From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:53526) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1R4AWv-0002Nc-IA for qemu-devel@nongnu.org; Thu, 15 Sep 2011 07:55:02 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1R4AWt-0008RD-KY for qemu-devel@nongnu.org; Thu, 15 Sep 2011 07:54:57 -0400 Received: from fmmailgate02.web.de ([217.72.192.227]:56841) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1R4AWt-0008R6-3C for qemu-devel@nongnu.org; Thu, 15 Sep 2011 07:54:55 -0400 Message-ID: <4E71E784.9010209@web.de> Date: Thu, 15 Sep 2011 13:54:44 +0200 From: Jan Kiszka MIME-Version: 1.0 References: <20110811164621.32220.49907.malonedeb@chaenomeles.canonical.com> <4E719C36.8030903@web.de> <4E71D72F.1020401@web.de> In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigBE2ADB8E8862F72FADE7CBEA" Sender: jan.kiszka@web.de Subject: Re: [Qemu-devel] [Bug 824650] [NEW] Latest GIT assert error in arp_table.c List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Roy Tam Cc: Bug 824650 <824650@bugs.launchpad.net>, qemu-devel@nongnu.org This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigBE2ADB8E8862F72FADE7CBEA Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 2011-09-15 12:53, Roy Tam wrote: > 2011/9/15 Jan Kiszka : >> On 2011-09-15 09:38, Roy Tam wrote: >>> 2011/9/15 Jan Kiszka : >>>> On 2011-09-15 06:11, Roy Tam wrote: >>>>> 2011/8/12 Nigel Horne <824650@bugs.launchpad.net>: >>>>>> Public bug reported: >>>>>> >>>>>> The latest git version of qemu (commit >>>>>> 8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minu= tes. >>>>>> All was fine up to a few days ago. This is wth both x86 and sparc= >>>>>> emulation, on an x86_64 host. >>>>>> >>>>>> e.g. qemu-system-sparc -drive >>>>>> file=3Dnetbsd5.0.2-sparc,index=3D0,media=3Ddisk,cache=3Dunsafe -m = 256 -boot c >>>>>> -nographic -redir tcp:2232::22: >>>>>> >>>>>> qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assert= ion >>>>>> `(ip_addr & (__extension__ ({ register unsigned int __v, __x =3D (= ~(0xf << >>>>>> 28)); if (__builtin_constant_p (__x)) __v =3D ((((__x) & 0xff00000= 0) >> >>>>>> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) | >>>>>> (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=3Dr" (= __v) : >>>>>> "0" (__x)); __v; }))) !=3D 0' failed. >>>>>> >>>>>> ** Affects: qemu >>>>>> Importance: Undecided >>>>>> Status: New >>>>>> >>>>>> -- >>>>>> You received this bug notification because you are a member of qem= u- >>>>>> devel-ml, which is subscribed to QEMU. >>>>>> https://bugs.launchpad.net/bugs/824650 >>>>>> >>>>>> Title: >>>>>> Latest GIT assert error in arp_table.c >>>>>> >>>>>> Status in QEMU: >>>>>> New >>>>>> >>>>>> Bug description: >>>>>> The latest git version of qemu (commit >>>>>> 8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few min= utes. >>>>>> All was fine up to a few days ago. This is wth both x86 and spar= c >>>>>> emulation, on an x86_64 host. >>>>>> >>>>>> e.g. qemu-system-sparc -drive >>>>>> file=3Dnetbsd5.0.2-sparc,index=3D0,media=3Ddisk,cache=3Dunsafe -m= 256 -boot c >>>>>> -nographic -redir tcp:2232::22: >>>>>> >>>>>> qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Asser= tion >>>>>> `(ip_addr & (__extension__ ({ register unsigned int __v, __x =3D = (~(0xf >>>>>> << 28)); if (__builtin_constant_p (__x)) __v =3D ((((__x) & 0xff0= 00000) >>>>>> >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8= ) | >>>>>> (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=3Dr" = (__v) : >>>>>> "0" (__x)); __v; }))) !=3D 0' failed. >>>>>> >>>>>> To manage notifications about this bug go to: >>>>>> https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions >>>>>> >>>>>> >>>>> >>>>> I'm hitting same assertion too. >>>>> >>>>> Assertion failed: (ip_addr & htonl(~(0xf << 28))) !=3D 0, file >>>>> slirp/arp_table.c, line 75 >>>>> >>>>> Environment: Win XP SP3 host, MinGW gcc 4.3.3-tdm-1 >>>>> Build: qemu.git rev 44520db10b1b92f272348ab7028e7afc68ac3edf >>>>> CommandLine: qemu -hda e:\xp.vmdk -soundhw sb16 -m 320 -localtime -= usb >>>>> -usbdevice tablet -net user -net nic,model=3Dne2k_pci -drive >>>>> if=3Dnone,id=3Dusbstick,file=3De:\4m.img -device >>>>> usb-storage,bus=3Dusb.0,drive=3Dusbstick >>>> >>>> Same request here: Please try to catch a bit more context (backtrace= , >>>> variable states etc.) via gdb. Or if you have a way to reproduce the= >>>> issue, let me know the details. >>>> >>>> Thanks, >>>> Jan >>>> >>>> >>> >>> Hope it helps. >>> >>> C:\msys\home\User\qemu>gdb --args i386-softmmu\qemu-system-i386.exe >>> -hda i386-softmmu\xp.vmdk -soundhw sb16 -m 320 -localtime -usb >>> -usbdevice tablet -net user -net nic,model=3Dne2k_pci -L pc-bios >>> GNU gdb (GDB) 7.3 >>> Copyright (C) 2011 Free Software Foundation, Inc. >>> License GPLv3+: GNU GPL version 3 or later >>> This is free software: you are free to change and redistribute it. >>> There is NO WARRANTY, to the extent permitted by law. Type "show cop= ying" >>> and "show warranty" for details. >>> This GDB was configured as "mingw32". >>> For bug reporting instructions, please see: >>> ... >>> Reading symbols from C:\msys\home\User\qemu/i386-softmmu\qemu-system-= i386.exe... >>> done. >>> (gdb) list:arp_table.c:75 >>> No source file named . >>> (gdb) list arp_table.c:75 >>> 70 >>> 71 DEBUG_CALL("arp_table_search"); >>> 72 DEBUG_ARG("ip =3D 0x%x", ip_addr); >>> 73 >>> 74 /* Check 0.0.0.0/8 invalid source-only addresses */ >>> 75 assert((ip_addr & htonl(~(0xf << 28))) !=3D 0); >>> 76 >>> 77 /* If broadcast address */ >>> 78 if (ip_addr =3D=3D 0xffffffff || ip_addr =3D=3D broadcast= _addr) { >>> 79 /* return Ethernet broadcast address */ >>> (gdb) break arp_table.c:75 >>> Breakpoint 1 at 0x4b7ee1: file slirp/arp_table.c, line 75. >>> (gdb) r >>> Starting program: >>> C:\msys\home\User\qemu/i386-softmmu\qemu-system-i386.exe -hda >>> i386-softmmu\\xp.vmdk -soundhw sb16 -m 320 -localtime -usb -usbdevice= >>> tablet -net user -net nic,model=3Dne2k_pci -L pc-bios >>> [New Thread 8744.0x313c] >>> [New Thread 8744.0x3098] >>> [New Thread 8744.0x2108] >>> [New Thread 8744.0x2c4c] >>> [New Thread 8744.0x365c] >>> sb16: warning: command 0xf,1 is not truly understood yet >>> sb16: warning: command 0xe,2 is not truly understood yet >>> [Switching to Thread 8744.0x2108] >>> >>> Breakpoint 1, arp_table_search (slirp=3D0x19f7380, ip_addr=3D42949672= 95, >>> out_ethaddr=3D0x20af64a "\311\001") at slirp/arp_table.c:75 >>> 75 assert((ip_addr & htonl(~(0xf << 28))) !=3D 0); >>> (gdb) c >>> Continuing. >>> [New Thread 8744.0x36d4] >>> [Switching to Thread 8744.0x313c] >>> >>> Breakpoint 1, arp_table_search (slirp=3D0x19f7380, ip_addr=3D0, >>> out_ethaddr=3D0x22f642 "\"") at slirp/arp_table.c:75 >>> 75 assert((ip_addr & htonl(~(0xf << 28))) !=3D 0); >>> (gdb) bt >>> #0 arp_table_search (slirp=3D0x19f7380, ip_addr=3D0, out_ethaddr=3D0= x22f642 "\"") >>> at slirp/arp_table.c:75 >>> #1 0x004bafbd in if_encap (slirp=3D0x19f7488, ifm=3D0x1caf5a8) >>> at slirp/slirp.c:709 >>> #2 0x004b8a73 in if_start (slirp=3D0x19f7380) at slirp/if.c:210 >>> #3 0x004b9c9e in ip_output (so=3D0x1caf5a8, m0=3D0x0) at slirp/ip_ou= tput.c:84 >>> #4 0x004bf737 in tcp_output (tp=3D0x21f57d0) at slirp/tcp_output.c:4= 56 >>> #5 0x004c09ad in tcp_drop (tp=3D0x21f57d0, err=3D0) at slirp/tcp_sub= r.c:225 >>> #6 0x004c1182 in tcp_timers (timer=3D, tp=3D) >>> at slirp/tcp_timer.c:287 >>> #7 tcp_slowtimo (slirp=3D0x0) at slirp/tcp_timer.c:88 >>> #8 0x004bb6f1 in slirp_select_poll (readfds=3D0x22fae0, writefds=3D0= x22f9dc, >>> xfds=3D0x22f8d8, select_error=3D2291816) at slirp/slirp.c:433 >>> #9 0x0048fb87 in main_loop_wait (nonblocking=3D0) >>> at C:/msys/home/User/qemu/vl.c:1436 >>> #10 0x00490d10 in main_loop () at C:/msys/home/User/qemu/vl.c:1466 >>> #11 qemu_main (argc=3D0, argv=3D0x19f5100, envp=3D0x0) >>> at C:/msys/home/User/qemu/vl.c:3453 >>> #12 0x0049322d in SDL_main (argc=3D17, argv=3D0x19f5100) >>> at C:/msys/home/User/qemu/vl.c:102 >>> #13 0x005eb784 in console_main () >>> #14 0x005eb844 in WinMain@16 () >>> #15 0x005eb068 in main () >>> (gdb) c >>> Continuing. >>> Assertion failed: (ip_addr & htonl(~(0xf << 28))) !=3D 0, file slirp/= arp_table.c, >>> line 75 >>> >>> This application has requested the Runtime to terminate it in an unus= ual way. >>> Please contact the application's support team for more information. >>> [Inferior 1 (process 8744) exited with code 03] >>> (gdb) >> >> I suspect a half-baked TCP socket times out, and slirp tries to >> terminate this socket by sending a FIN to an invalid client IP. Pendin= g >> bug that now surfaced thanks to the assertion. >> >> To confirm this, you could check the state of the socket, specifically= >> the tcpip header template. >> >=20 > Please explain this in detail for doing it in Win32 environment. Is > there a DEBUG #define that can debug slirp? After hitting the assert with gdb, go to frame 4 and print *tp. Interesting is the content of t_template. >=20 >> Obviously, this triggers early in the boot, right? Maybe you could deb= ug >> the lifecycle of the affected socket? >> >=20 > No. The guest XP SP3 goes into the desktop, waits for the automatic > update tray icon appear and start to download updates(almost 5~6 > minutes), then QEMU assertion fails. Too bad... Jan --------------enigBE2ADB8E8862F72FADE7CBEA Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5x54sACgkQitSsb3rl5xR6WACfVBF01hrJpR4b8/ZPLsmiB3CZ LpkAnjeEXUr2+L1KJPY8sf5z1m6hGNR/ =iBuj -----END PGP SIGNATURE----- --------------enigBE2ADB8E8862F72FADE7CBEA--