Date: Wed, 25 Apr 2018 19:58:06 +0200 From: Hans Petter Selasky <hps@selasky.org> To: Andreas Longwitz <longwitz@incore.de>, freebsd-isdn@freebsd.org Subject: Re: page fault in isdn4bsd-kmod Message-ID: <caac8127-942f-4324-ebdf-1f36ae539752@selasky.org> In-Reply-To: <5AE0A686.7060109@incore.de> References: <5AE0A686.7060109@incore.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 04/25/18 18:02, Andreas Longwitz wrote:
> Hi,
> I hope this list is still active !
>
> I run the following configuration without any troubles for more than two
> years:
>
> FreeBSD 8.4-STABLE #3 r284383
> asterisk18: 1.8.32.1
> chan_capi: 2.0.17, with sleep patch from
> lists.freebsd.org/pipermail/freebsd-isdn/2016-February/001050.html
> libcapi: 2.0.2
> isdn4bsd-kmod: 2.0.11
>
> But now a had two identical crashes, from the first one:
>
> Fatal trap 12: page fault while in kernel mode
> cpuid = 0; apic id = 03
> fault virtual address = 0x4c
> fault code = supervisor read, page not present
> instruction pointer = 0x20:0xc0c631b9
> stack pointer = 0x28:0xe7ad8b08
> frame pointer = 0x28:0xe7ad8b34
> code segment = base 0x0, limit 0xfffff, type 0x1b
> = DPL 0, pres 1, def32 1, gran 1
> processor eflags = interrupt enabled, resume, IOPL = 0
> current process = 1103 (asterisk)
> Physical memory: 1011 MB
> Dumping 239 MB: 224 208 192 176 160 144 128 112 96 80 64 48 32 16
>
> Reading symbols from /boot/kernel/linux.ko...Reading symbols from
> /boot/kernel/linux.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/linux.ko
> Reading symbols from /boot/kernel/amr_linux.ko...Reading symbols from
> /boot/kernel/amr_linux.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/amr_linux.ko
> Reading symbols from /boot/modules/i4b.ko...Reading symbols from
> /boot/modules/i4b.ko.symbols...done.
> done.
> Loaded symbols for /boot/modules/i4b.ko
> Reading symbols from /boot/kernel/sppp.ko...Reading symbols from
> /boot/kernel/sppp.ko.symbols...done.
> done.
> Loaded symbols for /boot/kernel/sppp.ko
> #0 doadump () at pcpu.h:244
> 244 #endif /* !_MACHINE_PCPU_H_ */
> (kgdb) where
> #0 doadump () at pcpu.h:244
> #1 0xc04ece49 in db_fncall (dummy1=0, dummy2=0, dummy3=0,
> dummy4=0xe7ad87a4 "¸\207ç") at /usr/src/sys/ddb/db_comman
> d.c:548
> #2 0xc04ed27f in db_command (last_cmdp=0xc0a49a3c, cmd_table=0x0,
> dopager=0) at /usr/src/sys/ddb/db_command.c:445
> #3 0xc04ed334 in db_command_script (command=0xc0a4a917 "call doadump")
> at /usr/src/sys/ddb/db_command.c:516
> #4 0xc04f1260 in db_script_exec (scriptname=0xc098b378
> "kdb.enter.default", warnifnotfound=<value optimized out>)
> at /usr/src/sys/ddb/db_script.c:302
> #5 0xc04f135b in db_script_kdbenter (eventname=0xc09d83f3 "unknown") at
> /usr/src/sys/ddb/db_script.c:325
> #6 0xc04ef2e8 in db_trap (type=12, code=0) at
> /usr/src/sys/ddb/db_main.c:230
> #7 0xc073c788 in kdb_trap (type=12, code=0, tf=0xe7ad8ac8) at
> /usr/src/sys/kern/subr_kdb.c:654
> #8 0xc0930a0f in trap_fatal (frame=0xe7ad8ac8, eva=76) at
> /usr/src/sys/i386/i386/trap.c:1001
> #9 0xc0930b3d in trap_pfault (frame=0xe7ad8ac8, usermode=0, eva=76) at
> /usr/src/sys/i386/i386/trap.c:872
> #10 0xc0931c55 in trap (frame=0xe7ad8ac8) at
> /usr/src/sys/i386/i386/trap.c:546
> #11 0xc0916fac in calltrap () at /usr/src/sys/i386/i386/exception.s:168
> #12 0xc0c631b9 in cd_update (cd=0xc50cb920, pipe=0x0, event=11) at
> dss1_l3fsm.h:359
> #13 0xc0c69c7a in capi_write (dev=0xc5402900, uio=0xc579a8c0, flag=4)
> at
> /wrkdirs/usr/ports/comms/isdn4bsd-kmod/work/isdn4bsd-2.0.11/module/../src/sys/i4b/layer4/i4b_capidrv.c:2417
> #14 0xc067209f in devfs_write_f (fp=0xc56784d0, uio=0xc579a8c0,
> cred=0xc57e6200, flags=0, td=0xc7c348a0)
> at /usr/src/sys/fs/devfs/devfs_vnops.c:1559
> #15 0xc074f727 in dofilewrite (td=0xc7c348a0, fd=13, fp=0xc56784d0,
> auio=0xc579a8c0, offset=-1, flags=0) at file.h:254
> #16 0xc074fa18 in kern_writev (td=0xc7c348a0, fd=13, auio=0xc579a8c0) at
> /usr/src/sys/kern/sys_generic.c:447
> #17 0xc074fc76 in writev (td=0xc7c348a0, uap=0xe7ad8cec) at
> /usr/src/sys/kern/sys_generic.c:433
> #18 0xc0931222 in syscall (frame=0xe7ad8d28) at subr_syscall.c:114
> #19 0xc0917041 in Xint0x80_syscall () at
> /usr/src/sys/i386/i386/exception.s:266
> #20 0x00000033 in ?? ()
> Previous frame inner to this frame (corrupt stack?)
>
> (kgdb) f 13
> #13 0xc0c69c7a in capi_write (dev=0xc5402900, uio=0xc579a8c0, flag=4)
> at
> /wrkdirs/usr/ports/comms/isdn4bsd-kmod/work/isdn4bsd-2.0.11/module/../src/sys/i4b/layer4/i4b_capidrv.c:2417
> 2417 N_DISCONNECT_REQUEST(cd, cd->cause_in);
> (kgdb) list
> 2412 * the following will always call
> 2413 * "i4b_l4_disconnect_ind()", which
> 2414 * will send the CAPI disconnect
> 2415 * indications
> 2416 */
> 2417 N_DISCONNECT_REQUEST(cd, cd->cause_in);
> 2418
> 2419 cd = NULL; /* call descriptor is freed ! */
> 2420
> 2421 break;
>
> (kgdb) p *cd
> $1 = {cdid = 0, p_cntl = 0xc0cc4174, pipe = 0x0, cr = 23, channel_id =
> -1, channel_bprot = 4 '\004', channel_bsubprot = 1 '\001',
> driver_type = 7, driver_unit = 0, driver_type_copy = 7,
> driver_unit_copy = 0, curr_max_packet_size = 160, new_max_packet_size = 0,
> cause_in = 256, cause_out = 256, call_state = 10 '\n', dst_telno =
> "04514906159", '\0' <repeats 29 times>,
> dst_telno_ptr = 0xc50cb960 "", dst_telno_part = '\0' <repeats 40
> times>, dst_telno_early = '\0' <repeats 40 times>,
> dst_subaddr = '\0' <repeats 20 times>, src = {{ton = 2 '\002', scr_ind
> = 1 '\001', prs_ind = 1 '\001',
> telno = "4514900157", '\0' <repeats 30 times>, subaddr = '\0'
> <repeats 20 times>}, {ton = 0 '\0', scr_ind = 0 '\0',
> prs_ind = 0 '\0', telno = '\0' <repeats 40 times>, subaddr = '\0'
> <repeats 20 times>}}, dst_ton = 0 '\0', state = 0 '\0',
> status_enquiry_timeout = 0 '\0', fifo_translator_capi_std = 0x0,
> fifo_translator_capi_bridge = 0x0, fifo_translator_tone_gen = 0x0,
> ai_type = 0 '\0', ai_ptr = 0x0, not_end_to_end_digital = 0 '\0',
> is_sms = 0 '\0', aocd_flag = 0 '\0', channel_allocated = 0 '\0',
> dir_incoming = 0 '\0', need_release = 1 '\001', peer_responded = 1
> '\001', want_late_inband = 0 '\0', sending_complete = 1 '\001',
> b_link_want_active = 0 '\0', call_is_on_hold = 0 '\0',
> call_is_retrieving = 0 '\0', received_src_telno_1 = 0 '\0',
> received_src_telno_2 = 0 '\0', setup_interleave = 0 '\0', li_cdid = 0,
> li_cdid_last = 0, li_data_ptr = 0x0, tone_gen_ptr = 0x0,
> tone_gen_state = 0 '\0', tone_gen_pos = 0, connect_ind_count = 0,
> idle_callout = {co = {c_links = {sle = {sle_next = 0x0}, tqe = {
> tqe_next = 0x0, tqe_prev = 0xd8c9d518}}, c_time = -1970366093,
> c_arg = 0xc50cb920, c_func = 0xc0c6fae0 <i4b_idle_check>,
> c_lock = 0xc0cc3fa4, c_flags = 0, c_cpu = 0}}, set_state_callout =
> {co = {c_links = {sle = {sle_next = 0x0}, tqe = {
> tqe_next = 0x0, tqe_prev = 0xd8cc7c10}}, c_time = -1970409902,
> c_arg = 0xc50cb920,
> c_func = 0xc0c64690 <cd_set_state_timeout>, c_lock = 0xc0cc3fa4,
> c_flags = 0, c_cpu = 0}}, idle_state = 2 '\002',
> connect_time = 32392203, last_active_time = 32392203, shorthold_data =
> {shorthold_algorithm = 0, unitlen_time = 60, idle_time = 0,
> earlyhup_time = 0}, last_aocd_time = 0, units = 0, units_type = 3,
> cunits = 1, isdntxdelay = 0,
> display = "\000. Wreth <57>", '\0' <repeats 77 times>, idate_time_data
> = "\022\003\020\f\023\000\000", idate_time_len = 6 '\006',
> odate_time_data = "\000\000\000\000\000\000\000", odate_time_len = 0
> '\0', keypad = '\0' <repeats 34 times>,
> user_user = '\0' <repeats 128 times>}
>
> (kgdb) f 12
> #12 0xc0c631b9 in cd_update (cd=0xc50cb920, pipe=0x0, event=11) at
> dss1_l3fsm.h:359
> 359 l2softc_t *sc = ((__typeof(pipe))(cd->pipe))->L5_sc;
> (kgdb) list
> 354 * NOTE: pipe might be zero!
> 355 */
> 356 static void
> 357 cd_update(call_desc_t *cd, DSS1_TCP_pipe_t *pipe, int event)
> 358 {
> 359 l2softc_t *sc = ((__typeof(pipe))(cd->pipe))->L5_sc;
> 360 __typeof(cd->state)
> 361 state = cd->state;
> 362
> 363 /*
>
> The page fault occurs because cd->pipe is zero.
>
> I can give more information from the kerneldumps.
>
I'll have a look later this week. Looks like my I4B :-)
--HPS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?caac8127-942f-4324-ebdf-1f36ae539752>