panic: kernel diagnostic assertion "dupe == NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_page.c", line 144 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *415290 22493 0 0 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8259a48e) at panic+0x177 sys/kern/subr_prf.c:202 __assert(ffffffff826126fb,ffffffff8258a820,90,ffffffff8257364d) at __assert+0x25 sys/kern/subr_prf.c:161 uvm_pagealloc_pg(fffffd800701b4c0,fffffd806baa4dc0,38dfb2000,0) at uvm_pagealloc_pg+0x427 uvm_pageinsert sys/uvm/uvm_page.c:138 [inline] uvm_pagealloc_pg(fffffd800701b4c0,fffffd806baa4dc0,38dfb2000,0) at uvm_pagealloc_pg+0x427 sys/uvm/uvm_page.c:709 uvm_pagealloc(fffffd806baa4dc0,38dfb2000,0,3) at uvm_pagealloc+0x1e8 sys/uvm/uvm_page.c:917 pmap_get_ptp(fffffd806baa4d90,71bf6581000) at pmap_get_ptp+0x18d sys/arch/amd64/amd64/pmap.c:1183 pmap_enter(fffffd806baa4d90,71bf6581000,74d09000,1,20) at pmap_enter+0x2ac uvm_fault_upper_lookup(ffff8000290e36e0,ffff8000290e3718,ffff8000290e35e0,ffff8000290e3660) at uvm_fault_upper_lookup+0x2b3 sys/uvm/uvm_fault.c:887 uvm_fault(fffffd806aa1ca20,71bf6584000,0,1) at uvm_fault+0x139 sys/uvm/uvm_fault.c:607 upageflttrap(ffff8000290e3850,71bf65846c8) at upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181 usertrap(ffff8000290e3850) at usertrap+0x1aa sys/arch/amd64/amd64/trap.c:403 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x71b47600560, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: kernel diagnostic assertion "dupe == NULL" failed: file "/syzkaller/managers/multicore/kernel/sys/uvm/uvm_page.c", line 144 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8259a48e) at panic+0x177 sys/kern/subr_prf.c:202 __assert(ffffffff826126fb,ffffffff8258a820,90,ffffffff8257364d) at __assert+0x25 sys/kern/subr_prf.c:161 uvm_pagealloc_pg(fffffd800701b4c0,fffffd806baa4dc0,38dfb2000,0) at uvm_pagealloc_pg+0x427 uvm_pageinsert sys/uvm/uvm_page.c:138 [inline] uvm_pagealloc_pg(fffffd800701b4c0,fffffd806baa4dc0,38dfb2000,0) at uvm_pagealloc_pg+0x427 sys/uvm/uvm_page.c:709 uvm_pagealloc(fffffd806baa4dc0,38dfb2000,0,3) at uvm_pagealloc+0x1e8 sys/uvm/uvm_page.c:917 pmap_get_ptp(fffffd806baa4d90,71bf6581000) at pmap_get_ptp+0x18d sys/arch/amd64/amd64/pmap.c:1183 pmap_enter(fffffd806baa4d90,71bf6581000,74d09000,1,20) at pmap_enter+0x2ac uvm_fault_upper_lookup(ffff8000290e36e0,ffff8000290e3718,ffff8000290e35e0,ffff8000290e3660) at uvm_fault_upper_lookup+0x2b3 sys/uvm/uvm_fault.c:887 uvm_fault(fffffd806aa1ca20,71bf6584000,0,1) at uvm_fault+0x139 sys/uvm/uvm_fault.c:607 upageflttrap(ffff8000290e3850,71bf65846c8) at upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181 usertrap(ffff8000290e3850) at usertrap+0x1aa sys/arch/amd64/amd64/trap.c:403 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x71b47600560, count: -12 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff8000290e3200 rbx 0xffffffff8292bc5f cpu_info_full_primary+0x2c5f rdx 0xffff800000ba0d40 rcx 0 rax 0xffff800021242550 r8 0x101010101010101 r9 0x8080808080808080 r10 0x970ac92453501cf5 r11 0xea0efae6504ca138 r12 0xffffffff8292ba60 cpu_info_full_primary+0x2a60 r13 0 r14 0 r15 0x1 rip 0xffffffff8106a4b8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000290e31f0 ss 0 db_enter+0x18: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.0) pid=415290 stat=onproc flags process=0 proc=4000000 pri=32, usrpri=85, nice=20 forw=0xffffffffffffffff, list=0xffff800021242fd0,0xffff800021242d40 process=0xffff8000260bd4e0 user=0xffff8000290de000, vmspace=0xfffffd806aa1ca20 estcpu=35, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 39293 304711 75810 0 2 0 syz-executor.6 92808 326401 88047 0 2 0 syz-executor.1 92808 59909 88047 0 2 0x4000000 syz-executor.1 45266 428025 19446 0 2 0 syz-executor.7 45266 417940 19446 0 2 0x4000000 syz-executor.7 49012 343634 11374 0 2 0 syz-executor.5 49012 463331 11374 0 2 0x4000000 syz-executor.5 58734 139519 38020 0 2 0 syz-executor.4 58734 517865 38020 0 2 0x4000000 syz-executor.4 23529 56416 69588 0 2 0 syz-executor.2 23529 297979 69588 0 2 0x4000000 syz-executor.2 35113 15353 52098 0 2 0 syz-executor.3 35113 473043 52098 0 2 0x4000000 syz-executor.3 22493 487646 3591 0 2 0 syz-executor.0 *22493 415290 3591 0 7 0x4000000 syz-executor.0 19446 276764 37771 0 3 0x82 nanoslp syz-executor.7 75810 463840 37771 0 3 0x82 nanoslp syz-executor.6 11374 428632 37771 0 3 0x82 nanoslp syz-executor.5 38020 207401 37771 0 3 0x82 nanoslp syz-executor.4 98045 432996 0 0 3 0x14200 acct acct 61564 423143 0 0 3 0x14200 bored sosplice 52098 424698 37771 0 3 0x82 nanoslp syz-executor.3 69588 67147 37771 0 3 0x82 nanoslp syz-executor.2 88047 118174 37771 0 3 0x82 nanoslp syz-executor.1 3591 326880 37771 0 3 0x82 nanoslp syz-executor.0 37771 483320 59350 0 3 0x82 thrsleep syz-fuzzer 37771 421091 59350 0 3 0x4000082 nanoslp syz-fuzzer 37771 222883 59350 0 3 0x4000082 thrsleep syz-fuzzer 37771 419288 59350 0 3 0x4000082 thrsleep syz-fuzzer 37771 79850 59350 0 3 0x4000082 kqread syz-fuzzer 37771 18404 59350 0 3 0x4000082 thrsleep syz-fuzzer 37771 224764 59350 0 3 0x4000082 thrsleep syz-fuzzer 37771 179420 59350 0 3 0x4000082 thrsleep syz-fuzzer 37771 330493 59350 0 3 0x4000082 thrsleep syz-fuzzer 59350 321766 93338 0 3 0x10008a sigsusp ksh 93338 396800 85498 0 3 0x9a kqread sshd 1488 178911 1 0 3 0x100083 ttyopn getty 85498 176816 1 0 3 0x88 kqread sshd 88315 127978 34377 74 3 0x1100092 bpf pflogd 34377 295355 1 0 3 0x80 netio pflogd 58292 253958 94915 73 3 0x1100090 kqread syslogd 94915 399740 1 0 3 0x100082 netio syslogd 2878 411758 1 0 3 0x100080 kqread resolvd 30292 29547 6786 77 3 0x100092 kqread dhcpleased 82406 137809 6786 77 3 0x100092 kqread dhcpleased 6786 54307 1 0 3 0x80 kqread dhcpleased 4279 409829 0 0 3 0x14200 bored smr 34855 155388 0 0 2 0x14200 zerothread 81066 344684 0 0 3 0x14200 aiodoned aiodoned 53108 429894 0 0 3 0x14200 syncer update 62973 235361 0 0 3 0x14200 cleaner cleaner 37480 10007 0 0 3 0x14200 reaper reaper 46277 100855 0 0 3 0x14200 pgdaemon pagedaemon 54515 119157 0 0 3 0x14200 bored viomb 67691 16108 0 0 3 0x40014200 acpi0 acpi0 39926 342887 0 0 7 0x40014200 idle1 14739 63263 0 0 3 0x14200 bored softnet 90801 457466 0 0 3 0x14200 bored softnet 54299 473942 0 0 3 0x14200 bored softnet 89981 107363 0 0 3 0x14200 bored softnet 13810 142828 0 0 3 0x14200 bored systqmp 14030 110285 0 0 3 0x14200 bored systq 22055 477942 0 0 3 0x40014200 bored softclock 5297 416391 0 0 3 0x40014200 idle0 1 371371 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10190 6504K 7066K 78643K 17171 0 pcb 13 14K 19K 78643K 1566 0 rtable 188 13K 15K 78643K 739 0 ifaddr 83 20K 22K 78643K 660 0 sysctl 1 1K 1K 78643K 1 0 counters 54 35K 36K 78643K 316 0 ioctlops 0 0K 4K 78643K 4804 0 iov 0 0K 16K 78643K 610 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1328 83K 83K 78643K 3666 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 28 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 761 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 18 65K 89K 78643K 17609 0 sigio 0 0K 0K 78643K 129 0 proc 72 91K 115K 78643K 880 0 subproc 104 6K 6K 78643K 196 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 187 0 in_multi 81 5K 6K 78643K 259 0 ether_multi 1 0K 0K 78643K 24 0 mrt 1 0K 0K 78643K 40 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 79 360K 360K 78643K 79 0 exec 0 0K 2K 78643K 1152 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 317 155K 156K 78643K 88595 0 UVM aobj 10 2K 2K 78643K 10 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 144 0 NDP 12 0K 2K 78643K 175 0 temp 144 4758K 5782K 78643K 82135 0 kqueue 12 18K 28K 78643K 472 0 SYN cache 2 16K 16K 78643K 2 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 168 0 165 1 0 1 1 0 8 0 rtentry 112 209 0 125 4 0 4 4 0 8 0 unpcb 136 68734 0 68719 91 83 8 14 0 8 7 syncache 296 17 0 17 5 5 0 1 0 8 0 tcpqe 32 20 0 20 5 5 0 1 0 8 0 tcpcb 736 3409 0 3400 54 53 1 18 0 8 0 arp 120 33 0 19 1 0 1 1 0 8 0 inpcb 312 6142 0 6135 46 42 4 11 0 8 3 nd6 48 48 0 28 1 0 1 1 0 8 0 pkpcb 40 7 0 7 3 3 0 1 0 8 0 kcovpl 48 15 0 7 1 0 1 1 0 8 0 ppxss 1248 101 0 101 4 4 0 1 0 8 0 pfstscr 40 12 0 12 3 3 0 1 0 8 0 pffrag 232 11 0 11 2 2 0 1 0 482 0 pffrnode 88 11 0 11 2 2 0 1 0 8 0 pffrent 40 23 0 23 2 2 0 1 0 8 0 pfosfp 40 1429 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1429 0 714 21 0 21 21 0 8 0 pfstitem 24 600 0 598 2 1 1 2 0 8 0 pfstkey 112 614 0 612 11 10 1 9 0 8 0 pfstate 336 606 0 604 29 28 1 24 0 8 0 pfrule 1360 36 0 24 4 3 1 2 0 8 0 rttmr 64 7 0 7 2 2 0 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 889 0 489 32 6 26 29 0 8 0 art_table 32 891 0 489 4 0 4 4 0 8 0 art_node 16 207 0 133 1 0 1 1 0 8 0 sysvmsgpl 40 27 0 19 2 1 1 1 0 8 0 semupl 112 8 0 8 1 1 0 1 0 8 0 semapl 112 759 0 749 1 0 1 1 0 8 0 shmpl 112 7 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 24132 0 22688 91 0 91 91 0 8 0 ffsino 272 24132 0 22688 97 0 97 97 0 8 0 nchpl 144 47613 0 45967 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 125402 0 125402 8 7 1 2 0 8 1 percpumem 16 170 0 131 1 0 1 1 0 8 0 vcpupl 2048 8 0 1 1 0 1 1 0 8 0 vmpool 560 8 0 1 1 0 1 1 0 8 0 kstatmem 264 286 0 262 3 1 2 3 0 8 0 scsiplug 72 1 0 1 1 1 0 1 0 8 0 scxspl 216 141256 0 141256 12 11 1 8 0 8 1 plimitpl 152 207 0 192 1 0 1 1 0 8 0 sigapl 424 17902 0 17852 8 2 6 7 0 8 0 futexpl 64 132389 0 132389 8 7 1 1 0 8 1 knotepl 120 507 0 0 11 2 9 11 0 8 0 kqueuepl 216 1142 0 1134 21 20 1 5 0 8 0 pipepl 336 1483 0 1455 35 32 3 8 0 8 0 fdescpl 496 17883 0 17852 5 1 4 5 0 8 0 filepl 152 123938 0 123699 142 123 19 25 0 8 9 lockfpl 104 2442 0 2440 3 2 1 2 0 8 0 lockfspl 48 761 0 759 1 0 1 1 0 8 0 sessionpl 144 31 0 14 1 0 1 1 0 8 0 pgrppl 48 32 0 15 1 0 1 1 0 8 0 ucredpl 96 3273 0 3261 1 0 1 1 0 8 0 zombiepl 144 17852 0 17852 2 1 1 1 0 8 1 processpl 1064 17902 0 17852 4 0 4 4 0 8 0 procpl 672 39433 0 39368 22 16 6 8 0 8 0 srpgc 96 8 0 8 3 3 0 1 0 8 0 sosppl 168 17 0 17 4 4 0 1 0 8 0 sockpl 480 75184 0 75159 1397 1364 33 52 0 8 29 mcl64k 65536 2 0 0 1 0 1 1 0 8 0 mcl16k 16384 2 0 0 1 0 1 1 0 8 0 mcl12k 12288 2 0 0 1 0 1 1 0 8 0 mcl9k 9216 1 0 0 1 0 1 1 0 8 0 mcl8k 8192 4 0 0 1 0 1 1 0 8 0 mcl4k 4096 2 0 0 1 0 1 1 0 8 0 mcl2k2 2112 2 0 0 1 0 1 1 0 8 0 mcl2k 2048 468 0 0 17 0 17 17 0 8 0 mtagpl 96 427 0 0 9 0 9 9 0 8 0 mbufpl 256 998 0 0 42 3 39 40 0 8 0 bufpl 288 24915 0 18583 453 0 453 453 0 8 0 anonpl 24 2997917 0 2985087 215 129 86 124 0 186 0 amapchunkpl 152 257909 0 257380 61 38 23 42 0 158 0 amappl16 200 42490 0 42085 95 73 22 43 0 8 0 amappl15 192 2728 0 2724 1 0 1 1 0 8 0 amappl14 184 5700 0 5693 2 1 1 1 0 8 0 amappl13 176 2374 0 2369 1 0 1 1 0 8 0 amappl12 168 4901 0 4894 1 0 1 1 0 8 0 amappl11 160 175 0 156 1 0 1 1 0 8 0 amappl10 152 2251 0 2244 1 0 1 1 0 8 0 amappl9 144 2353 0 2347 1 0 1 1 0 8 0 amappl8 136 981 0 847 5 0 5 5 0 8 0 amappl7 128 162 0 150 1 0 1 1 0 8 0 amappl6 120 2130 0 2109 2 1 1 2 0 8 0 amappl5 112 11342 0 11325 1 0 1 1 0 8 0 amappl4 104 3355 0 3328 2 0 2 2 0 8 0 amappl3 96 55321 0 55263 2 0 2 2 0 8 0 amappl2 88 24848 0 24777 3 1 2 3 0 8 0 amappl1 80 406672 0 405998 21 6 15 20 0 8 0 amappl 88 87778 0 87621 6 1 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 9 0 0 1 0 1 1 0 8 0 uaddrrnd 24 17891 0 17853 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 17891 0 17853 1 0 1 1 0 8 0 vmmpekpl 168 100098 0 100044 3 0 3 3 0 8 0 vmmpepl 168 1658685 0 1656023 203 84 119 128 0 357 3 vmsppl 368 17890 0 17853 7 3 4 4 0 8 0 rwobjpl 56 379487 0 372055 107 0 107 107 0 8 0 pdppl 4096 35789 0 35713 504 428 76 83 0 8 0 pvpl 32 6299311 0 6283206 441 305 136 263 0 265 0 pmappl 248 17890 0 17853 4 1 3 3 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 1432 0 607 26 1 25 25 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8259a48e) at panic+0x177 sys/kern/subr_prf.c:202 __assert(ffffffff826126fb,ffffffff8258a820,90,ffffffff8257364d) at __assert+0x25 sys/kern/subr_prf.c:161 uvm_pagealloc_pg(fffffd800701b4c0,fffffd806baa4dc0,38dfb2000,0) at uvm_pagealloc_pg+0x427 uvm_pageinsert sys/uvm/uvm_page.c:138 [inline] uvm_pagealloc_pg(fffffd800701b4c0,fffffd806baa4dc0,38dfb2000,0) at uvm_pagealloc_pg+0x427 sys/uvm/uvm_page.c:709 uvm_pagealloc(fffffd806baa4dc0,38dfb2000,0,3) at uvm_pagealloc+0x1e8 sys/uvm/uvm_page.c:917 pmap_get_ptp(fffffd806baa4d90,71bf6581000) at pmap_get_ptp+0x18d sys/arch/amd64/amd64/pmap.c:1183 pmap_enter(fffffd806baa4d90,71bf6581000,74d09000,1,20) at pmap_enter+0x2ac uvm_fault_upper_lookup(ffff8000290e36e0,ffff8000290e3718,ffff8000290e35e0,ffff8000290e3660) at uvm_fault_upper_lookup+0x2b3 sys/uvm/uvm_fault.c:887 uvm_fault(fffffd806aa1ca20,71bf6584000,0,1) at uvm_fault+0x139 sys/uvm/uvm_fault.c:607 upageflttrap(ffff8000290e3850,71bf65846c8) at upageflttrap+0x82 sys/arch/amd64/amd64/trap.c:181 usertrap(ffff8000290e3850) at usertrap+0x1aa sys/arch/amd64/amd64/trap.c:403 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x71b47600560, count: -12 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1a: addq $0x8,%rsp x86_ipi_db(ffff800020cd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020cd8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff800020cd8ff0) at x86_ipi_db+0x1a sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x23 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020cd8ff0) at sched_idle+0x417 sys/kern/kern_sched.c:178 end trace frame: 0x0, count: -5