panic: pmap_remove_ptes: managed page without PG_PVLIST: va 0x2539804a000, opte 0x6cd23001 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8343985a) at panic+0x1cf sys/kern/subr_prf.c:198 pmap_remove_pte(fffffd806cc80298,fffffd8006faf780,7f8129cc01d8,2539803b000,2539808e000,0) at pmap_remove_pte pmap_do_remove(fffffd806cc80298,2539803b000,2539808e000,0) at pmap_do_remove+0x53a sys/arch/amd64/amd64/pmap.c:1920 uvm_unmap_kill_entry_withlock(fffffd806d5bde78,fffffd806691d190,0) at uvm_unmap_kill_entry_withlock+0x269 sys/uvm/uvm_map.c:1869 uvm_map_teardown(fffffd806d5bde78) at uvm_map_teardown+0x117 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:-1 [inline] uvm_map_teardown(fffffd806d5bde78) at uvm_map_teardown+0x117 sys/uvm/uvm_map.c:2497 exit1(ffff80003c90a7e8,0,0,1) at exit1+0x6e6 sys/kern/kern_exit.c:259 sys_exit(ffff80003c90a7e8,ffff80003c9cd780,ffff80003c9cd6d0) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80003c9cd780) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9cd780) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7b5513203800, count: 5 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: pmap_remove_ptes: managed page without PG_PVLIST: va 0x2539804a000, opte 0x6cd23001 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8343985a) at panic+0x1cf sys/kern/subr_prf.c:198 pmap_remove_pte(fffffd806cc80298,fffffd8006faf780,7f8129cc01d8,2539803b000,2539808e000,0) at pmap_remove_pte pmap_do_remove(fffffd806cc80298,2539803b000,2539808e000,0) at pmap_do_remove+0x53a sys/arch/amd64/amd64/pmap.c:1920 uvm_unmap_kill_entry_withlock(fffffd806d5bde78,fffffd806691d190,0) at uvm_unmap_kill_entry_withlock+0x269 sys/uvm/uvm_map.c:1869 uvm_map_teardown(fffffd806d5bde78) at uvm_map_teardown+0x117 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:-1 [inline] uvm_map_teardown(fffffd806d5bde78) at uvm_map_teardown+0x117 sys/uvm/uvm_map.c:2497 exit1(ffff80003c90a7e8,0,0,1) at exit1+0x6e6 sys/kern/kern_exit.c:259 sys_exit(ffff80003c90a7e8,ffff80003c9cd780,ffff80003c9cd6d0) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80003c9cd780) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9cd780) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7b5513203800, count: -10 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80003c9cd340 rbx 0xfffffd8006faf780 rdx 0 rcx 0 rax 0xffff80003c90a7e8 r8 0x101010101010101 r9 0x8080808080808080 r10 0x482f8d559caa3994 r11 0xa54041ed53648e86 r12 0 r13 0x7f8129cc0250 r14 0 r15 0x1 rip 0xffffffff81a6abc5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003c9cd330 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=53395 pid=30146 tcnt=0 stat=onproc flags process=1008 proc=2000 runpri=26, usrpri=76, slppri=26, nice=20 wchan=0x0, wmesg=, ps_single=0xffff80003c90a7e8 scnt=-1 ecnt=1 forw=0xffffffffffffffff, list=0xffff80003c90ba10,0xffff80003c9ac040 process=0xffff8000ffff9b18 user=0xffff80003c9c8000, vmspace=0xfffffd806d5bde78 estcpu=26, cpticks=9, pctcpu=0.4, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 22287 35439 12718 0 3 0x2 biowait syz-executor 79633 452078 12718 0 3 0x82 piperd syz-executor 23321 479950 62317 0 3 0x3000 suspend syz-executor 23321 328045 62317 0 3 0x4081000 biowait syz-executor 23321 34580 62317 0 3 0x4081000 fltagain2 syz-executor 23321 317769 62317 0 3 0x4081000 fltagain2 syz-executor 63867 382493 35829 0 3 0x3000 suspend syz-executor 63867 366242 35829 0 2 0x4081000 syz-executor 62317 354315 12718 0 3 0x82 wait syz-executor 28680 351484 0 0 3 0x14280 nfsidl nfsio 10442 486157 0 0 3 0x14280 nfsidl nfsio 5589 91372 0 0 3 0x14280 nfsidl nfsio 28173 390438 0 0 3 0x14280 nfsidl nfsio 44077 107855 0 0 3 0x14280 nfsidl nfsio 82868 86362 0 0 3 0x14280 nfsidl nfsio 61161 352555 0 0 3 0x14280 nfsidl nfsio 14571 263787 0 0 3 0x14280 nfsidl nfsio 72191 451040 0 0 3 0x14280 nfsidl nfsio 7494 8605 0 0 3 0x14280 nfsidl nfsio 18575 204116 0 0 3 0x14280 nfsidl nfsio 77835 181553 0 0 3 0x14280 nfsidl nfsio 49266 505343 0 0 3 0x14280 nfsidl nfsio 94347 233934 0 0 3 0x14280 nfsidl nfsio 77395 103553 0 0 3 0x14280 nfsidl nfsio 21793 85873 0 0 3 0x14280 nfsidl nfsio 67920 164736 0 0 3 0x14280 nfsidl nfsio 90716 323228 0 0 3 0x14280 nfsidl nfsio 24908 449089 0 0 3 0x14280 nfsidl nfsio 21270 484259 0 0 3 0x14280 nfsidl nfsio 17639 103636 0 0 3 0x14200 acct acct 4493 316084 1 0 3 0x80 nanoslp init 35829 364186 12718 0 3 0x82 wait syz-executor 84993 182573 12718 0 3 0x2 biowait syz-executor 72323 420396 12718 0 2 0xc82 syz-executor 72174 31968 12718 0 3 0x82 piperd syz-executor 95996 145399 12718 0 3 0x82 wait syz-executor 12718 206941 42184 0 2 0x2 syz-executor 42184 227454 60366 0 3 0x10008a sigsusp ksh 60366 183871 82582 0 3 0x98 kqread sshd-session 82582 22529 4806 0 3 0x92 kqread sshd-session 4806 341768 1 0 3 0x88 kqread sshd 61675 369496 3149 73 3 0x1100090 kqread syslogd 3149 239390 1 0 3 0x100082 sbwait syslogd 53157 476583 1 0 3 0x100080 kqread resolvd 6260 340648 91727 77 3 0x100092 kqread dhcpleased 33148 473680 91727 77 3 0x100092 kqread dhcpleased 91727 270427 1 0 3 0x80 kqread dhcpleased 31603 236225 0 0 3 0x14200 bored smr 74524 65528 0 0 2 0x14200 zerothread 71638 357685 0 0 3 0x14200 aiodoned aiodoned 76058 189103 0 0 2 0x14e00 update 97453 120458 0 0 3 0x14200 cleaner cleaner 61879 465693 0 0 3 0x14200 reaper reaper 22682 42351 0 0 3 0x14200 pgdaemon pagedaemon 46958 444829 0 0 3 0x14200 bored viomb 317 309751 0 0 3 0x40014200 acpi0 acpi0 695 50670 0 0 2 0x14200 softnet0 40651 487611 0 0 3 0x14200 bored systqmp 41719 166744 0 0 3 0x14200 bored systq 37764 298270 0 0 3 0x40014200 tmoslp softclock 31526 480624 0 0 3 0x40014200 idle0 1 32674 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11073 12113K 13349K 166960K 15687 0 pcb 17 16K 18K 166960K 537 0 rtable 226 11K 11K 166960K 952 0 pf 31 13K 17K 166960K 341 0 ifaddr 34 6K 7K 166960K 109 0 ifgroup 43 1K 2K 166960K 151 0 sysctl 4 1K 9K 166960K 20 0 counters 32 17K 18K 166960K 97 0 ioctlops 0 0K 4K 166960K 596 0 iov 0 0K 28K 166960K 117 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1468 92K 93K 166960K 3354 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 1K 166960K 2 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 198 0 dirhash 12 2K 2K 166960K 51 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 12 41K 236K 166960K 1730 0 sigio 0 0K 0K 166960K 42 0 proc 51 50K 108K 166960K 771 0 subproc 72 4K 4K 166960K 119 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 611 0 in_multi 74 5K 7K 166960K 220 0 ether_multi 1 0K 0K 166960K 20 0 mrt 0 0K 0K 166960K 40 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 289 1288K 1288K 166960K 289 0 exec 0 0K 1K 166960K 789 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 205 158K 181K 166960K 16546 0 UVM aobj 118 9K 9K 166960K 127 0 pinsyscall 33 66K 95K 166960K 2996 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 117 0 NDP 12 0K 1K 166960K 79 0 temp 75 9076K 9152K 166960K 124866 0 kqueue 13 20K 30K 166960K 279 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 492 0 489 3 0 3 3 0 8 2 rtentry 136 259 0 177 4 0 4 4 0 8 0 unpcb 144 1612 0 1596 11 5 6 6 0 8 5 syncache 336 10 0 10 2 1 1 1 0 8 1 tcpqe 32 8 0 8 2 1 1 1 0 8 1 tcpcb 736 676 0 666 10 3 7 7 0 8 5 arp 96 32 0 17 1 0 1 1 0 8 0 ipq 40 4 0 2 1 0 1 1 0 8 0 ipqe 40 5 0 3 1 0 1 1 0 8 0 inpcb 328 2048 0 2035 9 2 7 7 0 8 4 ip6q 72 2 0 0 1 0 1 1 0 8 0 ip6af 40 2 0 0 1 0 1 1 0 8 0 nd6 112 42 0 24 1 0 1 1 0 8 0 pkpcb 40 3 0 3 2 1 1 1 0 8 1 kcovpl 48 13 0 5 1 0 1 1 0 8 0 mppekey 1024 2 0 2 1 1 0 1 0 8 0 ppxss 1072 55 0 55 2 1 1 1 0 8 1 pppxif 1384 2 0 2 1 1 0 1 0 8 0 pfstscr 40 2 0 2 1 1 0 1 0 8 0 pffrag 232 6 0 1 1 0 1 1 0 482 0 pffrnode 88 6 0 1 1 0 1 1 0 8 0 pffrent 40 11 0 5 1 0 1 1 0 8 0 pfstlim 224 1 0 0 1 0 1 1 0 8 0 pftag 88 3 0 0 1 0 1 1 0 8 0 pfqueue 320 2 0 1 1 0 1 1 0 8 0 pfstkey 128 3 0 3 1 1 0 1 0 8 0 pfstate 384 2 0 2 1 1 0 1 0 8 0 pfrule 1360 88 0 88 2 1 1 1 0 8 1 rttmr 136 3 0 3 2 1 1 1 0 8 1 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 917 0 564 29 3 26 29 0 8 3 art_table 40 921 0 564 5 0 5 5 0 8 0 art_node 32 258 0 186 2 0 2 2 0 8 1 sysvmsgpl 40 12 0 10 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 193 0 183 1 0 1 1 0 8 0 shmpl 112 119 0 7 4 0 4 4 0 8 0 dirhash 1024 44 0 27 3 0 3 3 0 8 0 dino2pl 256 4576 0 3121 92 0 92 92 0 8 0 ffsino 256 4576 0 3121 92 0 92 92 0 8 0 nchpl 144 6905 0 5204 64 0 64 64 0 8 0 rtmask 32 15 0 15 2 1 1 1 0 8 1 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 24896 0 24894 3 2 1 2 0 8 0 vcpupl 3904 5 0 2 1 0 1 1 0 8 0 vmpool 808 5 0 2 1 0 1 1 0 8 0 kstatmem 264 102 0 82 2 0 2 2 0 8 0 scsiplug 72 9 0 9 2 1 1 1 0 8 1 scxspl 216 24405 0 24402 9 7 2 8 1 8 1 plimitpl 152 681 0 664 1 0 1 1 0 8 0 sigapl 424 2050 0 1990 10 2 8 8 0 8 0 knotepl 120 1027855 0 1027808 26 16 10 18 0 8 7 kqueuepl 184 584 0 575 6 2 4 4 0 8 3 pipepl 304 236 0 209 3 0 3 3 0 8 0 fdescpl 448 1993 0 1968 5 1 4 5 0 8 0 filepl 120 14553 0 14344 17 5 12 15 0 8 2 lockfpl 104 1081 0 1079 2 1 1 2 0 8 0 lockfspl 48 404 0 402 1 0 1 1 0 8 0 sessionpl 144 34 0 27 1 0 1 1 0 8 0 pgrppl 48 61 0 46 1 0 1 1 0 8 0 ucredpl 104 2543 0 2531 1 0 1 1 0 8 0 zombiepl 144 1994 0 1990 1 0 1 1 0 8 0 processpl 1152 2050 0 1990 5 0 5 5 0 8 0 procpl 664 4319 0 4255 8 1 7 7 0 8 0 sosppl 176 20 0 20 2 1 1 1 0 8 1 sockpl 552 4255 0 4223 24 13 11 17 0 8 6 mcl64k 65536 75 0 75 2 1 1 1 0 8 1 mcl16k 16384 3 0 3 2 1 1 1 0 8 1 mcl12k 12288 1 0 1 1 0 1 1 0 8 1 mcl9k 9216 1 0 1 1 0 1 1 0 8 1 mcl8k 8192 12 0 12 2 1 1 1 0 8 1 mcl4k 4096 4516 0 4462 16 7 9 14 0 8 2 mcl2k2 2112 2 0 2 2 1 1 1 0 8 1 mcl2k 2048 1628 0 1627 4 0 4 4 0 8 3 mtagpl 96 29 0 20 1 0 1 1 0 8 0 mbufpl 256 100833 0 100701 611 588 23 481 0 8 8 bufpl 280 7312 0 1098 444 0 444 444 0 8 0 anonpl 24 295805 0 277296 133 0 133 133 0 187 7 amapchunkpl 152 56361 0 55640 39 4 35 35 0 158 3 amappl16 200 6480 0 5773 56 5 51 51 0 8 1 amappl15 192 24 0 24 1 1 0 1 0 8 0 amappl14 184 470 0 469 1 0 1 1 0 8 0 amappl13 176 142 0 133 1 0 1 1 0 8 0 amappl12 168 2256 0 2232 2 0 2 2 0 8 0 amappl11 160 9 0 8 1 0 1 1 0 8 0 amappl10 152 59 0 49 1 0 1 1 0 8 0 amappl9 144 263 0 263 1 1 0 1 0 8 0 amappl8 136 119 0 117 1 0 1 1 0 8 0 amappl7 128 192 0 180 1 0 1 1 0 8 0 amappl6 120 200 0 196 1 0 1 1 0 8 0 amappl5 112 107 0 98 1 0 1 1 0 8 0 amappl4 104 310 0 294 1 0 1 1 0 8 0 amappl3 96 9973 0 9902 3 0 3 3 0 8 0 amappl2 88 2178 0 2110 2 0 2 2 0 8 0 amappl1 80 19189 0 18677 18 3 15 15 0 8 3 amappl 88 15443 0 15298 5 0 5 5 0 92 0 uvmvnodes 80 159 0 0 4 0 4 4 0 8 0 dma8192 8192 2 0 2 1 1 0 1 0 8 0 dma4096 4096 3 0 3 2 1 1 1 0 8 1 dma1024 1024 3 0 2 1 0 1 1 0 8 0 dma256 256 7 0 7 2 1 1 1 0 8 1 dma128 128 255 0 255 2 1 1 1 0 8 1 dma64 64 7 0 7 2 1 1 1 0 8 1 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 126 0 9 3 0 3 3 0 8 0 uaddrrnd 24 1993 0 1967 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1993 0 1967 1 0 1 1 0 8 0 vmmpekpl 168 17509 0 17454 4 1 3 3 0 8 0 vmmpepl 168 137552 0 135273 165 25 140 147 0 357 13 vmsppl 368 1992 0 1967 4 1 3 4 0 8 0 rwobjpl 40 36978 0 35225 22 0 22 22 0 8 0 pdppl 4096 4002 0 3941 128 59 69 80 0 8 8 pvpl 32 871828 0 847625 241 9 232 232 0 265 14 pmappl 216 1997 0 1969 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 1019 0 673 24 8 16 24 0 8 1 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8343985a) at panic+0x1cf sys/kern/subr_prf.c:198 pmap_remove_pte(fffffd806cc80298,fffffd8006faf780,7f8129cc01d8,2539803b000,2539808e000,0) at pmap_remove_pte pmap_do_remove(fffffd806cc80298,2539803b000,2539808e000,0) at pmap_do_remove+0x53a sys/arch/amd64/amd64/pmap.c:1920 uvm_unmap_kill_entry_withlock(fffffd806d5bde78,fffffd806691d190,0) at uvm_unmap_kill_entry_withlock+0x269 sys/uvm/uvm_map.c:1869 uvm_map_teardown(fffffd806d5bde78) at uvm_map_teardown+0x117 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:-1 [inline] uvm_map_teardown(fffffd806d5bde78) at uvm_map_teardown+0x117 sys/uvm/uvm_map.c:2497 exit1(ffff80003c90a7e8,0,0,1) at exit1+0x6e6 sys/kern/kern_exit.c:259 sys_exit(ffff80003c90a7e8,ffff80003c9cd780,ffff80003c9cd6d0) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80003c9cd780) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9cd780) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7b5513203800, count: -10 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8343985a) at panic+0x1cf sys/kern/subr_prf.c:198 pmap_remove_pte(fffffd806cc80298,fffffd8006faf780,7f8129cc01d8,2539803b000,2539808e000,0) at pmap_remove_pte pmap_do_remove(fffffd806cc80298,2539803b000,2539808e000,0) at pmap_do_remove+0x53a sys/arch/amd64/amd64/pmap.c:1920 uvm_unmap_kill_entry_withlock(fffffd806d5bde78,fffffd806691d190,0) at uvm_unmap_kill_entry_withlock+0x269 sys/uvm/uvm_map.c:1869 uvm_map_teardown(fffffd806d5bde78) at uvm_map_teardown+0x117 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:-1 [inline] uvm_map_teardown(fffffd806d5bde78) at uvm_map_teardown+0x117 sys/uvm/uvm_map.c:2497 exit1(ffff80003c90a7e8,0,0,1) at exit1+0x6e6 sys/kern/kern_exit.c:259 sys_exit(ffff80003c90a7e8,ffff80003c9cd780,ffff80003c9cd6d0) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80003c9cd780) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80003c9cd780) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7b5513203800, count: -10