From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:52372)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <b.candler@pobox.com>) id 1c5UhG-0007S5-Jg
	for qemu-devel@nongnu.org; Sat, 12 Nov 2016 04:34:03 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <b.candler@pobox.com>) id 1c5UhB-0007rH-OZ
	for qemu-devel@nongnu.org; Sat, 12 Nov 2016 04:34:02 -0500
Received: from pb-smtp2.pobox.com ([64.147.108.71]:54903
	helo=sasl.smtp.pobox.com)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <b.candler@pobox.com>) id 1c5UhB-0007rA-KM
	for qemu-devel@nongnu.org; Sat, 12 Nov 2016 04:33:57 -0500
References: <20161104111419.GG9817@stefanha-x1.localdomain>
	<20161106180401.GE27308@var.home>
	<e003d356-924b-3847-40a3-514d9ff1b787@pobox.com>
	<20161107104245.GC5036@stefanha-x1.localdomain>
	<466003bb-a2c4-bb9b-7b0b-7b2d6dcb16d7@pobox.com>
	<20161109112724.GC4682@stefanha-x1.localdomain>
	<b8a33819-5fc2-02f5-ec9b-b085a42671f2@pobox.com>
	<02eee090-b017-dd4e-e63c-814d3d7beb72@pobox.com>
	<20161111161705.GE2417@var.home>
	<d0abe16e-4a34-50b5-8298-eb798276b602@pobox.com>
	<20161111220911.GC2417@var.home>
From: Brian Candler <b.candler@pobox.com>
Message-ID: <07abcfd1-cff0-015d-90fb-f992b7328547@pobox.com>
Date: Sat, 12 Nov 2016 09:33:55 +0000
MIME-Version: 1.0
In-Reply-To: <20161111220911.GC2417@var.home>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] Crashing in tcp_close
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Samuel Thibault <samuel.thibault@gnu.org>
Cc: Stefan Hajnoczi <stefanha@gmail.com>, qemu-devel@nongnu.org, Jan Kiszka <jan.kiszka@siemens.com>

On 11/11/2016 22:09, Samuel Thibault wrote:
> Ooh, I see.  Now it's obvious, now that it's not coming from the tcb
> loop:)  Could you try the attached patch?

It looks like it now goes into an infinite loop when a connection is 
closed. Packer output stopped here:

...

2016/11/12 09:29:04 ui:     qemu: Get:33 
http://us.archive.ubuntu.com/ubuntu xenial-backports/universe i386 
Packages [2,212 B]
     qemu: Get:33 http://us.archive.ubuntu.com/ubuntu 
xenial-backports/universe i386 Packages [2,212 B]
2016/11/12 09:29:04 ui:     qemu: Get:34 
http://us.archive.ubuntu.com/ubuntu xenial-backports/universe 
Translation-en [1,144 B]
     qemu: Get:34 http://us.archive.ubuntu.com/ubuntu 
xenial-backports/universe Translation-en [1,144 B]

top shows:

  4828 nsrc      20   0 4688860 796236   9136 R 100.0  2.4 0:30.16 
qemu-system-x86

strace doesn't show anything:

# strace -p 4828
strace: Process 4828 attached
strace: [ Process PID=4828 runs in x32 mode. ]

So I sent a SIGABRT, here is the backtrace:

Core was generated by `/usr/local/bin/qemu-system-x86_64 -m 4G -drive 
if=none,file=output-qemu-vtp-nmm'.
Program terminated with signal SIGABRT, Aborted.
#0  sofree (so=so@entry=0x564b181fc940) at 
/home/nsrc/qemu-2.7.0/slirp/socket.c:74
74        if (ifm->ifq_so == so) {
[Current thread is 1 (Thread 0x7f9308610a80 (LWP 4828))]
(gdb) bt
#0  sofree (so=so@entry=0x564b181fc940) at 
/home/nsrc/qemu-2.7.0/slirp/socket.c:74
#1  0x0000564b14d8428f in tcp_close (tp=tp@entry=0x564b16287590)
     at /home/nsrc/qemu-2.7.0/slirp/tcp_subr.c:334
#2  0x0000564b14d82dc8 in tcp_input (m=0x564b182d9000, iphlen=<optimised 
out>, inso=inso@entry=0x0,
     af=af@entry=2) at /home/nsrc/qemu-2.7.0/slirp/tcp_input.c:1201
#3  0x0000564b14d7bc2b in ip_input (m=<optimised out>, 
m@entry=0x564b182d9000)
     at /home/nsrc/qemu-2.7.0/slirp/ip_input.c:206
#4  0x0000564b14d7e440 in slirp_input (slirp=<optimised out>, 
pkt=0x7f92ba4fc412 "RU\n",
     pkt_len=pkt_len@entry=54) at /home/nsrc/qemu-2.7.0/slirp/slirp.c:867
#5  0x0000564b14d73fc0 in net_slirp_receive (nc=<optimised out>, 
buf=<optimised out>, size=54)
     at /home/nsrc/qemu-2.7.0/net/slirp.c:118
#6  0x0000564b14d69b19 in nc_sendv_compat (flags=<optimised out>, 
iovcnt=<optimised out>,
     iov=0x7ffd6b417e00, nc=0x564b16293840) at 
/home/nsrc/qemu-2.7.0/net/net.c:701
#7  qemu_deliver_packet_iov (sender=<optimised out>, flags=<optimised 
out>, iov=0x7ffd6b417e00,
     iovcnt=<optimised out>, opaque=0x564b16293840) at 
/home/nsrc/qemu-2.7.0/net/net.c:728
#8  0x0000564b14d6c8db in qemu_net_queue_deliver_iov (iovcnt=1, 
iov=0x7ffd6b417e00, flags=0,
     sender=0x564b17db26d0, queue=0x564b16293290) at 
/home/nsrc/qemu-2.7.0/net/queue.c:179
#9  qemu_net_queue_send_iov (queue=0x564b16293290, 
sender=0x564b17db26d0, flags=flags@entry=0,
     iov=iov@entry=0x7ffd6b417e00, iovcnt=iovcnt@entry=1,
     sent_cb=sent_cb@entry=0x564b14b94690 <virtio_net_tx_complete>)
     at /home/nsrc/qemu-2.7.0/net/queue.c:224
#10 0x0000564b14d6a5f3 in qemu_sendv_packet_async (sender=<optimised out>,
     iov=iov@entry=0x7ffd6b417e00, iovcnt=iovcnt@entry=1,
     sent_cb=sent_cb@entry=0x564b14b94690 <virtio_net_tx_complete>)
     at /home/nsrc/qemu-2.7.0/net/net.c:764
#11 0x0000564b14b94429 in virtio_net_flush_tx (q=q@entry=0x564b17db2600)
     at /home/nsrc/qemu-2.7.0/hw/net/virtio-net.c:1282
#12 0x0000564b14b94625 in virtio_net_tx_bh (opaque=0x564b17db2600)
     at /home/nsrc/qemu-2.7.0/hw/net/virtio-net.c:1387
#13 0x0000564b14da951d in aio_bh_call (bh=<optimised out>) at 
/home/nsrc/qemu-2.7.0/async.c:67
#14 aio_bh_poll (ctx=ctx@entry=0x564b1627e060) at 
/home/nsrc/qemu-2.7.0/async.c:95
---Type <return> to continue, or q <return> to quit---
#15 0x0000564b14db3930 in aio_dispatch (ctx=0x564b1627e060) at 
/home/nsrc/qemu-2.7.0/aio-posix.c:308
#16 0x0000564b14da93de in aio_ctx_dispatch (source=<optimised out>, 
callback=<optimised out>,
     user_data=<optimised out>) at /home/nsrc/qemu-2.7.0/async.c:234
#17 0x00007f93079121a7 in g_main_context_dispatch () from 
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#18 0x0000564b14db220b in glib_pollfds_poll () at 
/home/nsrc/qemu-2.7.0/main-loop.c:213
#19 os_host_main_loop_wait (timeout=<optimised out>) at 
/home/nsrc/qemu-2.7.0/main-loop.c:258
#20 main_loop_wait (nonblocking=<optimised out>) at 
/home/nsrc/qemu-2.7.0/main-loop.c:506
#21 0x0000564b14b1d431 in main_loop () at /home/nsrc/qemu-2.7.0/vl.c:1908
#22 main (argc=<optimised out>, argv=<optimised out>, envp=<optimised out>)
     at /home/nsrc/qemu-2.7.0/vl.c:4604
(gdb)

Regards,

Brian.