panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 310 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *223315 6270 0 0 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff821d9f34) at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff8223240f,ffffffff82243b16,136,ffffffff8220c77c) at __assert+0x2b sys/kern/subr_prf.c:154 buf_free_pages(fffffd8068152b20) at buf_free_pages+0x1d3 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd8068152b20) at buf_dealloc_mem+0xe1 sys/kern/vfs_biomem.c:179 buf_put(fffffd8068152b20) at buf_put+0x16b sys/kern/vfs_bio.c:131 brelse(fffffd8068152b20) at brelse+0x27d sys/kern/vfs_bio.c:948 vinvalbuf(fffffd80581589c0,2,ffffffffffffffff,ffff80001d739008,0,ffffffffffffffff) at vinvalbuf+0x3b1 sys/kern/vfs_subr.c:1981 ffs_truncate(fffffd805819b788,0,0,ffffffffffffffff) at ffs_truncate+0xeb1 sys/ufs/ffs/ffs_inode.c:326 ufs_inactive(ffff80001d80a108) at ufs_inactive+0x155 sys/ufs/ufs/ufs_inode.c:84 VOP_INACTIVE(fffffd80581589c0,ffff80001d739008) at VOP_INACTIVE+0xaa sys/kern/vfs_vops.c:573 vrele(fffffd80581589c0) at vrele+0xca sys/kern/vfs_subr.c:816 ktrsettrace(ffff8000ffffa010,c0000000,fffffd8058e12000,fffffd806c3bfc00) at ktrsettrace+0xb3 sys/kern/kern_ktrace.c:124 ktrops(ffff80001d739008,ffff8000ffffa010,0,c0000000,fffffd8058e12000,fffffd806c3bfc00) at ktrops+0x1a1 sys/kern/kern_ktrace.c:544 end trace frame: 0xffff80001d80a370, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 310 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff821d9f34) at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff8223240f,ffffffff82243b16,136,ffffffff8220c77c) at __assert+0x2b sys/kern/subr_prf.c:154 buf_free_pages(fffffd8068152b20) at buf_free_pages+0x1d3 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd8068152b20) at buf_dealloc_mem+0xe1 sys/kern/vfs_biomem.c:179 buf_put(fffffd8068152b20) at buf_put+0x16b sys/kern/vfs_bio.c:131 brelse(fffffd8068152b20) at brelse+0x27d sys/kern/vfs_bio.c:948 vinvalbuf(fffffd80581589c0,2,ffffffffffffffff,ffff80001d739008,0,ffffffffffffffff) at vinvalbuf+0x3b1 sys/kern/vfs_subr.c:1981 ffs_truncate(fffffd805819b788,0,0,ffffffffffffffff) at ffs_truncate+0xeb1 sys/ufs/ffs/ffs_inode.c:326 ufs_inactive(ffff80001d80a108) at ufs_inactive+0x155 sys/ufs/ufs/ufs_inode.c:84 VOP_INACTIVE(fffffd80581589c0,ffff80001d739008) at VOP_INACTIVE+0xaa sys/kern/vfs_vops.c:573 vrele(fffffd80581589c0) at vrele+0xca sys/kern/vfs_subr.c:816 ktrsettrace(ffff8000ffffa010,c0000000,fffffd8058e12000,fffffd806c3bfc00) at ktrsettrace+0xb3 sys/kern/kern_ktrace.c:124 ktrops(ffff80001d739008,ffff8000ffffa010,0,c0000000,fffffd8058e12000,fffffd806c3bfc00) at ktrops+0x1a1 sys/kern/kern_ktrace.c:544 doktrace(fffffd8058e12000,4,40000000,0,ffff80001d739008) at doktrace+0x60d ktrsetchildren sys/kern/kern_ktrace.c:566 [inline] doktrace(fffffd8058e12000,4,40000000,0,ffff80001d739008) at doktrace+0x60d sys/kern/kern_ktrace.c:488 sys_ktrace(ffff80001d739008,ffff80001d80a4c8,ffff80001d80a510) at sys_ktrace+0xd5 sys/kern/kern_ktrace.c:529 syscall(ffff80001d80a590) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xadfe389d20, count: -18 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80001d809c00 rbx 0xffff80001d809cb0 rdx 0x2 rcx 0 rax 0x1 r8 0xffffffff810217ef kprintf+0x15f r9 0x1 r10 0x2 r11 0xb17b93af6dadf315 r12 0x3000000008 r13 0xffff80001d809c10 r14 0x100 r15 0x1 rip 0xffffffff81c62918 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80001d809bf0 ss 0 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=223315 stat=onproc flags process=0 proc=4000000 pri=17, usrpri=81, nice=20 forw=0xffffffffffffffff, list=0xffff80001d739758,0xffffffff8257eb98 process=0xffff8000ffffae70 user=0xffff80001d805000, vmspace=0xfffffd806bc0abb0 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 6270 254986 40621 0 2 0 syz-executor.1 * 6270 223315 40621 0 7 0x4000000 syz-executor.1 40621 47613 34539 0 3 0x82 nanosleep syz-executor.1 36012 108975 0 0 3 0x14200 bored sosplice 70663 478212 34539 0 3 0x82 piperd syz-executor.0 34539 271165 94931 0 3 0x82 thrsleep syz-fuzzer 34539 208693 94931 0 3 0x4000082 nanosleep syz-fuzzer 34539 78691 94931 0 3 0x4000082 thrsleep syz-fuzzer 34539 130661 94931 0 3 0x4000082 thrsleep syz-fuzzer 34539 443368 94931 0 3 0x4000082 thrsleep syz-fuzzer 34539 30780 94931 0 2 0x4000002 syz-fuzzer 34539 212546 94931 0 3 0x4000082 thrsleep syz-fuzzer 34539 293977 94931 0 3 0x4000082 thrsleep syz-fuzzer 94931 400483 16982 0 3 0x10008a pause ksh 16982 517270 6418 0 3 0x92 select sshd 17204 424085 1 0 3 0x100083 ttyin getty 6418 442347 1 0 3 0x80 select sshd 32754 213395 11825 73 3 0x100090 kqread syslogd 11825 489203 1 0 3 0x100082 netio syslogd 41250 411811 1 77 3 0x100090 poll dhclient 78569 338491 1 0 3 0x80 poll dhclient 78982 258545 0 0 3 0x14200 bored smr 99251 406057 0 0 2 0x14200 zerothread 62549 94378 0 0 3 0x14200 aiodoned aiodoned 67563 175828 0 0 3 0x14200 syncer update 38980 78614 0 0 3 0x14200 cleaner cleaner 11127 448860 0 0 3 0x14200 reaper reaper 91440 81645 0 0 3 0x14200 pgdaemon pagedaemon 55172 412019 0 0 3 0x14200 bored crynlk 74610 259032 0 0 3 0x14200 bored crypto 44460 441811 0 0 3 0x40014200 acpi0 acpi0 48046 194333 0 0 3 0x14200 bored softnet 25134 368585 0 0 3 0x14200 bored systqmp 91907 424575 0 0 3 0x14200 bored systq 37942 424595 0 0 3 0x40014200 bored softclock 39857 221904 0 0 3 0x40014200 idle0 1 39156 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9502 6344K 7361K 78643K 11589 0 pcb 13 8K 8K 78643K 75 0 rtable 111 4K 4K 78643K 348 0 ifaddr 72 14K 14K 78643K 106 0 counters 21 16K 16K 78643K 27 0 ioctlops 0 0K 2K 78643K 31 0 iov 0 0K 24K 78643K 64 0 mount 1 1K 1K 78643K 1 0 vnodes 1222 77K 77K 78643K 1527 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 5 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 0K 78643K 73 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 308 0 sigio 0 0K 0K 78643K 14 0 proc 49 38K 55K 78643K 455 0 subproc 32 2K 2K 78643K 68 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 29 0 in_multi 46 2K 2K 78643K 96 0 ether_multi 1 0K 0K 78643K 13 0 mrt 0 0K 0K 78643K 9 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 37 175K 175K 78643K 37 0 exec 0 0K 1K 78643K 227 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 125 23K 39K 78643K 1612 0 UVM aobj 22 6K 6K 78643K 24 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 104 0 NDP 12 0K 0K 78643K 26 0 temp 92 3032K 3096K 78643K 34838 0 kqueue 3 4K 20K 78643K 30 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 11 0 5 1 0 1 1 0 8 0 rtpcb 80 33 0 31 1 0 1 1 0 8 0 rtentry 112 74 0 30 2 0 2 2 0 8 0 unpcb 120 113 0 105 1 0 1 1 0 8 0 syncache 264 10 0 10 2 2 0 1 0 8 0 tcpqe 32 42 0 42 1 1 0 1 0 8 0 tcpcb 544 119 0 115 1 0 1 1 0 8 0 inpcb 280 542 0 535 3 1 2 2 0 8 1 rttmr 72 4 0 4 1 1 0 1 0 8 0 nd6 48 12 0 6 1 0 1 1 0 8 0 ppxss 1128 2 0 2 1 1 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 279 0 88 13 1 12 12 0 8 0 art_table 32 280 0 88 2 0 2 2 0 8 0 art_node 16 71 0 31 1 0 1 1 0 8 0 semupl 112 4 0 4 1 1 0 1 0 8 0 semapl 112 65 0 55 1 0 1 1 0 8 0 shmpl 112 22 0 2 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1790 0 389 88 0 88 88 0 8 0 ffsino 240 1790 0 389 83 0 83 83 0 8 0 nchpl 144 2390 0 801 60 0 60 60 0 8 0 uvmvnodes 72 2100 0 0 39 0 39 39 0 8 0 vnodes 208 2100 0 0 111 0 111 111 0 8 0 namei 1024 6551 0 6551 3 2 1 1 0 8 1 vmpool 528 4 0 4 1 1 0 1 0 8 0 scxspl 192 25486 0 25486 1 0 1 1 0 8 1 plimitpl 152 46 0 39 1 0 1 1 0 8 0 sigapl 424 489 0 460 4 0 4 4 0 8 0 futexpl 56 5885 0 5885 2 1 1 1 0 8 1 knotepl 112 116 0 97 1 0 1 1 0 8 0 kqueuepl 144 62 0 60 1 0 1 1 0 8 0 pipelkpl 16 133 0 123 1 0 1 1 0 8 0 pipepl 120 266 0 247 2 1 1 2 0 8 0 fdescpl 432 474 0 460 2 0 2 2 0 8 0 filepl 120 2958 0 2862 5 1 4 4 0 8 1 lockfpl 104 94 0 93 1 0 1 1 0 8 0 lockfspl 48 34 0 33 1 0 1 1 0 8 0 sessionpl 112 19 0 9 1 0 1 1 0 8 0 pgrppl 48 27 0 17 1 0 1 1 0 8 0 ucredpl 96 247 0 240 1 0 1 1 0 8 0 zombiepl 144 460 0 460 2 1 1 1 0 8 1 processpl 920 489 0 460 4 0 4 4 0 8 0 procpl 624 796 0 759 4 1 3 4 0 8 0 sosppl 128 8 0 8 1 1 0 1 0 8 0 sockpl 400 689 0 672 5 2 3 4 0 8 1 mcl64k 65536 26 0 26 1 1 0 1 0 8 0 mcl16k 16384 1 0 1 1 1 0 1 0 8 0 mcl12k 12288 6 0 6 1 1 0 1 0 8 0 mcl9k 9216 6 0 6 1 1 0 1 0 8 0 mcl8k 8192 9 0 9 2 1 1 1 0 8 1 mcl4k 4096 24 0 24 3 2 1 1 0 8 1 mcl2k2 2112 2 0 2 1 1 0 1 0 8 0 mcl2k 2048 64837 0 64784 18 10 8 14 0 8 0 mtagpl 80 14 0 12 2 1 1 1 0 8 0 mbufpl 256 104950 0 104837 15 7 8 11 0 8 0 bufpl 280 7201 0 1840 384 0 384 384 0 8 0 anonpl 16 67832 0 56892 87 29 58 73 0 107 0 amapchunkpl 152 3635 0 3505 26 19 7 19 0 158 1 amappl16 192 2369 0 1609 50 11 39 50 0 8 0 amappl15 184 2 0 1 1 0 1 1 0 8 0 amappl14 176 39 0 30 1 0 1 1 0 8 0 amappl13 168 176 0 174 1 0 1 1 0 8 0 amappl12 160 16 0 12 2 1 1 1 0 8 0 amappl11 152 50 0 41 1 0 1 1 0 8 0 amappl10 144 132 0 127 1 0 1 1 0 8 0 amappl9 136 315 0 312 1 0 1 1 0 8 0 amappl8 128 362 0 321 2 0 2 2 0 8 0 amappl7 120 224 0 211 1 0 1 1 0 8 0 amappl6 112 25 0 20 1 0 1 1 0 8 0 amappl5 104 528 0 517 1 0 1 1 0 8 0 amappl4 96 580 0 548 1 0 1 1 0 8 0 amappl3 88 127 0 120 1 0 1 1 0 8 0 amappl2 80 2812 0 2749 2 0 2 2 0 8 0 amappl1 72 18241 0 17834 23 14 9 17 0 8 0 amappl 80 1069 0 1027 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 23 0 2 1 0 1 1 0 8 0 uaddrrnd 24 478 0 464 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 478 0 464 1 0 1 1 0 8 0 vmmpekpl 168 7247 0 7218 2 0 2 2 0 8 0 vmmpepl 168 64834 0 62993 142 32 110 110 0 357 27 vmsppl 272 477 0 464 2 1 1 2 0 8 0 pdppl 4096 962 0 928 6 1 5 6 0 8 0 pvpl 32 240960 0 227009 295 112 183 282 0 265 41 pmappl 200 477 0 464 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 251 0 32 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff821d9f34) at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff8223240f,ffffffff82243b16,136,ffffffff8220c77c) at __assert+0x2b sys/kern/subr_prf.c:154 buf_free_pages(fffffd8068152b20) at buf_free_pages+0x1d3 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd8068152b20) at buf_dealloc_mem+0xe1 sys/kern/vfs_biomem.c:179 buf_put(fffffd8068152b20) at buf_put+0x16b sys/kern/vfs_bio.c:131 brelse(fffffd8068152b20) at brelse+0x27d sys/kern/vfs_bio.c:948 vinvalbuf(fffffd80581589c0,2,ffffffffffffffff,ffff80001d739008,0,ffffffffffffffff) at vinvalbuf+0x3b1 sys/kern/vfs_subr.c:1981 ffs_truncate(fffffd805819b788,0,0,ffffffffffffffff) at ffs_truncate+0xeb1 sys/ufs/ffs/ffs_inode.c:326 ufs_inactive(ffff80001d80a108) at ufs_inactive+0x155 sys/ufs/ufs/ufs_inode.c:84 VOP_INACTIVE(fffffd80581589c0,ffff80001d739008) at VOP_INACTIVE+0xaa sys/kern/vfs_vops.c:573 vrele(fffffd80581589c0) at vrele+0xca sys/kern/vfs_subr.c:816 ktrsettrace(ffff8000ffffa010,c0000000,fffffd8058e12000,fffffd806c3bfc00) at ktrsettrace+0xb3 sys/kern/kern_ktrace.c:124 ktrops(ffff80001d739008,ffff8000ffffa010,0,c0000000,fffffd8058e12000,fffffd806c3bfc00) at ktrops+0x1a1 sys/kern/kern_ktrace.c:544 doktrace(fffffd8058e12000,4,40000000,0,ffff80001d739008) at doktrace+0x60d ktrsetchildren sys/kern/kern_ktrace.c:566 [inline] doktrace(fffffd8058e12000,4,40000000,0,ffff80001d739008) at doktrace+0x60d sys/kern/kern_ktrace.c:488 sys_ktrace(ffff80001d739008,ffff80001d80a4c8,ffff80001d80a510) at sys_ktrace+0xd5 sys/kern/kern_ktrace.c:529 syscall(ffff80001d80a590) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xadfe389d20, count: -18 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff821d9f34) at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff8223240f,ffffffff82243b16,136,ffffffff8220c77c) at __assert+0x2b sys/kern/subr_prf.c:154 buf_free_pages(fffffd8068152b20) at buf_free_pages+0x1d3 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd8068152b20) at buf_dealloc_mem+0xe1 sys/kern/vfs_biomem.c:179 buf_put(fffffd8068152b20) at buf_put+0x16b sys/kern/vfs_bio.c:131 brelse(fffffd8068152b20) at brelse+0x27d sys/kern/vfs_bio.c:948 vinvalbuf(fffffd80581589c0,2,ffffffffffffffff,ffff80001d739008,0,ffffffffffffffff) at vinvalbuf+0x3b1 sys/kern/vfs_subr.c:1981 ffs_truncate(fffffd805819b788,0,0,ffffffffffffffff) at ffs_truncate+0xeb1 sys/ufs/ffs/ffs_inode.c:326 ufs_inactive(ffff80001d80a108) at ufs_inactive+0x155 sys/ufs/ufs/ufs_inode.c:84 VOP_INACTIVE(fffffd80581589c0,ffff80001d739008) at VOP_INACTIVE+0xaa sys/kern/vfs_vops.c:573 vrele(fffffd80581589c0) at vrele+0xca sys/kern/vfs_subr.c:816 ktrsettrace(ffff8000ffffa010,c0000000,fffffd8058e12000,fffffd806c3bfc00) at ktrsettrace+0xb3 sys/kern/kern_ktrace.c:124 ktrops(ffff80001d739008,ffff8000ffffa010,0,c0000000,fffffd8058e12000,fffffd806c3bfc00) at ktrops+0x1a1 sys/kern/kern_ktrace.c:544 doktrace(fffffd8058e12000,4,40000000,0,ffff80001d739008) at doktrace+0x60d ktrsetchildren sys/kern/kern_ktrace.c:566 [inline] doktrace(fffffd8058e12000,4,40000000,0,ffff80001d739008) at doktrace+0x60d sys/kern/kern_ktrace.c:488 sys_ktrace(ffff80001d739008,ffff80001d80a4c8,ffff80001d80a510) at sys_ktrace+0xd5 sys/kern/kern_ktrace.c:529 syscall(ffff80001d80a590) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xadfe389d20, count: -18