panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 310 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *492985 9927 0 0x2 0 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830afb12) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83067464,ffffffff83077cc6,136,ffffffff82ff26ea) at __assert+0x29 buf_free_pages(fffffd806ce607d0) at buf_free_pages+0x23d sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd806ce607d0) at buf_dealloc_mem+0x14e sys/kern/vfs_biomem.c:179 buf_put(fffffd806ce607d0) at buf_put+0x1dc sys/kern/vfs_bio.c:127 brelse(fffffd806ce607d0) at brelse+0x395 sys/kern/vfs_bio.c:944 vinvalbuf(fffffd80702c5dd0,2,ffffffffffffffff,ffff80002a573c08,0,ffffffffffffffff) at vinvalbuf+0x52c sys/kern/vfs_subr.c:2022 ffs_truncate(fffffd8071ced870,0,0,ffffffffffffffff) at ffs_truncate+0xf63 ufs_inactive(ffff800031bdf5e8) at ufs_inactive+0x203 sys/ufs/ufs/ufs_inode.c:84 VOP_INACTIVE(fffffd80702c5dd0,ffff80002a573c08) at VOP_INACTIVE+0xfe sys/kern/vfs_vops.c:495 vput(fffffd80702c5dd0) at vput+0xdc sys/kern/vfs_subr.c:776 VOP_REMOVE(fffffd8070121ea0,fffffd80702c5dd0,ffff800031bdf768) at VOP_REMOVE+0x19d sys/kern/vfs_vops.c:336 dounlinkat(ffff80002a573c08,ffffff9c,766bd6d2c3b0,0) at dounlinkat+0x177 sys/kern/vfs_syscalls.c:1888 end trace frame: 0xffff800031bdf8d0, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 310 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830afb12) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83067464,ffffffff83077cc6,136,ffffffff82ff26ea) at __assert+0x29 buf_free_pages(fffffd806ce607d0) at buf_free_pages+0x23d sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd806ce607d0) at buf_dealloc_mem+0x14e sys/kern/vfs_biomem.c:179 buf_put(fffffd806ce607d0) at buf_put+0x1dc sys/kern/vfs_bio.c:127 brelse(fffffd806ce607d0) at brelse+0x395 sys/kern/vfs_bio.c:944 vinvalbuf(fffffd80702c5dd0,2,ffffffffffffffff,ffff80002a573c08,0,ffffffffffffffff) at vinvalbuf+0x52c sys/kern/vfs_subr.c:2022 ffs_truncate(fffffd8071ced870,0,0,ffffffffffffffff) at ffs_truncate+0xf63 ufs_inactive(ffff800031bdf5e8) at ufs_inactive+0x203 sys/ufs/ufs/ufs_inode.c:84 VOP_INACTIVE(fffffd80702c5dd0,ffff80002a573c08) at VOP_INACTIVE+0xfe sys/kern/vfs_vops.c:495 vput(fffffd80702c5dd0) at vput+0xdc sys/kern/vfs_subr.c:776 VOP_REMOVE(fffffd8070121ea0,fffffd80702c5dd0,ffff800031bdf768) at VOP_REMOVE+0x19d sys/kern/vfs_vops.c:336 dounlinkat(ffff80002a573c08,ffffff9c,766bd6d2c3b0,0) at dounlinkat+0x177 sys/kern/vfs_syscalls.c:1888 syscall(ffff800031bdf8e0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x766bd6d2c860, count: -16 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800031bdf0f0 rbx 0 rdx 0 rcx 0 rax 0xffff80002a573c08 r8 0x101010101010101 r9 0x8080808080808080 r10 0x3aafb865fe4affb9 r11 0xe02e65a1c59fbdb5 r12 0 r13 0xfffffd8007371180 r14 0 r15 0x1 rip 0xffffffff81598255 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff800031bdf0e0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=492985 pid=9927 tcnt=1 stat=onproc flags process=2 proc=0 runpri=17, usrpri=50, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a572f60,0xffff80002a5727d8 process=0xffff80002a465128 user=0xffff800031bda000, vmspace=0xfffffd8073082160 estcpu=22, cpticks=1, pctcpu=0.0, user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 65063 280577 51054 0 2 0x2 syz-executor 71613 186183 51054 0 2 0x2 syz-executor 88986 506359 51054 0 2 0x2 syz-executor 7063 446504 51054 0 2 0x2 syz-executor 4804 388975 51054 0 2 0x2 syz-executor 74503 244218 51054 0 2 0x2 syz-executor 37274 17460 51054 0 2 0x2 syz-executor * 9927 492985 51054 0 7 0x2 syz-executor 4935 114385 1 0 3 0x100083 ttyin getty 77322 479814 0 0 3 0x14200 acct acct 52974 26043 0 0 3 0x14200 bored sosplice 51054 148805 48172 0 3 0x82 wait syz-executor 48172 3796 60020 0 3 0x10008a sigsusp ksh 60020 11514 51052 0 3 0x98 kqread sshd-session 51052 65085 1 0 3 0x92 kqread sshd-session 15117 263633 93012 73 3 0x1100010 biowait syslogd 93012 150826 1 0 3 0x100082 sbwait syslogd 64215 488104 1 0 3 0x100080 kqread resolvd 30467 470062 14817 77 3 0x100092 kqread dhcpleased 66324 105759 14817 77 3 0x100092 kqread dhcpleased 14817 369356 1 0 3 0x80 kqread dhcpleased 29943 360471 0 0 3 0x14200 bored smr 2020 363040 0 0 2 0x14200 zerothread 90769 310284 0 0 3 0x14200 aiodoned aiodoned 26224 26162 0 0 3 0x14200 syncer update 17145 41284 0 0 3 0x14200 cleaner cleaner 69978 346430 0 0 3 0x14200 reaper reaper 95706 86654 0 0 3 0x14200 pgdaemon pagedaemon 99231 206983 0 0 3 0x14200 bored viomb 91244 2851 0 0 3 0x40014200 acpi0 acpi0 71964 519277 0 0 3 0x14200 bored softnet3 45048 121766 0 0 3 0x14200 bored softnet2 71910 196783 0 0 3 0x14200 bored softnet1 76568 240768 0 0 3 0x14200 bored softnet0 61085 112488 0 0 3 0x14200 bored systqmp 88430 430431 0 0 3 0x14200 bored systq 63997 394125 0 0 3 0x40014200 tmoslp softclock 37123 272921 0 0 3 0x40014200 idle0 1 118134 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10204 11063K 11446K 166960K 13643 0 pcb 17 17K 18K 166960K 569 0 rtable 213 9K 10K 166960K 4275 0 pf 34 13K 269K 166960K 353 0 ifaddr 38 8K 9K 166960K 566 0 ifgroup 50 2K 2K 166960K 616 0 sysctl 4 1K 1K 166960K 10 0 counters 30 17K 17K 166960K 176 0 ioctlops 0 0K 4K 166960K 314 0 iov 0 0K 16K 166960K 148 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1495 94K 94K 166960K 4102 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 68K 68K 166960K 33 0 VM map 2 1K 1K 166960K 2 0 sem 21 37K 57K 166960K 51 0 dirhash 18 3K 3K 166960K 33 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 10 30K 97K 166960K 3628 0 sigio 0 0K 0K 166960K 34 0 proc 60 59K 108K 166960K 3995 0 subproc 91 5K 7K 166960K 1653 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 426 0 in_multi 85 6K 7K 166960K 1470 0 ether_multi 1 0K 0K 166960K 11 0 mrt 0 0K 0K 166960K 6 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 241 1076K 1076K 166960K 241 0 exec 0 0K 1K 166960K 2428 0 pfkey data 0 0K 0K 166960K 4 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 149 62K 98K 166960K 27677 0 UVM aobj 131 4K 4K 166960K 134 0 pinsyscall 29 58K 100K 166960K 7777 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 75 0 NDP 11 0K 2K 166960K 417 0 temp 72 6815K 6956K 166960K 93884 0 kqueue 12 18K 30K 166960K 341 0 SYN cache 2 2352K 2360K 166960K 3 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 395 0 392 1 0 1 1 0 8 0 rtentry 112 1525 0 1433 4 1 3 4 0 8 0 unpcb 144 1946 0 1931 16 10 6 8 0 8 5 syncache 336 10 0 10 2 2 0 1 0 8 0 tcpqe 32 12 0 12 2 1 1 1 0 8 1 tcpcb 808 859 0 857 18 17 1 11 0 8 0 arp 88 267 0 251 1 0 1 1 0 8 0 ipq 40 11 0 11 1 0 1 1 0 8 1 ipqe 40 108 0 108 1 0 1 1 0 8 1 inpcb 336 3723 0 3718 31 24 7 12 0 8 6 nd6 104 401 0 379 1 0 1 1 0 8 0 pkpcb 40 8 0 8 2 1 1 1 0 8 1 kcovpl 48 127 0 120 1 0 1 1 0 8 0 ppxss 1072 13 0 13 2 2 0 1 0 8 0 pfstscr 40 4 0 2 1 0 1 1 0 8 0 pfrktable 1344 2 0 0 1 0 1 1 0 8 0 pfanchor 1288 4 0 3 1 0 1 1 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfstitem 24 8 0 0 1 0 1 1 0 8 0 pfstkey 128 12 0 4 1 0 1 1 0 8 0 pfstate 344 6 0 2 1 0 1 1 0 8 0 pfrule 1344 12 0 8 1 0 1 1 0 8 0 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 5961 0 5582 32 4 28 30 0 8 4 art_table 32 5964 0 5582 4 0 4 4 0 8 0 art_node 16 1486 0 1404 1 0 1 1 0 8 0 sysvmsgpl 40 78 0 73 2 1 1 1 0 8 0 semupl 112 2 0 2 2 2 0 1 0 8 0 semapl 112 45 0 26 1 0 1 1 0 8 0 shmpl 112 131 0 3 4 0 4 4 0 8 0 dirhash 1024 31 0 10 3 0 3 3 0 8 0 dino2pl 256 4873 0 3138 109 0 109 109 0 8 0 ffsino 240 4876 0 3138 103 0 103 103 0 8 0 nchpl 144 7630 0 5786 69 0 69 69 0 8 0 uvmvnodes 80 7210 0 0 148 0 148 148 0 8 0 vnodes 216 7210 0 0 401 0 401 401 0 8 0 namei 1024 38935 0 38930 3 2 1 2 0 8 0 kstatmem 264 314 0 292 2 0 2 2 0 8 0 scsiplug 72 9 0 9 3 2 1 1 0 8 1 scxspl 216 74725 0 74724 10 9 1 8 1 8 0 plimitpl 152 938 0 922 1 0 1 1 0 8 0 sigapl 424 3701 0 3662 8 1 7 8 0 8 1 futexpl 64 26745 0 26745 1 0 1 1 0 8 1 knotepl 120 83367 0 83324 39 29 10 17 0 8 8 kqueuepl 184 784 0 776 4 3 1 4 0 8 0 pipepl 288 762 0 735 9 6 3 7 0 8 0 fdescpl 432 3661 0 3640 5 1 4 5 0 8 0 filepl 120 20591 0 20372 24 11 13 16 0 8 4 lockfpl 104 918 0 916 2 1 1 2 0 8 0 lockfspl 48 258 0 256 1 0 1 1 0 8 0 sessionpl 144 147 0 140 1 0 1 1 0 8 0 pgrppl 48 364 0 349 1 0 1 1 0 8 0 ucredpl 104 2504 0 2493 1 0 1 1 0 8 0 zombiepl 144 3822 0 3822 1 0 1 1 0 8 1 processpl 1096 3701 0 3662 7 2 5 6 0 8 1 procpl 648 6387 0 6348 9 3 6 8 0 8 0 sosppl 168 15 0 15 2 2 0 1 0 8 0 sockpl 504 6145 0 6122 107 95 12 29 0 8 8 mcl64k 65536 121 0 121 3 2 1 1 0 8 1 mcl16k 16384 2 0 2 1 1 0 1 0 8 0 mcl12k 12288 3 0 3 2 2 0 1 0 8 0 mcl9k 9216 4 0 4 2 1 1 1 0 8 1 mcl8k 8192 33 0 33 3 2 1 1 0 8 1 mcl4k 4096 5421 0 5371 17 9 8 15 0 8 1 mcl2k 2048 4701 0 4699 11 9 2 8 0 8 1 mtagpl 96 251 0 251 4 3 1 2 0 8 1 mbufpl 256 38018 0 37837 53 33 20 27 0 8 6 bufpl 280 15263 0 7814 533 0 533 533 0 8 0 anonpl 24 501599 0 498828 132 80 52 103 0 187 4 amapchunkpl 152 89901 0 89629 78 45 33 50 0 158 13 amappl16 200 7151 0 7139 42 39 3 14 0 8 1 amappl15 192 7 0 7 1 1 0 1 0 8 0 amappl14 184 357 0 348 1 0 1 1 0 8 0 amappl13 176 33 0 33 2 2 0 1 0 8 0 amappl12 168 6170 0 6149 3 1 2 3 0 8 0 amappl11 160 45 0 35 1 0 1 1 0 8 0 amappl10 152 9 0 9 1 1 0 1 0 8 0 amappl9 144 107 0 107 1 1 0 1 0 8 0 amappl8 136 21 0 19 1 0 1 1 0 8 0 amappl7 128 362 0 353 1 0 1 1 0 8 0 amappl6 120 1441 0 1439 1 0 1 1 0 8 0 amappl5 112 643 0 633 1 0 1 1 0 8 0 amappl4 104 665 0 649 1 0 1 1 0 8 0 amappl3 96 17095 0 17038 6 2 4 4 0 8 1 amappl2 88 2354 0 2298 2 0 2 2 0 8 0 amappl1 80 25452 0 25040 14 4 10 14 0 8 0 amappl 88 26291 0 26190 5 0 5 5 0 92 0 dma65536 65536 2 0 2 2 2 0 1 0 8 0 dma8192 8192 2 0 2 2 2 0 1 0 8 0 dma4096 4096 2 0 2 2 2 0 1 0 8 0 dma2048 2048 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma512 512 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 256 0 256 2 2 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 20 0 19 1 0 1 1 0 8 0 aobjpl 72 133 0 3 3 0 3 3 0 8 0 uaddrrnd 24 3661 0 3640 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3661 0 3640 1 0 1 1 0 8 0 vmmpekpl 168 28212 0 28158 4 0 4 4 0 8 0 vmmpepl 168 224468 0 223266 104 30 74 92 0 357 4 vmsppl 344 3660 0 3640 4 1 3 4 0 8 0 rwobjpl 24 67503 0 59498 49 0 49 49 0 8 0 pdppl 4096 7328 0 7280 286 222 64 82 0 8 16 pvpl 32 1762714 0 1755487 647 427 220 398 0 265 115 pmappl 216 3660 0 3640 3 1 2 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 804 0 437 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830afb12) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83067464,ffffffff83077cc6,136,ffffffff82ff26ea) at __assert+0x29 buf_free_pages(fffffd806ce607d0) at buf_free_pages+0x23d sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd806ce607d0) at buf_dealloc_mem+0x14e sys/kern/vfs_biomem.c:179 buf_put(fffffd806ce607d0) at buf_put+0x1dc sys/kern/vfs_bio.c:127 brelse(fffffd806ce607d0) at brelse+0x395 sys/kern/vfs_bio.c:944 vinvalbuf(fffffd80702c5dd0,2,ffffffffffffffff,ffff80002a573c08,0,ffffffffffffffff) at vinvalbuf+0x52c sys/kern/vfs_subr.c:2022 ffs_truncate(fffffd8071ced870,0,0,ffffffffffffffff) at ffs_truncate+0xf63 ufs_inactive(ffff800031bdf5e8) at ufs_inactive+0x203 sys/ufs/ufs/ufs_inode.c:84 VOP_INACTIVE(fffffd80702c5dd0,ffff80002a573c08) at VOP_INACTIVE+0xfe sys/kern/vfs_vops.c:495 vput(fffffd80702c5dd0) at vput+0xdc sys/kern/vfs_subr.c:776 VOP_REMOVE(fffffd8070121ea0,fffffd80702c5dd0,ffff800031bdf768) at VOP_REMOVE+0x19d sys/kern/vfs_vops.c:336 dounlinkat(ffff80002a573c08,ffffff9c,766bd6d2c3b0,0) at dounlinkat+0x177 sys/kern/vfs_syscalls.c:1888 syscall(ffff800031bdf8e0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x766bd6d2c860, count: -16 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830afb12) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83067464,ffffffff83077cc6,136,ffffffff82ff26ea) at __assert+0x29 buf_free_pages(fffffd806ce607d0) at buf_free_pages+0x23d sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd806ce607d0) at buf_dealloc_mem+0x14e sys/kern/vfs_biomem.c:179 buf_put(fffffd806ce607d0) at buf_put+0x1dc sys/kern/vfs_bio.c:127 brelse(fffffd806ce607d0) at brelse+0x395 sys/kern/vfs_bio.c:944 vinvalbuf(fffffd80702c5dd0,2,ffffffffffffffff,ffff80002a573c08,0,ffffffffffffffff) at vinvalbuf+0x52c sys/kern/vfs_subr.c:2022 ffs_truncate(fffffd8071ced870,0,0,ffffffffffffffff) at ffs_truncate+0xf63 ufs_inactive(ffff800031bdf5e8) at ufs_inactive+0x203 sys/ufs/ufs/ufs_inode.c:84 VOP_INACTIVE(fffffd80702c5dd0,ffff80002a573c08) at VOP_INACTIVE+0xfe sys/kern/vfs_vops.c:495 vput(fffffd80702c5dd0) at vput+0xdc sys/kern/vfs_subr.c:776 VOP_REMOVE(fffffd8070121ea0,fffffd80702c5dd0,ffff800031bdf768) at VOP_REMOVE+0x19d sys/kern/vfs_vops.c:336 dounlinkat(ffff80002a573c08,ffffff9c,766bd6d2c3b0,0) at dounlinkat+0x177 sys/kern/vfs_syscalls.c:1888 syscall(ffff800031bdf8e0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x766bd6d2c860, count: -16