On Thu, Aug 09, 2007 at 06:36:18PM -0500, David Young wrote:

> Here is another trap, this time on an instruction boundary.  Isn't it
> an innocuous instruction, though?

subl on %esp shouldn't fault, ever. From what I remember %esp is considered
special in a few of places by x86 but by and large it's a general purpose
register. What's the instruction before that?

> esp         0xc0141a20  icmp6_input+0xac0

The stack pointer is trashed, which is why you're getting a double fault.
The processor can't handle the original exception on the kernel stack
because %esp is garbage, so it double faults (faults while taking an
exception). The double fault handler jumps through a task gate loading all
new machine state including a new stack.

Andrew