panic: kernel diagnostic assertion "dupe == NULL" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_page.c", line 144 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *299579 35504 0 0 0 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8336b25e) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833a9330,ffffffff83390855,90,ffffffff833432b0) at __assert+0x29 sys/kern/subr_prf.c:-1 uvm_pagealloc_pg(fffffd8006b47d00,fffffd806eeb2628,37cf000,0) at uvm_pagealloc_pg+0x54b sys/uvm/uvm_page.c:707 uvm_pagealloc(fffffd806eeb2628,37cf000,0,3) at uvm_pagealloc+0x252 sys/uvm/uvm_page.c:913 pmap_get_ptp(fffffd806eeb25f8,df3c2829000) at pmap_get_ptp+0x1d0 sys/arch/amd64/amd64/pmap.c:-1 pmap_enter(fffffd806eeb25f8,df3c2829000,6cb4f000,4,20) at pmap_enter+0x39c sys/arch/amd64/amd64/pmap.c:-1 uvm_fault_lower_lookup(ffff80003bd61120,ffff80003bd61158,ffff80003bd610a0) at uvm_fault_lower_lookup+0x395 sys/uvm/uvm_fault.c:-1 uvm_fault_lower(ffff80003bd61120,ffff80003bd61158,ffff80003bd610a0) at uvm_fault_lower+0x85 sys/uvm/uvm_fault.c:1348 uvm_fault(fffffd807cb53458,df3c282a000,0,4) at uvm_fault+0x241 sys/uvm/uvm_fault.c:-1 upageflttrap(ffff80003bd612c0,df3c282a2cb) at upageflttrap+0xa0 sys/arch/amd64/amd64/trap.c:192 usertrap(ffff80003bd612c0) at usertrap+0x413 sys/arch/amd64/amd64/trap.c:622 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x74343d520850, count: 2 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "dupe == NULL" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_page.c", line 144 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8336b25e) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833a9330,ffffffff83390855,90,ffffffff833432b0) at __assert+0x29 sys/kern/subr_prf.c:-1 uvm_pagealloc_pg(fffffd8006b47d00,fffffd806eeb2628,37cf000,0) at uvm_pagealloc_pg+0x54b sys/uvm/uvm_page.c:707 uvm_pagealloc(fffffd806eeb2628,37cf000,0,3) at uvm_pagealloc+0x252 sys/uvm/uvm_page.c:913 pmap_get_ptp(fffffd806eeb25f8,df3c2829000) at pmap_get_ptp+0x1d0 sys/arch/amd64/amd64/pmap.c:-1 pmap_enter(fffffd806eeb25f8,df3c2829000,6cb4f000,4,20) at pmap_enter+0x39c sys/arch/amd64/amd64/pmap.c:-1 uvm_fault_lower_lookup(ffff80003bd61120,ffff80003bd61158,ffff80003bd610a0) at uvm_fault_lower_lookup+0x395 sys/uvm/uvm_fault.c:-1 uvm_fault_lower(ffff80003bd61120,ffff80003bd61158,ffff80003bd610a0) at uvm_fault_lower+0x85 sys/uvm/uvm_fault.c:1348 uvm_fault(fffffd807cb53458,df3c282a000,0,4) at uvm_fault+0x241 sys/uvm/uvm_fault.c:-1 upageflttrap(ffff80003bd612c0,df3c282a2cb) at upageflttrap+0xa0 sys/arch/amd64/amd64/trap.c:192 usertrap(ffff80003bd612c0) at usertrap+0x413 sys/arch/amd64/amd64/trap.c:622 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x74343d520850, count: -13 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80003bd60bb0 rbx 0xfffffd8006b47d01 rdx 0 rcx 0 rax 0xffff80002a7b67d8 r8 0x101010101010101 r9 0x8080808080808080 r10 0xdbc175dbbe649058 r11 0x11af16e1e33bd254 r12 0 r13 0x37cf000 __kernel_data_phys+0x6b000 r14 0 r15 0x1 rip 0xffffffff81890215 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003bd60ba0 ss 0 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=299579 pid=35504 tcnt=2 stat=onproc flags process=0 proc=0 runpri=32, usrpri=84, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a786008,0xffff80002a7b7a10 process=0xffff8000ffff8018 user=0xffff80003bd5c000, vmspace=0xfffffd807cb53458 estcpu=34, cpticks=3, pctcpu=0.0, user=2, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 40319 468232 50066 0 3 0x80 nanoslp syz-executor 40319 449724 50066 0 3 0x4000080 fsleep syz-executor *35504 299579 94854 0 7 0 syz-executor 35504 59480 94854 0 3 0x4000080 fsleep syz-executor 89637 204642 54873 60928 2 0x10 syz-executor 89637 45513 54873 60928 3 0x4000090 pipewr syz-executor 61203 218 60312 0 2 0x2 syz-executor 60529 371732 1 0 3 0x100083 ttyin getty 54873 383704 60312 0 3 0x82 nanoslp syz-executor 98387 69659 60312 0 3 0x82 nanoslp syz-executor 50066 300127 60312 0 2 0xc82 syz-executor 94854 80585 60312 0 3 0x82 nanoslp syz-executor 81889 358554 60312 0 3 0x82 piperd syz-executor 98653 32528 0 0 3 0x14280 nfsidl nfsio 73792 334175 0 0 3 0x14280 nfsidl nfsio 27658 402856 0 0 3 0x14280 nfsidl nfsio 93169 241144 0 0 3 0x14280 nfsidl nfsio 9306 292315 0 0 3 0x14280 nfsidl nfsio 56562 5155 0 0 3 0x14280 nfsidl nfsio 63846 275464 0 0 3 0x14280 nfsidl nfsio 892 520995 0 0 3 0x14280 nfsidl nfsio 36076 338438 0 0 3 0x14280 nfsidl nfsio 101 309017 0 0 3 0x14280 nfsidl nfsio 84697 112075 0 0 3 0x14280 nfsidl nfsio 82155 232608 0 0 3 0x14280 nfsidl nfsio 88915 175224 0 0 3 0x14280 nfsidl nfsio 53598 485268 0 0 3 0x14280 nfsidl nfsio 39993 276103 0 0 3 0x14280 nfsidl nfsio 35495 26195 0 0 3 0x14280 nfsidl nfsio 45913 178004 0 0 3 0x14280 nfsidl nfsio 9748 520244 0 0 3 0x14280 nfsidl nfsio 20489 513356 0 0 3 0x14280 nfsidl nfsio 83361 462580 0 0 3 0x14280 nfsidl nfsio 62414 432075 25908 0 3 0x100082 sbwait arp 25908 457623 94018 0 3 0x10008a sigsusp sh 79921 54173 60312 0 3 0x2 biowait syz-executor 94018 473411 60312 0 3 0x82 wait syz-executor 60312 17849 99076 0 2 0x2 syz-executor 99076 182729 28638 0 3 0x10008a sigsusp ksh 28638 155962 96144 0 3 0x98 kqread sshd-session 96144 175686 51956 0 3 0x92 kqread sshd-session 51956 256809 1 0 3 0x88 kqread sshd 21278 173709 51061 73 3 0x1100090 kqread syslogd 51061 275111 1 0 3 0x100082 sbwait syslogd 71802 509741 1 0 3 0x100080 kqread resolvd 50412 182883 87329 77 3 0x100092 kqread dhcpleased 35880 227886 87329 77 3 0x100092 kqread dhcpleased 87329 86592 1 0 3 0x80 kqread dhcpleased 12157 349233 0 0 3 0x14200 bored smr 8478 122653 0 0 2 0x14200 zerothread 7818 55612 0 0 3 0x14200 aiodoned aiodoned 17851 477697 0 0 3 0x14200 syncer update 55756 277092 0 0 3 0x14200 cleaner cleaner 11571 304869 0 0 3 0x14200 reaper reaper 65730 172594 0 0 3 0x14200 pgdaemon pagedaemon 35062 339967 0 0 3 0x14200 bored viomb 26926 170621 0 0 3 0x40014200 acpi0 acpi0 14122 224781 0 0 3 0x14200 bored softnet0 53890 438640 0 0 3 0x14200 bored systqmp 31753 277653 0 0 3 0x14200 bored systq 30510 414048 0 0 3 0x40014200 tmoslp softclock 35470 16362 0 0 3 0x40014200 idle0 1 388261 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10213 11061K 11621K 166960K 14274 0 pcb 19 13K 14K 166960K 423 0 rtable 167 9K 10K 166960K 718 0 pf 32 13K 20K 166960K 204 0 ifaddr 28 4K 7K 166960K 145 0 ifgroup 50 2K 2K 166960K 270 0 sysctl 4 1K 9K 166960K 15 0 counters 32 17K 18K 166960K 134 0 ioctlops 0 0K 4K 166960K 339 0 iov 0 0K 16K 166960K 207 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1463 92K 92K 166960K 3060 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 24 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 168 0 dirhash 12 2K 2K 166960K 27 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 16 57K 232K 166960K 1710 0 sigio 0 0K 0K 166960K 91 0 proc 60 59K 116K 166960K 983 0 subproc 71 4K 4K 166960K 242 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 2 0K 0K 166960K 139 0 in_multi 44 3K 6K 166960K 195 0 ether_multi 1 0K 0K 166960K 13 0 mrt 0 0K 0K 166960K 8 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 253 1129K 1129K 166960K 253 0 exec 0 0K 1K 166960K 715 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 209 161K 181K 166960K 16090 0 UVM aobj 86 15K 19K 166960K 93 0 pinsyscall 38 76K 92K 166960K 3040 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 85 0 NDP 11 0K 1K 166960K 109 0 temp 85 8668K 8737K 166960K 51712 0 kqueue 13 20K 30K 166960K 346 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 337 0 333 3 0 3 3 0 8 2 rtentry 136 206 0 155 4 0 4 4 0 8 1 unpcb 144 1673 0 1657 7 0 7 7 0 8 6 syncache 336 9 0 9 1 0 1 1 0 8 1 tcpqe 32 4 0 4 1 0 1 1 0 8 1 tcpcb 736 514 0 504 7 0 7 7 0 8 6 arp 96 34 0 26 1 0 1 1 0 8 0 ipq 40 2 0 1 1 0 1 1 0 8 0 ipqe 40 4 0 3 1 0 1 1 0 8 0 inpcb 328 1499 0 1484 7 0 7 7 0 8 5 ip6q 72 8 0 3 1 0 1 1 0 8 0 ip6af 40 11 0 6 1 0 1 1 0 8 0 nd6 112 44 0 33 1 0 1 1 0 8 0 pkpcb 40 12 0 12 1 0 1 1 0 8 1 kcovpl 48 26 0 19 1 0 1 1 0 8 0 mppekey 1024 5 0 5 1 0 1 1 0 8 1 ppxss 1072 69 0 69 1 0 1 1 0 8 1 pppxif 1384 5 0 5 1 0 1 1 0 8 1 pfanchor 1288 4 0 0 1 0 1 1 0 8 0 pftag 88 2 0 0 1 0 1 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 4 0 2 1 0 1 1 0 8 0 pfstate 384 2 0 1 1 0 1 1 0 8 0 pfrule 1344 1 0 1 1 0 1 1 0 8 1 rttmr 136 2 0 2 1 0 1 1 0 8 1 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 851 0 605 26 2 24 26 0 8 5 art_table 40 855 0 605 5 0 5 5 0 8 1 art_node 32 202 0 156 1 0 1 1 0 8 0 sysvmsgpl 40 27 0 18 1 0 1 1 0 8 0 semupl 112 1 0 1 1 0 1 1 0 8 1 semapl 112 165 0 155 1 0 1 1 0 8 0 shmpl 112 83 0 6 3 0 3 3 0 8 0 dirhash 1024 27 0 10 3 0 3 3 0 8 0 dino2pl 256 4449 0 2934 95 0 95 95 0 8 0 ffsino 256 4449 0 2934 95 0 95 95 0 8 0 nchpl 144 6575 0 4855 64 0 64 64 0 8 0 rtmask 32 19 0 19 1 0 1 1 0 8 1 vnodes 216 5505 0 0 306 0 306 306 0 8 0 namei 1024 25070 0 25070 2 0 2 2 0 8 2 vcpupl 3904 7 0 1 1 0 1 1 0 8 0 vmpool 800 7 0 1 1 0 1 1 0 8 0 kstatmem 264 166 0 144 3 0 3 3 0 8 1 acpiwqpl 32 1 0 1 1 0 1 1 1 8 1 scsiplug 72 6 0 6 1 0 1 1 0 8 1 scxspl 216 22386 0 22385 8 0 8 8 1 8 7 plimitpl 152 497 0 480 1 0 1 1 0 8 0 sigapl 424 1979 0 1918 8 0 8 8 0 8 0 knotepl 120 63242 0 63195 28 16 12 23 0 8 8 kqueuepl 184 601 0 592 4 0 4 4 0 8 3 pipepl 304 525 0 497 12 1 11 12 0 8 8 fdescpl 448 1939 0 1911 5 0 5 5 0 8 1 filepl 120 14470 0 14249 15 0 15 15 0 8 5 lockfpl 104 956 0 951 2 0 2 2 0 8 1 lockfspl 48 390 0 386 1 0 1 1 0 8 0 sessionpl 144 46 0 38 1 0 1 1 0 8 0 pgrppl 48 95 0 79 1 0 1 1 0 8 0 ucredpl 104 2250 0 2238 1 0 1 1 0 8 0 zombiepl 144 1919 0 1918 1 0 1 1 0 8 0 processpl 1152 1979 0 1918 5 0 5 5 0 8 0 procpl 664 4072 0 4008 7 0 7 7 0 8 0 sosppl 176 10 0 10 1 0 1 1 0 8 1 sockpl 552 3703 0 3668 21 10 11 15 0 8 8 mcl64k 65536 203 0 203 1 0 1 1 0 8 1 mcl12k 12288 1 0 1 1 0 1 1 0 8 1 mcl9k 9216 4 0 4 1 0 1 1 0 8 1 mcl8k 8192 19 0 19 1 0 1 1 0 8 1 mcl4k 4096 4392 0 4338 16 1 15 16 0 8 7 mcl2k2 2112 3 0 3 1 0 1 1 0 8 1 mcl2k 2048 2836 0 2831 5 0 5 5 0 8 4 mtagpl 96 64 0 42 1 0 1 1 0 8 0 mbufpl 256 24850 0 24715 73 51 22 73 0 8 7 bufpl 280 8375 0 2153 445 0 445 445 0 8 0 anonpl 24 244848 0 241831 45 0 45 45 0 187 8 amapchunkpl 152 53791 0 53406 29 0 29 29 0 158 10 amappl16 200 3826 0 3799 31 19 12 15 0 8 8 amappl15 192 2 0 2 1 0 1 1 0 8 1 amappl14 184 4 0 4 1 0 1 1 0 8 1 amappl13 176 521 0 519 1 0 1 1 0 8 0 amappl12 168 2335 0 2297 2 0 2 2 0 8 0 amappl11 160 1 0 1 1 0 1 1 0 8 1 amappl10 152 38 0 28 1 0 1 1 0 8 0 amappl9 144 281 0 281 1 0 1 1 0 8 1 amappl8 136 111 0 110 1 0 1 1 0 8 0 amappl7 128 124 0 123 1 0 1 1 0 8 0 amappl6 120 396 0 382 1 0 1 1 0 8 0 amappl5 112 72 0 63 1 0 1 1 0 8 0 amappl4 104 429 0 403 1 0 1 1 0 8 0 amappl3 96 9490 0 9415 3 0 3 3 0 8 0 amappl2 88 2043 0 1973 2 0 2 2 0 8 0 amappl1 80 16614 0 16062 14 0 14 14 0 8 0 amappl 88 14994 0 14860 5 0 5 5 0 92 0 uvmvnodes 80 145 0 0 3 0 3 3 0 8 0 dma4096 4096 1 0 1 1 0 1 1 0 8 1 dma2048 2048 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 0 1 1 0 8 1 dma128 128 255 0 255 1 0 1 1 0 8 1 dma64 64 7 0 7 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 92 0 7 2 0 2 2 0 8 0 uaddrrnd 24 1939 0 1911 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1939 0 1911 1 0 1 1 0 8 0 vmmpekpl 168 15990 0 15930 3 0 3 3 0 8 0 vmmpepl 168 124407 0 122721 93 0 93 93 0 357 10 vmsppl 368 1938 0 1911 4 0 4 4 0 8 1 rwobjpl 40 31771 0 30698 14 0 14 14 0 8 0 pdppl 4096 3899 0 3830 130 55 75 79 0 8 6 pvpl 32 779583 0 771444 116 0 116 116 0 265 26 pmappl 216 1945 0 1912 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 473 0 109 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8336b25e) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833a9330,ffffffff83390855,90,ffffffff833432b0) at __assert+0x29 sys/kern/subr_prf.c:-1 uvm_pagealloc_pg(fffffd8006b47d00,fffffd806eeb2628,37cf000,0) at uvm_pagealloc_pg+0x54b sys/uvm/uvm_page.c:707 uvm_pagealloc(fffffd806eeb2628,37cf000,0,3) at uvm_pagealloc+0x252 sys/uvm/uvm_page.c:913 pmap_get_ptp(fffffd806eeb25f8,df3c2829000) at pmap_get_ptp+0x1d0 sys/arch/amd64/amd64/pmap.c:-1 pmap_enter(fffffd806eeb25f8,df3c2829000,6cb4f000,4,20) at pmap_enter+0x39c sys/arch/amd64/amd64/pmap.c:-1 uvm_fault_lower_lookup(ffff80003bd61120,ffff80003bd61158,ffff80003bd610a0) at uvm_fault_lower_lookup+0x395 sys/uvm/uvm_fault.c:-1 uvm_fault_lower(ffff80003bd61120,ffff80003bd61158,ffff80003bd610a0) at uvm_fault_lower+0x85 sys/uvm/uvm_fault.c:1348 uvm_fault(fffffd807cb53458,df3c282a000,0,4) at uvm_fault+0x241 sys/uvm/uvm_fault.c:-1 upageflttrap(ffff80003bd612c0,df3c282a2cb) at upageflttrap+0xa0 sys/arch/amd64/amd64/trap.c:192 usertrap(ffff80003bd612c0) at usertrap+0x413 sys/arch/amd64/amd64/trap.c:622 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x74343d520850, count: -13 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff8336b25e) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff833a9330,ffffffff83390855,90,ffffffff833432b0) at __assert+0x29 sys/kern/subr_prf.c:-1 uvm_pagealloc_pg(fffffd8006b47d00,fffffd806eeb2628,37cf000,0) at uvm_pagealloc_pg+0x54b sys/uvm/uvm_page.c:707 uvm_pagealloc(fffffd806eeb2628,37cf000,0,3) at uvm_pagealloc+0x252 sys/uvm/uvm_page.c:913 pmap_get_ptp(fffffd806eeb25f8,df3c2829000) at pmap_get_ptp+0x1d0 sys/arch/amd64/amd64/pmap.c:-1 pmap_enter(fffffd806eeb25f8,df3c2829000,6cb4f000,4,20) at pmap_enter+0x39c sys/arch/amd64/amd64/pmap.c:-1 uvm_fault_lower_lookup(ffff80003bd61120,ffff80003bd61158,ffff80003bd610a0) at uvm_fault_lower_lookup+0x395 sys/uvm/uvm_fault.c:-1 uvm_fault_lower(ffff80003bd61120,ffff80003bd61158,ffff80003bd610a0) at uvm_fault_lower+0x85 sys/uvm/uvm_fault.c:1348 uvm_fault(fffffd807cb53458,df3c282a000,0,4) at uvm_fault+0x241 sys/uvm/uvm_fault.c:-1 upageflttrap(ffff80003bd612c0,df3c282a2cb) at upageflttrap+0xa0 sys/arch/amd64/amd64/trap.c:192 usertrap(ffff80003bd612c0) at usertrap+0x413 sys/arch/amd64/amd64/trap.c:622 recall_trap() at recall_trap+0x8 end of kernel end trace frame: 0x74343d520850, count: -13