panic: kernel diagnostic assertion "pg->wire_count != 0" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_page.c", line 1207 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff834822be) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff834c3ac3,ffffffff834ab8e6,4b7,ffffffff8341a41b) at __assert+0x29 sys/kern/subr_prf.c:-1 uvm_pageunwire(fffff4800775cd00) at uvm_pageunwire+0x17d sys/uvm/uvm_page.c:1206 uvm_fault_unwire_locked(fffff4806c359748,200000234000,200000237000) at uvm_fault_unwire_locked+0x33a sys/uvm/uvm_fault.c:1790 uvm_unmap_kill_entry_withlock(fffff4806c359748,fffff4806c1b7b98,0) at uvm_unmap_kill_entry_withlock+0x81 sys/uvm/uvm_map.c:1866 uvm_map_teardown(fffff4806c359748) at uvm_map_teardown+0x117 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:-1 [inline] uvm_map_teardown(fffff4806c359748) at uvm_map_teardown+0x117 sys/uvm/uvm_map.c:2497 exit1(ffff80002f8b07e0,0,0,1) at exit1+0x6e6 sys/kern/kern_exit.c:259 sys_exit(ffff80002f8b07e0,ffff80002a7772f0,ffff80002a777240) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80002a7772f0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80002a7772f0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x72a48ec63850, count: 4 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "pg->wire_count != 0" failed: file "/syzkaller/managers/main/kernel/sys/uvm/uvm_page.c", line 1207 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff834822be) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff834c3ac3,ffffffff834ab8e6,4b7,ffffffff8341a41b) at __assert+0x29 sys/kern/subr_prf.c:-1 uvm_pageunwire(fffff4800775cd00) at uvm_pageunwire+0x17d sys/uvm/uvm_page.c:1206 uvm_fault_unwire_locked(fffff4806c359748,200000234000,200000237000) at uvm_fault_unwire_locked+0x33a sys/uvm/uvm_fault.c:1790 uvm_unmap_kill_entry_withlock(fffff4806c359748,fffff4806c1b7b98,0) at uvm_unmap_kill_entry_withlock+0x81 sys/uvm/uvm_map.c:1866 uvm_map_teardown(fffff4806c359748) at uvm_map_teardown+0x117 uvm_map_addr_RBT_LEFT sys/uvm/uvm_map.h:-1 [inline] uvm_map_teardown(fffff4806c359748) at uvm_map_teardown+0x117 sys/uvm/uvm_map.c:2497 exit1(ffff80002f8b07e0,0,0,1) at exit1+0x6e6 sys/kern/kern_exit.c:259 sys_exit(ffff80002f8b07e0,ffff80002a7772f0,ffff80002a777240) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff80002a7772f0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline] syscall(ffff80002a7772f0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x72a48ec63850, count: -11 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002a776f30 rbx 0xffff8000ffff9698 rdx 0 rcx 0 rax 0xffff80002f8b07e0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x1354d19284114216 r11 0x1845fcb38bde5b5a r12 0 r13 0xffffffff835e3d40 uvm_map_addr_RBT_INFO r14 0 r15 0x1 rip 0xffffffff821fe4b5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80002a776f20 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=230586 pid=38083 tcnt=0 stat=onproc flags process=1001008 proc=2000 runpri=16, usrpri=78, slppri=16, nice=20 wchan=0x0, wmesg=, ps_single=0xffff80002f8b07e0 scnt=-1 ecnt=1 forw=0xffffffffffffffff, list=0xffff80003c8f6560,0xffff80003c8f6d38 process=0xffff8000ffff9698 user=0xffff80002a772000, vmspace=0xfffff4806c359748 estcpu=28, cpticks=2, pctcpu=0.1, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 69706 109114 93819 0 3 0x80 fsleep syz-executor 69706 115343 93819 0 3 0x4000080 fifor syz-executor 67481 10161 1 0 3 0x80 nanoslp init 93819 297817 1 0 2 0xc82 syz-executor 57472 192199 1 0 2 0xc82 syz-executor 34891 27562 1 73 2 0x1100010 syslogd 28783 106103 0 0 2 0x14200 smr 4495 200814 0 0 2 0x14200 zerothread 61164 225174 0 0 3 0x14200 aiodoned aiodoned 87630 418319 0 0 3 0x14200 syncer update 95202 99715 0 0 3 0x14200 cleaner cleaner 60275 59452 0 0 3 0x14200 reaper reaper 91430 130440 0 0 3 0x14200 pgdaemon pagedaemon 15966 294496 0 0 3 0x14200 bored viomb 23014 268191 0 0 3 0x40014200 acpi0 acpi0 85933 426946 0 0 3 0x14200 bored softnet0 65665 89624 0 0 3 0x14200 bored systqmp 60511 205390 0 0 3 0x14200 bored systq 91007 429529 0 0 3 0x40014200 tmoslp softclock 21979 133076 0 0 3 0x40014200 idle0 1 125501 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11050 12100K 12442K 166960K 13416 0 pcb 17 18K 22K 166960K 368 0 rtable 155 8K 9K 166960K 608 0 pf 25 12K 17K 166960K 109 0 ifaddr 24 4K 7K 166960K 87 0 ifgroup 31 1K 2K 166960K 111 0 sysctl 4 1K 9K 166960K 18 0 counters 29 17K 18K 166960K 69 0 ioctlops 0 0K 4K 166960K 218 0 iov 0 0K 16K 166960K 86 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1367 86K 86K 166960K 2518 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 13 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 1K 166960K 140 0 dirhash 12 2K 2K 166960K 27 0 ACPI 1692 195K 286K 166960K 12470 0 file desc 6 20K 93K 166960K 1063 0 sigio 0 0K 0K 166960K 11 0 proc 14 25K 116K 166960K 750 0 subproc 36 2K 5K 166960K 298 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 93 0 in_multi 44 3K 7K 166960K 161 0 ether_multi 1 0K 0K 166960K 3 0 mrt 1 0K 0K 166960K 20 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 259 1155K 1155K 166960K 259 0 exec 0 0K 1K 166960K 541 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 4 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 68 40K 166K 166960K 10463 0 UVM aobj 86 9K 9K 166960K 87 0 pinsyscall 9 18K 94K 166960K 2286 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 44 0 NDP 7 0K 2K 166960K 59 0 temp 50 9117K 9180K 166960K 24833 0 kqueue 2 2K 28K 166960K 178 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 126 0 126 2 0 2 2 0 8 2 rtentry 136 170 0 119 4 0 4 4 0 8 1 unpcb 144 699 0 693 6 0 6 6 0 8 5 syncache 336 7 0 7 1 0 1 1 0 8 1 tcpcb 736 260 0 260 4 0 4 4 0 8 4 arp 96 28 0 18 1 0 1 1 0 8 0 ipq 40 6 0 5 1 0 1 1 0 8 0 ipqe 40 6 0 5 1 0 1 1 0 8 0 inpcb 328 1083 0 1083 10 2 8 10 0 8 8 ip6q 72 4 0 2 1 0 1 1 0 8 0 ip6af 40 7 0 5 1 0 1 1 0 8 0 nd6 112 41 0 31 1 0 1 1 0 8 0 pkpcb 40 5 0 5 1 0 1 1 0 8 1 kcovpl 48 33 0 29 1 0 1 1 0 8 0 mppekey 1024 1 0 1 1 0 1 1 0 8 1 ppxss 1072 30 0 30 1 0 1 1 0 8 1 pfstscr 40 6 0 4 1 0 1 1 0 8 0 pfrktable 1344 4 0 3 1 0 1 1 0 8 0 pfsrclim 320 1 0 1 1 0 1 1 0 8 1 pfanchor 1288 3 0 2 1 0 1 1 0 8 0 pftag 88 3 0 1 1 0 1 1 0 8 0 pfstitem 24 3 0 0 1 0 1 1 0 8 0 pfstkey 128 9 0 6 1 0 1 1 0 8 0 pfstate 384 5 0 3 1 0 1 1 0 8 0 pfrule 1360 9 0 7 1 0 1 1 0 8 0 rttmr 136 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 705 0 475 29 6 23 29 0 8 8 art_table 40 708 0 475 5 0 5 5 0 8 1 art_node 32 170 0 126 1 0 1 1 0 8 0 sysvmsgpl 40 16 0 7 1 0 1 1 0 8 0 semapl 72 136 0 126 1 0 1 1 0 8 0 shmpl 112 84 0 1 3 0 3 3 0 8 0 dirhash 1024 27 0 10 3 0 3 3 0 8 0 dino2pl 256 3373 0 1903 93 0 93 93 0 8 0 ffsino 256 3373 0 1903 93 0 93 93 0 8 0 nchpl 144 4730 0 2994 65 0 65 65 0 8 0 rtmask 32 2 0 2 1 0 1 1 0 8 1 vnodes 216 4011 0 0 223 0 223 223 0 8 0 namei 1024 17022 0 17022 2 0 2 2 0 8 2 pfiaddrpl 120 1 0 1 1 0 1 1 0 8 1 kstatmem 264 71 0 56 2 0 2 2 0 8 0 scsiplug 72 3 0 3 1 0 1 1 0 8 1 scxspl 216 20928 0 20928 8 0 8 8 1 8 8 plimitpl 152 128 0 123 1 0 1 1 0 8 0 sigapl 424 1334 0 1311 8 0 8 8 0 8 4 knotepl 120 51544 0 51539 17 8 9 17 0 8 8 kqueuepl 184 377 0 376 4 0 4 4 0 8 3 pipepl 304 243 0 233 3 0 3 3 0 8 1 fdescpl 448 1301 0 1292 5 0 5 5 0 8 1 filepl 120 9221 0 9150 14 0 14 14 0 8 6 lockfpl 104 375 0 375 1 0 1 1 0 8 1 lockfspl 48 143 0 143 1 0 1 1 0 8 1 sessionpl 144 178 0 175 1 0 1 1 0 8 0 pgrppl 48 230 0 224 1 0 1 1 0 8 0 ucredpl 104 1946 0 1942 1 0 1 1 0 8 0 zombiepl 144 1314 0 1311 1 0 1 1 0 8 0 processpl 1152 1334 0 1311 5 0 5 5 0 8 1 procpl 664 2556 0 2532 7 0 7 7 0 8 2 sosppl 176 8 0 8 1 0 1 1 0 8 1 sockpl 552 2014 0 2008 17 8 9 15 0 8 8 mcl64k 65536 52 0 52 1 0 1 1 0 8 1 mcl16k 16384 3 0 3 1 0 1 1 0 8 1 mcl9k128 9344 2 0 2 1 0 1 1 0 8 1 mcl8k 8192 11 0 11 1 0 1 1 0 8 1 mcl4k 4096 3703 0 3654 14 0 14 14 0 8 6 mcl2k2 2112 2 0 2 1 0 1 1 0 8 1 mcl2k 2048 975 0 973 2 0 2 2 0 8 1 mtagpl 96 17 0 14 1 0 1 1 0 8 0 mbufpl 256 13700 0 13618 34 13 21 34 0 8 8 bufpl 272 7458 0 1242 415 0 415 415 0 8 0 anonpl 24 216618 0 213797 49 0 49 49 0 186 24 amapchunkpl 152 34267 0 33997 30 0 30 30 0 158 14 amappl16 200 5058 0 5051 32 21 11 17 0 8 8 amappl15 192 5 0 5 1 0 1 1 0 8 1 amappl14 184 459 0 459 1 0 1 1 0 8 1 amappl13 176 126 0 125 1 0 1 1 0 8 0 amappl12 168 1591 0 1583 2 0 2 2 0 8 0 amappl11 160 20 0 20 1 0 1 1 0 8 1 amappl10 152 64 0 62 1 0 1 1 0 8 0 amappl9 144 292 0 292 1 0 1 1 0 8 1 amappl8 136 128 0 128 1 0 1 1 0 8 1 amappl7 128 161 0 157 1 0 1 1 0 8 0 amappl6 120 188 0 188 1 0 1 1 0 8 1 amappl5 112 119 0 118 1 0 1 1 0 8 0 amappl4 104 296 0 292 1 0 1 1 0 8 0 amappl3 96 7011 0 6982 4 0 4 4 0 8 1 amappl2 88 573 0 564 2 0 2 2 0 8 0 amappl1 80 14187 0 14107 13 0 13 13 0 8 5 amappl 88 9525 0 9471 5 0 5 5 0 92 1 uvmvnodes 80 124 0 0 3 0 3 3 0 8 0 dma8192 8192 1 0 1 1 0 1 1 0 8 1 dma4096 4096 2 0 2 1 0 1 1 0 8 1 dma2048 2048 1 0 1 1 0 1 1 0 8 1 dma1024 1024 2 0 1 1 0 1 1 0 8 0 dma512 512 1 0 1 1 0 1 1 0 8 1 dma256 256 9 0 9 1 0 1 1 0 8 1 dma128 128 255 0 255 1 0 1 1 0 8 1 dma64 64 7 0 7 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 86 0 1 2 0 2 2 0 8 0 uaddrrnd 24 1301 0 1291 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1301 0 1291 1 0 1 1 0 8 0 vmmpekpl 168 11487 0 11454 3 0 3 3 0 8 0 vmmpepl 168 90374 0 89962 92 0 92 92 0 357 59 vmsppl 368 1300 0 1291 4 0 4 4 0 8 1 rwobjpl 40 26723 0 26344 14 0 14 14 0 8 0 pdppl 4096 2608 0 2582 112 68 44 80 0 8 18 pvpl 32 581159 0 579239 121 0 121 121 0 265 70 pmappl 216 1300 0 1291 3 0 3 3 0 8 0 extentpl 40 45 0 27 1 0 1 1 0 8 0 phpool 112 825 0 87 22 0 22 22 0 8 0 ddb>