panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 310 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *502363 9620 0 0x2000002 0x4000000 0 syz-fuzzer db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82884f81) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff82909a17,ffffffff8292955b,136,ffffffff828d0edd) at __assert+0x29 sys/kern/subr_prf.c:157 buf_free_pages(fffffd80681a3c18) at buf_free_pages+0x1d2 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd80681a3c18) at buf_dealloc_mem+0xe3 sys/kern/vfs_biomem.c:179 buf_put(fffffd80681a3c18) at buf_put+0x157 sys/kern/vfs_bio.c:127 brelse(fffffd80681a3c18) at brelse+0x56b sys/kern/vfs_bio.c:944 vinvalbuf(fffffd806751a7b8,2,ffffffffffffffff,ffff80002a5c7548,0,ffffffffffffffff) at vinvalbuf+0x391 sys/kern/vfs_subr.c:2025 ffs_truncate(fffffd8067950e20,0,0,ffffffffffffffff) at ffs_truncate+0xc84 ufs_inactive(ffff80002a65b4f8) at ufs_inactive+0x157 sys/ufs/ufs/ufs_inode.c:84 VOP_INACTIVE(fffffd806751a7b8,ffff80002a5c7548) at VOP_INACTIVE+0xbf sys/kern/vfs_vops.c:489 vput(fffffd806751a7b8) at vput+0xa7 sys/kern/vfs_subr.c:779 ufs_remove(ffff80002a65b5f8) at ufs_remove+0x13b sys/ufs/ufs/ufs_vnops.c:601 VOP_REMOVE(fffffd8069766b58,fffffd806751a7b8,ffff80002a65b6d8) at VOP_REMOVE+0x11c sys/kern/vfs_vops.c:333 end trace frame: 0xffff80002a65b770, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 310 ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82884f81) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff82909a17,ffffffff8292955b,136,ffffffff828d0edd) at __assert+0x29 sys/kern/subr_prf.c:157 buf_free_pages(fffffd80681a3c18) at buf_free_pages+0x1d2 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd80681a3c18) at buf_dealloc_mem+0xe3 sys/kern/vfs_biomem.c:179 buf_put(fffffd80681a3c18) at buf_put+0x157 sys/kern/vfs_bio.c:127 brelse(fffffd80681a3c18) at brelse+0x56b sys/kern/vfs_bio.c:944 vinvalbuf(fffffd806751a7b8,2,ffffffffffffffff,ffff80002a5c7548,0,ffffffffffffffff) at vinvalbuf+0x391 sys/kern/vfs_subr.c:2025 ffs_truncate(fffffd8067950e20,0,0,ffffffffffffffff) at ffs_truncate+0xc84 ufs_inactive(ffff80002a65b4f8) at ufs_inactive+0x157 sys/ufs/ufs/ufs_inode.c:84 VOP_INACTIVE(fffffd806751a7b8,ffff80002a5c7548) at VOP_INACTIVE+0xbf sys/kern/vfs_vops.c:489 vput(fffffd806751a7b8) at vput+0xa7 sys/kern/vfs_subr.c:779 ufs_remove(ffff80002a65b5f8) at ufs_remove+0x13b sys/ufs/ufs/ufs_vnops.c:601 VOP_REMOVE(fffffd8069766b58,fffffd806751a7b8,ffff80002a65b6d8) at VOP_REMOVE+0x11c sys/kern/vfs_vops.c:333 dounlinkat(ffff80002a5c7548,1a,c001921aa6,0) at dounlinkat+0x110 sys/kern/vfs_syscalls.c:1883 syscall(ffff80002a65b850) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2ec485da0, count: -17 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002a65b000 rbx 0 rdx 0 rcx 0 rax 0xffff80002a5c7548 r8 0x101010101010101 r9 0x8080808080808080 r10 0xbeb95fd87275f0cd r11 0x1ea2bdbf514422df r12 0 r13 0xfffffd80069eb580 r14 0 r15 0x1 rip 0xffffffff81e9dc7c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff80002a65aff0 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-fuzzer) tid=502363 pid=9620 tcnt=14 stat=onproc flags process=2000002 proc=4000000 runpri=17, usrpri=54, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 forw=0xffffffffffffffff, list=0xffff80002a5c72a0,0xffff80002a61cac0 process=0xffff8000ffff65c0 user=0xffff80002a656000, vmspace=0xfffffd80074c26e0 estcpu=4, cpticks=16, pctcpu=0.0, user=0, sys=16, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 50905 482867 0 0 3 0x14280 nfsidl nfsio 84465 382886 0 0 3 0x14280 nfsidl nfsio 73834 501609 0 0 3 0x14280 nfsidl nfsio 46766 55594 0 0 3 0x14280 nfsidl nfsio 31854 53136 0 0 3 0x14280 nfsidl nfsio 56531 35669 0 0 3 0x14280 nfsidl nfsio 3157 222080 0 0 3 0x14280 nfsidl nfsio 57826 30977 0 0 3 0x14280 nfsidl nfsio 97837 55941 0 0 3 0x14280 nfsidl nfsio 57072 512010 0 0 3 0x14280 nfsidl nfsio 25021 71343 0 0 3 0x14280 nfsidl nfsio 57871 457886 0 0 3 0x14280 nfsidl nfsio 26568 3299 0 0 3 0x14280 nfsidl nfsio 24575 146675 0 0 3 0x14280 nfsidl nfsio 62140 194088 0 0 3 0x14280 nfsidl nfsio 90218 253490 0 0 3 0x14280 nfsidl nfsio 78206 17009 0 0 3 0x14280 nfsidl nfsio 30209 113482 0 0 3 0x14280 nfsidl nfsio 66712 182668 0 0 3 0x14280 nfsidl nfsio 11967 152221 0 0 3 0x14280 nfsidl nfsio 32579 81479 0 0 3 0x14200 acct acct 36148 4922 0 0 3 0x14200 bored sosplice 9620 390361 86928 0 3 0x2000082 thrsleep syz-fuzzer 9620 353623 86928 0 3 0x6000082 nanoslp syz-fuzzer * 9620 502363 86928 0 7 0x6000002 syz-fuzzer 9620 515479 86928 0 3 0x6000082 thrsleep syz-fuzzer 9620 222070 86928 0 3 0x6000082 thrsleep syz-fuzzer 9620 439365 86928 0 3 0x6000082 wait syz-fuzzer 9620 298038 86928 0 3 0x6000082 wait syz-fuzzer 9620 435553 86928 0 3 0x6000082 thrsleep syz-fuzzer 9620 40781 86928 0 3 0x6000082 thrsleep syz-fuzzer 9620 416257 86928 0 3 0x6000082 thrsleep syz-fuzzer 9620 281416 86928 0 3 0x6000082 thrsleep syz-fuzzer 9620 186247 86928 0 3 0x6000082 wait syz-fuzzer 9620 218425 86928 0 3 0x6000002 biowait syz-fuzzer 9620 371003 86928 0 3 0x6000082 wait syz-fuzzer 86928 414617 87913 0 3 0x10008a sigsusp ksh 87913 499723 64108 0 3 0x9a kqread sshd 85451 336947 1 0 3 0x100083 ttyin getty 64108 115212 1 0 3 0x88 kqread sshd 67555 282213 86652 73 2 0x1100010 syslogd 86652 954 1 0 3 0x100082 netio syslogd 25322 485710 1 0 3 0x100080 kqread resolvd 85149 329960 62735 77 3 0x100092 kqread dhcpleased 82286 199600 62735 77 3 0x100092 kqread dhcpleased 62735 220542 1 0 3 0x80 kqread dhcpleased 91633 299566 0 0 3 0x14200 bored smr 51119 335015 0 0 2 0x14200 zerothread 5080 301783 0 0 3 0x14200 aiodoned aiodoned 71435 415518 0 0 3 0x14200 syncer update 17289 421652 0 0 3 0x14200 cleaner cleaner 58189 209402 0 0 3 0x14200 reaper reaper 10677 323222 0 0 3 0x14200 pgdaemon pagedaemon 18320 192209 0 0 3 0x14200 bored viomb 62240 136690 0 0 3 0x40014200 acpi0 acpi0 67533 449889 0 0 3 0x14200 bored softnet3 58416 321662 0 0 3 0x14200 bored softnet2 88664 402642 0 0 3 0x14200 bored softnet1 46416 409998 0 0 3 0x14200 bored softnet0 58245 386437 0 0 3 0x14200 bored systqmp 61908 499023 0 0 3 0x14200 bored systq 99955 270648 0 0 3 0x40014200 tmoslp softclock 89162 400337 0 0 3 0x40014200 idle0 1 106525 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10198 6422K 7316K 166960K 17743 0 pcb 15 16K 18K 166960K 381 0 rtable 172 13K 15K 166960K 1077 0 pf 25 8K 9K 166960K 120 0 ifaddr 32 9K 12K 166960K 133 0 ifgroup 42 1K 2K 166960K 205 0 sysctl 2 0K 0K 166960K 4 0 counters 28 17K 17K 166960K 68 0 ioctlops 0 0K 2K 166960K 292 0 iov 0 0K 28K 166960K 887 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1403 88K 88K 166960K 4675 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 80 0 VM map 2 1K 1K 166960K 2 0 sem 12 1K 1K 166960K 387 0 dirhash 12 2K 2K 166960K 30 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 7 21K 73K 166960K 4683 0 sigio 0 0K 0K 166960K 252 0 proc 59 59K 75K 166960K 998 0 subproc 65 4K 6K 166960K 299 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 577 0 in_multi 66 4K 7K 166960K 277 0 ether_multi 1 0K 0K 166960K 1 0 mrt 0 0K 0K 166960K 6 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 235 1049K 1049K 166960K 235 0 exec 0 0K 1K 166960K 1069 0 pfkey data 0 0K 0K 166960K 3 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 325 244K 272K 166960K 44768 0 UVM aobj 131 6K 6K 166960K 134 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 293 0 NDP 9 0K 2K 166960K 95 0 temp 62 6763K 6892K 166960K 56562 0 kqueue 12 18K 24K 166960K 363 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 358 0 355 5 0 5 5 0 8 4 rtentry 112 290 0 214 5 1 4 4 0 8 0 unpcb 144 4132 0 4119 16 7 9 11 0 8 8 syncache 336 64 0 64 2 1 1 1 0 8 1 sackhl 24 2 0 2 1 0 1 1 0 8 1 tcpqe 32 201 0 201 2 1 1 1 0 8 1 tcpcb 808 1589 0 1578 25 13 12 15 0 8 8 arp 88 54 0 42 1 0 1 1 0 8 0 ipq 40 8 0 8 2 1 1 1 0 8 1 ipqe 40 28 0 28 2 1 1 1 0 8 1 inpcb 360 3766 0 3752 35 24 11 23 0 8 8 nd6 104 70 0 55 1 0 1 1 0 8 0 pkpcb 40 165 0 165 2 1 1 1 0 8 1 kcovpl 48 23 0 18 1 0 1 1 0 8 0 ppxss 1072 6 0 6 2 1 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1128 0 803 38 9 29 29 0 8 5 art_table 32 1129 0 803 4 0 4 4 0 8 0 art_node 16 289 0 221 1 0 1 1 0 8 0 sysvmsgpl 40 78 0 76 1 0 1 1 0 8 0 semapl 112 385 0 375 1 0 1 1 0 8 0 shmpl 112 131 0 3 4 0 4 4 0 8 0 dirhash 1024 29 0 12 3 0 3 3 0 8 0 dino2pl 256 8474 0 7009 93 0 93 93 0 8 0 ffsino 240 8474 0 7009 87 0 87 87 0 8 0 nchpl 144 15006 0 13371 63 0 63 63 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 51388 0 51388 3 2 1 2 0 8 1 vcpupl 2048 92 0 0 12 0 12 12 0 8 0 vmpool 664 92 0 0 8 0 8 8 0 8 0 kstatmem 264 98 0 80 2 0 2 2 0 8 0 scxspl 216 39799 0 39798 9 7 2 8 1 8 1 plimitpl 152 946 0 934 1 0 1 1 0 8 0 sigapl 424 5114 0 5058 8 0 8 8 0 8 0 futexpl 64 42479 0 42479 1 0 1 1 0 8 1 knotepl 120 44099 0 44039 16 3 13 16 0 8 8 kqueuepl 184 827 0 819 6 2 4 4 0 8 3 pipepl 288 602 0 585 7 4 3 7 0 8 0 fdescpl 432 4936 0 4918 4 0 4 4 0 8 0 filepl 120 32213 0 32041 25 8 17 18 0 8 8 lockfpl 104 1394 0 1392 2 1 1 2 0 8 0 lockfspl 48 588 0 586 1 0 1 1 0 8 0 sessionpl 144 38 0 25 1 0 1 1 0 8 0 pgrppl 48 132 0 119 1 0 1 1 0 8 0 ucredpl 104 6959 0 6943 1 0 1 1 0 8 0 zombiepl 144 5063 0 5058 1 0 1 1 0 8 0 processpl 1072 5114 0 5058 5 0 5 5 0 8 0 procpl 680 11823 0 11754 10 1 9 9 0 8 1 sosppl 168 45 0 45 1 0 1 1 0 8 1 sockpl 488 8435 0 8405 191 178 13 46 0 8 8 mcl64k 65536 2154 0 2154 2 1 1 1 0 8 1 mcl16k 16384 125 0 125 2 1 1 1 0 8 1 mcl12k 12288 171 0 171 2 1 1 1 0 8 1 mcl9k 9216 145 0 145 2 1 1 1 0 8 1 mcl8k 8192 272 0 272 2 1 1 1 0 8 1 mcl4k 4096 445 0 444 1 0 1 1 0 8 0 mcl2k2 2112 23 0 23 2 1 1 1 0 8 1 mcl2k 2048 80381 0 80338 36 23 13 30 0 8 4 mtagpl 96 817 0 817 9 1 8 9 0 8 8 mbufpl 256 206812 0 206746 968 945 23 815 0 8 10 bufpl 280 11391 0 5002 457 0 457 457 0 8 0 anonpl 24 603761 0 589545 141 23 118 118 0 188 19 amapchunkpl 152 142682 0 141986 56 11 45 45 0 158 8 amappl16 200 13747 0 13249 63 30 33 36 0 8 6 amappl15 192 46 0 46 1 1 0 1 0 8 0 amappl14 184 203 0 192 2 1 1 2 0 8 0 amappl13 176 23 0 22 1 0 1 1 0 8 0 amappl12 168 5816 0 5798 2 0 2 2 0 8 0 amappl11 160 48 0 38 1 0 1 1 0 8 0 amappl10 152 47 0 40 1 0 1 1 0 8 0 amappl9 144 178 0 177 1 0 1 1 0 8 0 amappl8 136 304 0 240 3 0 3 3 0 8 0 amappl7 128 207 0 183 2 0 2 2 0 8 0 amappl6 120 537 0 528 1 0 1 1 0 8 0 amappl5 112 230 0 222 1 0 1 1 0 8 0 amappl4 104 585 0 561 2 1 1 2 0 8 0 amappl3 96 28395 0 28344 3 0 3 3 0 8 0 amappl2 88 5597 0 5535 3 1 2 3 0 8 0 amappl1 80 26841 0 26374 21 10 11 21 0 8 0 amappl 88 43998 0 43816 7 0 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 133 0 3 3 0 3 3 0 8 0 uaddrrnd 24 5028 0 4918 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 5028 0 4918 1 0 1 1 0 8 0 vmmpekpl 168 38038 0 37960 4 0 4 4 0 8 0 vmmpepl 168 310416 0 308441 152 21 131 131 0 357 27 vmsppl 352 5027 0 4918 11 0 11 11 0 8 0 rwobjpl 24 83713 0 76240 47 0 47 47 0 8 0 pdppl 4096 10062 0 9928 411 263 148 156 0 8 14 pvpl 32 1515437 0 1496322 367 132 235 296 0 265 51 pmappl 216 5027 0 4918 7 0 7 7 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1706 0 1266 35 10 25 35 0 8 8 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82884f81) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff82909a17,ffffffff8292955b,136,ffffffff828d0edd) at __assert+0x29 sys/kern/subr_prf.c:157 buf_free_pages(fffffd80681a3c18) at buf_free_pages+0x1d2 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd80681a3c18) at buf_dealloc_mem+0xe3 sys/kern/vfs_biomem.c:179 buf_put(fffffd80681a3c18) at buf_put+0x157 sys/kern/vfs_bio.c:127 brelse(fffffd80681a3c18) at brelse+0x56b sys/kern/vfs_bio.c:944 vinvalbuf(fffffd806751a7b8,2,ffffffffffffffff,ffff80002a5c7548,0,ffffffffffffffff) at vinvalbuf+0x391 sys/kern/vfs_subr.c:2025 ffs_truncate(fffffd8067950e20,0,0,ffffffffffffffff) at ffs_truncate+0xc84 ufs_inactive(ffff80002a65b4f8) at ufs_inactive+0x157 sys/ufs/ufs/ufs_inode.c:84 VOP_INACTIVE(fffffd806751a7b8,ffff80002a5c7548) at VOP_INACTIVE+0xbf sys/kern/vfs_vops.c:489 vput(fffffd806751a7b8) at vput+0xa7 sys/kern/vfs_subr.c:779 ufs_remove(ffff80002a65b5f8) at ufs_remove+0x13b sys/ufs/ufs/ufs_vnops.c:601 VOP_REMOVE(fffffd8069766b58,fffffd806751a7b8,ffff80002a65b6d8) at VOP_REMOVE+0x11c sys/kern/vfs_vops.c:333 dounlinkat(ffff80002a5c7548,1a,c001921aa6,0) at dounlinkat+0x110 sys/kern/vfs_syscalls.c:1883 syscall(ffff80002a65b850) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2ec485da0, count: -17 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff82884f81) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff82909a17,ffffffff8292955b,136,ffffffff828d0edd) at __assert+0x29 sys/kern/subr_prf.c:157 buf_free_pages(fffffd80681a3c18) at buf_free_pages+0x1d2 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd80681a3c18) at buf_dealloc_mem+0xe3 sys/kern/vfs_biomem.c:179 buf_put(fffffd80681a3c18) at buf_put+0x157 sys/kern/vfs_bio.c:127 brelse(fffffd80681a3c18) at brelse+0x56b sys/kern/vfs_bio.c:944 vinvalbuf(fffffd806751a7b8,2,ffffffffffffffff,ffff80002a5c7548,0,ffffffffffffffff) at vinvalbuf+0x391 sys/kern/vfs_subr.c:2025 ffs_truncate(fffffd8067950e20,0,0,ffffffffffffffff) at ffs_truncate+0xc84 ufs_inactive(ffff80002a65b4f8) at ufs_inactive+0x157 sys/ufs/ufs/ufs_inode.c:84 VOP_INACTIVE(fffffd806751a7b8,ffff80002a5c7548) at VOP_INACTIVE+0xbf sys/kern/vfs_vops.c:489 vput(fffffd806751a7b8) at vput+0xa7 sys/kern/vfs_subr.c:779 ufs_remove(ffff80002a65b5f8) at ufs_remove+0x13b sys/ufs/ufs/ufs_vnops.c:601 VOP_REMOVE(fffffd8069766b58,fffffd806751a7b8,ffff80002a65b6d8) at VOP_REMOVE+0x11c sys/kern/vfs_vops.c:333 dounlinkat(ffff80002a5c7548,1a,c001921aa6,0) at dounlinkat+0x110 sys/kern/vfs_syscalls.c:1883 syscall(ffff80002a65b850) at syscall+0x751 sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x2ec485da0, count: -17