panic: pmap_remove_ptes: unmanaged page marked PG_PVLIST: va 0x20016000, opte 0xffffffffffffffff Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *439641 85825 0 0x14000 0x200 0 reaper db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828ca585) at panic+0x165 sys/kern/subr_prf.c:198 pmap_remove_ptes(fffffd806ac6c008,fffffd8005d60e80,7f8000100080,20010000,20200000,0,ff2dd62b18533196) at pmap_remove_ptes+0x33e pmap_do_remove(fffffd806ac6c008,20010000,21000000,0) at pmap_do_remove+0x427 sys/arch/amd64/amd64/pmap.c:1896 uvm_unmap_kill_entry_withlock(fffffd8079490d88,fffffd806c3bdb68,0) at uvm_unmap_kill_entry_withlock+0x1a7 sys/uvm/uvm_map.c:1897 uvm_map_teardown(fffffd8079490d88) at uvm_map_teardown+0x157 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] uvm_map_teardown(fffffd8079490d88) at uvm_map_teardown+0x157 sys/uvm/uvm_map.c:2534 uvmspace_free(fffffd8079490d88) at uvmspace_free+0x96 sys/uvm/uvm_map.c:3461 reaper(ffff80002a5d7c38) at reaper+0x15a sys/kern/kern_exit.c:475 end trace frame: 0x0, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: pmap_remove_ptes: unmanaged page marked PG_PVLIST: va 0x20016000, opte 0xffffffffffffffff ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828ca585) at panic+0x165 sys/kern/subr_prf.c:198 pmap_remove_ptes(fffffd806ac6c008,fffffd8005d60e80,7f8000100080,20010000,20200000,0,ff2dd62b18533196) at pmap_remove_ptes+0x33e pmap_do_remove(fffffd806ac6c008,20010000,21000000,0) at pmap_do_remove+0x427 sys/arch/amd64/amd64/pmap.c:1896 uvm_unmap_kill_entry_withlock(fffffd8079490d88,fffffd806c3bdb68,0) at uvm_unmap_kill_entry_withlock+0x1a7 sys/uvm/uvm_map.c:1897 uvm_map_teardown(fffffd8079490d88) at uvm_map_teardown+0x157 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] uvm_map_teardown(fffffd8079490d88) at uvm_map_teardown+0x157 sys/uvm/uvm_map.c:2534 uvmspace_free(fffffd8079490d88) at uvmspace_free+0x96 sys/uvm/uvm_map.c:3461 reaper(ffff80002a5d7c38) at reaper+0x15a sys/kern/kern_exit.c:475 end trace frame: 0x0, count: -8 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002a5d4c20 rbx 0 rdx 0 rcx 0 rax 0xffff80002a5d7c38 r8 0x101010101010101 r9 0x8080808080808080 r10 0xba0c7586105c6cde r11 0xe711f07c43b38ef3 r12 0 r13 0x7f80001000b0 r14 0 r15 0x1 rip 0xffffffff82635e7c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff80002a5d4c10 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (reaper) tid=439641 pid=85825 tcnt=1 stat=onproc flags process=14000 proc=200 runpri=4, usrpri=66, slppri=4, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a58dc30,0xffff80002a5d7498 process=0xffff8000fffff2a0 user=0xffff80002a5d0000, vmspace=0xffffffff82e63310 estcpu=16, cpticks=2, pctcpu=4.38, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 90904 411182 10837 0 3 0x8000080 nanoslp syz-executor.0 90904 451996 10837 0 3 0xc000080 sbwait syz-executor.0 90904 30933 10837 0 3 0xc000080 fsleep syz-executor.0 61089 429882 32335 0 3 0x8000082 nanoslp syz-executor.1 37587 166774 32335 0 3 0x8000082 wait syz-executor.2 39188 109211 3888 0 3 0x18100082 netio ndp 3888 268431 35665 0 3 0x810008a sigsusp sh 43149 460034 32335 0 3 0x8000082 nanoslp syz-executor.7 10837 17023 32335 0 3 0x8000082 nanoslp syz-executor.0 26792 31669 32335 0 3 0x8000082 nanoslp syz-executor.4 35665 245236 32335 0 3 0x8000082 wait syz-executor.6 65136 144482 32335 0 3 0x8000082 nanoslp syz-executor.5 22314 97912 32335 0 3 0x8000082 nanoslp syz-executor.3 15913 460779 1 0 3 0x18100083 ttyin getty 82984 42975 0 0 3 0x14200 acct acct 9616 79731 0 0 3 0x14280 nfsidl nfsio 61085 10271 0 0 3 0x14280 nfsidl nfsio 74896 338031 0 0 3 0x14280 nfsidl nfsio 18026 184394 0 0 3 0x14280 nfsidl nfsio 30573 343292 0 0 3 0x14280 nfsidl nfsio 78679 239910 0 0 3 0x14280 nfsidl nfsio 21163 289071 0 0 3 0x14280 nfsidl nfsio 31097 420589 0 0 3 0x14280 nfsidl nfsio 67700 46415 0 0 3 0x14280 nfsidl nfsio 8730 189815 0 0 3 0x14280 nfsidl nfsio 80757 52945 0 0 3 0x14280 nfsidl nfsio 78170 413233 0 0 3 0x14280 nfsidl nfsio 46384 155408 0 0 3 0x14280 nfsidl nfsio 62298 248205 0 0 3 0x14280 nfsidl nfsio 46666 162980 0 0 3 0x14280 nfsidl nfsio 69284 305140 0 0 3 0x14280 nfsidl nfsio 67363 324567 0 0 3 0x14280 nfsidl nfsio 71079 233683 0 0 3 0x14280 nfsidl nfsio 54 175835 0 0 3 0x14280 nfsidl nfsio 8993 504753 0 0 3 0x14280 nfsidl nfsio 46714 56685 0 0 3 0x14200 bored sosplice 32335 317453 83242 0 3 0x1a000082 thrsleep syz-fuzzer 32335 251969 83242 0 3 0x1e000082 thrsleep syz-fuzzer 32335 391905 83242 0 3 0x1e000082 wait syz-fuzzer 32335 452304 83242 0 3 0x1e000082 wait syz-fuzzer 32335 370159 83242 0 3 0x1e000082 wait syz-fuzzer 32335 464233 83242 0 3 0x1e000082 wait syz-fuzzer 32335 176073 83242 0 3 0x1e000082 wait syz-fuzzer 32335 85021 83242 0 3 0x1e000082 thrsleep syz-fuzzer 32335 441491 83242 0 3 0x1e000082 wait syz-fuzzer 32335 412351 83242 0 3 0x1e000082 kqread syz-fuzzer 32335 178086 83242 0 3 0x1e000082 thrsleep syz-fuzzer 32335 62963 83242 0 3 0x1e000082 wait syz-fuzzer 32335 494797 83242 0 3 0x1e000082 thrsleep syz-fuzzer 32335 265989 83242 0 3 0x1e000082 wait syz-fuzzer 32335 129015 83242 0 3 0x1e000082 thrsleep syz-fuzzer 83242 334156 63610 0 3 0x810008a sigsusp ksh 63610 362613 16832 0 3 0x1800009a kqread sshd 16832 296649 1 0 3 0x18000088 kqread sshd 35853 346171 88142 73 3 0x19100010 biowait syslogd 88142 301843 1 0 3 0x18100082 sbwait syslogd 1764 129042 1 0 3 0x18100080 kqread resolvd 45129 370648 37283 77 3 0x18100092 kqread dhcpleased 43774 404090 37283 77 3 0x18100092 kqread dhcpleased 37283 477515 1 0 3 0x18000080 kqread dhcpleased 44278 62146 0 0 3 0x14200 bored smr 89544 325586 0 0 2 0x14200 zerothread 1832 361734 0 0 3 0x14200 aiodoned aiodoned 41210 211220 0 0 3 0x14200 syncer update 20968 427341 0 0 3 0x14200 cleaner cleaner *85825 439641 0 0 7 0x14200 reaper 28414 455691 0 0 3 0x14200 pgdaemon pagedaemon 96463 408289 0 0 3 0x14200 bored viomb 29467 206461 0 0 3 0x40014200 acpi0 acpi0 16510 125884 0 0 3 0x14200 bored softnet3 8352 508388 0 0 3 0x14200 bored softnet2 6370 521658 0 0 3 0x14200 bored softnet1 48169 403815 0 0 3 0x14200 bored softnet0 52072 357982 0 0 3 0x14200 bored systqmp 18221 94679 0 0 3 0x14200 bored systq 34568 53980 0 0 3 0x40014200 tmoslp softclock 11359 153046 0 0 3 0x40014200 idle0 1 191621 0 0 3 0x8080082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10190 6491K 7129K 166960K 13206 0 pcb 17 12K 12K 166960K 156 0 rtable 173 7K 8K 166960K 853 0 pf 29 8K 9K 166960K 69 0 ifaddr 36 9K 11K 166960K 110 0 ifgroup 50 2K 2K 166960K 122 0 sysctl 4 1K 1K 166960K 4 0 counters 30 17K 17K 166960K 49 0 ioctlops 0 0K 2K 166960K 121 0 iov 0 0K 18K 166960K 122 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1370 86K 86K 166960K 2309 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 25 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 90 0 dirhash 12 2K 2K 166960K 48 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 14 49K 89K 166960K 1042 0 sigio 0 0K 0K 166960K 10 0 proc 58 59K 116K 166960K 961 0 subproc 104 6K 6K 166960K 273 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 115 0 in_multi 74 5K 7K 166960K 270 0 ether_multi 1 0K 0K 166960K 8 0 mrt 0 0K 0K 166960K 5 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 97 440K 440K 166960K 97 0 exec 0 0K 1K 166960K 636 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 262 76K 95K 166960K 10704 0 UVM aobj 18 2K 2K 166960K 21 0 pinsyscall 35 70K 100K 166960K 2522 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 38 0 NDP 13 0K 1K 166960K 72 0 temp 75 6800K 6915K 166960K 26145 0 kqueue 12 18K 26K 166960K 139 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 120 0 116 1 0 1 1 0 8 0 rtentry 112 281 0 206 4 0 4 4 0 8 1 unpcb 144 683 0 668 2 0 2 2 0 8 0 syncache 336 5 0 5 1 0 1 1 0 8 1 tcpqe 32 45 0 45 1 0 1 1 0 8 1 tcpcb 808 289 0 281 3 0 3 3 0 8 2 arp 88 51 0 36 1 0 1 1 0 8 0 ipq 40 3 0 2 1 0 1 1 0 8 0 ipqe 40 91 0 89 1 0 1 1 0 8 0 inpcb 352 887 0 878 3 0 3 3 0 8 2 nd6 104 66 0 49 1 0 1 1 0 8 0 pkpcb 40 7 0 7 1 0 1 1 0 8 1 kcovpl 48 21 0 13 1 0 1 1 0 8 0 ppxss 1072 4 0 4 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1157 0 827 33 9 24 29 0 8 3 art_table 32 1158 0 827 4 0 4 4 0 8 0 art_node 16 277 0 210 1 0 1 1 0 8 0 sysvmsgpl 40 16 0 7 1 0 1 1 0 8 0 semupl 112 2 0 2 1 0 1 1 0 8 1 semapl 112 85 0 75 1 0 1 1 0 8 0 shmpl 112 18 0 3 1 0 1 1 0 8 0 dirhash 1024 41 0 24 3 0 3 3 0 8 0 dino2pl 256 2963 0 1456 95 0 95 95 0 8 0 ffsino 240 2963 0 1456 90 0 90 90 0 8 0 nchpl 144 4416 0 2682 66 0 66 66 0 8 0 uvmvnodes 80 3787 0 0 78 0 78 78 0 8 0 vnodes 216 3787 0 0 211 0 211 211 0 8 0 namei 1024 16512 0 16512 2 0 2 2 0 8 2 vcpupl 3904 2 0 1 1 0 1 1 0 8 0 vmpool 664 3 0 2 1 0 1 1 0 8 0 kstatmem 264 60 0 38 2 0 2 2 0 8 0 scsiplug 72 1 0 1 1 0 1 1 0 8 1 scxspl 216 23864 0 23863 8 0 8 8 1 8 7 plimitpl 152 190 0 173 1 0 1 1 0 8 0 sigapl 424 1339 0 1271 9 0 9 9 0 8 0 futexpl 64 16652 0 16651 1 0 1 1 0 8 0 knotepl 120 7788 0 7703 12 0 12 12 0 8 8 kqueuepl 184 301 0 293 4 0 4 4 0 8 3 pipepl 288 279 0 251 3 0 3 3 0 8 0 fdescpl 432 1300 0 1275 4 0 4 4 0 8 0 filepl 120 7900 0 7659 11 0 11 11 0 8 1 lockfpl 104 351 0 349 1 0 1 1 0 8 0 lockfspl 48 164 0 162 1 0 1 1 0 8 0 sessionpl 144 38 0 22 1 0 1 1 0 8 0 pgrppl 48 46 0 30 1 0 1 1 0 8 0 ucredpl 104 1156 0 1144 1 0 1 1 0 8 0 zombiepl 144 1277 0 1271 1 0 1 1 0 8 0 processpl 1080 1339 0 1271 5 0 5 5 0 8 0 procpl 656 2266 0 2182 8 0 8 8 0 8 0 sosppl 168 2 0 2 1 0 1 1 0 8 1 sockpl 504 1705 0 1678 7 0 7 7 0 8 2 mcl64k 65536 27 0 27 1 0 1 1 0 8 1 mcl16k 16384 3 0 3 1 0 1 1 0 8 1 mcl12k 12288 5 0 5 1 0 1 1 0 8 1 mcl9k 9216 2 0 2 1 0 1 1 0 8 1 mcl8k 8192 38 0 38 1 0 1 1 0 8 1 mcl4k 4096 18 0 18 1 0 1 1 0 8 1 mcl2k 2048 17815 0 17716 48 28 20 48 0 8 5 mtagpl 96 51 0 46 1 0 1 1 0 8 0 mbufpl 256 39174 0 38966 181 152 29 64 0 8 8 bufpl 280 6367 0 192 442 0 442 442 0 8 0 anonpl 24 343869 0 337841 66 0 66 66 0 188 22 amapchunkpl 152 37809 0 37190 41 0 41 41 0 158 12 amappl16 200 8701 0 8577 20 4 16 20 0 8 8 amappl15 192 18 0 18 1 0 1 1 0 8 1 amappl14 184 201 0 190 2 0 2 2 0 8 1 amappl13 176 9 0 9 1 0 1 1 0 8 1 amappl12 168 2140 0 2112 2 0 2 2 0 8 0 amappl11 160 74 0 56 1 0 1 1 0 8 0 amappl10 152 84 0 81 1 0 1 1 0 8 0 amappl9 144 123 0 123 1 0 1 1 0 8 1 amappl8 136 153 0 120 2 0 2 2 0 8 0 amappl7 128 48 0 34 1 0 1 1 0 8 0 amappl6 120 482 0 466 2 0 2 2 0 8 1 amappl5 112 221 0 209 1 0 1 1 0 8 0 amappl4 104 623 0 589 2 0 2 2 0 8 1 amappl3 96 7436 0 7365 3 0 3 3 0 8 0 amappl2 88 1799 0 1726 4 0 4 4 0 8 2 amappl1 80 13129 0 12612 22 3 19 22 0 8 7 amappl 88 10007 0 9833 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 0 1 1 0 8 1 dma128 128 253 0 253 1 0 1 1 0 8 1 dma64 64 6 0 6 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 20 0 3 1 0 1 1 0 8 0 uaddrrnd 24 1303 0 1277 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1303 0 1277 1 0 1 1 0 8 0 vmmpekpl 168 13853 0 13788 4 0 4 4 0 8 0 vmmpepl 168 103117 0 101349 113 0 113 113 0 357 23 vmsppl 344 1302 0 1276 4 0 4 4 0 8 0 rwobjpl 24 36633 0 31727 30 0 30 30 0 8 0 pdppl 4096 2612 0 2553 138 71 67 77 0 8 8 pvpl 32 762845 0 750823 372 21 351 372 0 265 231 pmappl 216 1302 0 1276 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 612 0 260 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828ca585) at panic+0x165 sys/kern/subr_prf.c:198 pmap_remove_ptes(fffffd806ac6c008,fffffd8005d60e80,7f8000100080,20010000,20200000,0,ff2dd62b18533196) at pmap_remove_ptes+0x33e pmap_do_remove(fffffd806ac6c008,20010000,21000000,0) at pmap_do_remove+0x427 sys/arch/amd64/amd64/pmap.c:1896 uvm_unmap_kill_entry_withlock(fffffd8079490d88,fffffd806c3bdb68,0) at uvm_unmap_kill_entry_withlock+0x1a7 sys/uvm/uvm_map.c:1897 uvm_map_teardown(fffffd8079490d88) at uvm_map_teardown+0x157 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] uvm_map_teardown(fffffd8079490d88) at uvm_map_teardown+0x157 sys/uvm/uvm_map.c:2534 uvmspace_free(fffffd8079490d88) at uvmspace_free+0x96 sys/uvm/uvm_map.c:3461 reaper(ffff80002a5d7c38) at reaper+0x15a sys/kern/kern_exit.c:475 end trace frame: 0x0, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff828ca585) at panic+0x165 sys/kern/subr_prf.c:198 pmap_remove_ptes(fffffd806ac6c008,fffffd8005d60e80,7f8000100080,20010000,20200000,0,ff2dd62b18533196) at pmap_remove_ptes+0x33e pmap_do_remove(fffffd806ac6c008,20010000,21000000,0) at pmap_do_remove+0x427 sys/arch/amd64/amd64/pmap.c:1896 uvm_unmap_kill_entry_withlock(fffffd8079490d88,fffffd806c3bdb68,0) at uvm_unmap_kill_entry_withlock+0x1a7 sys/uvm/uvm_map.c:1897 uvm_map_teardown(fffffd8079490d88) at uvm_map_teardown+0x157 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline] uvm_map_teardown(fffffd8079490d88) at uvm_map_teardown+0x157 sys/uvm/uvm_map.c:2534 uvmspace_free(fffffd8079490d88) at uvmspace_free+0x96 sys/uvm/uvm_map.c:3461 reaper(ffff80002a5d7c38) at reaper+0x15a sys/kern/kern_exit.c:475 end trace frame: 0x0, count: -8