Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 28 Sep 2017 10:32:17 +0300
From:      Konstantin Belousov <kostikbel@gmail.com>
To:        Asterisk on BSD discussion <asterisk-bsd@lists.digium.com>
Cc:        Tao Zhou <tao@ish.com.au>, freebsd-stable <freebsd-stable@freebsd.org>, Konstantin Belousov <kib@FreeBSD.org>, David Wetzel <dave@turbocat.de>, Ed Maste <emaste@freebsd.org>
Subject:   Re: [Asterisk-bsd] Asterisk13 coredump on freebsd 11.1
Message-ID:  <20170928073217.GN2271@kib.kiev.ua>
In-Reply-To: <81116454-105e-f72a-5251-a45aac100c22@selasky.org>
References:  <30f177e2-3fd7-37e7-2f77-4b43a56c6713@ish.com.au> <25f05b1c-34e5-aa88-39cc-55c9a7b15616@selasky.org> <81116454-105e-f72a-5251-a45aac100c22@selasky.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Sep 28, 2017 at 01:17:24AM +0200, Hans Petter Selasky wrote:
> Hi,
> 
> I just upgraded and hit these SEGFAULTs too. First of all you need to 
> install GDB 8.0 from ports to get the right backtrace (important). This 
> leads straight into LibUnwind in libgcc:
> 
> (gdb) bt
> #0  uw_frame_state_for (context=context@entry=0x7fffdf3bbe20, 
> fs=fs@entry=0x7fffdf3bbb70)
>      at /wrkdirs/usr/ports/lang/gcc6/work/gcc-6.4.0/libgcc/unwind-dw2.c:1249
> #1  0x0000000802cc8ffb in _Unwind_ForcedUnwind_Phase2 
> (exc=exc@entry=0x804427230,
>      context=context@entry=0x7fffdf3bbe20) at 
> /wrkdirs/usr/ports/lang/gcc6/work/gcc-6.4.0/libgcc/unwind.inc:155
> #2  0x0000000802cc9334 in _Unwind_ForcedUnwind (exc=0x804427230, 
> stop=0x8024d5450 <thread_unwind_stop>,
>      stop_argument=<optimized out>) at 
> /wrkdirs/usr/ports/lang/gcc6/work/gcc-6.4.0/libgcc/unwind.inc:207
> #3  0x00000008024d52b3 in _Unwind_ForcedUnwind (ex=<optimized out>, 
> stop_func=0x7fffdf3bb948, stop_arg=0x804427000)
>      at /usr/img/freebsd.11/lib/libthr/thread/thr_exit.c:106
> #4  thread_unwind () at /usr/img/freebsd.11/lib/libthr/thread/thr_exit.c:172
> #5  _pthread_exit_mask (status=<optimized out>, mask=<optimized out>)
>      at /usr/img/freebsd.11/lib/libthr/thread/thr_exit.c:257
> #6  0x00000008024d50db in _pthread_exit (status=0x804427000) at 
> /usr/img/freebsd.11/lib/libthr/thread/thr_exit.c:206
> #7  0x00000008024c7c0d in thread_start (curthread=0x804427000)
>      at /usr/img/freebsd.11/lib/libthr/thread/thr_create.c:289
> #8  0x00007fffdf340000 in ?? ()
> Backtrace stopped: Cannot access memory at address 0x7fffdf3bc000
> 
> libgcc uses this format which is OK:
> 
> (gdb) ptype struct _Unwind_Context
> type = struct _Unwind_Context {
>      _Unwind_Context_Reg_Val reg[18];
>      void *cfa;
>      void *ra;
>      void *lsda;
>      struct dwarf_eh_bases bases;
>      _Unwind_Word flags;
>      _Unwind_Word version;
>      _Unwind_Word args_size;
>      char by_value[18];
> }
> 
> > x86_64_freebsd_fallback_frame_state
> > (struct _Unwind_Context *context, _Unwind_FrameState *fs)
> > {
> >   struct sigframe *sf;
> >   long new_cfa;
> > 
> >   /* Prior to FreeBSD 9, the signal trampoline was located immediately
> >      before the ps_strings.  To support non-executable stacks on AMD64,
> >      the sigtramp was moved to a shared page for FreeBSD 9.  Unfortunately
> >      this means looking frame patterns again (sys/amd64/amd64/sigtramp.S)
> >      rather than using the robust and convenient KERN_PS_STRINGS trick.
> > 
> >      <pc + 00>:  lea     0x10(%rsp),%rdi
> >      <pc + 05>:  pushq   $0x0
> >      <pc + 17>:  mov     $0x1a1,%rax
> >      <pc + 14>:  syscall
> > 
> >      If we can't find this pattern, we're at the end of the stack.
> >   */
> > 
> >   if (!(   *(unsigned int *)(context->ra)      == 0x247c8d48
>               ^^^^ fault is triggered by this read access on the stack
> >         && *(unsigned int *)(context->ra +  4) == 0x48006a10
> >         && *(unsigned int *)(context->ra +  8) == 0x01a1c0c7
> >         && *(unsigned int *)(context->ra + 12) == 0x050f0000 ))
> >     return _URC_END_OF_STACK;
> > 
> 
> The code in question is trying to access the return address of the 
> caller on the stack which apparently I think is caught by the recently 
> added MAP_GUARD feature:
> 
> https://svnweb.freebsd.org/changeset/base/320763
> 
> I think this feature can be disabled by setting:
> sysctl security.bsd.stack_guard_page=0
> 
> And then restart Asterisk. Not sure if it helps, currently testing.
> This my best guess why Asterisk started segfaulting when upgrading to 11.1.

See this thread on current
https://lists.freebsd.org/pipermail/freebsd-current/2017-August/066855.html
which contained at least two variants of the supposed improvements.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170928073217.GN2271>