>Number: 6461
>Category: kernel
>Synopsis: Stopped at uvm_tree_RB_REMOVE_COLOR
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Sep 09 07:30:02 GMT 2010
>Closed-Date:
>Last-Modified:
>Originator:
>Release:
>Organization:
>Environment:
System : OpenBSD 4.8
Details : OpenBSD 4.8-current (GENERIC) #324: Mon Sep 6 15:48:48
MDT 2010
[email protected]:/usr/src/sys/arch/i386/compile/GENERIC
Architecture: OpenBSD.i386
Machine : i386
>Description:
Found system unresponsive, serial console showed ddb. In
/var/log/messages I found this:
Sep 9 07:53:20 keibi /bsd: uvm_fault(0xd0a03920, 0x5000, 0, 1) -> e
Sep 9 07:53:20 keibi /bsd: kernel: page fault trap, code=0
Sep 9 07:53:20 keibi /bsd: Stopped at uvm_tree_RB_REMOVE_COLOR+0xea: movl
0xc(%eax),%edx
Sep 9 07:53:20 keibi /bsd: ddb> ddb> the kernel did not panic
Sep 9 07:53:20 keibi /bsd: ddb> uvm_fault(0xd0a03920, 0x5000, 0, 1) -> e
Sep 9 07:53:20 keibi /bsd: kernel: page fault trap, code=0
Sep 9 07:53:20 keibi /bsd: Stopped at uvm_tree_RB_REMOVE_COLOR+0xea: movl
0xc(%eax),%edx
Sep 9 07:53:20 keibi /bsd: ddb> the kernel did not panic
Sep 9 07:53:20 keibi /bsd: ddb>
uvm_tree_RB_REMOVE_COLOR(d9c0aaa4,da056528,0,0,0) at
uvm_tree_RB_REMOVE_COLOR+0xea
Sep 9 07:53:20 keibi /bsd:
uvm_tree_RB_REMOVE(d9c0aaa4,da09e898,85376000,da09e898,d9c0aa98) at
uvm_tree_RB_REMOVE+0xf4
Sep 9 07:53:20 keibi /bsd:
uvm_rb_remove(d9c0aa98,da09e898,85376000,d03e27d6,d0abfa94) at
uvm_rb_remove+0x27
Sep 9 07:53:20 keibi /bsd: uvm_unmap_remove(d9c0aa98,1000,cfbfe000,d99e0f3c,0)
at uvm_unmap_remove+0xd3
Sep 9 07:53:20 keibi /bsd: uvmspace_free(d9c0aa98,1,1,d99e0f6c,d0202fe5) at
uvmspace_free+0xe0
Sep 9 07:53:20 keibi /bsd: uvm_exit(d9bffdb0,d0998ac4,4,d089592e,0) at
uvm_exit+0x15
Sep 9 07:53:20 keibi /bsd: reaper(d5cb8c58) at reaper+0x8a
Sep 9 07:53:20 keibi /bsd: Bad frame pointer: 0xd0b73e88
Sep 9 07:53:21 keibi /bsd: ddb> ds 0x10
Sep 9 07:53:21 keibi /bsd: es 0x10
Sep 9 07:53:21 keibi /bsd: fs 0x58
Sep 9 07:53:21 keibi /bsd: gs 0x10
Sep 9 07:53:21 keibi /bsd: edi 0xda056528 end+0x9593e64
Sep 9 07:53:21 keibi /bsd: esi 0xd9c060b0 end+0x91439ec
Sep 9 07:53:21 keibi /bsd: ebp 0xd99e0e74 end+0x8f1e7b0
Sep 9 07:53:21 keibi /bsd: ebx 0xda2fd000 end+0x983a93c
Sep 9 07:53:21 keibi /bsd: edx 0x1c4000
Session from serial console:
Script started on Thu Sep 9 08:37:29 2010
Connected
ddb> show panic
the kernel did not panic
ddb> continue
uvm_fault(0xd0a03920, 0x5000, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at uvm_tree_RB_REMOVE_COLOR+0xea: movl 0xc(%eax),%edx
ddb> show panic
the kernel did not panic
ddb> trace
uvm_tree_RB_REMOVE_COLOR(d9c0aaa4,da056528,0,0,0) at uvm_tree_RB_REMOVE_COLOR+0
xea
uvm_tree_RB_REMOVE(d9c0aaa4,da09e898,85376000,da09e898,d9c0aa98) at uvm_tree_RB
_REMOVE+0xf4
uvm_rb_remove(d9c0aa98,da09e898,85376000,d03e27d6,d0abfa94) at uvm_rb_remove+0x
27
uvm_unmap_remove(d9c0aa98,1000,cfbfe000,d99e0f3c,0) at uvm_unmap_remove+0xd3
uvmspace_free(d9c0aa98,1,1,d99e0f6c,d0202fe5) at uvmspace_free+0xe0
uvm_exit(d9bffdb0,d0998ac4,4,d089592e,0) at uvm_exit+0x15
reaper(d5cb8c58) at reaper+0x8a
Bad frame pointer: 0xd0b73e88
ddb> show registers
ds 0x10
es 0x10
fs 0x58
gs 0x10
edi 0xda056528 end+0x9593e64
esi 0xd9c060b0 end+0x91439ec
ebp 0xd99e0e74 end+0x8f1e7b0
ebx 0xda2fd000 end+0x983a93c
edx 0x1c4000
ecx 0xda059420 end+0x9596d5c
eax 0x50e3
eip 0xd0517fda uvm_tree_RB_REMOVE_COLOR+0xea
cs 0x8
eflags 0x210202
esp 0xd99e0e64 end+0x8f1e7a0
ss 0xd99e0010 end+0x8f1d94c
uvm_tree_RB_REMOVE_COLOR+0xea: movl 0xc(%eax),%edx
ddb> ps
PID PPID PGRP UID S FLAGS WAIT COMMAND
695 23381 23381 1000 3 0x4080 pause sh
23381 1727 23381 1000 3 0x4080 pause sh
1727 26467 26467 0 3 0x80 piperd cron
22639 31560 31560 518 3 0x4180 kqread imap-login
30270 3718 30270 1000 3 0x4080 ttyin ksh
3718 22557 22557 1000 2 0x180 sshd
22557 20843 22557 0 3 0x4180 netio sshd
26360 24015 24015 506 3 0x180 select perl
8396 17952 8396 1000 2 0x4080 ssh
30333 12228 30333 1000 3 0x4080 poll mcabber
1861 7245 1861 1000 3 0x4088 poll mutt
5231 18462 5231 1000 3 0x4080 ttyin ksh
23933 538 23933 1000 2 0x4080 ssh
18886 31560 31560 518 3 0x4180 kqread imap-login
27742 12454 12454 67 3 0x180 semwait httpd
10018 12454 12454 67 3 0x180 semwait httpd
29745 12454 12454 67 3 0x180 select httpd
28167 12454 12454 67 3 0x180 semwait httpd
8070 12454 12454 67 3 0x180 semwait httpd
977 7343 977 1000 2 0x4480 top
6215 18285 6215 509 3 0x4080 poll bitlbee
--db_more--����������� ����������� 10313 13937 13937 590 3
0x80 poll inet_gethost
12124 13937 13937 590 3 0x80 poll inet_gethost
19380 13937 13937 590 3 0x80 poll inet_gethost
27998 2645 27998 1000 3 0x4080 kqread tail
27096 2645 27096 1000 3 0x4080 kqread tail
21653 2645 21653 1000 3 0x4080 kqread tail
6127 2645 6127 1000 3 0x4080 kqread tail
3981 2645 3981 1000 3 0x4080 kqread tail
25161 2645 25161 1000 3 0x4080 kqread tail
12228 18462 12228 1000 3 0x4080 pause ksh
7343 18462 7343 1000 3 0x4080 pause ksh
538 18462 538 1000 3 0x4080 pause ksh
17952 18462 17952 1000 3 0x4080 pause ksh
2645 19130 19130 1000 3 0x4080 select multitail
16676 18462 16676 1000 3 0x4080 ttyin ksh
10573 18462 10573 1000 3 0x4080 ttyin ksh
9617 26071 26071 1000 3 0x4080 poll ekg
14662 9289 9289 1000 3 0x4080 poll irssi
26071 18462 26071 1000 3 0x4080 pause ksh
19130 18462 19130 1000 3 0x4080 pause ksh
7245 18462 7245 1000 3 0x4080 pause ksh
9289 18462 9289 1000 3 0x4080 pause ksh
18462 1 18462 1000 3 0x80 select screen
--db_more--����������� ����������� 15414 13937 13937 590 3
0x80 poll inet_gethost
13937 4048 13937 590 3 0x4080 poll inet_gethost
25908 1 25908 0 3 0x4080 ttyin getty
525 1 525 0 3 0x4080 ttyin getty
23725 1 23725 0 3 0x4080 ttyin getty
4908 1 4908 0 3 0x4080 ttyin getty
1872 1 1872 0 3 0x4080 ttyin getty
21345 1 21345 0 2 0x4080 getty
26467 1 26467 0 3 0x80 select cron
29731 1 29731 0 3 0x80080 nanosleep sensorsd
2271 1 2271 548 3 0x180 poll polipo
16022 1 17003 566 3 0x180 poll tor
4314 1 4314 577 3 0x180 poll openvpn
5290 1 12365 590 3 0x80 poll epmd
4048 1 28432 590 3 0x4080 poll beam
10280 31560 31560 518 3 0x4180 kqread imap-login
32034 31560 31560 0 3 0x4180 kqread dovecot-auth
31560 1 31560 0 2 0x480 dovecot
29970 24015 24015 506 3 0x180 select perl
24015 1 24015 0 2 0x480 perl
27821 1 27821 0 3 0x80 select dhcpd
11019 1 11019 0 3 0x40180 select sendmail
9637 12454 12454 67 3 0x180 semwait httpd
--db_more--����������� ����������� 7718 12454 12454 67 3
0x180 semwait httpd
13294 12454 12454 67 3 0x180 semwait httpd
11109 12454 12454 67 3 0x180 semwait httpd
24500 12454 12454 67 3 0x180 semwait httpd
25033 1 25033 62 3 0x180 bpf spamlogd
30244 27938 27938 62 3 0x180 piperd spamd
28549 27938 27938 62 3 0x180 select spamd
27938 1 27938 62 3 0x180 nanosleep spamd
18285 1 18285 0 3 0x180 select inetd
13124 1 13124 71 3 0x180 kqread ftp-proxy
767 1 767 0 3 0x80 poll ftpd
12454 1 12454 67 2 0x580 httpd
16110 1 16110 92 3 0x180 select rtadvd
10682 19536 19536 91 3 0x180 kqread snmpd
19536 1 19536 0 3 0x80 kqread snmpd
20843 1 20843 0 3 0x80 select sshd
13953 1 13953 81 3 0x180 select afsd
20534 11325 19515 83 3 0x180 poll ntpd
11325 19515 19515 83 3 0x180 poll ntpd
19515 1 19515 0 3 0x80 poll ntpd
3643 32277 32277 0 3 0x80 nfsd nfsd
559 32277 32277 0 3 0x80 nfsd nfsd
31093 32277 32277 0 3 0x80 nfsd nfsd
--db_more--����������� ����������� 12073 32277 32277 0 3
0x80 nfsd nfsd
32277 1 32277 0 3 0x80 netcon nfsd
324 1 324 0 3 0x80 select mountd
1040 1 1040 28 3 0x180 poll portmap
4889 29906 29906 68 3 0x180 select isakmpd
29906 1 29906 0 3 0x80 netio isakmpd
7836 5519 5519 70 3 0x180 select named
5519 1 5519 0 3 0x180 netio named
5648 13444 13444 74 2 0x180 pflogd
13444 1 13444 0 3 0x80 netio pflogd
16708 25345 25345 73 2 0x180 syslogd
25345 1 25345 0 3 0x88 netio syslogd
11192 1 11192 77 3 0x180 poll dhclient
2794 1 21030 0 3 0x80 poll dhclient
15 0 0 0 3 0x100200 bored crypto
14 0 0 0 3 0x100200 aiodoned aiodoned
13 0 0 0 3 0x100200 syncer update
12 0 0 0 3 0x100200 cleaner cleaner
* 11 0 0 0 7 0x100200 reaper
10 0 0 0 3 0x100200 pgdaemon pagedaemon
9 0 0 0 3 0x100200 pftm pfpurge
8 0 0 0 3 0x100200 usbevt usb1
7 0 0 0 3 0x100200 usbtsk usbtask
--db_more--����������� ����������� 6 0 0 0 3
0x100200 usbevt usb0
5 0 0 0 3 0x100200 apmev apm0
4 0 0 0 3 0x100200 bored syswq
3 0 0 0 3 0x40100200 idle0
2 0 0 0 3 0x100200 kmalloc kmthread
1 0 1 0 3 0x4080 wait init
0 -1 0 0 3 0x80200 scheduler swapper
12103 695 23381 1000 6 0x6000 python2.6
ddb> boot sync
syncing disks... pid 14662 (irssi): user write of 32...@0x3c016000 at 611152
failed: 14
done
WARNING: not updating battery clock
rebooting...
Script done on Thu Sep 9 08:41:23 2010
>How-To-Repeat:
Unknown.
>Fix:
Unknown.
dmesg:
OpenBSD 4.8-current (GENERIC) #324: Mon Sep 6 15:48:48 MDT 2010
[email protected]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III ("GenuineIntel" 686-class) 931 MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PSE36,MMX,FXSR,SSE
real mem = 534376448 (509MB)
avail mem = 515686400 (491MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 02/21/01, BIOS32 rev. 0 @ 0xffe90, SMBIOS
rev. 2.3 @ 0xf0450 (67 entries)
bios0: vendor Dell Computer Corporation version "A02" date 02/21/2001
bios0: Dell Computer Corporation OptiPlex GX150
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xf0000/0x10000
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfbbe0/208 (11 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801BA LPC" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0xa000 0xca000/0x2000
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82815 Host" rev 0x02
vga1 at pci0 dev 2 function 0 "Intel 82815 Video" rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xf8000000, size 0x4000000
ppb0 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x02
pci1 at ppb0 bus 1
ral0 at pci1 dev 7 function 0 "Ralink RT2860" rev 0x00: irq 9, address
00:0e:2e:ec:f9:bf
ral0: MAC/BBP RT2860 (rev 0x0101), RF RT2820 (MIMO 2T3R)
xl0 at pci1 dev 8 function 0 "3Com 3c905B 100Base-TX" rev 0x30: irq 10, address
00:01:02:d9:b1:85
exphy0 at xl0 phy 24: 3Com internal media interface
xl1 at pci1 dev 12 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq 11,
address 00:b0:d0:d4:6e:7e
exphy1 at xl1 phy 24: 3Com internal media interface
ichpcib0 at pci0 dev 31 function 0 "Intel 82801BA LPC" rev 0x02: 24-bit timer
at 3579545Hz
pciide0 at pci0 dev 31 function 1 "Intel 82801BA IDE" rev 0x02: DMA, channel 0
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: <SAMSUNG SV0412H>
wd0: 16-sector PIO, LBA, 38204MB, 78242976 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
wd1 at pciide0 channel 1 drive 0: <WDC WD800JB-00JJC0>
wd1: 16-sector PIO, LBA, 76319MB, 156301488 sectors
wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
uhci0 at pci0 dev 31 function 2 "Intel 82801BA USB" rev 0x02: irq 11
ichiic0 at pci0 dev 31 function 3 "Intel 82801BA SMBus" rev 0x02: SMBus disabled
uhci1 at pci0 dev 31 function 4 "Intel 82801BA USB" rev 0x02: irq 11
isa0 at ichpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb1 at uhci1: USB revision 1.0
uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
biomask f965 netmask ff65 ttymask ffff
mtrr: Pentium Pro MTRR support
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
usbdevs:
Controller /dev/usb0:
addr 1: full speed, self powered, config 1, UHCI root hub(0x0000),
Intel(0x8086), rev 1.00
port 1 powered
port 2 powered
Controller /dev/usb1:
addr 1: full speed, self powered, config 1, UHCI root hub(0x0000),
Intel(0x8086), rev 1.00
port 1 powered
port 2 powered
>Release-Note:
>Audit-Trail:
>Unformatted:
System entered ddb, though did not panic.
system
