panic: kernel diagnostic assertion "dupe == NULL" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_page.c", line 144 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *308042 16346 0 0x2 0 0 syz-executor.2 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82576eb8) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825ec548,ffffffff8259c166,90,ffffffff82550028) at __assert+0x25 sys/kern/subr_prf.c:157 uvm_pagealloc_pg(fffffd8005dbae00,fffffd807db0e558,3b1b57000,0) at uvm_pagealloc_pg+0x427 uvm_pageinsert sys/uvm/uvm_page.c:138 [inline] uvm_pagealloc_pg(fffffd8005dbae00,fffffd807db0e558,3b1b57000,0) at uvm_pagealloc_pg+0x427 sys/uvm/uvm_page.c:709 uvm_pagealloc(fffffd807db0e558,3b1b57000,0,3) at uvm_pagealloc+0x1e8 sys/uvm/uvm_page.c:917 pmap_get_ptp(fffffd807db0e548,7636afb3000) at pmap_get_ptp+0x18d sys/arch/amd64/amd64/pmap.c:1183 pmap_enter(fffffd807db0e548,7636afb3000,735fd000,3,22) at pmap_enter+0x2a0 uvm_fault_upper(ffff800027f89560,ffff800027f89598,ffff800027f89460,0) at uvm_fault_upper+0x268 sys/uvm/uvm_fault.c:1056 uvm_fault(fffffd8060e5f998,7636afb3000,0,2) at uvm_fault+0x134 sys/uvm/uvm_fault.c:609 upageflttrap(ffff800027f896d0,7636afb3028) at upageflttrap+0x79 sys/arch/amd64/amd64/trap.c:181 usertrap(ffff800027f896d0) at usertrap+0x198 sys/arch/amd64/amd64/trap.c:403 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7ffffcac10, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "dupe == NULL" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_page.c", line 144 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82576eb8) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825ec548,ffffffff8259c166,90,ffffffff82550028) at __assert+0x25 sys/kern/subr_prf.c:157 uvm_pagealloc_pg(fffffd8005dbae00,fffffd807db0e558,3b1b57000,0) at uvm_pagealloc_pg+0x427 uvm_pageinsert sys/uvm/uvm_page.c:138 [inline] uvm_pagealloc_pg(fffffd8005dbae00,fffffd807db0e558,3b1b57000,0) at uvm_pagealloc_pg+0x427 sys/uvm/uvm_page.c:709 uvm_pagealloc(fffffd807db0e558,3b1b57000,0,3) at uvm_pagealloc+0x1e8 sys/uvm/uvm_page.c:917 pmap_get_ptp(fffffd807db0e548,7636afb3000) at pmap_get_ptp+0x18d sys/arch/amd64/amd64/pmap.c:1183 pmap_enter(fffffd807db0e548,7636afb3000,735fd000,3,22) at pmap_enter+0x2a0 uvm_fault_upper(ffff800027f89560,ffff800027f89598,ffff800027f89460,0) at uvm_fault_upper+0x268 sys/uvm/uvm_fault.c:1056 uvm_fault(fffffd8060e5f998,7636afb3000,0,2) at uvm_fault+0x134 sys/uvm/uvm_fault.c:609 upageflttrap(ffff800027f896d0,7636afb3028) at upageflttrap+0x79 sys/arch/amd64/amd64/trap.c:181 usertrap(ffff800027f896d0) at usertrap+0x198 sys/arch/amd64/amd64/trap.c:403 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7ffffcac10, count: -12 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800027f89090 rbx 0 rdx 0 rcx 0 rax 0xffff800024bce010 r8 0x101010101010101 r9 0x8080808080808080 r10 0xd732d8f26f1b559a r11 0xc20666d636604f07 r12 0 r13 0x3b1b57000 r14 0 r15 0x1 rip 0xffffffff81755b88 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800027f89080 ss 0 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.2) pid=308042 stat=onproc flags process=2 proc=0 pri=32, usrpri=82, nice=20 forw=0xffffffffffffffff, list=0xffff8000217042b0,0xffff800024bced40 process=0xffff800024bf5b88 user=0xffff800027f84000, vmspace=0xfffffd8060e5f998 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 82167 377623 34456 0 3 0x80 nanoslp syz-executor.3 82167 12594 34456 0 3 0x4000080 fsleep syz-executor.3 55214 472452 90070 60928 3 0x90 nanoslp syz-executor.4 55214 176311 90070 60928 3 0x4000090 fsleep syz-executor.4 92585 435239 91877 0 3 0x80 nanoslp syz-executor.5 92585 449752 91877 0 3 0x4000080 ttyretype syz-executor.5 92585 364066 91877 0 3 0x4000080 fsleep syz-executor.5 *16346 308042 6557 0 7 0x2 syz-executor.2 435 444291 6557 0 2 0x482 syz-executor.7 90070 48360 6557 0 3 0x82 nanoslp syz-executor.4 91877 53764 6557 0 3 0x82 nanoslp syz-executor.5 95470 497244 0 0 3 0x14200 acct acct 98861 344855 6557 0 3 0x82 nanoslp syz-executor.0 34456 340827 6557 0 2 0x482 syz-executor.3 31273 123849 6557 0 2 0x2 syz-executor.1 58944 369772 6557 0 3 0x2 biowait syz-executor.6 35696 206783 1 0 3 0x100083 ttyin getty 14235 478864 0 0 3 0x14200 bored sosplice 6557 321992 84270 0 3 0x82 thrsleep syz-fuzzer 6557 514104 84270 0 2 0x4000082 syz-fuzzer 6557 502652 84270 0 3 0x4000082 thrsleep syz-fuzzer 6557 214877 84270 0 3 0x4000082 thrsleep syz-fuzzer 6557 470717 84270 0 3 0x4000082 thrsleep syz-fuzzer 6557 20055 84270 0 2 0x4000002 syz-fuzzer 6557 1957 84270 0 3 0x4000082 wait syz-fuzzer 6557 386659 84270 0 3 0x4000082 wait syz-fuzzer 6557 366171 84270 0 3 0x4000082 thrsleep syz-fuzzer 6557 55604 84270 0 3 0x4000082 wait syz-fuzzer 6557 385046 84270 0 3 0x4000082 wait syz-fuzzer 6557 337753 84270 0 3 0x4000082 wait syz-fuzzer 6557 234445 84270 0 3 0x4000082 wait syz-fuzzer 6557 184334 84270 0 3 0x4000082 wait syz-fuzzer 6557 399317 84270 0 3 0x4000082 wait syz-fuzzer 84270 364315 29480 0 3 0x10008a sigsusp ksh 29480 134890 37642 0 3 0x9a kqread sshd 37642 254402 1 0 3 0x88 kqread sshd 11165 230188 69229 73 3 0x1100090 kqread syslogd 69229 193885 1 0 3 0x100082 netio syslogd 5674 47892 1 0 3 0x100080 kqread resolvd 11042 141831 0 0 3 0x14200 bored smr 47347 43717 0 0 2 0x14200 zerothread 36248 51142 0 0 3 0x14200 aiodoned aiodoned 25810 470579 0 0 3 0x14200 syncer update 3126 456811 0 0 3 0x14200 cleaner cleaner 7376 289111 0 0 3 0x14200 reaper reaper 92632 65520 0 0 3 0x14200 pgdaemon pagedaemon 15946 450263 0 0 3 0x14200 bored viomb 53910 103804 0 0 3 0x40014200 acpi0 acpi0 25645 391896 0 0 3 0x14200 bored softnet 88583 357486 0 0 3 0x14200 bored softnet 35751 106990 0 0 3 0x14200 bored softnet 54089 283595 0 0 3 0x14200 bored softnet 61602 332332 0 0 3 0x14200 bored systqmp 96968 149217 0 0 3 0x14200 bored systq 46083 36377 0 0 3 0x40014200 bored softclock 56458 188917 0 0 3 0x40014200 idle0 1 59996 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10218 7023K 7634K 78643K 55117 0 pcb 15 20K 26K 78643K 5993 0 rtable 284 30K 31K 78643K 6982 0 ifaddr 138 36K 37K 78643K 2872 0 sysctl 3 1K 5K 78643K 11 0 counters 27 17K 17K 78643K 498 0 ioctlops 0 0K 4K 78643K 19375 0 iov 0 0K 16K 78643K 2225 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1547 97K 97K 78643K 15348 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 178 0 VM map 2 0K 0K 78643K 2 0 sem 13 5K 10K 78643K 111 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 13 45K 69K 78643K 23184 0 sigio 0 0K 0K 78643K 303 0 proc 55 43K 83K 78643K 4299 0 subproc 104 6K 7K 78643K 1521 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 1172 0 in_multi 85 5K 7K 78643K 1743 0 ether_multi 1 0K 0K 78643K 68 0 mrt 1 0K 0K 78643K 79 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 301 1341K 1341K 78643K 301 0 exec 0 0K 2K 78643K 6457 0 pfkey data 0 0K 0K 78643K 55 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 62K 78643K 8 0 UVM amap 621 1949K 5364K 78643K 126813 0 UVM aobj 133 4K 4K 78643K 137 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 1K 78643K 907 0 NDP 17 0K 2K 78643K 563 0 temp 141 4718K 5742K 78643K 256165 0 kqueue 6 10K 28K 78643K 1647 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 1879 0 1878 22 21 1 4 0 8 0 rtentry 112 1670 0 1578 5 2 3 4 0 8 0 unpcb 144 10984 0 10974 149 143 6 10 0 8 5 syncache 296 82 0 82 21 21 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 425 20 425 8 8 0 1 0 8 0 tcpcb 768 16051 0 16021 441 432 9 32 0 8 6 arp 88 251 0 234 1 0 1 1 0 8 0 ipq 40 24 0 23 9 8 1 1 0 8 0 ipqe 40 78 0 77 9 8 1 1 0 8 0 inpcb 320 29537 0 29529 371 364 7 18 0 8 5 nd6 48 418 0 398 1 0 1 1 0 8 0 pkpcb 40 72 0 72 17 17 0 1 0 8 0 kcovpl 48 117 0 109 1 0 1 1 0 8 0 ppxss 1160 315 0 315 24 24 0 1 0 8 0 pfstscr 40 499 0 497 2 1 1 1 0 8 0 pffrag 232 8 0 8 1 1 0 1 0 482 0 pffrnode 88 8 0 8 1 1 0 1 0 8 0 pffrent 40 23 0 23 1 1 0 1 0 8 0 pfosfp 40 6 0 5 1 0 1 1 0 8 0 pfosfpen 112 6 0 5 1 0 1 1 0 8 0 pfrktable 1344 874 0 848 7 4 3 3 0 8 0 pfanchor 1280 138 0 67 6 0 6 6 0 8 0 pftag 88 160 0 152 1 0 1 1 0 8 0 pfqueue 264 9 0 9 3 3 0 1 0 8 0 pfstitem 24 114 0 110 1 0 1 1 0 8 0 pfstkey 120 973 0 969 2 1 1 1 0 8 0 pfstate 336 499 0 497 2 1 1 1 0 8 0 pfrule 1360 978 0 852 12 1 11 11 0 8 0 rttmr 136 18 0 18 6 6 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 7086 0 6710 78 51 27 30 0 8 0 art_table 32 7087 0 6710 4 0 4 4 0 8 0 art_node 16 1598 0 1517 1 0 1 1 0 8 0 sysvmsgpl 40 29 0 23 2 1 1 1 0 8 0 semupl 112 4 0 4 2 2 0 1 0 8 0 semapl 112 98 0 87 1 0 1 1 0 8 0 shmpl 112 134 0 6 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 31102 0 29596 95 0 95 95 0 8 0 ffsino 240 31102 0 29596 89 0 89 89 0 8 0 nchpl 144 60213 0 58575 63 1 62 63 0 8 0 rtmask 32 14 0 14 6 6 0 1 0 8 0 uvmvnodes 80 6740 0 0 138 0 138 138 0 8 0 vnodes 216 6740 0 0 375 0 375 375 0 8 0 namei 1024 237075 0 237075 16 15 1 2 0 8 1 vcpupl 2048 489 0 3 61 0 61 61 0 8 0 vmpool 536 644 0 158 37 4 33 33 0 8 0 pfiaddrpl 120 418 0 327 5 2 3 3 0 8 0 kstatmem 264 580 0 550 5 2 3 3 0 8 0 scsiplug 72 10 0 10 2 2 0 1 0 8 0 scxspl 216 214598 0 214597 43 42 1 8 0 8 0 plimitpl 152 2815 0 2801 1 0 1 1 0 8 0 sigapl 424 23307 0 23265 10 4 6 8 0 8 0 futexpl 64 229070 0 229067 7 6 1 1 0 8 0 knotepl 120 303563 0 303499 110 106 4 10 0 8 0 kqueuepl 184 4181 0 4176 62 61 1 4 0 8 0 pipepl 288 4384 0 4356 93 90 3 7 0 8 0 fdescpl 432 23228 0 23207 4 0 4 4 0 8 0 filepl 120 168296 0 168067 214 203 11 18 0 8 3 lockfpl 104 8913 0 8912 18 16 2 3 0 8 1 lockfspl 48 3004 0 3003 2 1 1 2 0 8 0 sessionpl 144 137 0 122 1 0 1 1 0 8 0 pgrppl 48 247 0 232 1 0 1 1 0 8 0 ucredpl 104 22966 0 22951 1 0 1 1 0 8 0 zombiepl 144 23268 0 23265 1 0 1 1 0 8 0 processpl 1000 23307 0 23265 12 6 6 9 0 8 0 procpl 672 59395 0 59335 42 35 7 10 0 8 0 sosppl 168 185 0 185 26 25 1 1 0 8 1 sockpl 456 42636 0 42617 839 829 10 33 0 8 7 mcl64k 65536 685 0 685 55 54 1 2 0 8 1 mcl16k 16384 236 0 236 56 55 1 1 0 8 1 mcl12k 12288 688 0 688 48 47 1 1 0 8 1 mcl9k 9216 363 0 363 51 50 1 1 0 8 1 mcl8k 8192 1624 0 1624 38 37 1 1 0 8 1 mcl4k 4096 2418 0 2418 26 25 1 3 0 8 1 mcl2k2 2112 179 0 179 48 47 1 1 0 8 1 mcl2k 2048 117308 0 117252 69 60 9 25 0 8 1 mtagpl 96 6694 0 6694 41 41 0 25 0 8 0 mbufpl 256 328152 0 328038 135 124 11 76 0 8 0 bufpl 288 41228 0 34488 482 0 482 482 0 8 0 anonpl 24 4265415 0 4245924 517 373 144 208 0 188 4 amapchunkpl 152 546968 0 546103 2416 2376 40 2228 0 158 0 amappl16 200 57522 0 56833 217 168 49 49 0 8 10 amappl15 192 5410 0 5403 1 0 1 1 0 8 0 amappl14 184 2752 0 2743 1 0 1 1 0 8 0 amappl13 176 4866 0 4862 1 0 1 1 0 8 0 amappl12 168 2060 0 2055 1 0 1 1 0 8 0 amappl11 160 3423 0 3414 1 0 1 1 0 8 0 amappl10 152 3554 0 3551 3 2 1 1 0 8 0 amappl9 144 1712 0 1710 1 0 1 1 0 8 0 amappl8 136 4822 0 4704 5 0 5 5 0 8 0 amappl7 128 2865 0 2839 1 0 1 1 0 8 0 amappl6 120 2171 0 2148 2 1 1 2 0 8 0 amappl5 112 18777 0 18765 1 0 1 1 0 8 0 amappl4 104 11414 0 11381 7 5 2 2 0 8 0 amappl3 96 68275 0 68239 2 0 2 2 0 8 0 amappl2 88 7273 0 7240 2 0 2 2 0 8 0 amappl1 80 565494 0 564973 23 9 14 19 0 8 0 amappl 88 123924 0 123663 8 1 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 136 0 4 3 0 3 3 0 8 0 uaddrrnd 24 23872 0 23365 4 0 4 4 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 23872 0 23365 4 0 4 4 0 8 0 vmmpekpl 168 152446 0 152334 6 0 6 6 0 8 0 vmmpepl 168 2272878 0 2269681 455 289 166 183 0 357 2 vmsppl 272 23871 0 23365 38 3 35 35 0 8 0 rwobjpl 24 532333 0 523749 65 11 54 54 0 8 1 pdppl 4096 47750 0 47216 1714 1171 543 545 0 8 9 pvpl 32 8572647 0 8553675 686 494 192 317 0 265 5 pmappl 216 23871 0 23365 34 5 29 29 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 3066 0 1689 40 0 40 40 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82576eb8) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825ec548,ffffffff8259c166,90,ffffffff82550028) at __assert+0x25 sys/kern/subr_prf.c:157 uvm_pagealloc_pg(fffffd8005dbae00,fffffd807db0e558,3b1b57000,0) at uvm_pagealloc_pg+0x427 uvm_pageinsert sys/uvm/uvm_page.c:138 [inline] uvm_pagealloc_pg(fffffd8005dbae00,fffffd807db0e558,3b1b57000,0) at uvm_pagealloc_pg+0x427 sys/uvm/uvm_page.c:709 uvm_pagealloc(fffffd807db0e558,3b1b57000,0,3) at uvm_pagealloc+0x1e8 sys/uvm/uvm_page.c:917 pmap_get_ptp(fffffd807db0e548,7636afb3000) at pmap_get_ptp+0x18d sys/arch/amd64/amd64/pmap.c:1183 pmap_enter(fffffd807db0e548,7636afb3000,735fd000,3,22) at pmap_enter+0x2a0 uvm_fault_upper(ffff800027f89560,ffff800027f89598,ffff800027f89460,0) at uvm_fault_upper+0x268 sys/uvm/uvm_fault.c:1056 uvm_fault(fffffd8060e5f998,7636afb3000,0,2) at uvm_fault+0x134 sys/uvm/uvm_fault.c:609 upageflttrap(ffff800027f896d0,7636afb3028) at upageflttrap+0x79 sys/arch/amd64/amd64/trap.c:181 usertrap(ffff800027f896d0) at usertrap+0x198 sys/arch/amd64/amd64/trap.c:403 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7ffffcac10, count: -12 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82576eb8) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825ec548,ffffffff8259c166,90,ffffffff82550028) at __assert+0x25 sys/kern/subr_prf.c:157 uvm_pagealloc_pg(fffffd8005dbae00,fffffd807db0e558,3b1b57000,0) at uvm_pagealloc_pg+0x427 uvm_pageinsert sys/uvm/uvm_page.c:138 [inline] uvm_pagealloc_pg(fffffd8005dbae00,fffffd807db0e558,3b1b57000,0) at uvm_pagealloc_pg+0x427 sys/uvm/uvm_page.c:709 uvm_pagealloc(fffffd807db0e558,3b1b57000,0,3) at uvm_pagealloc+0x1e8 sys/uvm/uvm_page.c:917 pmap_get_ptp(fffffd807db0e548,7636afb3000) at pmap_get_ptp+0x18d sys/arch/amd64/amd64/pmap.c:1183 pmap_enter(fffffd807db0e548,7636afb3000,735fd000,3,22) at pmap_enter+0x2a0 uvm_fault_upper(ffff800027f89560,ffff800027f89598,ffff800027f89460,0) at uvm_fault_upper+0x268 sys/uvm/uvm_fault.c:1056 uvm_fault(fffffd8060e5f998,7636afb3000,0,2) at uvm_fault+0x134 sys/uvm/uvm_fault.c:609 upageflttrap(ffff800027f896d0,7636afb3028) at upageflttrap+0x79 sys/arch/amd64/amd64/trap.c:181 usertrap(ffff800027f896d0) at usertrap+0x198 sys/arch/amd64/amd64/trap.c:403 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7ffffcac10, count: -12