From solik@chereda.net  Fri Mar  7 00:33:41 2003
Return-Path: <solik@chereda.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C645437B401
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  7 Mar 2003 00:33:41 -0800 (PST)
Received: from smtp.chereda.net (share.chereda.net [193.110.16.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9E05B43F75
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  7 Mar 2003 00:33:38 -0800 (PST)
	(envelope-from solik@chereda.net)
Received: from drweb 
	by smtp.chereda.net with drweb-scanned (Chereda.Net MTA)
	id 18rDIO-000JuU-00; Fri, 07 Mar 2003 10:33:36 +0200
Received: from [10.1.0.70] (port=1137 helo=chereda.net) (auth=solik)
	by smtp.chereda.net with asmtp (Chereda.Net MTA)
	id 18rDIN-000JuL-00; Fri, 07 Mar 2003 10:33:35 +0200
Message-Id: <3E68595F.7040908@chereda.net>
Date: Fri, 07 Mar 2003 10:33:35 +0200
From: Sergey Solyanik <solik@chereda.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc: Sergey Solyanik <solik@chereda.net>
Subject: FreeBSD-gnats-submit@freebsd.org

>Number:         48996
>Category:       kern
>Synopsis:       [rl] [panic] Fatal trap 12 with incoming traffic from WindowsXP via RTL8139 NIC
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 07 00:40:10 PST 2003
>Closed-Date:    Sun Jan 27 10:24:07 UTC 2008
>Last-Modified:  Sun Jan 27 10:24:07 UTC 2008
>Originator:     Sergey Solyanik
>Release:        FreeBSD 4.7-RELEASE-p7 i386
>Organization:
>Environment:

 System: FreeBSD solikus.chereda.net 4.7-RELEASE-p7 FreeBSD
 4.7-RELEASE-p7 #0: Thu Mar 6 16:20:18 EET 2003
 solik@solikus.chereda.net:/usr/src/sys/compile/SOLIKUS i386

 There is a FreeBSD-4.7-p7 installation, let's name it Host A with config
 files
 in the default state (except host identity), generated by sysinstall.
 The kernel is tweaked and the world is rebuilded to match CPU class.

 There is 100Mbps switched network, with out-of-the-box Windows XP
 Home Edition installation (Host B), using the same RTL8139 NIC, and with
 another default FreeBSD-4.7-RELEASE-p7 installation (Host C), also using the
 same NIC. Host C is out-of-the-box installation, without any tweak or
 recompiling.

 All network interfaces is configured to media 100baseTX mediaopt
 full-duplex.

 Below is the dmesg.run from Host A:

 Copyright (c) 1992-2002 The FreeBSD Project.
 Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
 	The Regents of the University of California. All rights reserved.
 FreeBSD 4.7-RELEASE-p7 #0: Thu Mar  6 16:20:18 EET 2003
      solik@solikus.chereda.net:/usr/src/sys/compile/SOLIKUS
 Timecounter "i8254"  frequency 1193261 Hz
 CPU: AMD Athlon(tm) XP 1600+ (1410.43-MHz 686-class CPU)
    Origin = "AuthenticAMD"  Id = 0x662  Stepping = 2

 Features=0x383f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE>
    AMD Features=0xc0400000<AMIE,DSP,3DNow!>
 real memory  = 268369920 (262080K bytes)
 avail memory = 257634304 (251596K bytes)
 Preloaded elf kernel "kernel" at 0xc0331000.
 Preloaded userconfig_script "/boot/kernel.conf" at 0xc033109c.
 Preloaded elf module "agp.ko" at 0xc03310ec.
 VESA: v3.0, 65536k memory, flags:0x1, mode table:0xc02c3d82 (1000022)
 VESA: NVidia
 Pentium Pro MTRR support enabled
 Using $PIR table, 6 entries at 0xc00fdf10
 apm0: <APM BIOS> on motherboard
 apm: found APM BIOS v1.2, connected at v1.2
 npx0: <math processor> on motherboard
 npx0: INT 16 interface
 pcib0: <Host to PCI bridge> on motherboard
 pci0: <PCI bus> on pcib0
 agp0: <VIA Generic host to PCI bridge> mem 0xe0000000-0xe3ffffff at
 device 0.0 on pci0
 pcib1: <PCI to PCI bridge (vendor=1106 device=b099)> at device 1.0 on pci0
 pci1: <PCI bus> on pcib1
 pci1: <NVidia model 0171 graphics accelerator> at 0.0 irq 11
 rl0: <RealTek 8139 10/100BaseTX> port 0xd000-0xd0ff mem
 0xe6000000-0xe60000ff irq 5 at device 9.0 on pci0
 rl0: Ethernet address: 00:02:44:5d:5e:72
 miibus0: <MII bus> on rl0
 rlphy0: <RealTek internal media interface> on miibus0
 rlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
 isab0: <PCI to ISA bridge (vendor=1106 device=3147)> at device 17.0 on pci0
 isa0: <ISA bus> on isab0
 atapci0: <VIA 8233 ATA133 controller> port 0xd400-0xd40f at device 17.1
 on pci0
 ata0: at 0x1f0 irq 14 on atapci0
 ata1: at 0x170 irq 15 on atapci0
 uhci0: <VIA 83C572 USB controller> port 0xd800-0xd81f irq 5 at device
 17.2 on pci0
 usb0: <VIA 83C572 USB controller> on uhci0
 usb0: USB revision 1.0
 uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
 uhub0: 2 ports with 2 removable, self powered
 uhci1: <VIA 83C572 USB controller> port 0xdc00-0xdc1f irq 5 at device
 17.3 on pci0
 usb1: <VIA 83C572 USB controller> on uhci1
 usb1: USB revision 1.0
 uhub1: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
 uhub1: 2 ports with 2 removable, self powered
 pcm0: <VIA VT8233A> port 0xe000-0xe0ff irq 11 at device 17.5 on pci0
 orm0: <Option ROM> at iomem 0xc0000-0xcf7ff on isa0
 atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
 atkbd0: <AT Keyboard> irq 1 on atkbdc0
 kbd0 at atkbd0
 psm0: <PS/2 Mouse> irq 12 on atkbdc0
 psm0: model Generic PS/2 mouse, device ID 0
 vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
 sc0: <System console> on isa0
 sc0: VGA <16 virtual consoles, flags=0x200>
 fdc0: <NEC 72065B or clone> at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
 fdc0: FIFO enabled, 8 bytes threshold
 sio0 at port 0x3f8-0x3ff irq 4 on isa0
 sio0: type 16550A
 sio1 at port 0x2f8-0x2ff irq 3 on isa0
 sio1: type 16550A
 joy0 at port 0x201 on isa0
 ppc0: <Parallel port> at port 0x378-0x37f irq 7 on isa0
 ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
 ppc0: FIFO with 16/16/16 bytes threshold
 lpt0: <Printer> on ppbus0
 lpt0: Interrupt-driven port
 IP packet filtering initialized, divert disabled, rule-based forwarding
 enabled, default to accept, logging limited to 100 packets/entry by default
 ad0: 38166MB <ST340016A> [77545/16/63] at ata0-master UDMA100
 Mounting root from ufs:/dev/ad0s2a
 WARNING: / was not properly dismounted


 Below is the kernel config for Host A:

 machine		i386
 ident		SOLIKUS
 maxusers	0
 makeoptions	CONF_CFLAGS=-fno-builtin
 options 	INCLUDE_CONFIG_FILE
 cpu		I686_CPU
 options 	CPU_ENABLE_SSE
 options 	CPU_FASTER_5X86_FPU
 options 	NO_F00F_HACK
 options 	COMPAT_43
 options 	USER_LDT
 options 	SYSVSHM
 options 	SYSVSEM
 options 	SYSVMSG
 options 	UCONSOLE
 options 	INET
 pseudo-device	ether
 pseudo-device	loop
 pseudo-device	bpf
 pseudo-device	tun
 options 	IPFIREWALL
 options 	IPFIREWALL_VERBOSE
 options 	IPFIREWALL_VERBOSE_LIMIT=100
 options 	IPFIREWALL_DEFAULT_TO_ACCEPT
 options 	RANDOM_IP_ID
 options 	ICMP_BANDLIM
 options 	FFS
 options		MFS
 options 	PROCFS
 options 	FFS_ROOT
 options 	SOFTUPDATES
 options 	UFS_DIRHASH
 options 	NSWAPDEV=1
 options 	P1003_1B
 options 	_KPOSIX_PRIORITY_SCHEDULING
 options 	_KPOSIX_VERSION=199309L
 options 	HZ=100
 options 	CLK_USE_I8254_CALIBRATION
 options 	CLK_USE_TSC_CALIBRATION
 pseudo-device	pty
 pseudo-device	speaker
 pseudo-device	gzip
 pseudo-device	vn
 options 	LIBICONV
 options 	MSGBUF_SIZE=20480
 device		isa
 options 	AUTO_EOI_1
 device		atkbdc0	at isa? port IO_KBD
 device		atkbd0	at atkbdc? irq 1
 options 	KBD_INSTALL_CDEV
 device		psm0	at atkbdc? irq 12
 device		vga0	at isa?
 options 	VESA
 pseudo-device	splash
 device		sc0	at isa?
 options 	MAXCONS=16
 options 	SC_ALT_MOUSE_IMAGE
 options 	SC_HISTORY_SIZE=400
 options 	SC_MOUSE_CHAR=0x3
 options 	SC_TWOBUTTON_MOUSE
 device		npx0	at nexus? port IO_NPX flags 0x0 irq 13
 device		ata
 device		atadisk
 device		atapicd
 options 	ATA_STATIC_ID
 device		fdc0	at isa? port IO_FD1 irq 6 drq 2
 device		fd0	at fdc0 drive 0
 device		sio0	at isa? port IO_COM1 irq 4
 device		sio1	at isa? port IO_COM2 irq 3
 device		pcm
 device		apm0	at nexus?
 device		joy0	at isa? port IO_GAME
 device		pci
 device		agp
 device		miibus
 device		rl
 device		smbus
 device		viapm
 device		smb
 device		iicbus
 device		iicbb
 device		ic
 device		iic
 device		iicsmb
 options 	PPC_PROBE_CHIPSET
 device		ppc0	at isa? irq 7
 device		ppbus
 device		lpt
 device		uhci
 device		usb
 device		ugen


 Below is the /etc/make.conf, used for buildworld and buildkernel for Host A:

 CPUTYPE=i686
 KERNCONF=SOLIKUS
 CFLAGS= -O -pipe
 COPTFLAGS= -O -pipe

>Description:

 When Host B uloads huge files via FTP or SSH (scp) to Host A, network
 performance is really slow, about 300Kbytes/s, and in minute or 30 sec. the
 network performance drops to zero, and Host A is panicing with Fatal
 trap 12.

 Here is the debugger output:

 root@solikus# gdb -k /sys/compile/SOLIKUS/kernel.debug /usr/crash/vmcore.0
 GNU gdb 4.18 (FreeBSD)
 Copyright 1998 Free Software Foundation, Inc.
 GDB is free software, covered by the GNU General Public License, and you are
 welcome to change it and/or distribute copies of it under certain
 conditions.
 Type "show copying" to see the conditions.
 There is absolutely no warranty for GDB.  Type "show warranty" for details.
 This GDB was configured as "i386-unknown-freebsd"...Deprecated bfd_read
 called at
 /usr/src/gnu/usr.bin/binutils/gdb/../../../../contrib/gdb/gdb/dbxread.c
 line 2627 in elfstab_build_psymtabs
 Deprecated bfd_read called at
 /usr/src/gnu/usr.bin/binutils/gdb/../../../../contrib/gdb/gdb/dbxread.c
 line 933 in fill_symbuf

 IdlePTD at phsyical address 0x00350000
 initial pcb at physical address 0x002b03e0
 panicstr: page fault
 panic messages:
 ---
 Fatal trap 12: page fault while in kernel mode
 fault virtual address   = 0x3a
 fault code              = supervisor write, page not present
 instruction pointer     = 0x8:0xc01cc424
 stack pointer           = 0x10:0xc02767b8
 frame pointer           = 0x10:0xc0276858
 code segment            = base 0x0, limit 0xfffff, type 0x1b
                          = DPL 0, pres 1, def32 1, gran 1
 processor eflags        = interrupt enabled, resume, IOPL = 0
 current process         = Idle
 interrupt mask          = net
 trap number             = 12
 panic: page fault

 syncing disks...

 Fatal trap 12: page fault while in kernel mode
 fault virtual address   = 0x30
 fault code              = supervisor read, page not present
 instruction pointer     = 0x8:0xc01b9388
 stack pointer           = 0x10:0xc02765d8
 frame pointer           = 0x10:0xc02765e0
 code segment            = base 0x0, limit 0xfffff, type 0x1b
                          = DPL 0, pres 1, def32 1, gran 1
 processor eflags        = interrupt enabled, resume, IOPL = 0
 current process         = Idle
 interrupt mask          = net bio cam
 trap number             = 12
 panic: page fault
 Uptime: 1m38s

 dumping to dev #ad/0x30001, offset 493488
 dump ata0: resetting devices .. done
 ad0: timeout waiting for DRQ - resetting
 ata0: resetting devices .. ata0-slave: ATA identify retries exceeded
 done
 255 254 253 252 251 250 249 248 247 246 245 244 243 242 241 240 239 238
 237 236 235 234 233 232 231 230 229 228 227 226 225 224 223 222 221 220
 219 218 217 216 215 214 213 212 211 210 209 208 207 206 205 204 203 202
 201 200 199 198 197 196 195 194 193 192 191 190 189 188 187 186 185 184
 183 182 181 180 179 178 177 176 175 174 173 172 171 170 169 168 167 166
 165 164 163 162 161 160 159 158 157 156 155 154 153 152 151 150 149 148
 147 146 145 144 143 142 141 140 139 138 137 136 135 134 133 132 131 130
 129 128 127 126 125 124 123 122 121 120 119 118 117 116 115 114 113 112
 111 110 109 108 107 106 105 104 103 102 101 100 99 98 97 96 95 94 93 92
 91 90 89 88 87 86 85 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69 68
 67 66 65 64 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44
 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20
 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
 ---
 #0  dumpsys () at ../../kern/kern_shutdown.c:487
 487             if (dumping++) {
 (kgdb) where
 #0  dumpsys () at ../../kern/kern_shutdown.c:487
 #1  0xc0151dd8 in boot (howto=260) at ../../kern/kern_shutdown.c:316
 #2  0xc015220c in poweroff_wait (junk=0xc026a7ac, howto=-1071209777)
      at ../../kern/kern_shutdown.c:595
 #3  0xc022da8f in trap_fatal (frame=0xc0276598, eva=48)
      at ../../i386/i386/trap.c:974
 #4  0xc022d749 in trap_pfault (frame=0xc0276598, usermode=0, eva=48)
      at ../../i386/i386/trap.c:867
 #5  0xc022d31f in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16,
 tf_edi = 0,
        tf_esi = 0, tf_ebp = -1071159840, tf_isp = -1071159868,
        tf_ebx = -1071093380, tf_edx = 6864992, tf_ecx = -1037135858,
        tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1071934584,
 tf_cs = 8,
        tf_eflags = 66054, tf_esp = -950331060, tf_ss = 0})
      at ../../i386/i386/trap.c:466
 #6  0xc01b9388 in acquire_lock (lk=0xc028697c)
      at ../../ufs/ffs/ffs_softdep.c:266
 #7  0xc01bebc4 in softdep_count_dependencies (bp=0xc75b194c, wantcount=0)
      at ../../ufs/ffs/ffs_softdep.c:4792
 #8  0xc01c1eb0 in ffs_fsync (ap=0xc0276658) at ../../ufs/ffs/ffs_vnops.c:168
 #9  0xc01c093f in ffs_sync (mp=0xc22e1600, waitfor=2, cred=0xc0a49800,
      p=0xc02c4600) at vnode_if.h:558
 #10 0xc018222f in sync (p=0xc02c4600, uap=0x0) at
 ../../kern/vfs_syscalls.c:576
 #11 0xc0151b93 in boot (howto=256) at ../../kern/kern_shutdown.c:235
 #12 0xc015220c in poweroff_wait (junk=0xc026a7ac, howto=-1071209777)
      at ../../kern/kern_shutdown.c:595
 #13 0xc022da8f in trap_fatal (frame=0xc0276778, eva=58)
      at ../../i386/i386/trap.c:974
 #14 0xc022d749 in trap_pfault (frame=0xc0276778, usermode=0, eva=58)
      at ../../i386/i386/trap.c:867
 #15 0xc022d31f in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16,
        tf_edi = -777117696, tf_esi = -1070901652, tf_ebp = -1071159208,
        tf_isp = -1071159388, tf_ebx = 0, tf_edx = 0, tf_ecx = -1071159292,
        tf_eax = 1, tf_trapno = 12, tf_err = 2, tf_eip = -1071856604,
 tf_cs = 8,
        tf_eflags = 66182, tf_esp = 0, tf_ss = -1070901652})
      at ../../i386/i386/trap.c:466
 #16 0xc01cc424 in vm_fault (map=0xc02b566c, vaddr=3517849600,
      fault_type=1 '\001', fault_flags=0) at ../../vm/vm_object.h:189
 #17 0xc022d6f6 in trap_pfault (frame=0xc02768cc, usermode=0, eva=3517849600)
      at ../../i386/i386/trap.c:856
 #18 0xc022d31f in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16,
        tf_edi = -1062871016, tf_esi = -777117698, tf_ebp = -1071158972,
        tf_isp = -1071159048, tf_ebx = -1062899456, tf_edx = 2048, tf_ecx
 = 506,
        tf_eax = -285753318, tf_trapno = 12, tf_err = 0, tf_eip =
 -1071463914,
        tf_cs = 8, tf_eflags = 66070, tf_esp = 6684704, tf_ss = -1062899456})
      at ../../i386/i386/trap.c:466
 #19 0xc022c216 in generic_bcopy ()
 #20 0xc01adfdf in rl_rxeof (sc=0xc226cc00) at ../../pci/if_rl.c:1151
 #21 0xc01ae2b6 in rl_intr (arg=0xc226cc00) at ../../pci/if_rl.c:1342
 #22 0xc0232ed3 in intr_mux (arg=0xc0a36380)
      at ../../i386/isa/intr_machdep.c:582
 (kgdb)

 When Host C uploading files to Host A using FTP or SCP, there is very good
 network performance (10Mbytes/s in peaks, 8Mbytes average), and Host A
 run smoothly without any problem.

>How-To-Repeat:

 Recompile world and kernel with provided configs.
 Setup switched 100Mpbs network with Windows XP Home Edition host and
 FreeBSD host.
 Activate ftpd at the FreeBSD host.
 Try to upload huge bunch of files from Windows to FreeBSD using any FTP
 or SSH (scp) client.
 Wait for Fatal trap 12 to come.

>Fix:
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->freebsd-bugs 
Responsible-Changed-By: keramida 
Responsible-Changed-When: Mon Mar 17 19:32:55 PST 2003 
Responsible-Changed-Why:  
Misfiled PR. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=48996 

From: Pieter de Goeje <pieter@degoeje.nl>
To: bug-followup@freebsd.org, solik@chereda.net
Cc:  
Subject: Re: kern/48996: [rl] [panic] Fatal trap 12 with incoming traffic from WindowsXP via RTL8139 NIC
Date: Sat, 12 Jan 2008 17:04:32 +0100

 Does this still occur on a newer version of FreeBSD?
 
 I can remember using this NIC during the FreeBSD 5.4 timeframe and never 
 having this problem.
 
 - Pieter de Goeje
State-Changed-From-To: open->closed 
State-Changed-By: remko 
State-Changed-When: Sun Jan 27 10:24:06 UTC 2008 
State-Changed-Why:  
Pieter de goeje reports that this might be resolved, unless this is 
proven wrong, lets close the ticket. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=48996 
>Unformatted:
