From owner-freebsd-alpha@FreeBSD.ORG Mon Nov 22 21:15:04 2004 Return-Path: Delivered-To: freebsd-alpha@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4730916A4CE; Mon, 22 Nov 2004 21:15:04 +0000 (GMT) Received: from ford.blinkenlights.nl (ford.blinkenlights.nl [213.204.211.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7D9BD43D2D; Mon, 22 Nov 2004 21:15:03 +0000 (GMT) (envelope-from sten@blinkenlights.nl) Received: from tea.blinkenlights.nl (tea.blinkenlights.nl [IPv6:2001:960:301:3:a00:20ff:fe85:fa39]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ford.blinkenlights.nl (Postfix) with ESMTP id 672063E434; Mon, 22 Nov 2004 22:15:02 +0100 (CET) Received: by tea.blinkenlights.nl (Postfix, from userid 101) id E5AF127E; Mon, 22 Nov 2004 22:15:01 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by tea.blinkenlights.nl (Postfix) with ESMTP id DA810192; Mon, 22 Nov 2004 22:15:01 +0100 (CET) Date: Mon, 22 Nov 2004 22:15:01 +0100 (CET) From: Sten Spans To: John Baldwin In-Reply-To: <200411221432.42028.jhb@FreeBSD.org> Message-ID: References: <200411221432.42028.jhb@FreeBSD.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: Robert Watson cc: freebsd-alpha@FreeBSD.org Subject: Re: alpha and em mtu X-BeenThere: freebsd-alpha@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting FreeBSD to the Alpha List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Nov 2004 21:15:04 -0000 On Mon, 22 Nov 2004, John Baldwin wrote: > On Sunday 21 November 2004 07:35 am, Sten Spans wrote: >>> Does this panic go >>> away if you use a different MTU btw? >> >> I've tried running >> >> i=1; while true; echo $i; ifconfig em0 mtu $i; let i++; sleep 2; >> >> and on the client: >> while true; do echo bla | telnet alpha 22; sleep 1; done >> >> this caused no crashes with mtu 1-1500. >> >> But: >> deepthought# ifconfig em0 mtu 1666 >> deepthought# tcp_input: ip 0xfffffc0018cdb00e is misaligned >> deepthought# ifconfig em0 mtu 1564 >> deepthought# tcp_input: ip 0xfffffc001857c80e is misaligned >> deepthought# ifconfig em0 mtu 1532 >> deepthought# tcp_input: ip 0xfffffc001859300e is misaligned >> >> If it has to be 8 bytes aligned then it's off by 4, doesn't >> seem to be vlanmtu though. erm, that would be 2. > > Ok, this is helpful I think. (Big MTU -> panic.) Another thing is : deepthought# ifconfig em0 mtu 9000 sten@ford:~$ ping -s 8000 intern.dt PING intern.deepthought.blinkenlights.nl (192.168.1.3) 8000(8028) bytes of data. 8008 bytes from intern.deepthought.blinkenlights.nl (192.168.1.3): icmp_seq=1 ttl=64 time=1.19 ms 8008 bytes from intern.deepthought.blinkenlights.nl (192.168.1.3): icmp_seq=2 ttl=64 time=0.756 ms 21:59:12.587494 IP intern.ford > intern.deepthought.blinkenlights.nl: icmp 8008: echo request seq 1 21:59:12.588223 IP intern.deepthought.blinkenlights.nl > intern.ford: icmp 8008: echo reply seq 1 21:59:13.587730 IP intern.ford > intern.deepthought.blinkenlights.nl: icmp 8008: echo request seq 2 Aka icmp does work, which makes me think that the problem is tcp specific. I've also tried disabling all the sack/tcp sysctl's but that didn't seem to help. And I've tried connecting from a box with mtu 1500, but that also caused the same panic. I'll get an sk card soonish which will allow me to double check this panic with another nic. Although I would not guess that the panic is driver specific. Which makes me wonder why lo0 does work: deepthought# ifconfig lo0 mtu 1501 deepthought# telnet 127.0.0.1 22 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. SSH-2.0-OpenSSH_3.8.1p1 FreeBSD-20040419 > The next step is probably > to start walking up the stack determining where the pointer starts off and > how it ends up aligned. Can you use gdb to figure out the source file/line > of the previous stack frame before tcp_input()? sure: db> trace tcp_input() at tcp_input+0x3a4 ip_input() at ip_input+0x9fc netisr_processqueue() at netisr_processqueue+0xac swi_net() at swi_net+0xf0 ithread_loop() at ithread_loop+0x1d4 fork_exit() at fork_exit+0x100 exception_return() at exception_return --- root of call graph --- (gdb) l *tcp_input+0x3a4 0xfffffc00004cd054 is in tcp_input (/usr/src/sys/netinet/tcp_input.c:554). 549 550 /* 551 * Check that TCP offset makes sense, 552 * pull out TCP options and adjust length. XXX 553 */ 554 off = th->th_off << 2; 555 if (off < sizeof (struct tcphdr) || off > tlen) { 556 tcpstat.tcps_rcvbadoff++; 557 goto drop; 558 } (gdb) l *ip_input+0x9fc 0xfffffc00004c355c is in ip_input (/usr/src/sys/netinet/ip_input.c:739). 734 /* 735 * Switch out to protocol's input routine. 736 */ 737 ipstat.ips_delivered++; 738 739 (*inetsw[ip_protox[ip->ip_p]].pr_input)(m, hlen); 740 return; 741 bad: 742 m_freem(m); 743 } (gdb) l *netisr_processqueue+0xac 0xfffffc00004ad45c is in netisr_processqueue (/usr/src/sys/net/netisr.c:233). 228 229 for (;;) { 230 IF_DEQUEUE(ni->ni_queue, m); 231 if (m == NULL) 232 break; 233 ni->ni_handler(m); 234 } 235 } 236 237 /* -- Sten Spans "There is a crack in everything, that's how the light gets in." Leonard Cohen - Anthem