panic: kernel diagnostic assertion "dupe == NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_page.c", line 144 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *364068 66549 0 0 0 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8344abcd) at panic+0x1e5 sys/kern/subr_prf.c:198 __assert(ffffffff8348a95d,ffffffff8347842d,90,ffffffff834205f1) at __assert+0x29 sys/kern/subr_prf.c:-1 uvm_pagealloc_pg(fffffd800882f6a8,fffffd806ea05e38,382ee69000,0) at uvm_pagealloc_pg+0x54b sys/uvm/uvm_page.c:707 uvm_pagealloc(fffffd806ea05e38,382ee69000,0,3) at uvm_pagealloc+0x252 sys/uvm/uvm_page.c:913 pmap_get_ptp(fffffd806ea05e00,705dcd33f000) at pmap_get_ptp+0x1d0 sys/arch/amd64/amd64/pmap.c:-1 pmap_enter(fffffd806ea05e00,705dcd33f000,604ae000,3,21) at pmap_enter+0x38a sys/arch/amd64/amd64/pmap.c:-1 uvm_fault_upper(ffff80002a334760,ffff80002a334798,ffff80002a334660) at uvm_fault_upper+0x338 sys/uvm/uvm_fault.c:1131 uvm_fault(fffffd8068888b98,705dcd33f000,0,1) at uvm_fault+0x198 sys/uvm/uvm_fault.c:635 upageflttrap(ffff80002a334900,705dcd33f010) at upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192 usertrap(ffff80002a334900) at usertrap+0x430 sys/arch/amd64/amd64/trap.c:640 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x705dcd33f030, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: kernel diagnostic assertion "dupe == NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_page.c", line 144 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8344abcd) at panic+0x1e5 sys/kern/subr_prf.c:198 __assert(ffffffff8348a95d,ffffffff8347842d,90,ffffffff834205f1) at __assert+0x29 sys/kern/subr_prf.c:-1 uvm_pagealloc_pg(fffffd800882f6a8,fffffd806ea05e38,382ee69000,0) at uvm_pagealloc_pg+0x54b sys/uvm/uvm_page.c:707 uvm_pagealloc(fffffd806ea05e38,382ee69000,0,3) at uvm_pagealloc+0x252 sys/uvm/uvm_page.c:913 pmap_get_ptp(fffffd806ea05e00,705dcd33f000) at pmap_get_ptp+0x1d0 sys/arch/amd64/amd64/pmap.c:-1 pmap_enter(fffffd806ea05e00,705dcd33f000,604ae000,3,21) at pmap_enter+0x38a sys/arch/amd64/amd64/pmap.c:-1 uvm_fault_upper(ffff80002a334760,ffff80002a334798,ffff80002a334660) at uvm_fault_upper+0x338 sys/uvm/uvm_fault.c:1131 uvm_fault(fffffd8068888b98,705dcd33f000,0,1) at uvm_fault+0x198 sys/uvm/uvm_fault.c:635 upageflttrap(ffff80002a334900,705dcd33f010) at upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192 usertrap(ffff80002a334900) at usertrap+0x430 sys/arch/amd64/amd64/trap.c:640 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x705dcd33f030, count: -12 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80002a334290 rbx 0xffffffff8392de07 cpu_info_full_primary+0x2e07 rdx 0 rcx 0xffff80002df9a578 rax 0xffffffff8392cff0 cpu_info_full_primary+0x1ff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0xc38a5e1d0378cd61 r11 0xc9ef0ff545b505e3 r12 0xffffffff8392dc08 cpu_info_full_primary+0x2c08 r13 0 r14 0 r15 0x1 rip 0xffffffff82e4f2c5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80002a334280 ss 0 db_enter+0x25: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor) tid=364068 pid=66549 tcnt=3 stat=onproc flags process=0 proc=0 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002df9afd8,0xffff80002df9a058 process=0xffff80002a38e1c8 user=0xffff80002a32f000, vmspace=0xfffffd8068888b98 estcpu=36, cpticks=4, pctcpu=0.0, user=4, sys=0, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 8065 9188 3779 0 2 0 syz-executor 8065 134006 3779 0 3 0x4000000 biowait syz-executor 23747 12226 97066 0 2 0 syz-executor 23747 346894 97066 0 3 0x4000080 fsleep syz-executor 97347 477985 48503 0 2 0 syz-executor 97347 227035 48503 0 3 0x4000080 fsleep syz-executor 85328 83009 75814 0 2 0 syz-executor 85328 337864 75814 0 3 0x4000080 fsleep syz-executor *66549 364068 23482 0 7 0 syz-executor 66549 478358 23482 0 3 0x4000080 netcon syz-executor 66549 262768 23482 0 3 0x4000080 fsleep syz-executor 4961 315353 30835 0 2 0 syz-executor 4961 394184 30835 0 2 0x4000000 syz-executor 70762 501382 34718 0 3 0x80 nanoslp syz-executor 70762 109624 34718 0 3 0x4000080 sbwait syz-executor 70762 300270 34718 0 3 0x4000080 fsleep syz-executor 44663 429413 36142 60929 3 0x90 nanoslp syz-executor 44663 41518 36142 60929 3 0x4000090 kqread syz-executor 44663 148301 36142 60929 3 0x4000090 kqread syz-executor 34718 495865 87664 0 3 0x82 nanoslp syz-executor 97066 82012 87664 0 3 0x82 nanoslp syz-executor 60413 1858 0 0 3 0x14200 acct acct 25634 449403 1 0 3 0x80 nanoslp init 30835 50378 87664 0 2 0x2 syz-executor 48503 417597 87664 0 2 0xc82 syz-executor 3779 66824 87664 0 3 0x82 nanoslp syz-executor 75814 374848 87664 0 3 0x82 nanoslp syz-executor 23482 424097 87664 0 3 0x82 nanoslp syz-executor 36142 101915 87664 0 3 0x82 nanoslp syz-executor 87664 325700 23942 0 3 0x82 kqread syz-executor 23942 268271 95254 0 3 0x10008a sigsusp ksh 95254 286824 59733 0 3 0x98 kqread sshd-session 59733 518657 59972 0 3 0x92 kqread sshd-session 59972 409500 1 0 3 0x88 kqread sshd 13551 314309 65833 74 3 0x1100092 bpf pflogd 65833 424983 1 0 3 0x80 sbwait pflogd 26655 29891 90641 73 3 0x1100090 kqread syslogd 90641 30259 1 0 3 0x100082 sbwait syslogd 67531 133556 1 0 3 0x100080 kqread resolvd 53441 65558 32041 77 3 0x100092 kqread dhcpleased 26989 427859 32041 77 3 0x100092 kqread dhcpleased 32041 477842 1 0 3 0x80 kqread dhcpleased 9233 184348 0 0 3 0x14200 bored smr 61918 234907 0 0 2 0x14200 zerothread 46192 74024 0 0 3 0x14200 aiodoned aiodoned 88242 316398 0 0 3 0x14200 syncer update 52325 152017 0 0 3 0x14200 cleaner cleaner 5006 200183 0 0 3 0x14200 reaper reaper 40617 313689 0 0 3 0x14200 pgdaemon pagedaemon 85826 83994 0 0 3 0x14200 bored viomb 78155 197673 0 0 3 0x40014200 acpi0 acpi0 96624 447383 0 0 7 0x40014200 idle1 84081 416201 0 0 3 0x14200 bored softnet1 97139 214302 0 0 3 0x14200 bored softnet0 74047 497773 0 0 3 0x14200 smrbar systqmp 22874 298082 0 0 3 0x14200 bored systq 20596 416161 0 0 3 0x14200 tmoslp softclockmp 42531 489013 0 0 3 0x40014200 tmoslp softclock 4671 49196 0 0 3 0x40014200 idle0 1 492922 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{0}> show all locks CPU 0: exclusive mutex &pmap->pm_mtx r = 0 (0xfffffd806ea05e10) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 mtx_enter+0x4b4 sys/kern/kern_lock.c:487 #2 pmap_enter+0x24b rcr3 sys/arch/amd64/compile/SYZKALLER/obj/machine/cpufunc.h:139 [inline] #2 pmap_enter+0x24b pmap_map_ptes sys/arch/amd64/amd64/pmap.c:437 [inline] #2 pmap_enter+0x24b sys/arch/amd64/amd64/pmap.c:2767 #3 uvm_fault_upper+0x338 sys/uvm/uvm_fault.c:1131 #4 uvm_fault+0x198 sys/uvm/uvm_fault.c:635 #5 upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192 #6 usertrap+0x430 sys/arch/amd64/amd64/trap.c:640 #7 recall_trap+0x8 Process 8065 (syz-executor) thread 0xffff800030b9b4f0 (134006) Process 66549 (syz-executor) thread 0xffff80002df9a578 (364068) Process 74047 (systqmp) thread 0xffff8000ffffe298 (497773) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11118 12235K 13986K 166960K 14331 0 pcb 19 20K 22K 166960K 443 0 rtable 222 10K 11K 166960K 1539 0 pf 43 19K 22K 166960K 189 0 ifaddr 42 7K 8K 166960K 164 0 ifgroup 68 2K 3K 166960K 243 0 sysctl 3 1K 9K 166960K 81 0 counters 76 37K 38K 166960K 236 0 ioctlops 0 0K 4K 166960K 1831 0 iov 0 0K 24K 166960K 76 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1465 92K 93K 166960K 3135 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 26 0 VM map 2 1K 1K 166960K 2 0 sem 12 16K 16K 166960K 200 0 dirhash 12 2K 2K 166960K 36 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 18 65K 240K 166960K 1757 0 sigio 0 0K 0K 166960K 115 0 proc 64 99K 164K 166960K 870 0 subproc 72 4K 4K 166960K 144 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 2 0K 0K 166960K 170 0 in_multi 76 5K 7K 166960K 306 0 ether_multi 1 0K 0K 166960K 15 0 mrt 3 0K 0K 166960K 48 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 235 1049K 1049K 166960K 235 0 exec 0 0K 1K 166960K 844 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 67 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 238 155K 210K 166960K 17793 0 UVM aobj 37 8K 8K 166960K 44 0 pinsyscall 42 84K 110K 166960K 3414 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 123 0 NDP 15 0K 2K 166960K 111 0 temp 80 9084K 9334K 166960K 61362 0 kqueue 15 24K 30K 166960K 318 0 SYN cache 2 16K 16K 166960K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 26 0 0 1 0 1 1 0 8 0 rtpcb 120 216 0 212 3 2 1 3 0 8 0 rtentry 176 481 0 395 6 0 6 6 0 8 0 unpcb 144 1652 0 1634 16 10 6 6 0 8 5 syncache 336 35 0 35 3 3 0 1 0 8 0 tcpqe 32 3 0 3 2 2 0 1 0 8 0 tcpcb 736 651 0 644 13 11 2 10 0 8 0 arp 136 114 0 93 1 0 1 1 0 8 0 inpcb 328 2233 0 2219 18 13 5 12 0 8 3 nd6 152 66 0 47 1 0 1 1 0 8 0 pkpcb 40 12 0 12 5 4 1 1 0 8 1 kcovpl 48 16 0 8 1 0 1 1 0 8 0 mppekey 1024 3 0 3 2 2 0 1 0 8 0 ppxss 1192 53 0 53 3 2 1 1 0 8 1 pppxif 1504 8 0 8 4 3 1 1 0 8 1 pffrag 232 15 0 5 1 0 1 1 0 482 0 pffrnode 88 14 0 5 1 0 1 1 0 8 0 pffrent 40 98 0 87 1 0 1 1 0 8 0 pfosfp 40 1429 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1429 0 714 21 0 21 21 0 8 0 pfrktable 1344 3 0 1 1 0 1 1 0 8 0 pfanchor 1288 1 0 0 1 0 1 1 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfstitem 24 153 0 47 1 0 1 1 0 8 0 pfstkey 128 153 0 47 4 0 4 4 0 8 0 pfstate 448 153 0 47 12 0 12 12 0 8 0 pfrule 1360 31 0 23 2 1 1 2 0 8 0 rttmr 136 6 0 6 3 2 1 1 0 8 1 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 1367 0 1002 42 14 28 30 0 8 4 art_table 40 1369 0 1002 5 0 5 5 0 8 0 art_node 32 480 0 404 3 2 1 3 0 8 0 sysvmsgpl 40 67 0 46 2 1 1 1 0 8 0 semupl 112 2 0 2 2 2 0 1 0 8 0 semapl 112 194 0 184 1 0 1 1 0 8 0 shmpl 112 38 0 6 1 0 1 1 0 8 0 dirhash 1024 34 0 17 3 0 3 3 0 8 0 dino2pl 256 4610 0 3144 93 0 93 93 0 8 0 ffsino 296 4610 0 3144 114 0 114 114 0 8 0 nchpl 144 6851 0 5131 64 0 64 64 0 8 0 rtmask 32 9 0 9 5 4 1 1 0 8 1 vnodes 216 5834 0 0 325 0 325 325 0 8 0 namei 1024 24932 0 24931 1 0 1 1 0 8 0 percpumem 16 133 0 80 1 0 1 1 0 8 0 vcpupl 3968 3 0 1 1 0 1 1 0 8 0 vmpool 848 3 0 1 1 0 1 1 0 8 0 pfiaddrpl 120 1 0 0 1 0 1 1 0 8 0 kstatmem 264 144 0 110 5 2 3 3 0 8 0 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 13 0 13 4 3 1 1 0 8 1 scxspl 216 38992 0 38990 11 9 2 8 1 8 1 plimitpl 152 421 0 404 1 0 1 1 0 8 0 sigapl 424 2149 0 2100 11 3 8 9 0 8 0 knotepl 120 561 0 0 16 0 16 16 0 8 0 kqueuepl 224 770 0 757 11 8 3 11 0 8 2 pipepl 344 489 0 462 10 5 5 9 0 8 2 fdescpl 528 2090 0 2058 3 0 3 3 0 8 0 filepl 160 14909 0 14680 45 26 19 28 0 8 8 lockfpl 104 821 0 819 2 1 1 2 0 8 0 lockfspl 48 387 0 385 1 0 1 1 0 8 0 sessionpl 144 63 0 55 1 0 1 1 0 8 0 pgrppl 48 131 0 115 1 0 1 1 0 8 0 ucredpl 104 2002 0 1988 1 0 1 1 0 8 0 zombiepl 144 2100 0 2100 1 0 1 1 0 8 1 processpl 1232 2149 0 2100 6 0 6 6 0 8 0 procpl 664 4619 0 4559 10 3 7 8 0 8 0 sosppl 176 8 0 8 2 1 1 1 0 8 1 sockpl 752 4255 0 4219 45 32 13 18 0 8 8 mcl64k 65536 7 0 0 1 0 1 1 0 8 0 mcl16k 16384 7 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 2 0 0 1 0 1 1 0 8 0 mcl8k 8192 7 0 0 1 0 1 1 0 8 0 mcl4k 4096 132 0 0 16 0 16 16 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 43 0 0 6 0 6 6 0 8 0 mtagpl 96 7 0 0 1 0 1 1 0 8 0 mbufpl 256 1247 0 0 77 0 77 77 0 8 0 bufpl 280 13579 0 7450 438 0 438 438 0 8 0 anonpl 32 12949 0 0 105 0 105 105 0 246 0 amapchunkpl 152 59419 0 58909 44 17 27 35 0 158 5 amappl16 200 6459 0 6418 41 27 14 31 0 8 8 amappl15 192 19 0 19 1 1 0 1 0 8 0 amappl14 184 545 0 544 1 0 1 1 0 8 0 amappl13 176 247 0 236 1 0 1 1 0 8 0 amappl12 168 2413 0 2382 2 0 2 2 0 8 0 amappl11 160 7 0 7 1 1 0 1 0 8 0 amappl10 152 91 0 76 1 0 1 1 0 8 0 amappl9 144 309 0 309 1 1 0 1 0 8 0 amappl8 136 145 0 143 1 0 1 1 0 8 0 amappl7 128 231 0 217 1 0 1 1 0 8 0 amappl6 120 266 0 264 1 0 1 1 0 8 0 amappl5 112 193 0 182 1 0 1 1 0 8 0 amappl4 104 470 0 451 1 0 1 1 0 8 0 amappl3 96 12010 0 11891 4 0 4 4 0 8 0 amappl2 88 1064 0 1005 3 1 2 3 0 8 0 amappl1 80 32226 0 31644 25 8 17 23 0 8 0 amappl 88 16336 0 16166 5 0 5 5 0 92 0 uvmvnodes 80 154 0 0 4 0 4 4 0 8 0 dma16384 16384 1 0 1 1 1 0 1 0 8 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 255 0 255 2 1 1 1 0 8 1 dma64 64 7 0 7 2 2 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 43 0 7 1 0 1 1 0 8 0 uaddrrnd 24 2090 0 2058 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2090 0 2058 1 0 1 1 0 8 0 vmmpekpl 168 24068 0 24012 3 0 3 3 0 8 0 vmmpepl 168 161309 0 159356 129 14 115 121 0 357 20 vmsppl 488 2089 0 2058 6 1 5 5 0 8 0 rwobjpl 80 50289 0 49185 39 5 34 36 0 8 0 pdppl 4096 4193 0 4120 148 74 74 84 0 8 1 pvpl 32 21501 0 0 174 1 173 173 0 265 0 pmappl 256 2092 0 2059 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 430 0 108 10 0 10 10 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8344abcd) at panic+0x1e5 sys/kern/subr_prf.c:198 __assert(ffffffff8348a95d,ffffffff8347842d,90,ffffffff834205f1) at __assert+0x29 sys/kern/subr_prf.c:-1 uvm_pagealloc_pg(fffffd800882f6a8,fffffd806ea05e38,382ee69000,0) at uvm_pagealloc_pg+0x54b sys/uvm/uvm_page.c:707 uvm_pagealloc(fffffd806ea05e38,382ee69000,0,3) at uvm_pagealloc+0x252 sys/uvm/uvm_page.c:913 pmap_get_ptp(fffffd806ea05e00,705dcd33f000) at pmap_get_ptp+0x1d0 sys/arch/amd64/amd64/pmap.c:-1 pmap_enter(fffffd806ea05e00,705dcd33f000,604ae000,3,21) at pmap_enter+0x38a sys/arch/amd64/amd64/pmap.c:-1 uvm_fault_upper(ffff80002a334760,ffff80002a334798,ffff80002a334660) at uvm_fault_upper+0x338 sys/uvm/uvm_fault.c:1131 uvm_fault(fffffd8068888b98,705dcd33f000,0,1) at uvm_fault+0x198 sys/uvm/uvm_fault.c:635 upageflttrap(ffff80002a334900,705dcd33f010) at upageflttrap+0xa9 sys/arch/amd64/amd64/trap.c:192 usertrap(ffff80002a334900) at usertrap+0x430 sys/arch/amd64/amd64/trap.c:640 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x705dcd33f030, count: -12 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x27: addq $0x8,%rsp x86_ipi_db(ffff8000299adff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x457 sys/dev/acpi/acpicpu_x86.c:1224 sched_idle(ffff8000299adff0) at sched_idle+0x391 sys/kern/kern_sched.c:191 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff8000299adff0) at x86_ipi_db+0x27 sys/arch/amd64/amd64/db_interface.c:394 x86_ipi_handler() at x86_ipi_handler+0xd9 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x457 sys/dev/acpi/acpicpu_x86.c:1224 sched_idle(ffff8000299adff0) at sched_idle+0x391 sys/kern/kern_sched.c:191 end trace frame: 0x0, count: -5