panic: pmap_remove_ptes: unmanaged page marked PG_PVLIST: va 0xd8facc16000, opte 0xffffffffffffffff
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*478245 12905 0 0x14000 0x200 0 reaper
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff8255d699) at panic+0x161 sys/kern/subr_prf.c:202
pmap_remove_ptes(fffffd806a9206c8,fffffd8006494380,7f86c7d66098,d8facc13000,d8face00000,0,42f7f03c58402660) at pmap_remove_ptes+0x32e
pmap_do_remove(fffffd806a9206c8,d8facc13000,d8fad013000,0) at pmap_do_remove+0x438 sys/arch/amd64/amd64/pmap.c:1865
uvm_unmap_kill_entry_withlock(fffffd80690e2880,fffffd8067b48a98,0) at uvm_unmap_kill_entry_withlock+0x1a2 sys/uvm/uvm_map.c:2139
uvm_map_teardown(fffffd80690e2880) at uvm_map_teardown+0x167 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline]
uvm_map_teardown(fffffd80690e2880) at uvm_map_teardown+0x167 sys/uvm/uvm_map.c:2771
uvmspace_free(fffffd80690e2880) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3685
reaper(ffff8000fffff500) at reaper+0x15e sys/kern/kern_exit.c:462
end trace frame: 0x0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: pmap_remove_ptes: unmanaged page marked PG_PVLIST: va 0xd8facc16000, opte 0xffffffffffffffff
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff8255d699) at panic+0x161 sys/kern/subr_prf.c:202
pmap_remove_ptes(fffffd806a9206c8,fffffd8006494380,7f86c7d66098,d8facc13000,d8face00000,0,42f7f03c58402660) at pmap_remove_ptes+0x32e
pmap_do_remove(fffffd806a9206c8,d8facc13000,d8fad013000,0) at pmap_do_remove+0x438 sys/arch/amd64/amd64/pmap.c:1865
uvm_unmap_kill_entry_withlock(fffffd80690e2880,fffffd8067b48a98,0) at uvm_unmap_kill_entry_withlock+0x1a2 sys/uvm/uvm_map.c:2139
uvm_map_teardown(fffffd80690e2880) at uvm_map_teardown+0x167 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline]
uvm_map_teardown(fffffd80690e2880) at uvm_map_teardown+0x167 sys/uvm/uvm_map.c:2771
uvmspace_free(fffffd80690e2880) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3685
reaper(ffff8000fffff500) at reaper+0x15e sys/kern/kern_exit.c:462
end trace frame: 0x0, count: -8
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff8000215bdf30
rbx 0xfffffd8006494380
rdx 0
rcx 0
rax 0xffff8000fffff500
r8 0x101010101010101
r9 0x8080808080808080
r10 0x861f21b0d797fa07
r11 0xa3715bf3409732f5
r12 0
r13 0
r14 0
r15 0x1
rip 0xffffffff814e8938 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000215bdf20
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (reaper) pid=478245 stat=onproc
flags process=14000<NOZOMBIE,SYSTEM> proc=200<SYSTEM>
pri=4, usrpri=51, nice=20
forw=0xffffffffffffffff, list=0xffff8000fffff260,0xffff8000fffff7b0
process=0xffff8000ffffb778 user=0xffff8000215b9000, vmspace=0xffffffff829ba660
estcpu=1, cpticks=1, pctcpu=0.25
user=0, sys=0, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
88598 500605 90382 0 2 0 syz-executor.3
76242 4124 68712 0 2 0 syz-executor.2
76242 412553 68712 0 3 0x4000080 fsleep syz-executor.2
76242 190477 68712 0 3 0x4000080 fifor syz-executor.2
81665 468115 10499 0 2 0 syz-executor.4
81665 95285 10499 0 3 0x4000080 fsleep syz-executor.4
56176 336517 54050 0 2 0 syz-executor.0
56176 51025 54050 0 3 0x4000080 fsleep syz-executor.0
10499 66523 40508 0 3 0x82 nanoslp syz-executor.4
54050 455640 40508 0 3 0x82 nanoslp syz-executor.0
41430 411671 40508 0 3 0x82 nanoslp syz-executor.5
79899 261293 0 0 3 0x14200 bored sosplice
30719 399590 40508 0 3 0x82 nanoslp syz-executor.7
97212 208062 40508 0 3 0x82 nanoslp syz-executor.6
90382 15700 40508 0 3 0x82 nanoslp syz-executor.3
7336 457523 40508 0 3 0x82 nanoslp syz-executor.1
68712 65091 40508 0 3 0x82 nanoslp syz-executor.2
40508 254084 90047 0 3 0x82 thrsleep syz-fuzzer
40508 105375 90047 0 3 0x4000082 nanoslp syz-fuzzer
40508 16377 90047 0 3 0x4000082 thrsleep syz-fuzzer
40508 110931 90047 0 3 0x4000082 thrsleep syz-fuzzer
40508 269768 90047 0 3 0x4000082 thrsleep syz-fuzzer
40508 363740 90047 0 3 0x4000082 thrsleep syz-fuzzer
40508 221644 90047 0 3 0x4000082 thrsleep syz-fuzzer
40508 382495 90047 0 3 0x4000082 kqread syz-fuzzer
40508 6048 90047 0 3 0x4000082 thrsleep syz-fuzzer
90047 213683 48922 0 3 0x10008a sigsusp ksh
48922 334875 12996 0 3 0x9a kqread sshd
88743 30242 1 0 3 0x100083 ttyin getty
12996 338939 1 0 3 0x88 kqread sshd
18593 97376 46688 73 3 0x100090 kqread syslogd
46688 445223 1 0 3 0x100082 netio syslogd
63254 16909 1 0 3 0x100080 kqread resolvd
95167 374802 56891 77 3 0x100092 kqread dhcpleased
27399 406574 56891 77 3 0x100092 kqread dhcpleased
56891 413924 1 0 3 0x80 kqread dhcpleased
25290 90213 0 0 3 0x14200 bored smr
13788 213209 0 0 2 0x14200 zerothread
41143 350367 0 0 3 0x14200 aiodoned aiodoned
13905 251698 0 0 3 0x14200 syncer update
44537 337461 0 0 3 0x14200 cleaner cleaner
*12905 478245 0 0 7 0x14200 reaper
68316 520033 0 0 3 0x14200 pgdaemon pagedaemon
94589 205500 0 0 3 0x14200 bored viomb
75455 433029 0 0 3 0x40014200 acpi0 acpi0
9040 203907 0 0 3 0x14200 bored softnet
82442 68177 0 0 3 0x14200 bored systqmp
97971 197493 0 0 3 0x14200 bored systq
53237 97517 0 0 3 0x40014200 bored softclock
9283 457312 0 0 3 0x40014200 idle0
1 311063 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 10187 6429K 7011K 78643K 22927 0
pcb 13 14K 16K 78643K 3803 0
rtable 222 8K 12K 78643K 887 0
ifaddr 85 17K 18K 78643K 264 0
sysctl 2 0K 0K 78643K 2 0
counters 27 17K 17K 78643K 45 0
ioctlops 0 0K 4K 78643K 1872 0
iov 0 0K 60K 78643K 1026 0
mount 1 1K 1K 78643K 1 0
log 0 0K 0K 78643K 5 0
vnodes 1406 88K 88K 78643K 4104 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 31 0
VM map 2 0K 0K 78643K 2 0
sem 12 0K 0K 78643K 679 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1697 195K 286K 78643K 12548 0
file desc 14 49K 89K 78643K 6229 0
sigio 0 0K 0K 78643K 138 0
proc 58 55K 71K 78643K 685 0
subproc 104 6K 6K 78643K 169 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 52 0
in_multi 85 5K 6K 78643K 187 0
ether_multi 1 0K 0K 78643K 13 0
mrt 0 0K 0K 78643K 12 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 163 731K 731K 78643K 163 0
exec 0 0K 2K 78643K 862 0
pfkey data 0 0K 0K 78643K 3 0
tdb 3 0K 0K 78643K 3 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 309 100K 769K 78643K 75240 0
UVM aobj 23 3K 3K 78643K 28 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 126 0
NDP 12 0K 1K 78643K 56 0
temp 130 4697K 4765K 78643K 30377 0
kqueue 12 18K 24K 78643K 132 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
rtpcb 120 95 0 92 1 0 1 1 0 8 0
rtentry 112 181 0 86 4 0 4 4 0 8 0
unpcb 136 2654 0 2639 24 23 1 5 0 8 0
syncache 296 4 0 4 1 1 0 1 0 8 0
tcpqe 32 60 0 60 1 1 0 1 0 8 0
tcpcb 736 617 0 613 42 40 2 19 0 8 1
arp 88 30 0 13 1 0 1 1 0 8 0
inpcb 304 8521 0 8512 42 35 7 11 0 8 4
rttmr 72 6 0 6 2 2 0 1 0 8 0
ip6q 72 6 0 6 1 1 0 1 0 8 0
ip6af 40 10 0 10 1 1 0 1 0 8 0
nd6 48 46 0 21 1 0 1 1 0 8 0
pkpcb 40 6 0 6 2 2 0 1 0 8 0
kcovpl 48 13 0 5 1 0 1 1 0 8 0
ppxss 1152 10 0 10 3 3 0 1 0 8 0
pfstscr 40 6 0 4 1 0 1 1 0 8 0
pfrktable 1344 156 0 152 1 0 1 1 0 8 0
pftag 88 2 0 0 1 0 1 1 0 8 0
pfstitem 24 4 0 0 1 0 1 1 0 8 0
pfstkey 112 12 0 8 1 0 1 1 0 8 0
pfstate 320 6 0 4 1 0 1 1 0 8 0
pfrule 1360 155 0 69 11 3 8 8 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 717 0 326 30 4 26 29 0 8 0
art_table 32 718 0 326 4 0 4 4 0 8 0
art_node 16 180 0 96 1 0 1 1 0 8 0
sysvmsgpl 40 20 0 8 1 0 1 1 0 8 0
semupl 112 3 0 3 1 1 0 1 0 8 0
semapl 112 677 0 667 1 0 1 1 0 8 0
shmpl 112 25 0 5 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino2pl 256 7993 0 6558 90 0 90 90 0 8 0
ffsino 240 7993 0 6558 85 0 85 85 0 8 0
nchpl 144 15179 0 13553 63 0 63 63 0 8 0
uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0
vnodes 224 5926 0 0 349 0 349 349 0 8 0
namei 1024 45296 0 45296 2 1 1 2 0 8 1
vcpupl 1984 3 0 2 1 0 1 1 0 8 0
vmpool 528 6 0 5 2 1 1 1 0 8 0
pfiaddrpl 120 54 0 51 2 1 1 1 0 8 0
scsiplug 72 3 0 3 1 1 0 1 0 8 0
scxspl 216 44274 0 44274 14 13 1 8 0 8 1
plimitpl 152 231 0 217 1 0 1 1 0 8 0
sigapl 424 6495 0 6456 6 1 5 6 0 8 0
futexpl 64 61838 0 61835 1 0 1 1 0 8 0
knotepl 120 56801 0 56721 11 7 4 10 0 8 0
kqueuepl 184 488 0 480 8 7 1 4 0 8 0
pipepl 304 1314 0 1286 27 24 3 10 0 8 0
fdescpl 432 6481 0 6456 4 0 4 4 0 8 0
filepl 120 33348 0 33108 43 30 13 16 0 8 5
lockfpl 104 560 0 558 2 1 1 2 0 8 0
lockfspl 48 189 0 187 1 0 1 1 0 8 0
sessionpl 144 28 0 12 1 0 1 1 0 8 0
pgrppl 48 37 0 21 1 0 1 1 0 8 0
ucredpl 96 1139 0 1128 1 0 1 1 0 8 0
zombiepl 144 6456 0 6452 1 0 1 1 0 8 0
processpl 1000 6495 0 6452 7 1 6 7 0 8 0
procpl 672 14113 0 14058 7 1 6 7 0 8 0
sosppl 168 16 0 16 2 2 0 1 0 8 0
sockpl 448 11277 0 11252 115 106 9 20 0 8 6
mcl64k 65536 154 0 154 7 6 1 1 0 8 1
mcl16k 16384 79 0 79 7 6 1 1 0 8 1
mcl12k 12288 135 0 135 5 4 1 1 0 8 1
mcl9k 9216 68 0 68 8 8 0 1 0 8 0
mcl8k 8192 256 0 256 3 2 1 1 0 8 1
mcl4k 4096 856 0 856 2 1 1 1 0 8 1
mcl2k2 2112 28 0 28 7 7 0 1 0 8 0
mcl2k 2048 83420 0 83356 19 8 11 12 0 8 0
mtagpl 96 1146 0 819 13 4 9 9 0 8 1
mbufpl 256 176932 0 176359 68 27 41 45 0 8 3
bufpl 288 10799 0 4390 458 0 458 458 0 8 0
anonpl 24 1612726 0 1594396 143 26 117 130 0 188 0
amapchunkpl 152 212331 0 211592 669 602 67 657 0 158 35
amappl16 200 13833 0 13225 48 15 33 40 0 8 0
amappl15 192 883 0 877 1 0 1 1 0 8 0
amappl14 184 18 0 11 1 0 1 1 0 8 0
amappl13 176 983 0 980 1 0 1 1 0 8 0
amappl12 168 848 0 844 1 0 1 1 0 8 0
amappl11 160 107 0 97 1 0 1 1 0 8 0
amappl10 152 799 0 797 1 0 1 1 0 8 0
amappl9 144 1689 0 1684 1 0 1 1 0 8 0
amappl8 136 2218 0 2144 3 0 3 3 0 8 0
amappl7 128 1629 0 1617 1 0 1 1 0 8 0
amappl6 120 1437 0 1417 2 1 1 2 0 8 0
amappl5 112 6374 0 6358 1 0 1 1 0 8 0
amappl4 104 1051 0 1025 1 0 1 1 0 8 0
amappl3 96 1209 0 1196 1 0 1 1 0 8 0
amappl2 88 2508 0 2460 3 1 2 3 0 8 0
amappl1 80 111815 0 111292 19 6 13 18 0 8 0
amappl 88 74672 0 74460 6 0 6 6 0 92 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma1024 1024 1 0 0 1 0 1 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 72 27 0 5 1 0 1 1 0 8 0
uaddrrnd 24 6487 0 6461 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 6487 0 6461 1 0 1 1 0 8 0
vmmpekpl 168 41144 0 41097 3 0 3 3 0 8 0
vmmpepl 168 560944 0 558572 168 52 116 136 0 357 4
vmsppl 272 6486 0 6460 4 1 3 3 0 8 0
rwobjpl 24 133484 0 126020 47 0 47 47 0 8 0
pdppl 4096 12980 0 12921 181 116 65 76 0 8 6
pvpl 32 2717416 0 2695057 271 78 193 234 0 265 2
pmappl 216 6486 0 6460 2 0 2 2 0 8 0
extentpl 40 58 0 38 1 0 1 1 0 8 0
phpool 112 1131 0 323 24 0 24 24 0 8 0
ddb> machine ddbcpu 0
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff8255d699) at panic+0x161 sys/kern/subr_prf.c:202
pmap_remove_ptes(fffffd806a9206c8,fffffd8006494380,7f86c7d66098,d8facc13000,d8face00000,0,42f7f03c58402660) at pmap_remove_ptes+0x32e
pmap_do_remove(fffffd806a9206c8,d8facc13000,d8fad013000,0) at pmap_do_remove+0x438 sys/arch/amd64/amd64/pmap.c:1865
uvm_unmap_kill_entry_withlock(fffffd80690e2880,fffffd8067b48a98,0) at uvm_unmap_kill_entry_withlock+0x1a2 sys/uvm/uvm_map.c:2139
uvm_map_teardown(fffffd80690e2880) at uvm_map_teardown+0x167 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline]
uvm_map_teardown(fffffd80690e2880) at uvm_map_teardown+0x167 sys/uvm/uvm_map.c:2771
uvmspace_free(fffffd80690e2880) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3685
reaper(ffff8000fffff500) at reaper+0x15e sys/kern/kern_exit.c:462
end trace frame: 0x0, count: -8
ddb> machine ddbcpu 1
No such command
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff8255d699) at panic+0x161 sys/kern/subr_prf.c:202
pmap_remove_ptes(fffffd806a9206c8,fffffd8006494380,7f86c7d66098,d8facc13000,d8face00000,0,42f7f03c58402660) at pmap_remove_ptes+0x32e
pmap_do_remove(fffffd806a9206c8,d8facc13000,d8fad013000,0) at pmap_do_remove+0x438 sys/arch/amd64/amd64/pmap.c:1865
uvm_unmap_kill_entry_withlock(fffffd80690e2880,fffffd8067b48a98,0) at uvm_unmap_kill_entry_withlock+0x1a2 sys/uvm/uvm_map.c:2139
uvm_map_teardown(fffffd80690e2880) at uvm_map_teardown+0x167 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline]
uvm_map_teardown(fffffd80690e2880) at uvm_map_teardown+0x167 sys/uvm/uvm_map.c:2771
uvmspace_free(fffffd80690e2880) at uvmspace_free+0x86 sys/uvm/uvm_map.c:3685
reaper(ffff8000fffff500) at reaper+0x15e sys/kern/kern_exit.c:462
end trace frame: 0x0, count: -8