panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 310 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *202799 95820 0 0 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff821ddaf9) at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff82232a5f,ffffffff822435ac,136,ffffffff8220c4c4) at __assert+0x2b sys/kern/subr_prf.c:154 buf_free_pages(fffffd805807de68) at buf_free_pages+0x1d3 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd805807de68) at buf_dealloc_mem+0xe1 sys/kern/vfs_biomem.c:179 buf_put(fffffd805807de68) at buf_put+0x16b sys/kern/vfs_bio.c:131 brelse(fffffd805807de68) at brelse+0x27d sys/kern/vfs_bio.c:948 vinvalbuf(fffffd8054263020,2,ffffffffffffffff,ffff80001d752398,0,ffffffffffffffff) at vinvalbuf+0x3b1 sys/kern/vfs_subr.c:1981 ffs_truncate(fffffd80582f34b8,0,0,ffffffffffffffff) at ffs_truncate+0xeb1 sys/ufs/ffs/ffs_inode.c:326 ufs_inactive(ffff80001f855d38) at ufs_inactive+0x155 sys/ufs/ufs/ufs_inode.c:84 VOP_INACTIVE(fffffd8054263020,ffff80001d752398) at VOP_INACTIVE+0xaa sys/kern/vfs_vops.c:573 vrele(fffffd8054263020) at vrele+0xca sys/kern/vfs_subr.c:816 ktrsettrace(ffff8000ffffaad8,80000100,fffffd806b1f7dd0,fffffd806c3bfae0) at ktrsettrace+0xb3 sys/kern/kern_ktrace.c:124 ktrops(ffff80001d752398,ffff8000ffffaad8,0,80000100,fffffd806b1f7dd0,fffffd806c3bfae0) at ktrops+0x1a1 sys/kern/kern_ktrace.c:544 end trace frame: 0xffff80001f855fa0, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 310 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff821ddaf9) at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff82232a5f,ffffffff822435ac,136,ffffffff8220c4c4) at __assert+0x2b sys/kern/subr_prf.c:154 buf_free_pages(fffffd805807de68) at buf_free_pages+0x1d3 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd805807de68) at buf_dealloc_mem+0xe1 sys/kern/vfs_biomem.c:179 buf_put(fffffd805807de68) at buf_put+0x16b sys/kern/vfs_bio.c:131 brelse(fffffd805807de68) at brelse+0x27d sys/kern/vfs_bio.c:948 vinvalbuf(fffffd8054263020,2,ffffffffffffffff,ffff80001d752398,0,ffffffffffffffff) at vinvalbuf+0x3b1 sys/kern/vfs_subr.c:1981 ffs_truncate(fffffd80582f34b8,0,0,ffffffffffffffff) at ffs_truncate+0xeb1 sys/ufs/ffs/ffs_inode.c:326 ufs_inactive(ffff80001f855d38) at ufs_inactive+0x155 sys/ufs/ufs/ufs_inode.c:84 VOP_INACTIVE(fffffd8054263020,ffff80001d752398) at VOP_INACTIVE+0xaa sys/kern/vfs_vops.c:573 vrele(fffffd8054263020) at vrele+0xca sys/kern/vfs_subr.c:816 ktrsettrace(ffff8000ffffaad8,80000100,fffffd806b1f7dd0,fffffd806c3bfae0) at ktrsettrace+0xb3 sys/kern/kern_ktrace.c:124 ktrops(ffff80001d752398,ffff8000ffffaad8,0,80000100,fffffd806b1f7dd0,fffffd806c3bfae0) at ktrops+0x1a1 sys/kern/kern_ktrace.c:544 doktrace(fffffd806b1f7dd0,4,100,0,ffff80001d752398) at doktrace+0x60d ktrsetchildren sys/kern/kern_ktrace.c:566 [inline] doktrace(fffffd806b1f7dd0,4,100,0,ffff80001d752398) at doktrace+0x60d sys/kern/kern_ktrace.c:488 sys_ktrace(ffff80001d752398,ffff80001f8560f8,ffff80001f856140) at sys_ktrace+0xd5 sys/kern/kern_ktrace.c:529 syscall(ffff80001f8561c0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa0bd7afe00, count: -18 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80001f855830 rbx 0xffff80001f8558e0 rdx 0x2 rcx 0 rax 0x1 r8 0xffffffff81b520cf kprintf+0x15f r9 0x1 r10 0x2 r11 0x9fc6a8bd9306bf34 r12 0x3000000008 r13 0xffff80001f855840 r14 0x100 r15 0x1 rip 0xffffffff81b7a488 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80001f855820 ss 0 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) pid=202799 stat=onproc flags process=0 proc=4000000 pri=17, usrpri=80, nice=20 forw=0xffffffffffffffff, list=0xffff80001d7514f8,0xffffffff82578ad8 process=0xffff8000ffffa740 user=0xffff80001f851000, vmspace=0xfffffd8059384dd0 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 95820 387984 64738 0 2 0 syz-executor.0 95820 253952 64738 0 3 0x4000080 fsleep syz-executor.0 *95820 202799 64738 0 7 0x4000000 syz-executor.0 64738 183177 16627 0 3 0x82 nanosleep syz-executor.0 47891 247293 0 0 3 0x14200 bored sosplice 80725 342402 16627 0 3 0x82 piperd syz-executor.1 16627 513225 14097 0 3 0x82 thrsleep syz-fuzzer 16627 366902 14097 0 3 0x4000082 nanosleep syz-fuzzer 16627 116255 14097 0 2 0x4000002 syz-fuzzer 16627 62953 14097 0 3 0x4000082 thrsleep syz-fuzzer 16627 224207 14097 0 3 0x4000082 thrsleep syz-fuzzer 16627 366066 14097 0 3 0x4000082 thrsleep syz-fuzzer 16627 462207 14097 0 3 0x4000082 thrsleep syz-fuzzer 16627 332867 14097 0 3 0x4000082 thrsleep syz-fuzzer 14097 334325 53956 0 3 0x10008a pause ksh 53956 17511 10069 0 3 0x92 select sshd 49400 518380 1 0 3 0x100083 ttyin getty 10069 366587 1 0 3 0x80 select sshd 50067 472548 4856 73 3 0x100090 kqread syslogd 4856 236334 1 0 3 0x100082 netio syslogd 34109 241173 1 77 3 0x100090 poll dhclient 60486 121004 1 0 3 0x80 poll dhclient 31905 363277 0 0 3 0x14200 bored smr 32704 431530 0 0 2 0x14200 zerothread 4404 518198 0 0 3 0x14200 aiodoned aiodoned 67667 260994 0 0 3 0x14200 syncer update 77782 412688 0 0 3 0x14200 cleaner cleaner 49486 146594 0 0 3 0x14200 reaper reaper 6781 351789 0 0 3 0x14200 pgdaemon pagedaemon 91560 374084 0 0 3 0x14200 bored crynlk 49293 322323 0 0 3 0x14200 bored crypto 47404 74424 0 0 3 0x40014200 acpi0 acpi0 59597 236337 0 0 3 0x14200 bored softnet 82444 85779 0 0 3 0x14200 bored systqmp 29305 187071 0 0 3 0x14200 bored systq 99050 36805 0 0 3 0x40014200 bored softclock 59551 171691 0 0 3 0x40014200 idle0 1 361065 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 9494 6342K 6587K 78643K 10943 0 pcb 13 8K 8K 78643K 284 0 rtable 110 3K 3K 78643K 290 0 ifaddr 68 13K 13K 78643K 100 0 counters 21 16K 16K 78643K 26 0 ioctlops 0 0K 2K 78643K 28 0 iov 0 0K 12K 78643K 54 0 mount 1 1K 1K 78643K 1 0 vnodes 1218 77K 77K 78643K 1348 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 5 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 1K 78643K 62 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1809 195K 288K 78643K 12938 0 file desc 5 13K 25K 78643K 221 0 proc 49 38K 55K 78643K 418 0 subproc 32 2K 2K 78643K 51 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 22 0 in_multi 55 3K 3K 78643K 89 0 ether_multi 1 0K 0K 78643K 10 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 49 228K 228K 78643K 49 0 exec 0 0K 1K 78643K 212 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 113 22K 26K 78643K 1389 0 UVM aobj 12 4K 4K 78643K 20 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 39 0 NDP 11 0K 0K 78643K 23 0 temp 97 3035K 3103K 78643K 24668 0 kqueue 3 4K 8K 78643K 9 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 8 0 2 1 0 1 1 0 8 0 rtpcb 80 27 0 25 1 0 1 1 0 8 0 rtentry 112 61 0 16 2 0 2 2 0 8 0 unpcb 120 121 0 113 1 0 1 1 0 8 0 syncache 264 5 0 5 2 2 0 1 0 8 0 tcpqe 32 307 0 307 1 1 0 1 0 8 0 tcpcb 544 93 0 89 1 0 1 1 0 8 0 inpcb 280 466 0 459 2 1 1 2 0 8 0 nd6 48 11 0 4 1 0 1 1 0 8 0 pkpcb 40 2 0 2 1 1 0 1 0 8 0 swfcl 56 1 0 0 1 0 1 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 279 0 86 14 1 13 13 0 8 0 art_table 32 280 0 86 2 0 2 2 0 8 0 art_node 16 60 0 19 1 0 1 1 0 8 0 sysvmsgpl 40 2 0 2 1 1 0 1 0 8 0 semapl 112 60 0 50 1 0 1 1 0 8 0 shmpl 112 18 0 8 3 2 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 1689 0 292 88 0 88 88 0 8 0 ffsino 240 1689 0 292 83 0 83 83 0 8 0 nchpl 144 2180 0 591 60 0 60 60 0 8 0 uvmvnodes 72 1824 0 0 34 0 34 34 0 8 0 vnodes 208 1824 0 0 96 0 96 96 0 8 0 namei 1024 5679 0 5679 4 3 1 1 0 8 1 vcpupl 1984 2 0 0 1 0 1 1 0 8 0 vmpool 528 2 0 0 1 0 1 1 0 8 0 scxspl 192 23962 0 23961 5 4 1 1 0 8 0 plimitpl 152 25 0 18 1 0 1 1 0 8 0 sigapl 424 405 0 376 4 0 4 4 0 8 0 futexpl 56 4207 0 4206 3 2 1 1 0 8 0 knotepl 112 87 0 68 1 0 1 1 0 8 0 kqueuepl 144 26 0 24 1 0 1 1 0 8 0 pipelkpl 16 99 0 88 1 0 1 1 0 8 0 pipepl 120 198 0 177 1 0 1 1 0 8 0 fdescpl 432 390 0 376 2 0 2 2 0 8 0 filepl 120 2281 0 2183 5 1 4 4 0 8 1 lockfpl 104 57 0 55 1 0 1 1 0 8 0 lockfspl 48 23 0 21 1 0 1 1 0 8 0 sessionpl 112 18 0 8 1 0 1 1 0 8 0 pgrppl 48 20 0 10 1 0 1 1 0 8 0 ucredpl 96 193 0 186 1 0 1 1 0 8 0 zombiepl 144 376 0 376 2 1 1 1 0 8 1 processpl 920 405 0 376 4 0 4 4 0 8 0 procpl 624 633 0 595 4 0 4 4 0 8 0 sockpl 400 629 0 612 6 3 3 4 0 8 1 mcl64k 65536 20 0 20 4 4 0 1 0 8 0 mcl16k 16384 1 0 1 1 1 0 1 0 8 0 mcl12k 12288 2 0 2 2 2 0 1 0 8 0 mcl9k 9216 1 0 1 1 1 0 1 0 8 0 mcl8k 8192 1 0 1 1 1 0 1 0 8 0 mcl4k 4096 21 0 21 3 3 0 1 0 8 0 mcl2k2 2112 1 0 1 1 1 0 1 0 8 0 mcl2k 2048 63485 0 63421 21 11 10 17 0 8 0 mtagpl 80 33 0 22 2 1 1 1 0 8 0 mbufpl 256 102118 0 101955 15 4 11 12 0 8 0 bufpl 280 5458 0 126 381 0 381 381 0 8 0 anonpl 16 56554 0 45813 78 19 59 76 0 107 0 amapchunkpl 152 2724 0 2595 30 23 7 19 0 158 1 amappl16 192 1612 0 816 42 2 40 41 0 8 0 amappl15 184 1 0 0 1 0 1 1 0 8 0 amappl14 176 147 0 140 1 0 1 1 0 8 0 amappl13 168 159 0 157 1 0 1 1 0 8 0 amappl12 160 7 0 4 2 1 1 1 0 8 0 amappl11 152 46 0 37 1 0 1 1 0 8 0 amappl10 144 62 0 55 1 0 1 1 0 8 0 amappl9 136 362 0 360 1 0 1 1 0 8 0 amappl8 128 335 0 301 2 0 2 2 0 8 0 amappl7 120 165 0 149 1 0 1 1 0 8 0 amappl6 112 22 0 18 1 0 1 1 0 8 0 amappl5 104 220 0 210 1 0 1 1 0 8 0 amappl4 96 564 0 535 1 0 1 1 0 8 0 amappl3 88 225 0 219 1 0 1 1 0 8 0 amappl2 80 2216 0 2153 2 0 2 2 0 8 0 amappl1 72 17119 0 16718 24 15 9 17 0 8 0 amappl 80 895 0 854 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 64 19 0 8 1 0 1 1 0 8 0 uaddrrnd 24 392 0 376 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 392 0 376 1 0 1 1 0 8 0 vmmpekpl 168 6584 0 6556 2 0 2 2 0 8 0 vmmpepl 168 53430 0 51567 133 21 112 112 0 357 27 vmsppl 272 391 0 376 4 2 2 2 0 8 0 pdppl 4096 790 0 754 6 1 5 6 0 8 0 pvpl 32 209529 0 195788 297 112 185 287 0 265 44 pmappl 200 391 0 376 1 0 1 1 0 8 0 extentpl 40 53 0 36 1 0 1 1 0 8 0 phpool 112 261 0 36 7 0 7 7 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff821ddaf9) at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff82232a5f,ffffffff822435ac,136,ffffffff8220c4c4) at __assert+0x2b sys/kern/subr_prf.c:154 buf_free_pages(fffffd805807de68) at buf_free_pages+0x1d3 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd805807de68) at buf_dealloc_mem+0xe1 sys/kern/vfs_biomem.c:179 buf_put(fffffd805807de68) at buf_put+0x16b sys/kern/vfs_bio.c:131 brelse(fffffd805807de68) at brelse+0x27d sys/kern/vfs_bio.c:948 vinvalbuf(fffffd8054263020,2,ffffffffffffffff,ffff80001d752398,0,ffffffffffffffff) at vinvalbuf+0x3b1 sys/kern/vfs_subr.c:1981 ffs_truncate(fffffd80582f34b8,0,0,ffffffffffffffff) at ffs_truncate+0xeb1 sys/ufs/ffs/ffs_inode.c:326 ufs_inactive(ffff80001f855d38) at ufs_inactive+0x155 sys/ufs/ufs/ufs_inode.c:84 VOP_INACTIVE(fffffd8054263020,ffff80001d752398) at VOP_INACTIVE+0xaa sys/kern/vfs_vops.c:573 vrele(fffffd8054263020) at vrele+0xca sys/kern/vfs_subr.c:816 ktrsettrace(ffff8000ffffaad8,80000100,fffffd806b1f7dd0,fffffd806c3bfae0) at ktrsettrace+0xb3 sys/kern/kern_ktrace.c:124 ktrops(ffff80001d752398,ffff8000ffffaad8,0,80000100,fffffd806b1f7dd0,fffffd806c3bfae0) at ktrops+0x1a1 sys/kern/kern_ktrace.c:544 doktrace(fffffd806b1f7dd0,4,100,0,ffff80001d752398) at doktrace+0x60d ktrsetchildren sys/kern/kern_ktrace.c:566 [inline] doktrace(fffffd806b1f7dd0,4,100,0,ffff80001d752398) at doktrace+0x60d sys/kern/kern_ktrace.c:488 sys_ktrace(ffff80001d752398,ffff80001f8560f8,ffff80001f856140) at sys_ktrace+0xd5 sys/kern/kern_ktrace.c:529 syscall(ffff80001f8561c0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa0bd7afe00, count: -18 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic(ffffffff821ddaf9) at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff82232a5f,ffffffff822435ac,136,ffffffff8220c4c4) at __assert+0x2b sys/kern/subr_prf.c:154 buf_free_pages(fffffd805807de68) at buf_free_pages+0x1d3 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd805807de68) at buf_dealloc_mem+0xe1 sys/kern/vfs_biomem.c:179 buf_put(fffffd805807de68) at buf_put+0x16b sys/kern/vfs_bio.c:131 brelse(fffffd805807de68) at brelse+0x27d sys/kern/vfs_bio.c:948 vinvalbuf(fffffd8054263020,2,ffffffffffffffff,ffff80001d752398,0,ffffffffffffffff) at vinvalbuf+0x3b1 sys/kern/vfs_subr.c:1981 ffs_truncate(fffffd80582f34b8,0,0,ffffffffffffffff) at ffs_truncate+0xeb1 sys/ufs/ffs/ffs_inode.c:326 ufs_inactive(ffff80001f855d38) at ufs_inactive+0x155 sys/ufs/ufs/ufs_inode.c:84 VOP_INACTIVE(fffffd8054263020,ffff80001d752398) at VOP_INACTIVE+0xaa sys/kern/vfs_vops.c:573 vrele(fffffd8054263020) at vrele+0xca sys/kern/vfs_subr.c:816 ktrsettrace(ffff8000ffffaad8,80000100,fffffd806b1f7dd0,fffffd806c3bfae0) at ktrsettrace+0xb3 sys/kern/kern_ktrace.c:124 ktrops(ffff80001d752398,ffff8000ffffaad8,0,80000100,fffffd806b1f7dd0,fffffd806c3bfae0) at ktrops+0x1a1 sys/kern/kern_ktrace.c:544 doktrace(fffffd806b1f7dd0,4,100,0,ffff80001d752398) at doktrace+0x60d ktrsetchildren sys/kern/kern_ktrace.c:566 [inline] doktrace(fffffd806b1f7dd0,4,100,0,ffff80001d752398) at doktrace+0x60d sys/kern/kern_ktrace.c:488 sys_ktrace(ffff80001d752398,ffff80001f8560f8,ffff80001f856140) at sys_ktrace+0xd5 sys/kern/kern_ktrace.c:529 syscall(ffff80001f8561c0) at syscall+0x507 sys/arch/amd64/amd64/trap.c:570 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0xa0bd7afe00, count: -18