Date: Mon, 15 Nov 2004 15:10:07 -0500 From: John Baldwin <jhb@FreeBSD.org> To: Sten Spans <sten@blinkenlights.nl> Cc: freebsd-alpha@FreeBSD.org Subject: Re: alpha and em mtu Message-ID: <200411151510.07790.jhb@FreeBSD.org> In-Reply-To: <Pine.SOC.4.61.0411152030030.29165@tea.blinkenlights.nl> References: <Pine.SOC.4.61.0411142153430.26307@tea.blinkenlights.nl> <200411151111.11950.jhb@FreeBSD.org> <Pine.SOC.4.61.0411152030030.29165@tea.blinkenlights.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 15 November 2004 02:34 pm, Sten Spans wrote:
> On Mon, 15 Nov 2004, John Baldwin wrote:
> > On Sunday 14 November 2004 04:26 pm, Sten Spans wrote:
> >> I upgraded my ds10 with an intel gigabit card,
> >> and encountered the following issue (RELENG_5):
> >>
> >> deepthought# ifconfig em0 mtu 1501
> >> deepthought#
> >> fatal kernel trap:
> >>
> >> trap entry = 0x4 (unaligned access fault)
> >> faulting va = 0xfffffc001847a02e
> >> opcode = 0x28
> >> register = 0x1
> >> pc = 0xfffffc00004cd0f8
> >> ra = 0xfffffc00004cce24
> >> sp = 0xfffffe00187a9af0
> >> curthread = 0xfffffc001f3a70e0
> >> pid = 14, comm = swi1: net
> >>
> >> [thread 100006]
> >> Stopped at tcp_input+0x368: srl t0,#0x2,t0
> >> <t0=0x45> db> trace
> >> tcp_input() at tcp_input+0x368
> >
> > Can you do 'gdb kernel.debug' in your kernel build directory and then do
> > 'l *tcp_input+0x368' to determine which source line it is panic'ing at?
> > This might help us figure out what the unaligned access is so it can be
> > fixed. If you don't have a debug kernel, please build one and reproduce
> > the panic to get the updated 'tcp_input+0xblah' line and then do the gdb
> > command with the updated 'tcp_input+0xblah' bit. Thanks.
>
> Sure, I anticipated this, but couldn't quite
> recall how to do the gdb magics :).
>
> (gdb) l *tcp_input+0x368
> 0xfffffc00004cd0f8 is in tcp_input (/usr/src/sys/netinet/tcp_input.c:552).
> 547
> 548 /*
> 549 * Check that TCP offset makes sense,
> 550 * pull out TCP options and adjust length. XXX
> 551 */
> 552 off = th->th_off << 2;
> 553 if (off < sizeof (struct tcphdr) || off > tlen) {
> 554 tcpstat.tcps_rcvbadoff++;
> 555 goto drop;
> 556 }
>
>
> The box that talks to the alpha has mtu 9014, this might
> help to expose the bug.
It may be that the off0 argument is less than the size of an IP header but is
not a multiple of 4. Can you try this to see if it prints anything out
before crashing:
Index: netinet/tcp_input.c
===================================================================
RCS file: /usr/cvs/src/sys/netinet/tcp_input.c,v
retrieving revision 1.255
diff -u -r1.255 tcp_input.c
--- netinet/tcp_input.c 7 Nov 2004 19:19:35 -0000 1.255
+++ netinet/tcp_input.c 15 Nov 2004 20:09:27 -0000
@@ -497,6 +497,8 @@
ip_stripoptions(m, (struct mbuf *)0);
off0 = sizeof(struct ip);
}
+ if (off0 & 0x3 != 0)
+ printf("%s: off0 %d is misaligned\n", __func__, off0);
if (m->m_len < sizeof (struct tcpiphdr)) {
if ((m = m_pullup(m, sizeof (struct tcpiphdr))) == 0) {
tcpstat.tcps_rcvshort++;
--
John Baldwin <jhb@FreeBSD.org> <>< http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve" = http://www.FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200411151510.07790.jhb>