Date: Wed, 27 Sep 2017 18:00:46 -0600 From: Ian Lepore <ian@freebsd.org> To: Asterisk on BSD discussion <asterisk-bsd@lists.digium.com>, Tao Zhou <tao@ish.com.au>, freebsd-stable <freebsd-stable@freebsd.org>, Konstantin Belousov <kib@FreeBSD.org>, David Wetzel <dave@turbocat.de>, Ed Maste <emaste@freebsd.org> Subject: Re: [Asterisk-bsd] Asterisk13 coredump on freebsd 11.1 Message-ID: <1506556846.31939.15.camel@freebsd.org> In-Reply-To: <81116454-105e-f72a-5251-a45aac100c22@selasky.org> References: <30f177e2-3fd7-37e7-2f77-4b43a56c6713@ish.com.au> <25f05b1c-34e5-aa88-39cc-55c9a7b15616@selasky.org> <81116454-105e-f72a-5251-a45aac100c22@selasky.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2017-09-28 at 01:17 +0200, Hans Petter Selasky wrote:
> Hi,
>=20
> I just upgraded and hit these SEGFAULTs too. First of all you need
> to=A0
> install GDB 8.0 from ports to get the right backtrace (important).
> This=A0
> leads straight into LibUnwind in libgcc:
>=20
> (gdb) bt
> #0=A0=A0uw_frame_state_for (context=3Dcontext@entry=3D0x7fffdf3bbe20,=A0
> fs=3Dfs@entry=3D0x7fffdf3bbb70)
> =A0=A0=A0=A0=A0at /wrkdirs/usr/ports/lang/gcc6/work/gcc-6.4.0/libgcc/un=
wind-
> dw2.c:1249
> #1=A0=A00x0000000802cc8ffb in _Unwind_ForcedUnwind_Phase2=A0
> (exc=3Dexc@entry=3D0x804427230,
> =A0=A0=A0=A0=A0context=3Dcontext@entry=3D0x7fffdf3bbe20) at=A0
> /wrkdirs/usr/ports/lang/gcc6/work/gcc-6.4.0/libgcc/unwind.inc:155
> #2=A0=A00x0000000802cc9334 in _Unwind_ForcedUnwind (exc=3D0x804427230,=A0
> stop=3D0x8024d5450 <thread_unwind_stop>,
> =A0=A0=A0=A0=A0stop_argument=3D<optimized out>) at=A0
> /wrkdirs/usr/ports/lang/gcc6/work/gcc-6.4.0/libgcc/unwind.inc:207
> #3=A0=A00x00000008024d52b3 in _Unwind_ForcedUnwind (ex=3D<optimized out=
>,=A0
> stop_func=3D0x7fffdf3bb948, stop_arg=3D0x804427000)
> =A0=A0=A0=A0=A0at /usr/img/freebsd.11/lib/libthr/thread/thr_exit.c:106
> #4=A0=A0thread_unwind () at
> /usr/img/freebsd.11/lib/libthr/thread/thr_exit.c:172
> #5=A0=A0_pthread_exit_mask (status=3D<optimized out>, mask=3D<optimized=
out>)
> =A0=A0=A0=A0=A0at /usr/img/freebsd.11/lib/libthr/thread/thr_exit.c:257
> #6=A0=A00x00000008024d50db in _pthread_exit (status=3D0x804427000) at=A0
> /usr/img/freebsd.11/lib/libthr/thread/thr_exit.c:206
> #7=A0=A00x00000008024c7c0d in thread_start (curthread=3D0x804427000)
> =A0=A0=A0=A0=A0at /usr/img/freebsd.11/lib/libthr/thread/thr_create.c:28=
9
> #8=A0=A00x00007fffdf340000 in ?? ()
> Backtrace stopped: Cannot access memory at address 0x7fffdf3bc000
>=20
> libgcc uses this format which is OK:
>=20
> (gdb) ptype struct _Unwind_Context
> type =3D struct _Unwind_Context {
> =A0=A0=A0=A0=A0_Unwind_Context_Reg_Val reg[18];
> =A0=A0=A0=A0=A0void *cfa;
> =A0=A0=A0=A0=A0void *ra;
> =A0=A0=A0=A0=A0void *lsda;
> =A0=A0=A0=A0=A0struct dwarf_eh_bases bases;
> =A0=A0=A0=A0=A0_Unwind_Word flags;
> =A0=A0=A0=A0=A0_Unwind_Word version;
> =A0=A0=A0=A0=A0_Unwind_Word args_size;
> =A0=A0=A0=A0=A0char by_value[18];
> }
>=20
> >=20
> > x86_64_freebsd_fallback_frame_state
> > (struct _Unwind_Context *context, _Unwind_FrameState *fs)
> > {
> > =A0 struct sigframe *sf;
> > =A0 long new_cfa;
> >=20
> > =A0 /* Prior to FreeBSD 9, the signal trampoline was located
> > immediately
> > =A0=A0=A0=A0=A0before the ps_strings.=A0=A0To support non-executable =
stacks on
> > AMD64,
> > =A0=A0=A0=A0=A0the sigtramp was moved to a shared page for FreeBSD
> > 9.=A0=A0Unfortunately
> > =A0=A0=A0=A0=A0this means looking frame patterns again
> > (sys/amd64/amd64/sigtramp.S)
> > =A0=A0=A0=A0=A0rather than using the robust and convenient KERN_PS_ST=
RINGS
> > trick.
> >=20
> > =A0=A0=A0=A0=A0<pc + 00>:=A0=A0lea=A0=A0=A0=A0=A00x10(%rsp),%rdi
> > =A0=A0=A0=A0=A0<pc + 05>:=A0=A0pushq=A0=A0=A0$0x0
> > =A0=A0=A0=A0=A0<pc + 17>:=A0=A0mov=A0=A0=A0=A0=A0$0x1a1,%rax
> > =A0=A0=A0=A0=A0<pc + 14>:=A0=A0syscall
> >=20
> > =A0=A0=A0=A0=A0If we can't find this pattern, we're at the end of the=
stack.
> > =A0 */
> >=20
> > =A0 if (!(=A0=A0=A0*(unsigned int *)(context->ra)=A0=A0=A0=A0=A0=A0=3D=
=3D 0x247c8d48
> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0^^^^ fault is triggered by th=
is read access on the
> stack
> >=20
> > =A0=A0=A0=A0=A0=A0=A0=A0&& *(unsigned int *)(context->ra +=A0=A04) =3D=
=3D 0x48006a10
> > =A0=A0=A0=A0=A0=A0=A0=A0&& *(unsigned int *)(context->ra +=A0=A08) =3D=
=3D 0x01a1c0c7
> > =A0=A0=A0=A0=A0=A0=A0=A0&& *(unsigned int *)(context->ra + 12) =3D=3D=
0x050f0000 ))
> > =A0=A0=A0=A0return _URC_END_OF_STACK;
> >=20
> The code in question is trying to access the return address of the=A0
> caller on the stack which apparently I think is caught by the
> recently=A0
> added MAP_GUARD feature:
>=20
> https://svnweb.freebsd.org/changeset/base/320763
>=20
> I think this feature can be disabled by setting:
> sysctl security.bsd.stack_guard_page=3D0
>=20
> And then restart Asterisk. Not sure if it helps, currently testing.
> This my best guess why Asterisk started segfaulting when upgrading to
> 11.1.
>=20
> --HPS
In 12-current we've switched to the unwind code from the llvm project.
=A0I wonder if that can be MFC'd to 11?
There are other problems in the contrib/gcc unwind code in 11 right
now. =A0For example, I've been chasing what appears to be a clang codegen
bug that prevents returning a value from a function that contains a
call to __builtin_eh_return(). =A0That leads to a bogus return value
getting misinterpretted and eventually abort() gets called when
std::terminate() should be called instead due to an uncaught exception.
-- Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1506556846.31939.15.camel>