panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 329 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *185124 14087 0 0x2 0 0 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821db7e1,ffffffff821f1683,149,ffffffff821ba941) at __assert+0x2e sys/kern/subr_prf.c:154 buf_free_pages(fffffd8028b1d600) at buf_free_pages+0x1ee sys/kern/vfs_biomem.c:318 buf_dealloc_mem(fffffd8028b1d600) at buf_dealloc_mem+0xe1 sys/kern/vfs_biomem.c:194 buf_put(fffffd8028b1d600) at buf_put+0x172 sys/kern/vfs_bio.c:131 brelse(fffffd8028b1d600) at brelse+0x257 sys/kern/vfs_bio.c:922 vinvalbuf(fffffd8030415cb8,2,fffffd803f7c6a80,ffff8000ffff2780,0,ffffffffffffffff) at vinvalbuf+0x3de sys/kern/vfs_subr.c:1974 ffs_truncate(fffffd803ad0c780,0,4,fffffd803f7c6a80) at ffs_truncate+0xeb5 sys/ufs/ffs/ffs_inode.c:326 ufs_rmdir(ffff800014927d98) at ufs_rmdir+0x3af sys/ufs/ufs/ufs_vnops.c:1357 VOP_RMDIR(fffffd802af31e40,fffffd8030415cb8,ffff800014927e98) at VOP_RMDIR+0xf8 sys/kern/vfs_vops.c:473 dounlinkat(ffff8000ffff2780,ffffff9c,7f7ffffda580,8) at dounlinkat+0x14c sys/kern/vfs_syscalls.c:1818 syscall(ffff800014928010) at syscall+0x508 Xsyscall(6,89,7f7ffffda0c0,89,7eedc300d80,7f7ffffda580) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffda570, count: 1 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 329 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821db7e1,ffffffff821f1683,149,ffffffff821ba941) at __assert+0x2e sys/kern/subr_prf.c:154 buf_free_pages(fffffd8028b1d600) at buf_free_pages+0x1ee sys/kern/vfs_biomem.c:318 buf_dealloc_mem(fffffd8028b1d600) at buf_dealloc_mem+0xe1 sys/kern/vfs_biomem.c:194 buf_put(fffffd8028b1d600) at buf_put+0x172 sys/kern/vfs_bio.c:131 brelse(fffffd8028b1d600) at brelse+0x257 sys/kern/vfs_bio.c:922 vinvalbuf(fffffd8030415cb8,2,fffffd803f7c6a80,ffff8000ffff2780,0,ffffffffffffffff) at vinvalbuf+0x3de sys/kern/vfs_subr.c:1974 ffs_truncate(fffffd803ad0c780,0,4,fffffd803f7c6a80) at ffs_truncate+0xeb5 sys/ufs/ffs/ffs_inode.c:326 ufs_rmdir(ffff800014927d98) at ufs_rmdir+0x3af sys/ufs/ufs/ufs_vnops.c:1357 VOP_RMDIR(fffffd802af31e40,fffffd8030415cb8,ffff800014927e98) at VOP_RMDIR+0xf8 sys/kern/vfs_vops.c:473 dounlinkat(ffff8000ffff2780,ffffff9c,7f7ffffda580,8) at dounlinkat+0x14c sys/kern/vfs_syscalls.c:1818 syscall(ffff800014928010) at syscall+0x508 Xsyscall(6,89,7f7ffffda0c0,89,7eedc300d80,7f7ffffda580) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffda570, count: -14 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800014927870 rbx 0xffff800014927920 rdx 0x2 rcx 0 rax 0 r8 0xffff800014927830 r9 0x1 r10 0 r11 0x8c7b5561d0181efa r12 0x3000000008 r13 0xffff800014927880 r14 0x100 r15 0x1 rip 0xffffffff81f7c338 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800014927860 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=185124 stat=onproc flags process=2 proc=0 pri=17, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff2c70,0xffffffff82588530 process=0xffff8000ffff7450 user=0xffff800014923000, vmspace=0xfffffd803f014440 estcpu=0, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND *14087 185124 3642 0 7 0x2 syz-executor.1 16529 429967 1 0 3 0x100083 ttyin getty 22328 486215 0 0 3 0x14200 bored sosplice 3642 222778 49752 0 3 0x82 thrsleep syz-fuzzer 3642 418150 49752 0 3 0x4000082 nanosleep syz-fuzzer 3642 493863 49752 0 3 0x4000082 thrsleep syz-fuzzer 3642 129321 49752 0 3 0x4000082 thrsleep syz-fuzzer 3642 278797 49752 0 3 0x4000082 thrsleep syz-fuzzer 3642 356555 49752 0 3 0x4000082 thrsleep syz-fuzzer 3642 19230 49752 0 3 0x4000082 thrsleep syz-fuzzer 3642 238380 49752 0 2 0x4000002 syz-fuzzer 49752 305748 55059 0 3 0x10008a pause ksh 55059 82261 99268 0 3 0x92 select sshd 99268 93752 1 0 3 0x80 select sshd 35979 480944 80716 73 3 0x100010 biowait syslogd 80716 75903 1 0 3 0x100082 netio syslogd 253 438963 1 77 3 0x100090 poll dhclient 34588 469030 1 0 3 0x80 poll dhclient 94974 190898 0 0 3 0x14200 pgzero zerothread 11194 26589 0 0 3 0x14200 aiodoned aiodoned 13777 504057 0 0 3 0x14200 syncer update 5998 239588 0 0 3 0x14200 cleaner cleaner 70027 516713 0 0 3 0x14200 reaper reaper 76774 102808 0 0 3 0x14200 pgdaemon pagedaemon 41910 183304 0 0 3 0x14200 bored crynlk 32073 214469 0 0 3 0x14200 bored crypto 78452 91068 0 0 3 0x40014200 acpi0 acpi0 68458 456975 0 0 3 0x14200 bored softnet 80240 482422 0 0 3 0x14200 bored systqmp 37749 139242 0 0 3 0x14200 bored systq 61422 121443 0 0 3 0x40014200 bored softclock 44244 274169 0 0 3 0x40014200 idle0 30941 4481 0 0 3 0x14200 bored smr 1 245578 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9558 6379K 15181K 78643K 34508 0 0 pcb 13 8K 8K 78643K 616 0 0 rtable 96 11K 12K 78643K 2803 0 0 ifaddr 68 17K 20K 78643K 954 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 450 0 0 iov 0 0K 32K 78643K 1183 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1199 75K 77K 78643K 9855 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 96 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 0K 1K 78643K 991 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 3 5K 25K 78643K 9222 0 0 sigio 0 0K 0K 78643K 74 0 0 proc 43 30K 54K 78643K 2271 0 0 subproc 16 1K 2K 78643K 499 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 822 0 0 in_multi 22 1K 2K 78643K 642 0 0 ether_multi 1 0K 0K 78643K 41 0 0 mrt 0 0K 0K 78643K 22 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 114 503K 503K 78643K 114 0 0 exec 0 0K 1K 78643K 1345 0 0 pfkey data 0 0K 4K 78643K 4 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 95 13K 31K 78643K 22878 0 0 UVM aobj 130 4K 4K 78643K 152 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 338 0 0 NDP 16 0K 1K 78643K 288 0 0 temp 182 3523K 4166K 78643K 97944 0 0 kqueue 0 0K 0K 78643K 80 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 61 0 57 1 0 1 1 0 8 0 rtpcb 80 436 0 434 1 0 1 1 0 8 0 rtentry 112 351 0 317 2 0 2 2 0 8 0 unpcb 120 3027 0 3019 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 sackhl 24 2 0 2 2 2 0 1 0 8 0 tcpqe 32 2724 0 2724 1 1 0 1 0 8 0 tcpcb 544 1395 0 1391 1 0 1 1 0 8 0 ipq 40 17 0 17 7 7 0 1 0 8 0 ipqe 40 39 0 39 7 7 0 1 0 8 0 inpcb 280 3952 0 3945 6 5 1 2 0 8 0 nd6 48 83 0 80 1 0 1 1 0 8 0 pkpcb 40 42 0 42 17 17 0 1 0 8 0 swfcl 56 3 0 0 1 0 1 1 0 8 0 ppxss 1128 149 0 149 33 33 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1360 0 1212 25 14 11 13 0 8 0 art_table 32 1361 0 1212 2 0 2 2 0 8 0 art_node 16 331 0 301 1 0 1 1 0 8 0 sysvmsgpl 40 20 0 10 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 987 0 977 1 0 1 1 0 8 0 shmpl 112 150 0 22 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 15894 0 14485 46 0 46 46 0 8 0 ffsino 240 15894 0 14485 84 0 84 84 0 8 0 nchpl 144 28943 0 27318 61 0 61 61 0 8 0 uvmvnodes 72 7446 0 0 136 0 136 136 0 8 0 vnodes 200 7446 0 0 392 0 392 392 0 8 0 namei 1024 96181 0 96181 10 9 1 1 0 8 1 scsiplug 64 17 0 17 10 10 0 1 0 8 0 scxspl 192 99478 0 99477 60 59 1 6 0 8 0 plimitpl 152 795 0 789 1 0 1 1 0 8 0 sigapl 432 9315 0 9304 2 0 2 2 0 8 0 futexpl 56 149076 0 149076 10 10 0 1 0 8 0 knotepl 112 2279 0 2256 1 0 1 1 0 8 0 kqueuepl 104 2135 0 2133 1 0 1 1 0 8 0 pipepl 112 5024 0 5009 7 6 1 2 0 8 0 fdescpl 424 9316 0 9304 2 0 2 2 0 8 0 filepl 120 55847 0 55771 7 4 3 5 0 8 0 lockfpl 104 3126 0 3126 14 14 0 1 0 8 0 lockfspl 48 1069 0 1069 14 14 0 1 0 8 0 sessionpl 112 47 0 38 1 0 1 1 0 8 0 pgrppl 48 139 0 130 1 0 1 1 0 8 0 ucredpl 96 11199 0 11191 1 0 1 1 0 8 0 zombiepl 144 9308 0 9308 2 1 1 1 0 8 1 processpl 864 9335 0 9308 4 0 4 4 0 8 0 procpl 632 20673 0 20639 4 0 4 4 0 8 0 sosppl 128 104 0 104 29 29 0 1 0 8 0 sockpl 384 7531 0 7514 16 14 2 4 0 8 0 mcl64k 65536 529 0 529 63 63 0 33 0 8 0 mcl16k 16384 37 0 37 24 24 0 1 0 8 0 mcl12k 12288 164 0 164 34 34 0 1 0 8 0 mcl9k 9216 118 0 118 38 38 0 1 0 8 0 mcl8k 8192 156 0 156 33 33 0 1 0 8 0 mcl4k 4096 453 0 453 23 23 0 1 0 8 0 mcl2k2 2112 60 0 60 26 26 0 1 0 8 0 mcl2k 2048 71174 0 71127 21 14 7 13 0 8 0 mtagpl 80 269 0 265 5 4 1 1 0 8 0 mbufpl 256 160298 0 160221 49 39 10 25 0 8 0 bufpl 256 35760 0 28308 466 0 466 466 0 8 0 anonpl 16 927870 0 917534 319 258 61 67 0 62 4 amapchunkpl 152 42205 0 42096 129 114 15 19 0 158 8 amappl16 192 52554 0 51892 341 306 35 47 0 8 0 amappl15 184 1146 0 1146 8 8 0 1 0 8 0 amappl14 176 2153 0 2148 1 0 1 1 0 8 0 amappl13 168 2229 0 2229 6 6 0 1 0 8 0 amappl12 160 1715 0 1713 1 0 1 1 0 8 0 amappl11 152 266 0 255 1 0 1 1 0 8 0 amappl10 144 782 0 781 1 0 1 1 0 8 0 amappl9 136 1645 0 1641 1 0 1 1 0 8 0 amappl8 128 1094 0 1065 1 0 1 1 0 8 0 amappl7 120 807 0 800 1 0 1 1 0 8 0 amappl6 112 232 0 221 1 0 1 1 0 8 0 amappl5 104 2093 0 2083 1 0 1 1 0 8 0 amappl4 96 8110 0 8086 1 0 1 1 0 8 0 amappl3 88 4933 0 4923 1 0 1 1 0 8 0 amappl2 80 72901 0 72843 3 1 2 3 0 8 0 amappl1 72 173638 0 173251 24 15 9 19 0 8 0 amappl 80 21405 0 21372 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 151 0 22 3 0 3 3 0 8 0 uaddrrnd 24 9316 0 9304 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 9316 0 9304 1 0 1 1 0 8 0 vmmpekpl 168 57544 0 57520 2 0 2 2 0 8 0 vmmpepl 168 1087008 0 1085465 483 399 84 107 0 357 2 vmsppl 272 9315 0 9304 7 6 1 2 0 8 0 pdppl 4096 18638 0 18608 6 1 5 6 0 8 0 pvpl 32 2533320 0 2520061 821 581 240 255 0 265 106 pmappl 200 9315 0 9304 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 818 0 228 18 0 18 18 0 8 0