb068 in main ()
>>>>>> (gdb) frame 4
>>>>>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>>>>>> 456             error = ip_output(so, m);
>>>>>> (gdb) print *tp
>>>>>> $1 = {seg_next = 0x1cac848, seg_prev = 0x1cac848, t_state = 0, t_timer = {0,
>>>>>>     0, 0, 0}, t_rxtshift = 0, t_rxtcur = 12, t_dupacks = 0, t_maxseg = 1460,
>>>>>>   t_force = 0 '\000', t_flags = 0, t_template = {ti_i = {ih_mbuf = {
>>>>>>         mptr = 0x0, dummy = 0}, ih_x1 = 0 '\000', ih_pr = 0 '\000',
>>>>>>       ih_len = 0, ih_src = {S_un = {S_un_b = {s_b1 = 0 '\000',
>>>>>>             s_b2 = 0 '\000', s_b3 = 0 '\000', s_b4 = 0 '\000'}, S_un_w = {
>>>>>>             s_w1 = 0, s_w2 = 0}, S_addr = 0}}, ih_dst = {S_un = {S_un_b = {
>>>>>>             s_b1 = 0 '\000', s_b2 = 0 '\000', s_b3 = 0 '\000',
>>>>>>             s_b4 = 0 '\000'}, S_un_w = {s_w1 = 0, s_w2 = 0}, S_addr = 0}}},
>>>>>
>>>>> That confirms my theory: the template is not yet initialized.
>>>>>
>>>>> A shot from the hips: does this patch help?
>>>>>
>>>>
>>>> Yeah the assertion doesn't fail anymore. Thanks.
>>>
>>> Now I just need to invent some good "why this is correct"... ;)
>>>
>>> Thanks for testing,
>>
>> I just have time now to make some tests about -net user.
>> And I found that the User mode networking doesn't work anymore after
>> your slirp patch series.
>
> Can you be more verbose? What precisely does not work? Same setup as
> before (host, guest, command line, steps to reproduce)? I'm not facing
> problems here ATM.
>

QEMU Revision: 2011-10-12 (latest git give me an Assertion failed:
alarm_has_dynticks(t), file qemu-timer.c, line 139. Since there is no
change in slirp directory, it should apply to latest git)
gcc version:$ gcc -v
Target: mingw32
Configured with: ../gcc-4.3.3/configure --prefix=/mingw
--build=mingw32 --enable-languages=c,ada,c++,fortran,objc,obj-c++
--with-bugurl=http://www.tdragon.net/recentgcc/bugs.php --disable-nls
--disable-win32-registry --enable-libgomp --disable-werror
--enable-threads --disable-symvers
--enable-cxx-flags='-fno-function-sections -fno-data-sections'
--enable-fully-dynamic-string --enable-version-specific-runtime-libs
--enable-sjlj-exceptions --with-pkgversion='4.3.3-tdm-1 mingw32'
Thread model: win32
gcc version 4.3.3 (4.3.3-tdm-1 mingw32)
configure commandline: ./configure --target-list="i386-softmmu
x86_64-softmmu mips64el-softmmu" --audio-drv-list=sdl
--audio-card-list=ac97,sb16,adlib --disable-linux-aio
--enable-vnc-thread --disable-vnc-jpeg --extra-ldflags=-s
QEMU Host: Windows XP SP3
QEMU Guest: Windows XP SP3, Linux 2.6.38 (NIC: ne2k-pci, e1000)
commandline: qemu-system-i386 -hda xp.vmdk -soundhw sb16 -m 320
-localtime -usb -usbdevice tablet -net user -net nic,model=ne2k_pci

Symptoms:
Guest can lease IP from QEMU Virtual DHCP Server, but the outgoing
traffic are not working:
- 10.0.2.3 Virtual DNS Server doesn't respond any DNS query ("nslookup
www.google.com" fails with timeout message, "nslookup www.google.com
<host's dns server ip>" and "nslookup www.google.com 8.8.8.8" are also
failed)
- 10.0.2.2 Virtual Gateway is also unable to connect, only reply
pings. Other connections are timeout.
- 10.0.2.4 Virtual Samba Server is also unconnectable

My last worked build is 2011-9-09 build and it starts to fail since
2011-9-10 build.

> Thanks,
> Jan
>
> --
> Siemens AG, Corporate Technology, CT T DE IT 1
> Corporate Competence Center Embedded Linux
>

Re: [Qemu-devel] [Bug 824650] [NEW] Latest GIT assert error in arp_table.c

[Roy Tam]

2011/10/27 Roy Tam <roytam@gmail.com>:
> Hi,
>
> 2011/10/26 Jan Kiszka <jan.kiszka@siemens.com>:
>> On 2011-10-26 10:03, Roy Tam wrote:
>>> Hi,
>>>
>>> 2011/9/15 Jan Kiszka <jan.kiszka@web.de>:
>>>> On 2011-09-15 15:20, Roy Tam wrote:
>>>>> 2011/9/15 Jan Kiszka <jan.kiszka@web.de>:
>>>>>> On 2011-09-15 14:05, Roy Tam wrote:
>>>>>>> Here you go.
>>>>>>>
>>>>>>> sb16: warning: command 0xf,1 is not truly understood yet
>>>>>>> sb16: warning: command 0xe,2 is not truly understood yet
>>>>>>> [Switching to Thread 13840.0x3140]
>>>>>>>
>>>>>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=4294967295,
>>>>>>>     out_ethaddr=0x20af64a "") at slirp/arp_table.c:75
>>>>>>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>>>>>> (gdb) c
>>>>>>> Continuing.
>>>>>>> [New Thread 13840.0x31b8]
>>>>>>> [Switching to Thread 13840.0x3628]
>>>>>>>
>>>>>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=0,
>>>>>>>     out_ethaddr=0x22f642 "\"") at slirp/arp_table.c:75
>>>>>>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>>>>>> (gdb) bt
>>>>>>> #0  arp_table_search (slirp=0x19f7380, ip_addr=0, out_ethaddr=0x22f642 "\"")
>>>>>>>     at slirp/arp_table.c:75
>>>>>>> #1  0x004bafbd in if_encap (slirp=0x19f7488, ifm=0x2255978)
>>>>>>>     at slirp/slirp.c:709
>>>>>>> #2  0x004b8a73 in if_start (slirp=0x19f7380) at slirp/if.c:210
>>>>>>> #3  0x004b9c9e in ip_output (so=0x2255978, m0=0x0) at slirp/ip_output.c:84
>>>>>>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>>>>>>> #5  0x004c09ad in tcp_drop (tp=0x1cac848, err=0) at slirp/tcp_subr.c:225
>>>>>>> #6  0x004c1182 in tcp_timers (timer=<optimized out>, tp=<optimized out>)
>>>>>>>     at slirp/tcp_timer.c:287
>>>>>>> #7  tcp_slowtimo (slirp=0x0) at slirp/tcp_timer.c:88
>>>>>>> #8  0x004bb6f1 in slirp_select_poll (readfds=0x22fae0, writefds=0x22f9dc,
>>>>>>>     xfds=0x22f8d8, select_error=2291816) at slirp/slirp.c:433
>>>>>>> #9  0x0048fb87 in main_loop_wait (nonblocking=0)
>>>>>>>     at C:/msys/home/User/qemu/vl.c:1436
>>>>>>> #10 0x00490d10 in main_loop () at C:/msys/home/User/qemu/vl.c:1466
>>>>>>> #11 qemu_main (argc=0, argv=0x19f5100, envp=0x0)
>>>>>>>     at C:/msys/home/User/qemu/vl.c:3453
>>>>>>> #12 0x0049322d in SDL_main (argc=17, argv=0x19f5100)
>>>>>>>     at C:/msys/home/User/qemu/vl.c:102
>>>>>>> #13 0x005eb784 in console_main ()
>>>>>>> #14 0x005eb844 in WinMain@16 ()
>>>>>>> #15 0x005eb068 in main ()
>>>>>>> (gdb) frame 4
>>>>>>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>>>>>>> 456             error = ip_output(so, m);
>>>>>>> (gdb) print *tp
>>>>>>> $1 = {seg_next = 0x1cac848, seg_prev = 0x1cac848, t_state = 0, t_timer = {0,
>>>>>>>     0, 0, 0}, t_rxtshift = 0, t_rxtcur = 12, t_dupacks = 0, t_maxseg = 1460,
>>>>>>>   t_force = 0 '\000', t_flags = 0, t_template = {ti_i = {ih_mbuf = {
>>>>>>>         mptr = 0x0, dummy = 0}, ih_x1 = 0 '\000', ih_pr = 0 '\000',
>>>>>>>       ih_len = 0, ih_src = {S_un = {S_un_b = {s_b1 = 0 '\000',
>>>>>>>             s_b2 = 0 '\000', s_b3 = 0 '\000', s_b4 = 0 '\000'}, S_un_w = {
>>>>>>>             s_w1 = 0, s_w2 = 0}, S_addr = 0}}, ih_dst = {S_un = {S_un_b = {
>>>>>>>             s_b1 = 0 '\000', s_b2 = 0 '\000', s_b3 = 0 '\000',
>>>>>>>             s_b4 = 0 '\000'}, S_un_w = {s_w1 = 0, s_w2 = 0}, S_addr = 0}}},
>>>>>>
>>>>>> That confirms my theory: the template is not yet initialized.
>>>>>>
>>>>>> A shot from the hips: does this patch help?
>>>>>>
>>>>>
>>>>> Yeah the assertion doesn't fail anymore. Thanks.
>>>>
>>>> Now I just need to invent some good "why this is correct"... ;)
>>>>
>>>> Thanks for testing,
>>>
>>> I just have time now to make some tests about -net user.
>>> And I found that the User mode networking doesn't work anymore after
>>> your slirp patch series.
>>
>> Can you be more verbose? What precisely does not work? Same setup as
>> before (host, guest, command line, steps to reproduce)? I'm not facing
>> problems here ATM.
>>
>
> QEMU Revision: 2011-10-12 (latest git give me an Assertion failed:
> alarm_has_dynticks(t), file qemu-timer.c, line 139. Since there is no
> change in slirp directory, it should apply to latest git)
> gcc version:$ gcc -v
> Target: mingw32
> Configured with: ../gcc-4.3.3/configure --prefix=/mingw
> --build=mingw32 --enable-languages=c,ada,c++,fortran,objc,obj-c++
> --with-bugurl=http://www.tdragon.net/recentgcc/bugs.php --disable-nls
> --disable-win32-registry --enable-libgomp --disable-werror
> --enable-threads --disable-symvers
> --enable-cxx-flags='-fno-function-sections -fno-data-sections'
> --enable-fully-dynamic-string --enable-version-specific-runtime-libs
> --enable-sjlj-exceptions --with-pkgversion='4.3.3-tdm-1 mingw32'
> Thread model: win32
> gcc version 4.3.3 (4.3.3-tdm-1 mingw32)
> configure commandline: ./configure --target-list="i386-softmmu
> x86_64-softmmu mips64el-softmmu" --audio-drv-list=sdl
> --audio-card-list=ac97,sb16,adlib --disable-linux-aio
> --enable-vnc-thread --disable-vnc-jpeg --extra-ldflags=-s
> QEMU Host: Windows XP SP3
> QEMU Guest: Windows XP SP3, Linux 2.6.38 (NIC: ne2k-pci, e1000)
> commandline: qemu-system-i386 -hda xp.vmdk -soundhw sb16 -m 320
> -localtime -usb -usbdevice tablet -net user -net nic,model=ne2k_pci
>
> Symptoms:
> Guest can lease IP from QEMU Virtual DHCP Server, but the outgoing
> traffic are not working:
> - 10.0.2.3 Virtual DNS Server doesn't respond any DNS query ("nslookup
> www.google.com" fails with timeout message, "nslookup www.google.com
> <host's dns server ip>" and "nslookup www.google.com 8.8.8.8" are also
> failed)
> - 10.0.2.2 Virtual Gateway is also unable to connect, only reply
> pings. Other connections are timeout.
> - 10.0.2.4 Virtual Samba Server is also unconnectable
>
> My last worked build is 2011-9-09 build and it starts to fail since
> 2011-9-10 build.

And I'm tried on trying to build every revision. I can find the range
df00bed0fa30a6f5712456e7add783e470c534c9(ok) to
31ff5cc31b10a4a48f854d8e06090c49f92a6720(fail) only.

>
>> Thanks,
>> Jan
>>
>> --
>> Siemens AG, Corporate Technology, CT T DE IT 1
>> Corporate Competence Center Embedded Linux
>>
>

Re: [Qemu-devel] [Bug 824650] [NEW] Latest GIT assert error in arp_table.c

[Jan Kiszka]

On 2011-10-27 05:21, Roy Tam wrote:
> 2011/10/27 Roy Tam <roytam@gmail.com>:
>> Hi,
>>
>> 2011/10/26 Jan Kiszka <jan.kiszka@siemens.com>:
>>> On 2011-10-26 10:03, Roy Tam wrote:
>>>> Hi,
>>>>
>>>> 2011/9/15 Jan Kiszka <jan.kiszka@web.de>:
>>>>> On 2011-09-15 15:20, Roy Tam wrote:
>>>>>> 2011/9/15 Jan Kiszka <jan.kiszka@web.de>:
>>>>>>> On 2011-09-15 14:05, Roy Tam wrote:
>>>>>>>> Here you go.
>>>>>>>>
>>>>>>>> sb16: warning: command 0xf,1 is not truly understood yet
>>>>>>>> sb16: warning: command 0xe,2 is not truly understood yet
>>>>>>>> [Switching to Thread 13840.0x3140]
>>>>>>>>
>>>>>>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=4294967295,
>>>>>>>>     out_ethaddr=0x20af64a "") at slirp/arp_table.c:75
>>>>>>>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>>>>>>> (gdb) c
>>>>>>>> Continuing.
>>>>>>>> [New Thread 13840.0x31b8]
>>>>>>>> [Switching to Thread 13840.0x3628]
>>>>>>>>
>>>>>>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=0,
>>>>>>>>     out_ethaddr=0x22f642 "\"") at slirp/arp_table.c:75
>>>>>>>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>>>>>>> (gdb) bt
>>>>>>>> #0  arp_table_search (slirp=0x19f7380, ip_addr=0, out_ethaddr=0x22f642 "\"")
>>>>>>>>     at slirp/arp_table.c:75
>>>>>>>> #1  0x004bafbd in if_encap (slirp=0x19f7488, ifm=0x2255978)
>>>>>>>>     at slirp/slirp.c:709
>>>>>>>> #2  0x004b8a73 in if_start (slirp=0x19f7380) at slirp/if.c:210
>>>>>>>> #3  0x004b9c9e in ip_output (so=0x2255978, m0=0x0) at slirp/ip_output.c:84
>>>>>>>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>>>>>>>> #5  0x004c09ad in tcp_drop (tp=0x1cac848, err=0) at slirp/tcp_subr.c:225
>>>>>>>> #6  0x004c1182 in tcp_timers (timer=<optimized out>, tp=<optimized out>)
>>>>>>>>     at slirp/tcp_timer.c:287
>>>>>>>> #7  tcp_slowtimo (slirp=0x0) at slirp/tcp_timer.c:88
>>>>>>>> #8  0x004bb6f1 in slirp_select_poll (readfds=0x22fae0, writefds=0x22f9dc,
>>>>>>>>     xfds=0x22f8d8, select_error=2291816) at slirp/slirp.c:433
>>>>>>>> #9  0x0048fb87 in main_loop_wait (nonblocking=0)
>>>>>>>>     at C:/msys/home/User/qemu/vl.c:1436
>>>>>>>> #10 0x00490d10 in main_loop () at C:/msys/home/User/qemu/vl.c:1466
>>>>>>>> #11 qemu_main (argc=0, argv=0x19f5100, envp=0x0)
>>>>>>>>     at C:/msys/home/User/qemu/vl.c:3453
>>>>>>>> #12 0x0049322d in SDL_main (argc=17, argv=0x19f5100)
>>>>>>>>     at C:/msys/home/User/qemu/vl.c:102
>>>>>>>> #13 0x005eb784 in console_main ()
>>>>>>>> #14 0x005eb844 in WinMain@16 ()
>>>>>>>> #15 0x005eb068 in main ()
>>>>>>>> (gdb) frame 4
>>>>>>>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>>>>>>>> 456             error = ip_output(so, m);
>>>>>>>> (gdb) print *tp
>>>>>>>> $1 = {seg_next = 0x1cac848, seg_prev = 0x1cac848, t_state = 0, t_timer = {0,
>>>>>>>>     0, 0, 0}, t_rxtshift = 0, t_rxtcur = 12, t_dupacks = 0, t_maxseg = 1460,
>>>>>>>>   t_force = 0 '\000', t_flags = 0, t_template = {ti_i = {ih_mbuf = {
>>>>>>>>         mptr = 0x0, dummy = 0}, ih_x1 = 0 '\000', ih_pr = 0 '\000',
>>>>>>>>       ih_len = 0, ih_src = {S_un = {S_un_b = {s_b1 = 0 '\000',
>>>>>>>>             s_b2 = 0 '\000', s_b3 = 0 '\000', s_b4 = 0 '\000'}, S_un_w = {
>>>>>>>>             s_w1 = 0, s_w2 = 0}, S_addr = 0}}, ih_dst = {S_un = {S_un_b = {
>>>>>>>>             s_b1 = 0 '\000', s_b2 = 0 '\000', s_b3 = 0 '\000',
>>>>>>>>             s_b4 = 0 '\000'}, S_un_w = {s_w1 = 0, s_w2 = 0}, S_addr = 0}}},
>>>>>>>
>>>>>>> That confirms my theory: the template is not yet initialized.
>>>>>>>
>>>>>>> A shot from the hips: does this patch help?
>>>>>>>
>>>>>>
>>>>>> Yeah the assertion doesn't fail anymore. Thanks.
>>>>>
>>>>> Now I just need to invent some good "why this is correct"... ;)
>>>>>
>>>>> Thanks for testing,
>>>>
>>>> I just have time now to make some tests about -net user.
>>>> And I found that the User mode networking doesn't work anymore after
>>>> your slirp patch series.
>>>
>>> Can you be more verbose? What precisely does not work? Same setup as
>>> before (host, guest, command line, steps to reproduce)? I'm not facing
>>> problems here ATM.
>>>
>>
>> QEMU Revision: 2011-10-12 (latest git give me an Assertion failed:
>> alarm_has_dynticks(t), file qemu-timer.c, line 139. Since there is no
>> change in slirp directory, it should apply to latest git)
>> gcc version:$ gcc -v
>> Target: mingw32
>> Configured with: ../gcc-4.3.3/configure --prefix=/mingw
>> --build=mingw32 --enable-languages=c,ada,c++,fortran,objc,obj-c++
>> --with-bugurl=http://www.tdragon.net/recentgcc/bugs.php --disable-nls
>> --disable-win32-registry --enable-libgomp --disable-werror
>> --enable-threads --disable-symvers
>> --enable-cxx-flags='-fno-function-sections -fno-data-sections'
>> --enable-fully-dynamic-string --enable-version-specific-runtime-libs
>> --enable-sjlj-exceptions --with-pkgversion='4.3.3-tdm-1 mingw32'
>> Thread model: win32
>> gcc version 4.3.3 (4.3.3-tdm-1 mingw32)
>> configure commandline: ./configure --target-list="i386-softmmu
>> x86_64-softmmu mips64el-softmmu" --audio-drv-list=sdl
>> --audio-card-list=ac97,sb16,adlib --disable-linux-aio
>> --enable-vnc-thread --disable-vnc-jpeg --extra-ldflags=-s
>> QEMU Host: Windows XP SP3
>> QEMU Guest: Windows XP SP3, Linux 2.6.38 (NIC: ne2k-pci, e1000)
>> commandline: qemu-system-i386 -hda xp.vmdk -soundhw sb16 -m 320
>> -localtime -usb -usbdevice tablet -net user -net nic,model=ne2k_pci
>>
>> Symptoms:
>> Guest can lease IP from QEMU Virtual DHCP Server, but the outgoing
>> traffic are not working:
>> - 10.0.2.3 Virtual DNS Server doesn't respond any DNS query ("nslookup
>> www.google.com" fails with timeout message, "nslookup www.google.com
>> <host's dns server ip>" and "nslookup www.google.com 8.8.8.8" are also
>> failed)
>> - 10.0.2.2 Virtual Gateway is also unable to connect, only reply
>> pings. Other connections are timeout.
>> - 10.0.2.4 Virtual Samba Server is also unconnectable
>>
>> My last worked build is 2011-9-09 build and it starts to fail since
>> 2011-9-10 build.
> 
> And I'm tried on trying to build every revision. I can find the range
> df00bed0fa30a6f5712456e7add783e470c534c9(ok) to
> 31ff5cc31b10a4a48f854d8e06090c49f92a6720(fail) only.

The second hash appears to be a blob rather than a commit.

I've just re-tested current git head () with a WinXP guest, and it
happily receives dns replies, can ping to the outer world, and connect
to the web.

Could you collect a trace of the host-guest communication, e.g. via the
dump plugin ('-net dump')?

Thanks,
Jan

-- 
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux

Re: [Qemu-devel] [Bug 824650] [NEW] Latest GIT assert error in arp_table.c

[Roy Tam]

2011/10/27 Jan Kiszka <jan.kiszka@siemens.com>:
> On 2011-10-27 05:21, Roy Tam wrote:
>> 2011/10/27 Roy Tam <roytam@gmail.com>:
>>> Hi,
>>>
>>> 2011/10/26 Jan Kiszka <jan.kiszka@siemens.com>:
>>>> On 2011-10-26 10:03, Roy Tam wrote:
>>>>> Hi,
>>>>>
>>>>> 2011/9/15 Jan Kiszka <jan.kiszka@web.de>:
>>>>>> On 2011-09-15 15:20, Roy Tam wrote:
>>>>>>> 2011/9/15 Jan Kiszka <jan.kiszka@web.de>:
>>>>>>>> On 2011-09-15 14:05, Roy Tam wrote:
>>>>>>>>> Here you go.
>>>>>>>>>
>>>>>>>>> sb16: warning: command 0xf,1 is not truly understood yet
>>>>>>>>> sb16: warning: command 0xe,2 is not truly understood yet
>>>>>>>>> [Switching to Thread 13840.0x3140]
>>>>>>>>>
>>>>>>>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=4294967295,
>>>>>>>>>     out_ethaddr=0x20af64a "") at slirp/arp_table.c:75
>>>>>>>>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>>>>>>>> (gdb) c
>>>>>>>>> Continuing.
>>>>>>>>> [New Thread 13840.0x31b8]
>>>>>>>>> [Switching to Thread 13840.0x3628]
>>>>>>>>>
>>>>>>>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=0,
>>>>>>>>>     out_ethaddr=0x22f642 "\"") at slirp/arp_table.c:75
>>>>>>>>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>>>>>>>> (gdb) bt
>>>>>>>>> #0  arp_table_search (slirp=0x19f7380, ip_addr=0, out_ethaddr=0x22f642 "\"")
>>>>>>>>>     at slirp/arp_table.c:75
>>>>>>>>> #1  0x004bafbd in if_encap (slirp=0x19f7488, ifm=0x2255978)
>>>>>>>>>     at slirp/slirp.c:709
>>>>>>>>> #2  0x004b8a73 in if_start (slirp=0x19f7380) at slirp/if.c:210
>>>>>>>>> #3  0x004b9c9e in ip_output (so=0x2255978, m0=0x0) at slirp/ip_output.c:84
>>>>>>>>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>>>>>>>>> #5  0x004c09ad in tcp_drop (tp=0x1cac848, err=0) at slirp/tcp_subr.c:225
>>>>>>>>> #6  0x004c1182 in tcp_timers (timer=<optimized out>, tp=<optimized out>)
>>>>>>>>>     at slirp/tcp_timer.c:287
>>>>>>>>> #7  tcp_slowtimo (slirp=0x0) at slirp/tcp_timer.c:88
>>>>>>>>> #8  0x004bb6f1 in slirp_select_poll (readfds=0x22fae0, writefds=0x22f9dc,
>>>>>>>>>     xfds=0x22f8d8, select_error=2291816) at slirp/slirp.c:433
>>>>>>>>> #9  0x0048fb87 in main_loop_wait (nonblocking=0)
>>>>>>>>>     at C:/msys/home/User/qemu/vl.c:1436
>>>>>>>>> #10 0x00490d10 in main_loop () at C:/msys/home/User/qemu/vl.c:1466
>>>>>>>>> #11 qemu_main (argc=0, argv=0x19f5100, envp=0x0)
>>>>>>>>>     at C:/msys/home/User/qemu/vl.c:3453
>>>>>>>>> #12 0x0049322d in SDL_main (argc=17, argv=0x19f5100)
>>>>>>>>>     at C:/msys/home/User/qemu/vl.c:102
>>>>>>>>> #13 0x005eb784 in console_main ()
>>>>>>>>> #14 0x005eb844 in WinMain@16 ()
>>>>>>>>> #15 0x005eb068 in main ()
>>>>>>>>> (gdb) frame 4
>>>>>>>>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>>>>>>>>> 456             error = ip_output(so, m);
>>>>>>>>> (gdb) print *tp
>>>>>>>>> $1 = {seg_next = 0x1cac848, seg_prev = 0x1cac848, t_state = 0, t_timer = {0,
>>>>>>>>>     0, 0, 0}, t_rxtshift = 0, t_rxtcur = 12, t_dupacks = 0, t_maxseg = 1460,
>>>>>>>>>   t_force = 0 '\000', t_flags = 0, t_template = {ti_i = {ih_mbuf = {
>>>>>>>>>         mptr = 0x0, dummy = 0}, ih_x1 = 0 '\000', ih_pr = 0 '\000',
>>>>>>>>>       ih_len = 0, ih_src = {S_un = {S_un_b = {s_b1 = 0 '\000',
>>>>>>>>>             s_b2 = 0 '\000', s_b3 = 0 '\000', s_b4 = 0 '\000'}, S_un_w = {
>>>>>>>>>             s_w1 = 0, s_w2 = 0}, S_addr = 0}}, ih_dst = {S_un = {S_un_b = {
>>>>>>>>>             s_b1 = 0 '\000', s_b2 = 0 '\000', s_b3 = 0 '\000',
>>>>>>>>>             s_b4 = 0 '\000'}, S_un_w = {s_w1 = 0, s_w2 = 0}, S_addr = 0}}},
>>>>>>>>
>>>>>>>> That confirms my theory: the template is not yet initialized.
>>>>>>>>
>>>>>>>> A shot from the hips: does this patch help?
>>>>>>>>
>>>>>>>
>>>>>>> Yeah the assertion doesn't fail anymore. Thanks.
>>>>>>
>>>>>> Now I just need to invent some good "why this is correct"... ;)
>>>>>>
>>>>>> Thanks for testing,
>>>>>
>>>>> I just have time now to make some tests about -net user.
>>>>> And I found that the User mode networking doesn't work anymore after
>>>>> your slirp patch series.
>>>>
>>>> Can you be more verbose? What precisely does not work? Same setup as
>>>> before (host, guest, command line, steps to reproduce)? I'm not facing
>>>> problems here ATM.
>>>>
>>>
>>> QEMU Revision: 2011-10-12 (latest git give me an Assertion failed:
>>> alarm_has_dynticks(t), file qemu-timer.c, line 139. Since there is no
>>> change in slirp directory, it should apply to latest git)
>>> gcc version:$ gcc -v
>>> Target: mingw32
>>> Configured with: ../gcc-4.3.3/configure --prefix=/mingw
>>> --build=mingw32 --enable-languages=c,ada,c++,fortran,objc,obj-c++
>>> --with-bugurl=http://www.tdragon.net/recentgcc/bugs.php --disable-nls
>>> --disable-win32-registry --enable-libgomp --disable-werror
>>> --enable-threads --disable-symvers
>>> --enable-cxx-flags='-fno-function-sections -fno-data-sections'
>>> --enable-fully-dynamic-string --enable-version-specific-runtime-libs
>>> --enable-sjlj-exceptions --with-pkgversion='4.3.3-tdm-1 mingw32'
>>> Thread model: win32
>>> gcc version 4.3.3 (4.3.3-tdm-1 mingw32)
>>> configure commandline: ./configure --target-list="i386-softmmu
>>> x86_64-softmmu mips64el-softmmu" --audio-drv-list=sdl
>>> --audio-card-list=ac97,sb16,adlib --disable-linux-aio
>>> --enable-vnc-thread --disable-vnc-jpeg --extra-ldflags=-s
>>> QEMU Host: Windows XP SP3
>>> QEMU Guest: Windows XP SP3, Linux 2.6.38 (NIC: ne2k-pci, e1000)
>>> commandline: qemu-system-i386 -hda xp.vmdk -soundhw sb16 -m 320
>>> -localtime -usb -usbdevice tablet -net user -net nic,model=ne2k_pci
>>>
>>> Symptoms:
>>> Guest can lease IP from QEMU Virtual DHCP Server, but the outgoing
>>> traffic are not working:
>>> - 10.0.2.3 Virtual DNS Server doesn't respond any DNS query ("nslookup
>>> www.google.com" fails with timeout message, "nslookup www.google.com
>>> <host's dns server ip>" and "nslookup www.google.com 8.8.8.8" are also
>>> failed)
>>> - 10.0.2.2 Virtual Gateway is also unable to connect, only reply
>>> pings. Other connections are timeout.
>>> - 10.0.2.4 Virtual Samba Server is also unconnectable
>>>
>>> My last worked build is 2011-9-09 build and it starts to fail since
>>> 2011-9-10 build.
>>
>> And I'm tried on trying to build every revision. I can find the range
>> df00bed0fa30a6f5712456e7add783e470c534c9(ok) to
>> 31ff5cc31b10a4a48f854d8e06090c49f92a6720(fail) only.
>
> The second hash appears to be a blob rather than a commit.
>
> I've just re-tested current git head () with a WinXP guest, and it
> happily receives dns replies, can ping to the outer world, and connect
> to the web.
>

I wonder if it is a non-QEMU issue(say, glib issue) or a QEMU-Host issue.
As I have no Linux environment to test here.

> Could you collect a trace of the host-guest communication, e.g. via the
> dump plugin ('-net dump')?
>

Sure.
http://rthost.fam.cx/tmp/qemu-vlan0.pcap

> Thanks,
> Jan
>
> --
> Siemens AG, Corporate Technology, CT T DE IT 1
> Corporate Competence Center Embedded Linux
>

[Qemu-devel] [Bug 824650] Re: Latest GIT assert error in arp_table.c

[AleksTJ@gmail.com]

qemu-system-i386 -m 320 -hda mikrotik.img
qemu-system-i386: slirp/arp_table.c:75: arp_table_search: Assertion `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000) >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) | (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) : "0" (__x)); __v; }))) != 0' failed.
Аварийный останов

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/824650

Title:
  Latest GIT assert error in arp_table.c

Status in QEMU:
  New

Bug description:
  The latest git version of qemu (commit
  8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
  All was fine up to a few days ago.  This is wth both x86 and sparc
  emulation, on an x86_64 host.

  e.g. qemu-system-sparc -drive
  file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
  -nographic -redir tcp:2232::22:

   qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
  `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf
  << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000)
  >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
  (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
  "0" (__x)); __v; }))) != 0' failed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions

[Qemu-devel] [Bug 824650] Re: Latest GIT assert error in arp_table.c

[Bjoern Bornemann]

Hey Guys,

I have the same problem.
Installing the VM was pretty fine, no problems at all but when I try to start this VM, which is supposed to run a Mikrotik "RouterOS" it fails with the known error message. So far this error can only be reproduced by installing this special OS. All other OS like Windows XP and several Linux distributions etc work fine.

I also checked the "tcp_input.c" file in the qemu source directory for
the given line, which is supposed to be the patch. And it  was of course
allready within that file.

okay now to my specs:

Host:
     CPU: Intel Core2Duo
     RAM: 4GB
     Lenovo ThinkPad T61

     OS: Slackware 13.1
     kernel: 3.0
     qemu: 1.0

the pcap file is attached to this note. Allthough it is no very big 24
byte only


** Attachment added: "qemu-vlan0.pcap"
   https://bugs.launchpad.net/qemu/+bug/824650/+attachment/2722230/+files/qemu-vlan0.pcap

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/824650

Title:
  Latest GIT assert error in arp_table.c

Status in QEMU:
  New

Bug description:
  The latest git version of qemu (commit
  8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
  All was fine up to a few days ago.  This is wth both x86 and sparc
  emulation, on an x86_64 host.

  e.g. qemu-system-sparc -drive
  file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
  -nographic -redir tcp:2232::22:

   qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
  `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf
  << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000)
  >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
  (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
  "0" (__x)); __v; }))) != 0' failed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions

[Qemu-devel] [Bug 824650] Re: Latest GIT assert error in arp_table.c

[Bjoern Bornemann]

okay I forgot to post the qemu command here it is:

 qemu-system-i386 -balloon none -smbios type=0,vendor=Lenovo,version=7LETC6WW,date=05/11/2009,release=2.38 \
-smbios type=1,manufacturer=Lenovo,product=8896AB5,version=ThinkPadT61,serial=L3C3845,uuid=5D867F81-4A91-11CB-90B0-BF62749B684D,family=ThinkPadT61 \
-drive file=/var/vm/machines/RouterOS-ROS/System-5G_RouterOS-ROS.hdd -no-frame -vga vmware -monitor stdio -cdrom /var/vm/iso/mikrotik-4.17.iso \
-m 256 -boot menu=on -net nic,model=e1000,macaddr=52:54:00:BE:4E:B7 -net user,net=192.168.255.0/24 -net nic,model=e1000,macaddr=52:54:00:E5:AC:3A \
-net vde,sock=/var/vm/vde/vHOME -rtc base=localtime -name RouterOS-ROS -writeconfig /var/vm/machines/RouterOS-ROS/RouterOS-ROS.cfg -machine type=pc \
-cpu core2duo

It doesn't matter if I use the VDE Socket or not. The Error occures everytime with every configuration.
I even changed the NIC model to "rtl8139 | virtio | pcnet"

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/824650

Title:
  Latest GIT assert error in arp_table.c

Status in QEMU:
  New

Bug description:
  The latest git version of qemu (commit
  8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
  All was fine up to a few days ago.  This is wth both x86 and sparc
  emulation, on an x86_64 host.

  e.g. qemu-system-sparc -drive
  file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
  -nographic -redir tcp:2232::22:

   qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
  `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf
  << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000)
  >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
  (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
  "0" (__x)); __v; }))) != 0' failed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions

[Qemu-devel] [Bug 824650] Re: Latest GIT assert error in arp_table.c

[Bjoern Bornemann]

slirp/ip_icmp.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/slirp/ip_icmp.c b/slirp/ip_icmp.c
index 4b43994..5dbf21d 100644
--- a/slirp/ip_icmp.c
+++ b/slirp/ip_icmp.c
@@ -262,6 +262,11 @@ icmp_error(struct mbuf *msrc, u_char type, u_char code, int minsize,
 #endif
   if(ip->ip_off & IP_OFFMASK) goto end_error;    /* Only reply to fragment 0 */
 
+  /* Do not reply to source-only IPs */
+  if ((ip->ip_src.s_addr & htonl(~(0xf << 28))) == 0) {
+      goto end_error;
+  }
+
   shlen=ip->ip_hl << 2;
   s_ip_len=ip->ip_len;
   if(ip->ip_p == IPPROTO_ICMP) {


Fix seem to work. No crashes so far.


Thanks a lot to Jan Kiszka

** Changed in: qemu
       Status: New => Fix Committed

** Changed in: qemu
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/824650

Title:
  Latest GIT assert error in arp_table.c

Status in QEMU:
  Fix Released

Bug description:
  The latest git version of qemu (commit
  8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
  All was fine up to a few days ago.  This is wth both x86 and sparc
  emulation, on an x86_64 host.

  e.g. qemu-system-sparc -drive
  file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
  -nographic -redir tcp:2232::22:

   qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
  `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf
  << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000)
  >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
  (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
  "0" (__x)); __v; }))) != 0' failed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions

[Qemu-devel] [Bug 824650] Re: Latest GIT assert error in arp_table.c

[Solitaire]

I'm getting the following error:

qemu-system-arm: slirp/arp_table.c:41: arp_table_add: Assertion `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000) >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) | (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) : "0" (__x)); __v; }))) != 0' failed.
Aborted

Here is the command i'm running:

qemu-system-arm -M versatilepb -cpu arm11mpcore -m 256 -hda
debian6-17-02-2012.img -kernel zImage_3.1.9 -append "root=/dev/sda2"

The version of qemu was compiled from source today from the latest git
so the above patch was already in place.

Running Ubuntu 11.10
Intel Celeron CPU  550  @ 2.00GHz
2Gb ram

If you need any more info let me know...

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/824650

Title:
  Latest GIT assert error in arp_table.c

Status in QEMU:
  Fix Released

Bug description:
  The latest git version of qemu (commit
  8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
  All was fine up to a few days ago.  This is wth both x86 and sparc
  emulation, on an x86_64 host.

  e.g. qemu-system-sparc -drive
  file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
  -nographic -redir tcp:2232::22:

   qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
  `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf
  << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000)
  >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
  (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
  "0" (__x)); __v; }))) != 0' failed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions

[Qemu-devel] [Bug 824650] Re: Latest GIT assert error in arp_table.c

[Bjoern Bornemann]

hey solitaire,

just add the 5 lines mentioned in my post above to "slirp/ip_icmp.c"
source code file, recompile qemu and that's it.

this worked pretty fine for me so far.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/824650

Title:
  Latest GIT assert error in arp_table.c

Status in QEMU:
  Fix Released

Bug description:
  The latest git version of qemu (commit
  8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
  All was fine up to a few days ago.  This is wth both x86 and sparc
  emulation, on an x86_64 host.

  e.g. qemu-system-sparc -drive
  file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
  -nographic -redir tcp:2232::22:

   qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
  `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf
  << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000)
  >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
  (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
  "0" (__x)); __v; }))) != 0' failed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions

[Qemu-devel] [Bug 824650] Re: Latest GIT assert error in arp_table.c

[Solitaire]

Thanks.

The 5 lines in the patch are already there. (checked and recompiled,
still the same error!)

Got a work around at the moment by adding  "-net none" to the command.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/824650

Title:
  Latest GIT assert error in arp_table.c

Status in QEMU:
  Fix Released

Bug description:
  The latest git version of qemu (commit
  8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
  All was fine up to a few days ago.  This is wth both x86 and sparc
  emulation, on an x86_64 host.

  e.g. qemu-system-sparc -drive
  file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
  -nographic -redir tcp:2232::22:

   qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
  `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf
  << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000)
  >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
  (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
  "0" (__x)); __v; }))) != 0' failed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions

[Qemu-devel] [Bug 824650] Re: Latest GIT assert error in arp_table.c

[Roy Tam]

let me make comment on current git (v1.0-1172-g235fe3b), my XP SP3 -net dump is attached.
You can see slirp almost not returning anything to guest (10.0.2.15), while the outgoing packets seem to be delivered correctly.

** Attachment added: "net dump from v1.0-1172-g235fe3b with XP SP3 guest"
   https://bugs.launchpad.net/qemu/+bug/824650/+attachment/2777445/+files/qemu-vlan0.pcap

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/824650

Title:
  Latest GIT assert error in arp_table.c

Status in QEMU:
  Fix Released

Bug description:
  The latest git version of qemu (commit
  8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
  All was fine up to a few days ago.  This is wth both x86 and sparc
  emulation, on an x86_64 host.

  e.g. qemu-system-sparc -drive
  file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
  -nographic -redir tcp:2232::22:

   qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
  `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf
  << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000)
  >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
  (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
  "0" (__x)); __v; }))) != 0' failed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions