panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 310 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *462846 83374 0 0x2 0x4000000 0 syz-fuzzer db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8256f770) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825e23b1,ffffffff825f981d,136,ffffffff825aef78) at __assert+0x25 sys/kern/subr_prf.c:161 buf_free_pages(fffffd8064d17b68) at buf_free_pages+0x1c2 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd8064d17b68) at buf_dealloc_mem+0xdf sys/kern/vfs_biomem.c:179 buf_put(fffffd8064d17b68) at buf_put+0x161 sys/kern/vfs_bio.c:132 brelse(fffffd8064d17b68) at brelse+0x5b3 sys/kern/vfs_bio.c:960 vinvalbuf(fffffd8059a59d60,2,fffffd807f7d7900,ffff80002162bce0,0,ffffffffffffffff) at vinvalbuf+0x391 sys/kern/vfs_subr.c:2000 ffs_truncate(fffffd805bbe1d20,0,4,fffffd807f7d7900) at ffs_truncate+0xf06 sys/ufs/ffs/ffs_inode.c:326 ufs_rmdir(ffff80002167b0f8) at ufs_rmdir+0x3e1 sys/ufs/ufs/ufs_vnops.c:1355 VOP_RMDIR(fffffd806f2ee110,fffffd8059a59d60,ffff80002167b1d8) at VOP_RMDIR+0x122 sys/kern/vfs_vops.c:423 dounlinkat(ffff80002162bce0,d,c0010fab40,8) at dounlinkat+0x20e sys/kern/vfs_syscalls.c:1883 syscall(ffff80002167b350) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x23efc8180, count: 1 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 310 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8256f770) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825e23b1,ffffffff825f981d,136,ffffffff825aef78) at __assert+0x25 sys/kern/subr_prf.c:161 buf_free_pages(fffffd8064d17b68) at buf_free_pages+0x1c2 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd8064d17b68) at buf_dealloc_mem+0xdf sys/kern/vfs_biomem.c:179 buf_put(fffffd8064d17b68) at buf_put+0x161 sys/kern/vfs_bio.c:132 brelse(fffffd8064d17b68) at brelse+0x5b3 sys/kern/vfs_bio.c:960 vinvalbuf(fffffd8059a59d60,2,fffffd807f7d7900,ffff80002162bce0,0,ffffffffffffffff) at vinvalbuf+0x391 sys/kern/vfs_subr.c:2000 ffs_truncate(fffffd805bbe1d20,0,4,fffffd807f7d7900) at ffs_truncate+0xf06 sys/ufs/ffs/ffs_inode.c:326 ufs_rmdir(ffff80002167b0f8) at ufs_rmdir+0x3e1 sys/ufs/ufs/ufs_vnops.c:1355 VOP_RMDIR(fffffd806f2ee110,fffffd8059a59d60,ffff80002167b1d8) at VOP_RMDIR+0x122 sys/kern/vfs_vops.c:423 dounlinkat(ffff80002162bce0,d,c0010fab40,8) at dounlinkat+0x20e sys/kern/vfs_syscalls.c:1883 syscall(ffff80002167b350) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x23efc8180, count: -14 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002167abf0 rbx 0 rdx 0 rcx 0 rax 0xffff80002162bce0 r8 0x101010101010101 r9 0x8080808080808080 r10 0xd081ec2ebc010be6 r11 0x693e26e84f1eea41 r12 0 r13 0xfffffd8005ad1a80 r14 0 r15 0x1 rip 0xffffffff82421018 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002167abe0 ss 0 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-fuzzer) pid=462846 stat=onproc flags process=2 proc=4000000 pri=17, usrpri=84, nice=20 forw=0xffffffffffffffff, list=0xffff80002160a550,0xffff80002162b7b0 process=0xffff80002160d788 user=0xffff800021676000, vmspace=0xfffffd807f016aa0 estcpu=34, cpticks=1, pctcpu=0.12 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 67227 93456 17329 0 2 0 syz-executor.3 67227 210707 17329 0 2 0x4000000 syz-executor.3 17329 55277 83374 0 3 0x82 nanoslp syz-executor.3 24147 222189 83374 0 3 0x82 piperd syz-executor.5 73482 407334 83374 0 3 0x82 piperd syz-executor.2 97565 200341 83374 0 3 0x82 piperd syz-executor.6 66287 257929 1 0 3 0x100083 ttyin getty 96727 10596 83374 0 3 0x82 piperd syz-executor.4 68193 106784 83374 0 3 0x82 piperd syz-executor.7 75812 140032 83374 0 3 0x82 piperd syz-executor.1 54064 232328 0 0 3 0x14280 nfsidl nfsio 19862 477058 0 0 3 0x14280 nfsidl nfsio 27825 231984 0 0 3 0x14280 nfsidl nfsio 1194 105571 0 0 3 0x14280 nfsidl nfsio 1534 397939 0 0 3 0x14280 nfsidl nfsio 88592 421889 0 0 3 0x14280 nfsidl nfsio 7101 398925 0 0 3 0x14280 nfsidl nfsio 34144 375326 0 0 3 0x14280 nfsidl nfsio 81862 411471 0 0 3 0x14280 nfsidl nfsio 7813 1190 0 0 3 0x14280 nfsidl nfsio 31567 362442 0 0 3 0x14280 nfsidl nfsio 48761 64125 0 0 3 0x14280 nfsidl nfsio 70448 369213 0 0 3 0x14280 nfsidl nfsio 9067 254000 0 0 3 0x14280 nfsidl nfsio 39705 125267 0 0 3 0x14280 nfsidl nfsio 28264 351689 0 0 3 0x14280 nfsidl nfsio 21387 389824 0 0 3 0x14280 nfsidl nfsio 48964 80014 0 0 3 0x14280 nfsidl nfsio 6513 367124 0 0 3 0x14280 nfsidl nfsio 37925 14162 0 0 3 0x14280 nfsidl nfsio 72895 383725 0 0 3 0x14200 bored sosplice 83374 125738 85290 0 3 0x82 thrsleep syz-fuzzer 83374 181060 85290 0 3 0x4000082 nanoslp syz-fuzzer 83374 244607 85290 0 3 0x4000082 thrsleep syz-fuzzer 83374 29143 85290 0 3 0x4000082 thrsleep syz-fuzzer *83374 462846 85290 0 7 0x4000002 syz-fuzzer 83374 470385 85290 0 3 0x4000082 thrsleep syz-fuzzer 83374 78969 85290 0 3 0x4000082 thrsleep syz-fuzzer 83374 235260 85290 0 3 0x4000082 thrsleep syz-fuzzer 85290 144488 44845 0 3 0x10008a sigsusp ksh 44845 15618 66939 0 3 0x9a kqread sshd 66939 415492 1 0 3 0x88 kqread sshd 73082 272209 72014 73 3 0x1100090 kqread syslogd 72014 278995 1 0 3 0x100082 netio syslogd 7007 341292 1 0 3 0x100080 kqread resolvd 68371 114259 60053 77 3 0x100092 kqread dhcpleased 15241 294999 60053 77 3 0x100092 kqread dhcpleased 60053 387978 1 0 3 0x80 kqread dhcpleased 32051 81392 0 0 3 0x14200 bored smr 94091 282495 0 0 2 0x14200 zerothread 86646 226602 0 0 3 0x14200 aiodoned aiodoned 94819 11537 0 0 3 0x14200 syncer update 73591 199862 0 0 3 0x14200 cleaner cleaner 86331 128384 0 0 3 0x14200 reaper reaper 28809 200211 0 0 3 0x14200 pgdaemon pagedaemon 34321 66244 0 0 3 0x14200 bored viomb 11710 393770 0 0 3 0x40014200 acpi0 acpi0 79546 225432 0 0 3 0x14200 bored softnet 11825 509940 0 0 3 0x14200 bored softnet 43413 128002 0 0 3 0x14200 bored softnet 18691 190717 0 0 3 0x14200 bored softnet 377 392711 0 0 3 0x14200 bored systqmp 61561 86669 0 0 3 0x14200 bored systq 40223 172933 0 0 3 0x40014200 bored softclock 50098 317645 0 0 3 0x40014200 idle0 1 130733 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10196 6480K 7666K 78643K 68456 0 pcb 13 20K 24K 78643K 4160 0 rtable 164 10K 12K 78643K 8187 0 ifaddr 83 23K 30K 78643K 2840 0 sysctl 3 1K 2K 78643K 8 0 counters 26 17K 17K 78643K 353 0 ioctlops 0 0K 4K 78643K 6972 0 iov 0 0K 24K 78643K 3034 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 5 0 vnodes 1662 104K 104K 78643K 20059 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 221 0 VM map 2 0K 0K 78643K 2 0 sem 20 28K 44K 78643K 1222 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 10 33K 77K 78643K 24448 0 sigio 0 0K 0K 78643K 146 0 proc 63 59K 83K 78643K 6560 0 subproc 91 5K 7K 78643K 2561 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 2450 0 in_multi 63 4K 7K 78643K 3110 0 ether_multi 1 0K 0K 78643K 88 0 mrt 1 0K 0K 78643K 43 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 181 811K 811K 78643K 181 0 exec 0 0K 2K 78643K 8139 0 pfkey data 0 0K 1K 78643K 79 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 671 2150K 2160K 78643K 135320 0 UVM aobj 125 8K 8K 78643K 146 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 672 0 NDP 13 0K 2K 78643K 789 0 temp 129 4728K 21112K 78643K 304001 0 kqueue 12 18K 28K 78643K 2911 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 1888 0 1885 26 25 1 3 0 8 0 rtentry 112 2735 0 2667 6 3 3 4 0 8 0 unpcb 136 14697 0 14684 171 170 1 8 0 8 0 syncache 296 99 0 99 30 30 0 1 0 8 0 sackhl 24 1 0 1 1 1 0 1 0 8 0 tcpqe 32 251 0 251 15 15 0 2 0 8 0 tcpcb 736 7853 0 7849 319 317 2 14 0 8 1 arp 88 467 0 455 1 0 1 1 0 8 0 ipq 40 82 0 82 5 5 0 1 0 8 0 ipqe 40 304 0 304 5 5 0 1 0 8 0 inpcb 312 45304 0 45297 444 435 9 17 0 8 8 ip6q 72 6 0 6 3 3 0 1 0 8 0 ip6af 40 11 0 11 3 3 0 1 0 8 0 nd6 48 679 0 664 1 0 1 1 0 8 0 pkpcb 40 183 0 183 23 23 0 1 0 8 0 kcovpl 48 197 0 190 1 0 1 1 0 8 0 ppxss 1152 43 0 43 11 11 0 1 0 8 0 pfosfp 40 8 0 7 1 0 1 1 0 8 0 pfosfpen 112 8 0 6 1 0 1 1 0 8 0 pfrktable 1344 49 0 47 2 1 1 1 0 8 0 pftag 88 17 0 14 1 0 1 1 0 8 0 pfstkey 112 5 0 5 1 1 0 1 0 8 0 pfstate 336 5 0 5 1 1 0 1 0 8 0 pfrule 1360 375 0 361 4 2 2 2 0 8 0 rttmr 64 8 0 8 3 3 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 11712 0 11422 113 89 24 30 0 8 2 art_table 32 11713 0 11422 5 1 4 4 0 8 0 art_node 16 2734 0 2676 1 0 1 1 0 8 0 sysvmsgpl 40 23 0 16 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 1212 0 1194 1 0 1 1 0 8 0 shmpl 112 143 0 21 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 31471 0 29931 97 0 97 97 0 8 0 ffsino 240 31471 0 29931 91 0 91 91 0 8 0 nchpl 144 63869 0 62248 63 0 63 63 0 8 0 uvmvnodes 80 7288 0 0 149 0 149 149 0 8 0 vnodes 224 7288 0 0 429 0 429 429 0 8 0 namei 1024 247773 0 247773 25 24 1 2 0 8 1 vcpupl 1984 211 0 1 27 0 27 27 0 8 0 vmpool 528 300 0 90 18 4 14 14 0 8 0 pfiaddrpl 120 16 0 9 1 0 1 1 0 8 0 kstatmem 264 680 0 654 6 3 3 3 0 8 0 scsiplug 72 12 0 12 3 3 0 1 0 8 0 scxspl 216 223045 0 223045 48 46 2 8 0 8 2 plimitpl 152 3656 0 3643 1 0 1 1 0 8 0 sigapl 424 24341 0 24283 8 0 8 8 0 8 0 futexpl 64 238604 0 238604 16 15 1 1 0 8 1 knotepl 120 290257 0 290179 197 193 4 14 0 8 0 kqueuepl 184 6749 0 6741 104 103 1 6 0 8 0 pipepl 304 5207 0 5180 150 145 5 11 0 8 2 fdescpl 432 24293 0 24272 8 4 4 4 0 8 0 filepl 120 191210 0 190994 330 315 15 20 0 8 6 lockfpl 104 6088 0 6086 13 12 1 2 0 8 0 lockfspl 48 1606 0 1604 1 0 1 1 0 8 0 sessionpl 144 219 0 204 1 0 1 1 0 8 0 pgrppl 48 471 0 456 1 0 1 1 0 8 0 ucredpl 96 21064 0 21049 1 0 1 1 0 8 0 zombiepl 144 24283 0 24283 3 2 1 1 0 8 1 processpl 1000 24341 0 24283 11 2 9 9 0 8 0 procpl 672 59379 0 59313 37 29 8 9 0 8 0 sosppl 168 228 0 228 42 42 0 1 0 8 0 sockpl 448 62331 0 62308 936 921 15 38 0 8 12 mcl64k 65536 621 0 621 69 69 0 1 0 8 0 mcl16k 16384 256 0 256 64 64 0 1 0 8 0 mcl12k 12288 614 0 614 88 88 0 1 0 8 0 mcl9k 9216 286 0 286 71 71 0 1 0 8 0 mcl8k 8192 1151 0 1151 82 82 0 1 0 8 0 mcl4k 4096 2281 0 2281 67 66 1 1 0 8 1 mcl2k2 2112 170 0 170 77 77 0 1 0 8 0 mcl2k 2048 115107 0 115059 113 105 8 32 0 8 0 mtagpl 96 4986 0 4958 54 52 2 14 0 8 1 mbufpl 256 368539 0 368301 235 214 21 55 0 8 0 bufpl 288 46418 0 38635 561 5 556 556 0 8 0 anonpl 24 5423725 0 5407179 559 418 141 186 0 188 13 amapchunkpl 152 508379 0 507755 1254 1217 37 659 0 158 7 amappl16 200 95100 0 94359 155 105 50 57 0 8 0 amappl15 192 2259 0 2259 13 12 1 1 0 8 1 amappl14 184 1868 0 1861 1 0 1 1 0 8 0 amappl13 176 4160 0 4157 1 0 1 1 0 8 0 amappl12 168 3949 0 3942 1 0 1 1 0 8 0 amappl11 160 2392 0 2377 1 0 1 1 0 8 0 amappl10 152 2993 0 2983 1 0 1 1 0 8 0 amappl9 144 2747 0 2741 1 0 1 1 0 8 0 amappl8 136 9025 0 8874 11 5 6 6 0 8 0 amappl7 128 6015 0 6003 1 0 1 1 0 8 0 amappl6 120 3647 0 3624 2 1 1 2 0 8 0 amappl5 112 19305 0 19295 1 0 1 1 0 8 0 amappl4 104 9164 0 9131 2 0 2 2 0 8 0 amappl3 96 75998 0 75958 2 0 2 2 0 8 0 amappl2 88 30687 0 30610 3 1 2 3 0 8 0 amappl1 80 694282 0 693753 24 8 16 19 0 8 0 amappl 88 131403 0 131123 10 2 8 8 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 145 0 21 3 0 3 3 0 8 0 uaddrrnd 24 24593 0 24362 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 24593 0 24362 2 0 2 2 0 8 0 vmmpekpl 168 170746 0 170670 4 0 4 4 0 8 0 vmmpepl 168 3082636 0 3079875 641 478 163 188 0 357 0 vmsppl 272 24592 0 24362 18 2 16 16 0 8 0 rwobjpl 24 734109 0 724812 70 12 58 59 0 8 0 pdppl 4096 49192 0 48934 2030 1758 272 274 0 8 14 pvpl 32 10442200 0 10423638 855 614 241 297 0 265 41 pmappl 216 24592 0 24362 14 0 14 14 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 5276 0 4156 32 0 32 32 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8256f770) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825e23b1,ffffffff825f981d,136,ffffffff825aef78) at __assert+0x25 sys/kern/subr_prf.c:161 buf_free_pages(fffffd8064d17b68) at buf_free_pages+0x1c2 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd8064d17b68) at buf_dealloc_mem+0xdf sys/kern/vfs_biomem.c:179 buf_put(fffffd8064d17b68) at buf_put+0x161 sys/kern/vfs_bio.c:132 brelse(fffffd8064d17b68) at brelse+0x5b3 sys/kern/vfs_bio.c:960 vinvalbuf(fffffd8059a59d60,2,fffffd807f7d7900,ffff80002162bce0,0,ffffffffffffffff) at vinvalbuf+0x391 sys/kern/vfs_subr.c:2000 ffs_truncate(fffffd805bbe1d20,0,4,fffffd807f7d7900) at ffs_truncate+0xf06 sys/ufs/ffs/ffs_inode.c:326 ufs_rmdir(ffff80002167b0f8) at ufs_rmdir+0x3e1 sys/ufs/ufs/ufs_vnops.c:1355 VOP_RMDIR(fffffd806f2ee110,fffffd8059a59d60,ffff80002167b1d8) at VOP_RMDIR+0x122 sys/kern/vfs_vops.c:423 dounlinkat(ffff80002162bce0,d,c0010fab40,8) at dounlinkat+0x20e sys/kern/vfs_syscalls.c:1883 syscall(ffff80002167b350) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x23efc8180, count: -14 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8256f770) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825e23b1,ffffffff825f981d,136,ffffffff825aef78) at __assert+0x25 sys/kern/subr_prf.c:161 buf_free_pages(fffffd8064d17b68) at buf_free_pages+0x1c2 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd8064d17b68) at buf_dealloc_mem+0xdf sys/kern/vfs_biomem.c:179 buf_put(fffffd8064d17b68) at buf_put+0x161 sys/kern/vfs_bio.c:132 brelse(fffffd8064d17b68) at brelse+0x5b3 sys/kern/vfs_bio.c:960 vinvalbuf(fffffd8059a59d60,2,fffffd807f7d7900,ffff80002162bce0,0,ffffffffffffffff) at vinvalbuf+0x391 sys/kern/vfs_subr.c:2000 ffs_truncate(fffffd805bbe1d20,0,4,fffffd807f7d7900) at ffs_truncate+0xf06 sys/ufs/ffs/ffs_inode.c:326 ufs_rmdir(ffff80002167b0f8) at ufs_rmdir+0x3e1 sys/ufs/ufs/ufs_vnops.c:1355 VOP_RMDIR(fffffd806f2ee110,fffffd8059a59d60,ffff80002167b1d8) at VOP_RMDIR+0x122 sys/kern/vfs_vops.c:423 dounlinkat(ffff80002162bce0,d,c0010fab40,8) at dounlinkat+0x20e sys/kern/vfs_syscalls.c:1883 syscall(ffff80002167b350) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x23efc8180, count: -14