Date: Thu, 26 Dec 2013 17:27:47 +0100 From: "O. Hartmann" <ohartman@zedat.fu-berlin.de> To: Andriy Gapon <avg@FreeBSD.org> Cc: Alan Cox <alc@FreeBSD.org>, FreeBSD Current <freebsd-current@FreeBSD.org>, Marcel Moolenaar <marcel@FreeBSD.org>, freebsd-java@FreeBSD.org Subject: Re: latest openjdk7 triggers kernel panic Message-ID: <20131226172747.12138d4c@thor.walstatt.dyndns.org> In-Reply-To: <52BC1B41.2060900@FreeBSD.org> References: <52BC1B41.2060900@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/.owTiuHktt=aDC6l_TwWUM9 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Thu, 26 Dec 2013 14:04:17 +0200 Andriy Gapon <avg@FreeBSD.org> wrote: >=20 > I am running FreeBSD based on the head from a few weeks ago, amd64. >=20 > It seems that after a recent upgrade of openjdk7 I consistently get a > kernel panic when a java process starts: >=20 > panic: Bad entry start/end for new stack entry > KDB: stack backtrace: > db_trace_self_wrapper() at 0xffffffff803adc9b =3D > db_trace_self_wrapper+0x2b/frame 0xfffffe02ba6fe6e0 > kdb_backtrace() at 0xffffffff805cbd79 =3D kdb_backtrace+0x39/frame > 0xfffffe02ba6fe790 panic() at 0xffffffff80597733 =3D panic+0x1a3/frame > 0xfffffe02ba6fe810 vm_map_stack() at 0xffffffff80719f2e =3D > vm_map_stack+0x3ce/frame 0xfffffe02ba6fe8a0 vm_mmap() at > 0xffffffff8071c270 =3D vm_mmap+0x520/frame 0xfffffe02ba6fea30 > sys_mmap() at 0xffffffff8071bad3 =3D sys_mmap+0x303/frame > 0xfffffe02ba6feaf0 amd64_syscall() at 0xffffffff8074d0c8 =3D > amd64_syscall+0x238/frame 0xfffffe02ba6febf0 Xfast_syscall() at > 0xffffffff80733e2b =3D Xfast_syscall+0xfb/frame 0xfffffe02ba6febf0 >=20 > Specifically, new_entry->end !=3D top condition is true. > new_entry->end is consistently greater than top by 3 pages. >=20 > I suspect that java now does some hacky things with its stack and I > suspect that vm_map_simplify_entry() call at the end of > vm_map_insert() could be to blame. Although, the call is guarded by a > check: >=20 > 1290 /* > 1291 * It may be possible to merge the new entry with the > next and/or 1292 * previous entries. However, due to > MAP_STACK_* being a hack, a 1293 * panic can result from > merging such entries. 1294 */ > 1295 if ((cow & (MAP_STACK_GROWS_DOWN | MAP_STACK_GROWS_UP)) > =3D=3D 0) 1296 vm_map_simplify_entry(map, new_entry); >=20 > But that check seems to be defeated by the fact that vm_map_stack() > clears our the relevant bits after saving them locally: >=20 > 3335 /* > 3336 * The stack orientation is piggybacked with the cow > argument. 3337 * Extract it into orient and mask the cow > argument so that we 3338 * don't pass it around further. > 3339 * NOTE: We explicitly allow bi-directional stacks. > 3340 */ > 3341 orient =3D cow & (MAP_STACK_GROWS_DOWN|MAP_STACK_GROWS_UP); > 3342 cow &=3D ~orient; >=20 I see a similar situation on FreeBSD 11.0-CURRENT #3 r259845: Tue Dec 24 23:40:13 CET 2013 amd64 The crash can be easily triggered by starting any JAVA application (I'm running lates java/openjdk6 from ports). The problem also occurs when loading very large images in firefox (/www/firefox, lates from ports, I looked at some Hubble Space Telescope pictures when I triggered the crash). Oliver --Sig_/.owTiuHktt=aDC6l_TwWUM9 Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQEcBAEBAgAGBQJSvFkHAAoJEOgBcD7A/5N87WgH/jiqXFC0Gs+FQDKi9aIiRznE GHXpiNp45IfuJZmgE1FB13apSmje+s/Oh/MepH9dLbhx1XRYLtk1eVDWjmPQm/Sk YnA4J4PveobwbgQGt458Fbh5AVpjsEIvYLuOs1/08yBNeOfZM2NuhgOvzuCMz0uX PsmcE1TKEvYN07YAyvnF9pYqpLfVzU+lMc1m8sHX+Fnbk0xhrLAPpseTG85f3oxH MDiQEQa3BDEqOOldYnOpD3CMEREYojsKqCxmkrDXHZbDEx5WGRwSWbwBy5h97zP/ dYsnjjFx234PLbFp6sLThQNbQBHJKlFDHDax7Us9hlCA0SFvNK6rYjAselSi9lA= =wgR0 -----END PGP SIGNATURE----- --Sig_/.owTiuHktt=aDC6l_TwWUM9--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20131226172747.12138d4c>