syzbot

 sign-in | mailing list | source | docs
🐞 Open [140]
🐞 Fixed [274]
🐞 Invalid [743]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/vfs

Status: closed as dup on 2018/12/25 23:26
Reported-by: syzbot+30fd7e74b3bbc5e5c6ab@syzkaller.appspotmail.com
First crash: 2179d, last: 2179d
Duplicate of
Title Repro Cause bisect Fix bisect Count Last Reported
panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/vfs_bi 2 2167d 2167d

Sample crash report:
panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/vfs_biomem.c", line 329
Stopped at      db_enter+0xa:   popq    %rbp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
*520889     66      0         0x2          0    1K syz-executor1
db_enter() at db_enter+0xa
panic() at panic+0x147
__assert(ffffffff81521464,ffff80002118eb40,ffffffff81ebc3f0,ffffff007e8b3200) at __assert+0x24
buf_free_pages(ffff800020a67000) at buf_free_pages+0x167
buf_dealloc_mem(ffffff007e8b3000) at buf_dealloc_mem+0xb6
buf_put(ffffff007e8b3200) at buf_put+0x11f
brelse(2) at brelse+0x19f
vinvalbuf(0,ffffff007e0c5e18,ffffff007e0c5e30,0,ffff80000066f800,11) at vinvalbuf+0x2e2
ffs_truncate(ffffff006919e3f8,ffffff007e9e8388,ffffff00697c02d0,ffffff007e0c5e18) at ffs_truncate+0xc93
ufs_rmdir(ffffff006919e3f8) at ufs_rmdir+0x277
VOP_RMDIR(0,ffffff007e9e8388,8) at VOP_RMDIR+0x6a
dounlinkat(890,ffff800021084e18,0,ffff80002118f0b0) at dounlinkat+0xf5
syscall(0) at syscall+0x489
Xsyscall(6,89,7f7ffffd3e10,89,bd417586a80,7f7ffffd4260) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd4250, count: 1
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{1}> 
ddb{1}> set $lines = 0
ddb{1}> show panic
kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/vfs_biomem.c", line 329
ddb{1}> trace
db_enter() at db_enter+0xa
panic() at panic+0x147
__assert(ffffffff81521464,ffff80002118eb40,ffffffff81ebc3f0,ffffff007e8b3200) at __assert+0x24
buf_free_pages(ffff800020a67000) at buf_free_pages+0x167
buf_dealloc_mem(ffffff007e8b3000) at buf_dealloc_mem+0xb6
buf_put(ffffff007e8b3200) at buf_put+0x11f
brelse(2) at brelse+0x19f
vinvalbuf(0,ffffff007e0c5e18,ffffff007e0c5e30,0,ffff80000066f800,11) at vinvalbuf+0x2e2
ffs_truncate(ffffff006919e3f8,ffffff007e9e8388,ffffff00697c02d0,ffffff007e0c5e18) at ffs_truncate+0xc93
ufs_rmdir(ffffff006919e3f8) at ufs_rmdir+0x277
VOP_RMDIR(0,ffffff007e9e8388,8) at VOP_RMDIR+0x6a
dounlinkat(890,ffff800021084e18,0,ffff80002118f0b0) at dounlinkat+0xf5
syscall(0) at syscall+0x489
Xsyscall(6,89,7f7ffffd3e10,89,bd417586a80,7f7ffffd4260) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd4250, count: -14
ddb{1}> show registers
rdi               0xffffffff81e2ec58    kprintf_mutex
rsi                              0x5
rbp               0xffff80002118eaa0
rbx               0xffff80002118eb40
rdx                            0x3fd
rcx                                0
rax                                0
r8                0xffff80002118ea70
r9                0x8080808080808080
r10               0x7994d73f254fd49e
r11               0xffffffff819e6130    x86_bus_space_io_read_1
r12                     0x3000000008
r13               0xffff80002118eab0
r14                            0x100
r15               0xffffffff81bf400f    cmd0646_9_tim_udma+0x20bde
rip               0xffffffff81b67d9a    db_enter+0xa
cs                               0x8
rflags                         0x246
rsp               0xffff80002118eaa0
ss                              0x10
db_enter+0xa:   popq    %rbp
ddb{1}> show proc
PROC (syz-executor1) pid=520889 stat=onproc
    flags process=2<EXEC> proc=0
    pri=17, usrpri=57, nice=20
    forw=0xffffffffffffffff, list=0xffff800021084260,0xffff8000210a2e38
    process=0xffff800021071948 user=0xffff80002118a000, vmspace=0xffffff007f124000
    estcpu=7, cpticks=1, pctcpu=0.0
    user=0, sys=1, intr=0
ddb{1}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 18022  285545      0      0  3     0x14200  bored         sosplice
*   66  520889  66996      0  7         0x2                syz-executor1
 66996  101378    953      0  3        0x82  thrsleep      syz-fuzzer
 66996  449502    953      0  3   0x4000082  nanosleep     syz-fuzzer
 66996  107647    953      0  3   0x4000082  thrsleep      syz-fuzzer
 66996  522814    953      0  3   0x4000002  biowait       syz-fuzzer
 66996  511407    953      0  3   0x4000082  thrsleep      syz-fuzzer
 66996   64183    953      0  3   0x4000082  thrsleep      syz-fuzzer
 66996   19753    953      0  3   0x4000082  thrsleep      syz-fuzzer
 66996  254480    953      0  3   0x4000082  kqread        syz-fuzzer
 66996  410061    953      0  3   0x4000082  thrsleep      syz-fuzzer
 66996  218948    953      0  3   0x4000082  thrsleep      syz-fuzzer
   953  267772  14437      0  3    0x10008a  pause         ksh
 14437  359995   7853      0  3        0x92  select        sshd
 10221  115337      1      0  3    0x100083  ttyin         getty
  7853  405584      1      0  3        0x80  select        sshd
  7874  422931   3380     73  3    0x100010  ffs_fsync     syslogd
  3380   44670      1      0  3    0x100082  netio         syslogd
 86298  209009      1     77  3    0x100090  poll          dhclient
  5932  472729      1      0  3        0x80  poll          dhclient
 51517  200522      0      0  3     0x14200  pgzero        zerothread
 71378  442143      0      0  3     0x14200  aiodoned      aiodoned
 18665  202478      0      0  3     0x14200  syncer        update
 89716   46093      0      0  3     0x14200  cleaner       cleaner
 91152  372777      0      0  3     0x14200  reaper        reaper
 21188  404341      0      0  3     0x14200  pgdaemon      pagedaemon
 83169  351989      0      0  3     0x14200  bored         crynlk
 13878  229172      0      0  3     0x14200  bored         crypto
 26444  426616      0      0  3  0x40014200  acpi0         acpi0
 60041  245560      0      0  3  0x40014200                idle1
 25488   83606      0      0  3     0x14200  bored         softnet
 51918   56824      0      0  3     0x14200  bored         systqmp
  7702  250005      0      0  3     0x14200  bored         systq
 36011   82161      0      0  3  0x40014200  bored         softclock
 54428   29519      0      0  7  0x40014200                idle0
     1  143454      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/12/07 21:04 https://github.com/blackgnezdo/src.git multicore 013d15613728 65ed2472 .config console log report ci-openbsd-multicore
* Struck through repros no longer work on HEAD.