Fatal double fault in pf_pull_hdr() after ifconfig wlan0 mtu 100

Fabian Keil freebsd-listen at fabiankeil.de
Mon Mar 30 11:50:59 PDT 2009 

A few seconds after changing wlan0's mtu to 100 (to debug an application
problem), the system froze. Reproducing the problem without Xorg running
I got:

fk at TP51 /usr/crash $ kgdb /boot/kernel/kernel.symbols vmcore.4
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...

Unread portion of the kernel message buffer:

Fatal double fault:
eip = 0xc04a63d4
esp = 0xf3c06ff4
ebp = 0xf3c07010
cpuid = 0; apic id = 00
panic: double fault
cpuid = 0
KDB: enter: panic
panic: from debugger
cpuid = 0
Uptime: 4m54s
Physical memory: 998 MB
Dumping 138 MB: 123 107 91 75 59 43 27 11

Reading symbols from /boot/kernel/unionfs.ko...Reading symbols from /boot/kernel/unionfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/unionfs.ko
Reading symbols from /boot/kernel/if_tap.ko...Reading symbols from /boot/kernel/if_tap.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/if_tap.ko
Reading symbols from /boot/kernel/if_iwi.ko...Reading symbols from /boot/kernel/if_iwi.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/if_iwi.ko
Reading symbols from /boot/kernel/snd_ich.ko...Reading symbols from /boot/kernel/snd_ich.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/snd_ich.ko
Reading symbols from /boot/kernel/sound.ko...Reading symbols from /boot/kernel/sound.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/sound.ko
Reading symbols from /boot/kernel/acpi_video.ko...Reading symbols from /boot/kernel/acpi_video.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/acpi_video.ko
Reading symbols from /boot/kernel/radeon.ko...Reading symbols from /boot/kernel/radeon.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/radeon.ko
Reading symbols from /boot/kernel/drm.ko...Reading symbols from /boot/kernel/drm.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/drm.ko
Reading symbols from /boot/kernel/acpi_ibm.ko...Reading symbols from /boot/kernel/acpi_ibm.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/acpi_ibm.ko
Reading symbols from /boot/kernel/geom_eli.ko...Reading symbols from /boot/kernel/geom_eli.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/geom_eli.ko
Reading symbols from /boot/kernel/nullfs.ko...Reading symbols from /boot/kernel/nullfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/nullfs.ko
Reading symbols from /boot/kernel/zfs.ko...Reading symbols from /boot/kernel/zfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/zfs.ko
Reading symbols from /boot/kernel/opensolaris.ko...Reading symbols from /boot/kernel/opensolaris.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/opensolaris.ko
Reading symbols from /boot/kernel/iwi_bss.ko...Reading symbols from /boot/kernel/iwi_bss.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/iwi_bss.ko
Reading symbols from /boot/kernel/fdescfs.ko...Reading symbols from /boot/kernel/fdescfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/fdescfs.ko
#0  doadump () at pcpu.h:246
246	pcpu.h: No such file or directory.
	in pcpu.h
(kgdb) where
#0  doadump () at pcpu.h:246
#1  0xc0648486 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:420
#2  0xc06486c2 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:576
#3  0xc04d5c87 in db_panic (addr=Could not find the frame base for "db_panic".
) at /usr/src/sys/ddb/db_command.c:478
#4  0xc04d6211 in db_command (last_cmdp=0xc09b501c, cmd_table=0x0, dopager=1) at /usr/src/sys/ddb/db_command.c:445
#5  0xc04d636a in db_command_loop () at /usr/src/sys/ddb/db_command.c:498
#6  0xc04d812d in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_main.c:229
#7  0xc0672626 in kdb_trap (type=3, code=0, tf=0xc172d170) at /usr/src/sys/kern/subr_kdb.c:534
#8  0xc08be28b in trap (frame=0xc172d170) at /usr/src/sys/i386/i386/trap.c:678
#9  0xc08a399b in calltrap () at /usr/src/sys/i386/i386/exception.s:165
#10 0xc06727aa in kdb_enter (why=0xc092aadd "panic", msg=0xc092aadd "panic") at cpufunc.h:71
#11 0xc06486a6 in panic (fmt=0xc0954134 "double fault") at /usr/src/sys/kern/kern_shutdown.c:559
#12 0xc08bd236 in dblfault_handler () at /usr/src/sys/i386/i386/trap.c:959
#13 0xc04a63d4 in pf_pull_hdr (m=0xc50fd700, off=20, p=0xf3c07080, len=32, actionp=0x0, reasonp=0x0, af=2 '\002')
    at /usr/src/sys/contrib/pf/net/pf.c:5927
#14 0xc04c166e in pf_normalize_tcp_stateful (m=0xc50fd700, off=20, pd=0xf3c07268, reason=0xf3c07264, th=0xf3c07240, 
    state=0xc69d18e0, src=0xc69d196c, dst=0xc69d1988, writeback=0xf3c0716c) at /usr/src/sys/contrib/pf/net/pf_norm.c:1645
#15 0xc04abd92 in pf_test_state_tcp (state=0xf3c07258, direction=2, kif=0xc667e800, m=0xc50fd700, off=20, h=0xc50fd760, 
    pd=0xf3c07268, reason=0xf3c07264) at /usr/src/sys/contrib/pf/net/pf.c:4952
#16 0xc04b2b0d in pf_test (dir=2, ifp=0xc5d5a400, m0=0xf3c07338, eh=0x0, inp=0xc69bc000)
    at /usr/src/sys/contrib/pf/net/pf.c:6912
#17 0xc04b9a26 in pf_check_out (arg=0x0, m=0xf3c07338, ifp=0xc5d5a400, dir=2, inp=0xc69bc000)
    at /usr/src/sys/contrib/pf/net/pf_ioctl.c:3689
#18 0xc06e1418 in pfil_run_hooks (ph=0xc16e2760, mp=0xf3c073a0, ifp=0xc5d5a400, dir=2, inp=0xc69bc000)
    at /usr/src/sys/net/pfil.c:79
#19 0xc072f951 in ip_output (m=0xc50fd700, opt=0x0, ro=0xf3c073a8, flags=0, imo=0x0, inp=0xc69bc000)
    at /usr/src/sys/netinet/ip_output.c:470
#20 0xc0790b8d in tcp_output (tp=0xc8cda5b8) at /usr/src/sys/netinet/tcp_output.c:1189
#21 0xc0792c8f in tcp_mtudisc (inp=0xc69bc000, errno=0) at tcp_offload.h:269
#22 0xc0790c85 in tcp_output (tp=0xc8cda5b8) at /usr/src/sys/netinet/tcp_output.c:1250
#23 0xc0792c8f in tcp_mtudisc (inp=0xc69bc000, errno=0) at tcp_offload.h:269
#24 0xc0790c85 in tcp_output (tp=0xc8cda5b8) at /usr/src/sys/netinet/tcp_output.c:1250
#25 0xc0792c8f in tcp_mtudisc (inp=0xc69bc000, errno=0) at tcp_offload.h:269
#26 0xc0790c85 in tcp_output (tp=0xc8cda5b8) at /usr/src/sys/netinet/tcp_output.c:1250
#27 0xc0792c8f in tcp_mtudisc (inp=0xc69bc000, errno=0) at tcp_offload.h:269
#28 0xc0790c85 in tcp_output (tp=0xc8cda5b8) at /usr/src/sys/netinet/tcp_output.c:1250
#29 0xc0792c8f in tcp_mtudisc (inp=0xc69bc000, errno=0) at tcp_offload.h:269
#30 0xc0790c85 in tcp_output (tp=0xc8cda5b8) at /usr/src/sys/netinet/tcp_output.c:1250
#31 0xc0792c8f in tcp_mtudisc (inp=0xc69bc000, errno=0) at tcp_offload.h:269
#32 0xc0790c85 in tcp_output (tp=0xc8cda5b8) at /usr/src/sys/netinet/tcp_output.c:1250
#33 0xc0792c8f in tcp_mtudisc (inp=0xc69bc000, errno=0) at tcp_offload.h:269
#34 0xc0790c85 in tcp_output (tp=0xc8cda5b8) at /usr/src/sys/netinet/tcp_output.c:1250
#35 0xc0792c8f in tcp_mtudisc (inp=0xc69bc000, errno=0) at tcp_offload.h:269
#36 0xc0790c85 in tcp_output (tp=0xc8cda5b8) at /usr/src/sys/netinet/tcp_output.c:1250
#37 0xc0792c8f in tcp_mtudisc (inp=0xc69bc000, errno=0) at tcp_offload.h:269
---Type <return> to continue, or q <return> to quit---q
Quit
(kgdb) f 13
#13 0xc04a63d4 in pf_pull_hdr (m=0xc50fd700, off=20, p=0xf3c07080, len=32, actionp=0x0, reasonp=0x0, af=2 '\002')
    at /usr/src/sys/contrib/pf/net/pf.c:5927
5927		m_copydata(m, off, len, p);
(kgdb) l
5922			}
5923			break;
5924		}
5925	#endif /* INET6 */
5926		}
5927		m_copydata(m, off, len, p);
5928		return (p);
5929	}
5930	
5931	int

The kernel is FreeBSD 8.0-CURRENT #1: Fri Mar 27 18:07:57 CET 2009.

Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20090330/7b88f408/signature.pgp

More information about the freebsd-current mailing list