Date: Wed, 31 Mar 1999 21:51:12 +0200 From: dirk.meyer@dinoex.sub.org (Dirk Meyer) To: freebsd-isdn@FreeBSD.ORG Subject: strange panic in 0.70 Message-ID: <NnFF6BLp/S@dmeyer.dinoex.sub.org> References: <199903310909.LAA03284@peedub.muc.de><199903311617.SAA12967@helena.otelo-call.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello,
I am still tracing my kernel dump with i4b-0.70,
but i find no final clue why it has been triggered.
This problem does only occur about every two months.
i4b_l4_connect_active_ind try to execute
i4b_link_bchandrvr(cd);
i4b_link_bchandrvr is coded inline by the compiler.
so the stack frame is missing.
the controller type is 1
and the function pointers seem ok.
but the channel index seem to made it crash.
I couldn't find the place where the channel number "-2"
was set into the data stream.
any idea?
kind regards Dirk
-- Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany
-- Tel. +49-5606-6512
FreeBSD 2.2.7-19981027-SNAP: Thu Dec 24 15:42:36 CET 1998
/kernel: CPU: i486DX (486-class CPU)
/kernel: isic0 at 0xd80 irq 12 maddr 0xd0000 msize 4096 flags 0x2 on isa
/kernel: isic0: Teles S0/16, Creatix ISDN S0-16 or Niccy 1016
/kernel: isic0: ISAC 2085 Version V2.3 (B3) (IOM-1) (Addr=0xf00d0100)
/kernel: isic0: HSCX 82525 or 21525 Version 2.1 (AddrA=0xf00d0180, AddrB=0xf00d01c0)
/kernel: i4b: ISDN call control device attached
/kernel: i4bisppp: 4 ISDN SyncPPP device(s) attached
/kernel: i4bctl: ISDN system control port attached
/kernel: i4bipr: 6 IP over raw HDLC ISDN device(s) attached (VJ header compression)
/kernel: i4btel: 4 ISDN telephony interface device(s) attached
/kernel: i4brbch: 4 raw B channel access device(s) attached
/kernel: i4btrc: 4 ISDN trace device
/kernel: (s) attached
/kernel: IP packet filtering initialized, divert enabled, logging limited to 20 packets/entry
/kernel: DUMMYNET initialized (980901) -- size dn_pkt 48
/kernel: isp0: lcp close(initial)
/kernel: isp0: lcp close(initial)
/kernel: i4b: unit 0, assigned TEI = 90 = 0x5a
#10 0xf01dfe9a in trap_fatal (frame=0xf0209e1c) at ../../i386/i386/trap.c:772
#11 0xf01df95c in trap_pfault (frame=0xf0209e1c, usermode=0)
at ../../i386/i386/trap.c:681
#12 0xf01df5e7 in trap (frame={tf_es = -266338288, tf_ds = -267321328,
tf_edi = 14, tf_esi = 1, tf_ebp = -266297740, tf_isp = -266297788,
tf_ebx = -266165416, tf_edx = 0, tf_ecx = 0, tf_eax = 50529027,
tf_trapno = 12, tf_err = 0, tf_eip = 50529027, tf_cs = -266338296,
tf_eflags = 66134, tf_esp = -267286348, tf_ss = 0})
at ../../i386/i386/trap.c:324
#13 0x3030303 in ?? ()
#14 0xf01184c9 in i4b_l4_connect_active_ind (cd=0xf022a358)
at ../../i4b/layer4/i4b_l4.c:354
#15 0xf0113944 in F_04O (cd=0xf022a358) at ../../i4b/layer3/i4b_l3fsm.c:492
#16 0xf01131a4 in next_l3state (cd=0xf022a358, event=14)
at ../../i4b/layer3/i4b_l3fsm.c:254
#17 0xf011181f in i4b_decode_q931 (unit=0, msg_len=11,
msg_ptr=0xf0612b20 "\b\001ð\a)\005c\003\005\001\0244>Mar 5 01:21:19 isdnd[93]: CHD 00047 I4BIP0 outgoing call proceeding (ctl 0, ch -2)")
at ../../i4b/layer3/i4b_q931.c:256
#18 0xf0115a4d in i4b_dl_data_ind (unit=0, m=0xf0612b00)
at ../../i4b/layer3/i4b_l2if.c:318
#19 0xf01103f0 in i4b_rxd_i_frame (unit=0, m=0xf0612b00)
at ../../i4b/layer2/i4b_iframe.c:132
#20 0xf010c84b in i4b_ph_data_ind (unit=0, m=0xf0612b00)
at ../../i4b/layer2/i4b_l2.c:358
#21 0xf01d15af in isic_isac_irq (sc=0xf0228858, ista=128)
at ../../i4b/layer1/i4b_isac.c:187
#22 0xf01d0489 in isicintr (unit=0) at ../../i4b/layer1/i4b_isic.c:164
(kgdb) p *((call_desc_t *)0xf022a358)
$7 = {cdid = 47, controller = 0, cr = 80, crflag = 0, channelid = -2,
channelexcl = 0, bprot = 1, driver = 2, driver_unit = 0, cause_in = 256,
cause_out = 0, call_state = 0,
dst_telno = "05608XXXXXX", '\000' <repeats 29 times>,
src_telno = "XXXXX", '\000' <repeats 35 times>, scr_ind = 0, Q931state = 3,
event = 14, response = 0, T303 = 1, T303_first_to = 1, T305 = 0, T308 = 0,
T308_first_to = 0, T309 = 0, T310 = 1, T313 = 0, T400 = 0, ilt = 0xf02287b4,
dlt = 0xf0218190, dir = 0, timeout_active = 0, idletime_state = 0,
idletimechk_start = 0, connect_time = 920593279,
last_active_time = 920593279, max_idle_time = 0, unitlen_time = 60,
idle_time = 30, earlyhup_time = 5, aocd_flag = 0, last_aocd_time = 0,
units = 0, units_type = 0, cunits = 0, isdntxdelay = 0,
display = '\000' <repeats 90 times>,
datetime = "9903050120\000\000\000\000\000\000\000\000\000\000"}
(kgdb) p ctrl_desc[0].ctrl_type
$8 = 1
(kgdb) p ctrl_types[1]
$9 = {get_linktab = 0xf01d4848 <isic_ret_linktab>,
set_linktab = 0xf01d486c <isic_set_linktab>}
(kgdb) p *(struct mbuf *)0xf0612b00
$12 = {m_hdr = {mh_next = 0x0, mh_nextpkt = 0x0,
mh_data = 0xf0612b20 "\b\001ð\a)\005c\003\005\001\0244>Mar 5 01:21:19 isdnd[93]: CHD 00047 I4BIP0 outgoing call proceeding (ctl 0, ch -2)", mh_len = 11,
mh_type = 1, mh_flags = 2}, M_dat = {MH = {MH_pkthdr = {rcvif = 0x0,
len = 11}, MH_dat = {MH_ext = {
ext_buf = 0xde76ad02 <Address 0xde76ad02 out of bounds>,
ext_free = 0x7d00108, ext_size = 56821033, ext_ref = 0x34140105},
MH_databuf = "\002¡vÌ\b\001ð\a)\005c\003\005\001\0244>Mar 5 01:21:19 isdnd[93]: CHD 00047 I4BIP0 outgoing call proceeding (ctl 0, ch -2)"}},
M_databuf = "\000\000\000\000\013\000\000\000\002¡vÌ\b\001ð\a)\005c\003\005\001\0244>Mar 5 01:21:19 isdnd[93]: CHD 00047 I4BIP0 outgoing call proceeding (ctl 0, ch -2)"}}
(kgdb) p *(struct isic_softc *)0xf0228858
$13 = {sc_unit = 0, sc_irq = 4096, sc_port = 3456, sc_cardtyp = 2,
sc_bustyp = 1, sc_trace = 0, sc_trace_dcount = 0, sc_trace_bcount = 0,
sc_state = 1, sc_init_tries = 0, sc_vmem_addr = 0xf00d0000 "+¸",
sc_isac = 0xf00d0100 "Yý", sc_ipacbase = 0x0, sc_isac_mask = 42 '*',
sc_chan = {{unit = 0, channel = 0, hscx = 0xf00d0180 "", hscx_mask = 40 '(',
bprot = 1, state = 0, rx_queue = {ifq_head = 0x0, ifq_tail = 0x0,
ifq_len = 0, ifq_maxlen = 50, ifq_drops = 0}, rxcount = 4448,
in_mbuf = 0xf0612a00,
in_cbptr = 0xf0617940 ">-\237(ÌË\233%á&\221\235\032(\2171´q\225ѽ c\212±Z5#Ú2·Ù+¦\e\200\235\t\227qZã$ãÐ\237:\206°+\207|7|)}Ý\003#²#ËD¶®Ðý\232\t+«r\026º\b|pý-öý°~.\235#Û\016\207|E\213¨\tAñc\205ð··\025;²ð\003¢Vx®&m^:Ä\001¦(+\026\220\006`C|\232\002#\216b\234äÁD\2302¥\201\016|¡}+V\a´|!2=-+S¢>ZZ/Î\"I\n\212-/\227-k¥\003\211+Ìã¸-ÜÜ\203´\226-=\177#4-|\201ã#Jz+lÁS[§±"..., in_len = 320, tx_queue = {
ifq_head = 0x0, ifq_tail = 0x0, ifq_len = 0, ifq_maxlen = 50,
ifq_drops = 0}, txcount = 132, out_mbuf_head = 0x0,
out_mbuf_cur = 0x0,
out_mbuf_cur_ptr = 0xf0613ed4 "5 I4BIP0 cause 0: normal call clearing (I4B)", out_mbuf_cur_len = 0, isdn_linktab = {unit = 0, channel = 0,
bch_config = 0xf01d43d0 <isic_bchannel_setup>,
bch_tx_start = 0xf01d451c <isic_bchannel_start>,
bch_stat = 0xf01d47d8 <isic_bchannel_stat>, tx_queue = 0xf02288cc,
rx_queue = 0xf02288a8, rx_mbuf = 0xf02288c0},
drvr_linktab = 0xf0218268, stat_VFR = 0, stat_RDO = 6, stat_CRC = 0,
stat_RAB = 0, stat_XDU = 2, stat_RFO = 0}, {unit = 0, channel = 1,
hscx = 0xf00d01c0 "s¸", hscx_mask = 249 '¨', bprot = 1, state = 0,
rx_queue = {ifq_head = 0x0, ifq_tail = 0x0, ifq_len = 0,
ifq_maxlen = 50, ifq_drops = 0}, rxcount = 0, in_mbuf = 0x0,
in_cbptr = 0x0, in_len = 0, tx_queue = {ifq_head = 0x0, ifq_tail = 0x0,
ifq_len = 0, ifq_maxlen = 50, ifq_drops = 0}, txcount = 0,
out_mbuf_head = 0x0, out_mbuf_cur = 0x0, out_mbuf_cur_ptr = 0x0,
out_mbuf_cur_len = 0, isdn_linktab = {unit = 0, channel = 1,
bch_config = 0xf01d43d0 <isic_bchannel_setup>,
bch_tx_start = 0xf01d451c <isic_bchannel_start>,
bch_stat = 0xf01d47d8 <isic_bchannel_stat>, tx_queue = 0xf022896c,
rx_queue = 0xf0228948, rx_mbuf = 0xf0228960},
drvr_linktab = 0xf0218190, stat_VFR = 0, stat_RDO = 0, stat_CRC = 0,
stat_RAB = 0, stat_XDU = 0, stat_RFO = 1}}, sc_ibuf = 0xf0612b00,
sc_ilen = 15,
sc_ib = 0xf0612b1c "\002¡vÌ\b\001ð\a)\005c\003\005\001\0244>Mar 5 01:21:19 isdnd[93]: CHD 00047 I4BIP0 outgoing call proceeding (ctl 0, ch -2)",
sc_obuf = 0x0, sc_op = 0x0, sc_ol = 0, sc_freeflag = 0, sc_obuf2 = 0x0,
sc_freeflag2 = 0, sc_isac_version = 3, sc_hscx_version = 5,
sc_I430state = 4, sc_I430T3 = 0, sc_I430T4 = 0, sc_enabled = 1, sc_ipac = 0,
sc_bfifolen = 32, readreg = 0xf01d49b8 <tels016_read_reg>,
writereg = 0xf01d49a0 <tels016_write_reg>,
readfifo = 0xf01d49d0 <tels016_memcpyb>,
writefifo = 0xf01d49d0 <tels016_memcpyb>, clearirq = 0}
(kgdb)
.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isdn" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NnFF6BLp/S>