On Thu, 26 Dec 2013 14:04:17 +0200 Andriy Gapon <avg_at_FreeBSD.org> wrote: > > I am running FreeBSD based on the head from a few weeks ago, amd64. > > It seems that after a recent upgrade of openjdk7 I consistently get a > kernel panic when a java process starts: > > panic: Bad entry start/end for new stack entry > KDB: stack backtrace: > db_trace_self_wrapper() at 0xffffffff803adc9b = > db_trace_self_wrapper+0x2b/frame 0xfffffe02ba6fe6e0 > kdb_backtrace() at 0xffffffff805cbd79 = kdb_backtrace+0x39/frame > 0xfffffe02ba6fe790 panic() at 0xffffffff80597733 = panic+0x1a3/frame > 0xfffffe02ba6fe810 vm_map_stack() at 0xffffffff80719f2e = > vm_map_stack+0x3ce/frame 0xfffffe02ba6fe8a0 vm_mmap() at > 0xffffffff8071c270 = vm_mmap+0x520/frame 0xfffffe02ba6fea30 > sys_mmap() at 0xffffffff8071bad3 = sys_mmap+0x303/frame > 0xfffffe02ba6feaf0 amd64_syscall() at 0xffffffff8074d0c8 = > amd64_syscall+0x238/frame 0xfffffe02ba6febf0 Xfast_syscall() at > 0xffffffff80733e2b = Xfast_syscall+0xfb/frame 0xfffffe02ba6febf0 > > Specifically, new_entry->end != top condition is true. > new_entry->end is consistently greater than top by 3 pages. > > I suspect that java now does some hacky things with its stack and I > suspect that vm_map_simplify_entry() call at the end of > vm_map_insert() could be to blame. Although, the call is guarded by a > check: > > 1290 /* > 1291 * It may be possible to merge the new entry with the > next and/or 1292 * previous entries. However, due to > MAP_STACK_* being a hack, a 1293 * panic can result from > merging such entries. 1294 */ > 1295 if ((cow & (MAP_STACK_GROWS_DOWN | MAP_STACK_GROWS_UP)) > == 0) 1296 vm_map_simplify_entry(map, new_entry); > > But that check seems to be defeated by the fact that vm_map_stack() > clears our the relevant bits after saving them locally: > > 3335 /* > 3336 * The stack orientation is piggybacked with the cow > argument. 3337 * Extract it into orient and mask the cow > argument so that we 3338 * don't pass it around further. > 3339 * NOTE: We explicitly allow bi-directional stacks. > 3340 */ > 3341 orient = cow & (MAP_STACK_GROWS_DOWN|MAP_STACK_GROWS_UP); > 3342 cow &= ~orient; > I see a similar situation on FreeBSD 11.0-CURRENT #3 r259845: Tue Dec 24 23:40:13 CET 2013 amd64 The crash can be easily triggered by starting any JAVA application (I'm running lates java/openjdk6 from ports). The problem also occurs when loading very large images in firefox (/www/firefox, lates from ports, I looked at some Hubble Space Telescope pictures when I triggered the crash). Oliver
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:45 UTC