panic: pmap_enter: PG_PVLIST mapping with unmanaged page: va 0x6707f639000, opte 0xfffffffffffffffd, pa 0x6cdc6000
Stopped at db_enter+0x25: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*419586 17708 0 0 0 0 syz-executor
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83348d8a) at panic+0x1cf sys/kern/subr_prf.c:198
pmap_enter(fffffd806cdbf5f0,6707f639000,6cdc6000,1,21) at pmap_enter+0x11bd
uvm_fault_upper(ffff80002cced790,ffff80002cced7c8,ffff80002cced690) at uvm_fault_upper+0x474 sys/uvm/uvm_fault.c:1139
uvm_fault(fffffd806ccdbd08,6707f639000,0,1) at uvm_fault+0x178 sys/uvm/uvm_fault.c:641
upageflttrap(ffff80002cced930,6707f639670) at upageflttrap+0xa0 sys/arch/amd64/amd64/trap.c:192
usertrap(ffff80002cced930) at usertrap+0x413 sys/arch/amd64/amd64/trap.c:622
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7ccb4f6e1210, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: pmap_enter: PG_PVLIST mapping with unmanaged page: va 0x6707f639000, opte 0xfffffffffffffffd, pa 0x6cdc6000
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83348d8a) at panic+0x1cf sys/kern/subr_prf.c:198
pmap_enter(fffffd806cdbf5f0,6707f639000,6cdc6000,1,21) at pmap_enter+0x11bd
uvm_fault_upper(ffff80002cced790,ffff80002cced7c8,ffff80002cced690) at uvm_fault_upper+0x474 sys/uvm/uvm_fault.c:1139
uvm_fault(fffffd806ccdbd08,6707f639000,0,1) at uvm_fault+0x178 sys/uvm/uvm_fault.c:641
upageflttrap(ffff80002cced930,6707f639670) at upageflttrap+0xa0 sys/arch/amd64/amd64/trap.c:192
usertrap(ffff80002cced930) at usertrap+0x413 sys/arch/amd64/amd64/trap.c:622
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7ccb4f6e1210, count: -8
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80002cced440
rbx 0x1
rdx 0
rcx 0
rax 0xffff80002a7bd4e0
r8 0x101010101010101
r9 0x8080808080808080
r10 0xd2d14baf488eb5da
r11 0xc19d21856c6232ae
r12 0
r13 0x400
r14 0
r15 0x1
rip 0xffffffff8114eff5 db_enter+0x25
cs 0x8
rflags 0x246
rsp 0xffff80002cced430
ss 0
db_enter+0x25: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor) tid=419586 pid=17708 tcnt=2 stat=onproc
flags process=0 proc=0
runpri=32, usrpri=50, slppri=32, nice=20
wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0
forw=0xffffffffffffffff, list=0xffff80003c939cb0,0xffff80002a7bc560
process=0xffff800038119218 user=0xffff80002cce8000, vmspace=0xfffffd806ccdbd08
estcpu=36, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
52678 190054 82679 0 3 0x80 fsleep syz-executor
52678 174707 82679 0 3 0x4000000 biowait syz-executor
72184 373352 44740 0 3 0x90 fsleep syz-executor
72184 175549 44740 0 2 0x4000010 syz-executor
25794 295113 78405 0 2 0 syz-executor
25794 498636 78405 0 2 0x4000000 syz-executor
25794 171435 78405 0 3 0x4000080 fsleep syz-executor
*17708 419586 79977 0 7 0 syz-executor
17708 206635 79977 0 2 0x4000000 syz-executor
71596 314870 26742 0 3 0x80 fsleep syz-executor
71596 136708 26742 0 3 0x4000080 ttyin syz-executor
62259 508131 74004 0 3 0x80 fsleep syz-executor
62259 300885 74004 0 3 0x4000080 netacc syz-executor
44740 101783 85967 0 3 0x82 nanoslp syz-executor
78405 395872 85967 0 3 0x82 nanoslp syz-executor
79977 171252 85967 0 3 0x82 nanoslp syz-executor
50749 145272 85967 0 3 0x82 wait syz-executor
74004 311911 85967 0 3 0x82 nanoslp syz-executor
82679 294705 85967 0 3 0x82 nanoslp syz-executor
32483 324246 85967 0 3 0x82 wait syz-executor
26742 364426 85967 0 3 0x82 nanoslp syz-executor
85967 383657 2888 0 3 0x82 kqread syz-executor
2888 263303 19083 0 3 0x10008a sigsusp ksh
19083 131244 43173 0 3 0x98 kqread sshd-session
43173 5659 64388 0 3 0x92 kqread sshd-session
35015 158872 1 0 3 0x100083 ttyopn getty
64388 478740 1 0 3 0x88 kqread sshd
32589 22267 93538 73 3 0x1100090 kqread syslogd
93538 431894 1 0 3 0x100082 sbwait syslogd
28738 445193 1 0 3 0x100080 kqread resolvd
16884 487917 13963 77 3 0x100092 kqread dhcpleased
35483 424755 13963 77 3 0x100092 kqread dhcpleased
13963 17621 1 0 3 0x80 kqread dhcpleased
4772 132594 0 0 3 0x14200 bored smr
22401 338241 0 0 2 0x14200 zerothread
72686 459168 0 0 3 0x14200 aiodoned aiodoned
81406 505828 0 0 3 0x14200 syncer update
39279 236774 0 0 3 0x14200 cleaner cleaner
53516 444656 0 0 3 0x14200 reaper reaper
77992 180811 0 0 3 0x14200 pgdaemon pagedaemon
8713 31603 0 0 3 0x14200 bored viomb
46464 148820 0 0 3 0x40014200 acpi0 acpi0
81169 267768 0 0 3 0x14200 bored softnet0
28291 315502 0 0 3 0x14200 bored systqmp
35764 142461 0 0 3 0x14200 bored systq
83442 351265 0 0 3 0x40014200 tmoslp softclock
22765 378375 0 0 3 0x40014200 idle0
1 466553 0 0 3 0x82 wait init
0 0 -1 0 3 0x10010200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10199 11247K 11700K 166960K 13715 0
pcb 19 16K 17K 166960K 331 0
rtable 209 8K 8K 166960K 461 0
pf 34 13K 20K 166960K 100 0
ifaddr 37 6K 7K 166960K 73 0
ifgroup 54 2K 2K 166960K 113 0
sysctl 3 1K 9K 166960K 13 0
counters 33 17K 18K 166960K 62 0
ioctlops 0 0K 4K 166960K 446 0
iov 0 0K 24K 166960K 122 0
mount 1 1K 1K 166960K 1 0
log 0 0K 0K 166960K 4 0
vnodes 1492 94K 94K 166960K 2318 0
UFS quota 1 32K 32K 166960K 1 0
UFS mount 5 36K 36K 166960K 5 0
shm 2 2K 10K 166960K 15 0
VM map 2 1K 1K 166960K 2 0
sem 12 0K 0K 166960K 25 0
dirhash 12 2K 2K 166960K 21 0
ACPI 1692 195K 286K 166960K 12470 0
file desc 18 65K 240K 166960K 950 0
sigio 0 0K 0K 166960K 23 0
proc 60 59K 91K 166960K 549 0
subproc 72 4K 4K 166960K 72 0
NFS srvsock 1 0K 0K 166960K 1 0
NFS daemon 1 16K 16K 166960K 1 0
ip_moptions 0 0K 0K 166960K 85 0
in_multi 74 5K 7K 166960K 149 0
ether_multi 1 0K 0K 166960K 19 0
mrt 0 0K 0K 166960K 10 0
ISOFS mount 1 32K 32K 166960K 1 0
MSDOSFS mount 1 16K 16K 166960K 1 0
ttys 91 413K 413K 166960K 91 0
exec 0 0K 1K 166960K 465 0
fusefs mount 1 32K 32K 166960K 1 0
pfkey data 0 0K 0K 166960K 2 0
tdb 3 0K 0K 166960K 3 0
VM swap 8 62K 64K 166960K 10 0
UVM amap 240 143K 164K 166960K 10030 0
UVM aobj 97 5K 9K 166960K 102 0
pinsyscall 39 78K 92K 166960K 2013 0
memdesc 1 4K 4K 166960K 1 0
crypto data 1 1K 1K 166960K 1 0
ip6_options 0 0K 0K 166960K 38 0
NDP 12 0K 2K 166960K 49 0
temp 64 8669K 8733K 166960K 33180 0
kqueue 13 20K 32K 166960K 206 0
SYN cache 2 16K 16K 166960K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 156 0 152 3 0 3 3 0 8 2
rtentry 136 125 0 42 4 0 4 4 0 8 0
unpcb 144 732 0 715 4 0 4 4 0 8 3
syncache 336 4 0 4 1 0 1 1 0 8 1
tcpqe 32 1 0 1 1 0 1 1 0 8 1
tcpcb 736 271 0 263 4 0 4 4 0 8 3
arp 96 21 0 4 1 0 1 1 0 8 0
ipq 40 3 0 0 1 0 1 1 0 8 0
ipqe 40 67 0 64 1 0 1 1 0 8 0
inpcb 328 904 0 890 7 0 7 7 0 8 5
ip6q 72 1 0 0 1 0 1 1 0 8 0
ip6af 40 1 0 0 1 0 1 1 0 8 0
nd6 112 27 0 6 1 0 1 1 0 8 0
pkpcb 40 5 0 5 1 0 1 1 0 8 1
kcovpl 48 8 0 0 1 0 1 1 0 8 0
mppekey 1024 1 0 1 1 0 1 1 0 8 1
ppxss 1072 23 0 23 1 0 1 1 0 8 1
pppxif 1384 1 0 1 1 0 1 1 0 8 1
pfanchor 1288 2 0 0 1 0 1 1 0 8 0
pfstitem 24 2 0 0 1 0 1 1 0 8 0
pfstkey 128 4 0 2 1 0 1 1 0 8 0
pfstate 384 2 0 1 1 0 1 1 0 8 0
pfrule 1344 2 0 2 1 0 1 1 0 8 1
rttmr 136 2 0 2 1 0 1 1 0 8 1
art_heap8 4096 3 0 0 3 0 3 3 0 8 0
art_heap4 256 565 0 222 31 0 31 31 0 8 4
art_table 40 568 0 222 5 0 5 5 0 8 0
art_node 32 124 0 50 1 0 1 1 0 8 0
sysvmsgpl 40 16 0 7 1 0 1 1 0 8 0
semapl 112 21 0 11 1 0 1 1 0 8 0
shmpl 112 96 0 3 3 0 3 3 0 8 0
dirhash 1024 23 0 6 3 0 3 3 0 8 0
dino2pl 256 3050 0 1555 95 0 95 95 0 8 0
ffsino 256 3050 0 1555 95 0 95 95 0 8 0
nchpl 144 4403 0 2712 64 0 64 64 0 8 0
rtmask 32 6 0 6 1 0 1 1 0 8 1
vnodes 216 3769 0 0 210 0 210 210 0 8 0
namei 1024 14316 0 14314 1 0 1 1 0 8 0
vcpupl 3904 3 0 2 1 0 1 1 0 8 0
vmpool 800 3 0 2 1 0 1 1 0 8 0
kstatmem 264 66 0 42 2 0 2 2 0 8 0
acpiwqpl 32 1 0 1 1 0 1 1 1 8 1
scsiplug 72 2 0 2 1 0 1 1 0 8 1
scxspl 216 13186 0 13185 8 0 8 8 1 8 7
plimitpl 152 244 0 226 1 0 1 1 0 8 0
sigapl 424 1221 0 1178 6 0 6 6 0 8 1
knotepl 120 51162 0 51115 17 7 10 17 0 8 8
kqueuepl 184 360 0 351 4 0 4 4 0 8 3
pipepl 304 318 0 291 8 0 8 8 0 8 5
fdescpl 448 1207 0 1177 5 0 5 5 0 8 1
filepl 120 7789 0 7553 12 0 12 12 0 8 3
lockfpl 104 346 0 341 1 0 1 1 0 8 0
lockfspl 48 160 0 155 1 0 1 1 0 8 0
sessionpl 144 22 0 14 1 0 1 1 0 8 0
pgrppl 48 44 0 28 1 0 1 1 0 8 0
ucredpl 104 1060 0 1046 1 0 1 1 0 8 0
zombiepl 144 1180 0 1178 1 0 1 1 0 8 0
processpl 1152 1221 0 1178 4 0 4 4 0 8 0
procpl 664 2404 0 2354 6 0 6 6 0 8 1
sosppl 176 1 0 1 1 0 1 1 0 8 1
sockpl 552 1823 0 1788 12 1 11 12 0 8 8
mcl64k 65536 107 0 107 2 0 2 2 0 8 2
mcl16k 16384 1 0 1 1 0 1 1 0 8 1
mcl9k 9216 1 0 1 1 0 1 1 0 8 1
mcl8k 8192 11 0 11 1 0 1 1 0 8 1
mcl4k 4096 3535 0 3483 14 0 14 14 0 8 6
mcl2k 2048 1249 0 1241 2 0 2 2 0 8 0
mtagpl 96 71 0 6 2 0 2 2 0 8 0
mbufpl 256 18023 0 17768 26 2 24 24 0 8 7
bufpl 280 3860 0 122 267 0 267 267 0 8 0
anonpl 24 191139 0 187881 46 0 46 46 0 187 19
amapchunkpl 152 33855 0 33346 37 0 37 37 0 158 15
amappl16 200 3367 0 3334 20 10 10 15 0 8 8
amappl15 192 6 0 6 1 0 1 1 0 8 1
amappl14 184 3 0 3 1 0 1 1 0 8 1
amappl13 176 405 0 404 1 0 1 1 0 8 0
amappl12 168 1553 0 1514 2 0 2 2 0 8 0
amappl11 160 5 0 5 1 0 1 1 0 8 1
amappl10 152 47 0 37 1 0 1 1 0 8 0
amappl9 144 276 0 276 1 0 1 1 0 8 1
amappl8 136 34 0 32 1 0 1 1 0 8 0
amappl7 128 83 0 81 1 0 1 1 0 8 0
amappl6 120 263 0 252 1 0 1 1 0 8 0
amappl5 112 77 0 69 1 0 1 1 0 8 0
amappl4 104 389 0 363 1 0 1 1 0 8 0
amappl3 96 5704 0 5607 3 0 3 3 0 8 0
amappl2 88 1328 0 1255 2 0 2 2 0 8 0
amappl1 80 12239 0 11700 13 0 13 13 0 8 1
amappl 88 9202 0 9030 5 0 5 5 0 92 0
uvmvnodes 80 116 0 0 3 0 3 3 0 8 0
dma32768 32768 1 0 1 1 0 1 1 0 8 1
dma4096 4096 1 0 1 1 0 1 1 0 8 1
dma2048 2048 4 0 4 1 0 1 1 0 8 1
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 0 1 1 0 8 1
dma128 128 254 0 254 1 0 1 1 0 8 1
dma64 64 7 0 7 1 0 1 1 0 8 1
dma32 32 7 0 7 1 0 1 1 0 8 1
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 101 0 5 2 0 2 2 0 8 0
uaddrrnd 24 1207 0 1177 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 1207 0 1177 1 0 1 1 0 8 0
vmmpekpl 168 11004 0 10976 2 0 2 2 0 8 0
vmmpepl 168 80635 0 78784 91 0 91 91 0 357 9
vmsppl 368 1206 0 1177 4 0 4 4 0 8 1
rwobjpl 40 22673 0 21602 13 0 13 13 0 8 2
pdppl 4096 2427 0 2359 101 32 69 79 0 8 1
pvpl 32 527260 0 518148 123 0 123 123 0 265 41
pmappl 216 1209 0 1179 2 0 2 2 0 8 0
extentpl 40 45 0 27 1 0 1 1 0 8 0
phpool 112 395 0 34 11 0 11 11 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83348d8a) at panic+0x1cf sys/kern/subr_prf.c:198
pmap_enter(fffffd806cdbf5f0,6707f639000,6cdc6000,1,21) at pmap_enter+0x11bd
uvm_fault_upper(ffff80002cced790,ffff80002cced7c8,ffff80002cced690) at uvm_fault_upper+0x474 sys/uvm/uvm_fault.c:1139
uvm_fault(fffffd806ccdbd08,6707f639000,0,1) at uvm_fault+0x178 sys/uvm/uvm_fault.c:641
upageflttrap(ffff80002cced930,6707f639670) at upageflttrap+0xa0 sys/arch/amd64/amd64/trap.c:192
usertrap(ffff80002cced930) at usertrap+0x413 sys/arch/amd64/amd64/trap.c:622
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7ccb4f6e1210, count: -8
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438
panic(ffffffff83348d8a) at panic+0x1cf sys/kern/subr_prf.c:198
pmap_enter(fffffd806cdbf5f0,6707f639000,6cdc6000,1,21) at pmap_enter+0x11bd
uvm_fault_upper(ffff80002cced790,ffff80002cced7c8,ffff80002cced690) at uvm_fault_upper+0x474 sys/uvm/uvm_fault.c:1139
uvm_fault(fffffd806ccdbd08,6707f639000,0,1) at uvm_fault+0x178 sys/uvm/uvm_fault.c:641
upageflttrap(ffff80002cced930,6707f639670) at upageflttrap+0xa0 sys/arch/amd64/amd64/trap.c:192
usertrap(ffff80002cced930) at usertrap+0x413 sys/arch/amd64/amd64/trap.c:622
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7ccb4f6e1210, count: -8