panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 329 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *317982 96336 0 0x2 0x4000000 0 syz-fuzzer db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:208 __assert(ffffffff81f6c605,ffffffff81f7fe8c,149,ffffffff81f4f08c) at __assert+0x2e sys/kern/subr_prf.c:155 buf_free_pages(fffffd8029d2b200) at buf_free_pages+0x1ee sys/kern/vfs_biomem.c:318 buf_dealloc_mem(fffffd8029d2b200) at buf_dealloc_mem+0xe1 sys/kern/vfs_biomem.c:194 buf_put(fffffd8029d2b200) at buf_put+0x172 sys/kern/vfs_bio.c:130 brelse(fffffd8029d2b200) at brelse+0x257 sys/kern/vfs_bio.c:926 vinvalbuf(fffffd803d9ed1b0,2,fffffd803f7c6a20,ffff8000ffff5078,0,0) at vinvalbuf+0x36b sys/kern/vfs_subr.c:1937 ffs_truncate(fffffd803e3aa3d0,0,4,fffffd803f7c6a20) at ffs_truncate+0xed8 sys/ufs/ffs/ffs_inode.c:325 ufs_rmdir(ffff8000221140a8) at ufs_rmdir+0x3af sys/ufs/ufs/ufs_vnops.c:1357 VOP_RMDIR(fffffd80367a5740,fffffd803d9ed1b0,ffff800022114198) at VOP_RMDIR+0x6f sys/kern/vfs_vops.c:473 dounlinkat(ffff8000ffff5078,9,c0004d84a0,8) at dounlinkat+0x14c sys/kern/vfs_syscalls.c:1706 syscall(ffff800022114320) at syscall+0x511 Xsyscall(6,145,c00002c000,145,100,25) at Xsyscall+0x128 end of kernel end trace frame: 0xc001e839e8, count: 1 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 329 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:208 __assert(ffffffff81f6c605,ffffffff81f7fe8c,149,ffffffff81f4f08c) at __assert+0x2e sys/kern/subr_prf.c:155 buf_free_pages(fffffd8029d2b200) at buf_free_pages+0x1ee sys/kern/vfs_biomem.c:318 buf_dealloc_mem(fffffd8029d2b200) at buf_dealloc_mem+0xe1 sys/kern/vfs_biomem.c:194 buf_put(fffffd8029d2b200) at buf_put+0x172 sys/kern/vfs_bio.c:130 brelse(fffffd8029d2b200) at brelse+0x257 sys/kern/vfs_bio.c:926 vinvalbuf(fffffd803d9ed1b0,2,fffffd803f7c6a20,ffff8000ffff5078,0,0) at vinvalbuf+0x36b sys/kern/vfs_subr.c:1937 ffs_truncate(fffffd803e3aa3d0,0,4,fffffd803f7c6a20) at ffs_truncate+0xed8 sys/ufs/ffs/ffs_inode.c:325 ufs_rmdir(ffff8000221140a8) at ufs_rmdir+0x3af sys/ufs/ufs/ufs_vnops.c:1357 VOP_RMDIR(fffffd80367a5740,fffffd803d9ed1b0,ffff800022114198) at VOP_RMDIR+0x6f sys/kern/vfs_vops.c:473 dounlinkat(ffff8000ffff5078,9,c0004d84a0,8) at dounlinkat+0x14c sys/kern/vfs_syscalls.c:1706 syscall(ffff800022114320) at syscall+0x511 Xsyscall(6,145,c00002c000,145,100,25) at Xsyscall+0x128 end of kernel end trace frame: 0xc001e839e8, count: -14 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800022113b80 rbx 0xffff800022113c30 rdx 0x2 rcx 0 rax 0 r8 0xffff800022113b40 r9 0x1 r10 0 r11 0x4ba8c7ea1cb034bc r12 0x3000000008 r13 0xffff800022113b90 r14 0x100 r15 0x1 rip 0xffffffff81292bc8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800022113b70 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-fuzzer) pid=317982 stat=onproc flags process=2 proc=4000000 pri=17, usrpri=53, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff4010,0xffff8000ffff5790 process=0xffff8000220b26a8 user=0xffff80002210f000, vmspace=0xfffffd803f014b58 estcpu=3, cpticks=6, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 15803 60323 0 0 3 0x14200 bored sosplice 96336 287702 79540 0 3 0x82 thrsleep syz-fuzzer 96336 154411 79540 0 3 0x4000082 nanosleep syz-fuzzer 96336 254090 79540 0 3 0x4000082 thrsleep syz-fuzzer 96336 205717 79540 0 3 0x4000082 thrsleep syz-fuzzer *96336 317982 79540 0 7 0x4000002 syz-fuzzer 96336 4927 79540 0 3 0x4000082 thrsleep syz-fuzzer 96336 315743 79540 0 3 0x4000082 thrsleep syz-fuzzer 96336 84784 79540 0 3 0x4000082 thrsleep syz-fuzzer 96336 467359 79540 0 3 0x4000082 thrsleep syz-fuzzer 79540 425062 47194 0 3 0x10008a pause ksh 47194 469899 35050 0 3 0x92 select sshd 63716 383103 1 0 3 0x100083 ttyin getty 35050 471974 1 0 3 0x80 select sshd 81267 16283 57185 73 3 0x100010 biowait syslogd 57185 514542 1 0 3 0x100082 netio syslogd 27620 121409 1 77 3 0x100090 poll dhclient 51375 495486 1 0 3 0x80 poll dhclient 18384 261860 0 0 3 0x14200 pgzero zerothread 52546 279102 0 0 3 0x14200 aiodoned aiodoned 12097 198225 0 0 3 0x14200 syncer update 80853 380048 0 0 3 0x14200 cleaner cleaner 48193 380729 0 0 3 0x14200 reaper reaper 47425 233905 0 0 3 0x14200 pgdaemon pagedaemon 34241 164284 0 0 3 0x14200 bored crynlk 83776 166497 0 0 3 0x14200 bored crypto 31654 59873 0 0 3 0x40014200 acpi0 acpi0 8685 133364 0 0 3 0x14200 bored softnet 43404 92021 0 0 3 0x14200 bored systqmp 21871 119908 0 0 3 0x14200 bored systq 9358 250075 0 0 3 0x40014200 bored softclock 54151 427409 0 0 3 0x40014200 idle0 99913 285716 0 0 3 0x14200 bored smr 1 345523 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9450 6313K 6708K 78643K 11057 0 0 pcb 23 9K 10K 78643K 166 0 0 rtable 64 2K 3K 78643K 252 0 0 ifaddr 30 8K 11K 78643K 73 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 22 0 0 iov 0 0K 14K 78643K 20 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1201 75K 75K 78643K 1394 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 4 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 1K 1K 78643K 28 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12537 0 0 file desc 2 1K 25K 78643K 221 0 0 proc 43 30K 46K 78643K 293 0 0 subproc 0 0K 67586K 78643K 102 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 16 0 0 in_multi 11 0K 2K 78643K 45 0 0 ether_multi 1 0K 0K 78643K 1 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 54 238K 238K 78643K 54 0 0 exec 0 0K 1K 78643K 185 0 0 pfkey data 0 0K 0K 78643K 2 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 72 4K 47K 78643K 1274 0 0 UVM aobj 11 2K 2K 78643K 11 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 8 0 0 NDP 5 0K 0K 78643K 19 0 0 temp 53 2687K 2818K 78643K 3607 0 0 kqueue 0 0K 0K 78643K 6 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 5 0 3 1 0 1 1 0 8 0 inpcbpl 280 98 0 91 1 0 1 1 0 8 0 plimitpl 152 24 0 19 1 0 1 1 0 8 0 rtentry 112 50 0 28 2 1 1 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpcb 544 30 0 26 1 0 1 1 0 8 0 nd6 48 6 0 6 2 1 1 1 0 8 1 ppxss 1128 5 0 5 2 2 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 233 0 137 15 6 9 12 0 8 3 art_table 32 234 0 137 3 1 2 2 0 8 1 art_node 16 49 0 29 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 26 0 16 1 0 1 1 0 8 0 shmpl 112 9 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1756 0 356 46 0 46 46 0 8 0 ffsino 240 1756 0 356 84 0 84 84 0 8 0 nchpl 144 2264 0 665 61 0 61 61 0 8 0 uvmvnodes 72 1926 0 0 36 0 36 36 0 8 0 vnodes 200 1926 0 0 102 0 102 102 0 8 0 namei 1024 5863 0 5863 5 4 1 1 0 8 1 scxspl 192 7262 0 7261 11 10 1 6 0 8 0 sigapl 432 388 0 378 2 0 2 2 0 8 0 futexpl 56 3445 0 3445 3 2 1 1 0 8 1 knotepl 112 155 0 142 1 0 1 1 0 8 0 kqueuepl 104 78 0 76 1 0 1 1 0 8 0 pipepl 112 266 0 257 3 2 1 2 0 8 0 fdescpl 424 389 0 378 2 0 2 2 0 8 0 filepl 120 2155 0 2104 6 3 3 5 0 8 1 lockfpl 104 67 0 67 3 3 0 1 0 8 0 lockfspl 32 25 0 25 3 3 0 1 0 8 0 sessionpl 112 18 0 10 1 0 1 1 0 8 0 pgrppl 48 22 0 14 1 0 1 1 0 8 0 ucredpl 96 305 0 298 1 0 1 1 0 8 0 zombiepl 144 378 0 378 3 2 1 1 0 8 1 processpl 840 404 0 378 4 0 4 4 0 8 0 procpl 600 654 0 620 7 3 4 4 0 8 1 sosppl 128 4 0 4 2 2 0 1 0 8 0 sockpl 384 236 0 219 5 2 3 3 0 8 1 mcl64k 65536 5 0 5 1 1 0 1 0 8 0 mcl16k 16384 1 0 1 1 1 0 1 0 8 0 mcl12k 12288 2 0 2 1 1 0 1 0 8 0 mcl9k 9216 5 0 5 1 1 0 1 0 8 0 mcl8k 8192 3 0 3 2 2 0 1 0 8 0 mcl4k 4096 19 0 19 4 3 1 1 0 8 1 mcl2k2 2112 3 0 3 1 1 0 1 0 8 0 mcl2k 2048 55623 0 55585 17 11 6 12 0 8 0 mtagpl 80 2 0 2 1 1 0 1 0 8 0 mbufpl 256 92004 0 91960 13 6 7 7 0 8 2 bufpl 256 7253 0 1146 382 0 382 382 0 8 0 anonpl 16 65075 0 56605 62 2 60 60 0 62 17 amapchunkpl 152 1994 0 1886 19 2 17 17 0 158 11 amappl16 192 2434 0 1923 46 18 28 39 0 8 1 amappl15 184 97 0 97 2 1 1 1 0 8 1 amappl14 176 22 0 21 2 1 1 1 0 8 0 amappl13 168 6 0 6 1 1 0 1 0 8 0 amappl12 160 119 0 116 1 0 1 1 0 8 0 amappl11 152 37 0 22 1 0 1 1 0 8 0 amappl10 144 60 0 59 3 2 1 1 0 8 0 amappl9 136 548 0 547 1 0 1 1 0 8 0 amappl8 128 122 0 106 1 0 1 1 0 8 0 amappl7 120 31 0 26 1 0 1 1 0 8 0 amappl6 112 57 0 48 1 0 1 1 0 8 0 amappl5 104 212 0 202 1 0 1 1 0 8 0 amappl4 96 494 0 465 2 1 1 2 0 8 0 amappl3 88 220 0 215 1 0 1 1 0 8 0 amappl2 80 2512 0 2471 2 0 2 2 0 8 1 amappl1 72 15802 0 15421 25 15 10 19 0 8 0 amappl 72 884 0 850 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 10 0 0 1 0 1 1 0 8 0 uaddrrnd 24 389 0 378 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 389 0 378 1 0 1 1 0 8 0 vmmpekpl 168 6766 0 6745 2 0 2 2 0 8 0 vmmpepl 168 50546 0 49279 140 54 86 103 0 357 24 vmsppl 264 388 0 378 3 1 2 2 0 8 1 pdppl 4096 784 0 756 6 1 5 6 0 8 0 pvpl 32 227833 0 216612 256 18 238 252 0 265 122 pmappl 200 388 0 378 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 537 0 37 15 0 15 15 0 8 0