From owner-freebsd-java@FreeBSD.ORG  Thu Dec 26 15:39:46 2013
Return-Path: <owner-freebsd-java@FreeBSD.ORG>
Delivered-To: freebsd-java@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id BB456524;
 Thu, 26 Dec 2013 15:39:46 +0000 (UTC)
Received: from mail-wi0-x22c.google.com (mail-wi0-x22c.google.com
 [IPv6:2a00:1450:400c:c05::22c])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id B6D4019D5;
 Thu, 26 Dec 2013 15:39:45 +0000 (UTC)
Received: by mail-wi0-f172.google.com with SMTP id en1so13497297wid.5
 for <multiple recipients>; Thu, 26 Dec 2013 07:39:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:sender:in-reply-to:references:date:message-id:subject
 :from:to:cc:content-type;
 bh=WxkFRuYD2rXO6ijO1Woim3F853XZukZr/jd9iisBF/I=;
 b=mAj1hxNVOuw/1WtsQFS0nIfkZxby3AFB3YhFYS76znlhCflDXboYIuQ8nPNZ6EkYNf
 aP/hmXSCz+8zt6hdMla0m8FvLgHzycwlfRD+yxo6PIGpF6z5N68mMRTFR01vRoHuMfA0
 LZeVLigb10FveZ4dVb17/8AYyhYt3N7a2R0dF973tfGe6MypXJUoLYN5I1Fa2/hUizbF
 ccD0LWJtb+vXjW0qsE6vpcOHHel3f8H2pbA79z1cwQKwCRCcUT1aTP+fmdLk5skXzdT6
 Kb7K3Mc/V8jPQ/aEi43B065kDa9OepekW174NZrrtRtctDsK0tM3n/lnv6twX5Hl3Gmo
 1T5w==
MIME-Version: 1.0
X-Received: by 10.180.95.162 with SMTP id dl2mr30011034wib.17.1388072383104;
 Thu, 26 Dec 2013 07:39:43 -0800 (PST)
Sender: antoine.brodin.freebsd@gmail.com
Received: by 10.194.33.37 with HTTP; Thu, 26 Dec 2013 07:39:43 -0800 (PST)
In-Reply-To: <52BC1B41.2060900@FreeBSD.org>
References: <52BC1B41.2060900@FreeBSD.org>
Date: Thu, 26 Dec 2013 16:39:43 +0100
X-Google-Sender-Auth: mvFDT5gns5K4BqeqtPqBgzw9mQk
Message-ID: <CAALwa8=gmPfQKp7FvGHBNY4wTPc+TVoGHMk=a5gRJB-ysCLrXQ@mail.gmail.com>
Subject: Re: latest openjdk7 triggers kernel panic
From: Antoine Brodin <antoine@FreeBSD.org>
To: Andriy Gapon <avg@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1
Cc: Alan Cox <alc@freebsd.org>, FreeBSD Current <freebsd-current@freebsd.org>,
 Marcel Moolenaar <marcel@freebsd.org>, freebsd-java@freebsd.org
X-BeenThere: freebsd-java@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Porting Java to FreeBSD <freebsd-java.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-java>,
 <mailto:freebsd-java-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-java/>
List-Post: <mailto:freebsd-java@freebsd.org>
List-Help: <mailto:freebsd-java-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-java>,
 <mailto:freebsd-java-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Dec 2013 15:39:46 -0000

On Thu, Dec 26, 2013 at 1:04 PM, Andriy Gapon <avg@freebsd.org> wrote:
>
> I am running FreeBSD based on the head from a few weeks ago, amd64.
>
> It seems that after a recent upgrade of openjdk7 I consistently get a kernel
> panic when a java process starts:
>
> panic: Bad entry start/end for new stack entry
> KDB: stack backtrace:
> db_trace_self_wrapper() at 0xffffffff803adc9b = db_trace_self_wrapper+0x2b/frame
> 0xfffffe02ba6fe6e0
> kdb_backtrace() at 0xffffffff805cbd79 = kdb_backtrace+0x39/frame 0xfffffe02ba6fe790
> panic() at 0xffffffff80597733 = panic+0x1a3/frame 0xfffffe02ba6fe810
> vm_map_stack() at 0xffffffff80719f2e = vm_map_stack+0x3ce/frame 0xfffffe02ba6fe8a0
> vm_mmap() at 0xffffffff8071c270 = vm_mmap+0x520/frame 0xfffffe02ba6fea30
> sys_mmap() at 0xffffffff8071bad3 = sys_mmap+0x303/frame 0xfffffe02ba6feaf0
> amd64_syscall() at 0xffffffff8074d0c8 = amd64_syscall+0x238/frame 0xfffffe02ba6febf0
> Xfast_syscall() at 0xffffffff80733e2b = Xfast_syscall+0xfb/frame 0xfffffe02ba6febf0
>
> Specifically, new_entry->end != top condition is true.
> new_entry->end is consistently greater than top by 3 pages.
>
> I suspect that java now does some hacky things with its stack and I suspect that
> vm_map_simplify_entry() call at the end of vm_map_insert() could be to blame.
> Although, the call is guarded by a check:
>
> 1290         /*
> 1291          * It may be possible to merge the new entry with the next and/or
> 1292          * previous entries.  However, due to MAP_STACK_* being a hack, a
> 1293          * panic can result from merging such entries.
> 1294          */
> 1295         if ((cow & (MAP_STACK_GROWS_DOWN | MAP_STACK_GROWS_UP)) == 0)
> 1296                 vm_map_simplify_entry(map, new_entry);
>
> But that check seems to be defeated by the fact that vm_map_stack() clears our
> the relevant bits after saving them locally:
>
> 3335         /*
> 3336          * The stack orientation is piggybacked with the cow argument.
> 3337          * Extract it into orient and mask the cow argument so that we
> 3338          * don't pass it around further.
> 3339          * NOTE: We explicitly allow bi-directional stacks.
> 3340          */
> 3341         orient = cow & (MAP_STACK_GROWS_DOWN|MAP_STACK_GROWS_UP);
> 3342         cow &= ~orient;


Hello,

FWIW,  I had a similar panic today on 9.2-RELEASE with a GENERIC kernel:
panic: Bad entry start/end for new stack entry
cpuid = 1
KDB: stack backtrace:
#0 0xffffffff80947986 at kdb_backtrace+0x66
#1 0xffffffff8090d9ae at panic+0x1ce
#2 0xffffffff80b81314 at vm_map_stack+0x274
#3 0xffffffff80b83584 at vm_mmap+0x674
#4 0xffffffff80b83d2f at sys_mmap+0x1cf
#5 0xffffffff80cf187a at amd64_syscall+0x5ea
#6 0xffffffff80cdbff7 at Xfast_syscall+0xf7

It looks like the box was compiling java related ports (java/jaxen and
devel/antlr) when it panic'ed.

Cheers,

Antoine