FreeBSD Mail Archives

Date:      Mon, 30 Mar 2009 20:50:49 +0200
From:      Fabian Keil <freebsd-listen@fabiankeil.de>
To:        freebsd-current@freebsd.org
Subject:   Fatal double fault in pf_pull_hdr() after ifconfig wlan0 mtu 100
Message-ID:  <20090330205049.0c28552c@fabiankeil.de>

next in thread | raw e-mail | index | archive | help

--Sig_/kp4DqCC0auUIc6DlwUxdkM_
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

A few seconds after changing wlan0's mtu to 100 (to debug an application
problem), the system froze. Reproducing the problem without Xorg running
I got:

fk@TP51 /usr/crash $ kgdb /boot/kernel/kernel.symbols vmcore.4
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain condition=
s.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...

Unread portion of the kernel message buffer:

Fatal double fault:
eip =3D 0xc04a63d4
esp =3D 0xf3c06ff4
ebp =3D 0xf3c07010
cpuid =3D 0; apic id =3D 00
panic: double fault
cpuid =3D 0
KDB: enter: panic
panic: from debugger
cpuid =3D 0
Uptime: 4m54s
Physical memory: 998 MB
Dumping 138 MB: 123 107 91 75 59 43 27 11

Reading symbols from /boot/kernel/unionfs.ko...Reading symbols from /boot/k=
ernel/unionfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/unionfs.ko
Reading symbols from /boot/kernel/if_tap.ko...Reading symbols from /boot/ke=
rnel/if_tap.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/if_tap.ko
Reading symbols from /boot/kernel/if_iwi.ko...Reading symbols from /boot/ke=
rnel/if_iwi.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/if_iwi.ko
Reading symbols from /boot/kernel/snd_ich.ko...Reading symbols from /boot/k=
ernel/snd_ich.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/snd_ich.ko
Reading symbols from /boot/kernel/sound.ko...Reading symbols from /boot/ker=
nel/sound.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/sound.ko
Reading symbols from /boot/kernel/acpi_video.ko...Reading symbols from /boo=
t/kernel/acpi_video.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/acpi_video.ko
Reading symbols from /boot/kernel/radeon.ko...Reading symbols from /boot/ke=
rnel/radeon.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/radeon.ko
Reading symbols from /boot/kernel/drm.ko...Reading symbols from /boot/kerne=
l/drm.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/drm.ko
Reading symbols from /boot/kernel/acpi_ibm.ko...Reading symbols from /boot/=
kernel/acpi_ibm.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/acpi_ibm.ko
Reading symbols from /boot/kernel/geom_eli.ko...Reading symbols from /boot/=
kernel/geom_eli.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/geom_eli.ko
Reading symbols from /boot/kernel/nullfs.ko...Reading symbols from /boot/ke=
rnel/nullfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/nullfs.ko
Reading symbols from /boot/kernel/zfs.ko...Reading symbols from /boot/kerne=
l/zfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/zfs.ko
Reading symbols from /boot/kernel/opensolaris.ko...Reading symbols from /bo=
ot/kernel/opensolaris.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/opensolaris.ko
Reading symbols from /boot/kernel/iwi_bss.ko...Reading symbols from /boot/k=
ernel/iwi_bss.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/iwi_bss.ko
Reading symbols from /boot/kernel/fdescfs.ko...Reading symbols from /boot/k=
ernel/fdescfs.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/fdescfs.ko
#0  doadump () at pcpu.h:246
246	pcpu.h: No such file or directory.
	in pcpu.h
(kgdb) where
#0  doadump () at pcpu.h:246
#1  0xc0648486 in boot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:4=
20
#2  0xc06486c2 in panic (fmt=3DVariable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:576
#3  0xc04d5c87 in db_panic (addr=3DCould not find the frame base for "db_pa=
nic".
) at /usr/src/sys/ddb/db_command.c:478
#4  0xc04d6211 in db_command (last_cmdp=3D0xc09b501c, cmd_table=3D0x0, dopa=
ger=3D1) at /usr/src/sys/ddb/db_command.c:445
#5  0xc04d636a in db_command_loop () at /usr/src/sys/ddb/db_command.c:498
#6  0xc04d812d in db_trap (type=3D3, code=3D0) at /usr/src/sys/ddb/db_main.=
c:229
#7  0xc0672626 in kdb_trap (type=3D3, code=3D0, tf=3D0xc172d170) at /usr/sr=
c/sys/kern/subr_kdb.c:534
#8  0xc08be28b in trap (frame=3D0xc172d170) at /usr/src/sys/i386/i386/trap.=
c:678
#9  0xc08a399b in calltrap () at /usr/src/sys/i386/i386/exception.s:165
#10 0xc06727aa in kdb_enter (why=3D0xc092aadd "panic", msg=3D0xc092aadd "pa=
nic") at cpufunc.h:71
#11 0xc06486a6 in panic (fmt=3D0xc0954134 "double fault") at /usr/src/sys/k=
ern/kern_shutdown.c:559
#12 0xc08bd236 in dblfault_handler () at /usr/src/sys/i386/i386/trap.c:959
#13 0xc04a63d4 in pf_pull_hdr (m=3D0xc50fd700, off=3D20, p=3D0xf3c07080, le=
n=3D32, actionp=3D0x0, reasonp=3D0x0, af=3D2 '\002')
    at /usr/src/sys/contrib/pf/net/pf.c:5927
#14 0xc04c166e in pf_normalize_tcp_stateful (m=3D0xc50fd700, off=3D20, pd=
=3D0xf3c07268, reason=3D0xf3c07264, th=3D0xf3c07240,=20
    state=3D0xc69d18e0, src=3D0xc69d196c, dst=3D0xc69d1988, writeback=3D0xf=
3c0716c) at /usr/src/sys/contrib/pf/net/pf_norm.c:1645
#15 0xc04abd92 in pf_test_state_tcp (state=3D0xf3c07258, direction=3D2, kif=
=3D0xc667e800, m=3D0xc50fd700, off=3D20, h=3D0xc50fd760,=20
    pd=3D0xf3c07268, reason=3D0xf3c07264) at /usr/src/sys/contrib/pf/net/pf=
.c:4952
#16 0xc04b2b0d in pf_test (dir=3D2, ifp=3D0xc5d5a400, m0=3D0xf3c07338, eh=
=3D0x0, inp=3D0xc69bc000)
    at /usr/src/sys/contrib/pf/net/pf.c:6912
#17 0xc04b9a26 in pf_check_out (arg=3D0x0, m=3D0xf3c07338, ifp=3D0xc5d5a400=
, dir=3D2, inp=3D0xc69bc000)
    at /usr/src/sys/contrib/pf/net/pf_ioctl.c:3689
#18 0xc06e1418 in pfil_run_hooks (ph=3D0xc16e2760, mp=3D0xf3c073a0, ifp=3D0=
xc5d5a400, dir=3D2, inp=3D0xc69bc000)
    at /usr/src/sys/net/pfil.c:79
#19 0xc072f951 in ip_output (m=3D0xc50fd700, opt=3D0x0, ro=3D0xf3c073a8, fl=
ags=3D0, imo=3D0x0, inp=3D0xc69bc000)
    at /usr/src/sys/netinet/ip_output.c:470
#20 0xc0790b8d in tcp_output (tp=3D0xc8cda5b8) at /usr/src/sys/netinet/tcp_=
output.c:1189
#21 0xc0792c8f in tcp_mtudisc (inp=3D0xc69bc000, errno=3D0) at tcp_offload.=
h:269
#22 0xc0790c85 in tcp_output (tp=3D0xc8cda5b8) at /usr/src/sys/netinet/tcp_=
output.c:1250
#23 0xc0792c8f in tcp_mtudisc (inp=3D0xc69bc000, errno=3D0) at tcp_offload.=
h:269
#24 0xc0790c85 in tcp_output (tp=3D0xc8cda5b8) at /usr/src/sys/netinet/tcp_=
output.c:1250
#25 0xc0792c8f in tcp_mtudisc (inp=3D0xc69bc000, errno=3D0) at tcp_offload.=
h:269
#26 0xc0790c85 in tcp_output (tp=3D0xc8cda5b8) at /usr/src/sys/netinet/tcp_=
output.c:1250
#27 0xc0792c8f in tcp_mtudisc (inp=3D0xc69bc000, errno=3D0) at tcp_offload.=
h:269
#28 0xc0790c85 in tcp_output (tp=3D0xc8cda5b8) at /usr/src/sys/netinet/tcp_=
output.c:1250
#29 0xc0792c8f in tcp_mtudisc (inp=3D0xc69bc000, errno=3D0) at tcp_offload.=
h:269
#30 0xc0790c85 in tcp_output (tp=3D0xc8cda5b8) at /usr/src/sys/netinet/tcp_=
output.c:1250
#31 0xc0792c8f in tcp_mtudisc (inp=3D0xc69bc000, errno=3D0) at tcp_offload.=
h:269
#32 0xc0790c85 in tcp_output (tp=3D0xc8cda5b8) at /usr/src/sys/netinet/tcp_=
output.c:1250
#33 0xc0792c8f in tcp_mtudisc (inp=3D0xc69bc000, errno=3D0) at tcp_offload.=
h:269
#34 0xc0790c85 in tcp_output (tp=3D0xc8cda5b8) at /usr/src/sys/netinet/tcp_=
output.c:1250
#35 0xc0792c8f in tcp_mtudisc (inp=3D0xc69bc000, errno=3D0) at tcp_offload.=
h:269
#36 0xc0790c85 in tcp_output (tp=3D0xc8cda5b8) at /usr/src/sys/netinet/tcp_=
output.c:1250
#37 0xc0792c8f in tcp_mtudisc (inp=3D0xc69bc000, errno=3D0) at tcp_offload.=
h:269
---Type <return> to continue, or q <return> to quit---q
Quit
(kgdb) f 13
#13 0xc04a63d4 in pf_pull_hdr (m=3D0xc50fd700, off=3D20, p=3D0xf3c07080, le=
n=3D32, actionp=3D0x0, reasonp=3D0x0, af=3D2 '\002')
    at /usr/src/sys/contrib/pf/net/pf.c:5927
5927		m_copydata(m, off, len, p);
(kgdb) l
5922			}
5923			break;
5924		}
5925	#endif /* INET6 */
5926		}
5927		m_copydata(m, off, len, p);
5928		return (p);
5929	}
5930=09
5931	int

The kernel is FreeBSD 8.0-CURRENT #1: Fri Mar 27 18:07:57 CET 2009.

Fabian

--Sig_/kp4DqCC0auUIc6DlwUxdkM_
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)

iEYEARECAAYFAknRFIoACgkQBYqIVf93VJ08GQCeKuWbXEC/ptUlFDWrR9ZNBtxG
9NoAoM0LW5OaWsSmYQ2EoQ6vafg4tDgi
=4lMV
-----END PGP SIGNATURE-----

--Sig_/kp4DqCC0auUIc6DlwUxdkM_--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090330205049.0c28552c>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation