Re: [coLinux-users] coLinux daemon program crash (colinux-slirp-net-daemon)

[Henry N. <hen...@ar...>]

Hello Shai,

> Shai Vaingast wrote:
>> I've caused this to happen several times and it seems that the crash
>> happens at the same point (i.e., same IP, same call stack, same
>> disassembly location, etc.)
>>
>> Call stack:
>> COLINUX-SLIRP-NET-DAEMON! 00402b90()
>> COLINUX-SLIRP-NET-DAEMON! 004089db()
>> COLINUX-SLIRP-NET-DAEMON! 00401d77()
>> COLINUX-SLIRP-NET-DAEMON! 0040130d()
>> COLINUX-SLIRP-NET-DAEMON! 00401247()
>> COLINUX-SLIRP-NET-DAEMON! 00401298()
>> KERNEL32! 7c817067()

The stack with labels:
COLINUX-SLIRP-NET-DAEMON! 00402b90()	_tcp_input+0x5f0
COLINUX-SLIRP-NET-DAEMON! 004089db()	_slirp_select_poll+0x11b
COLINUX-SLIRP-NET-DAEMON! 00401d77()	_co_slirp_main+0x237
COLINUX-SLIRP-NET-DAEMON! 0040130d()	_main+0x2d
COLINUX-SLIRP-NET-DAEMON! 00401247()	___mingw_CRTStartup+0xf7
COLINUX-SLIRP-NET-DAEMON! 00401298()	_mainCRTStartup+0x18

>> Registers:
>> EAX = 00000001 EBX = 00000002
>>    ECX = 77C2C2E3 EDX = 00030608
>>    ESI = 0051B03C EDI = 005143E0
>>    EIP = 00402B90 ESP = 0023FA20
>>    EBP = 0023FA98 EFL = 00000246
>>    [...]
>>    CS = 001B DS = 0023 ES = 0023 SS = 0023
>>    FS = 003B GS = 0000 OV=0 UP=0 EI=1 PL=0
>>    ZR=1 AC=0 PE=1 CY=0
>>
>>    0051B046 = ????
>>
>>    [...]
>>    CTRL = 037F STAT = 0000 TAGS = FFFF
>>    EIP = 00000000
>>    CS = 0000 DS = 0000 EDO = 00000000
>>
>> Disassembly (current location is 00402B90, I've added a few lines
>> before as well).
>> 00402B66   je          00402B90
>> 00402B68   mov         ecx,dword ptr [ebp-30h]
>> 00402B6B   cmp         word ptr [ecx+8],9
>> 00402B70   jle         00402D67
>> 00402B76   mov         edi,dword ptr [ebp-30h]
>> 00402B79   mov         eax,dword ptr [edi+8]
>> 00402B7C   sub         eax,3
>> 00402B7F   cmp         ax,7
>> 00402B83   jbe         00402D5D
>> 00402B89   lea         esi,[esi]
>> --->   00402B90   movzx       eax,word ptr [esi+0Ah]
>> 00402B94   dec         eax
>> 00402B95   cmp         ax,4
>> 00402B99   ja          00402BA5

OK. I have the same from "objdump":

src/colinux/user/slirp/tcp_input.c:1403
   402b76:       8b 7d d0                mov    0xffffffd0(%ebp),%edi
   402b79:       8b 47 08                mov    0x8(%edi),%eax
   402b7c:       83 e8 03                sub    $0x3,%eax
   402b7f:       66 83 f8 07             cmp    $0x7,%ax
   402b83:       0f 86 d4 01 00 00       jbe    402d5d <_tcp_input+0x7bd>
   402b89:       8d b4 26 00 00 00 00    lea    0x0(%esi),%esi
src/colinux/user/slirp/tcp_input.c:1460
===>  402b90:   0f b7 46 0a             movzwl 0xa(%esi),%eax   <===
   402b94:       48                      dec    %eax
   402b95:       66 83 f8 04             cmp    $0x4,%ax
   402b99:       77 0a                   ja     402ba5 <_tcp_input+0x605>
   402b9b:       80 7e 28 1b             cmpb   $0x1b,0x28(%esi)
   402b9f:       0f 84 e6 01 00 00       je     402d8b <_tcp_input+0x7eb>
src/colinux/user/slirp/tcp_input.c:1468
   402ba5:       8b 45 b4                mov    0xffffffb4(%ebp),%eax
   402ba8:       85 c0                   test   %eax,%eax
   402baa:       75 0d                   jne    402bb9 <_tcp_input+0x619>
   402bac:       8b 4d d0                mov    0xffffffd0(%ebp),%ecx
   402baf:       f6 41 1c 01             testb  $0x1,0x1c(%ecx)
   402bb3:       0f 84 29 fe ff ff       je     4029e2 <_tcp_input+0x442>
src/colinux/user/slirp/tcp_input.c:1469

Here is this source line number 1460 on SF:
http://colinux.svn.sourceforge.net/viewvc/colinux/branches/devel/src/colinux/user/slirp/tcp_input.c?view=markup#l_1460

I don't see the problem.
This is not the "first_char == (char)27", this I can see later as 
assembler "$0x1b".

I have created a executable [1] with full debug (-ggdb). It would be 
nice, if you starts this under gdb.exe. Please use gdb-6.3-2.exe from 
the "Release Candidate: gdb-6.3" [2].

Install GDB and copy the SLiRP with debug version in your coLinux 
installation. The name is different to avoids problems. This special 
build you can use with coLinux version 0.7.3 or with one of the 0.8.0. 
Please use the coLinux version, you have currently installed, don't 
change or replace any coLinux exe files.

Here is a small step guide for GDB session:
* First run coLinux in normal way.
* Note the current parameters of colinux-slirp-net-daemon.exe, with 
"ProcesExplorer" [3] you can do it
* Kill the current colinux-slirp-net-daemon.exe, ignore the warning message
* Open a new windows command prompt, change into coLinux directory and 
run GDB.EXE with colinux-slirp-net-daemon-dbg.exe, for example:
   C:\colinux> C:\mingw\bin\gdb colinux-slirp-net-daemon-dbg.exe
* Set the parameters you noted on step 2, for example:
   (gdb) set args -i 2496 -u 0
* Run the SLiRP:
   (gdb) run
* Now, use your network (SLiRP) in your error case to force the crash.
* After the crash you should see any variable, that was out of range. (I 
hope)
* Please print the "backtrace" from such session.

If GDB needs any source, I think "src/colinux/user/slirp/tcp_input.c" 
would need. Then create such source tree under your current install 
directory ("C:\colinux" in my example) and store the file tcp_input.c 
there. Or unpack the complete source. Than GDB should give some more 
details about the variables. So, my hope.
Use the gdb command "print" and try to give us an output from the 
variables "ti", "ti->ti_len" and "((struct tcpiphdr_2 *)ti)->first_char".

[1] 
http://www.henrynestler.com/colinux/testing/devel-0.8.0/20090205-Snapshot/packages/colinux-slirp-net-daemon-dbg.zip
[2] 
http://sourceforge.net/project/showfiles.php?group_id=2435&package_id=20507&release_id=38019
[3] technet.microsoft.com/en-us/sysinternals/bb896653.aspx

-- 
Henry N.