From owner-freebsd-current@FreeBSD.ORG Thu Dec 26 16:28:00 2013 Return-Path: Delivered-To: freebsd-current@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 76A04C7F; Thu, 26 Dec 2013 16:28:00 +0000 (UTC) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 2D34F1E26; Thu, 26 Dec 2013 16:28:00 +0000 (UTC) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost.zedat.fu-berlin.de (Exim 4.82) with esmtp (envelope-from ) id <1VwDmq-000AxC-9i>; Thu, 26 Dec 2013 17:27:52 +0100 Received: from g225158197.adsl.alicedsl.de ([92.225.158.197] helo=thor.walstatt.dyndns.org) by inpost2.zedat.fu-berlin.de (Exim 4.82) with esmtpsa (envelope-from ) id <1VwDmq-000TfI-4f>; Thu, 26 Dec 2013 17:27:52 +0100 Date: Thu, 26 Dec 2013 17:27:47 +0100 From: "O. Hartmann" To: Andriy Gapon Subject: Re: latest openjdk7 triggers kernel panic Message-ID: <20131226172747.12138d4c@thor.walstatt.dyndns.org> In-Reply-To: <52BC1B41.2060900@FreeBSD.org> References: <52BC1B41.2060900@FreeBSD.org> Organization: FU Berlin X-Mailer: Claws Mail 3.9.3 (GTK+ 2.24.22; amd64-portbld-freebsd11.0) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; boundary="Sig_/.owTiuHktt=aDC6l_TwWUM9"; protocol="application/pgp-signature" X-Originating-IP: 92.225.158.197 X-ZEDAT-Hint: A Cc: Alan Cox , FreeBSD Current , Marcel Moolenaar , freebsd-java@FreeBSD.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Dec 2013 16:28:00 -0000 --Sig_/.owTiuHktt=aDC6l_TwWUM9 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Thu, 26 Dec 2013 14:04:17 +0200 Andriy Gapon wrote: >=20 > I am running FreeBSD based on the head from a few weeks ago, amd64. >=20 > It seems that after a recent upgrade of openjdk7 I consistently get a > kernel panic when a java process starts: >=20 > panic: Bad entry start/end for new stack entry > KDB: stack backtrace: > db_trace_self_wrapper() at 0xffffffff803adc9b =3D > db_trace_self_wrapper+0x2b/frame 0xfffffe02ba6fe6e0 > kdb_backtrace() at 0xffffffff805cbd79 =3D kdb_backtrace+0x39/frame > 0xfffffe02ba6fe790 panic() at 0xffffffff80597733 =3D panic+0x1a3/frame > 0xfffffe02ba6fe810 vm_map_stack() at 0xffffffff80719f2e =3D > vm_map_stack+0x3ce/frame 0xfffffe02ba6fe8a0 vm_mmap() at > 0xffffffff8071c270 =3D vm_mmap+0x520/frame 0xfffffe02ba6fea30 > sys_mmap() at 0xffffffff8071bad3 =3D sys_mmap+0x303/frame > 0xfffffe02ba6feaf0 amd64_syscall() at 0xffffffff8074d0c8 =3D > amd64_syscall+0x238/frame 0xfffffe02ba6febf0 Xfast_syscall() at > 0xffffffff80733e2b =3D Xfast_syscall+0xfb/frame 0xfffffe02ba6febf0 >=20 > Specifically, new_entry->end !=3D top condition is true. > new_entry->end is consistently greater than top by 3 pages. >=20 > I suspect that java now does some hacky things with its stack and I > suspect that vm_map_simplify_entry() call at the end of > vm_map_insert() could be to blame. Although, the call is guarded by a > check: >=20 > 1290 /* > 1291 * It may be possible to merge the new entry with the > next and/or 1292 * previous entries. However, due to > MAP_STACK_* being a hack, a 1293 * panic can result from > merging such entries. 1294 */ > 1295 if ((cow & (MAP_STACK_GROWS_DOWN | MAP_STACK_GROWS_UP)) > =3D=3D 0) 1296 vm_map_simplify_entry(map, new_entry); >=20 > But that check seems to be defeated by the fact that vm_map_stack() > clears our the relevant bits after saving them locally: >=20 > 3335 /* > 3336 * The stack orientation is piggybacked with the cow > argument. 3337 * Extract it into orient and mask the cow > argument so that we 3338 * don't pass it around further. > 3339 * NOTE: We explicitly allow bi-directional stacks. > 3340 */ > 3341 orient =3D cow & (MAP_STACK_GROWS_DOWN|MAP_STACK_GROWS_UP); > 3342 cow &=3D ~orient; >=20 I see a similar situation on FreeBSD 11.0-CURRENT #3 r259845: Tue Dec 24 23:40:13 CET 2013 amd64 The crash can be easily triggered by starting any JAVA application (I'm running lates java/openjdk6 from ports). The problem also occurs when loading very large images in firefox (/www/firefox, lates from ports, I looked at some Hubble Space Telescope pictures when I triggered the crash). Oliver --Sig_/.owTiuHktt=aDC6l_TwWUM9 Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQEcBAEBAgAGBQJSvFkHAAoJEOgBcD7A/5N87WgH/jiqXFC0Gs+FQDKi9aIiRznE GHXpiNp45IfuJZmgE1FB13apSmje+s/Oh/MepH9dLbhx1XRYLtk1eVDWjmPQm/Sk YnA4J4PveobwbgQGt458Fbh5AVpjsEIvYLuOs1/08yBNeOfZM2NuhgOvzuCMz0uX PsmcE1TKEvYN07YAyvnF9pYqpLfVzU+lMc1m8sHX+Fnbk0xhrLAPpseTG85f3oxH MDiQEQa3BDEqOOldYnOpD3CMEREYojsKqCxmkrDXHZbDEx5WGRwSWbwBy5h97zP/ dYsnjjFx234PLbFp6sLThQNbQBHJKlFDHDax7Us9hlCA0SFvNK6rYjAselSi9lA= =wgR0 -----END PGP SIGNATURE----- --Sig_/.owTiuHktt=aDC6l_TwWUM9--