Re: [Qemu-devel] Crashing in tcp_close

Sat, 12 Nov 2016 01:35:48 -0800 

On 11/11/2016 22:09, Samuel Thibault wrote:

Ooh, I see.  Now it's obvious, now that it's not coming from the tcb
loop:)  Could you try the attached patch?



It looks like it now goes into an infinite loop when a connection is 
closed. Packer output stopped here:


...


2016/11/12 09:29:04 ui:     qemu: Get:33 
http://us.archive.ubuntu.com/ubuntu xenial-backports/universe i386 
Packages [2,212 B]
    qemu: Get:33 http://us.archive.ubuntu.com/ubuntu 
xenial-backports/universe i386 Packages [2,212 B]
2016/11/12 09:29:04 ui:     qemu: Get:34 
http://us.archive.ubuntu.com/ubuntu xenial-backports/universe 
Translation-en [1,144 B]
    qemu: Get:34 http://us.archive.ubuntu.com/ubuntu 
xenial-backports/universe Translation-en [1,144 B]


top shows:


 4828 nsrc      20   0 4688860 796236   9136 R 100.0  2.4 0:30.16 
qemu-system-x86


strace doesn't show anything:

# strace -p 4828
strace: Process 4828 attached
strace: [ Process PID=4828 runs in x32 mode. ]

So I sent a SIGABRT, here is the backtrace:


Core was generated by `/usr/local/bin/qemu-system-x86_64 -m 4G -drive 
if=none,file=output-qemu-vtp-nmm'.

Program terminated with signal SIGABRT, Aborted.

#0  sofree (so=so@entry=0x564b181fc940) at 
/home/nsrc/qemu-2.7.0/slirp/socket.c:74

74        if (ifm->ifq_so == so) {
[Current thread is 1 (Thread 0x7f9308610a80 (LWP 4828))]
(gdb) bt

#0  sofree (so=so@entry=0x564b181fc940) at 
/home/nsrc/qemu-2.7.0/slirp/socket.c:74

#1  0x0000564b14d8428f in tcp_close (tp=tp@entry=0x564b16287590)
    at /home/nsrc/qemu-2.7.0/slirp/tcp_subr.c:334

#2  0x0000564b14d82dc8 in tcp_input (m=0x564b182d9000, iphlen=<optimised 
out>, inso=inso@entry=0x0,

    af=af@entry=2) at /home/nsrc/qemu-2.7.0/slirp/tcp_input.c:1201

#3  0x0000564b14d7bc2b in ip_input (m=<optimised out>, 
m@entry=0x564b182d9000)

    at /home/nsrc/qemu-2.7.0/slirp/ip_input.c:206

#4  0x0000564b14d7e440 in slirp_input (slirp=<optimised out>, 
pkt=0x7f92ba4fc412 "RU\n",

    pkt_len=pkt_len@entry=54) at /home/nsrc/qemu-2.7.0/slirp/slirp.c:867

#5  0x0000564b14d73fc0 in net_slirp_receive (nc=<optimised out>, 
buf=<optimised out>, size=54)

    at /home/nsrc/qemu-2.7.0/net/slirp.c:118

#6  0x0000564b14d69b19 in nc_sendv_compat (flags=<optimised out>, 
iovcnt=<optimised out>,
    iov=0x7ffd6b417e00, nc=0x564b16293840) at 
/home/nsrc/qemu-2.7.0/net/net.c:701
#7  qemu_deliver_packet_iov (sender=<optimised out>, flags=<optimised 
out>, iov=0x7ffd6b417e00,
    iovcnt=<optimised out>, opaque=0x564b16293840) at 
/home/nsrc/qemu-2.7.0/net/net.c:728
#8  0x0000564b14d6c8db in qemu_net_queue_deliver_iov (iovcnt=1, 
iov=0x7ffd6b417e00, flags=0,
    sender=0x564b17db26d0, queue=0x564b16293290) at 
/home/nsrc/qemu-2.7.0/net/queue.c:179
#9  qemu_net_queue_send_iov (queue=0x564b16293290, 
sender=0x564b17db26d0, flags=flags@entry=0,

    iov=iov@entry=0x7ffd6b417e00, iovcnt=iovcnt@entry=1,
    sent_cb=sent_cb@entry=0x564b14b94690 <virtio_net_tx_complete>)
    at /home/nsrc/qemu-2.7.0/net/queue.c:224
#10 0x0000564b14d6a5f3 in qemu_sendv_packet_async (sender=<optimised out>,
    iov=iov@entry=0x7ffd6b417e00, iovcnt=iovcnt@entry=1,
    sent_cb=sent_cb@entry=0x564b14b94690 <virtio_net_tx_complete>)
    at /home/nsrc/qemu-2.7.0/net/net.c:764
#11 0x0000564b14b94429 in virtio_net_flush_tx (q=q@entry=0x564b17db2600)
    at /home/nsrc/qemu-2.7.0/hw/net/virtio-net.c:1282
#12 0x0000564b14b94625 in virtio_net_tx_bh (opaque=0x564b17db2600)
    at /home/nsrc/qemu-2.7.0/hw/net/virtio-net.c:1387

#13 0x0000564b14da951d in aio_bh_call (bh=<optimised out>) at 
/home/nsrc/qemu-2.7.0/async.c:67
#14 aio_bh_poll (ctx=ctx@entry=0x564b1627e060) at 
/home/nsrc/qemu-2.7.0/async.c:95

---Type <return> to continue, or q <return> to quit---

#15 0x0000564b14db3930 in aio_dispatch (ctx=0x564b1627e060) at 
/home/nsrc/qemu-2.7.0/aio-posix.c:308
#16 0x0000564b14da93de in aio_ctx_dispatch (source=<optimised out>, 
callback=<optimised out>,

    user_data=<optimised out>) at /home/nsrc/qemu-2.7.0/async.c:234

#17 0x00007f93079121a7 in g_main_context_dispatch () from 
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#18 0x0000564b14db220b in glib_pollfds_poll () at 
/home/nsrc/qemu-2.7.0/main-loop.c:213
#19 os_host_main_loop_wait (timeout=<optimised out>) at 
/home/nsrc/qemu-2.7.0/main-loop.c:258
#20 main_loop_wait (nonblocking=<optimised out>) at 
/home/nsrc/qemu-2.7.0/main-loop.c:506

#21 0x0000564b14b1d431 in main_loop () at /home/nsrc/qemu-2.7.0/vl.c:1908
#22 main (argc=<optimised out>, argv=<optimised out>, envp=<optimised out>)
    at /home/nsrc/qemu-2.7.0/vl.c:4604
(gdb)

Regards,

Brian.



























					Reply via email to