From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:45813) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1R49ZW-0008Kl-6e for qemu-devel@nongnu.org; Thu, 15 Sep 2011 06:53:35 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1R49ZU-0001dk-FF for qemu-devel@nongnu.org; Thu, 15 Sep 2011 06:53:34 -0400 Received: from mail-ww0-f53.google.com ([74.125.82.53]:59183) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1R49ZU-0001d8-7M for qemu-devel@nongnu.org; Thu, 15 Sep 2011 06:53:32 -0400 Received: by wwg14 with SMTP id 14so3137877wwg.10 for ; Thu, 15 Sep 2011 03:53:31 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <4E71D72F.1020401@web.de> References: <20110811164621.32220.49907.malonedeb@chaenomeles.canonical.com> <4E719C36.8030903@web.de> <4E71D72F.1020401@web.de> From: Roy Tam Date: Thu, 15 Sep 2011 18:53:11 +0800 Message-ID: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] [Bug 824650] [NEW] Latest GIT assert error in arp_table.c List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Jan Kiszka Cc: Bug 824650 <824650@bugs.launchpad.net>, qemu-devel@nongnu.org 2011/9/15 Jan Kiszka : > On 2011-09-15 09:38, Roy Tam wrote: >> 2011/9/15 Jan Kiszka : >>> On 2011-09-15 06:11, Roy Tam wrote: >>>> 2011/8/12 Nigel Horne <824650@bugs.launchpad.net>: >>>>> Public bug reported: >>>>> >>>>> The latest git version of qemu (commit >>>>> 8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes= . >>>>> All was fine up to a few days ago. =A0This is wth both x86 and sparc >>>>> emulation, on an x86_64 host. >>>>> >>>>> e.g. qemu-system-sparc -drive >>>>> file=3Dnetbsd5.0.2-sparc,index=3D0,media=3Ddisk,cache=3Dunsafe -m 256= -boot c >>>>> -nographic -redir tcp:2232::22: >>>>> >>>>> =A0qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Asserti= on >>>>> `(ip_addr & (__extension__ ({ register unsigned int __v, __x =3D (~(0= xf << >>>>> 28)); if (__builtin_constant_p (__x)) __v =3D ((((__x) & 0xff000000) = >> >>>>> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) | >>>>> (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=3Dr" (__v= ) : >>>>> "0" (__x)); __v; }))) !=3D 0' failed. >>>>> >>>>> ** Affects: qemu >>>>> =A0 =A0 Importance: Undecided >>>>> =A0 =A0 =A0 =A0 Status: New >>>>> >>>>> -- >>>>> You received this bug notification because you are a member of qemu- >>>>> devel-ml, which is subscribed to QEMU. >>>>> https://bugs.launchpad.net/bugs/824650 >>>>> >>>>> Title: >>>>> =A0Latest GIT assert error in arp_table.c >>>>> >>>>> Status in QEMU: >>>>> =A0New >>>>> >>>>> Bug description: >>>>> =A0The latest git version of qemu (commit >>>>> =A08cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minu= tes. >>>>> =A0All was fine up to a few days ago. =A0This is wth both x86 and spa= rc >>>>> =A0emulation, on an x86_64 host. >>>>> >>>>> =A0e.g. qemu-system-sparc -drive >>>>> =A0file=3Dnetbsd5.0.2-sparc,index=3D0,media=3Ddisk,cache=3Dunsafe -m = 256 -boot c >>>>> =A0-nographic -redir tcp:2232::22: >>>>> >>>>> =A0 qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assert= ion >>>>> =A0`(ip_addr & (__extension__ ({ register unsigned int __v, __x =3D (= ~(0xf >>>>> =A0<< 28)); if (__builtin_constant_p (__x)) __v =3D ((((__x) & 0xff00= 0000) >>>>> =A0>> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8)= | >>>>> =A0(((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=3Dr" (= __v) : >>>>> =A0"0" (__x)); __v; }))) !=3D 0' failed. >>>>> >>>>> To manage notifications about this bug go to: >>>>> https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions >>>>> >>>>> >>>> >>>> I'm hitting same assertion too. >>>> >>>> Assertion failed: (ip_addr & htonl(~(0xf << 28))) !=3D 0, file >>>> slirp/arp_table.c, line 75 >>>> >>>> Environment: Win XP SP3 host, MinGW gcc 4.3.3-tdm-1 >>>> Build: qemu.git rev 44520db10b1b92f272348ab7028e7afc68ac3edf >>>> CommandLine: qemu -hda e:\xp.vmdk -soundhw sb16 -m 320 -localtime -usb >>>> -usbdevice tablet -net user -net nic,model=3Dne2k_pci -drive >>>> if=3Dnone,id=3Dusbstick,file=3De:\4m.img -device >>>> usb-storage,bus=3Dusb.0,drive=3Dusbstick >>> >>> Same request here: Please try to catch a bit more context (backtrace, >>> variable states etc.) via gdb. Or if you have a way to reproduce the >>> issue, let me know the details. >>> >>> Thanks, >>> Jan >>> >>> >> >> Hope it helps. >> >> C:\msys\home\User\qemu>gdb --args i386-softmmu\qemu-system-i386.exe >> -hda i386-softmmu\xp.vmdk -soundhw sb16 -m 320 -localtime -usb >> -usbdevice tablet -net user -net nic,model=3Dne2k_pci -L pc-bios >> GNU gdb (GDB) 7.3 >> Copyright (C) 2011 Free Software Foundation, Inc. >> License GPLv3+: GNU GPL version 3 or later >> This is free software: you are free to change and redistribute it. >> There is NO WARRANTY, to the extent permitted by law. =A0Type "show copy= ing" >> and "show warranty" for details. >> This GDB was configured as "mingw32". >> For bug reporting instructions, please see: >> ... >> Reading symbols from C:\msys\home\User\qemu/i386-softmmu\qemu-system-i38= 6.exe... >> done. >> (gdb) list:arp_table.c:75 >> No source file named . >> (gdb) list arp_table.c:75 >> 70 >> 71 =A0 =A0 =A0 =A0 =A0DEBUG_CALL("arp_table_search"); >> 72 =A0 =A0 =A0 =A0 =A0DEBUG_ARG("ip =3D 0x%x", ip_addr); >> 73 >> 74 =A0 =A0 =A0 =A0 =A0/* Check 0.0.0.0/8 invalid source-only addresses *= / >> 75 =A0 =A0 =A0 =A0 =A0assert((ip_addr & htonl(~(0xf << 28))) !=3D 0); >> 76 >> 77 =A0 =A0 =A0 =A0 =A0/* If broadcast address */ >> 78 =A0 =A0 =A0 =A0 =A0if (ip_addr =3D=3D 0xffffffff || ip_addr =3D=3D br= oadcast_addr) { >> 79 =A0 =A0 =A0 =A0 =A0 =A0 =A0/* return Ethernet broadcast address */ >> (gdb) break arp_table.c:75 >> Breakpoint 1 at 0x4b7ee1: file slirp/arp_table.c, line 75. >> (gdb) r >> Starting program: >> C:\msys\home\User\qemu/i386-softmmu\qemu-system-i386.exe -hda >> i386-softmmu\\xp.vmdk -soundhw sb16 -m 320 -localtime -usb -usbdevice >> tablet -net user -net nic,model=3Dne2k_pci -L pc-bios >> [New Thread 8744.0x313c] >> [New Thread 8744.0x3098] >> [New Thread 8744.0x2108] >> [New Thread 8744.0x2c4c] >> [New Thread 8744.0x365c] >> sb16: warning: command 0xf,1 is not truly understood yet >> sb16: warning: command 0xe,2 is not truly understood yet >> [Switching to Thread 8744.0x2108] >> >> Breakpoint 1, arp_table_search (slirp=3D0x19f7380, ip_addr=3D4294967295, >> =A0 =A0 out_ethaddr=3D0x20af64a "\311\001") at slirp/arp_table.c:75 >> 75 =A0 =A0 =A0 =A0 =A0assert((ip_addr & htonl(~(0xf << 28))) !=3D 0); >> (gdb) c >> Continuing. >> [New Thread 8744.0x36d4] >> [Switching to Thread 8744.0x313c] >> >> Breakpoint 1, arp_table_search (slirp=3D0x19f7380, ip_addr=3D0, >> =A0 =A0 out_ethaddr=3D0x22f642 "\"") at slirp/arp_table.c:75 >> 75 =A0 =A0 =A0 =A0 =A0assert((ip_addr & htonl(~(0xf << 28))) !=3D 0); >> (gdb) bt >> #0 =A0arp_table_search (slirp=3D0x19f7380, ip_addr=3D0, out_ethaddr=3D0x= 22f642 "\"") >> =A0 =A0 at slirp/arp_table.c:75 >> #1 =A00x004bafbd in if_encap (slirp=3D0x19f7488, ifm=3D0x1caf5a8) >> =A0 =A0 at slirp/slirp.c:709 >> #2 =A00x004b8a73 in if_start (slirp=3D0x19f7380) at slirp/if.c:210 >> #3 =A00x004b9c9e in ip_output (so=3D0x1caf5a8, m0=3D0x0) at slirp/ip_out= put.c:84 >> #4 =A00x004bf737 in tcp_output (tp=3D0x21f57d0) at slirp/tcp_output.c:45= 6 >> #5 =A00x004c09ad in tcp_drop (tp=3D0x21f57d0, err=3D0) at slirp/tcp_subr= .c:225 >> #6 =A00x004c1182 in tcp_timers (timer=3D, tp=3D) >> =A0 =A0 at slirp/tcp_timer.c:287 >> #7 =A0tcp_slowtimo (slirp=3D0x0) at slirp/tcp_timer.c:88 >> #8 =A00x004bb6f1 in slirp_select_poll (readfds=3D0x22fae0, writefds=3D0x= 22f9dc, >> =A0 =A0 xfds=3D0x22f8d8, select_error=3D2291816) at slirp/slirp.c:433 >> #9 =A00x0048fb87 in main_loop_wait (nonblocking=3D0) >> =A0 =A0 at C:/msys/home/User/qemu/vl.c:1436 >> #10 0x00490d10 in main_loop () at C:/msys/home/User/qemu/vl.c:1466 >> #11 qemu_main (argc=3D0, argv=3D0x19f5100, envp=3D0x0) >> =A0 =A0 at C:/msys/home/User/qemu/vl.c:3453 >> #12 0x0049322d in SDL_main (argc=3D17, argv=3D0x19f5100) >> =A0 =A0 at C:/msys/home/User/qemu/vl.c:102 >> #13 0x005eb784 in console_main () >> #14 0x005eb844 in WinMain@16 () >> #15 0x005eb068 in main () >> (gdb) c >> Continuing. >> Assertion failed: (ip_addr & htonl(~(0xf << 28))) !=3D 0, file slirp/arp= _table.c, >> line 75 >> >> This application has requested the Runtime to terminate it in an unusual= way. >> Please contact the application's support team for more information. >> [Inferior 1 (process 8744) exited with code 03] >> (gdb) > > I suspect a half-baked TCP socket times out, and slirp tries to > terminate this socket by sending a FIN to an invalid client IP. Pending > bug that now surfaced thanks to the assertion. > > To confirm this, you could check the state of the socket, specifically > the tcpip header template. > Please explain this in detail for doing it in Win32 environment. Is there a DEBUG #define that can debug slirp? > Obviously, this triggers early in the boot, right? Maybe you could debug > the lifecycle of the affected socket? > No. The guest XP SP3 goes into the desktop, waits for the automatic update tray icon appear and start to download updates(almost 5~6 minutes), then QEMU assertion fails. > Thanks, > Jan > >