From nobody@FreeBSD.org  Sat Apr 14 09:22:36 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3B290106564A
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 14 Apr 2012 09:22:36 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 259F08FC08
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 14 Apr 2012 09:22:36 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q3E9MZtR095410
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 14 Apr 2012 09:22:35 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q3E9MZSN095391;
	Sat, 14 Apr 2012 09:22:35 GMT
	(envelope-from nobody)
Message-Id: <201204140922.q3E9MZSN095391@red.freebsd.org>
Date: Sat, 14 Apr 2012 09:22:35 GMT
From: Igor M <vampyr@mail.ru>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Double fault jn kern 8.2
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         166940
>Category:       kern
>Synopsis:       [ipfilter] [panic] Double fault in kern 8.2
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    cy
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Apr 14 09:30:10 UTC 2012
>Closed-Date:    
>Last-Modified:  Wed Jul 03 05:23:43 UTC 2013
>Originator:     Igor M
>Release:        8.2
>Organization:
>Environment:
sev-77# uname -a
FreeBSD sev-77.murrr.spb.ru 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Thu Apr 12 01:37:54 MSD 2012     vampyr@sev-77.murrr.spb.ru:/usr/src/sys/i386/compile/Vampyrs_Home  i386
>Description:
sev-77# kgdb  /boot/kernel/kernel /var/crash/vmcore.3    
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...

Unread portion of the kernel message buffer:

Fatal double fault:
eip = 0xc04d19d8
esp = 0xe7e0dfd0
ebp = 0xe7e0e104
cpuid = 0; apic id = 00
panic: double fault
cpuid = 0
KDB: stack backtrace:
#0 0xc07a7507 at kdb_backtrace+0x47
#1 0xc07785c7 at panic+0x117
#2 0xc0a34cfb at dblfault_handler+0x9b
Uptime: 13m40s
Physical memory: 2034 MB
Dumping 206 MB: 191 175 159 143 127 111 95 79 63 47 31 15

#0  doadump () at pcpu.h:231
231     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:231
#1  0xc0778363 in boot (howto=260) at ../../../kern/kern_shutdown.c:419
#2  0xc0778600 in panic (fmt=Variable "fmt" is not available.
) at ../../../kern/kern_shutdown.c:592
#3  0xc0a34cfb in dblfault_handler () at ../../../i386/i386/trap.c:979
#4  0xc04d19d8 in fr_checkstate (fin=0xe7e0e13c, passp=0xe7e0e138)
    at ../../../contrib/ipfilter/netinet/ip_state.c:2700
#5  0xc04b57d0 in fr_check (ip=0xc58ece48, hlen=20, ifp=0xc576e400, out=1, mp=0xe7e0e244)
    at ../../../contrib/ipfilter/netinet/fil.c:2591
#6  0xc04b852f in fr_check_wrapper (arg=0x0, mp=0xe7e0e244, ifp=0xc576e400, dir=2)
    at ../../../contrib/ipfilter/netinet/ip_fil_freebsd.c:186
#7  0xc08321b8 in pfil_run_hooks (ph=0xc0bdaf60, mp=0xe7e0e2b4, ifp=0xc576e400, dir=2, inp=0xc63bbdc0)
    at ../../../net/pfil.c:82
#8  0xc086b005 in ip_output (m=0xc58ece00, opt=0x0, ro=0xe7e0e2bc, flags=Variable "flags" is not available.
) at ../../../netinet/ip_output.c:511
#9  0xc08d38d1 in tcp_output (tp=0xc6f3b768) at ../../../netinet/tcp_output.c:1206
#10 0xc08d66c8 in tcp_mtudisc (inp=0xc63bbdc0, errno=0) at tcp_offload.h:282
#11 0xc08d39c1 in tcp_output (tp=0xc6f3b768) at ../../../netinet/tcp_output.c:1267
#12 0xc08d66c8 in tcp_mtudisc (inp=0xc63bbdc0, errno=0) at tcp_offload.h:282
#13 0xc08d39c1 in tcp_output (tp=0xc6f3b768) at ../../../netinet/tcp_output.c:1267
#14 0xc08d66c8 in tcp_mtudisc (inp=0xc63bbdc0, errno=0) at tcp_offload.h:282
#15 0xc08d39c1 in tcp_output (tp=0xc6f3b768) at ../../../netinet/tcp_output.c:1267
#16 0xc08d66c8 in tcp_mtudisc (inp=0xc63bbdc0, errno=0) at tcp_offload.h:282
#17 0xc08d39c1 in tcp_output (tp=0xc6f3b768) at ../../../netinet/tcp_output.c:1267
#18 0xc08d66c8 in tcp_mtudisc (inp=0xc63bbdc0, errno=0) at tcp_offload.h:282
#19 0xc08d39c1 in tcp_output (tp=0xc6f3b768) at ../../../netinet/tcp_output.c:1267
#20 0xc08d66c8 in tcp_mtudisc (inp=0xc63bbdc0, errno=0) at tcp_offload.h:282
#21 0xc08d39c1 in tcp_output (tp=0xc6f3b768) at ../../../netinet/tcp_output.c:1267
#22 0xc08d66c8 in tcp_mtudisc (inp=0xc63bbdc0, errno=0) at tcp_offload.h:282
#23 0xc08d39c1 in tcp_output (tp=0xc6f3b768) at ../../../netinet/tcp_output.c:1267
#24 0xc08d66c8 in tcp_mtudisc (inp=0xc63bbdc0, errno=0) at tcp_offload.h:282
#25 0xc08d39c1 in tcp_output (tp=0xc6f3b768) at ../../../netinet/tcp_output.c:1267
#26 0xc08d66c8 in tcp_mtudisc (inp=0xc63bbdc0, errno=0) at tcp_offload.h:282
#27 0xc08d39c1 in tcp_output (tp=0xc6f3b768) at ../../../netinet/tcp_output.c:1267
#28 0xc08d66c8 in tcp_mtudisc (inp=0xc63bbdc0, errno=0) at tcp_offload.h:282
#29 0xc08d39c1 in tcp_output (tp=0xc6f3b768) at ../../../netinet/tcp_output.c:1267
#30 0xc08d66c8 in tcp_mtudisc (inp=0xc63bbdc0, errno=0) at tcp_offload.h:282
---Type <return> to continue, or q <return> to quit---
#31 0xc08d39c1 in tcp_output (tp=0xc6f3b768) at ../../../netinet/tcp_output.c:1267
#32 0xc08d66c8 in tcp_mtudisc (inp=0xc63bbdc0, errno=0) at tcp_offload.h:282
#33 0xc08d39c1 in tcp_output (tp=0xc6f3b768) at ../../../netinet/tcp_output.c:1267
#34 0xc08d66c8 in tcp_mtudisc (inp=0xc63bbdc0, errno=0) at tcp_offload.h:282
#35 0xc08d39c1 in tcp_output (tp=0xc6f3b768) at ../../../netinet/tcp_output.c:1267
#36 0xc08d66c8 in tcp_mtudisc (inp=0xc63bbdc0, errno=0) at tcp_offload.h:282
#37 0xc08d39c1 in tcp_output (tp=0xc6f3b768) at ../../../netinet/tcp_output.c:1267
#38 0xc08d66c8 in tcp_mtudisc (inp=0xc63bbdc0, errno=0) at tcp_offload.h:282
#39 0xc08d39c1 in tcp_output (tp=0xc6f3b768) at ../../../netinet/tcp_output.c:1267
#40 0xc08d66c8 in tcp_mtudisc (inp=0xc63bbdc0, errno=0) at tcp_offload.h:282
#41 0xc08d39c1 in tcp_output (tp=0xc6f3b768) at ../../../netinet/tcp_output.c:1267
#42 0xc08d66c8 in tcp_mtudisc (inp=0xc63bbdc0, errno=0) at tcp_offload.h:282
#43 0xc08d39c1 in tcp_output (tp=0xc6f3b768) at ../../../netinet/tcp_output.c:1267
#44 0xc08d66c8 in tcp_mtudisc (inp=0xc63bbdc0, errno=0) at tcp_offload.h:282
#45 0xc08d39c1 in tcp_output (tp=0xc6f3b768) at ../../../netinet/tcp_output.c:1267
#46 0xc08d66c8 in tcp_mtudisc (inp=0xc63bbdc0, errno=0) at tcp_offload.h:282
#47 0xc08d39c1 in tcp_output (tp=0xc6f3b768) at ../../../netinet/tcp_output.c:1267
#48 0xc08d66c8 in tcp_mtudisc (inp=0xc63bbdc0, errno=0) at tcp_offload.h:282
#49 0xc08d39c1 in tcp_output (tp=0xc6f3b768) at ../../../netinet/tcp_output.c:1267
#50 0xc08d66c8 in tcp_mtudisc (inp=0xc63bbdc0, errno=0) at tcp_offload.h:282
#51 0xc08d39c1 in tcp_output (tp=0xc6f3b768) at ../../../netinet/tcp_output.c:1267
#52 0xc08d66c8 in tcp_mtudisc (inp=0xc63bbdc0, errno=0) at tcp_offload.h:282
#53 0xc08d39c1 in tcp_output (tp=0xc6f3b768) at ../../../netinet/tcp_output.c:1267
#54 0xc08d66c8 in tcp_mtudisc (inp=0xc63bbdc0, errno=0) at tcp_offload.h:282
#55 0xc08d39c1 in tcp_output (tp=0xc6f3b768) at ../../../netinet/tcp_output.c:1267
#56 0xc08dfb7a in tcp_usr_send (so=0xc6e5c19c, flags=0, m=0xc608fe00, nam=0x0, control=0x0, td=0xc5fd92d0)
    at tcp_offload.h:282
#57 0xc07e1276 in kern_sendfile (td=0xc5fd92d0, uap=0xe7e0fcec, hdr_uio=0xc62b0bc0, trl_uio=0x0, compat=0)
    at ../../../kern/uipc_syscalls.c:2195
#58 0xc07e1641 in do_sendfile (td=0xc5fd92d0, uap=0xe7e0fcec, compat=0) at ../../../kern/uipc_syscalls.c:1782
#59 0xc07e16e3 in sendfile (td=0xc5fd92d0, uap=0xe7e0fcec) at ../../../kern/uipc_syscalls.c:1753
#60 0xc07b3239 in syscallenter (td=0xc5fd92d0, sa=0xe7e0fce4) at ../../../kern/subr_trap.c:315
#61 0xc0a352d4 in syscall (frame=0xe7e0fd28) at ../../../i386/i386/trap.c:1061
#62 0xc0a1c2e1 in Xint0x80_syscall () at ../../../i386/i386/exception.s:264
#63 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) 
>How-To-Repeat:
repeats every 5-30 min
>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-i386->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Mon Apr 23 03:12:58 UTC 2012 
Responsible-Changed-Why:  
reclassify. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=166940 

From: Andrey Zonov <andrey@zonov.org>
To: bug-followup@FreeBSD.org, vampyr@mail.ru
Cc:  
Subject: Re: kern/166940: [ipfilter] [panic] Double fault in kern 8.2
Date: Mon, 23 Apr 2012 10:05:40 +0400

 Hi,
 
 Try my patch from this PR [1].
 
 [1] http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/155585
 
 -- 
 Andrey Zonov
Responsible-Changed-From-To: freebsd-net->cy 
Responsible-Changed-By: cy 
Responsible-Changed-When: Wed Jul 3 05:23:30 UTC 2013 
Responsible-Changed-Why:  
Mine. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=166940 
>Unformatted:
