On 2011-09-15 09:38, Roy Tam wrote: > 2011/9/15 Jan Kiszka <jan.kis...@web.de>: >> On 2011-09-15 06:11, Roy Tam wrote: >>> 2011/8/12 Nigel Horne <824...@bugs.launchpad.net>: >>>> Public bug reported: >>>> >>>> The latest git version of qemu (commit >>>> 8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes. >>>> All was fine up to a few days ago. This is wth both x86 and sparc >>>> emulation, on an x86_64 host. >>>> >>>> e.g. qemu-system-sparc -drive >>>> file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c >>>> -nographic -redir tcp:2232::22: >>>> >>>> qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion >>>> `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf << >>>> 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000) >> >>>> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) | >>>> (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) : >>>> "0" (__x)); __v; }))) != 0' failed. >>>> >>>> ** Affects: qemu >>>> Importance: Undecided >>>> Status: New >>>> >>>> -- >>>> You received this bug notification because you are a member of qemu- >>>> devel-ml, which is subscribed to QEMU. >>>> https://bugs.launchpad.net/bugs/824650 >>>> >>>> Title: >>>> Latest GIT assert error in arp_table.c >>>> >>>> Status in QEMU: >>>> New >>>> >>>> Bug description: >>>> The latest git version of qemu (commit >>>> 8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes. >>>> All was fine up to a few days ago. This is wth both x86 and sparc >>>> emulation, on an x86_64 host. >>>> >>>> e.g. qemu-system-sparc -drive >>>> file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c >>>> -nographic -redir tcp:2232::22: >>>> >>>> qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion >>>> `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf >>>> << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000) >>>> >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) | >>>> (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) : >>>> "0" (__x)); __v; }))) != 0' failed. >>>> >>>> To manage notifications about this bug go to: >>>> https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions >>>> >>>> >>> >>> I'm hitting same assertion too. >>> >>> Assertion failed: (ip_addr & htonl(~(0xf << 28))) != 0, file >>> slirp/arp_table.c, line 75 >>> >>> Environment: Win XP SP3 host, MinGW gcc 4.3.3-tdm-1 >>> Build: qemu.git rev 44520db10b1b92f272348ab7028e7afc68ac3edf >>> CommandLine: qemu -hda e:\xp.vmdk -soundhw sb16 -m 320 -localtime -usb >>> -usbdevice tablet -net user -net nic,model=ne2k_pci -drive >>> if=none,id=usbstick,file=e:\4m.img -device >>> usb-storage,bus=usb.0,drive=usbstick >> >> Same request here: Please try to catch a bit more context (backtrace, >> variable states etc.) via gdb. Or if you have a way to reproduce the >> issue, let me know the details. >> >> Thanks, >> Jan >> >> > > Hope it helps. > > C:\msys\home\User\qemu>gdb --args i386-softmmu\qemu-system-i386.exe > -hda i386-softmmu\xp.vmdk -soundhw sb16 -m 320 -localtime -usb > -usbdevice tablet -net user -net nic,model=ne2k_pci -L pc-bios > GNU gdb (GDB) 7.3 > Copyright (C) 2011 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. Type "show copying" > and "show warranty" for details. > This GDB was configured as "mingw32". > For bug reporting instructions, please see: > <http://www.gnu.org/software/gdb/bugs/>... > Reading symbols from > C:\msys\home\User\qemu/i386-softmmu\qemu-system-i386.exe... > done. > (gdb) list:arp_table.c:75 > No source file named . > (gdb) list arp_table.c:75 > 70 > 71 DEBUG_CALL("arp_table_search"); > 72 DEBUG_ARG("ip = 0x%x", ip_addr); > 73 > 74 /* Check 0.0.0.0/8 invalid source-only addresses */ > 75 assert((ip_addr & htonl(~(0xf << 28))) != 0); > 76 > 77 /* If broadcast address */ > 78 if (ip_addr == 0xffffffff || ip_addr == broadcast_addr) { > 79 /* return Ethernet broadcast address */ > (gdb) break arp_table.c:75 > Breakpoint 1 at 0x4b7ee1: file slirp/arp_table.c, line 75. > (gdb) r > Starting program: > C:\msys\home\User\qemu/i386-softmmu\qemu-system-i386.exe -hda > i386-softmmu\\xp.vmdk -soundhw sb16 -m 320 -localtime -usb -usbdevice > tablet -net user -net nic,model=ne2k_pci -L pc-bios > [New Thread 8744.0x313c] > [New Thread 8744.0x3098] > [New Thread 8744.0x2108] > [New Thread 8744.0x2c4c] > [New Thread 8744.0x365c] > sb16: warning: command 0xf,1 is not truly understood yet > sb16: warning: command 0xe,2 is not truly understood yet > [Switching to Thread 8744.0x2108] > > Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=4294967295, > out_ethaddr=0x20af64a "\311\001") at slirp/arp_table.c:75 > 75 assert((ip_addr & htonl(~(0xf << 28))) != 0); > (gdb) c > Continuing. > [New Thread 8744.0x36d4] > [Switching to Thread 8744.0x313c] > > Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=0, > out_ethaddr=0x22f642 "\"") at slirp/arp_table.c:75 > 75 assert((ip_addr & htonl(~(0xf << 28))) != 0); > (gdb) bt > #0 arp_table_search (slirp=0x19f7380, ip_addr=0, out_ethaddr=0x22f642 "\"") > at slirp/arp_table.c:75 > #1 0x004bafbd in if_encap (slirp=0x19f7488, ifm=0x1caf5a8) > at slirp/slirp.c:709 > #2 0x004b8a73 in if_start (slirp=0x19f7380) at slirp/if.c:210 > #3 0x004b9c9e in ip_output (so=0x1caf5a8, m0=0x0) at slirp/ip_output.c:84 > #4 0x004bf737 in tcp_output (tp=0x21f57d0) at slirp/tcp_output.c:456 > #5 0x004c09ad in tcp_drop (tp=0x21f57d0, err=0) at slirp/tcp_subr.c:225 > #6 0x004c1182 in tcp_timers (timer=<optimized out>, tp=<optimized out>) > at slirp/tcp_timer.c:287 > #7 tcp_slowtimo (slirp=0x0) at slirp/tcp_timer.c:88 > #8 0x004bb6f1 in slirp_select_poll (readfds=0x22fae0, writefds=0x22f9dc, > xfds=0x22f8d8, select_error=2291816) at slirp/slirp.c:433 > #9 0x0048fb87 in main_loop_wait (nonblocking=0) > at C:/msys/home/User/qemu/vl.c:1436 > #10 0x00490d10 in main_loop () at C:/msys/home/User/qemu/vl.c:1466 > #11 qemu_main (argc=0, argv=0x19f5100, envp=0x0) > at C:/msys/home/User/qemu/vl.c:3453 > #12 0x0049322d in SDL_main (argc=17, argv=0x19f5100) > at C:/msys/home/User/qemu/vl.c:102 > #13 0x005eb784 in console_main () > #14 0x005eb844 in WinMain@16 () > #15 0x005eb068 in main () > (gdb) c > Continuing. > Assertion failed: (ip_addr & htonl(~(0xf << 28))) != 0, file > slirp/arp_table.c, > line 75 > > This application has requested the Runtime to terminate it in an unusual way. > Please contact the application's support team for more information. > [Inferior 1 (process 8744) exited with code 03] > (gdb)
I suspect a half-baked TCP socket times out, and slirp tries to terminate this socket by sending a FIN to an invalid client IP. Pending bug that now surfaced thanks to the assertion. To confirm this, you could check the state of the socket, specifically the tcpip header template. Obviously, this triggers early in the boot, right? Maybe you could debug the lifecycle of the affected socket? Thanks, Jan
signature.asc
Description: OpenPGP digital signature