QEMU

Latest GIT assert error in arp_table.c

Bug #824650 reported by Nigel Horne
50
This bug affects 10 people
Affects Status Importance Assigned to Milestone
QEMU
Fix Released
Undecided
Unassigned

Bug Description

The latest git version of qemu (commit 8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes. All was fine up to a few days ago. This is wth both x86 and sparc emulation, on an x86_64 host.

e.g. qemu-system-sparc -drive file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c -nographic -redir tcp:2232::22:

 qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000) >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) | (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) : "0" (__x)); __v; }))) != 0' failed.

Revision history for this message
Nigel Horne (njh-bandsman) wrote :

I am wondering if it's the use of the "-redir tcp:2232::22:" argument which is broken in GIT.

Revision history for this message
Nigel Horne (njh-bandsman) wrote :

No - that's not relevant. The latest git (07ff2c4475df77e38a31d50ee7f3932631806c15) still crashes after just a couple of minutes with just about any guest on a Linux host.

These are the args for my FreeBSD guest:

qemu-system-i386 -drive file=freebsd8.1-i386,index=0,media=disk,cache=unsafe -drive file=/dev/cdrom,index=1,media=cdrom -boot c -enable-kvm -m 128

Revision history for this message
Roy Tam (roytam) wrote : Re: [Qemu-devel] [Bug 824650] [NEW] Latest GIT assert error in arp_table.c

2011/8/12 Nigel Horne <email address hidden>:
> Public bug reported:
>
> The latest git version of qemu (commit
> 8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
> All was fine up to a few days ago.  This is wth both x86 and sparc
> emulation, on an x86_64 host.
>
> e.g. qemu-system-sparc -drive
> file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
> -nographic -redir tcp:2232::22:
>
>  qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
> `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf <<
> 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000) >>
> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
> (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
> "0" (__x)); __v; }))) != 0' failed.
>
> ** Affects: qemu
>     Importance: Undecided
>         Status: New
>
> --
> You received this bug notification because you are a member of qemu-
> devel-ml, which is subscribed to QEMU.
> https://bugs.launchpad.net/bugs/824650
>
> Title:
>  Latest GIT assert error in arp_table.c
>
> Status in QEMU:
>  New
>
> Bug description:
>  The latest git version of qemu (commit
>  8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
>  All was fine up to a few days ago.  This is wth both x86 and sparc
>  emulation, on an x86_64 host.
>
>  e.g. qemu-system-sparc -drive
>  file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
>  -nographic -redir tcp:2232::22:
>
>   qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
>  `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf
>  << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000)
>  >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
>  (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
>  "0" (__x)); __v; }))) != 0' failed.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions
>
>

I'm hitting same assertion too.

Assertion failed: (ip_addr & htonl(~(0xf << 28))) != 0, file
slirp/arp_table.c, line 75

Environment: Win XP SP3 host, MinGW gcc 4.3.3-tdm-1
Build: qemu.git rev 44520db10b1b92f272348ab7028e7afc68ac3edf
CommandLine: qemu -hda e:\xp.vmdk -soundhw sb16 -m 320 -localtime -usb
-usbdevice tablet -net user -net nic,model=ne2k_pci -drive
if=none,id=usbstick,file=e:\4m.img -device
usb-storage,bus=usb.0,drive=usbstick

Revision history for this message
Roy Tam (roytam) wrote : Re: [Bug 824650] [NEW] Latest GIT assert error in arp_table.c
Download full text (6.5 KiB)

2011/9/15 Jan Kiszka <email address hidden>:
> On 2011-09-15 06:11, Roy Tam wrote:
>> 2011/8/12 Nigel Horne <email address hidden>:
>>> Public bug reported:
>>>
>>> The latest git version of qemu (commit
>>> 8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
>>> All was fine up to a few days ago.  This is wth both x86 and sparc
>>> emulation, on an x86_64 host.
>>>
>>> e.g. qemu-system-sparc -drive
>>> file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
>>> -nographic -redir tcp:2232::22:
>>>
>>>  qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
>>> `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf <<
>>> 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000) >>
>>> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
>>> (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
>>> "0" (__x)); __v; }))) != 0' failed.
>>>
>>> ** Affects: qemu
>>>     Importance: Undecided
>>>         Status: New
>>>
>>> --
>>> You received this bug notification because you are a member of qemu-
>>> devel-ml, which is subscribed to QEMU.
>>> https://bugs.launchpad.net/bugs/824650
>>>
>>> Title:
>>>  Latest GIT assert error in arp_table.c
>>>
>>> Status in QEMU:
>>>  New
>>>
>>> Bug description:
>>>  The latest git version of qemu (commit
>>>  8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
>>>  All was fine up to a few days ago.  This is wth both x86 and sparc
>>>  emulation, on an x86_64 host.
>>>
>>>  e.g. qemu-system-sparc -drive
>>>  file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
>>>  -nographic -redir tcp:2232::22:
>>>
>>>   qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
>>>  `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf
>>>  << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000)
>>>  >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
>>>  (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
>>>  "0" (__x)); __v; }))) != 0' failed.
>>>
>>> To manage notifications about this bug go to:
>>> https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions
>>>
>>>
>>
>> I'm hitting same assertion too.
>>
>> Assertion failed: (ip_addr & htonl(~(0xf << 28))) != 0, file
>> slirp/arp_table.c, line 75
>>
>> Environment: Win XP SP3 host, MinGW gcc 4.3.3-tdm-1
>> Build: qemu.git rev 44520db10b1b92f272348ab7028e7afc68ac3edf
>> CommandLine: qemu -hda e:\xp.vmdk -soundhw sb16 -m 320 -localtime -usb
>> -usbdevice tablet -net user -net nic,model=ne2k_pci -drive
>> if=none,id=usbstick,file=e:\4m.img -device
>> usb-storage,bus=usb.0,drive=usbstick
>
> Same request here: Please try to catch a bit more context (backtrace,
> variable states etc.) via gdb. Or if you have a way to reproduce the
> issue, let me know the details.
>
> Thanks,
> Jan
>
>

Hope it helps.

C:\msys\home\User\qemu>gdb --args i386-softmmu\qemu-system-i386.exe
-hda i386-softmmu\xp.vmdk -soundhw sb16 -m 320 -localtime -usb
-usbdevice tablet -net user -net nic,model=ne2k_pci -L pc-bios
GNU gdb (GDB) 7.3
Copyright (C) 2011 Free Software Foundation, Inc.
Lice...

Read more...

Revision history for this message
Roy Tam (roytam) wrote :
Download full text (7.7 KiB)

2011/9/15 Jan Kiszka <email address hidden>:
> On 2011-09-15 09:38, Roy Tam wrote:
>> 2011/9/15 Jan Kiszka <email address hidden>:
>>> On 2011-09-15 06:11, Roy Tam wrote:
>>>> 2011/8/12 Nigel Horne <email address hidden>:
>>>>> Public bug reported:
>>>>>
>>>>> The latest git version of qemu (commit
>>>>> 8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
>>>>> All was fine up to a few days ago.  This is wth both x86 and sparc
>>>>> emulation, on an x86_64 host.
>>>>>
>>>>> e.g. qemu-system-sparc -drive
>>>>> file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
>>>>> -nographic -redir tcp:2232::22:
>>>>>
>>>>>  qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
>>>>> `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf <<
>>>>> 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000) >>
>>>>> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
>>>>> (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
>>>>> "0" (__x)); __v; }))) != 0' failed.
>>>>>
>>>>> ** Affects: qemu
>>>>>     Importance: Undecided
>>>>>         Status: New
>>>>>
>>>>> --
>>>>> You received this bug notification because you are a member of qemu-
>>>>> devel-ml, which is subscribed to QEMU.
>>>>> https://bugs.launchpad.net/bugs/824650
>>>>>
>>>>> Title:
>>>>>  Latest GIT assert error in arp_table.c
>>>>>
>>>>> Status in QEMU:
>>>>>  New
>>>>>
>>>>> Bug description:
>>>>>  The latest git version of qemu (commit
>>>>>  8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
>>>>>  All was fine up to a few days ago.  This is wth both x86 and sparc
>>>>>  emulation, on an x86_64 host.
>>>>>
>>>>>  e.g. qemu-system-sparc -drive
>>>>>  file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
>>>>>  -nographic -redir tcp:2232::22:
>>>>>
>>>>>   qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
>>>>>  `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf
>>>>>  << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000)
>>>>>  >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
>>>>>  (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
>>>>>  "0" (__x)); __v; }))) != 0' failed.
>>>>>
>>>>> To manage notifications about this bug go to:
>>>>> https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions
>>>>>
>>>>>
>>>>
>>>> I'm hitting same assertion too.
>>>>
>>>> Assertion failed: (ip_addr & htonl(~(0xf << 28))) != 0, file
>>>> slirp/arp_table.c, line 75
>>>>
>>>> Environment: Win XP SP3 host, MinGW gcc 4.3.3-tdm-1
>>>> Build: qemu.git rev 44520db10b1b92f272348ab7028e7afc68ac3edf
>>>> CommandLine: qemu -hda e:\xp.vmdk -soundhw sb16 -m 320 -localtime -usb
>>>> -usbdevice tablet -net user -net nic,model=ne2k_pci -drive
>>>> if=none,id=usbstick,file=e:\4m.img -device
>>>> usb-storage,bus=usb.0,drive=usbstick
>>>
>>> Same request here: Please try to catch a bit more context (backtrace,
>>> variable states etc.) via gdb. Or if you have a way to reproduce the
>>> issue, let me know the details.
>>>
>>> Thanks,
>>> Jan
>>>
>>>
>>
>> Hope it helps.
>>
>> C:\msys\home\User\q...

Read more...

Revision history for this message
Roy Tam (roytam) wrote :
Download full text (11.5 KiB)

2011/9/15 Jan Kiszka <email address hidden>:
> On 2011-09-15 12:53, Roy Tam wrote:
>> 2011/9/15 Jan Kiszka <email address hidden>:
>>> On 2011-09-15 09:38, Roy Tam wrote:
>>>> 2011/9/15 Jan Kiszka <email address hidden>:
>>>>> On 2011-09-15 06:11, Roy Tam wrote:
>>>>>> 2011/8/12 Nigel Horne <email address hidden>:
>>>>>>> Public bug reported:
>>>>>>>
>>>>>>> The latest git version of qemu (commit
>>>>>>> 8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
>>>>>>> All was fine up to a few days ago.  This is wth both x86 and sparc
>>>>>>> emulation, on an x86_64 host.
>>>>>>>
>>>>>>> e.g. qemu-system-sparc -drive
>>>>>>> file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
>>>>>>> -nographic -redir tcp:2232::22:
>>>>>>>
>>>>>>>  qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
>>>>>>> `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf <<
>>>>>>> 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000) >>
>>>>>>> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
>>>>>>> (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
>>>>>>> "0" (__x)); __v; }))) != 0' failed.
>>>>>>>
>>>>>>> ** Affects: qemu
>>>>>>>     Importance: Undecided
>>>>>>>         Status: New
>>>>>>>
>>>>>>> --
>>>>>>> You received this bug notification because you are a member of qemu-
>>>>>>> devel-ml, which is subscribed to QEMU.
>>>>>>> https://bugs.launchpad.net/bugs/824650
>>>>>>>
>>>>>>> Title:
>>>>>>>  Latest GIT assert error in arp_table.c
>>>>>>>
>>>>>>> Status in QEMU:
>>>>>>>  New
>>>>>>>
>>>>>>> Bug description:
>>>>>>>  The latest git version of qemu (commit
>>>>>>>  8cc7c3952d4d0a681d8d4c3ac89a206a5bfd7f00) crashes after a few minutes.
>>>>>>>  All was fine up to a few days ago.  This is wth both x86 and sparc
>>>>>>>  emulation, on an x86_64 host.
>>>>>>>
>>>>>>>  e.g. qemu-system-sparc -drive
>>>>>>>  file=netbsd5.0.2-sparc,index=0,media=disk,cache=unsafe -m 256 -boot c
>>>>>>>  -nographic -redir tcp:2232::22:
>>>>>>>
>>>>>>>   qemu-system-sparc: slirp/arp_table.c:75: arp_table_search: Assertion
>>>>>>>  `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf
>>>>>>>  << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000)
>>>>>>>  >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) |
>>>>>>>  (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) :
>>>>>>>  "0" (__x)); __v; }))) != 0' failed.
>>>>>>>
>>>>>>> To manage notifications about this bug go to:
>>>>>>> https://bugs.launchpad.net/qemu/+bug/824650/+subscriptions
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> I'm hitting same assertion too.
>>>>>>
>>>>>> Assertion failed: (ip_addr & htonl(~(0xf << 28))) != 0, file
>>>>>> slirp/arp_table.c, line 75
>>>>>>
>>>>>> Environment: Win XP SP3 host, MinGW gcc 4.3.3-tdm-1
>>>>>> Build: qemu.git rev 44520db10b1b92f272348ab7028e7afc68ac3edf
>>>>>> CommandLine: qemu -hda e:\xp.vmdk -soundhw sb16 -m 320 -localtime -usb
>>>>>> -usbdevice tablet -net user -net nic,model=ne2k_pci -drive
>>>>>> if=none,id=usbstick,file=e:\4m.img -device
>>>>>> usb-storage,bus=usb.0,drive=usbstick
>>>>>
>>>>> Same request here: Please try ...

Revision history for this message
Roy Tam (roytam) wrote :
Download full text (3.3 KiB)

2011/9/15 Jan Kiszka <email address hidden>:
> On 2011-09-15 14:05, Roy Tam wrote:
>> Here you go.
>>
>> sb16: warning: command 0xf,1 is not truly understood yet
>> sb16: warning: command 0xe,2 is not truly understood yet
>> [Switching to Thread 13840.0x3140]
>>
>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=4294967295,
>>     out_ethaddr=0x20af64a "") at slirp/arp_table.c:75
>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>> (gdb) c
>> Continuing.
>> [New Thread 13840.0x31b8]
>> [Switching to Thread 13840.0x3628]
>>
>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=0,
>>     out_ethaddr=0x22f642 "\"") at slirp/arp_table.c:75
>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>> (gdb) bt
>> #0  arp_table_search (slirp=0x19f7380, ip_addr=0, out_ethaddr=0x22f642 "\"")
>>     at slirp/arp_table.c:75
>> #1  0x004bafbd in if_encap (slirp=0x19f7488, ifm=0x2255978)
>>     at slirp/slirp.c:709
>> #2  0x004b8a73 in if_start (slirp=0x19f7380) at slirp/if.c:210
>> #3  0x004b9c9e in ip_output (so=0x2255978, m0=0x0) at slirp/ip_output.c:84
>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>> #5  0x004c09ad in tcp_drop (tp=0x1cac848, err=0) at slirp/tcp_subr.c:225
>> #6  0x004c1182 in tcp_timers (timer=<optimized out>, tp=<optimized out>)
>>     at slirp/tcp_timer.c:287
>> #7  tcp_slowtimo (slirp=0x0) at slirp/tcp_timer.c:88
>> #8  0x004bb6f1 in slirp_select_poll (readfds=0x22fae0, writefds=0x22f9dc,
>>     xfds=0x22f8d8, select_error=2291816) at slirp/slirp.c:433
>> #9  0x0048fb87 in main_loop_wait (nonblocking=0)
>>     at C:/msys/home/User/qemu/vl.c:1436
>> #10 0x00490d10 in main_loop () at C:/msys/home/User/qemu/vl.c:1466
>> #11 qemu_main (argc=0, argv=0x19f5100, envp=0x0)
>>     at C:/msys/home/User/qemu/vl.c:3453
>> #12 0x0049322d in SDL_main (argc=17, argv=0x19f5100)
>>     at C:/msys/home/User/qemu/vl.c:102
>> #13 0x005eb784 in console_main ()
>> #14 0x005eb844 in WinMain@16 ()
>> #15 0x005eb068 in main ()
>> (gdb) frame 4
>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>> 456             error = ip_output(so, m);
>> (gdb) print *tp
>> $1 = {seg_next = 0x1cac848, seg_prev = 0x1cac848, t_state = 0, t_timer = {0,
>>     0, 0, 0}, t_rxtshift = 0, t_rxtcur = 12, t_dupacks = 0, t_maxseg = 1460,
>>   t_force = 0 '\000', t_flags = 0, t_template = {ti_i = {ih_mbuf = {
>>         mptr = 0x0, dummy = 0}, ih_x1 = 0 '\000', ih_pr = 0 '\000',
>>       ih_len = 0, ih_src = {S_un = {S_un_b = {s_b1 = 0 '\000',
>>             s_b2 = 0 '\000', s_b3 = 0 '\000', s_b4 = 0 '\000'}, S_un_w = {
>>             s_w1 = 0, s_w2 = 0}, S_addr = 0}}, ih_dst = {S_un = {S_un_b = {
>>             s_b1 = 0 '\000', s_b2 = 0 '\000', s_b3 = 0 '\000',
>>             s_b4 = 0 '\000'}, S_un_w = {s_w1 = 0, s_w2 = 0}, S_addr = 0}}},
>
> That confirms my theory: the template is not yet initialized.
>
> A shot from the hips: does this patch help?
>

Yeah the assertion doesn't fail anymore. Thanks.

> diff --git a/slirp/tcp_input.c b/slirp/tcp_input.c
> index c1214c0..5a79c68 100644
> --- a/slirp/tcp_input.c
> +++ b/slirp/tcp_input.c
> @@ -610,6 +610,7 @@ findso:
>            so->so_ti = ti;
>       ...

Read more...

Revision history for this message
Roy Tam (roytam) wrote :
Download full text (3.4 KiB)

Hi,

2011/9/15 Jan Kiszka <email address hidden>:
> On 2011-09-15 15:20, Roy Tam wrote:
>> 2011/9/15 Jan Kiszka <email address hidden>:
>>> On 2011-09-15 14:05, Roy Tam wrote:
>>>> Here you go.
>>>>
>>>> sb16: warning: command 0xf,1 is not truly understood yet
>>>> sb16: warning: command 0xe,2 is not truly understood yet
>>>> [Switching to Thread 13840.0x3140]
>>>>
>>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=4294967295,
>>>>     out_ethaddr=0x20af64a "") at slirp/arp_table.c:75
>>>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>>> (gdb) c
>>>> Continuing.
>>>> [New Thread 13840.0x31b8]
>>>> [Switching to Thread 13840.0x3628]
>>>>
>>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=0,
>>>>     out_ethaddr=0x22f642 "\"") at slirp/arp_table.c:75
>>>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>>> (gdb) bt
>>>> #0  arp_table_search (slirp=0x19f7380, ip_addr=0, out_ethaddr=0x22f642 "\"")
>>>>     at slirp/arp_table.c:75
>>>> #1  0x004bafbd in if_encap (slirp=0x19f7488, ifm=0x2255978)
>>>>     at slirp/slirp.c:709
>>>> #2  0x004b8a73 in if_start (slirp=0x19f7380) at slirp/if.c:210
>>>> #3  0x004b9c9e in ip_output (so=0x2255978, m0=0x0) at slirp/ip_output.c:84
>>>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>>>> #5  0x004c09ad in tcp_drop (tp=0x1cac848, err=0) at slirp/tcp_subr.c:225
>>>> #6  0x004c1182 in tcp_timers (timer=<optimized out>, tp=<optimized out>)
>>>>     at slirp/tcp_timer.c:287
>>>> #7  tcp_slowtimo (slirp=0x0) at slirp/tcp_timer.c:88
>>>> #8  0x004bb6f1 in slirp_select_poll (readfds=0x22fae0, writefds=0x22f9dc,
>>>>     xfds=0x22f8d8, select_error=2291816) at slirp/slirp.c:433
>>>> #9  0x0048fb87 in main_loop_wait (nonblocking=0)
>>>>     at C:/msys/home/User/qemu/vl.c:1436
>>>> #10 0x00490d10 in main_loop () at C:/msys/home/User/qemu/vl.c:1466
>>>> #11 qemu_main (argc=0, argv=0x19f5100, envp=0x0)
>>>>     at C:/msys/home/User/qemu/vl.c:3453
>>>> #12 0x0049322d in SDL_main (argc=17, argv=0x19f5100)
>>>>     at C:/msys/home/User/qemu/vl.c:102
>>>> #13 0x005eb784 in console_main ()
>>>> #14 0x005eb844 in WinMain@16 ()
>>>> #15 0x005eb068 in main ()
>>>> (gdb) frame 4
>>>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>>>> 456             error = ip_output(so, m);
>>>> (gdb) print *tp
>>>> $1 = {seg_next = 0x1cac848, seg_prev = 0x1cac848, t_state = 0, t_timer = {0,
>>>>     0, 0, 0}, t_rxtshift = 0, t_rxtcur = 12, t_dupacks = 0, t_maxseg = 1460,
>>>>   t_force = 0 '\000', t_flags = 0, t_template = {ti_i = {ih_mbuf = {
>>>>         mptr = 0x0, dummy = 0}, ih_x1 = 0 '\000', ih_pr = 0 '\000',
>>>>       ih_len = 0, ih_src = {S_un = {S_un_b = {s_b1 = 0 '\000',
>>>>             s_b2 = 0 '\000', s_b3 = 0 '\000', s_b4 = 0 '\000'}, S_un_w = {
>>>>             s_w1 = 0, s_w2 = 0}, S_addr = 0}}, ih_dst = {S_un = {S_un_b = {
>>>>             s_b1 = 0 '\000', s_b2 = 0 '\000', s_b3 = 0 '\000',
>>>>             s_b4 = 0 '\000'}, S_un_w = {s_w1 = 0, s_w2 = 0}, S_addr = 0}}},
>>>
>>> That confirms my theory: the template is not yet initialized.
>>>
>>> A shot from the hips: does this patch help?
>>>
>>
>> Yeah the assertion doesn't fail anymore. ...

Read more...

Revision history for this message
Roy Tam (roytam) wrote :
Download full text (5.6 KiB)

Hi,

2011/10/26 Jan Kiszka <email address hidden>:
> On 2011-10-26 10:03, Roy Tam wrote:
>> Hi,
>>
>> 2011/9/15 Jan Kiszka <email address hidden>:
>>> On 2011-09-15 15:20, Roy Tam wrote:
>>>> 2011/9/15 Jan Kiszka <email address hidden>:
>>>>> On 2011-09-15 14:05, Roy Tam wrote:
>>>>>> Here you go.
>>>>>>
>>>>>> sb16: warning: command 0xf,1 is not truly understood yet
>>>>>> sb16: warning: command 0xe,2 is not truly understood yet
>>>>>> [Switching to Thread 13840.0x3140]
>>>>>>
>>>>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=4294967295,
>>>>>>     out_ethaddr=0x20af64a "") at slirp/arp_table.c:75
>>>>>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>>>>> (gdb) c
>>>>>> Continuing.
>>>>>> [New Thread 13840.0x31b8]
>>>>>> [Switching to Thread 13840.0x3628]
>>>>>>
>>>>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=0,
>>>>>>     out_ethaddr=0x22f642 "\"") at slirp/arp_table.c:75
>>>>>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>>>>> (gdb) bt
>>>>>> #0  arp_table_search (slirp=0x19f7380, ip_addr=0, out_ethaddr=0x22f642 "\"")
>>>>>>     at slirp/arp_table.c:75
>>>>>> #1  0x004bafbd in if_encap (slirp=0x19f7488, ifm=0x2255978)
>>>>>>     at slirp/slirp.c:709
>>>>>> #2  0x004b8a73 in if_start (slirp=0x19f7380) at slirp/if.c:210
>>>>>> #3  0x004b9c9e in ip_output (so=0x2255978, m0=0x0) at slirp/ip_output.c:84
>>>>>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>>>>>> #5  0x004c09ad in tcp_drop (tp=0x1cac848, err=0) at slirp/tcp_subr.c:225
>>>>>> #6  0x004c1182 in tcp_timers (timer=<optimized out>, tp=<optimized out>)
>>>>>>     at slirp/tcp_timer.c:287
>>>>>> #7  tcp_slowtimo (slirp=0x0) at slirp/tcp_timer.c:88
>>>>>> #8  0x004bb6f1 in slirp_select_poll (readfds=0x22fae0, writefds=0x22f9dc,
>>>>>>     xfds=0x22f8d8, select_error=2291816) at slirp/slirp.c:433
>>>>>> #9  0x0048fb87 in main_loop_wait (nonblocking=0)
>>>>>>     at C:/msys/home/User/qemu/vl.c:1436
>>>>>> #10 0x00490d10 in main_loop () at C:/msys/home/User/qemu/vl.c:1466
>>>>>> #11 qemu_main (argc=0, argv=0x19f5100, envp=0x0)
>>>>>>     at C:/msys/home/User/qemu/vl.c:3453
>>>>>> #12 0x0049322d in SDL_main (argc=17, argv=0x19f5100)
>>>>>>     at C:/msys/home/User/qemu/vl.c:102
>>>>>> #13 0x005eb784 in console_main ()
>>>>>> #14 0x005eb844 in WinMain@16 ()
>>>>>> #15 0x005eb068 in main ()
>>>>>> (gdb) frame 4
>>>>>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>>>>>> 456             error = ip_output(so, m);
>>>>>> (gdb) print *tp
>>>>>> $1 = {seg_next = 0x1cac848, seg_prev = 0x1cac848, t_state = 0, t_timer = {0,
>>>>>>     0, 0, 0}, t_rxtshift = 0, t_rxtcur = 12, t_dupacks = 0, t_maxseg = 1460,
>>>>>>   t_force = 0 '\000', t_flags = 0, t_template = {ti_i = {ih_mbuf = {
>>>>>>         mptr = 0x0, dummy = 0}, ih_x1 = 0 '\000', ih_pr = 0 '\000',
>>>>>>       ih_len = 0, ih_src = {S_un = {S_un_b = {s_b1 = 0 '\000',
>>>>>>             s_b2 = 0 '\000', s_b3 = 0 '\000', s_b4 = 0 '\000'}, S_un_w = {
>>>>>>             s_w1 = 0, s_w2 = 0}, S_addr = 0}}, ih_dst = {S_un = {S_un_b = {
>>>>>>             s_b1 = 0 '\000', s_b2 = 0 '\000', s_b3 = 0 '\000',
>>>>>>             s_b4 = 0 '\000'}, S_un_w...

Read more...

Revision history for this message
Roy Tam (roytam) wrote :
Download full text (6.0 KiB)

2011/10/27 Roy Tam <email address hidden>:
> Hi,
>
> 2011/10/26 Jan Kiszka <email address hidden>:
>> On 2011-10-26 10:03, Roy Tam wrote:
>>> Hi,
>>>
>>> 2011/9/15 Jan Kiszka <email address hidden>:
>>>> On 2011-09-15 15:20, Roy Tam wrote:
>>>>> 2011/9/15 Jan Kiszka <email address hidden>:
>>>>>> On 2011-09-15 14:05, Roy Tam wrote:
>>>>>>> Here you go.
>>>>>>>
>>>>>>> sb16: warning: command 0xf,1 is not truly understood yet
>>>>>>> sb16: warning: command 0xe,2 is not truly understood yet
>>>>>>> [Switching to Thread 13840.0x3140]
>>>>>>>
>>>>>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=4294967295,
>>>>>>>     out_ethaddr=0x20af64a "") at slirp/arp_table.c:75
>>>>>>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>>>>>> (gdb) c
>>>>>>> Continuing.
>>>>>>> [New Thread 13840.0x31b8]
>>>>>>> [Switching to Thread 13840.0x3628]
>>>>>>>
>>>>>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=0,
>>>>>>>     out_ethaddr=0x22f642 "\"") at slirp/arp_table.c:75
>>>>>>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>>>>>> (gdb) bt
>>>>>>> #0  arp_table_search (slirp=0x19f7380, ip_addr=0, out_ethaddr=0x22f642 "\"")
>>>>>>>     at slirp/arp_table.c:75
>>>>>>> #1  0x004bafbd in if_encap (slirp=0x19f7488, ifm=0x2255978)
>>>>>>>     at slirp/slirp.c:709
>>>>>>> #2  0x004b8a73 in if_start (slirp=0x19f7380) at slirp/if.c:210
>>>>>>> #3  0x004b9c9e in ip_output (so=0x2255978, m0=0x0) at slirp/ip_output.c:84
>>>>>>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>>>>>>> #5  0x004c09ad in tcp_drop (tp=0x1cac848, err=0) at slirp/tcp_subr.c:225
>>>>>>> #6  0x004c1182 in tcp_timers (timer=<optimized out>, tp=<optimized out>)
>>>>>>>     at slirp/tcp_timer.c:287
>>>>>>> #7  tcp_slowtimo (slirp=0x0) at slirp/tcp_timer.c:88
>>>>>>> #8  0x004bb6f1 in slirp_select_poll (readfds=0x22fae0, writefds=0x22f9dc,
>>>>>>>     xfds=0x22f8d8, select_error=2291816) at slirp/slirp.c:433
>>>>>>> #9  0x0048fb87 in main_loop_wait (nonblocking=0)
>>>>>>>     at C:/msys/home/User/qemu/vl.c:1436
>>>>>>> #10 0x00490d10 in main_loop () at C:/msys/home/User/qemu/vl.c:1466
>>>>>>> #11 qemu_main (argc=0, argv=0x19f5100, envp=0x0)
>>>>>>>     at C:/msys/home/User/qemu/vl.c:3453
>>>>>>> #12 0x0049322d in SDL_main (argc=17, argv=0x19f5100)
>>>>>>>     at C:/msys/home/User/qemu/vl.c:102
>>>>>>> #13 0x005eb784 in console_main ()
>>>>>>> #14 0x005eb844 in WinMain@16 ()
>>>>>>> #15 0x005eb068 in main ()
>>>>>>> (gdb) frame 4
>>>>>>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>>>>>>> 456             error = ip_output(so, m);
>>>>>>> (gdb) print *tp
>>>>>>> $1 = {seg_next = 0x1cac848, seg_prev = 0x1cac848, t_state = 0, t_timer = {0,
>>>>>>>     0, 0, 0}, t_rxtshift = 0, t_rxtcur = 12, t_dupacks = 0, t_maxseg = 1460,
>>>>>>>   t_force = 0 '\000', t_flags = 0, t_template = {ti_i = {ih_mbuf = {
>>>>>>>         mptr = 0x0, dummy = 0}, ih_x1 = 0 '\000', ih_pr = 0 '\000',
>>>>>>>       ih_len = 0, ih_src = {S_un = {S_un_b = {s_b1 = 0 '\000',
>>>>>>>             s_b2 = 0 '\000', s_b3 = 0 '\000', s_b4 = 0 '\000'}, S_un_w = {
>>>>>>>             s_w1 = 0, s_w2 = 0}, S_addr = 0}}, ih_dst = {S_un = {S_un_b = {
>>>>>>>   ...

Read more...

Revision history for this message
Roy Tam (roytam) wrote :
Download full text (6.8 KiB)

2011/10/27 Jan Kiszka <email address hidden>:
> On 2011-10-27 05:21, Roy Tam wrote:
>> 2011/10/27 Roy Tam <email address hidden>:
>>> Hi,
>>>
>>> 2011/10/26 Jan Kiszka <email address hidden>:
>>>> On 2011-10-26 10:03, Roy Tam wrote:
>>>>> Hi,
>>>>>
>>>>> 2011/9/15 Jan Kiszka <email address hidden>:
>>>>>> On 2011-09-15 15:20, Roy Tam wrote:
>>>>>>> 2011/9/15 Jan Kiszka <email address hidden>:
>>>>>>>> On 2011-09-15 14:05, Roy Tam wrote:
>>>>>>>>> Here you go.
>>>>>>>>>
>>>>>>>>> sb16: warning: command 0xf,1 is not truly understood yet
>>>>>>>>> sb16: warning: command 0xe,2 is not truly understood yet
>>>>>>>>> [Switching to Thread 13840.0x3140]
>>>>>>>>>
>>>>>>>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=4294967295,
>>>>>>>>>     out_ethaddr=0x20af64a "") at slirp/arp_table.c:75
>>>>>>>>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>>>>>>>> (gdb) c
>>>>>>>>> Continuing.
>>>>>>>>> [New Thread 13840.0x31b8]
>>>>>>>>> [Switching to Thread 13840.0x3628]
>>>>>>>>>
>>>>>>>>> Breakpoint 1, arp_table_search (slirp=0x19f7380, ip_addr=0,
>>>>>>>>>     out_ethaddr=0x22f642 "\"") at slirp/arp_table.c:75
>>>>>>>>> 75      //    assert((ip_addr & htonl(~(0xf << 28))) != 0);
>>>>>>>>> (gdb) bt
>>>>>>>>> #0  arp_table_search (slirp=0x19f7380, ip_addr=0, out_ethaddr=0x22f642 "\"")
>>>>>>>>>     at slirp/arp_table.c:75
>>>>>>>>> #1  0x004bafbd in if_encap (slirp=0x19f7488, ifm=0x2255978)
>>>>>>>>>     at slirp/slirp.c:709
>>>>>>>>> #2  0x004b8a73 in if_start (slirp=0x19f7380) at slirp/if.c:210
>>>>>>>>> #3  0x004b9c9e in ip_output (so=0x2255978, m0=0x0) at slirp/ip_output.c:84
>>>>>>>>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>>>>>>>>> #5  0x004c09ad in tcp_drop (tp=0x1cac848, err=0) at slirp/tcp_subr.c:225
>>>>>>>>> #6  0x004c1182 in tcp_timers (timer=<optimized out>, tp=<optimized out>)
>>>>>>>>>     at slirp/tcp_timer.c:287
>>>>>>>>> #7  tcp_slowtimo (slirp=0x0) at slirp/tcp_timer.c:88
>>>>>>>>> #8  0x004bb6f1 in slirp_select_poll (readfds=0x22fae0, writefds=0x22f9dc,
>>>>>>>>>     xfds=0x22f8d8, select_error=2291816) at slirp/slirp.c:433
>>>>>>>>> #9  0x0048fb87 in main_loop_wait (nonblocking=0)
>>>>>>>>>     at C:/msys/home/User/qemu/vl.c:1436
>>>>>>>>> #10 0x00490d10 in main_loop () at C:/msys/home/User/qemu/vl.c:1466
>>>>>>>>> #11 qemu_main (argc=0, argv=0x19f5100, envp=0x0)
>>>>>>>>>     at C:/msys/home/User/qemu/vl.c:3453
>>>>>>>>> #12 0x0049322d in SDL_main (argc=17, argv=0x19f5100)
>>>>>>>>>     at C:/msys/home/User/qemu/vl.c:102
>>>>>>>>> #13 0x005eb784 in console_main ()
>>>>>>>>> #14 0x005eb844 in WinMain@16 ()
>>>>>>>>> #15 0x005eb068 in main ()
>>>>>>>>> (gdb) frame 4
>>>>>>>>> #4  0x004bf737 in tcp_output (tp=0x1cac848) at slirp/tcp_output.c:456
>>>>>>>>> 456             error = ip_output(so, m);
>>>>>>>>> (gdb) print *tp
>>>>>>>>> $1 = {seg_next = 0x1cac848, seg_prev = 0x1cac848, t_state = 0, t_timer = {0,
>>>>>>>>>     0, 0, 0}, t_rxtshift = 0, t_rxtcur = 12, t_dupacks = 0, t_maxseg = 1460,
>>>>>>>>>   t_force = 0 '\000', t_flags = 0, t_template = {ti_i = {ih_mbuf = {
>>>>>>>>>         mptr = 0x0, dummy = 0}, ih_x1 = 0 '\000', ih_pr = 0 '\000',
>>>>>>>>>       ih_len = 0, ih_src = {S_u...

Read more...

Revision history for this message
AleksTJ@gmail.com (alekstj) wrote :

qemu-system-i386 -m 320 -hda mikrotik.img
qemu-system-i386: slirp/arp_table.c:75: arp_table_search: Assertion `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000) >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) | (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) : "0" (__x)); __v; }))) != 0' failed.
Аварийный останов

Revision history for this message
Bjoern Bornemann (bornebjoern) wrote :

Hey Guys,

I have the same problem.
Installing the VM was pretty fine, no problems at all but when I try to start this VM, which is supposed to run a Mikrotik "RouterOS" it fails with the known error message. So far this error can only be reproduced by installing this special OS. All other OS like Windows XP and several Linux distributions etc work fine.

I also checked the "tcp_input.c" file in the qemu source directory for the given line, which is supposed to be the patch. And it was of course allready within that file.

okay now to my specs:

Host:
     CPU: Intel Core2Duo
     RAM: 4GB
     Lenovo ThinkPad T61

     OS: Slackware 13.1
     kernel: 3.0
     qemu: 1.0

the pcap file is attached to this note. Allthough it is no very big 24 byte only

Revision history for this message
Bjoern Bornemann (bornebjoern) wrote :

okay I forgot to post the qemu command here it is:

 qemu-system-i386 -balloon none -smbios type=0,vendor=Lenovo,version=7LETC6WW,date=05/11/2009,release=2.38 \
-smbios type=1,manufacturer=Lenovo,product=8896AB5,version=ThinkPadT61,serial=L3C3845,uuid=5D867F81-4A91-11CB-90B0-BF62749B684D,family=ThinkPadT61 \
-drive file=/var/vm/machines/RouterOS-ROS/System-5G_RouterOS-ROS.hdd -no-frame -vga vmware -monitor stdio -cdrom /var/vm/iso/mikrotik-4.17.iso \
-m 256 -boot menu=on -net nic,model=e1000,macaddr=52:54:00:BE:4E:B7 -net user,net=192.168.255.0/24 -net nic,model=e1000,macaddr=52:54:00:E5:AC:3A \
-net vde,sock=/var/vm/vde/vHOME -rtc base=localtime -name RouterOS-ROS -writeconfig /var/vm/machines/RouterOS-ROS/RouterOS-ROS.cfg -machine type=pc \
-cpu core2duo

It doesn't matter if I use the VDE Socket or not. The Error occures everytime with every configuration.
I even changed the NIC model to "rtl8139 | virtio | pcnet"

Revision history for this message
Bjoern Bornemann (bornebjoern) wrote :

slirp/ip_icmp.c | 5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/slirp/ip_icmp.c b/slirp/ip_icmp.c
index 4b43994..5dbf21d 100644
--- a/slirp/ip_icmp.c
+++ b/slirp/ip_icmp.c
@@ -262,6 +262,11 @@ icmp_error(struct mbuf *msrc, u_char type, u_char code, int minsize,
 #endif
   if(ip->ip_off & IP_OFFMASK) goto end_error; /* Only reply to fragment 0 */

+ /* Do not reply to source-only IPs */
+ if ((ip->ip_src.s_addr & htonl(~(0xf << 28))) == 0) {
+ goto end_error;
+ }
+
   shlen=ip->ip_hl << 2;
   s_ip_len=ip->ip_len;
   if(ip->ip_p == IPPROTO_ICMP) {

Fix seem to work. No crashes so far.

Thanks a lot to Jan Kiszka

Changed in qemu:
status: New → Fix Committed
status: Fix Committed → Fix Released
Revision history for this message
Solitaire (bill-s0l) wrote :

I'm getting the following error:

qemu-system-arm: slirp/arp_table.c:41: arp_table_add: Assertion `(ip_addr & (__extension__ ({ register unsigned int __v, __x = (~(0xf << 28)); if (__builtin_constant_p (__x)) __v = ((((__x) & 0xff000000) >> 24) | (((__x) & 0x00ff0000) >> 8) | (((__x) & 0x0000ff00) << 8) | (((__x) & 0x000000ff) << 24)); else __asm__ ("bswap %0" : "=r" (__v) : "0" (__x)); __v; }))) != 0' failed.
Aborted

Here is the command i'm running:

qemu-system-arm -M versatilepb -cpu arm11mpcore -m 256 -hda debian6-17-02-2012.img -kernel zImage_3.1.9 -append "root=/dev/sda2"

The version of qemu was compiled from source today from the latest git so the above patch was already in place.

Running Ubuntu 11.10
Intel Celeron CPU 550 @ 2.00GHz
2Gb ram

If you need any more info let me know...

Revision history for this message
Bjoern Bornemann (bornebjoern) wrote :

hey solitaire,

just add the 5 lines mentioned in my post above to "slirp/ip_icmp.c" source code file, recompile qemu and that's it.

this worked pretty fine for me so far.

Revision history for this message
Solitaire (bill-s0l) wrote :

Thanks.

The 5 lines in the patch are already there. (checked and recompiled, still the same error!)

Got a work around at the moment by adding "-net none" to the command.

Revision history for this message
Roy Tam (roytam) wrote :

let me make comment on current git (v1.0-1172-g235fe3b), my XP SP3 -net dump is attached.
You can see slirp almost not returning anything to guest (10.0.2.15), while the outgoing packets seem to be delivered correctly.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.