panic: kernel diagnostic assertion "dupe == NULL" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_page.c", line 144 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *137404 5419 0 0 0 0 syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff82428abc) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff82499f57,ffffffff82452c4d,90,ffffffff8240b193) at __assert+0x25 sys/kern/subr_prf.c:161 uvm_pagealloc_pg(fffffd8005ce5000,fffffd8066b74700,1fdff000,0) at uvm_pagealloc_pg+0x427 uvm_pageinsert sys/uvm/uvm_page.c:138 [inline] uvm_pagealloc_pg(fffffd8005ce5000,fffffd8066b74700,1fdff000,0) at uvm_pagealloc_pg+0x427 sys/uvm/uvm_page.c:710 uvm_pagealloc(fffffd8066b74700,1fdff000,0,3) at uvm_pagealloc+0x1e8 sys/uvm/uvm_page.c:918 pmap_get_ptp(fffffd8066b746d0,7f7ffffc4000) at pmap_get_ptp+0x18d sys/arch/amd64/amd64/pmap.c:1183 pmap_enter(fffffd8066b746d0,7f7ffffc4000,69998000,3,20) at pmap_enter+0x292 sys/arch/amd64/amd64/pmap.c:2697 uvm_fault_upper_lookup(ffff8000216e54e0,ffff8000216e5518,ffff8000216e53e0,ffff8000216e5460) at uvm_fault_upper_lookup+0x291 sys/uvm/uvm_fault.c:889 uvm_fault(fffffd807f019bb0,7f7ffffc3000,0,1) at uvm_fault+0x119 sys/uvm/uvm_fault.c:607 upageflttrap(ffff8000216e5650,7f7ffffc3ea8) at upageflttrap+0x79 sys/arch/amd64/amd64/trap.c:181 usertrap(ffff8000216e5650) at usertrap+0x198 sys/arch/amd64/amd64/trap.c:403 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7ffffc3ed0, count: 3 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "dupe == NULL" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_page.c", line 144 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff82428abc) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff82499f57,ffffffff82452c4d,90,ffffffff8240b193) at __assert+0x25 sys/kern/subr_prf.c:161 uvm_pagealloc_pg(fffffd8005ce5000,fffffd8066b74700,1fdff000,0) at uvm_pagealloc_pg+0x427 uvm_pageinsert sys/uvm/uvm_page.c:138 [inline] uvm_pagealloc_pg(fffffd8005ce5000,fffffd8066b74700,1fdff000,0) at uvm_pagealloc_pg+0x427 sys/uvm/uvm_page.c:710 uvm_pagealloc(fffffd8066b74700,1fdff000,0,3) at uvm_pagealloc+0x1e8 sys/uvm/uvm_page.c:918 pmap_get_ptp(fffffd8066b746d0,7f7ffffc4000) at pmap_get_ptp+0x18d sys/arch/amd64/amd64/pmap.c:1183 pmap_enter(fffffd8066b746d0,7f7ffffc4000,69998000,3,20) at pmap_enter+0x292 sys/arch/amd64/amd64/pmap.c:2697 uvm_fault_upper_lookup(ffff8000216e54e0,ffff8000216e5518,ffff8000216e53e0,ffff8000216e5460) at uvm_fault_upper_lookup+0x291 sys/uvm/uvm_fault.c:889 uvm_fault(fffffd807f019bb0,7f7ffffc3000,0,1) at uvm_fault+0x119 sys/uvm/uvm_fault.c:607 upageflttrap(ffff8000216e5650,7f7ffffc3ea8) at upageflttrap+0x79 sys/arch/amd64/amd64/trap.c:181 usertrap(ffff8000216e5650) at usertrap+0x198 sys/arch/amd64/amd64/trap.c:403 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7ffffc3ed0, count: -12 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000216e5000 rbx 0 rdx 0 rcx 0 rax 0xffff8000216fad28 r8 0x101010101010101 r9 0x8080808080808080 r10 0x590ab0c2ce36b507 r11 0x89e7d06bc17b070e r12 0 r13 0x1fdff000 r14 0 r15 0x1 rip 0xffffffff821604c8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000216e4ff0 ss 0 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) pid=137404 stat=onproc flags process=0 proc=0 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff80002164cd20,0xffff8000216fb7b8 process=0xffff800021702bf0 user=0xffff8000216e0000, vmspace=0xfffffd807f019bb0 estcpu=36, cpticks=3, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND * 5419 137404 66540 0 7 0 syz-executor.0 5419 445143 66540 0 3 0x4000080 fsleep syz-executor.0 66540 28200 78088 0 3 0x82 nanoslp syz-executor.0 88735 291455 78088 0 3 0x2 biowait syz-executor.1 69604 250997 1 0 3 0x100083 ttyin getty 65363 237852 0 0 3 0x14280 nfsidl nfsio 13296 373647 0 0 3 0x14280 nfsidl nfsio 36200 207497 0 0 3 0x14280 nfsidl nfsio 73866 305151 0 0 3 0x14280 nfsidl nfsio 55853 320774 0 0 3 0x14280 nfsidl nfsio 19088 397006 0 0 3 0x14280 nfsidl nfsio 18301 393951 0 0 3 0x14280 nfsidl nfsio 15271 383438 0 0 3 0x14280 nfsidl nfsio 16695 248046 0 0 3 0x14280 nfsidl nfsio 45504 425333 0 0 3 0x14280 nfsidl nfsio 45298 71757 0 0 3 0x14280 nfsidl nfsio 26153 1230 0 0 3 0x14280 nfsidl nfsio 35575 181489 0 0 3 0x14280 nfsidl nfsio 31943 62428 0 0 3 0x14280 nfsidl nfsio 89154 32272 0 0 3 0x14280 nfsidl nfsio 21113 35686 0 0 3 0x14280 nfsidl nfsio 82789 419969 0 0 3 0x14280 nfsidl nfsio 9832 303411 0 0 3 0x14280 nfsidl nfsio 41313 163117 0 0 3 0x14280 nfsidl nfsio 81290 376708 0 0 3 0x14280 nfsidl nfsio 27476 214968 0 0 3 0x14200 bored sosplice 78088 30957 65422 0 3 0x82 kqread syz-fuzzer 78088 483778 65422 0 3 0x4000082 nanoslp syz-fuzzer 78088 459331 65422 0 3 0x4000082 thrsleep syz-fuzzer 78088 16151 65422 0 3 0x4000082 thrsleep syz-fuzzer 78088 475566 65422 0 3 0x4000082 thrsleep syz-fuzzer 78088 313356 65422 0 3 0x4000082 thrsleep syz-fuzzer 65422 471609 55439 0 3 0x10008a sigsusp ksh 55439 39360 39558 0 3 0x9a poll sshd 39558 148767 1 0 3 0x88 poll sshd 64830 514299 97052 73 3 0x100090 kqread syslogd 97052 245266 1 0 3 0x100082 netio syslogd 24365 301222 1 0 3 0x100080 kqread resolvd 45683 394912 58477 77 3 0x100092 kqread dhcpleased 88739 163974 58477 77 3 0x100092 kqread dhcpleased 58477 212640 1 0 3 0x80 kqread dhcpleased 51607 366338 0 0 3 0x14200 bored smr 93878 80452 0 0 2 0x14200 zerothread 6532 453601 0 0 3 0x14200 aiodoned aiodoned 26890 29036 0 0 3 0x14200 syncer update 73461 373780 0 0 3 0x14200 cleaner cleaner 7465 523021 0 0 3 0x14200 reaper reaper 81325 402231 0 0 3 0x14200 pgdaemon pagedaemon 64161 306469 0 0 3 0x14200 bored viomb 26517 252467 0 0 3 0x40014200 acpi0 acpi0 25761 75617 0 0 3 0x14200 bored softnet 48921 111361 0 0 3 0x14200 bored systqmp 88966 66105 0 0 3 0x14200 bored systq 9710 36689 0 0 3 0x40014200 bored softclock 23417 366664 0 0 3 0x40014200 idle0 1 157085 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10114 6398K 6779K 78643K 13869 0 pcb 13 12K 13K 78643K 282 0 rtable 83 7K 12K 78643K 753 0 ifaddr 44 12K 13K 78643K 277 0 counters 20 16K 16K 78643K 57 0 ioctlops 0 0K 4K 78643K 3567 0 iov 0 0K 24K 78643K 396 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1234 78K 78K 78643K 2368 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 27 0 VM map 2 0K 0K 78643K 2 0 sem 11 1K 1K 78643K 11 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12598 0 file desc 5 13K 25K 78643K 7296 0 sigio 0 0K 0K 78643K 84 0 proc 59 55K 71K 78643K 738 0 subproc 26 1K 1K 78643K 143 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 407 0 in_multi 15 1K 2K 78643K 316 0 ether_multi 1 0K 0K 78643K 58 0 mrt 2 0K 0K 78643K 13 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 73 334K 334K 78643K 73 0 exec 0 0K 2K 78643K 758 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 226 98K 119K 78643K 86892 0 UVM aobj 54 4K 6K 78643K 58 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 234 0 NDP 4 0K 0K 78643K 72 0 temp 80 4206K 4271K 78643K 55329 0 kqueue 10 14K 20K 78643K 137 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 169 0 166 1 0 1 1 0 8 0 rtentry 112 186 0 168 2 0 2 2 0 8 0 unpcb 128 1257 0 1244 5 4 1 3 0 8 0 syncache 296 27 0 27 5 5 0 1 0 8 0 tcpqe 32 8 0 8 5 5 0 1 0 8 0 tcpcb 736 3049 0 3037 88 83 5 36 0 8 3 arp 88 30 0 26 1 0 1 1 0 8 0 ipq 40 5 0 5 1 1 0 1 0 8 0 ipqe 40 177 0 177 1 1 0 1 0 8 0 inpcb 304 6362 0 6355 44 38 6 11 0 8 5 rttmr 72 4 0 4 1 1 0 1 0 8 0 nd6 48 46 0 45 1 0 1 1 0 8 0 pkpcb 40 5 0 5 2 2 0 1 0 8 0 kcovpl 48 11 0 9 1 0 1 1 0 8 0 ppxss 1152 9 0 9 4 4 0 1 0 8 0 pfstscr 40 17 0 17 3 3 0 1 0 8 0 pffrag 232 14 0 14 1 1 0 1 0 482 0 pffrnode 88 14 0 14 1 1 0 1 0 8 0 pffrent 40 202 0 202 1 1 0 1 0 8 0 pfosfp 40 2 0 0 1 0 1 1 0 8 0 pfosfpen 112 2 0 0 1 0 1 1 0 8 0 pfrktable 1344 55 0 45 2 1 1 2 0 8 0 pftag 88 8 0 4 1 0 1 1 0 8 0 pfqueue 264 2 0 2 1 1 0 1 0 8 0 pfstitem 24 8 0 8 3 3 0 1 0 8 0 pfstkey 112 23 0 23 3 3 0 1 0 8 0 pfstate 320 12 0 12 3 3 0 1 0 8 0 pfrule 1360 2615 0 2118 42 0 42 42 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 893 0 829 16 8 8 14 0 8 1 art_table 32 894 0 829 2 0 2 2 0 8 1 art_node 16 184 0 170 1 0 1 1 0 8 0 semapl 112 9 0 0 1 0 1 1 0 8 0 shmpl 112 55 0 4 2 0 2 2 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 9774 0 8373 88 0 88 88 0 8 0 ffsino 240 9774 0 8373 83 0 83 83 0 8 0 nchpl 144 18420 0 16830 60 0 60 60 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 224 5926 0 0 349 0 349 349 0 8 0 namei 1024 52646 0 52646 2 1 1 1 0 8 1 vcpupl 1984 5 0 1 1 0 1 1 0 8 0 vmpool 528 11 0 7 2 1 1 1 0 8 0 pfiaddrpl 120 44 0 13 1 0 1 1 0 8 0 scsiplug 72 10 0 10 3 3 0 1 0 8 0 scxspl 216 65157 0 65156 13 12 1 8 0 8 0 plimitpl 152 159 0 151 1 0 1 1 0 8 0 sigapl 424 7512 0 7462 6 0 6 6 0 8 0 futexpl 64 52635 0 52634 6 5 1 1 0 8 0 knotepl 112 677 0 639 2 0 2 2 0 8 0 kqueuepl 184 567 0 561 5 1 4 4 0 8 3 pipepl 304 744 0 734 25 24 1 6 0 8 0 fdescpl 432 7478 0 7462 3 1 2 3 0 8 0 filepl 120 32681 0 32579 35 27 8 11 0 8 4 lockfpl 104 1152 0 1150 2 1 1 2 0 8 0 lockfspl 48 345 0 343 1 0 1 1 0 8 0 sessionpl 144 27 0 17 1 0 1 1 0 8 0 pgrppl 48 54 0 44 1 0 1 1 0 8 0 ucredpl 96 2430 0 2420 1 0 1 1 0 8 0 zombiepl 144 7462 0 7462 2 1 1 1 0 8 1 processpl 1000 7512 0 7462 8 1 7 7 0 8 0 procpl 672 15819 0 15763 21 15 6 7 0 8 1 sosppl 168 65 0 65 5 5 0 1 0 8 0 sockpl 448 7797 0 7774 65 55 10 18 0 8 7 mcl64k 65536 630 0 630 12 11 1 1 0 8 1 mcl16k 16384 78 0 78 9 9 0 1 0 8 0 mcl12k 12288 145 0 145 12 11 1 1 0 8 1 mcl9k 9216 70 0 70 13 13 0 1 0 8 0 mcl8k 8192 356 0 356 18 17 1 1 0 8 1 mcl4k 4096 400 0 400 16 15 1 1 0 8 1 mcl2k2 2112 30 0 30 9 9 0 1 0 8 0 mcl2k 2048 43676 0 43631 43 30 13 13 0 8 6 mtagpl 96 221 0 221 6 6 0 5 0 8 0 mbufpl 256 146475 0 146312 46 29 17 33 0 8 0 bufpl 288 14658 0 8241 459 0 459 459 0 8 0 anonpl 24 1921769 0 1912346 151 91 60 77 0 188 2 amapchunkpl 152 212948 0 212511 67 48 19 31 0 158 1 amappl16 200 17154 0 16902 50 36 14 23 0 8 0 amappl15 192 275 0 269 1 0 1 1 0 8 0 amappl14 184 1210 0 1206 1 0 1 1 0 8 0 amappl13 176 261 0 260 1 0 1 1 0 8 0 amappl12 168 779 0 773 1 0 1 1 0 8 0 amappl11 160 2476 0 2464 1 0 1 1 0 8 0 amappl10 152 14 0 11 1 0 1 1 0 8 0 amappl9 144 2416 0 2411 1 0 1 1 0 8 0 amappl8 136 1089 0 1019 3 0 3 3 0 8 0 amappl7 128 608 0 600 1 0 1 1 0 8 0 amappl6 120 2117 0 2102 1 0 1 1 0 8 0 amappl5 112 6433 0 6422 1 0 1 1 0 8 0 amappl4 104 3785 0 3754 1 0 1 1 0 8 0 amappl3 96 1322 0 1304 1 0 1 1 0 8 0 amappl2 88 1392 0 1353 2 0 2 2 0 8 0 amappl1 80 126580 0 126165 15 5 10 12 0 8 0 amappl 88 86351 0 86215 4 0 4 4 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 57 0 4 1 0 1 1 0 8 0 uaddrrnd 24 7489 0 7469 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 7489 0 7469 1 0 1 1 0 8 0 vmmpekpl 168 41946 0 41917 2 0 2 2 0 8 0 vmmpepl 168 650622 0 649162 125 56 69 74 0 357 2 vmsppl 272 7488 0 7469 2 0 2 2 0 8 0 rwobjpl 24 149513 0 142542 45 2 43 43 0 8 0 pdppl 4096 14984 0 14942 69 24 45 45 0 8 3 pvpl 32 3427401 0 3414897 331 225 106 162 0 265 3 pmappl 216 7488 0 7469 3 1 2 2 0 8 0 extentpl 40 57 0 38 1 0 1 1 0 8 0 phpool 112 1065 0 284 23 0 23 23 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff82428abc) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff82499f57,ffffffff82452c4d,90,ffffffff8240b193) at __assert+0x25 sys/kern/subr_prf.c:161 uvm_pagealloc_pg(fffffd8005ce5000,fffffd8066b74700,1fdff000,0) at uvm_pagealloc_pg+0x427 uvm_pageinsert sys/uvm/uvm_page.c:138 [inline] uvm_pagealloc_pg(fffffd8005ce5000,fffffd8066b74700,1fdff000,0) at uvm_pagealloc_pg+0x427 sys/uvm/uvm_page.c:710 uvm_pagealloc(fffffd8066b74700,1fdff000,0,3) at uvm_pagealloc+0x1e8 sys/uvm/uvm_page.c:918 pmap_get_ptp(fffffd8066b746d0,7f7ffffc4000) at pmap_get_ptp+0x18d sys/arch/amd64/amd64/pmap.c:1183 pmap_enter(fffffd8066b746d0,7f7ffffc4000,69998000,3,20) at pmap_enter+0x292 sys/arch/amd64/amd64/pmap.c:2697 uvm_fault_upper_lookup(ffff8000216e54e0,ffff8000216e5518,ffff8000216e53e0,ffff8000216e5460) at uvm_fault_upper_lookup+0x291 sys/uvm/uvm_fault.c:889 uvm_fault(fffffd807f019bb0,7f7ffffc3000,0,1) at uvm_fault+0x119 sys/uvm/uvm_fault.c:607 upageflttrap(ffff8000216e5650,7f7ffffc3ea8) at upageflttrap+0x79 sys/arch/amd64/amd64/trap.c:181 usertrap(ffff8000216e5650) at usertrap+0x198 sys/arch/amd64/amd64/trap.c:403 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7ffffc3ed0, count: -12 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440 panic(ffffffff82428abc) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff82499f57,ffffffff82452c4d,90,ffffffff8240b193) at __assert+0x25 sys/kern/subr_prf.c:161 uvm_pagealloc_pg(fffffd8005ce5000,fffffd8066b74700,1fdff000,0) at uvm_pagealloc_pg+0x427 uvm_pageinsert sys/uvm/uvm_page.c:138 [inline] uvm_pagealloc_pg(fffffd8005ce5000,fffffd8066b74700,1fdff000,0) at uvm_pagealloc_pg+0x427 sys/uvm/uvm_page.c:710 uvm_pagealloc(fffffd8066b74700,1fdff000,0,3) at uvm_pagealloc+0x1e8 sys/uvm/uvm_page.c:918 pmap_get_ptp(fffffd8066b746d0,7f7ffffc4000) at pmap_get_ptp+0x18d sys/arch/amd64/amd64/pmap.c:1183 pmap_enter(fffffd8066b746d0,7f7ffffc4000,69998000,3,20) at pmap_enter+0x292 sys/arch/amd64/amd64/pmap.c:2697 uvm_fault_upper_lookup(ffff8000216e54e0,ffff8000216e5518,ffff8000216e53e0,ffff8000216e5460) at uvm_fault_upper_lookup+0x291 sys/uvm/uvm_fault.c:889 uvm_fault(fffffd807f019bb0,7f7ffffc3000,0,1) at uvm_fault+0x119 sys/uvm/uvm_fault.c:607 upageflttrap(ffff8000216e5650,7f7ffffc3ea8) at upageflttrap+0x79 sys/arch/amd64/amd64/trap.c:181 usertrap(ffff8000216e5650) at usertrap+0x198 sys/arch/amd64/amd64/trap.c:403 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x7f7ffffc3ed0, count: -12