Date: Wed, 27 Sep 2017 18:00:46 -0600 From: Ian Lepore <ian@freebsd.org> To: Asterisk on BSD discussion <asterisk-bsd@lists.digium.com>, Tao Zhou <tao@ish.com.au>, freebsd-stable <freebsd-stable@freebsd.org>, Konstantin Belousov <kib@FreeBSD.org>, David Wetzel <dave@turbocat.de>, Ed Maste <emaste@freebsd.org> Subject: Re: [Asterisk-bsd] Asterisk13 coredump on freebsd 11.1 Message-ID: <1506556846.31939.15.camel@freebsd.org> In-Reply-To: <81116454-105e-f72a-5251-a45aac100c22@selasky.org> References: <30f177e2-3fd7-37e7-2f77-4b43a56c6713@ish.com.au> <25f05b1c-34e5-aa88-39cc-55c9a7b15616@selasky.org> <81116454-105e-f72a-5251-a45aac100c22@selasky.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2017-09-28 at 01:17 +0200, Hans Petter Selasky wrote:
> Hi,
>
> I just upgraded and hit these SEGFAULTs too. First of all you need
> to
> install GDB 8.0 from ports to get the right backtrace (important).
> This
> leads straight into LibUnwind in libgcc:
>
> (gdb) bt
> #0 uw_frame_state_for (context=context@entry=0x7fffdf3bbe20,
> fs=fs@entry=0x7fffdf3bbb70)
> at /wrkdirs/usr/ports/lang/gcc6/work/gcc-6.4.0/libgcc/unwind-
> dw2.c:1249
> #1 0x0000000802cc8ffb in _Unwind_ForcedUnwind_Phase2
> (exc=exc@entry=0x804427230,
> context=context@entry=0x7fffdf3bbe20) at
> /wrkdirs/usr/ports/lang/gcc6/work/gcc-6.4.0/libgcc/unwind.inc:155
> #2 0x0000000802cc9334 in _Unwind_ForcedUnwind (exc=0x804427230,
> stop=0x8024d5450 <thread_unwind_stop>,
> stop_argument=<optimized out>) at
> /wrkdirs/usr/ports/lang/gcc6/work/gcc-6.4.0/libgcc/unwind.inc:207
> #3 0x00000008024d52b3 in _Unwind_ForcedUnwind (ex=<optimized out>,
> stop_func=0x7fffdf3bb948, stop_arg=0x804427000)
> at /usr/img/freebsd.11/lib/libthr/thread/thr_exit.c:106
> #4 thread_unwind () at
> /usr/img/freebsd.11/lib/libthr/thread/thr_exit.c:172
> #5 _pthread_exit_mask (status=<optimized out>, mask=<optimized out>)
> at /usr/img/freebsd.11/lib/libthr/thread/thr_exit.c:257
> #6 0x00000008024d50db in _pthread_exit (status=0x804427000) at
> /usr/img/freebsd.11/lib/libthr/thread/thr_exit.c:206
> #7 0x00000008024c7c0d in thread_start (curthread=0x804427000)
> at /usr/img/freebsd.11/lib/libthr/thread/thr_create.c:289
> #8 0x00007fffdf340000 in ?? ()
> Backtrace stopped: Cannot access memory at address 0x7fffdf3bc000
>
> libgcc uses this format which is OK:
>
> (gdb) ptype struct _Unwind_Context
> type = struct _Unwind_Context {
> _Unwind_Context_Reg_Val reg[18];
> void *cfa;
> void *ra;
> void *lsda;
> struct dwarf_eh_bases bases;
> _Unwind_Word flags;
> _Unwind_Word version;
> _Unwind_Word args_size;
> char by_value[18];
> }
>
> >
> > x86_64_freebsd_fallback_frame_state
> > (struct _Unwind_Context *context, _Unwind_FrameState *fs)
> > {
> > struct sigframe *sf;
> > long new_cfa;
> >
> > /* Prior to FreeBSD 9, the signal trampoline was located
> > immediately
> > before the ps_strings. To support non-executable stacks on
> > AMD64,
> > the sigtramp was moved to a shared page for FreeBSD
> > 9. Unfortunately
> > this means looking frame patterns again
> > (sys/amd64/amd64/sigtramp.S)
> > rather than using the robust and convenient KERN_PS_STRINGS
> > trick.
> >
> > <pc + 00>: lea 0x10(%rsp),%rdi
> > <pc + 05>: pushq $0x0
> > <pc + 17>: mov $0x1a1,%rax
> > <pc + 14>: syscall
> >
> > If we can't find this pattern, we're at the end of the stack.
> > */
> >
> > if (!( *(unsigned int *)(context->ra) == 0x247c8d48
> ^^^^ fault is triggered by this read access on the
> stack
> >
> > && *(unsigned int *)(context->ra + 4) == 0x48006a10
> > && *(unsigned int *)(context->ra + 8) == 0x01a1c0c7
> > && *(unsigned int *)(context->ra + 12) == 0x050f0000 ))
> > return _URC_END_OF_STACK;
> >
> The code in question is trying to access the return address of the
> caller on the stack which apparently I think is caught by the
> recently
> added MAP_GUARD feature:
>
> https://svnweb.freebsd.org/changeset/base/320763
>
> I think this feature can be disabled by setting:
> sysctl security.bsd.stack_guard_page=0
>
> And then restart Asterisk. Not sure if it helps, currently testing.
> This my best guess why Asterisk started segfaulting when upgrading to
> 11.1.
>
> --HPS
In 12-current we've switched to the unwind code from the llvm project.
I wonder if that can be MFC'd to 11?
There are other problems in the contrib/gcc unwind code in 11 right
now. For example, I've been chasing what appears to be a clang codegen
bug that prevents returning a value from a function that contains a
call to __builtin_eh_return(). That leads to a bogus return value
getting misinterpretted and eventually abort() gets called when
std::terminate() should be called instead due to an uncaught exception.
-- Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1506556846.31939.15.camel>