panic: kernel diagnostic assertion "dupe == NULL" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_page.c", line 144 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *155783 23637 0 0 0 0 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff825496a2) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825b9f28,ffffffff8256c31a,90,ffffffff82520833) at __assert+0x25 sys/kern/subr_prf.c:161 uvm_pagealloc_pg(fffffd8005e31f00,fffffd807c83b200,0,0) at uvm_pagealloc_pg+0x427 uvm_pageinsert sys/uvm/uvm_page.c:138 [inline] uvm_pagealloc_pg(fffffd8005e31f00,fffffd807c83b200,0,0) at uvm_pagealloc_pg+0x427 sys/uvm/uvm_page.c:710 uvm_pagealloc(fffffd807c83b200,0,0,3) at uvm_pagealloc+0x1e8 sys/uvm/uvm_page.c:918 pmap_get_ptp(fffffd807c83b1d0,20000000) at pmap_get_ptp+0x18d sys/arch/amd64/amd64/pmap.c:1183 pmap_enter(fffffd807c83b1d0,20000000,5cdaf000,3,21) at pmap_enter+0x292 sys/arch/amd64/amd64/pmap.c:2697 uvm_fault_upper(ffff80002b365180,ffff80002b3651b8,ffff80002b365080,0) at uvm_fault_upper+0x268 sys/uvm/uvm_fault.c:1033 uvm_fault(fffffd807e9b4cc8,20000000,0,1) at uvm_fault+0x144 sys/uvm/uvm_fault.c:610 upageflttrap(ffff80002b3652f0,200000c0) at upageflttrap+0x79 sys/arch/amd64/amd64/trap.c:181 usertrap(ffff80002b3652f0) at usertrap+0x198 sys/arch/amd64/amd64/trap.c:403 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7fffffae00, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "dupe == NULL" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_page.c", line 144 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff825496a2) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825b9f28,ffffffff8256c31a,90,ffffffff82520833) at __assert+0x25 sys/kern/subr_prf.c:161 uvm_pagealloc_pg(fffffd8005e31f00,fffffd807c83b200,0,0) at uvm_pagealloc_pg+0x427 uvm_pageinsert sys/uvm/uvm_page.c:138 [inline] uvm_pagealloc_pg(fffffd8005e31f00,fffffd807c83b200,0,0) at uvm_pagealloc_pg+0x427 sys/uvm/uvm_page.c:710 uvm_pagealloc(fffffd807c83b200,0,0,3) at uvm_pagealloc+0x1e8 sys/uvm/uvm_page.c:918 pmap_get_ptp(fffffd807c83b1d0,20000000) at pmap_get_ptp+0x18d sys/arch/amd64/amd64/pmap.c:1183 pmap_enter(fffffd807c83b1d0,20000000,5cdaf000,3,21) at pmap_enter+0x292 sys/arch/amd64/amd64/pmap.c:2697 uvm_fault_upper(ffff80002b365180,ffff80002b3651b8,ffff80002b365080,0) at uvm_fault_upper+0x268 sys/uvm/uvm_fault.c:1033 uvm_fault(fffffd807e9b4cc8,20000000,0,1) at uvm_fault+0x144 sys/uvm/uvm_fault.c:610 upageflttrap(ffff80002b3652f0,200000c0) at upageflttrap+0x79 sys/arch/amd64/amd64/trap.c:181 usertrap(ffff80002b3652f0) at usertrap+0x198 sys/arch/amd64/amd64/trap.c:403 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7fffffae00, count: -12 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002b364cb0 rbx 0 rdx 0 rcx 0 rax 0xffff80002161e540 r8 0x101010101010101 r9 0x8080808080808080 r10 0x77aae7185518b045 r11 0x53fb8dd9bcccdc61 r12 0 r13 0 r14 0 r15 0x1 rip 0xffffffff819dbd48 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002b364ca0 ss 0 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=155783 stat=onproc flags process=0 proc=0 pri=83, usrpri=83, nice=20 forw=0xffffffffffffffff, list=0xffff80002161f7a0,0xffff80002161fa50 process=0xffff800024aeebf0 user=0xffff80002b360000, vmspace=0xfffffd807e9b4cc8 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 92558 189998 66475 0 2 0 syz-executor.2 84180 69692 3367 0 2 0 syz-executor.7 *23637 155783 96099 0 7 0 syz-executor.1 23637 234971 96099 0 3 0x4000080 fsleep syz-executor.1 23637 373060 96099 0 3 0x4000080 fsleep syz-executor.1 23637 513094 96099 0 2 0x4000000 syz-executor.1 80985 299608 58696 0 2 0 syz-executor.6 80985 266139 58696 0 3 0x4000080 fsleep syz-executor.6 23252 451306 20807 0 2 0 syz-executor.4 23252 186870 20807 0 3 0x4000080 fsleep syz-executor.4 32655 242691 11660 0 2 0 syz-executor.0 32655 432808 11660 0 3 0x4000080 fsleep syz-executor.0 84631 422852 56523 0 2 0 syz-executor.5 84631 197252 56523 0 3 0x4000080 fsleep syz-executor.5 84631 460937 56523 0 3 0x4000080 fsleep syz-executor.5 84631 414587 56523 0 3 0x4000080 fsleep syz-executor.5 3367 307267 829 0 3 0x82 nanoslp syz-executor.7 43313 171881 0 0 3 0x14280 nfsidl nfsio 12784 309410 0 0 3 0x14280 nfsidl nfsio 77922 226110 0 0 3 0x14280 nfsidl nfsio 18394 521996 0 0 3 0x14280 nfsidl nfsio 97353 245425 0 0 3 0x14280 nfsidl nfsio 42993 523841 0 0 3 0x14280 nfsidl nfsio 7495 411464 0 0 3 0x14280 nfsidl nfsio 99361 504075 0 0 3 0x14280 nfsidl nfsio 36484 240002 0 0 3 0x14280 nfsidl nfsio 29101 415218 0 0 3 0x14280 nfsidl nfsio 97467 480097 0 0 3 0x14280 nfsidl nfsio 13608 139834 0 0 3 0x14280 nfsidl nfsio 78287 261269 0 0 3 0x14280 nfsidl nfsio 25849 450578 0 0 3 0x14280 nfsidl nfsio 23059 70094 0 0 3 0x14280 nfsidl nfsio 36995 75593 0 0 3 0x14280 nfsidl nfsio 97644 358180 0 0 3 0x14280 nfsidl nfsio 93468 431676 0 0 3 0x14280 nfsidl nfsio 16827 352625 0 0 3 0x14280 nfsidl nfsio 59535 13202 0 0 3 0x14280 nfsidl nfsio 96099 39575 829 0 3 0x82 nanoslp syz-executor.1 2120 408613 829 0 3 0x2 biowait syz-executor.3 20807 118011 829 0 3 0x82 nanoslp syz-executor.4 45298 48863 1 0 3 0x100083 ttyopn getty 56523 39742 829 0 3 0x82 nanoslp syz-executor.5 58696 681 829 0 3 0x82 nanoslp syz-executor.6 30619 512510 0 0 3 0x14200 bored sosplice 66475 124124 829 0 3 0x82 nanoslp syz-executor.2 11660 131760 829 0 3 0x82 nanoslp syz-executor.0 829 476944 51287 0 3 0x82 kqread syz-fuzzer 829 76086 51287 0 3 0x4000082 nanoslp syz-fuzzer 829 367646 51287 0 3 0x4000082 thrsleep syz-fuzzer 829 390452 51287 0 3 0x4000082 thrsleep syz-fuzzer 829 479205 51287 0 3 0x4000082 thrsleep syz-fuzzer 829 366098 51287 0 3 0x4000082 thrsleep syz-fuzzer 829 105080 51287 0 3 0x4000082 thrsleep syz-fuzzer 829 272748 51287 0 3 0x4000082 thrsleep syz-fuzzer 51287 355334 87369 0 3 0x10008a sigsusp ksh 87369 305694 2357 0 3 0x9a poll sshd 2357 326320 1 0 3 0x88 poll sshd 81155 167754 30529 73 3 0x100090 kqread syslogd 30529 360760 1 0 3 0x100082 netio syslogd 36344 69582 1 0 3 0x100080 kqread resolvd 77222 330559 51474 77 3 0x100092 kqread dhcpleased 48097 519623 51474 77 3 0x100092 kqread dhcpleased 51474 403447 1 0 3 0x80 kqread dhcpleased 95055 350953 0 0 3 0x14200 bored smr 21238 228402 0 0 2 0x14200 zerothread 5053 168999 0 0 3 0x14200 aiodoned aiodoned 61951 390847 0 0 3 0x14200 syncer update 78997 207939 0 0 3 0x14200 cleaner cleaner 33417 223579 0 0 3 0x14200 reaper reaper 82521 11701 0 0 3 0x14200 pgdaemon pagedaemon 49016 221507 0 0 3 0x14200 bored viomb 52014 426934 0 0 3 0x40014200 acpi0 acpi0 48960 455680 0 0 3 0x14200 bored softnet 76178 419414 0 0 3 0x14200 bored systqmp 31400 59233 0 0 3 0x14200 bored systq 71709 116990 0 0 3 0x40014200 bored softclock 64096 267625 0 0 3 0x40014200 idle0 1 314748 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10242 6580K 7764K 78643K 29399 0 pcb 14 16K 21K 78643K 1051 0 rtable 170 13K 15K 78643K 15526 0 ifaddr 75 17K 20K 78643K 2227 0 counters 27 17K 17K 78643K 91 0 ioctlops 0 0K 4K 78643K 540 0 iov 0 0K 24K 78643K 191 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1401 88K 88K 78643K 6815 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 13K 78643K 683 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 1282 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 17 61K 81K 78643K 12736 0 sigio 0 0K 0K 78643K 50 0 proc 67 55K 87K 78643K 1101 0 subproc 104 6K 6K 78643K 234 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 382 0 in_multi 59 4K 7K 78643K 11363 0 ether_multi 1 0K 0K 78643K 83 0 mrt 2 0K 0K 78643K 50 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 91 413K 413K 78643K 91 0 exec 0 0K 2K 78643K 1282 0 pfkey data 0 0K 0K 78643K 11 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 438 380K 396K 78643K 153304 0 UVM aobj 131 8K 8K 78643K 186 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 409 0 NDP 13 0K 2K 78643K 1941 0 temp 129 4693K 4758K 78643K 80710 0 kqueue 10 14K 22K 78643K 538 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 303 0 300 2 1 1 2 0 8 0 rtentry 112 7563 0 7490 4 0 4 4 0 8 0 unpcb 136 3388 0 3375 14 13 1 6 0 8 0 syncache 296 99 0 99 12 12 0 1 0 8 0 tcpqe 32 24 0 24 4 4 0 1 0 8 0 tcpcb 736 1434 0 1430 38 37 1 8 0 8 0 arp 88 51 0 33 1 0 1 1 0 8 0 ipq 40 1 0 1 1 1 0 1 0 8 0 ipqe 40 2 0 2 1 1 0 1 0 8 0 inpcb 304 12319 0 12311 40 36 4 12 0 8 3 rttmr 72 10 0 10 3 3 0 1 0 8 0 nd6 48 1887 0 1878 1 0 1 1 0 8 0 pkpcb 40 18 0 18 4 4 0 1 0 8 0 kcovpl 48 18 0 10 1 0 1 1 0 8 0 ppxss 1152 29 0 29 4 4 0 1 0 8 0 pfstscr 40 5 0 5 1 1 0 1 0 8 0 pffrag 232 16 0 16 1 1 0 1 0 482 0 pffrnode 88 16 0 16 1 1 0 1 0 8 0 pffrent 40 37 0 37 1 1 0 1 0 8 0 pftag 88 9 0 8 2 1 1 1 0 8 0 pfstitem 24 4 0 4 1 1 0 1 0 8 0 pfstkey 112 10 0 10 1 1 0 1 0 8 0 pfstate 320 5 0 5 1 1 0 1 0 8 0 pfrule 1360 39 0 16 2 0 2 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 48183 0 47879 37 11 26 33 0 8 1 art_table 32 48184 0 47879 5 0 5 5 0 8 0 art_node 16 7562 0 7494 1 0 1 1 0 8 0 sysvmsgpl 40 39 0 26 1 0 1 1 0 8 0 semapl 112 1280 0 1270 1 0 1 1 0 8 0 shmpl 112 183 0 55 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 16462 0 15000 92 0 92 92 0 8 0 ffsino 240 16462 0 15000 87 0 87 87 0 8 0 nchpl 144 31671 0 30047 62 0 62 62 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 84171 0 84170 2 1 1 2 0 8 0 vcpupl 1984 57 0 2 8 0 8 8 0 8 1 vmpool 528 57 0 2 4 0 4 4 0 8 0 scsiplug 72 10 0 10 2 2 0 1 0 8 0 scxspl 216 92984 0 92983 16 15 1 8 0 8 0 plimitpl 152 363 0 349 1 0 1 1 0 8 0 sigapl 424 13014 0 12952 9 1 8 8 0 8 1 futexpl 64 96622 0 96614 1 0 1 1 0 8 0 knotepl 112 2003 0 1929 3 0 3 3 0 8 0 kqueuepl 184 4664 0 4654 17 16 1 7 0 8 0 pipepl 304 1253 0 1224 28 25 3 8 0 8 0 fdescpl 432 12980 0 12952 4 0 4 4 0 8 0 filepl 120 54687 0 54382 34 24 10 16 0 8 0 lockfpl 104 1059 0 1057 1 0 1 1 0 8 0 lockfspl 48 423 0 421 1 0 1 1 0 8 0 sessionpl 144 34 0 18 1 0 1 1 0 8 0 pgrppl 48 204 0 188 1 0 1 1 0 8 0 ucredpl 96 4699 0 4689 1 0 1 1 0 8 0 zombiepl 144 12952 0 12952 1 0 1 1 0 8 1 processpl 1000 13014 0 12952 8 0 8 8 0 8 0 procpl 672 28519 0 28441 25 18 7 8 0 8 0 sosppl 168 100 0 100 12 12 0 1 0 8 0 sockpl 448 16044 0 16020 108 100 8 19 0 8 5 mcl64k 65536 221 0 221 18 17 1 2 0 8 1 mcl16k 16384 52 0 52 8 8 0 1 0 8 0 mcl12k 12288 182 0 182 16 15 1 1 0 8 1 mcl9k 9216 69 0 69 12 12 0 1 0 8 0 mcl8k 8192 301 0 301 20 19 1 1 0 8 1 mcl4k 4096 664 0 664 13 12 1 1 0 8 1 mcl2k2 2112 50 0 50 8 7 1 1 0 8 1 mcl2k 2048 44743 0 44702 61 53 8 15 0 8 1 mtagpl 96 946 0 813 13 1 12 12 0 8 0 mbufpl 256 220891 0 219480 170 74 96 134 0 8 0 bufpl 288 22302 0 15893 459 0 459 459 0 8 0 anonpl 24 3341062 0 3325502 215 116 99 109 0 188 0 amapchunkpl 152 366919 0 366220 89 60 29 46 0 158 0 amappl16 200 26827 0 26309 60 32 28 35 0 8 0 amappl15 192 857 0 851 1 0 1 1 0 8 0 amappl14 184 12 0 6 1 0 1 1 0 8 0 amappl13 176 1846 0 1841 1 0 1 1 0 8 0 amappl12 168 972 0 963 1 0 1 1 0 8 0 amappl11 160 2423 0 2411 1 0 1 1 0 8 0 amappl10 152 954 0 944 1 0 1 1 0 8 0 amappl9 144 3281 0 3276 1 0 1 1 0 8 0 amappl8 136 4206 0 4040 6 0 6 6 0 8 0 amappl7 128 3147 0 3133 1 0 1 1 0 8 0 amappl6 120 3073 0 3046 2 1 1 2 0 8 0 amappl5 112 10085 0 10067 1 0 1 1 0 8 0 amappl4 104 5760 0 5724 2 0 2 2 0 8 0 amappl3 96 3272 0 3257 1 0 1 1 0 8 0 amappl2 88 2708 0 2653 3 1 2 3 0 8 0 amappl1 80 216551 0 215982 20 7 13 18 0 8 0 amappl 88 152034 0 151782 9 2 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 185 0 55 3 0 3 3 0 8 0 uaddrrnd 24 13037 0 12954 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 13037 0 12954 1 0 1 1 0 8 0 vmmpekpl 168 71813 0 71751 3 0 3 3 0 8 0 vmmpepl 168 1130435 0 1127739 181 58 123 123 0 357 4 vmsppl 272 13036 0 12954 8 2 6 6 0 8 0 rwobjpl 24 250899 0 243250 50 3 47 47 0 8 0 pdppl 4096 26080 0 25963 451 332 119 121 0 8 2 pvpl 32 5873126 0 5856532 392 253 139 259 0 265 0 pmappl 216 13036 0 12954 5 0 5 5 0 8 0 extentpl 40 57 0 38 1 0 1 1 0 8 0 phpool 112 1581 0 668 28 1 27 27 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff825496a2) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825b9f28,ffffffff8256c31a,90,ffffffff82520833) at __assert+0x25 sys/kern/subr_prf.c:161 uvm_pagealloc_pg(fffffd8005e31f00,fffffd807c83b200,0,0) at uvm_pagealloc_pg+0x427 uvm_pageinsert sys/uvm/uvm_page.c:138 [inline] uvm_pagealloc_pg(fffffd8005e31f00,fffffd807c83b200,0,0) at uvm_pagealloc_pg+0x427 sys/uvm/uvm_page.c:710 uvm_pagealloc(fffffd807c83b200,0,0,3) at uvm_pagealloc+0x1e8 sys/uvm/uvm_page.c:918 pmap_get_ptp(fffffd807c83b1d0,20000000) at pmap_get_ptp+0x18d sys/arch/amd64/amd64/pmap.c:1183 pmap_enter(fffffd807c83b1d0,20000000,5cdaf000,3,21) at pmap_enter+0x292 sys/arch/amd64/amd64/pmap.c:2697 uvm_fault_upper(ffff80002b365180,ffff80002b3651b8,ffff80002b365080,0) at uvm_fault_upper+0x268 sys/uvm/uvm_fault.c:1033 uvm_fault(fffffd807e9b4cc8,20000000,0,1) at uvm_fault+0x144 sys/uvm/uvm_fault.c:610 upageflttrap(ffff80002b3652f0,200000c0) at upageflttrap+0x79 sys/arch/amd64/amd64/trap.c:181 usertrap(ffff80002b3652f0) at usertrap+0x198 sys/arch/amd64/amd64/trap.c:403 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7fffffae00, count: -12 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff825496a2) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825b9f28,ffffffff8256c31a,90,ffffffff82520833) at __assert+0x25 sys/kern/subr_prf.c:161 uvm_pagealloc_pg(fffffd8005e31f00,fffffd807c83b200,0,0) at uvm_pagealloc_pg+0x427 uvm_pageinsert sys/uvm/uvm_page.c:138 [inline] uvm_pagealloc_pg(fffffd8005e31f00,fffffd807c83b200,0,0) at uvm_pagealloc_pg+0x427 sys/uvm/uvm_page.c:710 uvm_pagealloc(fffffd807c83b200,0,0,3) at uvm_pagealloc+0x1e8 sys/uvm/uvm_page.c:918 pmap_get_ptp(fffffd807c83b1d0,20000000) at pmap_get_ptp+0x18d sys/arch/amd64/amd64/pmap.c:1183 pmap_enter(fffffd807c83b1d0,20000000,5cdaf000,3,21) at pmap_enter+0x292 sys/arch/amd64/amd64/pmap.c:2697 uvm_fault_upper(ffff80002b365180,ffff80002b3651b8,ffff80002b365080,0) at uvm_fault_upper+0x268 sys/uvm/uvm_fault.c:1033 uvm_fault(fffffd807e9b4cc8,20000000,0,1) at uvm_fault+0x144 sys/uvm/uvm_fault.c:610 upageflttrap(ffff80002b3652f0,200000c0) at upageflttrap+0x79 sys/arch/amd64/amd64/trap.c:181 usertrap(ffff80002b3652f0) at usertrap+0x198 sys/arch/amd64/amd64/trap.c:403 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7fffffae00, count: -12