panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 329 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *111292 6096 0 0x2 0 0 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821e6c25,ffffffff821fd180,149,ffffffff821c5f56) at __assert+0x2b sys/kern/subr_prf.c:154 buf_free_pages(fffffd8039904d00) at buf_free_pages+0x1ee sys/kern/vfs_biomem.c:318 buf_dealloc_mem(fffffd8039904d00) at buf_dealloc_mem+0xe1 sys/kern/vfs_biomem.c:194 buf_put(fffffd8039904d00) at buf_put+0x16b sys/kern/vfs_bio.c:131 brelse(fffffd8039904d00) at brelse+0x257 sys/kern/vfs_bio.c:922 vinvalbuf(fffffd8021f20760,2,fffffd803f7c6900,ffff8000ffff8ed8,0,ffffffffffffffff) at vinvalbuf+0x3b1 sys/kern/vfs_subr.c:1977 ffs_truncate(fffffd8036572008,0,4,fffffd803f7c6900) at ffs_truncate+0xeb1 sys/ufs/ffs/ffs_inode.c:326 ufs_rmdir(ffff8000179f6ff8) at ufs_rmdir+0x3af sys/ufs/ufs/ufs_vnops.c:1357 VOP_RMDIR(fffffd8029833428,fffffd8021f20760,ffff8000179f70f8) at VOP_RMDIR+0xf8 sys/kern/vfs_vops.c:474 dounlinkat(ffff8000ffff8ed8,ffffff9c,7f7ffffedf70,8) at dounlinkat+0x14c sys/kern/vfs_syscalls.c:1818 syscall(ffff8000179f7270) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,89,7f7ffffedab0,89,195d22d3b80,7f7ffffedf70) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffedf60, count: 1 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 329 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821e6c25,ffffffff821fd180,149,ffffffff821c5f56) at __assert+0x2b sys/kern/subr_prf.c:154 buf_free_pages(fffffd8039904d00) at buf_free_pages+0x1ee sys/kern/vfs_biomem.c:318 buf_dealloc_mem(fffffd8039904d00) at buf_dealloc_mem+0xe1 sys/kern/vfs_biomem.c:194 buf_put(fffffd8039904d00) at buf_put+0x16b sys/kern/vfs_bio.c:131 brelse(fffffd8039904d00) at brelse+0x257 sys/kern/vfs_bio.c:922 vinvalbuf(fffffd8021f20760,2,fffffd803f7c6900,ffff8000ffff8ed8,0,ffffffffffffffff) at vinvalbuf+0x3b1 sys/kern/vfs_subr.c:1977 ffs_truncate(fffffd8036572008,0,4,fffffd803f7c6900) at ffs_truncate+0xeb1 sys/ufs/ffs/ffs_inode.c:326 ufs_rmdir(ffff8000179f6ff8) at ufs_rmdir+0x3af sys/ufs/ufs/ufs_vnops.c:1357 VOP_RMDIR(fffffd8029833428,fffffd8021f20760,ffff8000179f70f8) at VOP_RMDIR+0xf8 sys/kern/vfs_vops.c:474 dounlinkat(ffff8000ffff8ed8,ffffff9c,7f7ffffedf70,8) at dounlinkat+0x14c sys/kern/vfs_syscalls.c:1818 syscall(ffff8000179f7270) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,89,7f7ffffedab0,89,195d22d3b80,7f7ffffedf70) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffedf60, count: -14 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000179f6ad0 rbx 0xffff8000179f6b80 rdx 0x2 rcx 0 rax 0 r8 0xffff8000179f6a90 r9 0x1 r10 0 r11 0xca44050b12da7004 r12 0x3000000008 r13 0xffff8000179f6ae0 r14 0x100 r15 0x1 rip 0xffffffff81eb3838 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000179f6ac0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=111292 stat=onproc flags process=2 proc=0 pri=17, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff3b40,0xffffffff82557bb8 process=0xffff8000ffff70f0 user=0xffff8000179f2000, vmspace=0xfffffd803f013dd0 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND * 6096 111292 82979 0 7 0x2 syz-executor.1 60173 358157 0 0 3 0x14200 bored sosplice 82979 53952 22983 0 3 0x82 thrsleep syz-fuzzer 82979 354790 22983 0 3 0x4000082 nanosleep syz-fuzzer 82979 39356 22983 0 3 0x4000082 thrsleep syz-fuzzer 82979 46787 22983 0 3 0x4000082 thrsleep syz-fuzzer 82979 10337 22983 0 3 0x4000082 thrsleep syz-fuzzer 82979 205944 22983 0 3 0x4000082 thrsleep syz-fuzzer 82979 512739 22983 0 3 0x4000082 thrsleep syz-fuzzer 82979 335646 22983 0 3 0x4000002 biowait syz-fuzzer 82979 77239 22983 0 3 0x4000082 thrsleep syz-fuzzer 22983 153628 63247 0 3 0x10008a pause ksh 63247 235064 79760 0 3 0x92 select sshd 29373 422954 1 0 3 0x100083 ttyin getty 79760 488681 1 0 3 0x80 select sshd 98767 320083 58999 73 3 0x100010 ffs_fsync syslogd 58999 129892 1 0 3 0x100082 netio syslogd 52969 285741 0 0 3 0x14200 pgzero zerothread 63757 89630 0 0 3 0x14200 aiodoned aiodoned 57321 100465 0 0 3 0x14200 syncer update 29381 335670 0 0 3 0x14200 cleaner cleaner 59605 152183 0 0 3 0x14200 reaper reaper 77213 457934 0 0 3 0x14200 pgdaemon pagedaemon 67066 161239 0 0 3 0x14200 bored crynlk 66903 130248 0 0 3 0x14200 bored crypto 39260 34684 0 0 3 0x40014200 acpi0 acpi0 50828 432016 0 0 3 0x14200 bored softnet 87509 40229 0 0 3 0x14200 bored systqmp 69073 60037 0 0 3 0x14200 bored systq 44945 313483 0 0 3 0x40014200 bored softclock 61520 352661 0 0 3 0x40014200 idle0 38682 50813 0 0 3 0x14200 bored smr 1 76672 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9578 6331K 8260K 78643K 42764 0 0 pcb 13 11K 13K 78643K 2865 0 0 rtable 103 12K 12K 78643K 4134 0 0 ifaddr 474 47K 48K 78643K 2019 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 672 0 0 iov 0 0K 32K 78643K 2829 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1209 76K 77K 78643K 13231 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 142 0 0 VM map 102 25K 25K 78643K 135 0 0 sem 12 0K 0K 78643K 3194 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 3 5K 25K 78643K 11063 0 0 sigio 0 0K 0K 78643K 628 0 0 proc 45 30K 55K 78643K 3998 0 0 subproc 16 1K 2K 78643K 1203 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 1240 0 0 in_multi 18 1K 2K 78643K 1250 0 0 ether_multi 1 0K 0K 78643K 116 0 0 mrt 1 0K 0K 78643K 94 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 168 742K 742K 78643K 168 0 0 exec 0 0K 1K 78643K 2396 0 0 pfkey data 0 0K 4K 78643K 5 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 274 822K 832K 78643K 29050 0 0 UVM aobj 130 7K 7K 78643K 141 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 2742 0 0 NDP 22 0K 1K 78643K 547 0 0 temp 158 3535K 4177K 78643K 363289 0 0 kqueue 0 0K 0K 78643K 159 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 310 0 305 1 0 1 1 0 8 0 rtpcb 80 1036 0 1036 24 24 0 1 0 8 0 rtentry 112 1272 0 1237 2 0 2 2 0 8 0 unpcb 120 7122 0 7111 7 6 1 2 0 8 0 syncache 264 54 0 54 24 24 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 181 0 181 21 21 0 1 0 8 0 tcpcb 544 4776 0 4772 31 30 1 15 0 8 0 ipq 40 182 0 182 44 44 0 1 0 8 0 ipqe 40 4906 0 4906 44 44 0 1 0 8 0 inpcb 280 27400 0 27396 86 85 1 9 0 8 0 rttmr 72 27 0 27 19 19 0 1 0 8 0 ip6q 72 5 0 5 4 4 0 1 0 8 0 ip6af 40 11 0 11 4 4 0 1 0 8 0 nd6 48 157 0 156 9 8 1 1 0 8 0 pkpcb 40 72 0 72 25 25 0 1 0 8 0 swfcl 56 4 0 0 1 0 1 1 0 8 0 ppxss 1128 187 0 187 50 50 0 1 0 8 0 art_heap8 4096 26 0 25 17 16 1 3 0 8 0 art_heap4 256 4924 0 4732 75 59 16 19 0 8 0 art_table 32 4950 0 4757 7 4 3 3 0 8 0 art_node 16 1271 0 1238 1 0 1 1 0 8 0 sysvmsgpl 40 79 0 71 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 3192 0 3182 1 0 1 1 0 8 0 shmpl 112 139 0 11 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 18681 0 17247 48 1 47 47 0 8 0 ffsino 240 18681 0 17247 85 0 85 85 0 8 0 nchpl 144 37066 0 36580 60 39 21 60 0 8 0 uvmvnodes 72 8784 0 0 160 0 160 160 0 8 0 vnodes 208 8784 0 0 463 0 463 463 0 8 0 namei 1024 129558 0 129558 10 9 1 1 0 8 1 vcpupl 1984 100 0 0 13 0 13 13 0 8 0 vmpool 520 133 0 33 8 1 7 7 0 8 0 scsiplug 64 12 0 12 6 6 0 1 0 8 0 scxspl 192 129187 0 129184 62 61 1 7 0 8 0 plimitpl 152 1051 0 1046 1 0 1 1 0 8 0 sigapl 432 11032 0 11023 2 0 2 2 0 8 0 futexpl 56 344671 0 344671 14 14 0 1 0 8 0 knotepl 112 2704 0 2687 3 2 1 2 0 8 0 kqueuepl 104 3850 0 3848 4 3 1 4 0 8 0 pipepl 128 8246 0 8231 35 34 1 2 0 8 0 fdescpl 424 11033 0 11023 2 0 2 2 0 8 0 filepl 120 109737 0 109670 56 53 3 10 0 8 0 lockfpl 104 4144 0 4144 10 10 0 1 0 8 0 lockfspl 48 1345 0 1345 10 10 0 1 0 8 0 sessionpl 112 84 0 77 1 0 1 1 0 8 0 pgrppl 48 262 0 255 1 0 1 1 0 8 0 ucredpl 96 15482 0 15472 1 0 1 1 0 8 0 zombiepl 144 11033 0 11033 1 0 1 1 0 8 1 processpl 864 11058 0 11033 4 0 4 4 0 8 0 procpl 632 24671 0 24638 4 0 4 4 0 8 0 sosppl 128 180 0 180 42 42 0 1 0 8 0 sockpl 384 35930 0 35913 115 111 4 14 0 8 0 mcl64k 65536 5192 0 5192 409 369 40 64 0 8 40 mcl16k 16384 143 0 143 57 57 0 1 0 8 0 mcl12k 12288 411 0 411 33 33 0 1 0 8 0 mcl9k 9216 249 0 249 49 49 0 1 0 8 0 mcl8k 8192 611 0 611 25 25 0 1 0 8 0 mcl4k 4096 1269 0 1269 16 16 0 1 0 8 0 mcl2k2 2112 104 0 104 49 49 0 1 0 8 0 mcl2k 2048 92719 0 92673 21 14 7 17 0 8 0 mtagpl 80 485 0 485 17 17 0 2 0 8 0 mbufpl 256 282191 0 282122 675 666 9 56 0 8 0 bufpl 256 52361 0 43170 575 0 575 575 0 8 0 anonpl 16 1532985 0 1506311 476 350 126 126 0 62 14 amapchunkpl 152 67446 0 67055 314 288 26 31 0 158 8 amappl16 192 73707 0 72339 554 481 73 86 0 8 0 amappl15 184 2058 0 2056 10 9 1 1 0 8 0 amappl14 176 2384 0 2379 1 0 1 1 0 8 0 amappl13 168 1345 0 1344 1 0 1 1 0 8 0 amappl12 160 1387 0 1387 12 12 0 1 0 8 0 amappl11 152 1488 0 1484 1 0 1 1 0 8 0 amappl10 144 1023 0 1021 1 0 1 1 0 8 0 amappl9 136 2817 0 2813 1 0 1 1 0 8 0 amappl8 128 2344 0 2279 5 2 3 3 0 8 0 amappl7 120 1346 0 1338 1 0 1 1 0 8 0 amappl6 112 1281 0 1269 1 0 1 1 0 8 0 amappl5 104 2170 0 2163 1 0 1 1 0 8 0 amappl4 96 11362 0 11334 1 0 1 1 0 8 0 amappl3 88 2876 0 2854 1 0 1 1 0 8 0 amappl2 80 85553 0 85493 3 1 2 3 0 8 0 amappl1 72 212694 0 212339 24 15 9 20 0 8 0 amappl 80 26160 0 26069 3 0 3 3 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 140 0 11 3 0 3 3 0 8 0 uaddrrnd 24 11166 0 11023 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 11166 0 11023 1 0 1 1 0 8 0 vmmpekpl 168 68898 0 68855 3 0 3 3 0 8 0 vmmpepl 168 1374368 0 1371838 828 690 138 170 0 357 10 vmsppl 272 11032 0 11023 2 1 1 2 0 8 0 pdppl 4096 22338 0 22212 23 6 17 17 0 8 0 pvpl 32 4017707 0 3994333 1085 762 323 338 0 265 113 pmappl 200 11165 0 11056 6 0 6 6 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 2026 0 1270 25 1 24 24 0 8 0