From owner-freebsd-isdn@freebsd.org Wed Apr 25 16:10:06 2018 Return-Path: Delivered-To: freebsd-isdn@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AD469FA9AD1 for ; Wed, 25 Apr 2018 16:10:06 +0000 (UTC) (envelope-from longwitz@incore.de) Received: from dss.incore.de (dss.incore.de [195.145.1.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 33C028667B for ; Wed, 25 Apr 2018 16:10:02 +0000 (UTC) (envelope-from longwitz@incore.de) Received: from inetmail.dmz (inetmail.dmz [10.3.0.3]) by dss.incore.de (Postfix) with ESMTP id C3CC2A5C for ; Wed, 25 Apr 2018 18:02:18 +0200 (CEST) X-Virus-Scanned: amavisd-new at incore.de Received: from dss.incore.de ([10.3.0.3]) by inetmail.dmz (inetmail.dmz [10.3.0.3]) (amavisd-new, port 10024) with LMTP id WHgmVD-_PWhj for ; Wed, 25 Apr 2018 18:02:16 +0200 (CEST) Received: from mail.local.incore (fwintern.dmz [10.0.0.253]) by dss.incore.de (Postfix) with ESMTP id C726DA59 for ; Wed, 25 Apr 2018 18:02:14 +0200 (CEST) Received: from bsdlo.incore (bsdlo.incore [192.168.0.84]) by mail.local.incore (Postfix) with ESMTP id AA2E1508AD for ; Wed, 25 Apr 2018 18:02:14 +0200 (CEST) Message-ID: <5AE0A686.7060109@incore.de> Date: Wed, 25 Apr 2018 18:02:14 +0200 From: Andreas Longwitz User-Agent: Thunderbird 2.0.0.19 (X11/20090113) MIME-Version: 1.0 To: freebsd-isdn@freebsd.org Subject: page fault in isdn4bsd-kmod Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-isdn@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Using ISDN with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Apr 2018 16:10:06 -0000 Hi, I hope this list is still active ! I run the following configuration without any troubles for more than two years: FreeBSD 8.4-STABLE #3 r284383 asterisk18: 1.8.32.1 chan_capi: 2.0.17, with sleep patch from lists.freebsd.org/pipermail/freebsd-isdn/2016-February/001050.html libcapi: 2.0.2 isdn4bsd-kmod: 2.0.11 But now a had two identical crashes, from the first one: Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 03 fault virtual address = 0x4c fault code = supervisor read, page not present instruction pointer = 0x20:0xc0c631b9 stack pointer = 0x28:0xe7ad8b08 frame pointer = 0x28:0xe7ad8b34 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 1103 (asterisk) Physical memory: 1011 MB Dumping 239 MB: 224 208 192 176 160 144 128 112 96 80 64 48 32 16 Reading symbols from /boot/kernel/linux.ko...Reading symbols from /boot/kernel/linux.ko.symbols...done. done. Loaded symbols for /boot/kernel/linux.ko Reading symbols from /boot/kernel/amr_linux.ko...Reading symbols from /boot/kernel/amr_linux.ko.symbols...done. done. Loaded symbols for /boot/kernel/amr_linux.ko Reading symbols from /boot/modules/i4b.ko...Reading symbols from /boot/modules/i4b.ko.symbols...done. done. Loaded symbols for /boot/modules/i4b.ko Reading symbols from /boot/kernel/sppp.ko...Reading symbols from /boot/kernel/sppp.ko.symbols...done. done. Loaded symbols for /boot/kernel/sppp.ko #0 doadump () at pcpu.h:244 244 #endif /* !_MACHINE_PCPU_H_ */ (kgdb) where #0 doadump () at pcpu.h:244 #1 0xc04ece49 in db_fncall (dummy1=0, dummy2=0, dummy3=0, dummy4=0xe7ad87a4 "¸\207­ç") at /usr/src/sys/ddb/db_comman d.c:548 #2 0xc04ed27f in db_command (last_cmdp=0xc0a49a3c, cmd_table=0x0, dopager=0) at /usr/src/sys/ddb/db_command.c:445 #3 0xc04ed334 in db_command_script (command=0xc0a4a917 "call doadump") at /usr/src/sys/ddb/db_command.c:516 #4 0xc04f1260 in db_script_exec (scriptname=0xc098b378 "kdb.enter.default", warnifnotfound=) at /usr/src/sys/ddb/db_script.c:302 #5 0xc04f135b in db_script_kdbenter (eventname=0xc09d83f3 "unknown") at /usr/src/sys/ddb/db_script.c:325 #6 0xc04ef2e8 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_main.c:230 #7 0xc073c788 in kdb_trap (type=12, code=0, tf=0xe7ad8ac8) at /usr/src/sys/kern/subr_kdb.c:654 #8 0xc0930a0f in trap_fatal (frame=0xe7ad8ac8, eva=76) at /usr/src/sys/i386/i386/trap.c:1001 #9 0xc0930b3d in trap_pfault (frame=0xe7ad8ac8, usermode=0, eva=76) at /usr/src/sys/i386/i386/trap.c:872 #10 0xc0931c55 in trap (frame=0xe7ad8ac8) at /usr/src/sys/i386/i386/trap.c:546 #11 0xc0916fac in calltrap () at /usr/src/sys/i386/i386/exception.s:168 #12 0xc0c631b9 in cd_update (cd=0xc50cb920, pipe=0x0, event=11) at dss1_l3fsm.h:359 #13 0xc0c69c7a in capi_write (dev=0xc5402900, uio=0xc579a8c0, flag=4) at /wrkdirs/usr/ports/comms/isdn4bsd-kmod/work/isdn4bsd-2.0.11/module/../src/sys/i4b/layer4/i4b_capidrv.c:2417 #14 0xc067209f in devfs_write_f (fp=0xc56784d0, uio=0xc579a8c0, cred=0xc57e6200, flags=0, td=0xc7c348a0) at /usr/src/sys/fs/devfs/devfs_vnops.c:1559 #15 0xc074f727 in dofilewrite (td=0xc7c348a0, fd=13, fp=0xc56784d0, auio=0xc579a8c0, offset=-1, flags=0) at file.h:254 #16 0xc074fa18 in kern_writev (td=0xc7c348a0, fd=13, auio=0xc579a8c0) at /usr/src/sys/kern/sys_generic.c:447 #17 0xc074fc76 in writev (td=0xc7c348a0, uap=0xe7ad8cec) at /usr/src/sys/kern/sys_generic.c:433 #18 0xc0931222 in syscall (frame=0xe7ad8d28) at subr_syscall.c:114 #19 0xc0917041 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:266 #20 0x00000033 in ?? () Previous frame inner to this frame (corrupt stack?) (kgdb) f 13 #13 0xc0c69c7a in capi_write (dev=0xc5402900, uio=0xc579a8c0, flag=4) at /wrkdirs/usr/ports/comms/isdn4bsd-kmod/work/isdn4bsd-2.0.11/module/../src/sys/i4b/layer4/i4b_capidrv.c:2417 2417 N_DISCONNECT_REQUEST(cd, cd->cause_in); (kgdb) list 2412 * the following will always call 2413 * "i4b_l4_disconnect_ind()", which 2414 * will send the CAPI disconnect 2415 * indications 2416 */ 2417 N_DISCONNECT_REQUEST(cd, cd->cause_in); 2418 2419 cd = NULL; /* call descriptor is freed ! */ 2420 2421 break; (kgdb) p *cd $1 = {cdid = 0, p_cntl = 0xc0cc4174, pipe = 0x0, cr = 23, channel_id = -1, channel_bprot = 4 '\004', channel_bsubprot = 1 '\001', driver_type = 7, driver_unit = 0, driver_type_copy = 7, driver_unit_copy = 0, curr_max_packet_size = 160, new_max_packet_size = 0, cause_in = 256, cause_out = 256, call_state = 10 '\n', dst_telno = "04514906159", '\0' , dst_telno_ptr = 0xc50cb960 "", dst_telno_part = '\0' , dst_telno_early = '\0' , dst_subaddr = '\0' , src = {{ton = 2 '\002', scr_ind = 1 '\001', prs_ind = 1 '\001', telno = "4514900157", '\0' , subaddr = '\0' }, {ton = 0 '\0', scr_ind = 0 '\0', prs_ind = 0 '\0', telno = '\0' , subaddr = '\0' }}, dst_ton = 0 '\0', state = 0 '\0', status_enquiry_timeout = 0 '\0', fifo_translator_capi_std = 0x0, fifo_translator_capi_bridge = 0x0, fifo_translator_tone_gen = 0x0, ai_type = 0 '\0', ai_ptr = 0x0, not_end_to_end_digital = 0 '\0', is_sms = 0 '\0', aocd_flag = 0 '\0', channel_allocated = 0 '\0', dir_incoming = 0 '\0', need_release = 1 '\001', peer_responded = 1 '\001', want_late_inband = 0 '\0', sending_complete = 1 '\001', b_link_want_active = 0 '\0', call_is_on_hold = 0 '\0', call_is_retrieving = 0 '\0', received_src_telno_1 = 0 '\0', received_src_telno_2 = 0 '\0', setup_interleave = 0 '\0', li_cdid = 0, li_cdid_last = 0, li_data_ptr = 0x0, tone_gen_ptr = 0x0, tone_gen_state = 0 '\0', tone_gen_pos = 0, connect_ind_count = 0, idle_callout = {co = {c_links = {sle = {sle_next = 0x0}, tqe = { tqe_next = 0x0, tqe_prev = 0xd8c9d518}}, c_time = -1970366093, c_arg = 0xc50cb920, c_func = 0xc0c6fae0 , c_lock = 0xc0cc3fa4, c_flags = 0, c_cpu = 0}}, set_state_callout = {co = {c_links = {sle = {sle_next = 0x0}, tqe = { tqe_next = 0x0, tqe_prev = 0xd8cc7c10}}, c_time = -1970409902, c_arg = 0xc50cb920, c_func = 0xc0c64690 , c_lock = 0xc0cc3fa4, c_flags = 0, c_cpu = 0}}, idle_state = 2 '\002', connect_time = 32392203, last_active_time = 32392203, shorthold_data = {shorthold_algorithm = 0, unitlen_time = 60, idle_time = 0, earlyhup_time = 0}, last_aocd_time = 0, units = 0, units_type = 3, cunits = 1, isdntxdelay = 0, display = "\000. Wreth <57>", '\0' , idate_time_data = "\022\003\020\f\023\000\000", idate_time_len = 6 '\006', odate_time_data = "\000\000\000\000\000\000\000", odate_time_len = 0 '\0', keypad = '\0' , user_user = '\0' } (kgdb) f 12 #12 0xc0c631b9 in cd_update (cd=0xc50cb920, pipe=0x0, event=11) at dss1_l3fsm.h:359 359 l2softc_t *sc = ((__typeof(pipe))(cd->pipe))->L5_sc; (kgdb) list 354 * NOTE: pipe might be zero! 355 */ 356 static void 357 cd_update(call_desc_t *cd, DSS1_TCP_pipe_t *pipe, int event) 358 { 359 l2softc_t *sc = ((__typeof(pipe))(cd->pipe))->L5_sc; 360 __typeof(cd->state) 361 state = cd->state; 362 363 /* The page fault occurs because cd->pipe is zero. I can give more information from the kerneldumps. Andreas Longwitz