panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 329 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *203143 9816 0 0x2 0x4000000 0 syz-fuzzer db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:208 __assert(ffffffff81f6c605,ffffffff81f7fe8c,149,ffffffff81f4f08c) at __assert+0x2e sys/kern/subr_prf.c:155 buf_free_pages(fffffd802ddaac00) at buf_free_pages+0x1ee sys/kern/vfs_biomem.c:318 buf_dealloc_mem(fffffd802ddaac00) at buf_dealloc_mem+0xe1 sys/kern/vfs_biomem.c:194 buf_put(fffffd802ddaac00) at buf_put+0x172 sys/kern/vfs_bio.c:130 brelse(fffffd802ddaac00) at brelse+0x257 sys/kern/vfs_bio.c:926 vinvalbuf(fffffd803620b138,2,ffffffffffffffff,ffff8000ffff4e20,0,0) at vinvalbuf+0x36b sys/kern/vfs_subr.c:1937 ffs_truncate(fffffd80304d72d0,0,0,ffffffffffffffff) at ffs_truncate+0xed8 sys/ufs/ffs/ffs_inode.c:325 ufs_inactive(ffff80002210e918) at ufs_inactive+0x159 sys/ufs/ufs/ufs_inode.c:85 VOP_INACTIVE(fffffd803620b138,ffff8000ffff4e20) at VOP_INACTIVE+0x4c sys/kern/vfs_vops.c:572 vput(fffffd803620b138) at vput+0xae sys/kern/vfs_subr.c:765 ufs_remove(ffff80002210ea08) at ufs_remove+0x13c sys/ufs/ufs/ufs_vnops.c:620 VOP_REMOVE(fffffd802dce2900,fffffd803620b138,ffff80002210eaf8) at VOP_REMOVE+0x61 sys/kern/vfs_vops.c:378 end trace frame: 0xffff80002210eb80, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 329 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:208 __assert(ffffffff81f6c605,ffffffff81f7fe8c,149,ffffffff81f4f08c) at __assert+0x2e sys/kern/subr_prf.c:155 buf_free_pages(fffffd802ddaac00) at buf_free_pages+0x1ee sys/kern/vfs_biomem.c:318 buf_dealloc_mem(fffffd802ddaac00) at buf_dealloc_mem+0xe1 sys/kern/vfs_biomem.c:194 buf_put(fffffd802ddaac00) at buf_put+0x172 sys/kern/vfs_bio.c:130 brelse(fffffd802ddaac00) at brelse+0x257 sys/kern/vfs_bio.c:926 vinvalbuf(fffffd803620b138,2,ffffffffffffffff,ffff8000ffff4e20,0,0) at vinvalbuf+0x36b sys/kern/vfs_subr.c:1937 ffs_truncate(fffffd80304d72d0,0,0,ffffffffffffffff) at ffs_truncate+0xed8 sys/ufs/ffs/ffs_inode.c:325 ufs_inactive(ffff80002210e918) at ufs_inactive+0x159 sys/ufs/ufs/ufs_inode.c:85 VOP_INACTIVE(fffffd803620b138,ffff8000ffff4e20) at VOP_INACTIVE+0x4c sys/kern/vfs_vops.c:572 vput(fffffd803620b138) at vput+0xae sys/kern/vfs_subr.c:765 ufs_remove(ffff80002210ea08) at ufs_remove+0x13c sys/ufs/ufs/ufs_vnops.c:620 VOP_REMOVE(fffffd802dce2900,fffffd803620b138,ffff80002210eaf8) at VOP_REMOVE+0x61 sys/kern/vfs_vops.c:378 dounlinkat(ffff8000ffff4e20,c,c0011a5990,0) at dounlinkat+0x195 sys/kern/vfs_syscalls.c:1709 syscall(ffff80002210ec80) at syscall+0x511 Xsyscall(0,145,c00002c000,145,38,200) at Xsyscall+0x128 end of kernel end trace frame: 0xc001dcd5b0, count: -17 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002210e400 rbx 0xffff80002210e4b0 rdx 0x2 rcx 0 rax 0 r8 0xffff80002210e3c0 r9 0x1 r10 0 r11 0xec6b6b9c4b19f1b3 r12 0x3000000008 r13 0xffff80002210e410 r14 0x100 r15 0x1 rip 0xffffffff81292bc8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002210e3f0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-fuzzer) pid=203143 stat=onproc flags process=2 proc=4000000 pri=17, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff44c0,0xffff8000ffff5088 process=0xffff8000220b26a8 user=0xffff800022109000, vmspace=0xfffffd803f014c60 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 99568 308038 1 0 3 0x100083 ttyin getty 80681 427994 0 0 3 0x14200 bored sosplice 9816 316659 65933 0 3 0x82 thrsleep syz-fuzzer 9816 271997 65933 0 3 0x4000082 nanosleep syz-fuzzer 9816 88173 65933 0 3 0x4000082 thrsleep syz-fuzzer * 9816 203143 65933 0 7 0x4000002 syz-fuzzer 9816 250156 65933 0 3 0x4000082 thrsleep syz-fuzzer 9816 52895 65933 0 3 0x4000082 kqread syz-fuzzer 9816 492487 65933 0 3 0x4000082 thrsleep syz-fuzzer 9816 19650 65933 0 3 0x4000082 thrsleep syz-fuzzer 65933 153432 83737 0 3 0x10008a pause ksh 83737 478417 72654 0 3 0x92 select sshd 72654 294882 1 0 3 0x80 select sshd 30499 25178 69522 73 3 0x100010 ffs_fsync syslogd 69522 287526 1 0 3 0x100082 netio syslogd 60009 485476 1 77 3 0x100090 poll dhclient 19430 48180 1 0 3 0x80 poll dhclient 5479 230221 0 0 2 0x14200 zerothread 70172 507740 0 0 3 0x14200 aiodoned aiodoned 11850 431607 0 0 3 0x14200 syncer update 90198 399137 0 0 3 0x14200 cleaner cleaner 28631 176909 0 0 3 0x14200 reaper reaper 63419 349925 0 0 3 0x14200 pgdaemon pagedaemon 47454 151875 0 0 3 0x14200 bored crynlk 65422 152355 0 0 3 0x14200 bored crypto 59790 501076 0 0 3 0x40014200 acpi0 acpi0 63027 41742 0 0 3 0x14200 bored softnet 87758 109418 0 0 3 0x14200 bored systqmp 26855 319132 0 0 3 0x14200 bored systq 75800 121641 0 0 3 0x40014200 bored softclock 85653 512445 0 0 3 0x40014200 idle0 29097 501113 0 0 3 0x14200 bored smr 1 337071 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9516 6351K 6931K 78643K 15873 0 0 pcb 23 9K 11K 78643K 768 0 0 rtable 64 2K 3K 78643K 1183 0 0 ifaddr 51 12K 15K 78643K 367 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 64 0 0 iov 0 0K 28K 78643K 229 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1197 75K 76K 78643K 3411 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 21 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 0K 1K 78643K 272 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12537 0 0 file desc 2 1K 25K 78643K 2115 0 0 sigio 0 0K 0K 78643K 48 0 0 proc 41 30K 54K 78643K 792 0 0 subproc 0 0K 67586K 78643K 786 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 189 0 0 in_multi 11 0K 2K 78643K 339 0 0 ether_multi 1 0K 0K 78643K 15 0 0 mrt 0 0K 0K 78643K 4 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 78 344K 344K 78643K 78 0 0 exec 0 0K 1K 78643K 406 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 66 3K 38K 78643K 5898 0 0 UVM aobj 94 5K 5K 78643K 98 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 63 0 0 NDP 12 0K 0K 78643K 128 0 0 temp 136 2697K 2767K 78643K 10683 0 0 kqueue 0 0K 0K 78643K 8 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 25 0 23 1 0 1 1 0 8 0 inpcbpl 280 797 0 790 1 0 1 1 0 8 0 plimitpl 152 86 0 81 1 0 1 1 0 8 0 rtentry 112 230 0 208 2 0 2 2 0 8 1 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 2 0 2 1 1 0 1 0 8 0 tcpcb 544 295 0 291 1 0 1 1 0 8 0 nd6 48 46 0 46 1 0 1 1 0 8 1 ppxss 1128 33 0 33 7 7 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1073 0 977 12 0 12 12 0 8 6 art_table 32 1074 0 977 2 0 2 2 0 8 1 art_node 16 229 0 209 1 0 1 1 0 8 0 sysvmsgpl 40 4 0 0 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 264 0 254 1 0 1 1 0 8 0 shmpl 112 96 0 4 3 0 3 3 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 5040 0 3569 48 0 48 48 0 8 0 ffsino 240 5040 0 3569 88 0 88 88 0 8 0 nchpl 144 8142 0 6474 63 0 63 63 0 8 0 uvmvnodes 72 5926 0 0 108 0 108 108 0 8 0 vnodes 200 5926 0 0 312 0 312 312 0 8 0 namei 1024 25564 0 25564 4 3 1 1 0 8 1 scsiplug 64 5 0 5 2 2 0 1 0 8 0 scxspl 192 28926 0 28925 19 18 1 6 0 8 0 sigapl 432 2223 0 2213 2 0 2 2 0 8 0 futexpl 56 32631 0 32631 2 2 0 1 0 8 0 knotepl 112 865 0 846 1 0 1 1 0 8 0 kqueuepl 104 418 0 416 1 0 1 1 0 8 0 pipepl 112 1194 0 1185 4 3 1 2 0 8 0 fdescpl 424 2224 0 2213 2 0 2 2 0 8 0 filepl 120 13086 0 13032 7 4 3 5 0 8 0 lockfpl 104 623 0 623 3 2 1 1 0 8 1 lockfspl 32 215 0 215 3 2 1 1 0 8 1 sessionpl 112 39 0 31 1 0 1 1 0 8 0 pgrppl 48 83 0 75 1 0 1 1 0 8 0 ucredpl 96 2296 0 2289 1 0 1 1 0 8 0 zombiepl 144 2213 0 2213 3 2 1 1 0 8 1 processpl 840 2239 0 2213 4 0 4 4 0 8 0 procpl 600 4864 0 4831 4 0 4 4 0 8 0 sosppl 128 17 0 17 6 6 0 1 0 8 0 sockpl 384 1444 0 1427 7 5 2 4 0 8 0 mcl64k 65536 576 0 576 68 68 0 33 0 8 0 mcl16k 16384 2 0 2 2 2 0 1 0 8 0 mcl12k 12288 32 0 32 6 6 0 1 0 8 0 mcl9k 9216 21 0 21 6 6 0 1 0 8 0 mcl8k 8192 25 0 25 6 6 0 1 0 8 0 mcl4k 4096 91 0 91 6 6 0 1 0 8 0 mcl2k2 2112 6 0 6 4 4 0 1 0 8 0 mcl2k 2048 59093 0 59051 13 7 6 11 0 8 0 mtagpl 80 8 0 8 3 3 0 1 0 8 0 mbufpl 256 107845 0 107791 41 35 6 22 0 8 0 bufpl 256 11596 0 4237 461 0 461 461 0 8 0 anonpl 16 250095 0 239058 109 45 64 64 0 62 17 amapchunkpl 152 10212 0 10118 35 20 15 15 0 158 9 amappl16 192 12909 0 12304 112 78 34 44 0 8 1 amappl15 184 344 0 344 5 4 1 1 0 8 1 amappl14 176 294 0 293 2 1 1 1 0 8 0 amappl13 168 172 0 170 1 0 1 1 0 8 0 amappl12 160 256 0 255 1 0 1 1 0 8 0 amappl11 152 498 0 484 1 0 1 1 0 8 0 amappl10 144 109 0 108 3 2 1 1 0 8 0 amappl9 136 1137 0 1136 1 0 1 1 0 8 0 amappl8 128 704 0 688 1 0 1 1 0 8 0 amappl7 120 119 0 112 1 0 1 1 0 8 0 amappl6 112 515 0 508 1 0 1 1 0 8 0 amappl5 104 458 0 448 1 0 1 1 0 8 0 amappl4 96 2218 0 2191 2 1 1 2 0 8 0 amappl3 88 692 0 687 1 0 1 1 0 8 0 amappl2 80 18409 0 18368 3 1 2 2 0 8 0 amappl1 72 48389 0 48009 26 17 9 19 0 8 0 amappl 72 5229 0 5201 1 0 1 1 0 75 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 97 0 4 2 0 2 2 0 8 0 uaddrrnd 24 2224 0 2213 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2224 0 2213 1 0 1 1 0 8 0 vmmpekpl 168 18387 0 18366 2 0 2 2 0 8 0 vmmpepl 168 241585 0 240240 179 106 73 105 0 357 5 vmsppl 264 2223 0 2213 7 6 1 2 0 8 0 pdppl 4096 4454 0 4426 6 1 5 6 0 8 0 pvpl 32 741502 0 727686 388 141 247 262 0 265 128 pmappl 200 2223 0 2213 1 0 1 1 0 8 0 extentpl 40 39 0 25 1 0 1 1 0 8 0 phpool 112 714 0 130 19 1 18 19 0 8 0