panic: kernel diagnostic assertion "ISSET(bp->b_flags, B_BC)" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_bio.c", line 1683 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *329688 36076 0 0x1a000002 0x4000000 0 syz-fuzzer db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8292cb5a) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e519a,ffffffff8292b266,693,ffffffff828cc6e7) at __assert+0x29 sys/kern/subr_prf.c:157 bufcache_take(fffffd806736a250) at bufcache_take+0x254 sys/kern/vfs_bio.c:1684 getblk(fffffd806cc20560,0,4000,0,ffffffffffffffff) at getblk+0x17e sys/kern/vfs_bio.c:1037 bread(fffffd806cc20560,0,4000,ffff80002f16f0e8) at bread+0x3e bio_doread sys/kern/vfs_bio.c:430 [inline] bread(fffffd806cc20560,0,4000,ffff80002f16f0e8) at bread+0x3e sys/kern/vfs_bio.c:475 ffs_read(ffff80002f16f150) at ffs_read+0x28f VOP_READ(fffffd806cc20560,ffff80002f16f300,0,fffffd807f7d76e8) at VOP_READ+0xc3 sys/kern/vfs_vops.c:227 ufs_readdir(ffff80002f16f3b0) at ufs_readdir+0x13b sys/ufs/ufs/ufs_vnops.c:1366 VOP_READDIR(fffffd806cc20560,ffff80002f16f430,fffffd807f7d76e8,ffff80002f16f474) at VOP_READDIR+0xc3 sys/kern/vfs_vops.c:450 sys_getdents(ffff80002a6c3740,ffff80002f16f5d0,ffff80002f16f520) at sys_getdents+0x238 sys/kern/vfs_syscalls.c:3174 syscall(ffff80002f16f5d0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x23e24df50, count: 2 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "ISSET(bp->b_flags, B_BC)" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_bio.c", line 1683 ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8292cb5a) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e519a,ffffffff8292b266,693,ffffffff828cc6e7) at __assert+0x29 sys/kern/subr_prf.c:157 bufcache_take(fffffd806736a250) at bufcache_take+0x254 sys/kern/vfs_bio.c:1684 getblk(fffffd806cc20560,0,4000,0,ffffffffffffffff) at getblk+0x17e sys/kern/vfs_bio.c:1037 bread(fffffd806cc20560,0,4000,ffff80002f16f0e8) at bread+0x3e bio_doread sys/kern/vfs_bio.c:430 [inline] bread(fffffd806cc20560,0,4000,ffff80002f16f0e8) at bread+0x3e sys/kern/vfs_bio.c:475 ffs_read(ffff80002f16f150) at ffs_read+0x28f VOP_READ(fffffd806cc20560,ffff80002f16f300,0,fffffd807f7d76e8) at VOP_READ+0xc3 sys/kern/vfs_vops.c:227 ufs_readdir(ffff80002f16f3b0) at ufs_readdir+0x13b sys/ufs/ufs/ufs_vnops.c:1366 VOP_READDIR(fffffd806cc20560,ffff80002f16f430,fffffd807f7d76e8,ffff80002f16f474) at VOP_READDIR+0xc3 sys/kern/vfs_vops.c:450 sys_getdents(ffff80002a6c3740,ffff80002f16f5d0,ffff80002f16f520) at sys_getdents+0x238 sys/kern/vfs_syscalls.c:3174 syscall(ffff80002f16f5d0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x23e24df50, count: -13 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002f16ed60 rbx 0 rdx 0 rcx 0 rax 0xffff80002a6c3740 r8 0x101010101010101 r9 0x8080808080808080 r10 0x2d9084cfc841d2ad r11 0x5132c0c084dc346e r12 0 r13 0xfffffd806736a250 r14 0 r15 0x1 rip 0xffffffff8209c11c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff80002f16ed50 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb> show proc PROC (syz-fuzzer) tid=329688 pid=36076 tcnt=15 stat=onproc flags process=1a000002 proc=4000000 runpri=50, usrpri=50, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a6a1218,0xffff80002a6a14b8 process=0xffff8000ffff50f0 user=0xffff80002f16a000, vmspace=0xfffffd807f01b408 estcpu=0, cpticks=1, pctcpu=0.0, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 2712 174183 7446 0 3 0x8000002 clonelk ifconfig 7446 522225 6205 0 3 0x810008a sigsusp sh 6205 246836 36076 0 3 0x8000082 wait syz-executor.2 82815 363737 72409 0 3 0x8000002 clonelk ifconfig 72409 268313 67545 0 3 0x810008a sigsusp sh 67545 445046 36076 0 3 0x8000082 wait syz-executor.1 13627 71773 99956 0 3 0x18100082 netio arp 99956 354103 1 0 3 0x810008a sigsusp sh 10297 329965 1 0 3 0x18100083 ttyin getty 10317 143820 0 0 3 0x14280 nfsidl nfsio 74173 349118 0 0 3 0x14280 nfsidl nfsio 69842 358264 0 0 3 0x14280 nfsidl nfsio 65609 285855 0 0 3 0x14280 nfsidl nfsio 30688 185100 0 0 3 0x14280 nfsidl nfsio 73907 187054 0 0 3 0x14280 nfsidl nfsio 30649 80499 0 0 3 0x14280 nfsidl nfsio 90592 276358 0 0 3 0x14280 nfsidl nfsio 12951 493605 0 0 3 0x14280 nfsidl nfsio 69300 86518 0 0 3 0x14280 nfsidl nfsio 74372 500553 0 0 3 0x14280 nfsidl nfsio 78520 295971 0 0 3 0x14280 nfsidl nfsio 98172 85430 0 0 3 0x14280 nfsidl nfsio 3400 290093 0 0 3 0x14280 nfsidl nfsio 97425 404747 0 0 3 0x14280 nfsidl nfsio 44146 112341 0 0 3 0x14280 nfsidl nfsio 61461 476621 0 0 3 0x14280 nfsidl nfsio 64660 35039 0 0 3 0x14280 nfsidl nfsio 36631 116278 0 0 3 0x14280 nfsidl nfsio 48042 135821 0 0 3 0x14280 nfsidl nfsio 18507 329875 0 0 3 0x14200 bored sosplice 36076 79868 33936 0 3 0x1a000082 wait syz-fuzzer 36076 199368 33936 0 2 0x1e000002 syz-fuzzer 36076 293713 33936 0 3 0x1e000082 thrsleep syz-fuzzer 36076 56192 33936 0 3 0x1e000082 wait syz-fuzzer 36076 183612 33936 0 3 0x1e000082 wait syz-fuzzer 36076 278990 33936 0 3 0x1e000082 thrsleep syz-fuzzer 36076 384494 33936 0 3 0x1e000082 thrsleep syz-fuzzer 36076 497943 33936 0 3 0x1e000082 thrsleep syz-fuzzer 36076 328895 33936 0 3 0x1e000082 thrsleep syz-fuzzer 36076 355603 33936 0 3 0x1e000082 thrsleep syz-fuzzer 36076 27544 33936 0 3 0x1e000082 thrsleep syz-fuzzer 36076 253641 33936 0 3 0x1e000082 wait syz-fuzzer 36076 156952 33936 0 3 0x1e000082 wait syz-fuzzer *36076 329688 33936 0 7 0x1e000002 syz-fuzzer 36076 427936 33936 0 3 0x1e000082 wait syz-fuzzer 33936 197103 41902 0 3 0x810008a sigsusp ksh 41902 382537 98183 0 3 0x1800009a kqread sshd 98183 16739 1 0 3 0x18000088 kqread sshd 78819 484111 14959 73 3 0x19100010 ffs_fsync syslogd 14959 392100 1 0 3 0x18100082 sbwait syslogd 41819 34939 1 0 3 0x18100080 kqread resolvd 46781 12420 85732 77 3 0x18100092 kqread dhcpleased 2453 177450 85732 77 3 0x18100092 kqread dhcpleased 85732 67004 1 0 3 0x18000080 kqread dhcpleased 21073 299747 0 0 3 0x14200 bored smr 14730 206803 0 0 2 0x14200 zerothread 73523 259022 0 0 3 0x14200 aiodoned aiodoned 10168 205689 0 0 3 0x14200 syncer update 73913 370606 0 0 3 0x14200 cleaner cleaner 40011 366852 0 0 3 0x14200 reaper reaper 20553 520222 0 0 3 0x14200 pgdaemon pagedaemon 90574 434688 0 0 3 0x14200 bored viomb 77934 265544 0 0 3 0x40014200 acpi0 acpi0 98978 500428 0 0 3 0x14200 bored softnet3 68814 289801 0 0 3 0x14200 bored softnet2 53212 22003 0 0 3 0x14200 bored softnet1 27834 457888 0 0 2 0x14200 softnet0 25606 290695 0 0 3 0x14200 bored systqmp 28926 123356 0 0 3 0x14200 bored systq 34676 77723 0 0 3 0x40014200 tmoslp softclock 99910 127842 0 0 3 0x40014200 idle0 1 94999 0 0 3 0x8000082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10166 6410K 10770K 166960K 16740 0 pcb 17 12K 12K 166960K 492 0 rtable 136 6K 8K 166960K 5164 0 pf 23 8K 9K 166960K 476 0 ifaddr 29 10K 13K 166960K 713 0 ifgroup 38 1K 2K 166960K 835 0 sysctl 3 0K 1K 166960K 11 0 counters 27 17K 17K 166960K 240 0 ioctlops 0 0K 2K 166960K 324 0 iov 0 0K 18K 166960K 203 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1397 88K 88K 166960K 5751 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 80K 132K 166960K 96 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 264 0 dirhash 12 2K 3K 166960K 123 0 ACPI 1697 195K 286K 166960K 12548 0 file desc 14 49K 101K 166960K 6649 0 sigio 0 0K 0K 166960K 92 0 proc 76 75K 125K 166960K 4861 0 subproc 91 5K 8K 166960K 2108 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 408 0 in_multi 56 4K 7K 166960K 1814 0 ether_multi 1 0K 0K 166960K 42 0 mrt 1 0K 0K 166960K 22 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 91 413K 413K 166960K 91 0 exec 0 0K 1K 166960K 2607 0 pfkey data 0 0K 0K 166960K 1 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 243 79K 150K 166960K 51897 0 UVM aobj 135 8K 8K 166960K 142 0 pinsyscall 35 70K 104K 166960K 11784 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 254 0 NDP 8 0K 2K 166960K 529 0 temp 69 6819K 14748K 166960K 259910 0 kqueue 12 18K 32K 166960K 504 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 662 0 658 1 0 1 1 0 8 0 rtentry 112 1837 0 1779 4 0 4 4 0 8 1 unpcb 144 2215 0 2202 2 0 2 2 0 8 1 syncache 336 18 0 18 1 0 1 1 0 8 1 sackhl 24 1 36 1 1 0 1 1 0 8 1 tcpqe 32 109 0 109 1 0 1 1 0 8 1 tcpcb 808 874 0 869 2 0 2 2 0 8 1 arp 88 331 0 320 1 0 1 1 0 8 0 ipq 40 17 0 17 1 0 1 1 0 8 1 ipqe 40 294 0 294 1 0 1 1 0 8 1 inpcb 352 3575 0 3565 3 0 3 3 0 8 1 nd6 104 492 0 479 1 0 1 1 0 8 0 pkpcb 40 20 0 20 1 0 1 1 0 8 1 kcovpl 48 162 0 155 1 0 1 1 0 8 0 ppxss 1072 43 0 43 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 7259 0 6984 99 73 26 29 0 8 4 art_table 32 7260 0 6984 4 0 4 4 0 8 0 art_node 16 1819 0 1767 1 0 1 1 0 8 0 sysvmsgpl 40 15 0 13 1 0 1 1 0 8 0 semupl 112 8 0 8 1 0 1 1 0 8 1 semapl 112 255 0 245 1 0 1 1 0 8 0 shmpl 112 139 0 7 4 0 4 4 0 8 0 dirhash 1024 91 0 74 3 0 3 3 0 8 0 dino2pl 256 8750 0 7218 97 0 97 97 0 8 0 ffsino 240 8750 0 7218 91 0 91 91 0 8 0 nchpl 144 15797 0 14065 66 0 66 66 0 8 0 uvmvnodes 80 10824 0 0 221 0 221 221 0 8 0 vnodes 216 10824 0 0 602 0 602 602 0 8 0 namei 1024 61809 0 61809 2 0 2 2 0 8 2 vcpupl 3904 11 0 2 2 0 2 2 0 8 0 vmpool 664 16 0 7 1 0 1 1 0 8 0 kstatmem 264 442 0 426 2 0 2 2 0 8 0 scsiplug 72 4 0 4 1 0 1 1 0 8 1 scxspl 216 96531 0 96530 8 0 8 8 1 8 7 plimitpl 152 580 0 565 1 0 1 1 0 8 0 sigapl 424 6676 0 6610 9 0 9 9 0 8 0 futexpl 64 52344 0 52344 1 0 1 1 0 8 1 knotepl 120 18217 0 18139 24 13 11 24 0 8 7 kqueuepl 184 796 0 788 1 0 1 1 0 8 0 pipepl 288 1077 0 1054 3 0 3 3 0 8 0 fdescpl 432 6632 0 6607 5 0 5 5 0 8 0 filepl 120 27548 0 27337 9 0 9 9 0 8 1 lockfpl 104 1047 0 1045 1 0 1 1 0 8 0 lockfspl 48 439 0 437 1 0 1 1 0 8 0 sessionpl 144 182 0 167 1 0 1 1 0 8 0 pgrppl 48 230 0 215 1 0 1 1 0 8 0 ucredpl 104 3993 0 3982 1 0 1 1 0 8 0 zombiepl 144 6618 0 6610 1 0 1 1 0 8 0 processpl 1080 6676 0 6610 6 0 6 6 0 8 0 procpl 656 11695 0 11615 8 0 8 8 0 8 0 sosppl 168 9 0 9 1 0 1 1 0 8 1 sockpl 504 6495 0 6468 6 0 6 6 0 8 1 mcl64k 65536 32 0 32 1 0 1 1 0 8 1 mcl16k 16384 2 0 2 1 0 1 1 0 8 1 mcl12k 12288 7 0 7 1 0 1 1 0 8 1 mcl8k 8192 94 0 94 1 0 1 1 0 8 1 mcl4k 4096 16 0 16 1 0 1 1 0 8 1 mcl2k2 2112 3 0 3 1 0 1 1 0 8 1 mcl2k 2048 70327 0 70231 50 30 20 37 0 8 6 mtagpl 96 164 0 164 1 0 1 1 0 8 1 mbufpl 256 388490 0 388386 121 102 19 62 0 8 7 bufpl 280 18555 0 7718 775 0 775 775 0 8 0 bufpl: pool(0xffffffff82d5b148:bufpl): page inconsistency: page 0x0; at page head addr 0xfffffd806736af90 (p 0xfffffd806736a000) anonpl 24 875489 0 869409 150 0 150 150 0 188 80 amapchunkpl 152 166387 0 165853 69 0 69 69 0 158 40 amappl16 200 19294 0 19173 60 39 21 33 0 8 8 amappl15 192 20 0 20 1 0 1 1 0 8 1 amappl14 184 636 0 622 2 0 2 2 0 8 1 amappl13 176 77 0 76 1 0 1 1 0 8 0 amappl12 168 9470 0 9443 3 0 3 3 0 8 1 amappl11 160 47 0 37 1 0 1 1 0 8 0 amappl10 152 280 0 271 1 0 1 1 0 8 0 amappl9 144 153 0 153 1 0 1 1 0 8 1 amappl8 136 353 0 323 2 0 2 2 0 8 0 amappl7 128 69 0 54 1 0 1 1 0 8 0 amappl6 120 2263 0 2243 2 0 2 2 0 8 1 amappl5 112 772 0 758 1 0 1 1 0 8 0 amappl4 104 1563 0 1529 2 0 2 2 0 8 1 amappl3 96 30928 0 30875 3 0 3 3 0 8 0 amappl2 88 7468 0 7397 3 0 3 3 0 8 1 amappl1 80 39240 0 38726 22 2 20 22 0 8 6 amappl 88 50096 0 49946 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 0 1 1 0 8 1 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 0 1 1 0 8 1 dma128 128 253 0 253 1 0 1 1 0 8 1 dma64 64 6 0 6 1 0 1 1 0 8 1 dma32 32 7 0 7 1 0 1 1 0 8 1 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 141 0 7 3 0 3 3 0 8 0 uaddrrnd 24 6648 0 6614 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 6648 0 6614 1 0 1 1 0 8 0 vmmpekpl 168 49871 0 49815 4 0 4 4 0 8 0 vmmpepl 168 444643 0 443029 112 0 112 112 0 357 27 vmsppl 344 6647 0 6614 5 0 5 5 0 8 0 rwobjpl 24 113687 0 101653 76 0 76 76 0 8 0 pdppl 4096 13302 0 13237 511 436 75 90 0 8 10 pvpl 32 2688292 0 2676237 416 41 375 400 0 265 228 pmappl 216 6647 0 6614 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 994 0 641 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8292cb5a) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e519a,ffffffff8292b266,693,ffffffff828cc6e7) at __assert+0x29 sys/kern/subr_prf.c:157 bufcache_take(fffffd806736a250) at bufcache_take+0x254 sys/kern/vfs_bio.c:1684 getblk(fffffd806cc20560,0,4000,0,ffffffffffffffff) at getblk+0x17e sys/kern/vfs_bio.c:1037 bread(fffffd806cc20560,0,4000,ffff80002f16f0e8) at bread+0x3e bio_doread sys/kern/vfs_bio.c:430 [inline] bread(fffffd806cc20560,0,4000,ffff80002f16f0e8) at bread+0x3e sys/kern/vfs_bio.c:475 ffs_read(ffff80002f16f150) at ffs_read+0x28f VOP_READ(fffffd806cc20560,ffff80002f16f300,0,fffffd807f7d76e8) at VOP_READ+0xc3 sys/kern/vfs_vops.c:227 ufs_readdir(ffff80002f16f3b0) at ufs_readdir+0x13b sys/ufs/ufs/ufs_vnops.c:1366 VOP_READDIR(fffffd806cc20560,ffff80002f16f430,fffffd807f7d76e8,ffff80002f16f474) at VOP_READDIR+0xc3 sys/kern/vfs_vops.c:450 sys_getdents(ffff80002a6c3740,ffff80002f16f5d0,ffff80002f16f520) at sys_getdents+0x238 sys/kern/vfs_syscalls.c:3174 syscall(ffff80002f16f5d0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x23e24df50, count: -13 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8292cb5a) at panic+0x165 sys/kern/subr_prf.c:198 __assert(ffffffff828e519a,ffffffff8292b266,693,ffffffff828cc6e7) at __assert+0x29 sys/kern/subr_prf.c:157 bufcache_take(fffffd806736a250) at bufcache_take+0x254 sys/kern/vfs_bio.c:1684 getblk(fffffd806cc20560,0,4000,0,ffffffffffffffff) at getblk+0x17e sys/kern/vfs_bio.c:1037 bread(fffffd806cc20560,0,4000,ffff80002f16f0e8) at bread+0x3e bio_doread sys/kern/vfs_bio.c:430 [inline] bread(fffffd806cc20560,0,4000,ffff80002f16f0e8) at bread+0x3e sys/kern/vfs_bio.c:475 ffs_read(ffff80002f16f150) at ffs_read+0x28f VOP_READ(fffffd806cc20560,ffff80002f16f300,0,fffffd807f7d76e8) at VOP_READ+0xc3 sys/kern/vfs_vops.c:227 ufs_readdir(ffff80002f16f3b0) at ufs_readdir+0x13b sys/ufs/ufs/ufs_vnops.c:1366 VOP_READDIR(fffffd806cc20560,ffff80002f16f430,fffffd807f7d76e8,ffff80002f16f474) at VOP_READDIR+0xc3 sys/kern/vfs_vops.c:450 sys_getdents(ffff80002a6c3740,ffff80002f16f5d0,ffff80002f16f520) at sys_getdents+0x238 sys/kern/vfs_syscalls.c:3174 syscall(ffff80002f16f5d0) at syscall+0x72a sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x23e24df50, count: -13