From nobody@FreeBSD.ORG  Sat Sep 16 07:41:42 2000
Return-Path: <nobody@FreeBSD.ORG>
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 80CB437B424; Sat, 16 Sep 2000 07:41:42 -0700 (PDT)
Message-Id: <20000916144142.80CB437B424@hub.freebsd.org>
Date: Sat, 16 Sep 2000 07:41:42 -0700 (PDT)
From: mb@imp.ch
Sender: nobody@FreeBSD.ORG
To: freebsd-gnats-submit@FreeBSD.org
Subject: vmwarIPv6 and vmware2 panic: Fatal trap 12: page fault while in kernel mode
X-Send-Pr-Version: www-1.0

>Number:         21313
>Category:       ports
>Synopsis:       vmwarIPv6 and vmware2 panic: Fatal trap 12: page fault while in kernel mode
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    mbr
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Sep 16 07:50:00 PDT 2000
>Closed-Date:    Tue Jul 09 13:11:53 PDT 2002
>Last-Modified:  Tue Jul 09 13:11:53 PDT 2002
>Originator:     Martin Blapp
>Release:        4.1 STABLE from 16092000
>Organization:
Improware AG
>Environment:
FreeBSD fuchur.lan.attic.ch 4.1-STABLE FreeBSD 4.1-STABLE #4:
Sat Sep 16 16:18:26 CEST 2000
root@fuchur.lan.attic.ch:/usr/src/sys/compile/FURCHUR  i386
>Description:
Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x94c4cc8b
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc01e95a2
stack pointer           = 0x10:0xcad94e28
frame pointer           = 0x10:0xcad94e58
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 390 (ifconfig)
interrupt mask          = none
panic: from debugger
panic: from debugger
Uptime: 4m46s

(kgdb) bt
#0  boot (howto=260) at ../../kern/kern_shutdown.c:302
#1  0xc01959cd in panic (fmt=0xc03295d4 "from debugger")
    at ../../kern/kern_shutdown.c:552
#2  0xc014a359 in db_panic (addr=-1071737438, have_addr=0, count=-1,
    modif=0xcad94c94 "") at ../../ddb/db_command.c:433
#3  0xc014a2f9 in db_command (last_cmdp=0xc0371b4c, cmd_table=0xc03719ac,
    aux_cmd_tablep=0xc03bb7d0) at ../../ddb/db_command.c:333
#4  0xc014a3be in db_command_loop () at ../../ddb/db_command.c:455
#5  0xc014c4cb in db_trap (type=12, code=0) at ../../ddb/db_trap.c:71
#6  0xc02f7b6e in kdb_trap (type=12, code=0, regs=0xcad94de8)
    at ../../i386/i386/db_interface.c:158
#7  0xc0307490 in trap_fatal (frame=0xcad94de8, eva=2495925387)
    at ../../i386/i386/trap.c:946
#8  0xc0307169 in trap_pfault (frame=0xcad94de8, usermode=0, eva=2495925387)
    at ../../i386/i386/trap.c:844
#9  0xc0306cdf in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16,
      tf_edi = -1069805600, tf_esi = -1071093448, tf_ebp = -891728296,
      tf_isp = -891728364, tf_ebx = -907313440, tf_edx = -891728212,
      tf_ecx = -891728354, tf_eax = -1071737438, tf_trapno = 12, tf_err = 0,
      tf_eip = -1071737438, tf_cs = 8, tf_eflags = 66178,
      tf_esp = -1071751390, tf_ss = -1069805600}) at ../../i386/i386/trap.c:443
#10 0xc01e95a2 in loioctl (ifp=0xc9cd0e40, cmd=3223873848,
    data=0xcad94eac "faith0") at ../../net/if_loop.c:363
#11 0xc01a6626 in soo_ioctl (fp=0xc122b880, cmd=3223873848,
    data=0xcad94eac "faith0", p=0xc9eb7ee0) at ../../kern/sys_socket.c:141
#12 0xc01a3662 in ioctl (p=0xc9eb7ee0, uap=0xcad94f80) at ../../sys/file.h:174
#13 0xc0307769 in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47,
      tf_edi = -1077938252, tf_esi = 3, tf_ebp = -1077938252,
      tf_isp = -891727916, tf_ebx = -1077938292, tf_edx = 0,
      tf_ecx = -1077938276, tf_eax = 54, tf_trapno = 12, tf_err = 2,
      tf_eip = 134529200, tf_cs = 31, tf_eflags = 659, tf_esp = -1077938360,
      tf_ss = 47}) at ../../i386/i386/trap.c:1150
#14 0xc02f84b5 in Xint0x80_syscall ()
#15 0x8049190 in ?? ()
#16 0x80486dd in ?? ()
#17 0x8048139 in ?? ()
>How-To-Repeat:
If vmware is running (the OS has to be loaded, the network-driver
initialised, else it works), executing 'ifconfig -a' 2 or more times
does panic().

Here's my kernelconfig-file:

http://www.attic.ch/config/kernel-config-furchur

It seems to happen only if ipv6 is enabled in the kernel.
>Fix:
not known yet.

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: ade 
State-Changed-When: Sun Sep 17 12:00:09 PDT 2000 
State-Changed-Why:  
All I can suggest here is that you contact the maintainer of 
the emulators/vmware2 port (vns@delta.odessa.ua) and see if you 
can't work out the problem between yourselves. 

If a patch becomes necessary, please have the maintainer submit 
either a new PR, or attach it to this one. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21313 

From: "Vladimir N. Silyaev" <vsilyaev@mindspring.com>
To: freebsd-gnats-submit@FreeBSD.org, mb@imp.ch
Cc: ade@FreeBSD.org, freebsd-ports@FreeBSD.org, nsayer@quack.kfu.com,
	myevmenkin@att.com
Subject: Re: ports/21313: vmwarIPv6 and vmware2 panic: Fatal%
Date: Sun, 17 Sep 2000 18:12:04 -0400 (EDT)

 Most likely it's not a bug of vmmon driver, nor hopefully bug of VMware
 itself. But bug of the FreeBSD if_tap interface (vmware on freebsd 
 use it as vmmon interface), and in that case you have contact wiht
 if_tap commiter - Nick Sayer or with if_tap author Maksim Yemenkin.
 
 
 
Responsible-Changed-From-To: freebsd-ports->mbr 
Responsible-Changed-By: lioux 
Responsible-Changed-When: Thu Dec 20 13:16:47 PST 2001 
Responsible-Changed-Why:  
Originator is now committer 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=21313 
State-Changed-From-To: feedback->closed 
State-Changed-By: mbr 
State-Changed-When: Tue Jul 9 13:10:59 PDT 2002 
State-Changed-Why:  
I never had this happen anymore in CURRENT. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21313 
>Unformatted:
