panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 310 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 7523 16313 0 0x2 0x4000000 0 syz-fuzzer db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff825708a8) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825e5c63,ffffffff82601c54,136,ffffffff825b3f52) at __assert+0x25 sys/kern/subr_prf.c:161 buf_free_pages(fffffd80658c1ea8) at buf_free_pages+0x1c2 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd80658c1ea8) at buf_dealloc_mem+0xdf sys/kern/vfs_biomem.c:179 buf_put(fffffd80658c1ea8) at buf_put+0x161 sys/kern/vfs_bio.c:132 brelse(fffffd80658c1ea8) at brelse+0x5b3 sys/kern/vfs_bio.c:960 vinvalbuf(fffffd8068c0b710,2,fffffd807f7d7840,ffff800021602d20,0,ffffffffffffffff) at vinvalbuf+0x391 sys/kern/vfs_subr.c:2000 ffs_truncate(fffffd80772e4d30,0,4,fffffd807f7d7840) at ffs_truncate+0xf06 sys/ufs/ffs/ffs_inode.c:326 ufs_rmdir(ffff800021694fc8) at ufs_rmdir+0x3e1 sys/ufs/ufs/ufs_vnops.c:1355 VOP_RMDIR(fffffd807ea28490,fffffd8068c0b710,ffff8000216950a8) at VOP_RMDIR+0x122 sys/kern/vfs_vops.c:423 dounlinkat(ffff800021602d20,e,c000d7e1c0,8) at dounlinkat+0x20e sys/kern/vfs_syscalls.c:1883 syscall(ffff800021695220) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2e1584800, count: 1 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 310 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff825708a8) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825e5c63,ffffffff82601c54,136,ffffffff825b3f52) at __assert+0x25 sys/kern/subr_prf.c:161 buf_free_pages(fffffd80658c1ea8) at buf_free_pages+0x1c2 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd80658c1ea8) at buf_dealloc_mem+0xdf sys/kern/vfs_biomem.c:179 buf_put(fffffd80658c1ea8) at buf_put+0x161 sys/kern/vfs_bio.c:132 brelse(fffffd80658c1ea8) at brelse+0x5b3 sys/kern/vfs_bio.c:960 vinvalbuf(fffffd8068c0b710,2,fffffd807f7d7840,ffff800021602d20,0,ffffffffffffffff) at vinvalbuf+0x391 sys/kern/vfs_subr.c:2000 ffs_truncate(fffffd80772e4d30,0,4,fffffd807f7d7840) at ffs_truncate+0xf06 sys/ufs/ffs/ffs_inode.c:326 ufs_rmdir(ffff800021694fc8) at ufs_rmdir+0x3e1 sys/ufs/ufs/ufs_vnops.c:1355 VOP_RMDIR(fffffd807ea28490,fffffd8068c0b710,ffff8000216950a8) at VOP_RMDIR+0x122 sys/kern/vfs_vops.c:423 dounlinkat(ffff800021602d20,e,c000d7e1c0,8) at dounlinkat+0x20e sys/kern/vfs_syscalls.c:1883 syscall(ffff800021695220) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2e1584800, count: -14 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800021694ac0 rbx 0 rdx 0 rcx 0 rax 0xffff800021602d20 r8 0x101010101010101 r9 0x8080808080808080 r10 0x7237710c9e49ab63 r11 0xc1ce589cd903633f r12 0 r13 0xfffffd8005f0fb80 r14 0 r15 0x1 rip 0xffffffff81638028 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021694ab0 ss 0 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-fuzzer) pid=7523 stat=onproc flags process=2 proc=4000000 pri=17, usrpri=69, nice=20 forw=0xffffffffffffffff, list=0xffff800021602fc0,0xffff800021603510 process=0xffff80002162e020 user=0xffff800021690000, vmspace=0xfffffd806ec0c668 estcpu=19, cpticks=5, pctcpu=0.0 user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 5322 417741 16313 0 2 0x2 syz-executor.0 67823 310561 45987 60929 2 0x10 syz-executor.4 67823 131263 45987 60929 3 0x4000010 biowait syz-executor.4 77688 420150 16313 0 3 0x82 nanoslp syz-executor.1 15740 68121 16313 0 3 0x82 nanoslp syz-executor.5 45987 140000 16313 0 3 0x82 nanoslp syz-executor.4 89219 295392 16313 0 3 0x82 wait syz-executor.2 88216 298328 0 0 3 0x14280 nfsidl nfsio 98837 340658 0 0 3 0x14280 nfsidl nfsio 73516 403295 0 0 3 0x14280 nfsidl nfsio 17874 155167 0 0 3 0x14280 nfsidl nfsio 66053 13715 0 0 3 0x14280 nfsidl nfsio 99881 76887 0 0 3 0x14280 nfsidl nfsio 9886 497800 0 0 3 0x14280 nfsidl nfsio 6715 69773 0 0 3 0x14280 nfsidl nfsio 24972 436628 0 0 3 0x14280 nfsidl nfsio 79375 110390 0 0 3 0x14280 nfsidl nfsio 12170 326932 0 0 3 0x14280 nfsidl nfsio 57486 45965 0 0 3 0x14280 nfsidl nfsio 95140 136817 0 0 3 0x14280 nfsidl nfsio 73126 396892 0 0 3 0x14280 nfsidl nfsio 98628 454213 0 0 3 0x14280 nfsidl nfsio 26422 288648 0 0 3 0x14280 nfsidl nfsio 66071 121269 0 0 3 0x14280 nfsidl nfsio 75602 109846 0 0 3 0x14280 nfsidl nfsio 37598 303868 0 0 3 0x14280 nfsidl nfsio 49224 27988 0 0 3 0x14280 nfsidl nfsio 21938 404702 1 0 3 0x100083 ttyin getty 73125 245435 0 0 3 0x14200 acct acct 57671 457284 0 0 3 0x14200 bored sosplice 16313 438544 67840 0 3 0x82 thrsleep syz-fuzzer 16313 426347 67840 0 3 0x4000082 nanoslp syz-fuzzer 16313 103069 67840 0 3 0x4000082 thrsleep syz-fuzzer 16313 327997 67840 0 3 0x4000082 thrsleep syz-fuzzer 16313 290852 67840 0 3 0x4000082 thrsleep syz-fuzzer 16313 396025 67840 0 3 0x4000082 thrsleep syz-fuzzer 16313 360437 67840 0 3 0x4000082 thrsleep syz-fuzzer *16313 7523 67840 0 7 0x4000002 syz-fuzzer 16313 265012 67840 0 3 0x4000082 thrsleep syz-fuzzer 67840 276285 28853 0 3 0x10008a sigsusp ksh 28853 125876 91410 0 3 0x9a kqread sshd 91410 429435 1 0 3 0x88 kqread sshd 31016 144455 29321 73 3 0x1100010 ffs_fsync syslogd 29321 36140 1 0 3 0x100082 netio syslogd 24305 78333 1 0 3 0x100080 kqread resolvd 43947 522245 8001 77 3 0x100092 kqread dhcpleased 51942 449202 8001 77 3 0x100092 kqread dhcpleased 8001 26193 1 0 3 0x80 kqread dhcpleased 40157 260937 0 0 3 0x14200 bored smr 16975 207248 0 0 2 0x14200 zerothread 45807 321716 0 0 3 0x14200 aiodoned aiodoned 29750 55894 0 0 3 0x14200 syncer update 88088 227247 0 0 3 0x14200 cleaner cleaner 58381 385551 0 0 2 0x14200 reaper 12037 56657 0 0 3 0x14200 pgdaemon pagedaemon 81383 56046 0 0 3 0x14200 bored viomb 18437 79739 0 0 3 0x40014200 acpi0 acpi0 29151 192636 0 0 3 0x14200 bored softnet 73308 259638 0 0 3 0x14200 bored softnet 38152 17216 0 0 3 0x14200 bored softnet 2020 305073 0 0 3 0x14200 bored softnet 10866 50435 0 0 3 0x14200 bored systqmp 32588 406206 0 0 3 0x14200 bored systq 27621 333816 0 0 3 0x40014200 bored softclock 46208 456734 0 0 3 0x40014200 idle0 1 128094 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10202 6476K 7481K 78643K 86895 0 pcb 13 18K 23K 78643K 4840 0 rtable 181 21K 26K 78643K 8310 0 ifaddr 452 118K 245K 78643K 4337 0 sysctl 3 1K 1K 78643K 5 0 counters 25 17K 17K 78643K 452 0 ioctlops 0 0K 4K 78643K 15193 0 iov 0 0K 32K 78643K 3730 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1563 98K 98K 78643K 34143 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 254 0 VM map 2 0K 0K 78643K 2 0 sem 12 0K 1K 78643K 4514 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 8 25K 69K 78643K 29049 0 sigio 0 0K 0K 78643K 583 0 proc 78 60K 84K 78643K 6315 0 subproc 55 3K 6K 78643K 2398 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 990 0 in_multi 55 3K 6K 78643K 2589 0 ether_multi 1 0K 0K 78643K 173 0 mrt 1 0K 0K 78643K 145 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 253 1129K 1129K 78643K 253 0 exec 0 0K 2K 78643K 8994 0 pfkey data 0 0K 1K 78643K 83 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 685 1889K 1914K 78643K 160983 0 UVM aobj 131 4K 4K 78643K 140 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 899 0 NDP 10 0K 1K 78643K 816 0 temp 284 5069K 21454K 78643K 552622 0 kqueue 12 18K 28K 78643K 2800 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 2646 0 2643 34 33 1 5 0 8 0 rtentry 112 2390 0 2331 7 4 3 4 0 8 0 unpcb 136 29268 0 29253 160 159 1 9 0 8 0 syncache 296 91 0 91 23 23 0 1 0 8 0 tcpqe 32 39 280 39 1 1 0 1 0 8 0 tcpcb 736 14790 0 14780 388 386 2 18 0 8 0 arp 88 393 0 383 1 0 1 1 0 8 0 ipq 40 28 0 28 10 10 0 1 0 8 0 ipqe 40 87 0 87 10 10 0 1 0 8 0 inpcb 312 35801 0 35788 393 391 2 17 0 8 0 ip6q 72 10 0 10 5 5 0 1 0 8 0 ip6af 40 19 0 19 5 5 0 1 0 8 0 nd6 48 597 0 585 1 0 1 1 0 8 0 pkpcb 40 246 0 246 20 20 0 1 0 8 0 kcovpl 48 184 0 180 1 0 1 1 0 8 0 ppxss 1152 107 0 107 29 29 0 1 0 8 0 pfstscr 40 2804 0 2798 6 5 1 6 0 8 0 pffrag 232 11 0 11 5 5 0 1 0 482 0 pffrnode 88 11 0 11 5 5 0 1 0 8 0 pffrent 40 104 0 104 7 7 0 1 0 8 0 pfosfp 40 77 0 76 1 0 1 1 0 8 0 pfosfpen 112 77 0 76 3 2 1 3 0 8 0 pfrktable 1344 423 0 407 10 8 2 2 0 8 0 pftag 88 59 0 45 1 0 1 1 0 8 0 pfqueue 264 1 0 1 1 1 0 1 0 8 0 pfstitem 24 2292 0 2280 7 6 1 7 0 8 0 pfstkey 112 5632 0 5630 1 0 1 1 0 8 0 pfstate 336 2816 0 2810 45 43 2 45 0 8 0 pfrule 1360 1383 0 1322 18 12 6 8 0 8 0 rttmr 64 49 0 49 15 15 0 1 0 8 0 art_heap8 4096 3 0 2 3 2 1 2 0 8 0 art_heap4 256 10103 0 9827 111 90 21 30 0 8 0 art_table 32 10106 0 9829 8 5 3 4 0 8 0 art_node 16 2372 0 2322 1 0 1 1 0 8 0 sysvmsgpl 40 5 0 5 1 1 0 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 4512 0 4502 1 0 1 1 0 8 0 shmpl 112 137 0 9 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 37810 0 36271 97 0 97 97 0 8 0 ffsino 240 37810 0 36271 92 0 92 92 0 8 0 nchpl 144 74090 0 72469 63 0 63 63 0 8 0 uvmvnodes 80 6242 0 0 128 0 128 128 0 8 0 vnodes 224 6242 0 0 368 0 368 368 0 8 0 namei 1024 301803 0 301802 26 25 1 2 0 8 0 vcpupl 1984 427 0 0 54 0 54 54 0 8 0 vmpool 528 512 0 85 30 1 29 29 0 8 0 pfiaddrpl 120 158 0 134 3 2 1 1 0 8 0 kstatmem 264 874 0 854 2 0 2 2 0 8 0 scsiplug 72 14 0 14 6 6 0 1 0 8 0 scxspl 216 256666 0 256664 55 54 1 8 0 8 0 plimitpl 152 3091 0 3078 1 0 1 1 0 8 0 sigapl 424 29015 0 28954 14 6 8 8 0 8 0 futexpl 64 294830 0 294830 23 22 1 1 0 8 1 knotepl 120 614096 0 614028 176 173 3 12 0 8 0 kqueuepl 184 6928 0 6920 80 79 1 7 0 8 0 pipepl 304 8075 0 8054 194 192 2 12 0 8 0 fdescpl 432 28935 0 28916 6 2 4 4 0 8 0 filepl 120 237555 0 237388 302 294 8 22 0 8 0 lockfpl 104 8419 0 8417 21 20 1 2 0 8 0 lockfspl 48 2127 0 2125 1 0 1 1 0 8 0 sessionpl 144 203 0 190 1 0 1 1 0 8 0 pgrppl 48 256 0 243 1 0 1 1 0 8 0 ucredpl 96 26343 0 26330 1 0 1 1 0 8 0 zombiepl 144 28958 0 28954 2 1 1 1 0 8 0 processpl 1000 29015 0 28954 15 6 9 9 0 8 0 procpl 672 71875 0 71800 36 29 7 9 0 8 0 sosppl 168 238 0 237 13 12 1 1 0 8 0 sockpl 448 68045 0 68011 1110 1105 5 34 0 8 0 mcl64k 65536 834 0 834 77 77 0 1 0 8 0 mcl16k 16384 232 0 232 72 72 0 1 0 8 0 mcl12k 12288 828 0 828 66 66 0 1 0 8 0 mcl9k 9216 394 0 394 69 69 0 1 0 8 0 mcl8k 8192 1494 0 1494 70 70 0 1 0 8 0 mcl4k 4096 3099 0 3099 45 44 1 1 0 8 1 mcl2k2 2112 244 0 244 80 79 1 1 0 8 1 mcl2k 2048 124433 0 124392 83 77 6 20 0 8 0 mtagpl 96 4729 0 4729 51 51 0 14 0 8 0 mbufpl 256 389397 0 389219 219 205 14 50 0 8 0 bufpl 288 57629 0 51370 458 2 456 458 0 8 0 anonpl 24 5876608 0 5855564 507 378 129 184 0 188 0 amapchunkpl 152 612487 0 611498 1878 1839 39 658 0 158 0 amappl16 200 73524 0 72814 215 176 39 51 0 8 0 amappl15 192 4162 0 4160 7 6 1 1 0 8 0 amappl14 184 2624 0 2612 1 0 1 1 0 8 0 amappl13 176 4236 0 4233 1 0 1 1 0 8 0 amappl12 168 3458 0 3454 1 0 1 1 0 8 0 amappl11 160 3725 0 3708 1 0 1 1 0 8 0 amappl10 152 2065 0 2062 1 0 1 1 0 8 0 amappl9 144 4602 0 4597 1 0 1 1 0 8 0 amappl8 136 9159 0 9021 9 4 5 6 0 8 0 amappl7 128 6217 0 6203 1 0 1 1 0 8 0 amappl6 120 5536 0 5508 2 1 1 2 0 8 0 amappl5 112 24628 0 24616 1 0 1 1 0 8 0 amappl4 104 10946 0 10907 7 5 2 2 0 8 0 amappl3 96 89261 0 89212 2 0 2 2 0 8 0 amappl2 88 34683 0 34596 5 2 3 3 0 8 0 amappl1 80 809513 0 808920 31 17 14 19 0 8 0 amappl 88 157037 0 156747 10 2 8 8 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 139 0 9 3 0 3 3 0 8 0 uaddrrnd 24 29447 0 28998 3 0 3 3 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 29447 0 28998 3 0 3 3 0 8 0 vmmpekpl 168 202608 0 202515 5 0 5 5 0 8 0 vmmpepl 168 3510343 0 3506916 564 374 190 190 0 357 21 vmsppl 272 29446 0 28997 33 2 31 31 0 8 0 rwobjpl 24 809344 0 801085 60 8 52 52 0 8 0 pdppl 4096 58900 0 58421 2196 1710 486 491 0 8 7 pvpl 32 11476953 0 11452856 943 716 227 301 0 265 23 pmappl 216 29446 0 28997 27 1 26 26 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 5542 0 4315 38 1 37 37 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff825708a8) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825e5c63,ffffffff82601c54,136,ffffffff825b3f52) at __assert+0x25 sys/kern/subr_prf.c:161 buf_free_pages(fffffd80658c1ea8) at buf_free_pages+0x1c2 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd80658c1ea8) at buf_dealloc_mem+0xdf sys/kern/vfs_biomem.c:179 buf_put(fffffd80658c1ea8) at buf_put+0x161 sys/kern/vfs_bio.c:132 brelse(fffffd80658c1ea8) at brelse+0x5b3 sys/kern/vfs_bio.c:960 vinvalbuf(fffffd8068c0b710,2,fffffd807f7d7840,ffff800021602d20,0,ffffffffffffffff) at vinvalbuf+0x391 sys/kern/vfs_subr.c:2000 ffs_truncate(fffffd80772e4d30,0,4,fffffd807f7d7840) at ffs_truncate+0xf06 sys/ufs/ffs/ffs_inode.c:326 ufs_rmdir(ffff800021694fc8) at ufs_rmdir+0x3e1 sys/ufs/ufs/ufs_vnops.c:1355 VOP_RMDIR(fffffd807ea28490,fffffd8068c0b710,ffff8000216950a8) at VOP_RMDIR+0x122 sys/kern/vfs_vops.c:423 dounlinkat(ffff800021602d20,e,c000d7e1c0,8) at dounlinkat+0x20e sys/kern/vfs_syscalls.c:1883 syscall(ffff800021695220) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2e1584800, count: -14 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff825708a8) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825e5c63,ffffffff82601c54,136,ffffffff825b3f52) at __assert+0x25 sys/kern/subr_prf.c:161 buf_free_pages(fffffd80658c1ea8) at buf_free_pages+0x1c2 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd80658c1ea8) at buf_dealloc_mem+0xdf sys/kern/vfs_biomem.c:179 buf_put(fffffd80658c1ea8) at buf_put+0x161 sys/kern/vfs_bio.c:132 brelse(fffffd80658c1ea8) at brelse+0x5b3 sys/kern/vfs_bio.c:960 vinvalbuf(fffffd8068c0b710,2,fffffd807f7d7840,ffff800021602d20,0,ffffffffffffffff) at vinvalbuf+0x391 sys/kern/vfs_subr.c:2000 ffs_truncate(fffffd80772e4d30,0,4,fffffd807f7d7840) at ffs_truncate+0xf06 sys/ufs/ffs/ffs_inode.c:326 ufs_rmdir(ffff800021694fc8) at ufs_rmdir+0x3e1 sys/ufs/ufs/ufs_vnops.c:1355 VOP_RMDIR(fffffd807ea28490,fffffd8068c0b710,ffff8000216950a8) at VOP_RMDIR+0x122 sys/kern/vfs_vops.c:423 dounlinkat(ffff800021602d20,e,c000d7e1c0,8) at dounlinkat+0x20e sys/kern/vfs_syscalls.c:1883 syscall(ffff800021695220) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2e1584800, count: -14