panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 310 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 57145 89227 0 0x2 0 0 syz-executor.3 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8258023c) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825f2cf6,ffffffff8260a20e,136,ffffffff825bf515) at __assert+0x25 sys/kern/subr_prf.c:157 buf_free_pages(fffffd80563eb360) at buf_free_pages+0x1c2 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd80563eb360) at buf_dealloc_mem+0xdf sys/kern/vfs_biomem.c:179 buf_put(fffffd80563eb360) at buf_put+0x161 sys/kern/vfs_bio.c:129 brelse(fffffd80563eb360) at brelse+0x5b3 sys/kern/vfs_bio.c:957 vinvalbuf(fffffd80641f5dd8,2,fffffd807f7d78f0,ffff8000216ea010,0,ffffffffffffffff) at vinvalbuf+0x391 sys/kern/vfs_subr.c:2021 ffs_truncate(fffffd807a8ee0f0,0,4,fffffd807f7d78f0) at ffs_truncate+0xf06 sys/ufs/ffs/ffs_inode.c:326 ufs_rmdir(ffff80002b2bee78) at ufs_rmdir+0x3e1 sys/ufs/ufs/ufs_vnops.c:1343 VOP_RMDIR(fffffd8062d70e58,fffffd80641f5dd8,ffff80002b2bef58) at VOP_RMDIR+0x122 sys/kern/vfs_vops.c:407 dounlinkat(ffff8000216ea010,ffffff9c,7f7fffffb7e0,8) at dounlinkat+0x20e sys/kern/vfs_syscalls.c:1881 syscall(ffff80002b2bf0d0) at syscall+0x446 sys/arch/amd64/amd64/trap.c:599 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffb7d0, count: 1 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 310 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8258023c) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825f2cf6,ffffffff8260a20e,136,ffffffff825bf515) at __assert+0x25 sys/kern/subr_prf.c:157 buf_free_pages(fffffd80563eb360) at buf_free_pages+0x1c2 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd80563eb360) at buf_dealloc_mem+0xdf sys/kern/vfs_biomem.c:179 buf_put(fffffd80563eb360) at buf_put+0x161 sys/kern/vfs_bio.c:129 brelse(fffffd80563eb360) at brelse+0x5b3 sys/kern/vfs_bio.c:957 vinvalbuf(fffffd80641f5dd8,2,fffffd807f7d78f0,ffff8000216ea010,0,ffffffffffffffff) at vinvalbuf+0x391 sys/kern/vfs_subr.c:2021 ffs_truncate(fffffd807a8ee0f0,0,4,fffffd807f7d78f0) at ffs_truncate+0xf06 sys/ufs/ffs/ffs_inode.c:326 ufs_rmdir(ffff80002b2bee78) at ufs_rmdir+0x3e1 sys/ufs/ufs/ufs_vnops.c:1343 VOP_RMDIR(fffffd8062d70e58,fffffd80641f5dd8,ffff80002b2bef58) at VOP_RMDIR+0x122 sys/kern/vfs_vops.c:407 dounlinkat(ffff8000216ea010,ffffff9c,7f7fffffb7e0,8) at dounlinkat+0x20e sys/kern/vfs_syscalls.c:1881 syscall(ffff80002b2bf0d0) at syscall+0x446 sys/arch/amd64/amd64/trap.c:599 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffb7d0, count: -14 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002b2be970 rbx 0 rdx 0 rcx 0 rax 0xffff8000216ea010 r8 0x101010101010101 r9 0x8080808080808080 r10 0x5f3db18a2f8b8140 r11 0x3f129b70f414f91f r12 0 r13 0xfffffd80066e0000 r14 0 r15 0x1 rip 0xffffffff814e1d98 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002b2be960 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.3) pid=57145 stat=onproc flags process=2 proc=0 pri=17, usrpri=51, nice=20 forw=0xffffffffffffffff, list=0xffff8000231eb508,0xffff8000216ea800 process=0xffff800024c2c030 user=0xffff80002b2ba000, vmspace=0xfffffd8067d6e890 estcpu=1, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 53981 303952 1 0 3 0x100083 ttyin getty 88627 504948 0 0 3 0x14280 nfsidl nfsio 1029 148948 0 0 3 0x14280 nfsidl nfsio 13823 48932 0 0 3 0x14280 nfsidl nfsio 44729 188806 0 0 3 0x14280 nfsidl nfsio 65817 14683 0 0 3 0x14280 nfsidl nfsio 73475 400168 0 0 3 0x14280 nfsidl nfsio 80876 126159 0 0 3 0x14280 nfsidl nfsio 4981 461410 0 0 3 0x14280 nfsidl nfsio 36188 239740 0 0 3 0x14280 nfsidl nfsio 9555 243554 0 0 3 0x14280 nfsidl nfsio 92106 172509 0 0 3 0x14280 nfsidl nfsio 77579 352270 0 0 3 0x14280 nfsidl nfsio 51366 31964 0 0 3 0x14280 nfsidl nfsio 83359 279854 0 0 3 0x14280 nfsidl nfsio 5890 484511 0 0 3 0x14280 nfsidl nfsio 52632 103281 0 0 3 0x14280 nfsidl nfsio 77526 245295 0 0 3 0x14280 nfsidl nfsio 12145 223263 0 0 3 0x14280 nfsidl nfsio 501 372956 0 0 3 0x14280 nfsidl nfsio 29597 369786 0 0 3 0x14280 nfsidl nfsio *89227 57145 83902 0 7 0x2 syz-executor.3 52849 96205 0 0 3 0x14200 acct acct 20781 449501 0 0 3 0x14200 bored sosplice 83902 151599 8875 0 3 0x82 thrsleep syz-fuzzer 83902 397927 8875 0 3 0x4000082 nanoslp syz-fuzzer 83902 342338 8875 0 3 0x4000082 thrsleep syz-fuzzer 83902 8060 8875 0 3 0x4000082 wait syz-fuzzer 83902 50931 8875 0 3 0x4000002 biowait syz-fuzzer 83902 409653 8875 0 3 0x4000082 wait syz-fuzzer 83902 310777 8875 0 3 0x4000082 thrsleep syz-fuzzer 83902 421536 8875 0 3 0x4000082 wait syz-fuzzer 83902 64695 8875 0 3 0x4000082 thrsleep syz-fuzzer 83902 169227 8875 0 3 0x4000082 thrsleep syz-fuzzer 83902 426263 8875 0 3 0x4000082 wait syz-fuzzer 83902 397559 8875 0 3 0x4000082 thrsleep syz-fuzzer 83902 515434 8875 0 3 0x4000082 thrsleep syz-fuzzer 83902 284731 8875 0 3 0x4000082 wait syz-fuzzer 8875 85919 92447 0 3 0x10008a sigsusp ksh 92447 508607 34344 0 3 0x9a kqread sshd 34344 304044 1 0 3 0x88 kqread sshd 6211 68674 8696 73 3 0x1100010 ffs_fsync syslogd 8696 458738 1 0 3 0x100082 netio syslogd 95777 224316 1 0 3 0x100080 kqread resolvd 49385 386692 26356 77 3 0x100092 kqread dhcpleased 69665 238393 26356 77 3 0x100092 kqread dhcpleased 26356 242057 1 0 3 0x80 kqread dhcpleased 70151 12739 0 0 3 0x14200 bored smr 33219 214187 0 0 2 0x14200 zerothread 53107 375440 0 0 3 0x14200 aiodoned aiodoned 69659 277214 0 0 3 0x14200 syncer update 17161 264349 0 0 3 0x14200 cleaner cleaner 45929 58590 0 0 3 0x14200 reaper reaper 55142 238467 0 0 3 0x14200 pgdaemon pagedaemon 19799 263536 0 0 3 0x14200 bored viomb 34624 52974 0 0 3 0x40014200 acpi0 acpi0 14529 87754 0 0 3 0x14200 bored softnet 73116 391834 0 0 3 0x14200 bored softnet 53876 46049 0 0 3 0x14200 bored softnet 78413 78530 0 0 3 0x14200 bored softnet 50873 117153 0 0 3 0x14200 bored systqmp 4546 96216 0 0 3 0x14200 bored systq 77338 140604 0 0 3 0x40014200 bored softclock 5710 63258 0 0 3 0x40014200 idle0 1 195035 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10221 6434K 7227K 78643K 27941 0 pcb 13 24K 29K 78643K 6050 0 rtable 201 16K 17K 78643K 4438 0 ifaddr 271 65K 67K 78643K 1961 0 sysctl 2 0K 0K 78643K 2 0 counters 27 17K 17K 78643K 777 0 ioctlops 0 0K 4K 78643K 2927 0 iov 0 0K 32K 78643K 2388 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1528 96K 96K 78643K 13844 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 9K 78643K 117 0 VM map 2 0K 0K 78643K 2 0 sem 21 16K 32K 78643K 1380 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 8 25K 77K 78643K 14512 0 sigio 0 0K 0K 78643K 507 0 proc 75 60K 76K 78643K 3355 0 subproc 78 4K 7K 78643K 1131 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 845 0 in_multi 81 5K 6K 78643K 1351 0 ether_multi 1 0K 0K 78643K 119 0 mrt 1 0K 0K 78643K 116 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 217 970K 970K 78643K 217 0 exec 0 0K 1K 78643K 3164 0 pfkey data 0 0K 0K 78643K 10 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 451 1025K 1045K 78643K 93979 0 UVM aobj 131 4K 4K 78643K 131 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 560 0 NDP 14 0K 1K 78643K 540 0 temp 129 4694K 70230K 78643K 167603 0 kqueue 12 18K 28K 78643K 1579 0 SYN cache 2 16K 16K 78643K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 1319 0 1316 22 21 1 4 0 8 0 rtentry 112 1526 0 1445 7 4 3 4 0 8 0 unpcb 144 24896 0 24883 169 167 2 10 0 8 1 syncache 296 82 0 82 25 25 0 1 0 8 0 sackhl 24 2 0 2 2 2 0 1 0 8 0 tcpqe 32 243 0 243 14 14 0 1 0 8 0 tcpcb 776 3614 0 3610 140 139 1 8 0 8 0 arp 88 181 0 167 1 0 1 1 0 8 0 ipq 40 7 0 7 5 5 0 1 0 8 0 ipqe 40 18 0 18 5 5 0 1 0 8 0 inpcb 336 16136 0 16129 313 312 1 21 0 8 0 ip6q 72 6 0 6 1 1 0 1 0 8 0 ip6af 40 12 0 12 1 1 0 1 0 8 0 nd6 48 280 0 262 1 0 1 1 0 8 0 pkpcb 40 26 0 26 3 3 0 1 0 8 0 kcovpl 48 87 0 81 1 0 1 1 0 8 0 mppekey 1024 10 0 10 5 5 0 1 0 8 0 ppxss 1160 542 0 542 37 37 0 1 0 8 0 pppxif 1608 391 0 391 29 29 0 1 0 8 0 pfstscr 40 861 0 833 1 0 1 1 0 8 0 pfosfp 40 8 0 5 1 0 1 1 0 8 0 pfosfpen 112 8 0 5 1 0 1 1 0 8 0 pfanchor 1280 743 6 235 46 3 43 43 0 8 0 pfqueue 264 3 0 3 2 2 0 1 0 8 0 pfstitem 24 1341 0 1300 1 0 1 1 0 8 0 pfstkey 120 1600 0 1589 1 0 1 1 0 8 0 pfstate 352 837 0 814 6 3 3 3 0 8 0 rttmr 136 27 0 27 7 7 0 1 0 8 0 art_heap8 4096 36 0 35 4 3 1 3 0 8 0 art_heap4 256 6196 0 5824 73 46 27 30 0 8 0 art_table 32 6232 0 5859 5 1 4 4 0 8 0 art_node 16 1442 0 1372 1 0 1 1 0 8 0 sysvmsgpl 40 40 0 0 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 1364 0 1345 1 0 1 1 0 8 0 shmpl 112 128 0 0 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 21842 0 20356 94 0 94 94 0 8 0 ffsino 240 21842 0 20356 89 0 89 89 0 8 0 nchpl 144 41343 0 39715 63 0 63 63 0 8 0 rtmask 32 3 0 3 1 1 0 1 0 8 0 uvmvnodes 80 7003 0 0 143 0 143 143 0 8 0 vnodes 216 7003 0 0 390 0 390 390 0 8 0 namei 1024 163412 0 163412 21 20 1 2 0 8 1 vcpupl 2048 229 0 0 29 0 29 29 0 8 0 vmpool 536 255 0 26 17 1 16 16 0 8 0 kstatmem 264 692 0 664 13 10 3 3 0 8 0 scsiplug 72 12 0 12 4 4 0 1 0 8 0 scxspl 216 149752 0 149750 43 42 1 8 0 8 0 plimitpl 152 2023 0 2010 1 0 1 1 0 8 0 sigapl 424 14980 0 14919 12 4 8 8 0 8 0 futexpl 64 161063 0 161063 16 15 1 1 0 8 1 knotepl 120 270816 0 270748 83 80 3 11 0 8 0 kqueuepl 184 7183 0 7175 102 101 1 7 0 8 0 pipepl 288 3853 0 3831 80 77 3 11 0 8 0 fdescpl 432 14622 0 14603 6 2 4 4 0 8 0 filepl 120 129864 0 129672 198 186 12 19 0 8 3 lockfpl 104 3395 0 3393 5 4 1 2 0 8 0 lockfspl 48 1000 0 998 1 0 1 1 0 8 0 sessionpl 144 108 0 94 1 0 1 1 0 8 0 pgrppl 48 1468 0 1454 1 0 1 1 0 8 0 ucredpl 104 16700 0 16687 1 0 1 1 0 8 0 zombiepl 144 14928 0 14919 1 0 1 1 0 8 0 processpl 1000 14980 0 14919 15 6 9 9 0 8 0 procpl 672 37577 0 37503 27 18 9 10 0 8 0 sosppl 168 143 0 143 26 26 0 1 0 8 0 sockpl 456 42524 0 42501 1027 1020 7 36 0 8 4 mcl64k 65536 541 0 541 44 43 1 1 0 8 1 mcl16k 16384 256 0 256 51 51 0 1 0 8 0 mcl12k 12288 547 0 547 48 48 0 1 0 8 0 mcl9k 9216 133 0 133 41 41 0 1 0 8 0 mcl8k 8192 989 0 989 43 43 0 1 0 8 0 mcl4k 4096 1952 0 1952 37 37 0 1 0 8 0 mcl2k2 2112 131 0 131 54 54 0 1 0 8 0 mcl2k 2048 105479 0 105398 94 73 21 31 0 8 7 mtagpl 96 2264 0 2258 22 13 9 14 0 8 7 mbufpl 256 349305 0 349091 1214 1175 39 430 0 8 6 bufpl 288 29838 0 22400 532 0 532 532 0 8 0 anonpl 24 2839045 0 2824834 436 268 168 176 0 188 48 amapchunkpl 152 268873 0 268263 195 137 58 58 0 158 24 amappl16 200 23855 0 23203 116 80 36 47 0 8 0 amappl15 192 11 0 10 1 0 1 1 0 8 0 amappl14 184 480 0 466 2 0 2 2 0 8 0 amappl13 176 8 0 6 1 0 1 1 0 8 0 amappl12 168 1346 0 1340 1 0 1 1 0 8 0 amappl11 160 45 0 35 1 0 1 1 0 8 0 amappl10 152 115 0 107 1 0 1 1 0 8 0 amappl9 144 1098 0 1095 1 0 1 1 0 8 0 amappl8 136 719 0 612 4 0 4 4 0 8 0 amappl7 128 89 0 72 1 0 1 1 0 8 0 amappl6 120 1157 0 1143 2 1 1 2 0 8 0 amappl5 112 337 0 329 1 0 1 1 0 8 0 amappl4 104 1555 0 1530 2 1 1 2 0 8 0 amappl3 96 41276 0 41238 2 0 2 2 0 8 0 amappl2 88 15921 0 15854 3 1 2 3 0 8 0 amappl1 80 329628 0 329054 23 7 16 21 0 8 0 amappl 88 92658 0 92455 6 0 6 6 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 130 0 0 3 0 3 3 0 8 0 uaddrrnd 24 14877 0 14629 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 14877 0 14629 2 0 2 2 0 8 0 vmmpekpl 168 104552 0 104458 5 0 5 5 0 8 0 vmmpepl 168 1349749 0 1347115 471 318 153 166 0 357 4 vmsppl 272 14876 0 14629 20 2 18 18 0 8 0 rwobjpl 24 346882 0 338022 60 5 55 56 0 8 0 pdppl 4096 29760 0 29487 1193 902 291 293 0 8 18 pvpl 32 5719499 0 5700949 821 527 294 310 0 265 91 pmappl 216 14876 0 14629 17 2 15 15 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 3942 0 2791 46 12 34 42 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8258023c) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825f2cf6,ffffffff8260a20e,136,ffffffff825bf515) at __assert+0x25 sys/kern/subr_prf.c:157 buf_free_pages(fffffd80563eb360) at buf_free_pages+0x1c2 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd80563eb360) at buf_dealloc_mem+0xdf sys/kern/vfs_biomem.c:179 buf_put(fffffd80563eb360) at buf_put+0x161 sys/kern/vfs_bio.c:129 brelse(fffffd80563eb360) at brelse+0x5b3 sys/kern/vfs_bio.c:957 vinvalbuf(fffffd80641f5dd8,2,fffffd807f7d78f0,ffff8000216ea010,0,ffffffffffffffff) at vinvalbuf+0x391 sys/kern/vfs_subr.c:2021 ffs_truncate(fffffd807a8ee0f0,0,4,fffffd807f7d78f0) at ffs_truncate+0xf06 sys/ufs/ffs/ffs_inode.c:326 ufs_rmdir(ffff80002b2bee78) at ufs_rmdir+0x3e1 sys/ufs/ufs/ufs_vnops.c:1343 VOP_RMDIR(fffffd8062d70e58,fffffd80641f5dd8,ffff80002b2bef58) at VOP_RMDIR+0x122 sys/kern/vfs_vops.c:407 dounlinkat(ffff8000216ea010,ffffff9c,7f7fffffb7e0,8) at dounlinkat+0x20e sys/kern/vfs_syscalls.c:1881 syscall(ffff80002b2bf0d0) at syscall+0x446 sys/arch/amd64/amd64/trap.c:599 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffb7d0, count: -14 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8258023c) at panic+0x161 sys/kern/subr_prf.c:198 __assert(ffffffff825f2cf6,ffffffff8260a20e,136,ffffffff825bf515) at __assert+0x25 sys/kern/subr_prf.c:157 buf_free_pages(fffffd80563eb360) at buf_free_pages+0x1c2 sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd80563eb360) at buf_dealloc_mem+0xdf sys/kern/vfs_biomem.c:179 buf_put(fffffd80563eb360) at buf_put+0x161 sys/kern/vfs_bio.c:129 brelse(fffffd80563eb360) at brelse+0x5b3 sys/kern/vfs_bio.c:957 vinvalbuf(fffffd80641f5dd8,2,fffffd807f7d78f0,ffff8000216ea010,0,ffffffffffffffff) at vinvalbuf+0x391 sys/kern/vfs_subr.c:2021 ffs_truncate(fffffd807a8ee0f0,0,4,fffffd807f7d78f0) at ffs_truncate+0xf06 sys/ufs/ffs/ffs_inode.c:326 ufs_rmdir(ffff80002b2bee78) at ufs_rmdir+0x3e1 sys/ufs/ufs/ufs_vnops.c:1343 VOP_RMDIR(fffffd8062d70e58,fffffd80641f5dd8,ffff80002b2bef58) at VOP_RMDIR+0x122 sys/kern/vfs_vops.c:407 dounlinkat(ffff8000216ea010,ffffff9c,7f7fffffb7e0,8) at dounlinkat+0x20e sys/kern/vfs_syscalls.c:1881 syscall(ffff80002b2bf0d0) at syscall+0x446 sys/arch/amd64/amd64/trap.c:599 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffb7d0, count: -14