panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 310 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *249840 25751 0 0x2 0 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b56e5) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83067daa,ffffffff830780ce,136,ffffffff82ff3351) at __assert+0x29 buf_free_pages(fffffd806be0a7d0) at buf_free_pages+0x23d sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd806be0a7d0) at buf_dealloc_mem+0x14e sys/kern/vfs_biomem.c:179 buf_put(fffffd806be0a7d0) at buf_put+0x1dc sys/kern/vfs_bio.c:127 brelse(fffffd806be0a7d0) at brelse+0x395 sys/kern/vfs_bio.c:944 vinvalbuf(fffffd805b2cb7e8,2,fffffd807f7d7750,ffff80002a4ff470,0,ffffffffffffffff) at vinvalbuf+0x52c sys/kern/vfs_subr.c:2022 ffs_truncate(fffffd80697291f0,0,4,fffffd807f7d7750) at ffs_truncate+0xf63 ufs_rmdir(ffff8000374d93c8) at ufs_rmdir+0x374 sys/ufs/ufs/ufs_vnops.c:1265 VOP_RMDIR(fffffd805b2cb560,fffffd805b2cb7e8,ffff8000374d94a8) at VOP_RMDIR+0x19a sys/kern/vfs_vops.c:413 dounlinkat(ffff80002a4ff470,ffffff9c,7e597164fa40,8) at dounlinkat+0x2e0 sys/kern/vfs_syscalls.c:1885 syscall(ffff8000374d9620) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7e597164fa30, count: 1 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 310 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b56e5) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83067daa,ffffffff830780ce,136,ffffffff82ff3351) at __assert+0x29 buf_free_pages(fffffd806be0a7d0) at buf_free_pages+0x23d sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd806be0a7d0) at buf_dealloc_mem+0x14e sys/kern/vfs_biomem.c:179 buf_put(fffffd806be0a7d0) at buf_put+0x1dc sys/kern/vfs_bio.c:127 brelse(fffffd806be0a7d0) at brelse+0x395 sys/kern/vfs_bio.c:944 vinvalbuf(fffffd805b2cb7e8,2,fffffd807f7d7750,ffff80002a4ff470,0,ffffffffffffffff) at vinvalbuf+0x52c sys/kern/vfs_subr.c:2022 ffs_truncate(fffffd80697291f0,0,4,fffffd807f7d7750) at ffs_truncate+0xf63 ufs_rmdir(ffff8000374d93c8) at ufs_rmdir+0x374 sys/ufs/ufs/ufs_vnops.c:1265 VOP_RMDIR(fffffd805b2cb560,fffffd805b2cb7e8,ffff8000374d94a8) at VOP_RMDIR+0x19a sys/kern/vfs_vops.c:413 dounlinkat(ffff80002a4ff470,ffffff9c,7e597164fa40,8) at dounlinkat+0x2e0 sys/kern/vfs_syscalls.c:1885 syscall(ffff8000374d9620) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7e597164fa30, count: -14 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000374d8ec0 rbx 0 rdx 0 rcx 0 rax 0xffff80002a4ff470 r8 0x101010101010101 r9 0x8080808080808080 r10 0xc43069dc724887f0 r11 0x60de256094e1c4a6 r12 0 r13 0xfffffd8006cb3300 r14 0 r15 0x1 rip 0xffffffff82b40c75 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff8000374d8eb0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=249840 pid=25751 tcnt=1 stat=onproc flags process=2 proc=0 runpri=17, usrpri=50, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a4fef60,0xffff80002a519488 process=0xffff80002a465e00 user=0xffff8000374d4000, vmspace=0xfffffd807e21e160 estcpu=18, cpticks=1, pctcpu=0.0, user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 30925 263431 6817 0 3 0x10008a sigsusp sh *25751 249840 96717 0 7 0x2 syz-executor 6817 186526 96717 0 3 0x82 wait syz-executor 60361 505899 96717 0 3 0x82 wait syz-executor 95761 507667 96717 0 3 0x2 biowait syz-executor 13272 382617 96717 0 2 0x82 syz-executor 60218 150734 96717 0 2 0x2 syz-executor 61493 384662 96717 0 3 0x2 biowait syz-executor 22321 462933 1 0 3 0x100083 ttyin getty 43357 67407 0 0 3 0x14280 nfsidl nfsio 13440 349207 0 0 3 0x14280 nfsidl nfsio 40790 487877 0 0 3 0x14280 nfsidl nfsio 80055 34174 0 0 3 0x14280 nfsidl nfsio 26000 459130 0 0 3 0x14280 nfsidl nfsio 55778 233052 0 0 3 0x14280 nfsidl nfsio 61491 421670 0 0 3 0x14280 nfsidl nfsio 53704 418711 0 0 3 0x14280 nfsidl nfsio 61867 188438 0 0 3 0x14280 nfsidl nfsio 87447 369575 0 0 3 0x14280 nfsidl nfsio 39597 412433 0 0 3 0x14280 nfsidl nfsio 37308 126100 0 0 3 0x14280 nfsidl nfsio 11489 244474 0 0 3 0x14280 nfsidl nfsio 12628 193899 0 0 3 0x14280 nfsidl nfsio 6491 115368 0 0 3 0x14280 nfsidl nfsio 97347 109977 0 0 3 0x14280 nfsidl nfsio 75154 395744 0 0 3 0x14280 nfsidl nfsio 62494 314652 0 0 3 0x14280 nfsidl nfsio 80294 169578 0 0 3 0x14280 nfsidl nfsio 45813 165293 0 0 3 0x14280 nfsidl nfsio 92595 234058 0 0 3 0x14200 acct acct 18795 157536 0 0 3 0x14200 bored sosplice 96717 373459 88168 0 2 0x2 syz-executor 88168 251173 26730 0 3 0x10008a sigsusp ksh 26730 351024 12659 0 3 0x98 kqread sshd-session 12659 125319 86601 0 3 0x92 kqread sshd-session 86601 21583 1 0 3 0x88 kqread sshd 16685 276980 94815 73 2 0x1100011 syslogd 94815 312833 1 0 3 0x100082 sbwait syslogd 39181 375517 1 0 3 0x100080 kqread resolvd 99878 203030 54010 77 3 0x100092 kqread dhcpleased 12818 239382 54010 77 3 0x100092 kqread dhcpleased 54010 332244 1 0 3 0x80 kqread dhcpleased 39300 267943 0 0 3 0x14200 bored smr 99 524124 0 0 2 0x14200 zerothread 92651 445800 0 0 3 0x14200 aiodoned aiodoned 65306 233763 0 0 3 0x14200 syncer update 83030 31311 0 0 3 0x14200 cleaner cleaner 78809 31378 0 0 2 0x14200 reaper 40437 188214 0 0 3 0x14200 pgdaemon pagedaemon 19987 326813 0 0 3 0x14200 bored viomb 18778 154836 0 0 3 0x40014200 acpi0 acpi0 29194 295754 0 0 3 0x14200 bored softnet3 239 473542 0 0 3 0x14200 bored softnet2 39813 165452 0 0 3 0x14200 bored softnet1 49963 228173 0 0 3 0x14200 bored softnet0 57164 373344 0 0 3 0x14200 bored systqmp 66869 419728 0 0 3 0x14200 bored systq 20093 514066 0 0 3 0x40014200 tmoslp softclock 24317 108855 0 0 3 0x40014200 idle0 1 155728 0 0 3 0x80082 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10193 11045K 11340K 166960K 13181 0 pcb 17 12K 12K 166960K 251 0 rtable 188 6K 7K 166960K 2487 0 pf 33 13K 21K 166960K 245 0 ifaddr 37 7K 8K 166960K 339 0 ifgroup 50 2K 2K 166960K 372 0 sysctl 3 0K 0K 166960K 9 0 counters 30 17K 17K 166960K 114 0 ioctlops 0 0K 4K 166960K 278 0 iov 0 0K 16K 166960K 117 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1439 91K 91K 166960K 3262 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 20 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 57 0 dirhash 15 2K 2K 166960K 45 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 10 33K 93K 166960K 2354 0 sigio 0 0K 0K 166960K 42 0 proc 60 59K 91K 166960K 2384 0 subproc 91 5K 7K 166960K 949 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 312 0 in_multi 78 5K 7K 166960K 848 0 ether_multi 1 0K 0K 166960K 9 0 mrt 1 0K 0K 166960K 4 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 187 837K 837K 166960K 187 0 exec 0 0K 1K 166960K 1413 0 pfkey data 0 0K 4K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 163 62K 97K 166960K 20286 0 UVM aobj 5 2K 2K 166960K 5 0 pinsyscall 31 62K 93K 166960K 5067 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 68 0 NDP 11 0K 2K 166960K 243 0 temp 70 6815K 6884K 166960K 62233 0 kqueue 13 20K 28K 166960K 245 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 269 0 266 1 0 1 1 0 8 0 rtentry 112 894 0 810 4 0 4 4 0 8 0 unpcb 144 1072 0 1057 4 0 4 4 0 8 3 syncache 336 6 0 6 2 1 1 1 0 8 1 tcpqe 32 3 0 3 1 0 1 1 0 8 1 tcpcb 808 497 0 493 8 0 8 8 0 8 7 arp 88 159 0 144 1 0 1 1 0 8 0 ipq 40 9 0 8 1 0 1 1 0 8 0 ipqe 40 143 0 142 1 0 1 1 0 8 0 inpcb 336 2090 0 2081 13 4 9 13 0 8 7 nd6 104 236 0 218 1 0 1 1 0 8 0 pkpcb 40 9 0 9 1 0 1 1 0 8 1 kcovpl 48 73 0 66 1 0 1 1 0 8 0 ppxss 1072 11 0 11 1 0 1 1 0 8 1 pfstscr 40 1 0 1 1 0 1 1 0 8 1 pfanchor 1288 1 0 0 1 0 1 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 5 0 3 1 0 1 1 0 8 0 pfstate 344 3 0 2 1 0 1 1 0 8 0 pfrule 1344 14 0 8 1 0 1 1 0 8 0 art_heap8 4096 3 0 0 3 0 3 3 0 8 0 art_heap4 256 3505 0 3145 31 2 29 31 0 8 3 art_table 32 3508 0 3145 4 0 4 4 0 8 0 art_node 16 889 0 814 1 0 1 1 0 8 0 sysvmsgpl 40 17 0 12 1 0 1 1 0 8 0 semupl 112 2 0 2 1 0 1 1 0 8 1 semapl 112 55 0 45 1 0 1 1 0 8 0 shmpl 112 2 0 0 1 0 1 1 0 8 0 dirhash 1024 40 0 21 3 0 3 3 0 8 0 dino2pl 256 4006 0 2385 102 0 102 102 0 8 0 ffsino 240 4006 0 2385 96 0 96 96 0 8 0 nchpl 144 6055 0 4293 66 0 66 66 0 8 0 uvmvnodes 80 5577 0 0 114 0 114 114 0 8 0 vnodes 216 5577 0 0 310 0 310 310 0 8 0 namei 1024 26798 0 26797 4 2 2 2 0 8 1 kstatmem 264 190 0 168 2 0 2 2 0 8 0 scsiplug 72 4 0 4 1 0 1 1 0 8 1 scxspl 216 51588 0 51586 15 7 8 8 1 8 7 plimitpl 152 493 0 478 1 0 1 1 0 8 0 sigapl 424 2529 0 2466 8 0 8 8 0 8 0 futexpl 64 20302 0 20302 1 0 1 1 0 8 1 knotepl 120 53033 0 52986 17 7 10 17 0 8 8 kqueuepl 184 495 0 486 4 0 4 4 0 8 3 pipepl 288 469 0 441 7 0 7 7 0 8 4 fdescpl 432 2491 0 2469 5 0 5 5 0 8 1 filepl 120 13083 0 12864 14 2 12 12 0 8 4 lockfpl 104 709 0 707 2 0 2 2 0 8 1 lockfspl 48 260 0 258 1 0 1 1 0 8 0 sessionpl 144 89 0 81 1 0 1 1 0 8 0 pgrppl 48 213 0 198 1 0 1 1 0 8 0 ucredpl 104 1702 0 1690 1 0 1 1 0 8 0 zombiepl 144 3380 0 3377 1 0 1 1 0 8 0 processpl 1096 2529 0 2466 6 0 6 6 0 8 0 procpl 648 4901 0 4834 8 0 8 8 0 8 0 sosppl 168 14 0 14 1 0 1 1 0 8 1 sockpl 504 3463 0 3436 30 18 12 22 0 8 7 mcl64k 65536 39 0 39 2 1 1 1 0 8 1 mcl16k 16384 3 0 3 1 0 1 1 0 8 1 mcl12k 12288 7 0 7 1 0 1 1 0 8 1 mcl9k 9216 1 0 1 1 0 1 1 0 8 1 mcl8k 8192 34 0 34 2 1 1 1 0 8 1 mcl4k 4096 4781 0 4726 19 11 8 18 0 8 0 mcl2k2 2112 1 0 1 1 0 1 1 0 8 1 mcl2k 2048 2804 0 2799 3 0 3 3 0 8 2 mtagpl 96 25 0 24 2 1 1 1 0 8 0 mbufpl 256 24291 0 24141 26 8 18 22 0 8 7 bufpl 280 13963 0 6595 527 0 527 527 0 8 0 anonpl 24 398959 0 396128 71 10 61 61 0 187 24 amapchunkpl 152 66969 0 66671 42 4 38 38 0 158 19 amappl16 200 7901 0 7893 49 41 8 15 0 8 7 amappl15 192 20 0 20 1 1 0 1 0 8 0 amappl14 184 236 0 226 1 0 1 1 0 8 0 amappl13 176 11 0 11 2 1 1 1 0 8 1 amappl12 168 4142 0 4118 3 1 2 3 0 8 0 amappl11 160 45 0 35 1 0 1 1 0 8 0 amappl10 152 16 0 16 1 1 0 1 0 8 0 amappl9 144 146 0 146 1 1 0 1 0 8 0 amappl8 136 21 0 20 1 0 1 1 0 8 0 amappl7 128 229 0 218 1 0 1 1 0 8 0 amappl6 120 810 0 806 1 0 1 1 0 8 0 amappl5 112 387 0 377 1 0 1 1 0 8 0 amappl4 104 483 0 469 1 0 1 1 0 8 0 amappl3 96 12700 0 12632 4 0 4 4 0 8 1 amappl2 88 1580 0 1516 2 0 2 2 0 8 0 amappl1 80 18237 0 17737 15 2 13 13 0 8 0 amappl 88 19322 0 19212 6 1 5 5 0 92 0 dma65536 65536 1 0 1 1 0 1 1 0 8 1 dma32768 32768 1 0 1 1 0 1 1 0 8 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 7 0 7 2 1 1 1 0 8 1 dma128 128 256 0 256 2 1 1 1 0 8 1 dma64 64 7 0 7 2 1 1 1 0 8 1 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 4 0 0 1 0 1 1 0 8 0 uaddrrnd 24 2491 0 2467 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2491 0 2467 1 0 1 1 0 8 0 vmmpekpl 168 21635 0 21570 4 0 4 4 0 8 0 vmmpepl 168 158189 0 156804 93 0 93 93 0 357 18 vmsppl 344 2490 0 2467 4 1 3 4 0 8 0 rwobjpl 24 51819 0 45466 39 0 39 39 0 8 0 pdppl 4096 4988 0 4934 186 118 68 80 0 8 14 pvpl 32 1244505 0 1236459 247 8 239 239 0 265 122 pmappl 216 2490 0 2467 3 0 3 3 0 8 1 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 544 0 168 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b56e5) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83067daa,ffffffff830780ce,136,ffffffff82ff3351) at __assert+0x29 buf_free_pages(fffffd806be0a7d0) at buf_free_pages+0x23d sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd806be0a7d0) at buf_dealloc_mem+0x14e sys/kern/vfs_biomem.c:179 buf_put(fffffd806be0a7d0) at buf_put+0x1dc sys/kern/vfs_bio.c:127 brelse(fffffd806be0a7d0) at brelse+0x395 sys/kern/vfs_bio.c:944 vinvalbuf(fffffd805b2cb7e8,2,fffffd807f7d7750,ffff80002a4ff470,0,ffffffffffffffff) at vinvalbuf+0x52c sys/kern/vfs_subr.c:2022 ffs_truncate(fffffd80697291f0,0,4,fffffd807f7d7750) at ffs_truncate+0xf63 ufs_rmdir(ffff8000374d93c8) at ufs_rmdir+0x374 sys/ufs/ufs/ufs_vnops.c:1265 VOP_RMDIR(fffffd805b2cb560,fffffd805b2cb7e8,ffff8000374d94a8) at VOP_RMDIR+0x19a sys/kern/vfs_vops.c:413 dounlinkat(ffff80002a4ff470,ffffff9c,7e597164fa40,8) at dounlinkat+0x2e0 sys/kern/vfs_syscalls.c:1885 syscall(ffff8000374d9620) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7e597164fa30, count: -14 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b56e5) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83067daa,ffffffff830780ce,136,ffffffff82ff3351) at __assert+0x29 buf_free_pages(fffffd806be0a7d0) at buf_free_pages+0x23d sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd806be0a7d0) at buf_dealloc_mem+0x14e sys/kern/vfs_biomem.c:179 buf_put(fffffd806be0a7d0) at buf_put+0x1dc sys/kern/vfs_bio.c:127 brelse(fffffd806be0a7d0) at brelse+0x395 sys/kern/vfs_bio.c:944 vinvalbuf(fffffd805b2cb7e8,2,fffffd807f7d7750,ffff80002a4ff470,0,ffffffffffffffff) at vinvalbuf+0x52c sys/kern/vfs_subr.c:2022 ffs_truncate(fffffd80697291f0,0,4,fffffd807f7d7750) at ffs_truncate+0xf63 ufs_rmdir(ffff8000374d93c8) at ufs_rmdir+0x374 sys/ufs/ufs/ufs_vnops.c:1265 VOP_RMDIR(fffffd805b2cb560,fffffd805b2cb7e8,ffff8000374d94a8) at VOP_RMDIR+0x19a sys/kern/vfs_vops.c:413 dounlinkat(ffff80002a4ff470,ffffff9c,7e597164fa40,8) at dounlinkat+0x2e0 sys/kern/vfs_syscalls.c:1885 syscall(ffff8000374d9620) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7e597164fa30, count: -14