Date: Thu, 28 Sep 2017 01:17:24 +0200 From: Hans Petter Selasky <hps@selasky.org> To: Tao Zhou <tao@ish.com.au>, freebsd-stable <freebsd-stable@freebsd.org>, Konstantin Belousov <kib@FreeBSD.org>, David Wetzel <dave@turbocat.de>, Ed Maste <emaste@freebsd.org> Subject: Re: [Asterisk-bsd] Asterisk13 coredump on freebsd 11.1 Message-ID: <81116454-105e-f72a-5251-a45aac100c22@selasky.org> In-Reply-To: <25f05b1c-34e5-aa88-39cc-55c9a7b15616@selasky.org> References: <30f177e2-3fd7-37e7-2f77-4b43a56c6713@ish.com.au> <25f05b1c-34e5-aa88-39cc-55c9a7b15616@selasky.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
I just upgraded and hit these SEGFAULTs too. First of all you need to
install GDB 8.0 from ports to get the right backtrace (important). This
leads straight into LibUnwind in libgcc:
(gdb) bt
#0 uw_frame_state_for (context=context@entry=0x7fffdf3bbe20,
fs=fs@entry=0x7fffdf3bbb70)
at /wrkdirs/usr/ports/lang/gcc6/work/gcc-6.4.0/libgcc/unwind-dw2.c:1249
#1 0x0000000802cc8ffb in _Unwind_ForcedUnwind_Phase2
(exc=exc@entry=0x804427230,
context=context@entry=0x7fffdf3bbe20) at
/wrkdirs/usr/ports/lang/gcc6/work/gcc-6.4.0/libgcc/unwind.inc:155
#2 0x0000000802cc9334 in _Unwind_ForcedUnwind (exc=0x804427230,
stop=0x8024d5450 <thread_unwind_stop>,
stop_argument=<optimized out>) at
/wrkdirs/usr/ports/lang/gcc6/work/gcc-6.4.0/libgcc/unwind.inc:207
#3 0x00000008024d52b3 in _Unwind_ForcedUnwind (ex=<optimized out>,
stop_func=0x7fffdf3bb948, stop_arg=0x804427000)
at /usr/img/freebsd.11/lib/libthr/thread/thr_exit.c:106
#4 thread_unwind () at /usr/img/freebsd.11/lib/libthr/thread/thr_exit.c:172
#5 _pthread_exit_mask (status=<optimized out>, mask=<optimized out>)
at /usr/img/freebsd.11/lib/libthr/thread/thr_exit.c:257
#6 0x00000008024d50db in _pthread_exit (status=0x804427000) at
/usr/img/freebsd.11/lib/libthr/thread/thr_exit.c:206
#7 0x00000008024c7c0d in thread_start (curthread=0x804427000)
at /usr/img/freebsd.11/lib/libthr/thread/thr_create.c:289
#8 0x00007fffdf340000 in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffdf3bc000
libgcc uses this format which is OK:
(gdb) ptype struct _Unwind_Context
type = struct _Unwind_Context {
_Unwind_Context_Reg_Val reg[18];
void *cfa;
void *ra;
void *lsda;
struct dwarf_eh_bases bases;
_Unwind_Word flags;
_Unwind_Word version;
_Unwind_Word args_size;
char by_value[18];
}
> x86_64_freebsd_fallback_frame_state
> (struct _Unwind_Context *context, _Unwind_FrameState *fs)
> {
> struct sigframe *sf;
> long new_cfa;
>
> /* Prior to FreeBSD 9, the signal trampoline was located immediately
> before the ps_strings. To support non-executable stacks on AMD64,
> the sigtramp was moved to a shared page for FreeBSD 9. Unfortunately
> this means looking frame patterns again (sys/amd64/amd64/sigtramp.S)
> rather than using the robust and convenient KERN_PS_STRINGS trick.
>
> <pc + 00>: lea 0x10(%rsp),%rdi
> <pc + 05>: pushq $0x0
> <pc + 17>: mov $0x1a1,%rax
> <pc + 14>: syscall
>
> If we can't find this pattern, we're at the end of the stack.
> */
>
> if (!( *(unsigned int *)(context->ra) == 0x247c8d48
^^^^ fault is triggered by this read access on the stack
> && *(unsigned int *)(context->ra + 4) == 0x48006a10
> && *(unsigned int *)(context->ra + 8) == 0x01a1c0c7
> && *(unsigned int *)(context->ra + 12) == 0x050f0000 ))
> return _URC_END_OF_STACK;
>
The code in question is trying to access the return address of the
caller on the stack which apparently I think is caught by the recently
added MAP_GUARD feature:
https://svnweb.freebsd.org/changeset/base/320763
I think this feature can be disabled by setting:
sysctl security.bsd.stack_guard_page=0
And then restart Asterisk. Not sure if it helps, currently testing.
This my best guess why Asterisk started segfaulting when upgrading to 11.1.
--HPS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?81116454-105e-f72a-5251-a45aac100c22>