syzbot

 sign-in | mailing list | source | docs
🐞 Open [138] 🐞 Fixed [269] 🐞 Invalid [578] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

assert "pg->wire_count == NUM" failed in vfs_biomem.c (2)

Status: auto-obsoleted due to no activity on 2023/12/13 15:53
Reported-by: syzbot+ffeed80a3b0380a22f5d@syzkaller.appspotmail.com
First crash: 267d, last: 237d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
openbsd assert "pg->wire_count == NUM" failed in vfs_biomem.c 10 390d 726d 0/3 auto-obsoleted due to no activity on 2023/07/13 08:24
openbsd assert "pg->wire_count == NUM" failed in vfs_biomem.c (3) 78 15h26m 131d 0/3 upstream: reported on 2023/12/29 11:04

Sample crash report:
panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/vfs_biomem.c", line 310
Starting stack trace...
panic(ffffffff827a146e) at panic+0x16f sys/kern/subr_prf.c:229
__assert(ffffffff8281e5fb,ffffffff82808fb7,136,ffffffff827e7092) at __assert+0x29 sys/kern/subr_prf.c:157
buf_free_pages(fffffd8060232390) at buf_free_pages+0x1d2 sys/kern/vfs_biomem.c:299
buf_dealloc_mem(fffffd8060232390) at buf_dealloc_mem+0xe3 sys/kern/vfs_biomem.c:179
buf_put(fffffd8060232390) at buf_put+0x165 sys/kern/vfs_bio.c:130
brelse(fffffd8060232390) at brelse+0x5c3 sys/kern/vfs_bio.c:957
vinvalbuf(fffffd8079db3cf0,2,fffffd807f7d7478,ffff8000212a1a90,0,ffffffffffffffff) at vinvalbuf+0x391 sys/kern/vfs_subr.c:2021
ffs_truncate(fffffd807cc0a660,0,4,fffffd807f7d7478) at ffs_truncate+0xf22 sys/ufs/ffs/ffs_inode.c:326
ufs_rmdir(ffff80002129d338) at ufs_rmdir+0x3a9 sys/ufs/ufs/ufs_vnops.c:1342
VOP_RMDIR(fffffd807ba4b2d0,fffffd8079db3cf0,ffff80002129d418) at VOP_RMDIR+0x12a sys/kern/vfs_vops.c:407
dounlinkat(ffff8000212a1a90,ffffff9c,7d01235257d0,8) at dounlinkat+0x20e sys/kern/vfs_syscalls.c:1880
syscall(ffff80002129d590) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002129d590) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7d01235257c0, count: 244
End of stack trace.
syncing disks...panic: ffs_update: bad link cnt
Starting stack trace...
panic(ffffffff828426ab) at panic+0x16f sys/kern/subr_prf.c:229
ffs_update(fffffd80542a5220,0) at ffs_update+0x313 sys/ufs/ffs/ffs_inode.c:101
VOP_FSYNC(fffffd807dc66460,fffffd807f7d7478,2,ffff8000212a1a90) at VOP_FSYNC+0xcf sys/kern/vfs_vops.c:311
ffs_sync_vnode(fffffd807dc66460,ffff80002129cc30) at ffs_sync_vnode+0x184 sys/ufs/ffs/ffs_vfsops.c:1187
vfs_mount_foreach_vnode(ffff8000006d9c00,ffffffff819de2c0,ffff80002129cc30) at vfs_mount_foreach_vnode+0x55 sys/kern/vfs_subr.c:910
ffs_sync(ffff8000006d9c00,2,0,fffffd807f7d7478,ffff8000212a1a90) at ffs_sync+0x11f sys/ufs/ffs/ffs_vfsops.c:1238
sys_sync(ffff8000212a1a90,0,0) at sys_sync+0xbc sys/kern/vfs_syscalls.c:536
vfs_syncwait(ffff8000212a1a90,1) at vfs_syncwait+0x3a
vfs_shutdown(ffff8000212a1a90) at vfs_shutdown+0x61 sys/kern/vfs_subr.c:1791
boot(100) at boot+0xc5 sys/arch/amd64/amd64/machdep.c:901
reboot(100) at reboot+0x81
panic(ffffffff827a146e) at panic+0x18f sys/kern/subr_prf.c:231
__assert(ffffffff8281e5fb,ffffffff82808fb7,136,ffffffff827e7092) at __assert+0x29 sys/kern/subr_prf.c:157
buf_free_pages(fffffd8060232390) at buf_free_pages+0x1d2 sys/kern/vfs_biomem.c:299
buf_dealloc_mem(fffffd8060232390) at buf_dealloc_mem+0xe3 sys/kern/vfs_biomem.c:179
buf_put(fffffd8060232390) at buf_put+0x165 sys/kern/vfs_bio.c:130
brelse(fffffd8060232390) at brelse+0x5c3 sys/kern/vfs_bio.c:957
vinvalbuf(fffffd8079db3cf0,2,fffffd807f7d7478,ffff8000212a1a90,0,ffffffffffffffff) at vinvalbuf+0x391 sys/kern/vfs_subr.c:2021
ffs_truncate(fffffd807cc0a660,0,4,fffffd807f7d7478) at ffs_truncate+0xf22 sys/ufs/ffs/ffs_inode.c:326
ufs_rmdir(ffff80002129d338) at ufs_rmdir+0x3a9 sys/ufs/ufs/ufs_vnops.c:1342
VOP_RMDIR(fffffd807ba4b2d0,fffffd8079db3cf0,ffff80002129d418) at VOP_RMDIR+0x12a sys/kern/vfs_vops.c:407
dounlinkat(ffff8000212a1a90,ffffff9c,7d01235257d0,8) at dounlinkat+0x20e sys/kern/vfs_syscalls.c:1880
syscall(ffff80002129d590) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline]
syscall(ffff80002129d590) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7d01235257c0, count: 233
End of stack trace.

dump to dev 4,1 not possible
rpaebnioc: okternienlg .d.i.a
gnostic assertionSeaBIOS (version 1.8.2-google)
Total RAM Size = 0x0000000080000000 = 2048 MiB
CPUs found: 2     Max CPUs supported: 2
SeaBIOS (version 1.8.2-google)
Machine UUID 2c48b237-609e-0a7d-d6ca-08d70f46a694
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f2880: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Sending Seabios boot VM event.
Booting from Hard Disk 0...
>> OpenBSD/amd64 BOOT 3.65
boot> set $maxwidth = 0
set: syntax error
boot> show panic
boot: illegal argument panic
boot> trace
boot> show registers
boot> show proc
boot> ps
boot> show all locks
boot> show malloc
boot> show all pools
boot> machine ddbcpu 0
machine: syntax error
boot> trace
boot> machine ddbcpu 1
machine: syntax error
boot> trace

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/09/14 15:52 openbsd f50a451da581 0b6a67ac .config console log report [disk image] [bsd.gdb] [kernel image] ci-openbsd-multicore assert "pg->wire_count == NUM" failed in vfs_biomem.c
2023/08/15 16:19 openbsd a3e56974213b 39990d51 .config console log report ci-openbsd-multicore assert "pg->wire_count == NUM" failed in vfs_biomem.c
* Struck through repros no longer work on HEAD.