panic: kernel diagnostic assertion "dupe == NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_page.c", line 144
Stopped at      db_enter+0x18:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
*408816  85089      0           0          0    1  syz-executor.3
   6639  50435      0     0x14000      0x200    0  reaper
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825905d7) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff82602a90,ffffffff8257e1df,90,ffffffff82566ce4) at __assert+0x25 sys/kern/subr_prf.c:161
uvm_pagealloc_pg(fffffd800744f680,fffffd8071199230,15821d000,0) at uvm_pagealloc_pg+0x427 uvm_pageinsert sys/uvm/uvm_page.c:138 [inline]
uvm_pagealloc_pg(fffffd800744f680,fffffd8071199230,15821d000,0) at uvm_pagealloc_pg+0x427 sys/uvm/uvm_page.c:710
uvm_pagealloc(fffffd8071199230,15821d000,0,3) at uvm_pagealloc+0x1e8 sys/uvm/uvm_page.c:918
pmap_get_ptp(fffffd8071199200,2b043ad2000) at pmap_get_ptp+0x18d sys/arch/amd64/amd64/pmap.c:1183
pmap_enter(fffffd8071199200,2b043ad2000,64d34000,1,20) at pmap_enter+0x2ac
uvm_fault_upper_lookup(ffff800024669740,ffff800024669778,ffff800024669640,ffff8000246696c0) at uvm_fault_upper_lookup+0x2b3 sys/uvm/uvm_fault.c:887
uvm_fault(fffffd806ed3d2e8,2b043ad1000,0,2) at uvm_fault+0x139 sys/uvm/uvm_fault.c:607
upageflttrap(ffff8000246698b0,2b043ad1390) at upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
usertrap(ffff8000246698b0) at usertrap+0x1aa sys/arch/amd64/amd64/trap.c:403
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7fffffb5f0, count: 3
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{1}> 
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
*cpu1: kernel diagnostic assertion "dupe == NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_page.c", line 144
ddb{1}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(ffffffff825905d7) at panic+0x177 sys/kern/subr_prf.c:202
__assert(ffffffff82602a90,ffffffff8257e1df,90,ffffffff82566ce4) at __assert+0x25 sys/kern/subr_prf.c:161
uvm_pagealloc_pg(fffffd800744f680,fffffd8071199230,15821d000,0) at uvm_pagealloc_pg+0x427 uvm_pageinsert sys/uvm/uvm_page.c:138 [inline]
uvm_pagealloc_pg(fffffd800744f680,fffffd8071199230,15821d000,0) at uvm_pagealloc_pg+0x427 sys/uvm/uvm_page.c:710
uvm_pagealloc(fffffd8071199230,15821d000,0,3) at uvm_pagealloc+0x1e8 sys/uvm/uvm_page.c:918
pmap_get_ptp(fffffd8071199200,2b043ad2000) at pmap_get_ptp+0x18d sys/arch/amd64/amd64/pmap.c:1183
pmap_enter(fffffd8071199200,2b043ad2000,64d34000,1,20) at pmap_enter+0x2ac
uvm_fault_upper_lookup(ffff800024669740,ffff800024669778,ffff800024669640,ffff8000246696c0) at uvm_fault_upper_lookup+0x2b3 sys/uvm/uvm_fault.c:887
uvm_fault(fffffd806ed3d2e8,2b043ad1000,0,2) at uvm_fault+0x139 sys/uvm/uvm_fault.c:607
upageflttrap(ffff8000246698b0,2b043ad1390) at upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181
usertrap(ffff8000246698b0) at usertrap+0x1aa sys/arch/amd64/amd64/trap.c:403
recall_trap() at recall_trap+0x8
end of kernel
end trace frame: 0x7f7fffffb5f0, count: -12
ddb{1}> show registers
rdi                                0
rsi                              0x1
rbp               0xffff800024669260
rbx               0xffff800020ce9bff
rdx                                0
rcx                                0
rax               0xffff80002122ba50
r8                 0x101010101010101
r9                0x8080808080808080
r10               0x9aab014528aff8aa
r11               0xe9cc362e34752486
r12               0xffff800020ce9a00
r13                                0
r14                                0
r15                              0x1
rip               0xffffffff81874c68    db_enter+0x18
cs                               0x8
rflags                         0x246
rsp               0xffff800024669250
ss                                 0
db_enter+0x18:  addq    $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor.3) pid=408816 stat=onproc
    flags process=0 proc=0
    pri=83, usrpri=83, nice=20
    forw=0xffffffffffffffff, list=0xffff800021142d28,0xffff80002122a560
    process=0xffff80002aefc868 user=0xffff800024664000, vmspace=0xfffffd806ed3d2e8
    estcpu=36, cpticks=1, pctcpu=0.0
    user=0, sys=1, intr=0
ddb{1}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
*85089  408816  92297      0  7           0                syz-executor.3
 92156  301345  10927      0  2           0                syz-executor.6
  3033  282802    141      0  2           0                syz-executor.0
 62645   37927  79258      0  2           0                syz-executor.4
 62645  386750  79258      0  3   0x4000080  fsleep        syz-executor.4
 62645  252860  79258      0  2   0x4000000                syz-executor.4
 66094   14277  66276      0  3         0x2  biowait       syz-executor.5
 92297  198904  66276      0  2       0x482                syz-executor.3
 13362  389440  66276      0  2         0x2                syz-executor.7
 79258   85456  66276      0  3        0x82  nanoslp       syz-executor.4
 67366  292871  66276      0  3         0x2  biowait       syz-executor.2
 10927   12058  66276      0  3        0x82  nanoslp       syz-executor.6
   141  152159  66276      0  3        0x82  nanoslp       syz-executor.0
 33567   79726      0      0  3     0x14200  acct          acct
 90489   51477      1      0  3    0x100083  ttyin         getty
 77076   83992  66276      0  2         0x2                syz-executor.1
 20543  274792      0      0  3     0x14200  bored         sosplice
 66276  106099  24751      0  3        0x82  thrsleep      syz-fuzzer
 66276  510267  24751      0  3   0x4000082  nanoslp       syz-fuzzer
 66276   24744  24751      0  3   0x4000082  thrsleep      syz-fuzzer
 66276  347535  24751      0  3   0x4000082  kqread        syz-fuzzer
 66276  391657  24751      0  3   0x4000082  thrsleep      syz-fuzzer
 66276  503283  24751      0  3   0x4000082  thrsleep      syz-fuzzer
 66276  138310  24751      0  3   0x4000082  thrsleep      syz-fuzzer
 66276  461478  24751      0  3   0x4000082  thrsleep      syz-fuzzer
 66276  140360  24751      0  3   0x4000082  thrsleep      syz-fuzzer
 24751  330076  98465      0  3    0x10008a  sigsusp       ksh
 98465  246950  74841      0  3        0x9a  kqread        sshd
 74841   30337      1      0  3        0x88  kqread        sshd
 27657  171356  49831     74  3   0x1100092  bpf           pflogd
 49831   13553      1      0  3        0x80  netio         pflogd
  5688  293174  21660     73  3   0x1100090  kqread        syslogd
 21660  164062      1      0  3    0x100082  netio         syslogd
 33266  297722      1      0  3    0x100080  kqread        resolvd
 99947  307379  91240     77  3    0x100092  kqread        dhcpleased
 49557  508317  91240     77  3    0x100092  kqread        dhcpleased
 91240  462004      1      0  3        0x80  kqread        dhcpleased
 62445   53706      0      0  3     0x14200  bored         smr
 74844  159406      0      0  2     0x14200                zerothread
 77149   39603      0      0  3     0x14200  aiodoned      aiodoned
 34926  470494      0      0  3     0x14200  syncer        update
 83377  202871      0      0  3     0x14200  cleaner       cleaner
 50435    6639      0      0  7     0x14200                reaper
 31526  417533      0      0  3     0x14200  pgdaemon      pagedaemon
 51603  463255      0      0  3     0x14200  bored         viomb
 41259  412583      0      0  3  0x40014200  acpi0         acpi0
 57865  279805      0      0  3  0x40014200                idle1
 87742   15021      0      0  3     0x14200  bored         softnet
 71225  498930      0      0  3     0x14200  bored         systqmp
 32484  200661      0      0  3     0x14200  bored         systq
 40994  110539      0      0  2  0x40014200                softclock
 31148  342995      0      0  3  0x40014200                idle0
     1  285253      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb{1}> show all locks
CPU 0:
exclusive mutex &(curpg)->mdpage.pv_mtx r = 0 (0xfffffd8007c91ed8)
#0  witness_lock+0x44d
#1  mtx_enter_try+0x100
#2  mtx_enter+0x4b sys/kern/kern_lock.c:266
#3  pmap_remove_ptes+0x208 pmap_remove_pv sys/arch/amd64/amd64/pmap.c:1059 [inline]
#3  pmap_remove_ptes+0x208 sys/arch/amd64/amd64/pmap.c:1657
#4  pmap_do_remove+0x416 sys/arch/amd64/amd64/pmap.c:1865
#5  uvm_unmap_kill_entry_withlock+0x1af sys/uvm/uvm_map.c:2139
#6  uvm_map_teardown+0x197 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:176 [inline]
#6  uvm_map_teardown+0x197 sys/uvm/uvm_map.c:2771
#7  uvmspace_free+0xa6 sys/uvm/uvm_map.c:3685
#8  reaper+0x19a sys/kern/kern_exit.c:454
#9  proc_trampoline+0x1c