panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 329 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *341506 65070 0 0x2 0x4000000 0 syz-fuzzer db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821e536a,ffffffff821f7525,149,ffffffff821c0c86) at __assert+0x2b sys/kern/subr_prf.c:154 buf_free_pages(fffffd802751c100) at buf_free_pages+0x1ee sys/kern/vfs_biomem.c:318 buf_dealloc_mem(fffffd802751c100) at buf_dealloc_mem+0xe1 sys/kern/vfs_biomem.c:194 buf_put(fffffd802751c100) at buf_put+0x16b sys/kern/vfs_bio.c:131 brelse(fffffd802751c100) at brelse+0x257 sys/kern/vfs_bio.c:922 vinvalbuf(fffffd802fb341b0,2,fffffd803f7c6a80,ffff8000ffff5b38,0,ffffffffffffffff) at vinvalbuf+0x3b1 sys/kern/vfs_subr.c:1977 ffs_truncate(fffffd80363af3d0,0,4,fffffd803f7c6a80) at ffs_truncate+0xeb1 sys/ufs/ffs/ffs_inode.c:326 ufs_rmdir(ffff800014903ee8) at ufs_rmdir+0x3af sys/ufs/ufs/ufs_vnops.c:1357 VOP_RMDIR(fffffd802fb340e0,fffffd802fb341b0,ffff800014903fe8) at VOP_RMDIR+0xf8 sys/kern/vfs_vops.c:474 dounlinkat(ffff8000ffff5b38,b,c000a64b00,8) at dounlinkat+0x14c sys/kern/vfs_syscalls.c:1818 syscall(ffff800014904160) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,145,c000028000,145,100,58) at Xsyscall+0x128 end of kernel end trace frame: 0xc002ca97e8, count: 1 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 329 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821e536a,ffffffff821f7525,149,ffffffff821c0c86) at __assert+0x2b sys/kern/subr_prf.c:154 buf_free_pages(fffffd802751c100) at buf_free_pages+0x1ee sys/kern/vfs_biomem.c:318 buf_dealloc_mem(fffffd802751c100) at buf_dealloc_mem+0xe1 sys/kern/vfs_biomem.c:194 buf_put(fffffd802751c100) at buf_put+0x16b sys/kern/vfs_bio.c:131 brelse(fffffd802751c100) at brelse+0x257 sys/kern/vfs_bio.c:922 vinvalbuf(fffffd802fb341b0,2,fffffd803f7c6a80,ffff8000ffff5b38,0,ffffffffffffffff) at vinvalbuf+0x3b1 sys/kern/vfs_subr.c:1977 ffs_truncate(fffffd80363af3d0,0,4,fffffd803f7c6a80) at ffs_truncate+0xeb1 sys/ufs/ffs/ffs_inode.c:326 ufs_rmdir(ffff800014903ee8) at ufs_rmdir+0x3af sys/ufs/ufs/ufs_vnops.c:1357 VOP_RMDIR(fffffd802fb340e0,fffffd802fb341b0,ffff800014903fe8) at VOP_RMDIR+0xf8 sys/kern/vfs_vops.c:474 dounlinkat(ffff8000ffff5b38,b,c000a64b00,8) at dounlinkat+0x14c sys/kern/vfs_syscalls.c:1818 syscall(ffff800014904160) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,145,c000028000,145,100,58) at Xsyscall+0x128 end of kernel end trace frame: 0xc002ca97e8, count: -14 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000149039c0 rbx 0xffff800014903a70 rdx 0x2 rcx 0 rax 0 r8 0xffff800014903980 r9 0x1 r10 0 r11 0x6bd45e3ca5341d6a r12 0x3000000008 r13 0xffff8000149039d0 r14 0x100 r15 0x1 rip 0xffffffff811a2428 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000149039b0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-fuzzer) pid=341506 stat=onproc flags process=2 proc=4000000 pri=17, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff53d0,0xffff8000ffff98c8 process=0xffff8000148a2d98 user=0xffff8000148ff000, vmspace=0xfffffd803f014bb0 estcpu=36, cpticks=1, pctcpu=0.3 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 90487 309507 56854 0 3 0x80 nanosleep syz-executor.0 90487 480775 56854 0 3 0x4000080 netcon syz-executor.0 90487 111253 56854 0 3 0x4000080 fsleep syz-executor.0 56854 22871 65070 0 3 0x82 nanosleep syz-executor.0 28889 392170 1 0 3 0x100083 ttyin getty 6461 44751 0 0 3 0x14200 bored sosplice 65070 443463 99204 0 3 0x82 thrsleep syz-fuzzer 65070 33961 99204 0 3 0x4000082 nanosleep syz-fuzzer 65070 119718 99204 0 3 0x4000082 thrsleep syz-fuzzer 65070 401161 99204 0 3 0x4000082 thrsleep syz-fuzzer *65070 341506 99204 0 7 0x4000002 syz-fuzzer 65070 237672 99204 0 3 0x4000082 thrsleep syz-fuzzer 65070 485411 99204 0 3 0x4000082 thrsleep syz-fuzzer 65070 66085 99204 0 3 0x4000082 thrsleep syz-fuzzer 99204 406887 78074 0 3 0x10008a pause ksh 78074 191096 94354 0 3 0x92 select sshd 94354 512481 1 0 3 0x80 select sshd 58990 292608 47396 73 3 0x100090 kqread syslogd 47396 395532 1 0 3 0x100082 netio syslogd 66754 421710 1 77 3 0x100090 poll dhclient 83255 513514 1 0 3 0x80 poll dhclient 49114 427866 0 0 3 0x14200 pgzero zerothread 64158 394371 0 0 3 0x14200 aiodoned aiodoned 3652 309559 0 0 3 0x14200 syncer update 18588 362415 0 0 3 0x14200 cleaner cleaner 71325 460544 0 0 3 0x14200 reaper reaper 45271 145421 0 0 3 0x14200 pgdaemon pagedaemon 51265 68916 0 0 3 0x14200 bored crynlk 55027 250973 0 0 3 0x14200 bored crypto 8826 391691 0 0 3 0x40014200 acpi0 acpi0 72014 330912 0 0 3 0x14200 bored softnet 23770 379187 0 0 3 0x14200 bored systqmp 41976 134824 0 0 3 0x14200 bored systq 6916 364960 0 0 3 0x40014200 bored softclock 45410 420187 0 0 3 0x40014200 idle0 56182 96471 0 0 3 0x14200 bored smr 1 514653 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9571 7024K 8053K 78643K 45655 0 0 pcb 13 10K 12K 78643K 531 0 0 rtable 105 8K 8K 78643K 1847 0 0 ifaddr 80 17K 17K 78643K 503 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 172 0 0 iov 0 0K 32K 78643K 2033 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1225 77K 78K 78643K 9728 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 40 0 0 VM map 26 6K 6K 78643K 28 0 0 sem 12 1K 1K 78643K 448 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 4 9K 25K 78643K 4010 0 0 sigio 0 0K 0K 78643K 22 0 0 proc 49 38K 55K 78643K 2887 0 0 subproc 16 1K 2K 78643K 357 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 243 0 0 in_multi 24 1K 2K 78643K 371 0 0 ether_multi 1 0K 0K 78643K 14 0 0 mrt 1 0K 0K 78643K 18 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 102 450K 450K 78643K 102 0 0 exec 0 0K 1K 78643K 673 0 0 pfkey data 0 0K 4K 78643K 2 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 151 201K 210K 78643K 10850 0 0 UVM aobj 131 4K 4K 78643K 143 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 451 0 0 NDP 21 0K 1K 78643K 169 0 0 temp 204 3543K 4184K 78643K 101638 0 0 kqueue 0 0K 0K 78643K 33 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 65 0 60 1 0 1 1 0 8 0 rtpcb 80 249 0 247 1 0 1 1 0 8 0 rtentry 112 361 0 323 2 0 2 2 0 8 0 unpcb 120 7378 0 7370 1 0 1 1 0 8 0 syncache 264 15 0 15 7 7 0 1 0 8 0 tcpqe 32 53 0 53 3 3 0 1 0 8 0 tcpcb 544 1275 0 1270 29 28 1 15 0 8 0 ipq 40 19 0 19 10 9 1 1 0 8 1 ipqe 40 510 0 510 10 9 1 1 0 8 1 inpcb 280 3350 0 3341 32 30 2 9 0 8 1 rttmr 72 6 0 6 4 3 1 1 0 8 1 nd6 48 53 0 51 4 3 1 1 0 8 0 pkpcb 40 10 0 10 2 2 0 1 0 8 0 ppxss 1128 43 0 43 12 11 1 1 0 8 1 art_heap8 4096 12 0 10 9 6 3 4 0 8 1 art_heap4 256 1527 0 1340 36 23 13 15 0 8 0 art_table 32 1539 0 1350 2 0 2 2 0 8 0 art_node 16 360 0 325 1 0 1 1 0 8 0 semapl 112 446 0 436 1 0 1 1 0 8 0 shmpl 112 141 0 13 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 7316 0 5909 46 0 46 46 0 8 0 ffsino 240 7316 0 5909 84 0 84 84 0 8 0 nchpl 144 16870 0 16411 60 41 19 60 0 8 0 uvmvnodes 72 6641 0 0 121 0 121 121 0 8 0 vnodes 208 6641 0 0 350 0 350 350 0 8 0 namei 1024 57071 0 57071 5 4 1 1 0 8 1 vcpupl 1984 24 0 0 3 0 3 3 0 8 0 vmpool 520 26 0 2 2 0 2 2 0 8 0 scxspl 192 71798 0 71798 24 23 1 7 0 8 1 plimitpl 152 498 0 492 1 0 1 1 0 8 0 sigapl 432 4125 0 4113 2 0 2 2 0 8 0 futexpl 56 132469 0 132468 5 4 1 1 0 8 0 knotepl 112 744 0 723 1 0 1 1 0 8 0 kqueuepl 104 951 0 949 7 6 1 4 0 8 0 pipepl 112 2724 0 2709 5 4 1 2 0 8 0 fdescpl 424 4126 0 4113 2 0 2 2 0 8 0 filepl 120 45914 0 45835 26 22 4 11 0 8 0 lockfpl 104 2398 0 2397 1 0 1 1 0 8 0 lockfspl 48 982 0 981 1 0 1 1 0 8 0 sessionpl 112 37 0 28 1 0 1 1 0 8 0 pgrppl 48 57 0 48 1 0 1 1 0 8 0 ucredpl 96 4695 0 4686 1 0 1 1 0 8 0 zombiepl 144 4114 0 4114 2 1 1 1 0 8 1 processpl 864 4142 0 4114 4 0 4 4 0 8 0 procpl 632 8902 0 8865 4 0 4 4 0 8 0 sosppl 128 26 0 26 8 8 0 1 0 8 0 sockpl 384 11012 0 10993 50 46 4 14 0 8 1 mcl64k 65536 679 0 679 86 85 1 33 0 8 1 mcl16k 16384 39 0 39 7 6 1 1 0 8 1 mcl12k 12288 62 0 62 20 19 1 1 0 8 1 mcl9k 9216 46 0 46 20 19 1 1 0 8 1 mcl8k 8192 858 0 858 10 9 1 1 0 8 1 mcl4k 4096 421 0 421 32 31 1 1 0 8 1 mcl2k2 2112 22 0 22 14 13 1 1 0 8 1 mcl2k 2048 76873 0 76834 30 24 6 12 0 8 0 mtagpl 80 92 0 92 7 6 1 1 0 8 1 mbufpl 256 154577 0 154526 121 107 14 34 0 8 8 bufpl 256 36697 0 29857 428 0 428 428 0 8 0 anonpl 16 496454 0 479712 217 129 88 98 0 62 5 amapchunkpl 152 21342 0 21194 50 42 8 20 0 158 0 amappl16 192 24819 0 23722 197 137 60 68 0 8 4 amappl15 184 2 0 2 2 2 0 1 0 8 0 amappl14 176 389 0 384 1 0 1 1 0 8 0 amappl13 168 461 0 460 1 0 1 1 0 8 0 amappl12 160 776 0 771 1 0 1 1 0 8 0 amappl11 152 954 0 943 1 0 1 1 0 8 0 amappl10 144 110 0 109 1 0 1 1 0 8 0 amappl9 136 1976 0 1971 1 0 1 1 0 8 0 amappl8 128 1513 0 1470 2 0 2 2 0 8 0 amappl7 120 204 0 197 1 0 1 1 0 8 0 amappl6 112 940 0 927 1 0 1 1 0 8 0 amappl5 104 1046 0 1034 1 0 1 1 0 8 0 amappl4 96 3946 0 3911 1 0 1 1 0 8 0 amappl3 88 1088 0 1080 1 0 1 1 0 8 0 amappl2 80 31883 0 31816 3 1 2 3 0 8 0 amappl1 72 85492 0 85095 27 18 9 20 0 8 0 amappl 80 9494 0 9437 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 142 0 12 3 0 3 3 0 8 0 uaddrrnd 24 4152 0 4113 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 4152 0 4113 1 0 1 1 0 8 0 vmmpekpl 168 28282 0 28246 2 0 2 2 0 8 0 vmmpepl 168 506823 0 504647 654 513 141 165 0 357 36 vmsppl 272 4125 0 4113 8 7 1 2 0 8 0 pdppl 4096 8310 0 8254 12 4 8 8 0 8 0 pvpl 32 1742270 0 1722999 548 307 241 315 0 265 53 pmappl 200 4151 0 4115 6 3 3 3 0 8 1 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 902 0 336 19 2 17 17 0 8 0