panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 310 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 10077 12171 0 0x1a000002 0x4000000 0 syz-fuzzer db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82925432) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828ddfbc,ffffffff828ed171,136,ffffffff8286c3cd) at __assert+0x29 sys/kern/subr_prf.c:157 buf_free_pages(fffffd806f78e040) at buf_free_pages+0x1d0 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd806f78e040) at buf_dealloc_mem+0xe2 sys/kern/vfs_biomem.c:179 buf_put(fffffd806f78e040) at buf_put+0x15e sys/kern/vfs_bio.c:127 brelse(fffffd806f78e040) at brelse+0x26b sys/kern/vfs_bio.c:944 vinvalbuf(fffffd80652c4380,2,fffffd807f7d78f0,ffff80002a6022a8,0,ffffffffffffffff) at vinvalbuf+0x3b8 sys/kern/vfs_subr.c:2025 ffs_truncate(fffffd807b4985b0,0,4,fffffd807f7d78f0) at ffs_truncate+0xb99 ufs_rmdir(ffff80002a6e7a58) at ufs_rmdir+0x295 sys/ufs/ufs/ufs_vnops.c:1270 VOP_RMDIR(fffffd80580a0528,fffffd80652c4380,ffff80002a6e7b38) at VOP_RMDIR+0x12a sys/kern/vfs_vops.c:407 dounlinkat(ffff80002a6022a8,38,c0004a3503,8) at dounlinkat+0x20e sys/kern/vfs_syscalls.c:1888 syscall(ffff80002a6e7cb0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2c54a43d0, count: 1 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 310 ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82925432) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828ddfbc,ffffffff828ed171,136,ffffffff8286c3cd) at __assert+0x29 sys/kern/subr_prf.c:157 buf_free_pages(fffffd806f78e040) at buf_free_pages+0x1d0 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd806f78e040) at buf_dealloc_mem+0xe2 sys/kern/vfs_biomem.c:179 buf_put(fffffd806f78e040) at buf_put+0x15e sys/kern/vfs_bio.c:127 brelse(fffffd806f78e040) at brelse+0x26b sys/kern/vfs_bio.c:944 vinvalbuf(fffffd80652c4380,2,fffffd807f7d78f0,ffff80002a6022a8,0,ffffffffffffffff) at vinvalbuf+0x3b8 sys/kern/vfs_subr.c:2025 ffs_truncate(fffffd807b4985b0,0,4,fffffd807f7d78f0) at ffs_truncate+0xb99 ufs_rmdir(ffff80002a6e7a58) at ufs_rmdir+0x295 sys/ufs/ufs/ufs_vnops.c:1270 VOP_RMDIR(fffffd80580a0528,fffffd80652c4380,ffff80002a6e7b38) at VOP_RMDIR+0x12a sys/kern/vfs_vops.c:407 dounlinkat(ffff80002a6022a8,38,c0004a3503,8) at dounlinkat+0x20e sys/kern/vfs_syscalls.c:1888 syscall(ffff80002a6e7cb0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2c54a43d0, count: -14 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002a6e7550 rbx 0 rdx 0 rcx 0 rax 0xffff80002a6022a8 r8 0x101010101010101 r9 0x8080808080808080 r10 0xc34a76f7340592c3 r11 0xb0231dd37d566bc8 r12 0 r13 0xfffffd8005bc7f00 r14 0 r15 0x1 rip 0xffffffff81d6cb2c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff80002a6e7540 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-fuzzer) tid=10077 pid=12171 tcnt=14 stat=onproc flags process=1a000002 proc=4000000 runpri=17, usrpri=50, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a603208,0xffff80002a602028 process=0xffff8000ffff6e20 user=0xffff80002a6e2000, vmspace=0xfffffd80074a22b0 estcpu=0, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 52466 145231 68055 0 2 0x8000040 syz-executor.0 51264 343829 99968 0 2 0x8000002 sh 5232 265970 79775 0 2 0x8000040 syz-executor.4 64598 447070 55184 0 2 0x8000002 sh 55184 113125 12171 0 3 0x8000082 wait syz-executor.1 99968 213640 12171 0 2 0x8000002 syz-executor.6 51246 428024 60797 0 2 0x8000002 ifconfig 60797 474704 16772 0 3 0x810008a sigsusp sh 16772 14136 12171 0 3 0x8000082 wait syz-executor.7 95649 256565 97552 0 2 0x8000002 ifconfig 97552 125512 18000 0 3 0x810008a sigsusp sh 18000 491208 12171 0 3 0x8000082 wait syz-executor.5 42348 480413 55541 0 2 0x8000002 ifconfig 55541 24206 74219 0 3 0x810008a sigsusp sh 74219 314181 12171 0 3 0x8000082 wait syz-executor.2 79775 353641 12171 0 3 0x8000082 ppwait syz-executor.4 68055 218733 12171 0 3 0x8000082 ppwait syz-executor.0 96574 199917 0 0 3 0x14280 nfsidl nfsio 57665 156808 0 0 3 0x14280 nfsidl nfsio 73890 39729 0 0 3 0x14280 nfsidl nfsio 34335 295388 0 0 3 0x14280 nfsidl nfsio 71671 53065 0 0 3 0x14280 nfsidl nfsio 20818 336722 0 0 3 0x14280 nfsidl nfsio 54533 496 0 0 3 0x14280 nfsidl nfsio 84884 205891 0 0 3 0x14280 nfsidl nfsio 48587 227954 0 0 3 0x14280 nfsidl nfsio 95961 130552 0 0 3 0x14280 nfsidl nfsio 58585 413869 0 0 3 0x14280 nfsidl nfsio 87168 449435 0 0 3 0x14280 nfsidl nfsio 46464 97015 0 0 3 0x14280 nfsidl nfsio 2353 240887 0 0 3 0x14280 nfsidl nfsio 39353 468834 0 0 3 0x14280 nfsidl nfsio 83335 62028 0 0 3 0x14280 nfsidl nfsio 84917 506556 0 0 3 0x14280 nfsidl nfsio 55547 293549 0 0 3 0x14280 nfsidl nfsio 41549 201959 0 0 3 0x14280 nfsidl nfsio 37145 261509 0 0 3 0x14280 nfsidl nfsio 83927 289415 51776 0 3 0x18100082 netio arp 51776 48657 1 0 3 0x810008a sigsusp sh 84293 2208 49263 0 3 0x18100082 netio ndp 49263 127972 1 0 3 0x810008a sigsusp sh 40639 28905 1 0 3 0x18100083 ttyopn getty 75316 468056 0 0 3 0x14200 bored sosplice 12171 269224 67506 0 3 0x1a000082 wait syz-fuzzer 12171 150526 67506 0 3 0x1e000082 nanoslp syz-fuzzer 12171 129378 67506 0 3 0x1e000082 wait syz-fuzzer 12171 409513 67506 0 3 0x1e000082 wait syz-fuzzer 12171 73677 67506 0 3 0x1e000082 wait syz-fuzzer 12171 194562 67506 0 3 0x1e000082 thrsleep syz-fuzzer 12171 73568 67506 0 3 0x1e000082 thrsleep syz-fuzzer *12171 10077 67506 0 7 0x1e000002 syz-fuzzer 12171 482973 67506 0 3 0x1e000082 thrsleep syz-fuzzer 12171 469464 67506 0 3 0x1e000082 thrsleep syz-fuzzer 12171 236939 67506 0 3 0x1e000082 wait syz-fuzzer 12171 179307 67506 0 3 0x1e000082 wait syz-fuzzer 12171 365369 67506 0 3 0x1e000082 wait syz-fuzzer 12171 354329 67506 0 3 0x1e000082 thrsleep syz-fuzzer 67506 97292 33834 0 3 0x810008a sigsusp ksh 33834 348406 5990 0 3 0x1800009a kqread sshd 5990 371180 1 0 3 0x18000088 kqread sshd 63778 506867 5562 73 3 0x19100010 ffs_fsync syslogd 5562 117797 1 0 3 0x18100082 sbwait syslogd 72517 235014 1 0 3 0x18100080 kqread resolvd 30185 287673 28786 77 3 0x18100092 kqread dhcpleased 78478 437567 28786 77 3 0x18100092 kqread dhcpleased 28786 391956 1 0 3 0x18000080 kqread dhcpleased 58594 394993 0 0 3 0x14200 bored smr 62518 488557 0 0 2 0x14200 zerothread 17228 444364 0 0 3 0x14200 aiodoned aiodoned 36088 230485 0 0 3 0x14200 syncer update 67616 458144 0 0 3 0x14200 cleaner cleaner 49603 136323 0 0 3 0x14200 reaper reaper 73919 184017 0 0 3 0x14200 pgdaemon pagedaemon 47292 501249 0 0 3 0x14200 bored viomb 44643 491321 0 0 3 0x40014200 acpi0 acpi0 83620 388381 0 0 3 0x14200 bored softnet3 91774 166925 0 0 3 0x14200 bored softnet2 63016 14287 0 0 3 0x14200 bored softnet1 30166 377550 0 0 3 0x14200 bored softnet0 32184 509641 0 0 3 0x14200 bored systqmp 98661 328472 0 0 3 0x14200 bored systq 24014 235010 0 0 3 0x40014200 tmoslp softclock 40317 398623 0 0 3 0x40014200 idle0 1 111869 0 0 3 0x8000082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10182 6404K 7188K 166960K 15029 0 pcb 17 15K 17K 166960K 399 0 rtable 64 6K 11K 166960K 3239 0 pf 23 8K 9K 166960K 321 0 ifaddr 16 7K 13K 166960K 457 0 ifgroup 38 1K 2K 166960K 600 0 sysctl 3 1K 1K 166960K 5 0 counters 27 17K 17K 166960K 162 0 ioctlops 0 0K 2K 166960K 383 0 iov 0 0K 16K 166960K 102 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1442 91K 91K 166960K 4700 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 13K 166960K 54 0 VM map 2 1K 1K 166960K 2 0 sem 12 1K 1K 166960K 211 0 dirhash 12 2K 2K 166960K 69 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 23 85K 109K 166960K 3482 0 sigio 0 0K 0K 166960K 39 0 proc 80 83K 125K 166960K 3267 0 subproc 117 7K 8K 166960K 1781 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 323 0 in_multi 11 0K 7K 166960K 1160 0 ether_multi 1 0K 0K 166960K 7 0 mrt 1 0K 0K 166960K 17 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 217 970K 970K 166960K 217 0 exec 0 0K 1K 166960K 1890 0 pfkey data 0 0K 0K 166960K 5 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 278 120K 150K 166960K 27261 0 UVM aobj 78 3K 3K 166960K 89 0 pinsyscall 45 90K 102K 166960K 7147 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 123 0 NDP 8 0K 2K 166960K 337 0 temp 70 6807K 6936K 166960K 138675 0 kqueue 12 18K 26K 166960K 312 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 659 0 654 3 0 3 3 0 8 2 rtentry 112 1153 0 1131 4 0 4 4 0 8 3 unpcb 144 1271 0 1258 2 0 2 2 0 8 1 syncache 336 10 0 10 1 0 1 1 0 8 1 sackhl 24 2 3 2 1 0 1 1 0 8 1 tcpqe 32 26 0 26 1 0 1 1 0 8 1 tcpcb 808 763 0 758 8 0 8 8 0 8 7 arp 88 214 0 212 1 0 1 1 0 8 0 ipq 40 6 0 5 1 0 1 1 0 8 0 ipqe 40 22 0 21 1 0 1 1 0 8 0 inpcb 352 3189 0 3178 14 5 9 13 0 8 7 nd6 104 303 0 303 1 0 1 1 0 8 1 pkpcb 40 17 0 17 1 0 1 1 0 8 1 kcovpl 48 137 0 128 1 0 1 1 0 8 0 ppxss 1072 6 0 6 1 0 1 1 0 8 1 art_heap8 4096 2 0 1 2 0 2 2 0 8 1 art_heap4 256 4491 0 4395 94 72 22 29 0 8 16 art_table 32 4493 0 4396 4 0 4 4 0 8 3 art_node 16 1145 0 1125 1 0 1 1 0 8 0 semupl 112 4 0 4 1 0 1 1 0 8 1 semapl 112 206 0 196 1 0 1 1 0 8 0 shmpl 112 86 0 11 3 0 3 3 0 8 0 dirhash 1024 55 0 38 3 0 3 3 0 8 0 dino2pl 256 5374 0 3874 96 0 96 96 0 8 0 ffsino 240 5374 0 3874 90 0 90 90 0 8 0 nchpl 144 9478 0 8890 66 33 33 66 0 8 8 uvmvnodes 80 8140 0 0 167 0 167 167 0 8 0 vnodes 216 8140 0 0 453 0 453 453 0 8 0 namei 1024 42003 0 42003 3 0 3 3 0 8 3 vcpupl 3904 56 0 1 7 0 7 7 0 8 0 vmpool 664 63 0 8 5 0 5 5 0 8 0 kstatmem 264 286 0 270 2 0 2 2 0 8 0 scsiplug 72 3 0 3 1 0 1 1 0 8 1 scxspl 216 70580 0 70579 8 0 8 8 1 8 7 plimitpl 152 711 0 695 1 0 1 1 0 8 0 sigapl 424 3546 0 3475 9 0 9 9 0 8 0 futexpl 64 37433 0 37433 1 0 1 1 0 8 1 knotepl 120 22225 0 22131 24 13 11 18 0 8 7 kqueuepl 184 634 0 626 1 0 1 1 0 8 0 pipepl 288 925 0 892 5 0 5 5 0 8 2 fdescpl 432 3508 0 3474 5 0 5 5 0 8 0 filepl 120 21073 0 20818 15 0 15 15 0 8 6 lockfpl 104 637 0 635 1 0 1 1 0 8 0 lockfspl 48 287 0 285 1 0 1 1 0 8 0 sessionpl 144 127 0 110 1 0 1 1 0 8 0 pgrppl 48 166 0 149 1 0 1 1 0 8 0 ucredpl 104 2688 0 2676 1 0 1 1 0 8 0 zombiepl 144 3475 0 3475 1 0 1 1 0 8 1 processpl 1072 3546 0 3475 6 0 6 6 0 8 0 procpl 656 5921 0 5837 9 0 9 9 0 8 0 sosppl 168 62 0 62 1 0 1 1 0 8 1 sockpl 504 5152 0 5123 33 21 12 21 0 8 8 mcl64k 65536 18 0 18 1 0 1 1 0 8 1 mcl12k 12288 2 0 2 1 0 1 1 0 8 1 mcl9k 9216 2 0 2 1 0 1 1 0 8 1 mcl8k 8192 101 0 101 1 0 1 1 0 8 1 mcl4k 4096 13 0 13 1 0 1 1 0 8 1 mcl2k 2048 36680 0 36582 42 20 22 40 0 8 7 mtagpl 96 112 0 112 1 0 1 1 0 8 1 mbufpl 256 115926 0 115823 40 24 16 26 0 8 8 bufpl 280 13321 0 4850 606 0 606 606 0 8 0 anonpl 24 588538 0 582208 87 0 87 87 0 188 32 amapchunkpl 152 89664 0 89101 46 0 46 46 0 158 16 amappl16 200 12553 0 12439 34 17 17 20 0 8 6 amappl15 192 13 0 13 1 0 1 1 0 8 1 amappl14 184 529 0 516 2 0 2 2 0 8 1 amappl13 176 23 0 22 1 0 1 1 0 8 0 amappl12 168 5565 0 5531 3 0 3 3 0 8 1 amappl11 160 89 0 79 1 0 1 1 0 8 0 amappl10 152 176 0 167 1 0 1 1 0 8 0 amappl9 144 177 0 176 1 0 1 1 0 8 0 amappl8 136 525 0 494 2 0 2 2 0 8 0 amappl7 128 71 0 57 1 0 1 1 0 8 0 amappl6 120 1574 0 1549 2 0 2 2 0 8 1 amappl5 112 539 0 524 1 0 1 1 0 8 0 amappl4 104 1269 0 1231 2 0 2 2 0 8 0 amappl3 96 16289 0 16230 3 0 3 3 0 8 0 amappl2 88 4317 0 4239 3 0 3 3 0 8 1 amappl1 80 25540 0 24993 22 3 19 22 0 8 5 amappl 88 25938 0 25772 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 0 1 1 0 8 1 dma128 128 253 0 253 1 0 1 1 0 8 1 dma64 64 6 0 6 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 88 0 11 2 0 2 2 0 8 0 uaddrrnd 24 3571 0 3482 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3571 0 3482 1 0 1 1 0 8 0 vmmpekpl 168 31455 0 31377 4 0 4 4 0 8 0 vmmpepl 168 263993 0 262116 111 0 111 111 0 357 14 vmsppl 344 3570 0 3482 9 0 9 9 0 8 0 rwobjpl 24 72121 0 62755 58 0 58 58 0 8 1 pdppl 4096 7148 0 7019 369 230 139 139 0 8 10 pvpl 32 1596588 0 1583955 349 12 337 349 0 265 203 pmappl 216 3570 0 3482 6 0 6 6 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 792 0 367 13 0 13 13 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82925432) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828ddfbc,ffffffff828ed171,136,ffffffff8286c3cd) at __assert+0x29 sys/kern/subr_prf.c:157 buf_free_pages(fffffd806f78e040) at buf_free_pages+0x1d0 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd806f78e040) at buf_dealloc_mem+0xe2 sys/kern/vfs_biomem.c:179 buf_put(fffffd806f78e040) at buf_put+0x15e sys/kern/vfs_bio.c:127 brelse(fffffd806f78e040) at brelse+0x26b sys/kern/vfs_bio.c:944 vinvalbuf(fffffd80652c4380,2,fffffd807f7d78f0,ffff80002a6022a8,0,ffffffffffffffff) at vinvalbuf+0x3b8 sys/kern/vfs_subr.c:2025 ffs_truncate(fffffd807b4985b0,0,4,fffffd807f7d78f0) at ffs_truncate+0xb99 ufs_rmdir(ffff80002a6e7a58) at ufs_rmdir+0x295 sys/ufs/ufs/ufs_vnops.c:1270 VOP_RMDIR(fffffd80580a0528,fffffd80652c4380,ffff80002a6e7b38) at VOP_RMDIR+0x12a sys/kern/vfs_vops.c:407 dounlinkat(ffff80002a6022a8,38,c0004a3503,8) at dounlinkat+0x20e sys/kern/vfs_syscalls.c:1888 syscall(ffff80002a6e7cb0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2c54a43d0, count: -14 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82925432) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828ddfbc,ffffffff828ed171,136,ffffffff8286c3cd) at __assert+0x29 sys/kern/subr_prf.c:157 buf_free_pages(fffffd806f78e040) at buf_free_pages+0x1d0 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd806f78e040) at buf_dealloc_mem+0xe2 sys/kern/vfs_biomem.c:179 buf_put(fffffd806f78e040) at buf_put+0x15e sys/kern/vfs_bio.c:127 brelse(fffffd806f78e040) at brelse+0x26b sys/kern/vfs_bio.c:944 vinvalbuf(fffffd80652c4380,2,fffffd807f7d78f0,ffff80002a6022a8,0,ffffffffffffffff) at vinvalbuf+0x3b8 sys/kern/vfs_subr.c:2025 ffs_truncate(fffffd807b4985b0,0,4,fffffd807f7d78f0) at ffs_truncate+0xb99 ufs_rmdir(ffff80002a6e7a58) at ufs_rmdir+0x295 sys/ufs/ufs/ufs_vnops.c:1270 VOP_RMDIR(fffffd80580a0528,fffffd80652c4380,ffff80002a6e7b38) at VOP_RMDIR+0x12a sys/kern/vfs_vops.c:407 dounlinkat(ffff80002a6022a8,38,c0004a3503,8) at dounlinkat+0x20e sys/kern/vfs_syscalls.c:1888 syscall(ffff80002a6e7cb0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2c54a43d0, count: -14