panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 329 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *167592 39615 0 0x2 0x4000000 0 syz-fuzzer db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:208 __assert(ffffffff81efc04e,ffffffff81f0e3c7,149,ffffffff81edd000) at __assert+0x2e sys/kern/subr_prf.c:155 buf_free_pages(fffffd802bc9fd00) at buf_free_pages+0x1ee sys/kern/vfs_biomem.c:318 buf_dealloc_mem(fffffd802bc9fd00) at buf_dealloc_mem+0xe1 sys/kern/vfs_biomem.c:194 buf_put(fffffd802bc9fd00) at buf_put+0x172 sys/kern/vfs_bio.c:130 brelse(fffffd802bc9fd00) at brelse+0x257 sys/kern/vfs_bio.c:926 vinvalbuf(fffffd802be5c630,2,ffffffffffffffff,ffff8000ffff5c30,0,0) at vinvalbuf+0x36b sys/kern/vfs_subr.c:1937 ffs_truncate(fffffd803027c010,0,0,ffffffffffffffff) at ffs_truncate+0xed8 sys/ufs/ffs/ffs_inode.c:325 ufs_inactive(ffff8000149d9f68) at ufs_inactive+0x159 sys/ufs/ufs/ufs_inode.c:85 VOP_INACTIVE(fffffd802be5c630,ffff8000ffff5c30) at VOP_INACTIVE+0x4c sys/kern/vfs_vops.c:572 vput(fffffd802be5c630) at vput+0xae sys/kern/vfs_subr.c:765 ufs_remove(ffff8000149da058) at ufs_remove+0x13c sys/ufs/ufs/ufs_vnops.c:620 VOP_REMOVE(fffffd802be5c888,fffffd802be5c630,ffff8000149da148) at VOP_REMOVE+0x61 sys/kern/vfs_vops.c:378 end trace frame: 0xffff8000149da1d0, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 329 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:208 __assert(ffffffff81efc04e,ffffffff81f0e3c7,149,ffffffff81edd000) at __assert+0x2e sys/kern/subr_prf.c:155 buf_free_pages(fffffd802bc9fd00) at buf_free_pages+0x1ee sys/kern/vfs_biomem.c:318 buf_dealloc_mem(fffffd802bc9fd00) at buf_dealloc_mem+0xe1 sys/kern/vfs_biomem.c:194 buf_put(fffffd802bc9fd00) at buf_put+0x172 sys/kern/vfs_bio.c:130 brelse(fffffd802bc9fd00) at brelse+0x257 sys/kern/vfs_bio.c:926 vinvalbuf(fffffd802be5c630,2,ffffffffffffffff,ffff8000ffff5c30,0,0) at vinvalbuf+0x36b sys/kern/vfs_subr.c:1937 ffs_truncate(fffffd803027c010,0,0,ffffffffffffffff) at ffs_truncate+0xed8 sys/ufs/ffs/ffs_inode.c:325 ufs_inactive(ffff8000149d9f68) at ufs_inactive+0x159 sys/ufs/ufs/ufs_inode.c:85 VOP_INACTIVE(fffffd802be5c630,ffff8000ffff5c30) at VOP_INACTIVE+0x4c sys/kern/vfs_vops.c:572 vput(fffffd802be5c630) at vput+0xae sys/kern/vfs_subr.c:765 ufs_remove(ffff8000149da058) at ufs_remove+0x13c sys/ufs/ufs/ufs_vnops.c:620 VOP_REMOVE(fffffd802be5c888,fffffd802be5c630,ffff8000149da148) at VOP_REMOVE+0x61 sys/kern/vfs_vops.c:378 dounlinkat(ffff8000ffff5c30,10,c0019c66b6,0) at dounlinkat+0x195 sys/kern/vfs_syscalls.c:1709 syscall(ffff8000149da2d0) at syscall+0x511 Xsyscall(6,145,c00002c000,145,38,200) at Xsyscall+0x128 end of kernel end trace frame: 0xc0018255b0, count: -17 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000149d9a50 rbx 0xffff8000149d9b00 rdx 0x2 rcx 0 rax 0 r8 0xffff8000149d9a10 r9 0x1 r10 0 r11 0xbf7dca4d072bd419 r12 0x3000000008 r13 0xffff8000149d9a60 r14 0x100 r15 0x1 rip 0xffffffff810ecd78 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000149d9a40 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-fuzzer) pid=167592 stat=onproc flags process=2 proc=4000000 pri=17, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff5078,0xffff8000ffff9080 process=0xffff800014972360 user=0xffff8000149d5000, vmspace=0xfffffd803f014c60 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 70361 267673 39615 0 3 0x2 biowait syz-executor.1 81718 313643 0 0 3 0x14200 bored sosplice 39615 443435 14758 0 3 0x82 thrsleep syz-fuzzer 39615 486733 14758 0 3 0x4000082 nanosleep syz-fuzzer 39615 234570 14758 0 3 0x4000082 thrsleep syz-fuzzer 39615 319651 14758 0 3 0x4000082 thrsleep syz-fuzzer 39615 294618 14758 0 3 0x4000082 thrsleep syz-fuzzer *39615 167592 14758 0 7 0x4000002 syz-fuzzer 39615 352596 14758 0 3 0x4000082 thrsleep syz-fuzzer 39615 422042 14758 0 3 0x4000082 thrsleep syz-fuzzer 14758 345044 41686 0 3 0x10008a pause ksh 41686 253344 13055 0 3 0x92 select sshd 86072 30989 1 0 3 0x100083 ttyin getty 13055 55465 1 0 3 0x80 select sshd 30902 445643 27634 73 3 0x100010 biowait syslogd 27634 404071 1 0 3 0x100082 netio syslogd 52722 409527 1 77 3 0x100090 poll dhclient 56510 295566 1 0 3 0x80 poll dhclient 16194 201853 0 0 3 0x14200 pgzero zerothread 94227 192932 0 0 3 0x14200 aiodoned aiodoned 35886 317441 0 0 3 0x14200 syncer update 45988 359626 0 0 3 0x14200 cleaner cleaner 85730 244479 0 0 3 0x14200 reaper reaper 83422 79083 0 0 3 0x14200 pgdaemon pagedaemon 35492 318854 0 0 3 0x14200 bored crynlk 81370 497213 0 0 3 0x14200 bored crypto 82658 230890 0 0 3 0x40014200 acpi0 acpi0 33053 269901 0 0 3 0x14200 bored softnet 93373 165901 0 0 3 0x14200 bored systqmp 9451 217220 0 0 3 0x14200 bored systq 43182 352186 0 0 3 0x40014200 bored softclock 27681 46082 0 0 3 0x40014200 idle0 49020 415692 0 0 3 0x14200 bored smr 1 324683 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9472 6329K 6585K 78643K 11119 0 0 pcb 23 9K 10K 78643K 1021 0 0 rtable 82 3K 3K 78643K 744 0 0 ifaddr 42 10K 12K 78643K 116 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 27 0 0 iov 0 0K 16K 78643K 42 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1200 75K 75K 78643K 1535 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 11 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 0K 1K 78643K 56 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12537 0 0 file desc 3 5K 17K 78643K 851 0 0 sigio 0 0K 0K 78643K 14 0 0 proc 41 30K 46K 78643K 363 0 0 subproc 32 32769K 67586K 78643K 204 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 73 0 0 in_multi 22 1K 2K 78643K 91 0 0 ether_multi 1 0K 0K 78643K 2 0 0 mrt 0 0K 0K 78643K 14 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 54 238K 238K 78643K 54 0 0 exec 0 0K 1K 78643K 227 0 0 pfkey data 0 0K 0K 78643K 2 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 67 11K 38K 78643K 2632 0 0 UVM aobj 15 3K 3K 78643K 18 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 20 0 0 NDP 10 0K 0K 78643K 36 0 0 temp 112 2354K 2419K 78643K 5180 0 0 kqueue 0 0K 0K 78643K 2 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 8 0 5 1 0 1 1 0 8 0 inpcbpl 280 995 0 988 1 0 1 1 0 8 0 plimitpl 152 30 0 24 1 0 1 1 0 8 0 rtentry 112 77 0 46 2 1 1 2 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpcb 544 91 0 87 1 0 1 1 0 8 0 nd6 48 12 0 10 2 1 1 1 0 8 0 ppxss 1128 11 0 11 4 4 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 355 0 207 15 5 10 12 0 8 0 art_table 32 356 0 207 2 0 2 2 0 8 0 art_node 16 76 0 48 1 0 1 1 0 8 0 semapl 112 54 0 44 1 0 1 1 0 8 0 shmpl 112 16 0 3 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2519 0 1096 46 0 46 46 0 8 0 ffsino 240 2519 0 1096 84 0 84 84 0 8 0 nchpl 144 3772 0 2133 61 0 61 61 0 8 0 uvmvnodes 72 2747 0 0 50 0 50 50 0 8 0 vnodes 200 2747 0 0 145 0 145 145 0 8 0 namei 1024 9964 0 9963 3 2 1 1 0 8 0 scsiplug 64 1 0 1 1 1 0 1 0 8 0 scxspl 192 12390 0 12388 12 11 1 6 0 8 0 sigapl 432 1009 0 998 2 0 2 2 0 8 0 futexpl 56 11601 0 11601 1 1 0 1 0 8 0 knotepl 112 198 0 171 1 0 1 1 0 8 0 kqueuepl 104 91 0 89 1 0 1 1 0 8 0 pipepl 112 466 0 451 2 1 1 1 0 8 0 fdescpl 424 1010 0 998 2 0 2 2 0 8 0 filepl 120 4931 0 4854 4 1 3 4 0 8 0 lockfpl 104 145 0 145 2 2 0 1 0 8 0 lockfspl 32 188 0 188 2 2 0 1 0 8 0 sessionpl 112 21 0 12 1 0 1 1 0 8 0 pgrppl 48 29 0 20 1 0 1 1 0 8 0 ucredpl 96 726 0 719 1 0 1 1 0 8 0 zombiepl 144 998 0 998 2 1 1 1 0 8 1 processpl 840 1025 0 998 4 0 4 4 0 8 0 procpl 600 1974 0 1940 4 1 3 4 0 8 0 sosppl 128 4 0 4 2 2 0 1 0 8 0 sockpl 384 1193 0 1176 3 1 2 3 0 8 0 mcl64k 65536 16 0 16 3 3 0 1 0 8 0 mcl16k 16384 2 0 2 2 2 0 1 0 8 0 mcl12k 12288 7 0 7 3 3 0 1 0 8 0 mcl9k 9216 5 0 5 3 3 0 1 0 8 0 mcl8k 8192 9 0 9 2 2 0 1 0 8 0 mcl4k 4096 25 0 25 3 3 0 1 0 8 0 mcl2k2 2112 6 0 6 3 3 0 1 0 8 0 mcl2k 2048 51646 0 51611 13 8 5 11 0 8 0 mtagpl 80 4 0 4 2 2 0 1 0 8 0 mbufpl 256 89720 0 89654 11 6 5 7 0 8 0 bufpl 256 7942 0 2386 348 0 348 348 0 8 0 anonpl 16 105158 0 97538 71 14 57 57 0 62 17 amapchunkpl 152 3982 0 3902 17 2 15 15 0 158 9 amappl16 192 5135 0 4634 52 25 27 38 0 8 1 amappl15 184 4 0 4 1 1 0 1 0 8 0 amappl14 176 28 0 27 2 1 1 1 0 8 0 amappl13 168 6 0 6 1 1 0 1 0 8 0 amappl12 160 741 0 738 1 0 1 1 0 8 0 amappl11 152 35 0 21 1 0 1 1 0 8 0 amappl10 144 140 0 139 2 1 1 1 0 8 0 amappl9 136 560 0 557 1 0 1 1 0 8 0 amappl8 128 135 0 118 1 0 1 1 0 8 0 amappl7 120 113 0 107 1 0 1 1 0 8 0 amappl6 112 55 0 46 1 0 1 1 0 8 0 amappl5 104 860 0 848 1 0 1 1 0 8 0 amappl4 96 686 0 661 2 1 1 2 0 8 0 amappl3 88 645 0 638 1 0 1 1 0 8 0 amappl2 80 7910 0 7869 2 0 2 2 0 8 0 amappl1 72 27719 0 27328 25 15 10 19 0 8 0 amappl 72 2214 0 2185 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 17 0 3 1 0 1 1 0 8 0 uaddrrnd 24 1010 0 998 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 1010 0 998 1 0 1 1 0 8 0 vmmpekpl 168 10464 0 10445 1 0 1 1 0 8 0 vmmpepl 168 112841 0 111551 139 64 75 98 0 357 10 vmsppl 264 1009 0 998 2 0 2 2 0 8 1 pdppl 4096 2026 0 1996 5 0 5 5 0 8 0 pvpl 32 354958 0 344497 273 41 232 247 0 265 123 pmappl 200 1009 0 998 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 496 0 33 14 0 14 14 0 8 0