[Asterisk-bsd] Asterisk13 coredump on freebsd 11.1
Konstantin Belousov
kostikbel at gmail.com
Thu Sep 28 07:32:30 UTC 2017
On Thu, Sep 28, 2017 at 01:17:24AM +0200, Hans Petter Selasky wrote:
> Hi,
>
> I just upgraded and hit these SEGFAULTs too. First of all you need to
> install GDB 8.0 from ports to get the right backtrace (important). This
> leads straight into LibUnwind in libgcc:
>
> (gdb) bt
> #0 uw_frame_state_for (context=context at entry=0x7fffdf3bbe20,
> fs=fs at entry=0x7fffdf3bbb70)
> at /wrkdirs/usr/ports/lang/gcc6/work/gcc-6.4.0/libgcc/unwind-dw2.c:1249
> #1 0x0000000802cc8ffb in _Unwind_ForcedUnwind_Phase2
> (exc=exc at entry=0x804427230,
> context=context at entry=0x7fffdf3bbe20) at
> /wrkdirs/usr/ports/lang/gcc6/work/gcc-6.4.0/libgcc/unwind.inc:155
> #2 0x0000000802cc9334 in _Unwind_ForcedUnwind (exc=0x804427230,
> stop=0x8024d5450 <thread_unwind_stop>,
> stop_argument=<optimized out>) at
> /wrkdirs/usr/ports/lang/gcc6/work/gcc-6.4.0/libgcc/unwind.inc:207
> #3 0x00000008024d52b3 in _Unwind_ForcedUnwind (ex=<optimized out>,
> stop_func=0x7fffdf3bb948, stop_arg=0x804427000)
> at /usr/img/freebsd.11/lib/libthr/thread/thr_exit.c:106
> #4 thread_unwind () at /usr/img/freebsd.11/lib/libthr/thread/thr_exit.c:172
> #5 _pthread_exit_mask (status=<optimized out>, mask=<optimized out>)
> at /usr/img/freebsd.11/lib/libthr/thread/thr_exit.c:257
> #6 0x00000008024d50db in _pthread_exit (status=0x804427000) at
> /usr/img/freebsd.11/lib/libthr/thread/thr_exit.c:206
> #7 0x00000008024c7c0d in thread_start (curthread=0x804427000)
> at /usr/img/freebsd.11/lib/libthr/thread/thr_create.c:289
> #8 0x00007fffdf340000 in ?? ()
> Backtrace stopped: Cannot access memory at address 0x7fffdf3bc000
>
> libgcc uses this format which is OK:
>
> (gdb) ptype struct _Unwind_Context
> type = struct _Unwind_Context {
> _Unwind_Context_Reg_Val reg[18];
> void *cfa;
> void *ra;
> void *lsda;
> struct dwarf_eh_bases bases;
> _Unwind_Word flags;
> _Unwind_Word version;
> _Unwind_Word args_size;
> char by_value[18];
> }
>
> > x86_64_freebsd_fallback_frame_state
> > (struct _Unwind_Context *context, _Unwind_FrameState *fs)
> > {
> > struct sigframe *sf;
> > long new_cfa;
> >
> > /* Prior to FreeBSD 9, the signal trampoline was located immediately
> > before the ps_strings. To support non-executable stacks on AMD64,
> > the sigtramp was moved to a shared page for FreeBSD 9. Unfortunately
> > this means looking frame patterns again (sys/amd64/amd64/sigtramp.S)
> > rather than using the robust and convenient KERN_PS_STRINGS trick.
> >
> > <pc + 00>: lea 0x10(%rsp),%rdi
> > <pc + 05>: pushq $0x0
> > <pc + 17>: mov $0x1a1,%rax
> > <pc + 14>: syscall
> >
> > If we can't find this pattern, we're at the end of the stack.
> > */
> >
> > if (!( *(unsigned int *)(context->ra) == 0x247c8d48
> ^^^^ fault is triggered by this read access on the stack
> > && *(unsigned int *)(context->ra + 4) == 0x48006a10
> > && *(unsigned int *)(context->ra + 8) == 0x01a1c0c7
> > && *(unsigned int *)(context->ra + 12) == 0x050f0000 ))
> > return _URC_END_OF_STACK;
> >
>
> The code in question is trying to access the return address of the
> caller on the stack which apparently I think is caught by the recently
> added MAP_GUARD feature:
>
> https://svnweb.freebsd.org/changeset/base/320763
>
> I think this feature can be disabled by setting:
> sysctl security.bsd.stack_guard_page=0
>
> And then restart Asterisk. Not sure if it helps, currently testing.
> This my best guess why Asterisk started segfaulting when upgrading to 11.1.
See this thread on current
https://lists.freebsd.org/pipermail/freebsd-current/2017-August/066855.html
which contained at least two variants of the supposed improvements.
More information about the freebsd-stable
mailing list