login: panic: kernel diagnostic assertion "dupe == NULL" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_page.c", line 144 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *413823 56591 0 0x8000002 0 0 syz-executor.7 db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82931932) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e4822,ffffffff828359f4,90,ffffffff828ea25e) at __assert+0x29 sys/kern/subr_prf.c:157 uvm_pagealloc_pg(fffffd8006442e80,fffffd806c5c8cc0,421a40000,0) at uvm_pagealloc_pg+0x3e9 sys/uvm/uvm_page.c:695 uvm_pagealloc(fffffd806c5c8cc0,421a40000,0,3) at uvm_pagealloc+0x1ed sys/uvm/uvm_page.c:917 pmap_get_ptp(fffffd806c5c8cb0,84348169000) at pmap_get_ptp+0x18d sys/arch/amd64/amd64/pmap.c:1215 pmap_enter(fffffd806c5c8cb0,84348169000,66076000,3,20) at pmap_enter+0x2b0 uvm_fault_upper_lookup(ffff80002d9cfb90,ffff80002d9cfbc8,ffff80002d9cfa90,ffff80002d9cfb10) at uvm_fault_upper_lookup+0x291 uvm_fault(fffffd806961b6c8,8434816a000,0,1) at uvm_fault+0x109 sys/uvm/uvm_fault.c:605 upageflttrap(ffff80002d9cfd10,8434816aaf4) at upageflttrap+0x85 sys/arch/amd64/amd64/trap.c:188 usertrap(ffff80002d9cfd10) at usertrap+0x20e sys/arch/amd64/amd64/trap.c:436 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x751869300ab0, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "dupe == NULL" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_page.c", line 144 ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82931932) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e4822,ffffffff828359f4,90,ffffffff828ea25e) at __assert+0x29 sys/kern/subr_prf.c:157 uvm_pagealloc_pg(fffffd8006442e80,fffffd806c5c8cc0,421a40000,0) at uvm_pagealloc_pg+0x3e9 sys/uvm/uvm_page.c:695 uvm_pagealloc(fffffd806c5c8cc0,421a40000,0,3) at uvm_pagealloc+0x1ed sys/uvm/uvm_page.c:917 pmap_get_ptp(fffffd806c5c8cb0,84348169000) at pmap_get_ptp+0x18d sys/arch/amd64/amd64/pmap.c:1215 pmap_enter(fffffd806c5c8cb0,84348169000,66076000,3,20) at pmap_enter+0x2b0 uvm_fault_upper_lookup(ffff80002d9cfb90,ffff80002d9cfbc8,ffff80002d9cfa90,ffff80002d9cfb10) at uvm_fault_upper_lookup+0x291 uvm_fault(fffffd806961b6c8,8434816a000,0,1) at uvm_fault+0x109 sys/uvm/uvm_fault.c:605 upageflttrap(ffff80002d9cfd10,8434816aaf4) at upageflttrap+0x85 sys/arch/amd64/amd64/trap.c:188 usertrap(ffff80002d9cfd10) at usertrap+0x20e sys/arch/amd64/amd64/trap.c:436 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x751869300ab0, count: -12 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002d9cf6a0 rbx 0x421a40000 rdx 0 rcx 0 rax 0xffff80002a6839d8 r8 0x101010101010101 r9 0x8080808080808080 r10 0x3af462892c70ba3b r11 0x81948a4762ca3236 r12 0 r13 0x421a40000 r14 0 r15 0x1 rip 0xffffffff82808dcc db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff80002d9cf690 ss 0 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-executor.7) tid=413823 pid=56591 tcnt=1 stat=onproc flags process=8000002 proc=0 runpri=32, usrpri=78, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a677210,0xffff80002a682568 process=0xffff80002d93d940 user=0xffff80002d9ca000, vmspace=0xfffffd806961b6c8 estcpu=36, cpticks=3, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 11887 276896 42966 0 2 0x8000000 syz-executor.6 11887 33280 42966 0 2 0xc000000 syz-executor.6 45333 161608 48481 0 2 0x8000480 syz-executor.2 45333 411846 48481 0 3 0xc000080 lockf syz-executor.2 45333 330792 48481 0 3 0xc000080 lockf syz-executor.2 45333 45594 48481 0 3 0xc000080 fsleep syz-executor.2 *56591 413823 50733 0 7 0x8000002 syz-executor.7 35466 196948 16716 0 3 0x8000080 nanoslp syz-executor.3 35466 95492 16716 0 3 0xc000080 netcon syz-executor.3 35466 240703 16716 0 3 0xc000080 fsleep syz-executor.3 91288 407109 31805 0 3 0x8000080 nanoslp syz-executor.4 91288 484638 31805 0 3 0xc000080 netio syz-executor.4 91288 41226 31805 0 3 0xc000080 fsleep syz-executor.4 48506 52563 1 0 3 0x18100083 ttyin getty 31805 368968 50733 0 3 0x8000082 nanoslp syz-executor.4 16716 200108 50733 0 3 0x8000082 nanoslp syz-executor.3 10389 13497 0 0 3 0x14200 acct acct 40280 262546 50733 0 3 0x8000082 piperd syz-executor.1 4353 98555 0 0 3 0x14280 nfsidl nfsio 83268 126087 0 0 3 0x14280 nfsidl nfsio 57255 200249 0 0 3 0x14280 nfsidl nfsio 96238 243768 0 0 3 0x14280 nfsidl nfsio 63930 375248 0 0 3 0x14280 nfsidl nfsio 11567 71716 0 0 3 0x14280 nfsidl nfsio 46294 185020 0 0 3 0x14280 nfsidl nfsio 17456 411652 0 0 3 0x14280 nfsidl nfsio 72254 311315 0 0 3 0x14280 nfsidl nfsio 20014 330113 0 0 3 0x14280 nfsidl nfsio 65531 236320 0 0 3 0x14280 nfsidl nfsio 10734 442256 0 0 3 0x14280 nfsidl nfsio 1911 307190 0 0 3 0x14280 nfsidl nfsio 41943 347286 0 0 3 0x14280 nfsidl nfsio 68503 27938 0 0 3 0x14280 nfsidl nfsio 85829 327667 0 0 3 0x14280 nfsidl nfsio 24868 465920 0 0 3 0x14280 nfsidl nfsio 95968 114262 0 0 3 0x14280 nfsidl nfsio 74083 512771 0 0 3 0x14280 nfsidl nfsio 54528 291698 0 0 3 0x14280 nfsidl nfsio 76246 441697 50733 0 2 0x8000002 syz-executor.5 48481 479090 50733 0 3 0x8000082 nanoslp syz-executor.2 83914 466462 50733 0 3 0x8000082 nanoslp syz-executor.0 39746 474439 0 0 3 0x14200 bored sosplice 42966 436619 50733 0 2 0x8000482 syz-executor.6 50733 522573 67708 0 3 0x1a000082 wait syz-fuzzer 50733 253245 67708 0 2 0x1e000482 syz-fuzzer 50733 433198 67708 0 3 0x1e000082 wait syz-fuzzer 50733 317138 67708 0 3 0x1e000082 thrsleep syz-fuzzer 50733 309122 67708 0 3 0x1e000082 wait syz-fuzzer 50733 46817 67708 0 3 0x1e000082 thrsleep syz-fuzzer 50733 502788 67708 0 3 0x1e000082 wait syz-fuzzer 50733 34218 67708 0 3 0x1e000082 wait syz-fuzzer 50733 24371 67708 0 2 0x1e000002 syz-fuzzer 50733 175970 67708 0 3 0x1e000082 wait syz-fuzzer 50733 444628 67708 0 3 0x1e000082 thrsleep syz-fuzzer 50733 260687 67708 0 3 0x1e000082 thrsleep syz-fuzzer 50733 277118 67708 0 3 0x1e000082 wait syz-fuzzer 50733 234151 67708 0 3 0x1e000082 wait syz-fuzzer 67708 335869 42501 0 3 0x810008a sigsusp ksh 42501 344194 21606 0 3 0x1800009a kqread sshd 21606 344618 1 0 3 0x18000088 kqread sshd 6295 143427 64974 73 3 0x19100090 kqread syslogd 64974 406201 1 0 3 0x18100082 sbwait syslogd 3844 140935 1 0 3 0x18100080 kqread resolvd 8829 123806 32900 77 3 0x18100092 kqread dhcpleased 76980 243857 32900 77 3 0x18100092 kqread dhcpleased 32900 327712 1 0 3 0x18000080 kqread dhcpleased 75236 13389 0 0 3 0x14200 bored smr 70135 399031 0 0 2 0x14200 zerothread 12374 220919 0 0 3 0x14200 aiodoned aiodoned 75441 475774 0 0 3 0x14200 syncer update 48549 306307 0 0 3 0x14200 cleaner cleaner 2471 42177 0 0 3 0x14200 reaper reaper 26368 162168 0 0 3 0x14200 pgdaemon pagedaemon 43563 458570 0 0 3 0x14200 bored viomb 36146 29143 0 0 3 0x40014200 acpi0 acpi0 50694 39101 0 0 3 0x14200 bored softnet3 53567 405806 0 0 3 0x14200 bored softnet2 88803 75506 0 0 3 0x14200 bored softnet1 68716 403109 0 0 2 0x14200 softnet0 21447 148291 0 0 3 0x14200 bored systqmp 18286 491061 0 0 3 0x14200 bored systq 90055 11131 0 0 3 0x40014200 tmoslp softclock 43997 68439 0 0 3 0x40014200 idle0 1 196336 0 0 3 0x8000082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10176 6472K 7049K 166960K 12862 0 pcb 15 10K 10K 166960K 126 0 rtable 222 8K 9K 166960K 747 0 pf 27 8K 9K 166960K 80 0 ifaddr 40 11K 11K 166960K 104 0 ifgroup 46 2K 2K 166960K 141 0 sysctl 3 0K 0K 166960K 3 0 counters 29 17K 17K 166960K 53 0 ioctlops 0 0K 2K 166960K 89 0 iov 1 2K 16K 166960K 80 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1366 86K 87K 166960K 2132 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 33 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 76 0 dirhash 12 2K 2K 166960K 33 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 15 53K 69K 166960K 1163 0 sigio 0 0K 0K 166960K 13 0 proc 58 59K 75K 166960K 836 0 subproc 104 6K 6K 166960K 234 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 140 0 in_multi 84 6K 7K 166960K 244 0 ether_multi 1 0K 0K 166960K 4 0 mrt 0 0K 0K 166960K 3 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 73 334K 334K 166960K 73 0 exec 0 0K 1K 166960K 593 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 305 95K 120K 166960K 11849 0 UVM aobj 54 2K 2K 166960K 56 0 pinsyscall 35 70K 100K 166960K 2558 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 81 0 NDP 12 0K 2K 166960K 70 0 temp 74 6804K 6878K 166960K 22614 0 kqueue 12 18K 26K 166960K 122 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 140 0 137 1 0 1 1 0 8 0 rtentry 112 238 0 137 4 0 4 4 0 8 1 unpcb 144 702 0 687 2 0 2 2 0 8 0 syncache 336 28 0 28 1 0 1 1 0 8 1 tcpqe 32 162 0 162 1 0 1 1 0 8 1 tcpcb 808 398 0 370 4 0 4 4 0 8 0 arp 88 44 0 24 1 0 1 1 0 8 0 ipq 40 3 0 2 1 0 1 1 0 8 0 ipqe 40 89 0 88 1 0 1 1 0 8 0 inpcb 360 1294 0 1259 10 0 10 10 0 8 6 nd6 104 57 0 37 1 0 1 1 0 8 0 pkpcb 40 12 0 12 1 0 1 1 0 8 1 kcovpl 48 18 0 10 1 0 1 1 0 8 0 ppxss 1072 3 0 3 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 926 0 520 29 0 29 29 0 8 3 art_table 32 927 0 520 4 0 4 4 0 8 0 art_node 16 235 0 146 1 0 1 1 0 8 0 sysvmsgpl 40 33 0 24 1 0 1 1 0 8 0 semupl 112 3 0 3 1 0 1 1 0 8 1 semapl 112 72 0 62 1 0 1 1 0 8 0 shmpl 112 53 0 2 2 0 2 2 0 8 0 dirhash 1024 31 0 14 3 0 3 3 0 8 0 dino2pl 256 3075 0 1560 96 0 96 96 0 8 0 ffsino 240 3075 0 1560 90 0 90 90 0 8 0 nchpl 144 4761 0 3024 66 0 66 66 0 8 0 uvmvnodes 80 3748 0 0 77 0 77 77 0 8 0 vnodes 216 3748 0 0 209 0 209 209 0 8 0 namei 1024 15770 0 15770 2 0 2 2 0 8 2 vcpupl 2048 5 0 1 1 0 1 1 0 8 0 vmpool 664 14 0 10 1 0 1 1 0 8 0 kstatmem 264 68 0 48 2 0 2 2 0 8 0 scxspl 216 19494 0 19494 8 0 8 8 1 8 8 plimitpl 152 130 0 114 1 0 1 1 0 8 0 sigapl 424 1464 0 1400 8 0 8 8 0 8 0 futexpl 64 16480 0 16477 1 0 1 1 0 8 0 knotepl 120 11961 0 11879 11 0 11 11 0 8 7 kqueuepl 184 268 0 259 4 0 4 4 0 8 3 pipepl 288 250 0 222 3 0 3 3 0 8 0 fdescpl 432 1426 0 1400 4 0 4 4 0 8 0 filepl 120 7534 0 7280 13 0 13 13 0 8 4 lockfpl 104 255 0 250 1 0 1 1 0 8 0 lockfspl 48 116 0 113 1 0 1 1 0 8 0 sessionpl 144 35 0 19 1 0 1 1 0 8 0 pgrppl 48 43 0 27 1 0 1 1 0 8 0 ucredpl 104 930 0 920 1 0 1 1 0 8 0 zombiepl 144 1401 0 1400 1 0 1 1 0 8 0 processpl 1072 1464 0 1400 5 0 5 5 0 8 0 procpl 656 2585 0 2500 9 0 9 9 0 8 1 sosppl 168 20 0 19 1 0 1 1 0 8 0 sockpl 488 2159 0 2109 16 1 15 16 0 8 6 mcl64k 65536 35 0 35 1 0 1 1 0 8 1 mcl16k 16384 31 0 31 1 0 1 1 0 8 1 mcl12k 12288 36 0 36 1 0 1 1 0 8 1 mcl9k 9216 12 0 12 1 0 1 1 0 8 1 mcl8k 8192 93 0 92 1 0 1 1 0 8 0 mcl4k 4096 192 0 192 1 0 1 1 0 8 1 mcl2k2 2112 12 0 12 1 0 1 1 0 8 1 mcl2k 2048 23316 0 23268 29 14 15 28 0 8 8 mtagpl 96 85 0 46 1 0 1 1 0 8 0 mbufpl 256 55602 0 55384 63 41 22 59 0 8 6 bufpl 280 6752 0 423 453 0 453 453 0 8 0 anonpl 24 281661 0 275730 61 0 61 61 0 188 22 amapchunkpl 152 38491 0 37835 39 0 39 39 0 158 10 amappl16 200 6674 0 6555 19 5 14 19 0 8 6 amappl15 192 35 0 34 1 0 1 1 0 8 0 amappl14 184 190 0 177 2 0 2 2 0 8 1 amappl13 176 15 0 15 1 0 1 1 0 8 1 amappl12 168 2202 0 2175 2 0 2 2 0 8 0 amappl11 160 52 0 42 1 0 1 1 0 8 0 amappl10 152 49 0 39 1 0 1 1 0 8 0 amappl9 144 158 0 156 1 0 1 1 0 8 0 amappl8 136 205 0 149 2 0 2 2 0 8 0 amappl7 128 95 0 80 1 0 1 1 0 8 0 amappl6 120 447 0 432 2 0 2 2 0 8 1 amappl5 112 235 0 223 1 0 1 1 0 8 0 amappl4 104 594 0 562 2 0 2 2 0 8 1 amappl3 96 8093 0 8012 3 0 3 3 0 8 0 amappl2 88 1945 0 1874 4 0 4 4 0 8 2 amappl1 80 13887 0 13389 22 2 20 22 0 8 8 amappl 88 11173 0 10978 6 0 6 6 0 92 1 dma4096 4096 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 0 1 1 0 8 1 dma128 128 253 0 253 1 0 1 1 0 8 1 dma64 64 6 0 6 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 55 0 2 1 0 1 1 0 8 0 uaddrrnd 24 1440 0 1410 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1440 0 1410 1 0 1 1 0 8 0 vmmpekpl 168 14496 0 14430 4 0 4 4 0 8 0 vmmpepl 168 107299 0 105466 111 0 111 111 0 357 23 vmsppl 344 1439 0 1410 3 0 3 3 0 8 0 rwobjpl 24 35940 0 31041 30 0 30 30 0 8 0 pdppl 4096 2886 0 2824 154 85 69 69 0 8 7 pvpl 32 709561 0 697646 360 14 346 360 0 265 241 pmappl 216 1439 0 1410 2 0 2 2 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 483 0 140 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82931932) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e4822,ffffffff828359f4,90,ffffffff828ea25e) at __assert+0x29 sys/kern/subr_prf.c:157 uvm_pagealloc_pg(fffffd8006442e80,fffffd806c5c8cc0,421a40000,0) at uvm_pagealloc_pg+0x3e9 sys/uvm/uvm_page.c:695 uvm_pagealloc(fffffd806c5c8cc0,421a40000,0,3) at uvm_pagealloc+0x1ed sys/uvm/uvm_page.c:917 pmap_get_ptp(fffffd806c5c8cb0,84348169000) at pmap_get_ptp+0x18d sys/arch/amd64/amd64/pmap.c:1215 pmap_enter(fffffd806c5c8cb0,84348169000,66076000,3,20) at pmap_enter+0x2b0 uvm_fault_upper_lookup(ffff80002d9cfb90,ffff80002d9cfbc8,ffff80002d9cfa90,ffff80002d9cfb10) at uvm_fault_upper_lookup+0x291 uvm_fault(fffffd806961b6c8,8434816a000,0,1) at uvm_fault+0x109 sys/uvm/uvm_fault.c:605 upageflttrap(ffff80002d9cfd10,8434816aaf4) at upageflttrap+0x85 sys/arch/amd64/amd64/trap.c:188 usertrap(ffff80002d9cfd10) at usertrap+0x20e sys/arch/amd64/amd64/trap.c:436 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x751869300ab0, count: -12 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82931932) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e4822,ffffffff828359f4,90,ffffffff828ea25e) at __assert+0x29 sys/kern/subr_prf.c:157 uvm_pagealloc_pg(fffffd8006442e80,fffffd806c5c8cc0,421a40000,0) at uvm_pagealloc_pg+0x3e9 sys/uvm/uvm_page.c:695 uvm_pagealloc(fffffd806c5c8cc0,421a40000,0,3) at uvm_pagealloc+0x1ed sys/uvm/uvm_page.c:917 pmap_get_ptp(fffffd806c5c8cb0,84348169000) at pmap_get_ptp+0x18d sys/arch/amd64/amd64/pmap.c:1215 pmap_enter(fffffd806c5c8cb0,84348169000,66076000,3,20) at pmap_enter+0x2b0 uvm_fault_upper_lookup(ffff80002d9cfb90,ffff80002d9cfbc8,ffff80002d9cfa90,ffff80002d9cfb10) at uvm_fault_upper_lookup+0x291 uvm_fault(fffffd806961b6c8,8434816a000,0,1) at uvm_fault+0x109 sys/uvm/uvm_fault.c:605 upageflttrap(ffff80002d9cfd10,8434816aaf4) at upageflttrap+0x85 sys/arch/amd64/amd64/trap.c:188 usertrap(ffff80002d9cfd10) at usertrap+0x20e sys/arch/amd64/amd64/trap.c:436 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x751869300ab0, count: -12