Bug 47432

Summary: Fatal trap 12 when enabling promiscuous mode on fxp interface
Product: Base System Reporter: Polina Soloviova <linas>
Component: kernAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.7-RELEASE   
Hardware: Any   
OS: Any   

Description Polina Soloviova 2003-01-24 12:10:03 UTC 
Promiscuous mode on fxp interface (e.g, running tcpdump or trafshow) when it's under network load causes fatal trap 12 message:

Fatal trap 12: page fault while in kernel mode
fault virtual address     = 0xc0c2b017
fault code                = supervisor write, page not present
instruction pointer       = 0x8:0xc017442f
stack pointer             = 0x10:0xe667df04
frame pointer             = 0x10:0xe667df18
code segment              = base rx0, limit 0xfffff, type 0x1b
                          = DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process           = Idle
interrupt mask            = net
kernel: type 12 trap, code = 0
Stopped at m_getcl+0x203: incb 0(%eax, %edx, 1)
db>
db> trace
m_getcl(1,1,2,c0b0d200,c0a9c802) at m_getcl+0x203
fxp_add_rfabuf(ccaaec00,c0b0d200) at fxp_add_rfabuf+0x17
fxp_intr_body(ccaaec00,40,ffffffff) at fxp_intr_body+0xdc
fxp_intr(ccaaec00,660820,94,b27d402e,40001000) at fxp_intr+0x65
intr_mux(c0a63880,0,2f,2f,2f) at intr_mux+0x1d
Xresume11() at Xresume11+0x2b
---interrupt, eip=0x280d59ce, esp=0xe667dfe0, ebp=0x4000100---
db>
db> panic
panic: from debugger
Debugger("panic")

Fatal trap 3: breakpoint instruction fault while in kernel mode
instruction pointer       = 0x8:0xc01fe4d0
stack pointer             = 0x10:0xe667dd18
frame pointer             = 0x10:0xe667dd20
code segment              = base rx0, limit 0xfffff, type 0x1b
                          = DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process           = Idle
interrupt mask            = net
Stopped at m_getcl+0x203: incb 0(%eax, %edx, 1)
db>
db> continue
Fatal trap 12: page fault while in kernel mode
fault virtual address     = 0xc0c2b017
fault code                = supervisor write, page not present
instruction pointer       = 0x8:0xc017442f
stack pointer             = 0x10:0xe667df04
frame pointer             = 0x10:0xe667df18
code segment              = base rx0, limit 0xfffff, type 0x1b
                          = DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process           = Idle
interrupt mask            = net
kernel: type 12 trap, code = 0
Stopped at m_getcl+0x203: incb 0(%eax, %edx, 1)
db>
db>

As a result I have no kernel coredump after reboot
This happens almost every time I run tcpdump or trafshow on fxp0 interface, but never on xl0 interface.

Fix: 

unknown
How-To-Repeat: 1. Run tcpdump on fxp interface
2. Perform some network activity on it (e.g, run 'scp some_big_file problem.host.com:' )
3. If there is no effect, repeat steps 1 and 2 one or more times.
Comment 1 Maxim Konovalov freebsd_committer freebsd_triage 2003-01-24 19:25:02 UTC 
State Changed
From-To: open->feedback

I believe Ian Dowse fixed this bug in rev. 1.110.2.27 sys/dev/fxp/if_fxp.c 
in -STABLE. Could you please try the lastest stable and submit a follow-up? 
Thank you.
Comment 2 soloviova 2003-01-27 07:39:30 UTC 
Hello!
Last night I'd cvsuped my source tree to lastest -STABLE and this problem seems to disappear.
ident if_fxp.c now shows  v 1.110.2.27, vs old v 1.110.2.25.
Thank you.
Comment 3 Maxim Konovalov freebsd_committer freebsd_triage 2003-01-27 07:57:47 UTC 
State Changed
From-To: feedback->closed

The submitter reports the problem disappeared in the latest -STABLE.