panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 310 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *445360 2901 0 0x2 0 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830afb12) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83067464,ffffffff83077cc6,136,ffffffff82ff26ea) at __assert+0x29 buf_free_pages(fffffd8059c60c18) at buf_free_pages+0x23d sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd8059c60c18) at buf_dealloc_mem+0x14e sys/kern/vfs_biomem.c:179 buf_put(fffffd8059c60c18) at buf_put+0x1dc sys/kern/vfs_bio.c:127 brelse(fffffd8059c60c18) at brelse+0x395 sys/kern/vfs_bio.c:944 vinvalbuf(fffffd806ed303a0,2,fffffd807f7d79c0,ffff80002a48ca38,0,ffffffffffffffff) at vinvalbuf+0x52c sys/kern/vfs_subr.c:2022 ffs_truncate(fffffd8057c29f00,0,4,fffffd807f7d79c0) at ffs_truncate+0xf63 ufs_rmdir(ffff80003765bb68) at ufs_rmdir+0x374 sys/ufs/ufs/ufs_vnops.c:1265 VOP_RMDIR(fffffd806d1772a8,fffffd806ed303a0,ffff80003765bc48) at VOP_RMDIR+0x19a sys/kern/vfs_vops.c:413 dounlinkat(ffff80002a48ca38,ffffff9c,7cfe69a2dd30,8) at dounlinkat+0x2e0 sys/kern/vfs_syscalls.c:1885 syscall(ffff80003765bdc0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7cfe69a2dd20, count: 1 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/main/kernel/sys/kern/vfs_biomem.c", line 310 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830afb12) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83067464,ffffffff83077cc6,136,ffffffff82ff26ea) at __assert+0x29 buf_free_pages(fffffd8059c60c18) at buf_free_pages+0x23d sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd8059c60c18) at buf_dealloc_mem+0x14e sys/kern/vfs_biomem.c:179 buf_put(fffffd8059c60c18) at buf_put+0x1dc sys/kern/vfs_bio.c:127 brelse(fffffd8059c60c18) at brelse+0x395 sys/kern/vfs_bio.c:944 vinvalbuf(fffffd806ed303a0,2,fffffd807f7d79c0,ffff80002a48ca38,0,ffffffffffffffff) at vinvalbuf+0x52c sys/kern/vfs_subr.c:2022 ffs_truncate(fffffd8057c29f00,0,4,fffffd807f7d79c0) at ffs_truncate+0xf63 ufs_rmdir(ffff80003765bb68) at ufs_rmdir+0x374 sys/ufs/ufs/ufs_vnops.c:1265 VOP_RMDIR(fffffd806d1772a8,fffffd806ed303a0,ffff80003765bc48) at VOP_RMDIR+0x19a sys/kern/vfs_vops.c:413 dounlinkat(ffff80002a48ca38,ffffff9c,7cfe69a2dd30,8) at dounlinkat+0x2e0 sys/kern/vfs_syscalls.c:1885 syscall(ffff80003765bdc0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7cfe69a2dd20, count: -14 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80003765b660 rbx 0 rdx 0 rcx 0 rax 0xffff80002a48ca38 r8 0x101010101010101 r9 0x8080808080808080 r10 0xec6bbf630ce767ec r11 0xe28689f02ae81931 r12 0 r13 0xfffffd8006e56c80 r14 0 r15 0x1 rip 0xffffffff81598255 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80003765b650 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=445360 pid=2901 tcnt=1 stat=onproc flags process=2 proc=0 runpri=17, usrpri=56, slppri=17, nice=20 wchan=0x0, wmesg=, ps_single=0x0 scnt=0 ecnt=0 forw=0xffffffffffffffff, list=0xffff80002a48d1d0,0xffff80002a50f208 process=0xffff8000ffff4cf0 user=0xffff800037656000, vmspace=0xfffffd8007c1a968 estcpu=6, cpticks=2, pctcpu=0.0, user=0, sys=11, intr=1 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 46994 517393 96146 0 2 0x2 syz-executor 20811 361656 96146 0 2 0x82 syz-executor * 2901 445360 96146 0 7 0x2 syz-executor 73469 43017 1 0 3 0x100083 ttyin getty 89395 504109 96146 0 3 0x2 biowait syz-executor 3133 402092 96146 0 3 0x2 biowait syz-executor 8238 307897 96146 0 3 0x2 biowait syz-executor 37581 253353 96146 0 3 0x2 biowait syz-executor 84958 302748 0 0 3 0x14200 acct acct 18778 379847 0 0 3 0x14280 nfsidl nfsio 68462 87191 0 0 3 0x14280 nfsidl nfsio 51507 294894 0 0 3 0x14280 nfsidl nfsio 25522 384333 0 0 3 0x14280 nfsidl nfsio 75624 325370 0 0 3 0x14280 nfsidl nfsio 59724 523902 0 0 3 0x14280 nfsidl nfsio 95198 184824 0 0 3 0x14280 nfsidl nfsio 42420 264166 0 0 3 0x14280 nfsidl nfsio 91293 10123 0 0 3 0x14280 nfsidl nfsio 12602 258049 0 0 3 0x14280 nfsidl nfsio 39373 316936 0 0 3 0x14280 nfsidl nfsio 17668 94612 0 0 3 0x14280 nfsidl nfsio 48292 84075 0 0 3 0x14280 nfsidl nfsio 9219 301066 0 0 3 0x14280 nfsidl nfsio 2033 12069 0 0 3 0x14280 nfsidl nfsio 54369 372030 0 0 3 0x14280 nfsidl nfsio 62509 499147 0 0 3 0x14280 nfsidl nfsio 95426 126160 0 0 3 0x14280 nfsidl nfsio 37385 329485 0 0 3 0x14280 nfsidl nfsio 4214 106852 0 0 3 0x14280 nfsidl nfsio 50780 509486 0 0 3 0x14200 bored sosplice 96146 466612 23468 0 2 0x2 syz-executor 23468 128351 4969 0 3 0x10008a sigsusp ksh 4969 199954 89522 0 3 0x98 kqread sshd-session 89522 480498 96006 0 3 0x92 kqread sshd-session 96006 2596 1 0 3 0x88 kqread sshd 62112 278929 33599 73 2 0x1100010 syslogd 33599 57199 1 0 3 0x100082 sbwait syslogd 59092 398917 1 0 3 0x100080 kqread resolvd 37999 233789 27200 77 3 0x100092 kqread dhcpleased 96478 318362 27200 77 3 0x100092 kqread dhcpleased 27200 290046 1 0 3 0x80 kqread dhcpleased 59571 427334 0 0 3 0x14200 bored smr 69714 26671 0 0 2 0x14200 zerothread 54747 70450 0 0 3 0x14200 aiodoned aiodoned 51601 438495 0 0 3 0x14200 syncer update 9724 305479 0 0 3 0x14200 cleaner cleaner 87076 515911 0 0 2 0x14200 reaper 15904 294439 0 0 3 0x14200 pgdaemon pagedaemon 58485 121216 0 0 3 0x14200 bored viomb 4435 353283 0 0 3 0x40014200 acpi0 acpi0 54 86857 0 0 3 0x14200 bored softnet3 4579 137854 0 0 3 0x14200 bored softnet2 74286 416639 0 0 3 0x14200 bored softnet1 81350 509503 0 0 3 0x14200 bored softnet0 70555 514660 0 0 3 0x14200 bored systqmp 40742 327909 0 0 3 0x14200 bored systq 85682 356671 0 0 3 0x40014200 tmoslp softclock 75329 29383 0 0 3 0x40014200 idle0 1 233874 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10215 11055K 11469K 166960K 14354 0 pcb 17 16K 17K 166960K 616 0 rtable 168 6K 8K 166960K 3484 0 pf 30 13K 269K 166960K 431 0 ifaddr 34 7K 9K 166960K 483 0 ifgroup 46 2K 2K 166960K 545 0 sysctl 3 0K 4K 166960K 38 0 counters 29 17K 17K 166960K 159 0 ioctlops 0 0K 4K 166960K 774 0 iov 0 0K 18K 166960K 300 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1505 95K 95K 166960K 4553 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 41 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 150 0 dirhash 15 2K 3K 166960K 48 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 9 29K 93K 166960K 3613 0 sigio 0 0K 0K 166960K 117 0 proc 60 59K 91K 166960K 3371 0 subproc 91 5K 7K 166960K 1343 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 335 0 in_multi 67 5K 7K 166960K 1229 0 ether_multi 1 0K 0K 166960K 10 0 mrt 1 0K 0K 166960K 10 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 265 1182K 1182K 166960K 265 0 exec 0 0K 1K 166960K 1904 0 pfkey data 0 0K 0K 166960K 3 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 154 62K 90K 166960K 29665 0 UVM aobj 28 2K 4K 166960K 34 0 pinsyscall 30 60K 96K 166960K 7131 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 1K 166960K 111 0 NDP 10 0K 2K 166960K 355 0 temp 72 6815K 6944K 166960K 107799 0 kqueue 13 20K 32K 166960K 422 0 SYN cache 2 4688K 4696K 166960K 4 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 427 0 424 2 1 1 2 0 8 0 rtentry 112 1250 0 1178 4 1 3 4 0 8 0 unpcb 144 2150 0 2135 12 6 6 6 0 8 5 syncache 336 13 0 13 2 2 0 1 0 8 0 tcpqe 32 12 0 12 2 2 0 1 0 8 0 tcpcb 808 777 0 773 17 10 7 8 0 8 6 arp 88 226 0 211 1 0 1 1 0 8 0 ipq 40 14 0 13 1 0 1 1 0 8 0 ipqe 40 70 0 68 1 0 1 1 0 8 0 inpcb 336 3404 0 3397 22 15 7 12 0 8 6 nd6 104 333 0 317 1 0 1 1 0 8 0 pkpcb 40 17 0 17 3 2 1 1 0 8 1 kcovpl 48 103 0 96 1 0 1 1 0 8 0 ppxss 1072 17 0 17 3 2 1 1 0 8 1 pfstscr 40 2 0 2 2 1 1 1 0 8 1 pfrktable 1344 1 0 0 1 0 1 1 0 8 0 pfanchor 1288 1 0 0 1 0 1 1 0 8 0 pftag 88 4 0 3 3 2 1 1 0 8 0 pfstitem 24 8 0 3 1 0 1 1 0 8 0 pfstkey 128 19 0 13 1 0 1 1 0 8 0 pfstate 344 10 0 7 1 0 1 1 0 8 0 pfrule 1344 28 0 26 2 1 1 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 5046 0 4721 35 5 30 32 0 8 0 art_table 32 5048 0 4721 5 1 4 5 0 8 0 art_node 16 1245 0 1184 1 0 1 1 0 8 0 semapl 112 147 0 137 1 0 1 1 0 8 0 shmpl 112 31 0 6 1 0 1 1 0 8 0 dirhash 1024 41 0 22 3 0 3 3 0 8 0 dino2pl 256 5527 0 3845 106 0 106 106 0 8 0 ffsino 240 5527 0 3845 100 0 100 100 0 8 0 nchpl 144 8730 0 6911 68 0 68 68 0 8 0 uvmvnodes 80 7450 0 0 153 0 153 153 0 8 0 vnodes 216 7450 0 0 414 0 414 414 0 8 0 namei 1024 39692 0 39691 8 3 5 5 0 8 4 kstatmem 264 280 0 260 2 0 2 2 0 8 0 scsiplug 72 10 0 10 3 2 1 1 0 8 1 scxspl 216 54989 0 54985 11 8 3 8 1 8 2 plimitpl 152 689 0 674 1 0 1 1 0 8 0 sigapl 424 3752 0 3692 10 2 8 8 0 8 0 futexpl 64 32743 0 32743 1 0 1 1 0 8 1 knotepl 120 98467 0 98419 61 51 10 25 0 8 8 kqueuepl 184 898 0 889 8 4 4 4 0 8 3 pipepl 288 543 0 515 4 1 3 3 0 8 0 fdescpl 432 3692 0 3671 5 1 4 5 0 8 0 filepl 120 20847 0 20628 26 13 13 19 0 8 5 lockfpl 104 1207 0 1205 3 1 2 2 0 8 1 lockfspl 48 408 0 406 1 0 1 1 0 8 0 sessionpl 144 124 0 116 1 0 1 1 0 8 0 pgrppl 48 249 0 234 1 0 1 1 0 8 0 ucredpl 104 3159 0 3145 1 0 1 1 0 8 0 zombiepl 144 4322 0 4321 2 1 1 1 0 8 0 processpl 1096 3752 0 3692 6 0 6 6 0 8 0 procpl 648 7209 0 7145 11 3 8 8 0 8 1 sosppl 168 7 0 7 2 1 1 1 0 8 1 sockpl 504 6167 0 6142 77 65 12 33 0 8 8 mcl64k 65536 102 0 102 2 1 1 1 0 8 1 mcl16k 16384 13 0 13 3 2 1 1 0 8 1 mcl12k 12288 4 0 4 1 1 0 1 0 8 0 mcl8k 8192 40 0 40 3 2 1 1 0 8 1 mcl4k 4096 5917 0 5862 20 11 9 18 0 8 1 mcl2k2 2112 2 0 2 2 1 1 1 0 8 1 mcl2k 2048 4410 0 4399 6 3 3 3 0 8 1 mtagpl 96 142 0 126 3 0 3 3 0 8 0 mbufpl 256 38085 0 37922 46 29 17 27 0 8 1 bufpl 280 13185 0 5739 533 0 533 533 0 8 0 anonpl 24 479540 0 476560 108 56 52 74 0 187 11 amapchunkpl 152 107478 0 107205 73 26 47 47 0 158 26 amappl16 200 7587 0 7567 64 53 11 26 0 8 8 amappl15 192 45 0 45 1 1 0 1 0 8 0 amappl14 184 300 0 290 1 0 1 1 0 8 0 amappl13 176 4 0 4 1 1 0 1 0 8 0 amappl12 168 5808 0 5787 3 1 2 3 0 8 0 amappl11 160 55 0 45 1 0 1 1 0 8 0 amappl10 152 53 0 52 2 1 1 1 0 8 0 amappl9 144 145 0 145 1 1 0 1 0 8 0 amappl8 136 46 0 44 1 0 1 1 0 8 0 amappl7 128 316 0 305 1 0 1 1 0 8 0 amappl6 120 1132 0 1129 1 0 1 1 0 8 0 amappl5 112 527 0 518 1 0 1 1 0 8 0 amappl4 104 588 0 573 1 0 1 1 0 8 0 amappl3 96 18894 0 18834 4 0 4 4 0 8 0 amappl2 88 2038 0 1973 2 0 2 2 0 8 0 amappl1 80 24277 0 23793 14 2 12 13 0 8 0 amappl 88 28377 0 28276 5 0 5 5 0 92 0 dma65536 65536 1 0 1 1 1 0 1 0 8 0 dma16384 16384 1 0 1 1 0 1 1 0 8 1 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 2 0 1 1 0 1 1 0 8 0 dma256 256 7 0 7 1 1 0 1 0 8 0 dma128 128 254 0 254 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 8 0 8 2 2 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 33 0 6 1 0 1 1 0 8 0 uaddrrnd 24 3692 0 3671 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3692 0 3671 1 0 1 1 0 8 0 vmmpekpl 168 28811 0 28751 3 0 3 3 0 8 0 vmmpepl 168 226085 0 224772 116 27 89 101 0 357 11 vmsppl 344 3691 0 3671 4 1 3 4 0 8 0 rwobjpl 24 67571 0 59335 52 0 52 52 0 8 1 pdppl 4096 7390 0 7342 281 215 66 80 0 8 18 pvpl 32 1829757 0 1822022 508 286 222 254 0 265 119 pmappl 216 3691 0 3671 3 1 2 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 742 0 367 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830afb12) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83067464,ffffffff83077cc6,136,ffffffff82ff26ea) at __assert+0x29 buf_free_pages(fffffd8059c60c18) at buf_free_pages+0x23d sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd8059c60c18) at buf_dealloc_mem+0x14e sys/kern/vfs_biomem.c:179 buf_put(fffffd8059c60c18) at buf_put+0x1dc sys/kern/vfs_bio.c:127 brelse(fffffd8059c60c18) at brelse+0x395 sys/kern/vfs_bio.c:944 vinvalbuf(fffffd806ed303a0,2,fffffd807f7d79c0,ffff80002a48ca38,0,ffffffffffffffff) at vinvalbuf+0x52c sys/kern/vfs_subr.c:2022 ffs_truncate(fffffd8057c29f00,0,4,fffffd807f7d79c0) at ffs_truncate+0xf63 ufs_rmdir(ffff80003765bb68) at ufs_rmdir+0x374 sys/ufs/ufs/ufs_vnops.c:1265 VOP_RMDIR(fffffd806d1772a8,fffffd806ed303a0,ffff80003765bc48) at VOP_RMDIR+0x19a sys/kern/vfs_vops.c:413 dounlinkat(ffff80002a48ca38,ffffff9c,7cfe69a2dd30,8) at dounlinkat+0x2e0 sys/kern/vfs_syscalls.c:1885 syscall(ffff80003765bdc0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7cfe69a2dd20, count: -14 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830afb12) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83067464,ffffffff83077cc6,136,ffffffff82ff26ea) at __assert+0x29 buf_free_pages(fffffd8059c60c18) at buf_free_pages+0x23d sys/kern/vfs_biomem.c:299 buf_dealloc_mem(fffffd8059c60c18) at buf_dealloc_mem+0x14e sys/kern/vfs_biomem.c:179 buf_put(fffffd8059c60c18) at buf_put+0x1dc sys/kern/vfs_bio.c:127 brelse(fffffd8059c60c18) at brelse+0x395 sys/kern/vfs_bio.c:944 vinvalbuf(fffffd806ed303a0,2,fffffd807f7d79c0,ffff80002a48ca38,0,ffffffffffffffff) at vinvalbuf+0x52c sys/kern/vfs_subr.c:2022 ffs_truncate(fffffd8057c29f00,0,4,fffffd807f7d79c0) at ffs_truncate+0xf63 ufs_rmdir(ffff80003765bb68) at ufs_rmdir+0x374 sys/ufs/ufs/ufs_vnops.c:1265 VOP_RMDIR(fffffd806d1772a8,fffffd806ed303a0,ffff80003765bc48) at VOP_RMDIR+0x19a sys/kern/vfs_vops.c:413 dounlinkat(ffff80002a48ca38,ffffff9c,7cfe69a2dd30,8) at dounlinkat+0x2e0 sys/kern/vfs_syscalls.c:1885 syscall(ffff80003765bdc0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7cfe69a2dd20, count: -14