On 2011-09-15 12:53, Roy Tam wrote:
> 2011/9/15 Jan Kiszka <jan.kis...@web.de>:
>> On 2011-09-15 09:38, Roy Tam wrote:
>>> 2011/9/15 Jan Kiszka <jan.kis...@web.de>:
>>>> On 2011-09-15 06:11, Roy Tam wrote:
>>>>> 2011/8/12 Nigel Horne <824...@bugs.launchpad.net>:
>>>>>> Public bug reported:
>>>>>>
>>>>>> The latest git version of qemu (commit
>>>>>> 8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
>>>>>> All was fine up to a few days ago. This is wth both x86 and sparc
>>>>>> emulation, on an x86_64 host.
>>>>>>
>>>>>> e.g. qemu-system-sparc -drive
>>>>>> file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
>>>>>> -nographic -redir tcp:2232::22:
>>>>>>
>>>>>> qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
>>>>>> `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf <<
>>>>>> 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000) >>
>>>>>> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
>>>>>> (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
>>>>>> "0" (__x)); __v; }))) != 0' failed.
>>>>>>
>>>>>> ** Affects: qemu
>>>>>> Importance: Undecided
>>>>>> Status: New
>>>>>>
>>>>>> --
>>>>>> You received this bug notification because you are a member of qemu-
>>>>>> devel-ml, which is subscribed to QEMU.
>>>>>> https://bugs.launchpad.net/bugs/824650
>>>>>>
>>>>>> Title:
>>>>>> Latest GIT assert error in arp_table.c
>>>>>>
>>>>>> Status in QEMU:
>>>>>> New
>>>>>>
>>>>>> Bug description:
>>>>>> The latest git version of qemu (commit
>>>>>> 8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
>>>>>> All was fine up to a few days ago. This is wth both x86 and sparc
>>>>>> emulation, on an x86_64 host.
>>>>>>
>>>>>> e.g. qemu-system-sparc -drive
>>>>>> file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
>>>>>> -nographic -redir tcp:2232::22:
>>>>>>
>>>>>> qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
>>>>>> `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf
>>>>>> << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000)
>>>>>> >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
>>>>>> (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
>>>>>> "0" (__x)); __v; }))) != 0' failed.
>>>>>>
>>>>>> To manage notifications about this bug go to:
>>>>>> https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions
>>>>>>
>>>>>>
>>>>>
>>>>> I'm hitting same assertion too.
>>>>>
>>>>> Assertion failed: (ip_addr & htonl(~(0xf << 28))) != 0, file
>>>>> slirp/arp_table.c, line 75
>>>>>
>>>>> Environment: Win XP SP3 host, MinGW gcc 4.3.3-tdm-1
>>>>> Build: qemu.git rev 44520db10b1b92f272348ab7028e7afc68ac3edf
>>>>> CommandLine: qemu -hda e:\xp.vmdk -soundhw sb16 -m 320 -localtime -usb
>>>>> -usbdevice tablet -net user -net nic,model=ne2k_pci -drive
>>>>> if=none,id=usbstick,file=e:\4m.img -device
>>>>> usb-storage,bus=usb.0,drive=usbstick
>>>>
>>>> Same request here: Please try to catch a bit more context (backtrace,
>>>> variable states etc.) via gdb. Or if you have a way to reproduce the
>>>> issue, let me know the details.
>>>>
>>>> Thanks,
>>>> Jan
>>>>
>>>>
>>>
>>> Hope it helps.
>>>
>>> C:\msys\home\User\qemu>gdb --args i386-softmmu\qemu-system-i386.exe
>>> -hda i386-softmmu\xp.vmdk -soundhw sb16 -m 320 -localtime -usb
>>> -usbdevice tablet -net user -net nic,model=ne2k_pci -L pc-bios
>>> GNU gdb (GDB) 7.3
>>> Copyright (C) 2011 Free Software Foundation, Inc.
>>> License GPLv3+: GNU GPL version 3 or later
>>> <http://gnu.org/licenses/gpl.html>
>>> This is free software: you are free to change and redistribute it.
>>> There is NO WARRANTY, to the extent permitted by law. Type "show copying"
>>> and "show warranty" for details.
>>> This GDB was configured as "mingw32".
>>> For bug reporting instructions, please see:
>>> <http://www.gnu.org/software/gdb/bugs/>...
>>> Reading symbols from
>>> C:\msys\home\User\qemu/i386-softmmu\qemu-system-i386.exe...
>>> done.
>>> (gdb) list:arp_table.c:75
>>> No source file named .
>>> (gdb) list arp_table.c:75
>>> 70
>>> 71 DEBUG_CALL("arp_table_search");
>>> 72 DEBUG_ARG("ip = 0x%x", ip_addr);
>>> 73
>>> 74 /* Check 0.0.0.0/8 invalid source-only addresses */
>>> 75 assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>> 76
>>> 77 /* If broadcast address */
>>> 78 if (ip_addr == 0xffffffff || ip_addr == broadcast_addr) {
>>> 79 /* return Ethernet broadcast address */
>>> (gdb) break arp_table.c:75
>>> Breakpoint 1 at 0x4b7ee1: file slirp/arp_table.c, line 75.
>>> (gdb) r
>>> Starting program:
>>> C:\msys\home\User\qemu/i386-softmmu\qemu-system-i386.exe -hda
>>> i386-softmmu\\xp.vmdk -soundhw sb16 -m 320 -localtime -usb -usbdevice
>>> tablet -net user -net nic,model=ne2k_pci -L pc-bios
>>> [New Thread 8744.0x313c]
>>> [New Thread 8744.0x3098]
>>> [New Thread 8744.0x2108]
>>> [New Thread 8744.0x2c4c]
>>> [New Thread 8744.0x365c]
>>> sb16: warning: command 0xf,1 is not truly understood yet
>>> sb16: warning: command 0xe,2 is not truly understood yet
>>> [Switching to Thread 8744.0x2108]
>>>
>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=4294967295,
>>> out_ethaddr=0x20af64a "\311\001") at slirp/arp_table.c:75
>>> 75 assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>> (gdb) c
>>> Continuing.
>>> [New Thread 8744.0x36d4]
>>> [Switching to Thread 8744.0x313c]
>>>
>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=0,
>>> out_ethaddr=0x22f642 "\"") at slirp/arp_table.c:75
>>> 75 assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>> (gdb) bt
>>> #0 arp_table_search (slirp=0x19f7380, ip_addr=0, out_ethaddr=0x22f642 "\"")
>>> at slirp/arp_table.c:75
>>> #1 0x004bafbd in if_encap (slirp=0x19f7488, ifm=0x1caf5a8)
>>> at slirp/slirp.c:709
>>> #2 0x004b8a73 in if_start (slirp=0x19f7380) at slirp/if.c:210
>>> #3 0x004b9c9e in ip_output (so=0x1caf5a8, m0=0x0) at slirp/ip_output.c:84
>>> #4 0x004bf737 in tcp_output (tp=0x21f57d0) at slirp/tcp_output.c:456
>>> #5 0x004c09ad in tcp_drop (tp=0x21f57d0, err=0) at slirp/tcp_subr.c:225
>>> #6 0x004c1182 in tcp_timers (timer=<optimized out>, tp=<optimized out>)
>>> at slirp/tcp_timer.c:287
>>> #7 tcp_slowtimo (slirp=0x0) at slirp/tcp_timer.c:88
>>> #8 0x004bb6f1 in slirp_select_poll (readfds=0x22fae0, writefds=0x22f9dc,
>>> xfds=0x22f8d8, select_error=2291816) at slirp/slirp.c:433
>>> #9 0x0048fb87 in main_loop_wait (nonblocking=0)
>>> at C:/msys/home/User/qemu/vl.c:1436
>>> #10 0x00490d10 in main_loop () at C:/msys/home/User/qemu/vl.c:1466
>>> #11 qemu_main (argc=0, argv=0x19f5100, envp=0x0)
>>> at C:/msys/home/User/qemu/vl.c:3453
>>> #12 0x0049322d in SDL_main (argc=17, argv=0x19f5100)
>>> at C:/msys/home/User/qemu/vl.c:102
>>> #13 0x005eb784 in console_main ()
>>> #14 0x005eb844 in WinMain@16 ()
>>> #15 0x005eb068 in main ()
>>> (gdb) c
>>> Continuing.
>>> Assertion failed: (ip_addr & htonl(~(0xf << 28))) != 0, file
>>> slirp/arp_table.c,
>>> line 75
>>>
>>> This application has requested the Runtime to terminate it in an unusual
>>> way.
>>> Please contact the application's support team for more information.
>>> [Inferior 1 (process 8744) exited with code 03]
>>> (gdb)
>>
>> I suspect a half-baked TCP socket times out, and slirp tries to
>> terminate this socket by sending a FIN to an invalid client IP. Pending
>> bug that now surfaced thanks to the assertion.
>>
>> To confirm this, you could check the state of the socket, specifically
>> the tcpip header template.
>>
>
> Please explain this in detail for doing it in Win32 environment. Is
> there a DEBUG #define that can debug slirp?After hitting the assert with gdb, go to frame 4 and print *tp. Interesting is the content of t_template. > >> Obviously, this triggers early in the boot, right? Maybe you could debug >> the lifecycle of the affected socket? >> > > No. The guest XP SP3 goes into the desktop, waits for the automatic > update tray icon appear and start to download updates(almost 5~6 > minutes), then QEMU assertion fails. Too bad... Jan
signature.asc
Description: OpenPGP digital signature
