panic: pmap_remove_ptes: managed page without PG_PVLIST: va 0x1b32c4a000, opte 0x749df001
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*345751 84715 0 0x14000 0x200 0 reaper
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff82494dd9) at panic+0x161 sys/kern/subr_prf.c:202
pmap_remove_ptes(fffffd8068346878,fffffd8005a79480,7f800d996100,1b32c20000,1b32c60000,0,7eb716034e286ec4) at pmap_remove_ptes+0x32e
pmap_do_remove(fffffd8068346878,1b32c20000,1b32c60000,0) at pmap_do_remove+0x438 sys/arch/amd64/amd64/pmap.c:1865
uvm_unmap_kill_entry_withlock(fffffd806aeb2890,fffffd807205a558,0) at uvm_unmap_kill_entry_withlock+0x1a2 sys/uvm/uvm_map.c:2139
uvm_map_teardown(fffffd806aeb2890) at uvm_map_teardown+0x167 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline]
uvm_map_teardown(fffffd806aeb2890) at uvm_map_teardown+0x167 sys/uvm/uvm_map.c:2771
uvmspace_free(fffffd806aeb2890) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3685
reaper(ffff8000ffffea80) at reaper+0x15e sys/kern/kern_exit.c:462
end trace frame: 0x0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: pmap_remove_ptes: managed page without PG_PVLIST: va 0x1b32c4a000, opte 0x749df001
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff82494dd9) at panic+0x161 sys/kern/subr_prf.c:202
pmap_remove_ptes(fffffd8068346878,fffffd8005a79480,7f800d996100,1b32c20000,1b32c60000,0,7eb716034e286ec4) at pmap_remove_ptes+0x32e
pmap_do_remove(fffffd8068346878,1b32c20000,1b32c60000,0) at pmap_do_remove+0x438 sys/arch/amd64/amd64/pmap.c:1865
uvm_unmap_kill_entry_withlock(fffffd806aeb2890,fffffd807205a558,0) at uvm_unmap_kill_entry_withlock+0x1a2 sys/uvm/uvm_map.c:2139
uvm_map_teardown(fffffd806aeb2890) at uvm_map_teardown+0x167 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline]
uvm_map_teardown(fffffd806aeb2890) at uvm_map_teardown+0x167 sys/uvm/uvm_map.c:2771
uvmspace_free(fffffd806aeb2890) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3685
reaper(ffff8000ffffea80) at reaper+0x15e sys/kern/kern_exit.c:462
end trace frame: 0x0, count: -8
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80002160e940
rbx 0xfffffd8005a79480
rdx 0
rcx 0
rax 0xffff8000ffffea80
r8 0x101010101010101
r9 0x8080808080808080
r10 0xd1e6d2eaa6d7f7db
r11 0x1b244394f220b39b
r12 0
r13 0xfffffd80063cb580
r14 0
r15 0x1
rip 0xffffffff82069fa8 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80002160e930
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (reaper) pid=345751 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>
pri=4, usrpri=51, nice=20
forw=0xffffffffffffffff, list=0xffff8000ffffe540,0xffff8000fffff510
process=0xffff8000ffffb390 user=0xffff800021609000, vmspace=0xffffffff828838d0
estcpu=1, cpticks=1, pctcpu=0.2
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
51589 157743 93021 0 2 0 syz-executor.0
51589 214171 93021 0 3 0x4000080 fsleep syz-executor.0
23536 376987 71016 0 3 0x82 nanoslp syz-executor.1
6323 403583 71016 0 3 0x2 biowait syz-executor.2
56005 72023 71016 0 3 0x82 nanoslp syz-executor.3
93021 6941 71016 0 3 0x82 nanoslp syz-executor.0
62406 496899 0 0 3 0x14200 acct acct
68072 358105 0 0 3 0x14280 nfsidl nfsio
21438 326909 0 0 3 0x14280 nfsidl nfsio
26232 212434 0 0 3 0x14280 nfsidl nfsio
83337 319980 0 0 3 0x14280 nfsidl nfsio
80651 281958 0 0 3 0x14280 nfsidl nfsio
80354 184846 0 0 3 0x14280 nfsidl nfsio
76240 523944 0 0 3 0x14280 nfsidl nfsio
49276 20950 0 0 3 0x14280 nfsidl nfsio
90315 395396 0 0 3 0x14280 nfsidl nfsio
72671 441682 0 0 3 0x14280 nfsidl nfsio
53567 439731 0 0 3 0x14280 nfsidl nfsio
37074 223583 0 0 3 0x14280 nfsidl nfsio
62464 109424 0 0 3 0x14280 nfsidl nfsio
81125 415471 0 0 3 0x14280 nfsidl nfsio
81566 336646 0 0 3 0x14280 nfsidl nfsio
40022 267273 0 0 3 0x14280 nfsidl nfsio
18541 17621 0 0 3 0x14280 nfsidl nfsio
50875 442099 0 0 3 0x14280 nfsidl nfsio
73177 110631 0 0 3 0x14280 nfsidl nfsio
5453 190702 0 0 3 0x14280 nfsidl nfsio
91372 435207 0 0 3 0x14200 bored sosplice
71016 428622 61988 0 3 0x82 thrsleep syz-fuzzer
71016 64950 61988 0 3 0x4000082 thrsleep syz-fuzzer
71016 289784 61988 0 3 0x4000082 thrsleep syz-fuzzer
71016 430953 61988 0 3 0x4000082 kqread syz-fuzzer
71016 374343 61988 0 3 0x4000082 thrsleep syz-fuzzer
71016 278312 61988 0 3 0x4000082 thrsleep syz-fuzzer
71016 294602 61988 0 3 0x4000082 thrsleep syz-fuzzer
61988 27415 2947 0 3 0x10008a sigsusp ksh
2947 99262 68077 0 3 0x9a poll sshd
44890 83522 1 0 3 0x100083 ttyin getty
68077 357718 1 0 3 0x88 poll sshd
26772 165255 596 73 3 0x100090 kqread syslogd
596 31522 1 0 3 0x100082 netio syslogd
97680 73290 1 0 3 0x100080 kqread resolvd
95461 11419 11313 77 3 0x100092 kqread dhcpleased
62069 41755 11313 77 3 0x100092 kqread dhcpleased
11313 311975 1 0 3 0x80 kqread dhcpleased
51195 291280 0 0 3 0x14200 bored smr
83266 488336 0 0 2 0x14200 zerothread
83735 72328 0 0 3 0x14200 aiodoned aiodoned
13193 124383 0 0 3 0x14200 syncer update
57159 49725 0 0 3 0x14200 cleaner cleaner
*84715 345751 0 0 7 0x14200 reaper
11658 338920 0 0 3 0x14200 pgdaemon pagedaemon
72227 389581 0 0 3 0x14200 bored viomb
28822 242560 0 0 3 0x40014200 acpi0 acpi0
46289 432345 0 0 3 0x14200 bored softnet
42667 96334 0 0 3 0x14200 bored systqmp
50203 206620 0 0 3 0x14200 bored systq
26676 118121 0 0 3 0x40014200 bored softclock
97463 497134 0 0 3 0x40014200 idle0
1 440782 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10173 6394K 6786K 78643K 18269 0
pcb 13 14K 16K 78643K 3322 0
rtable 159 17K 18K 78643K 1195 0
ifaddr 63 15K 16K 78643K 365 0
counters 22 16K 17K 78643K 51 0
ioctlops 0 0K 4K 78643K 8931 0
iov 0 0K 32K 78643K 1152 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 4 0
vnodes 1295 81K 82K 78643K 4924 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 9K 78643K 326 0
VM map 2 0K 0K 78643K 2 0
sem 12 0K 0K 78643K 1128 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12598 0
file desc 7 21K 41K 78643K 9716 0
sigio 0 0K 0K 78643K 66 0
proc 58 55K 71K 78643K 889 0
subproc 52 3K 3K 78643K 260 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 12242 0
in_multi 44 2K 3K 78643K 377 0
ether_multi 1 0K 0K 78643K 63 0
mrt 1 0K 0K 78643K 10 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 229 1023K 1023K 78643K 229 0
exec 0 0K 2K 78643K 1137 0
pfkey data 0 0K 0K 78643K 5 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 281 136K 154K 78643K 117079 0
UVM aobj 131 4K 4K 78643K 131 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 4421 0
NDP 7 0K 1K 78643K 81 0
temp 103 4213K 4438K 78643K 34520 0
kqueue 10 14K 18K 78643K 61 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 582 0 579 8 7 1 3 0 8 0
rtentry 112 327 0 270 2 0 2 2 0 8 0
unpcb 136 4404 0 4391 39 38 1 5 0 8 0
syncache 296 16 0 16 4 4 0 1 0 8 0
tcpqe 32 624 0 624 2 2 0 1 0 8 0
tcpcb 736 5068 0 5064 106 103 3 16 0 8 2
arp 88 45 0 37 1 0 1 1 0 8 0
ipq 40 1 0 1 1 1 0 1 0 8 0
ipqe 40 3 0 3 1 1 0 1 0 8 0
inpcb 304 22327 0 22320 98 92 6 12 0 8 5
nd6 48 109 0 99 1 0 1 1 0 8 0
pkpcb 40 11 0 11 3 3 0 1 0 8 0
kcovpl 48 20 0 16 1 0 1 1 0 8 0
pfosfp 40 6 0 4 2 1 1 1 0 8 0
pfosfpen 112 6 0 1 2 1 1 1 0 8 0
pfrktable 1344 74 0 64 6 5 1 1 0 8 0
pftag 88 39 0 36 2 1 1 1 0 8 0
pfqueue 264 2 0 2 2 2 0 1 0 8 0
pfrule 1360 7346 0 6280 92 3 89 89 0 8 0
art_heap8 4096 2 0 1 2 1 1 2 0 8 0
art_heap4 256 1246 0 1006 25 10 15 19 0 8 0
art_table 32 1248 0 1007 4 2 2 3 0 8 0
art_node 16 322 0 271 1 0 1 1 0 8 0
sysvmsgpl 40 164 0 124 1 0 1 1 0 8 0
semapl 112 1126 0 1116 1 0 1 1 0 8 0
shmpl 112 128 0 0 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 13618 0 12204 89 0 89 89 0 8 0
ffsino 240 13618 0 12204 84 0 84 84 0 8 0
nchpl 144 24428 0 22841 61 0 61 61 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 224 5926 0 0 349 0 349 349 0 8 0
namei 1024 80458 0 80457 1 0 1 1 0 8 0
vcpupl 1984 6 0 1 1 0 1 1 0 8 0
vmpool 528 9 0 4 1 0 1 1 0 8 0
pfiaddrpl 120 24 0 16 4 3 1 1 0 8 0
scsiplug 72 296 0 296 2 2 0 1 0 8 0
scxspl 216 65701 0 65700 9 8 1 8 0 8 0
plimitpl 152 540 0 530 1 0 1 1 0 8 0
sigapl 424 9905 0 9852 7 0 7 7 0 8 0
futexpl 64 100966 0 100965 1 0 1 1 0 8 0
knotepl 112 921 0 871 3 1 2 3 0 8 0
kqueuepl 184 517 0 511 12 11 1 4 0 8 0
pipepl 304 1142 0 1126 28 21 7 7 0 8 5
fdescpl 432 9870 0 9852 3 0 3 3 0 8 0
filepl 120 70359 0 70213 65 55 10 12 0 8 5
lockfpl 104 2035 0 2033 4 3 1 2 0 8 0
lockfspl 48 891 0 889 1 0 1 1 0 8 0
sessionpl 144 35 0 23 1 0 1 1 0 8 0
pgrppl 48 38 0 26 1 0 1 1 0 8 0
ucredpl 96 11493 0 11483 1 0 1 1 0 8 0
zombiepl 144 9852 0 9850 1 0 1 1 0 8 0
processpl 1000 9905 0 9850 8 0 8 8 0 8 0
procpl 672 23356 0 23294 23 16 7 8 0 8 1
sosppl 168 23 0 23 4 4 0 1 0 8 0
sockpl 448 27340 0 27317 239 228 11 26 0 8 8
mcl64k 65536 226 0 226 16 16 0 1 0 8 0
mcl16k 16384 51 0 51 14 13 1 1 0 8 1
mcl12k 12288 188 0 188 13 13 0 1 0 8 0
mcl9k 9216 88 0 88 17 16 1 1 0 8 1
mcl8k 8192 348 0 348 9 8 1 1 0 8 1
mcl4k 4096 582 0 582 3 2 1 1 0 8 1
mcl2k2 2112 52 0 52 16 16 0 1 0 8 0
mcl2k 2048 85411 0 85351 28 19 9 19 0 8 0
mtagpl 96 1438 0 1304 14 10 4 8 0 8 0
mbufpl 256 198312 0 197806 110 75 35 69 0 8 0
bufpl 288 14204 0 7787 459 0 459 459 0 8 0
anonpl 24 2502579 0 2485585 126 16 110 116 0 188 0
amapchunkpl 152 279774 0 279157 38 12 26 27 0 158 1
amappl16 200 20350 0 19693 53 18 35 47 0 8 0
amappl15 192 2372 0 2372 2 1 1 1 0 8 1
amappl14 184 2372 0 2369 1 0 1 1 0 8 0
amappl13 176 2546 0 2542 1 0 1 1 0 8 0
amappl12 168 15 0 12 1 0 1 1 0 8 0
amappl11 160 1858 0 1848 1 0 1 1 0 8 0
amappl10 152 1826 0 1818 1 0 1 1 0 8 0
amappl9 144 616 0 614 1 0 1 1 0 8 0
amappl8 136 1304 0 1233 3 0 3 3 0 8 0
amappl7 128 684 0 673 1 0 1 1 0 8 0
amappl6 120 394 0 373 1 0 1 1 0 8 0
amappl5 112 9029 0 9015 1 0 1 1 0 8 0
amappl4 104 4860 0 4833 1 0 1 1 0 8 0
amappl3 96 1002 0 984 1 0 1 1 0 8 0
amappl2 88 3210 0 3167 2 0 2 2 0 8 0
amappl1 80 170173 0 169722 15 5 10 12 0 8 0
amappl 88 116454 0 116276 5 0 5 5 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 130 0 0 3 0 3 3 0 8 0
uaddrrnd 24 9879 0 9856 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 9879 0 9856 1 0 1 1 0 8 0
vmmpekpl 168 55831 0 55791 3 0 3 3 0 8 0
vmmpepl 168 870798 0 868754 163 65 98 123 0 357 0
vmsppl 272 9878 0 9855 3 1 2 2 0 8 0
rwobjpl 24 199259 0 191746 47 0 47 47 0 8 0
pdppl 4096 19764 0 19715 86 33 53 54 0 8 4
pvpl 32 4106105 0 4085543 220 45 175 189 0 265 0
pmappl 216 9878 0 9855 2 0 2 2 0 8 0
extentpl 40 57 0 38 1 0 1 1 0 8 0
phpool 112 1372 0 514 25 0 25 25 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff82494dd9) at panic+0x161 sys/kern/subr_prf.c:202
pmap_remove_ptes(fffffd8068346878,fffffd8005a79480,7f800d996100,1b32c20000,1b32c60000,0,7eb716034e286ec4) at pmap_remove_ptes+0x32e
pmap_do_remove(fffffd8068346878,1b32c20000,1b32c60000,0) at pmap_do_remove+0x438 sys/arch/amd64/amd64/pmap.c:1865
uvm_unmap_kill_entry_withlock(fffffd806aeb2890,fffffd807205a558,0) at uvm_unmap_kill_entry_withlock+0x1a2 sys/uvm/uvm_map.c:2139
uvm_map_teardown(fffffd806aeb2890) at uvm_map_teardown+0x167 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline]
uvm_map_teardown(fffffd806aeb2890) at uvm_map_teardown+0x167 sys/uvm/uvm_map.c:2771
uvmspace_free(fffffd806aeb2890) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3685
reaper(ffff8000ffffea80) at reaper+0x15e sys/kern/kern_exit.c:462
end trace frame: 0x0, count: -8
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff82494dd9) at panic+0x161 sys/kern/subr_prf.c:202
pmap_remove_ptes(fffffd8068346878,fffffd8005a79480,7f800d996100,1b32c20000,1b32c60000,0,7eb716034e286ec4) at pmap_remove_ptes+0x32e
pmap_do_remove(fffffd8068346878,1b32c20000,1b32c60000,0) at pmap_do_remove+0x438 sys/arch/amd64/amd64/pmap.c:1865
uvm_unmap_kill_entry_withlock(fffffd806aeb2890,fffffd807205a558,0) at uvm_unmap_kill_entry_withlock+0x1a2 sys/uvm/uvm_map.c:2139
uvm_map_teardown(fffffd806aeb2890) at uvm_map_teardown+0x167 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline]
uvm_map_teardown(fffffd806aeb2890) at uvm_map_teardown+0x167 sys/uvm/uvm_map.c:2771
uvmspace_free(fffffd806aeb2890) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3685
reaper(ffff8000ffffea80) at reaper+0x15e sys/kern/kern_exit.c:462
end trace frame: 0x0, count: -8