On Wed, May 18, 2016 at 01:54:24PM +0000, El-Haj-Mahmoud, Samer wrote: > Gary, > > The EDK2 list blocked the wireshark attachment. Can you put it on a share and > send a link please? We are trying to look at this internally as well. Hi Samer and Laszlo,
I've found the root cause. I'll send a patch later and Cc you guys. Thanks, Gary Lin > > Thanks, > --Samer > > -----Original Message----- > From: edk2-devel [mailto:[email protected]] On Behalf Of Gary > Lin > Sent: Tuesday, May 17, 2016 11:29 PM > To: [email protected] > Cc: Jiaxin Wu <[email protected]> > Subject: Re: [edk2] HTTP Boot crashed when downloading remote image > > On Thu, May 12, 2016 at 06:26:36PM +0800, Gary Lin wrote: > > Hi, > > > > I was testing HTTP Boot with the latest OMVF and found that it crashed > > when downloading the remote image from the http server. Here is my > > bisect result: > > > > commit b347a22aecbfac9aac47831fee9a30aa810d6d0b > > NetworkPkg: Avoid the indefinite wait case in HttpDxe > > > > Actually, it sometimes worked but was broken for the most of time. > > Reverting this patch makes HTTP Boot always work. > > > > It seems the IP4 driver tried to remove a mnp event, but the event > > list was empty so the assert was triggered. > > > Some findings: > > 1. OVMF could crash without b347a22ae in a slight different way. > Several "TcpInput: Discard a packet" showed without the assert. > > 2. Rx4Token->CompletionToken in HttpTcpReceiveBody() corrupted after > the timeout. I saved Rx4Token->CompletionToken.Event before the > loop of Tcp4->Poll() and set a assert like this: > > ASSERT(Rx4Token->CompletionToken.Event == event); > > right after "if (!Wrap->TcpWrap.IsRxDone)". The assert was raised > after the timeout. > > 3. I attached wireshark to the tap interface. The first few packets were > alright, and then the window size from ACK of OVMF decreased rapidly > and "TCP ZeroWindow" showed right before the crash. I added debug > message to HttpTcpReceiveNotify and found that the function wasn't > triggered for some reason when the packets arrived and so > Wrap->TcpWrap.IsRxDone was never set to TRUE. In the end, the socket > RCVD buffer was used up, and then the timeout event triggered. > > I'll keep digging for more information. > > Thanks, > > Gary Lin > > > The debug message: > > > > TcpToSendAck: scheduled a delayed ACK for TCB 3E2D2418 > > TcpToSendAck: scheduled a delayed ACK for TCB 3E2D2418 > > TcpInput: sequence acceptance test failed for segment of TCB 3E2D2418 > > TcpInput: Discard a packet > > TcpInput: sequence acceptance test failed for segment of TCB 3E2D2418 > > TcpInput: Discard a packet > > TcpInput: sequence acceptance test failed for segment of TCB 3E2D2418 > > TcpInput: Discard a packet > > TcpInput: sequence acceptance test failed for segment of TCB 3E2D2418 > > TcpInput: Discard a packet > > ASSERT /home/gary/git/edk2/MdePkg/Library/BaseLib/LinkedList.c(62): > > List->BackLink != ((void *) 0) > > > > The backtrace (I cut the trace before EfiBootManagerBoot to make it > > shorter): > > > > (gdb) bt > > #0 0x000000003ff7f702 in CpuDeadLoop () at > > /home/gary/git/edk2/MdePkg/Library/BaseLib/CpuDeadLoop.c:37 > > #1 0x000000003ff80a34 in DebugAssert ( > > FileName=0x3ff93b50 > > "/home/gary/git/edk2/MdePkg/Library/BaseLib/LinkedList.c", LineNumber=62, > > Description=0x3ff93bb0 "List->BackLink != ((void *) 0)") > > at > > /home/gary/git/edk2/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c: > > 153 > > #2 0x000000003ff7f7e3 in InternalBaseLibIsNodeInList (List=0x3e2c40a0, > > Node=0x3e2c40a0, > > VerifyNodeInList=0 '\000') at > > /home/gary/git/edk2/MdePkg/Library/BaseLib/LinkedList.c:62 > > #3 0x000000003ff7fc49 in IsListEmpty (ListHead=0x3e2c40a0) > > at /home/gary/git/edk2/MdePkg/Library/BaseLib/LinkedList.c:361 > > #4 0x000000003ff7fec5 in RemoveEntryList (Entry=0x3e2c40a0) > > at /home/gary/git/edk2/MdePkg/Library/BaseLib/LinkedList.c:545 > > #5 0x000000003ff7a5e5 in CoreCloseEvent (UserEvent=0x3e2c4018) > > at /home/gary/git/edk2/MdeModulePkg/Core/Dxe/Event/Event.c:752 > > #6 0x000000003e99a910 in Ip4FreeFrameRxToken (Token=0x3e2c4118) > > at > > /home/gary/git/edk2/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4If.c:380 > > #7 0x000000003e99bdfe in Ip4RecycleFrame (Context=0x3e2c4118) > > at > > /home/gary/git/edk2/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4If.c:1124 > > #8 0x000000003e9b26db in NetbufFreeVector (Vector=0x3e2c4798) > > at > > /home/gary/git/edk2/MdeModulePkg/Library/DxeNetLib/NetBuffer.c:176 > > #9 0x000000003e9b285e in NetbufFree (Nbuf=0x3e2c4698) > > at > > /home/gary/git/edk2/MdeModulePkg/Library/DxeNetLib/NetBuffer.c:220 > > #10 0x000000003e9a39b6 in Ip4OnRecyclePacket (Event=0x3e2c4198, > > Context=0x3e2c4398) > > at > > /home/gary/git/edk2/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Input.c:1 > > 146 > > #11 0x000000003ff79bd5 in CoreDispatchEventNotifies (Priority=16) > > at /home/gary/git/edk2/MdeModulePkg/Core/Dxe/Event/Event.c:200 > > #12 0x000000003ff79179 in CoreRestoreTpl (NewTpl=8) at > > /home/gary/git/edk2/MdeModulePkg/Core/Dxe/Event/Tpl.c:131 > > #13 0x000000003ff660e0 in CoreReleaseLock (Lock=0x3ff98990) > > at /home/gary/git/edk2/MdeModulePkg/Core/Dxe/Library/Library.c:102 > > #14 0x000000003ff7996b in CoreReleaseEventLock () at > > /home/gary/git/edk2/MdeModulePkg/Core/Dxe/Event/Event.c:119 > > #15 0x000000003ff7a32c in CoreSignalEvent (UserEvent=0x3e2c4198) > > at /home/gary/git/edk2/MdeModulePkg/Core/Dxe/Event/Event.c:572 > > #16 0x000000003e929c28 in IpIoExtFree (Event=0x3e2c4198) > > at > > /home/gary/git/edk2/MdeModulePkg/Library/DxeIpIoLib/DxeIpIoLib.c:596 > > #17 0x000000003e9307fb in NetbufFreeVector (Vector=0x3e2c4598) > > at > > /home/gary/git/edk2/MdeModulePkg/Library/DxeNetLib/NetBuffer.c:176 > > #18 0x000000003e93097e in NetbufFree (Nbuf=0x3e2c4498) > > at > > /home/gary/git/edk2/MdeModulePkg/Library/DxeNetLib/NetBuffer.c:220 > > #19 0x000000003e932551 in NetbufQueTrim (NbufQue=0x3e2d2698, Len=59695) > > at > > /home/gary/git/edk2/MdeModulePkg/Library/DxeNetLib/NetBuffer.c:1605 > > #20 0x000000003e923fcd in SockProcessRcvToken (Sock=0x3e2d1018, > > RcvToken=0x3e2aa098) > > at /home/gary/git/edk2/NetworkPkg/TcpDxe/SockImpl.c:346 > > #21 0x000000003e919f5f in SockRcv (Sock=0x3e2d1018, Token=0x3e2aa098) > > at /home/gary/git/edk2/NetworkPkg/TcpDxe/SockInterface.c:727 > > #22 0x000000003e91ef11 in Tcp4Receive (This=0x3e2d1138, Token=0x3e2aa098) > > at /home/gary/git/edk2/NetworkPkg/TcpDxe/TcpMain.c:440 > > #23 0x000000003e8636e2 in HttpTcpReceiveBody (Wrap=0x3e2aa018, > > HttpMsg=0x3ef7e0d0, Timeout=0x3e2c6218) > > at /home/gary/git/edk2/NetworkPkg/HttpDxe/HttpProto.c:1797 > > #24 0x000000003e85f86c in HttpResponseWorker (Wrap=0x3e2aa018) > > at /home/gary/git/edk2/NetworkPkg/HttpDxe/HttpImpl.c:1157 > > #25 0x000000003e85fd2e in EfiHttpResponse (This=0x3e2d12a0, > > Token=0x3ef7e0b8) > > at /home/gary/git/edk2/NetworkPkg/HttpDxe/HttpImpl.c:1323 > > #26 0x000000003e845578 in HttpIoRecvResponse (HttpIo=0x3ef7e050, > > RecvMsgHeader=0 '\000', ResponseData=0x3ff593b0) > > at > > /home/gary/git/edk2/NetworkPkg/HttpBootDxe/HttpBootSupport.c:921 > > #27 0x000000003e847bb3 in HttpBootGetBootFile (Private=0x3ef7e018, > > HeaderOnly=0 '\000', BufferSize=0x3ff59550, > > Buffer=0x3e16a018 "MZ\220", ImageType=0x3ff594b8) > > at > > /home/gary/git/edk2/NetworkPkg/HttpBootDxe/HttpBootClient.c:1006 > > #28 0x000000003e83ff69 in HttpBootLoadFile (Private=0x3ef7e018, > > BufferSize=0x3ff59550, Buffer=0x3e16a018, > > ImageType=0x3ff594b8) at > > /home/gary/git/edk2/NetworkPkg/HttpBootDxe/HttpBootImpl.c:304 > > #29 0x000000003e8404b2 in HttpBootDxeLoadFile (This=0x3ef7d030, > > FilePath=0x3ee1706e, BootPolicy=1 '\001', > > BufferSize=0x3ff59550, Buffer=0x3e16a018) at > > /home/gary/git/edk2/NetworkPkg/HttpBootDxe/HttpBootImpl.c:489 > > #30 0x000000003e2682b9 in BmGetFileBufferFromLoadFile > > (LoadFileHandle=0x3ef7d118, FilePath=0x3ee1706e, > > FullPath=0x3ff596c0, FileSize=0x3ff596a8) > > at > > /home/gary/git/edk2/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c:1 > > 320 > > #31 0x000000003e26859d in BmGetFileBufferFromLoadFiles > > (FilePath=0x3ee1706e, FullPath=0x3ff596c0, > > FileSize=0x3ff596a8) at > > /home/gary/git/edk2/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c:1 > > 412 > > #32 0x000000003e26899a in EfiBootManagerGetLoadOptionBuffer > > (FilePath=0x3ee17018, FullPath=0x3ff596c0, > > FileSize=0x3ff596a8) at > > /home/gary/git/edk2/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c:1 > > 529 > > #33 0x000000003e268ce2 in EfiBootManagerBoot (BootOption=0x3e2d6c50) > > at > > /home/gary/git/edk2/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c:1 > > 652 > > > > Cheers, > > > > Gary Lin > > _______________________________________________ > > edk2-devel mailing list > > [email protected] > > https://lists.01.org/mailman/listinfo/edk2-devel > > > _______________________________________________ > edk2-devel mailing list > [email protected] > https://lists.01.org/mailman/listinfo/edk2-devel > _______________________________________________ > edk2-devel mailing list > [email protected] > https://lists.01.org/mailman/listinfo/edk2-devel > _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
