From owner-freebsd-isdn@freebsd.org Wed Apr 25 16:10:06 2018 Return-Path: Delivered-To: freebsd-isdn@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AD469FA9AD1 for ; Wed, 25 Apr 2018 16:10:06 +0000 (UTC) (envelope-from longwitz@incore.de) Received: from dss.incore.de (dss.incore.de [195.145.1.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 33C028667B for ; Wed, 25 Apr 2018 16:10:02 +0000 (UTC) (envelope-from longwitz@incore.de) Received: from inetmail.dmz (inetmail.dmz [10.3.0.3]) by dss.incore.de (Postfix) with ESMTP id C3CC2A5C for ; Wed, 25 Apr 2018 18:02:18 +0200 (CEST) X-Virus-Scanned: amavisd-new at incore.de Received: from dss.incore.de ([10.3.0.3]) by inetmail.dmz (inetmail.dmz [10.3.0.3]) (amavisd-new, port 10024) with LMTP id WHgmVD-_PWhj for ; Wed, 25 Apr 2018 18:02:16 +0200 (CEST) Received: from mail.local.incore (fwintern.dmz [10.0.0.253]) by dss.incore.de (Postfix) with ESMTP id C726DA59 for ; Wed, 25 Apr 2018 18:02:14 +0200 (CEST) Received: from bsdlo.incore (bsdlo.incore [192.168.0.84]) by mail.local.incore (Postfix) with ESMTP id AA2E1508AD for ; Wed, 25 Apr 2018 18:02:14 +0200 (CEST) Message-ID: <5AE0A686.7060109@incore.de> Date: Wed, 25 Apr 2018 18:02:14 +0200 From: Andreas Longwitz User-Agent: Thunderbird 2.0.0.19 (X11/20090113) MIME-Version: 1.0 To: freebsd-isdn@freebsd.org Subject: page fault in isdn4bsd-kmod Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-isdn@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Using ISDN with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Apr 2018 16:10:06 -0000 Hi, I hope this list is still active ! I run the following configuration without any troubles for more than two years: FreeBSD 8.4-STABLE #3 r284383 asterisk18: 1.8.32.1 chan_capi: 2.0.17, with sleep patch from lists.freebsd.org/pipermail/freebsd-isdn/2016-February/001050.html libcapi: 2.0.2 isdn4bsd-kmod: 2.0.11 But now a had two identical crashes, from the first one: Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 03 fault virtual address = 0x4c fault code = supervisor read, page not present instruction pointer = 0x20:0xc0c631b9 stack pointer = 0x28:0xe7ad8b08 frame pointer = 0x28:0xe7ad8b34 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 1103 (asterisk) Physical memory: 1011 MB Dumping 239 MB: 224 208 192 176 160 144 128 112 96 80 64 48 32 16 Reading symbols from /boot/kernel/linux.ko...Reading symbols from /boot/kernel/linux.ko.symbols...done. done. Loaded symbols for /boot/kernel/linux.ko Reading symbols from /boot/kernel/amr_linux.ko...Reading symbols from /boot/kernel/amr_linux.ko.symbols...done. done. Loaded symbols for /boot/kernel/amr_linux.ko Reading symbols from /boot/modules/i4b.ko...Reading symbols from /boot/modules/i4b.ko.symbols...done. done. Loaded symbols for /boot/modules/i4b.ko Reading symbols from /boot/kernel/sppp.ko...Reading symbols from /boot/kernel/sppp.ko.symbols...done. done. Loaded symbols for /boot/kernel/sppp.ko #0 doadump () at pcpu.h:244 244 #endif /* !_MACHINE_PCPU_H_ */ (kgdb) where #0 doadump () at pcpu.h:244 #1 0xc04ece49 in db_fncall (dummy1=0, dummy2=0, dummy3=0, dummy4=0xe7ad87a4 "¸\207­ç") at /usr/src/sys/ddb/db_comman d.c:548 #2 0xc04ed27f in db_command (last_cmdp=0xc0a49a3c, cmd_table=0x0, dopager=0) at /usr/src/sys/ddb/db_command.c:445 #3 0xc04ed334 in db_command_script (command=0xc0a4a917 "call doadump") at /usr/src/sys/ddb/db_command.c:516 #4 0xc04f1260 in db_script_exec (scriptname=0xc098b378 "kdb.enter.default", warnifnotfound=) at /usr/src/sys/ddb/db_script.c:302 #5 0xc04f135b in db_script_kdbenter (eventname=0xc09d83f3 "unknown") at /usr/src/sys/ddb/db_script.c:325 #6 0xc04ef2e8 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:230 #7 0xc073c788 in kdb_trap (type=12, code=0, tf=0xe7ad8ac8) at /usr/src/sys/kern/subr_kdb.c:654 #8 0xc0930a0f in trap_fatal (frame=0xe7ad8ac8, eva=76) at /usr/src/sys/i386/i386/trap.c:1001 #9 0xc0930b3d in trap_pfault (frame=0xe7ad8ac8, usermode=0, eva=76) at /usr/src/sys/i386/i386/trap.c:872 #10 0xc0931c55 in trap (frame=0xe7ad8ac8) at /usr/src/sys/i386/i386/trap.c:546 #11 0xc0916fac in calltrap () at /usr/src/sys/i386/i386/exception.s:168 #12 0xc0c631b9 in cd_update (cd=0xc50cb920, pipe=0x0, event=11) at dss1_l3fsm.h:359 #13 0xc0c69c7a in capi_write (dev=0xc5402900, uio=0xc579a8c0, flag=4) at /wrkdirs/usr/ports/comms/isdn4bsd-kmod/work/isdn4bsd-2.0.11/module/../src/sys/i4b/layer4/i4b_capidrv.c:2417 #14 0xc067209f in devfs_write_f (fp=0xc56784d0, uio=0xc579a8c0, cred=0xc57e6200, flags=0, td=0xc7c348a0) at /usr/src/sys/fs/devfs/devfs_vnops.c:1559 #15 0xc074f727 in dofilewrite (td=0xc7c348a0, fd=13, fp=0xc56784d0, auio=0xc579a8c0, offset=-1, flags=0) at file.h:254 #16 0xc074fa18 in kern_writev (td=0xc7c348a0, fd=13, auio=0xc579a8c0) at /usr/src/sys/kern/sys_generic.c:447 #17 0xc074fc76 in writev (td=0xc7c348a0, uap=0xe7ad8cec) at /usr/src/sys/kern/sys_generic.c:433 #18 0xc0931222 in syscall (frame=0xe7ad8d28) at subr_syscall.c:114 #19 0xc0917041 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:266 #20 0x00000033 in ?? () Previous frame inner to this frame (corrupt stack?) (kgdb) f 13 #13 0xc0c69c7a in capi_write (dev=0xc5402900, uio=0xc579a8c0, flag=4) at /wrkdirs/usr/ports/comms/isdn4bsd-kmod/work/isdn4bsd-2.0.11/module/../src/sys/i4b/layer4/i4b_capidrv.c:2417 2417 N_DISCONNECT_REQUEST(cd, cd->cause_in); (kgdb) list 2412 * the following will always call 2413 * "i4b_l4_disconnect_ind()", which 2414 * will send the CAPI disconnect 2415 * indications 2416 */ 2417 N_DISCONNECT_REQUEST(cd, cd->cause_in); 2418 2419 cd = NULL; /* call descriptor is freed ! */ 2420 2421 break; (kgdb) p *cd $1 = {cdid = 0, p_cntl = 0xc0cc4174, pipe = 0x0, cr = 23, channel_id = -1, channel_bprot = 4 '\004', channel_bsubprot = 1 '\001', driver_type = 7, driver_unit = 0, driver_type_copy = 7, driver_unit_copy = 0, curr_max_packet_size = 160, new_max_packet_size = 0, cause_in = 256, cause_out = 256, call_state = 10 '\n', dst_telno = "04514906159", '\0' , dst_telno_ptr = 0xc50cb960 "", dst_telno_part = '\0' , dst_telno_early = '\0' , dst_subaddr = '\0' , src = {{ton = 2 '\002', scr_ind = 1 '\001', prs_ind = 1 '\001', telno = "4514900157", '\0' , subaddr = '\0' }, {ton = 0 '\0', scr_ind = 0 '\0', prs_ind = 0 '\0', telno = '\0' , subaddr = '\0' }}, dst_ton = 0 '\0', state = 0 '\0', status_enquiry_timeout = 0 '\0', fifo_translator_capi_std = 0x0, fifo_translator_capi_bridge = 0x0, fifo_translator_tone_gen = 0x0, ai_type = 0 '\0', ai_ptr = 0x0, not_end_to_end_digital = 0 '\0', is_sms = 0 '\0', aocd_flag = 0 '\0', channel_allocated = 0 '\0', dir_incoming = 0 '\0', need_release = 1 '\001', peer_responded = 1 '\001', want_late_inband = 0 '\0', sending_complete = 1 '\001', b_link_want_active = 0 '\0', call_is_on_hold = 0 '\0', call_is_retrieving = 0 '\0', received_src_telno_1 = 0 '\0', received_src_telno_2 = 0 '\0', setup_interleave = 0 '\0', li_cdid = 0, li_cdid_last = 0, li_data_ptr = 0x0, tone_gen_ptr = 0x0, tone_gen_state = 0 '\0', tone_gen_pos = 0, connect_ind_count = 0, idle_callout = {co = {c_links = {sle = {sle_next = 0x0}, tqe = { tqe_next = 0x0, tqe_prev = 0xd8c9d518}}, c_time = -1970366093, c_arg = 0xc50cb920, c_func = 0xc0c6fae0 , c_lock = 0xc0cc3fa4, c_flags = 0, c_cpu = 0}}, set_state_callout = {co = {c_links = {sle = {sle_next = 0x0}, tqe = { tqe_next = 0x0, tqe_prev = 0xd8cc7c10}}, c_time = -1970409902, c_arg = 0xc50cb920, c_func = 0xc0c64690 , c_lock = 0xc0cc3fa4, c_flags = 0, c_cpu = 0}}, idle_state = 2 '\002', connect_time = 32392203, last_active_time = 32392203, shorthold_data = {shorthold_algorithm = 0, unitlen_time = 60, idle_time = 0, earlyhup_time = 0}, last_aocd_time = 0, units = 0, units_type = 3, cunits = 1, isdntxdelay = 0, display = "\000. Wreth <57>", '\0' , idate_time_data = "\022\003\020\f\023\000\000", idate_time_len = 6 '\006', odate_time_data = "\000\000\000\000\000\000\000", odate_time_len = 0 '\0', keypad = '\0' , user_user = '\0' } (kgdb) f 12 #12 0xc0c631b9 in cd_update (cd=0xc50cb920, pipe=0x0, event=11) at dss1_l3fsm.h:359 359 l2softc_t *sc = ((__typeof(pipe))(cd->pipe))->L5_sc; (kgdb) list 354 * NOTE: pipe might be zero! 355 */ 356 static void 357 cd_update(call_desc_t *cd, DSS1_TCP_pipe_t *pipe, int event) 358 { 359 l2softc_t *sc = ((__typeof(pipe))(cd->pipe))->L5_sc; 360 __typeof(cd->state) 361 state = cd->state; 362 363 /* The page fault occurs because cd->pipe is zero. I can give more information from the kerneldumps. Andreas Longwitz From owner-freebsd-isdn@freebsd.org Wed Apr 25 17:58:17 2018 Return-Path: Delivered-To: freebsd-isdn@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 446E6FAB952 for ; Wed, 25 Apr 2018 17:58:17 +0000 (UTC) (envelope-from hps@selasky.org) Received: from mail.turbocat.net (turbocat.net [IPv6:2a01:4f8:c17:6c4b::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C50877D6FD for ; Wed, 25 Apr 2018 17:58:16 +0000 (UTC) (envelope-from hps@selasky.org) Received: from hps2016.home.selasky.org (unknown [62.141.128.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.turbocat.net (Postfix) with ESMTPSA id F1C1D2603D1; Wed, 25 Apr 2018 19:58:14 +0200 (CEST) Subject: Re: page fault in isdn4bsd-kmod To: Andreas Longwitz , freebsd-isdn@freebsd.org References: <5AE0A686.7060109@incore.de> From: Hans Petter Selasky Message-ID: Date: Wed, 25 Apr 2018 19:58:06 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <5AE0A686.7060109@incore.de> Content-Type: text/plain; charset=iso-8859-15; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-isdn@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Using ISDN with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Apr 2018 17:58:17 -0000 On 04/25/18 18:02, Andreas Longwitz wrote: > Hi, > I hope this list is still active ! > > I run the following configuration without any troubles for more than two > years: > > FreeBSD 8.4-STABLE #3 r284383 > asterisk18: 1.8.32.1 > chan_capi: 2.0.17, with sleep patch from > lists.freebsd.org/pipermail/freebsd-isdn/2016-February/001050.html > libcapi: 2.0.2 > isdn4bsd-kmod: 2.0.11 > > But now a had two identical crashes, from the first one: > > Fatal trap 12: page fault while in kernel mode > cpuid = 0; apic id = 03 > fault virtual address = 0x4c > fault code = supervisor read, page not present > instruction pointer = 0x20:0xc0c631b9 > stack pointer = 0x28:0xe7ad8b08 > frame pointer = 0x28:0xe7ad8b34 > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, def32 1, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 1103 (asterisk) > Physical memory: 1011 MB > Dumping 239 MB: 224 208 192 176 160 144 128 112 96 80 64 48 32 16 > > Reading symbols from /boot/kernel/linux.ko...Reading symbols from > /boot/kernel/linux.ko.symbols...done. > done. > Loaded symbols for /boot/kernel/linux.ko > Reading symbols from /boot/kernel/amr_linux.ko...Reading symbols from > /boot/kernel/amr_linux.ko.symbols...done. > done. > Loaded symbols for /boot/kernel/amr_linux.ko > Reading symbols from /boot/modules/i4b.ko...Reading symbols from > /boot/modules/i4b.ko.symbols...done. > done. > Loaded symbols for /boot/modules/i4b.ko > Reading symbols from /boot/kernel/sppp.ko...Reading symbols from > /boot/kernel/sppp.ko.symbols...done. > done. > Loaded symbols for /boot/kernel/sppp.ko > #0 doadump () at pcpu.h:244 > 244 #endif /* !_MACHINE_PCPU_H_ */ > (kgdb) where > #0 doadump () at pcpu.h:244 > #1 0xc04ece49 in db_fncall (dummy1=0, dummy2=0, dummy3=0, > dummy4=0xe7ad87a4 "¸\207­ç") at /usr/src/sys/ddb/db_comman > d.c:548 > #2 0xc04ed27f in db_command (last_cmdp=0xc0a49a3c, cmd_table=0x0, > dopager=0) at /usr/src/sys/ddb/db_command.c:445 > #3 0xc04ed334 in db_command_script (command=0xc0a4a917 "call doadump") > at /usr/src/sys/ddb/db_command.c:516 > #4 0xc04f1260 in db_script_exec (scriptname=0xc098b378 > "kdb.enter.default", warnifnotfound=) > at /usr/src/sys/ddb/db_script.c:302 > #5 0xc04f135b in db_script_kdbenter (eventname=0xc09d83f3 "unknown") at > /usr/src/sys/ddb/db_script.c:325 > #6 0xc04ef2e8 in db_trap (type=12, code=0) at > /usr/src/sys/ddb/db_main.c:230 > #7 0xc073c788 in kdb_trap (type=12, code=0, tf=0xe7ad8ac8) at > /usr/src/sys/kern/subr_kdb.c:654 > #8 0xc0930a0f in trap_fatal (frame=0xe7ad8ac8, eva=76) at > /usr/src/sys/i386/i386/trap.c:1001 > #9 0xc0930b3d in trap_pfault (frame=0xe7ad8ac8, usermode=0, eva=76) at > /usr/src/sys/i386/i386/trap.c:872 > #10 0xc0931c55 in trap (frame=0xe7ad8ac8) at > /usr/src/sys/i386/i386/trap.c:546 > #11 0xc0916fac in calltrap () at /usr/src/sys/i386/i386/exception.s:168 > #12 0xc0c631b9 in cd_update (cd=0xc50cb920, pipe=0x0, event=11) at > dss1_l3fsm.h:359 > #13 0xc0c69c7a in capi_write (dev=0xc5402900, uio=0xc579a8c0, flag=4) > at > /wrkdirs/usr/ports/comms/isdn4bsd-kmod/work/isdn4bsd-2.0.11/module/../src/sys/i4b/layer4/i4b_capidrv.c:2417 > #14 0xc067209f in devfs_write_f (fp=0xc56784d0, uio=0xc579a8c0, > cred=0xc57e6200, flags=0, td=0xc7c348a0) > at /usr/src/sys/fs/devfs/devfs_vnops.c:1559 > #15 0xc074f727 in dofilewrite (td=0xc7c348a0, fd=13, fp=0xc56784d0, > auio=0xc579a8c0, offset=-1, flags=0) at file.h:254 > #16 0xc074fa18 in kern_writev (td=0xc7c348a0, fd=13, auio=0xc579a8c0) at > /usr/src/sys/kern/sys_generic.c:447 > #17 0xc074fc76 in writev (td=0xc7c348a0, uap=0xe7ad8cec) at > /usr/src/sys/kern/sys_generic.c:433 > #18 0xc0931222 in syscall (frame=0xe7ad8d28) at subr_syscall.c:114 > #19 0xc0917041 in Xint0x80_syscall () at > /usr/src/sys/i386/i386/exception.s:266 > #20 0x00000033 in ?? () > Previous frame inner to this frame (corrupt stack?) > > (kgdb) f 13 > #13 0xc0c69c7a in capi_write (dev=0xc5402900, uio=0xc579a8c0, flag=4) > at > /wrkdirs/usr/ports/comms/isdn4bsd-kmod/work/isdn4bsd-2.0.11/module/../src/sys/i4b/layer4/i4b_capidrv.c:2417 > 2417 N_DISCONNECT_REQUEST(cd, cd->cause_in); > (kgdb) list > 2412 * the following will always call > 2413 * "i4b_l4_disconnect_ind()", which > 2414 * will send the CAPI disconnect > 2415 * indications > 2416 */ > 2417 N_DISCONNECT_REQUEST(cd, cd->cause_in); > 2418 > 2419 cd = NULL; /* call descriptor is freed ! */ > 2420 > 2421 break; > > (kgdb) p *cd > $1 = {cdid = 0, p_cntl = 0xc0cc4174, pipe = 0x0, cr = 23, channel_id = > -1, channel_bprot = 4 '\004', channel_bsubprot = 1 '\001', > driver_type = 7, driver_unit = 0, driver_type_copy = 7, > driver_unit_copy = 0, curr_max_packet_size = 160, new_max_packet_size = 0, > cause_in = 256, cause_out = 256, call_state = 10 '\n', dst_telno = > "04514906159", '\0' , > dst_telno_ptr = 0xc50cb960 "", dst_telno_part = '\0' times>, dst_telno_early = '\0' , > dst_subaddr = '\0' , src = {{ton = 2 '\002', scr_ind > = 1 '\001', prs_ind = 1 '\001', > telno = "4514900157", '\0' , subaddr = '\0' > }, {ton = 0 '\0', scr_ind = 0 '\0', > prs_ind = 0 '\0', telno = '\0' , subaddr = '\0' > }}, dst_ton = 0 '\0', state = 0 '\0', > status_enquiry_timeout = 0 '\0', fifo_translator_capi_std = 0x0, > fifo_translator_capi_bridge = 0x0, fifo_translator_tone_gen = 0x0, > ai_type = 0 '\0', ai_ptr = 0x0, not_end_to_end_digital = 0 '\0', > is_sms = 0 '\0', aocd_flag = 0 '\0', channel_allocated = 0 '\0', > dir_incoming = 0 '\0', need_release = 1 '\001', peer_responded = 1 > '\001', want_late_inband = 0 '\0', sending_complete = 1 '\001', > b_link_want_active = 0 '\0', call_is_on_hold = 0 '\0', > call_is_retrieving = 0 '\0', received_src_telno_1 = 0 '\0', > received_src_telno_2 = 0 '\0', setup_interleave = 0 '\0', li_cdid = 0, > li_cdid_last = 0, li_data_ptr = 0x0, tone_gen_ptr = 0x0, > tone_gen_state = 0 '\0', tone_gen_pos = 0, connect_ind_count = 0, > idle_callout = {co = {c_links = {sle = {sle_next = 0x0}, tqe = { > tqe_next = 0x0, tqe_prev = 0xd8c9d518}}, c_time = -1970366093, > c_arg = 0xc50cb920, c_func = 0xc0c6fae0 , > c_lock = 0xc0cc3fa4, c_flags = 0, c_cpu = 0}}, set_state_callout = > {co = {c_links = {sle = {sle_next = 0x0}, tqe = { > tqe_next = 0x0, tqe_prev = 0xd8cc7c10}}, c_time = -1970409902, > c_arg = 0xc50cb920, > c_func = 0xc0c64690 , c_lock = 0xc0cc3fa4, > c_flags = 0, c_cpu = 0}}, idle_state = 2 '\002', > connect_time = 32392203, last_active_time = 32392203, shorthold_data = > {shorthold_algorithm = 0, unitlen_time = 60, idle_time = 0, > earlyhup_time = 0}, last_aocd_time = 0, units = 0, units_type = 3, > cunits = 1, isdntxdelay = 0, > display = "\000. Wreth <57>", '\0' , idate_time_data > = "\022\003\020\f\023\000\000", idate_time_len = 6 '\006', > odate_time_data = "\000\000\000\000\000\000\000", odate_time_len = 0 > '\0', keypad = '\0' , > user_user = '\0' } > > (kgdb) f 12 > #12 0xc0c631b9 in cd_update (cd=0xc50cb920, pipe=0x0, event=11) at > dss1_l3fsm.h:359 > 359 l2softc_t *sc = ((__typeof(pipe))(cd->pipe))->L5_sc; > (kgdb) list > 354 * NOTE: pipe might be zero! > 355 */ > 356 static void > 357 cd_update(call_desc_t *cd, DSS1_TCP_pipe_t *pipe, int event) > 358 { > 359 l2softc_t *sc = ((__typeof(pipe))(cd->pipe))->L5_sc; > 360 __typeof(cd->state) > 361 state = cd->state; > 362 > 363 /* > > The page fault occurs because cd->pipe is zero. > > I can give more information from the kerneldumps. > I'll have a look later this week. Looks like my I4B :-) --HPS From owner-freebsd-isdn@freebsd.org Thu Apr 26 08:06:24 2018 Return-Path: Delivered-To: freebsd-isdn@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9C2A2FA55BC for ; Thu, 26 Apr 2018 08:06:24 +0000 (UTC) (envelope-from hps@selasky.org) Received: from mail.turbocat.net (turbocat.net [88.99.82.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 387D77DE34 for ; Thu, 26 Apr 2018 08:06:23 +0000 (UTC) (envelope-from hps@selasky.org) Received: from hps2016.home.selasky.org (unknown [62.141.128.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.turbocat.net (Postfix) with ESMTPSA id 5AAEB260E49; Thu, 26 Apr 2018 10:06:22 +0200 (CEST) Subject: Re: page fault in isdn4bsd-kmod From: Hans Petter Selasky To: Andreas Longwitz , freebsd-isdn@freebsd.org References: <5AE0A686.7060109@incore.de> Message-ID: Date: Thu, 26 Apr 2018 10:06:15 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/mixed; boundary="------------0DEBAAE7C6F2469B6539045B" Content-Language: en-US X-BeenThere: freebsd-isdn@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Using ISDN with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Apr 2018 08:06:24 -0000 This is a multi-part message in MIME format. --------------0DEBAAE7C6F2469B6539045B Content-Type: text/plain; charset=iso-8859-15; format=flowed Content-Transfer-Encoding: 8bit Hi, >> (kgdb) f 12 >> #12 0xc0c631b9 in cd_update (cd=0xc50cb920, pipe=0x0, event=11) at >> dss1_l3fsm.h:359 >> 359             l2softc_t *sc = ((__typeof(pipe))(cd->pipe))->L5_sc; >> (kgdb) list >> 354      * NOTE: pipe might be zero! >> 355      */ >> 356     static void >> 357     cd_update(call_desc_t *cd, DSS1_TCP_pipe_t *pipe, int event) >> 358     { >> 359             l2softc_t *sc = ((__typeof(pipe))(cd->pipe))->L5_sc; >> 360             __typeof(cd->state) >> 361               state = cd->state; >> 362 >> 363             /* >> Event 11 means EV_L3_RELEASE. It does not use the "sc" variable. I think different compilers might produce different results. However, the right solution is simply to ignore the "cd->pipe" being NULL in this case. It should be set in all the other cases where "sc" is used. It might look like an outgoing call which was instantly hung up. Can you try the attached patch? --HPS --------------0DEBAAE7C6F2469B6539045B Content-Type: text/x-patch; name="i4b-NULL.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="i4b-NULL.diff" Index: src/sys/i4b/dss1/dss1_l3fsm.h =================================================================== --- src/sys/i4b/dss1/dss1_l3fsm.h (revision 4114) +++ src/sys/i4b/dss1/dss1_l3fsm.h (revision 4115) @@ -356,11 +356,21 @@ static void cd_update(call_desc_t *cd, DSS1_TCP_pipe_t *pipe, int event) { - l2softc_t *sc = ((__typeof(pipe))(cd->pipe))->L5_sc; - __typeof(cd->state) - state = cd->state; + __typeof(cd->state) state = cd->state; + l2softc_t *sc; /* + * Check if "cd->pipe" is non-NULL to avoid NULL dereference. + * If the "cd->pipe" is NULL the "sc" value should not be used + * by any of the switch cases below. Typically "cd->pipe" can + * be NULL on the EV_L3_RELEASE event. + */ + if (cd->pipe != NULL) + sc = ((__typeof(pipe))(cd->pipe))->L5_sc; + else + sc = NULL; + + /* * debugging */ --------------0DEBAAE7C6F2469B6539045B-- From owner-freebsd-isdn@freebsd.org Fri Apr 27 10:14:19 2018 Return-Path: Delivered-To: freebsd-isdn@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8909FFA3DD6 for ; Fri, 27 Apr 2018 10:14:19 +0000 (UTC) (envelope-from longwitz@incore.de) Received: from dss.incore.de (dss.incore.de [195.145.1.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2379B6C5E4 for ; Fri, 27 Apr 2018 10:14:18 +0000 (UTC) (envelope-from longwitz@incore.de) Received: from inetmail.dmz (inetmail.dmz [10.3.0.3]) by dss.incore.de (Postfix) with ESMTP id 34AE43F9; Fri, 27 Apr 2018 12:14:11 +0200 (CEST) X-Virus-Scanned: amavisd-new at incore.de Received: from dss.incore.de ([10.3.0.3]) by inetmail.dmz (inetmail.dmz [10.3.0.3]) (amavisd-new, port 10024) with LMTP id LOBwOCjHPtJL; Fri, 27 Apr 2018 12:14:10 +0200 (CEST) Received: from mail.local.incore (fwintern.dmz [10.0.0.253]) by dss.incore.de (Postfix) with ESMTP id 378EF227; Fri, 27 Apr 2018 12:14:10 +0200 (CEST) Received: from bsdlo.incore (bsdlo.incore [192.168.0.84]) by mail.local.incore (Postfix) with ESMTP id 21DE3508A1; Fri, 27 Apr 2018 12:14:10 +0200 (CEST) Message-ID: <5AE2F7F1.3040503@incore.de> Date: Fri, 27 Apr 2018 12:14:09 +0200 From: Andreas Longwitz User-Agent: Thunderbird 2.0.0.19 (X11/20090113) MIME-Version: 1.0 To: Hans Petter Selasky CC: freebsd-isdn@freebsd.org Subject: Re: page fault in isdn4bsd-kmod References: <5AE0A686.7060109@incore.de> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-isdn@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Using ISDN with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Apr 2018 10:14:19 -0000 Hi Hans, >>> (kgdb) f 12 >>> #12 0xc0c631b9 in cd_update (cd=0xc50cb920, pipe=0x0, event=11) at >>> dss1_l3fsm.h:359 >>> 359 l2softc_t *sc = ((__typeof(pipe))(cd->pipe))->L5_sc; >>> (kgdb) list >>> 354 * NOTE: pipe might be zero! >>> 355 */ >>> 356 static void >>> 357 cd_update(call_desc_t *cd, DSS1_TCP_pipe_t *pipe, int event) >>> 358 { >>> 359 l2softc_t *sc = ((__typeof(pipe))(cd->pipe))->L5_sc; >>> 360 __typeof(cd->state) >>> 361 state = cd->state; >>> 362 >>> 363 /* >>> > > Event 11 means EV_L3_RELEASE. It does not use the "sc" variable. I think > different compilers might produce different results. However, the right > solution is simply to ignore the "cd->pipe" being NULL in this case. It > should be set in all the other cases where "sc" is used. > > It might look like an outgoing call which was instantly hung up. > > Can you try the attached patch? Thanks for your patch, looks good. I will reboot my production server today in the evening. Andreas