panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/vfs_biomem.c", line 329
Stopped at db_enter+0xa: popq %rbp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*502942 45848 65534 0x10 0 1K syz-executor0
db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x147 sys/kern/subr_prf.c:208
__assert(ffffffff813986c4,ffff8000211c3700,ffffffff81ed6db8,ffffff007eb5b300) at __assert+0x24 sys/kern/subr_prf.c:155
buf_free_pages(ffff800018097000) at buf_free_pages+0x167 sys/kern/vfs_biomem.c:318
buf_dealloc_mem(ffffff007eb65f00) at buf_dealloc_mem+0xb6 sys/kern/vfs_biomem.c:194
buf_put(ffffff007eb5b300) at buf_put+0x11f sys/kern/vfs_bio.c:130
brelse(2) at brelse+0x19f sys/kern/vfs_bio.c:921
vinvalbuf(0,ffffff006a19fd30,ffffff006a19fd48,0,ffff80000066f800,11) at vinvalbuf+0x2e2 sys/kern/vfs_subr.c:1925
ffs_truncate(ffffff007ecf1398,ffffff007682a6c8,ffffff006a19f2e0,ffffff006a19fd30) at ffs_truncate+0xc93 sys/ufs/ffs/ffs_inode.c:325
ufs_rmdir(ffffff007ecf1398) at ufs_rmdir+0x277 sys/ufs/ufs/ufs_vnops.c:1354
VOP_RMDIR(0,ffffff007682a6c8,8) at VOP_RMDIR+0x6a sys/kern/vfs_vops.c:469
dounlinkat(890,ffff8000210a3c38,0,ffff8000211c3c70) at dounlinkat+0xf5 sys/kern/vfs_syscalls.c:1695
syscall(0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:99 [inline]
syscall(0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:583
Xsyscall(6,89,7f7fffff7970,89,27b19346c80,7f7fffff7dc0) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff7db0, count: 1
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{1}>
ddb{1}> set $lines = 0
ddb{1}> show panic
kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/vfs_biomem.c", line 329
ddb{1}> trace
db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x147 sys/kern/subr_prf.c:208
__assert(ffffffff813986c4,ffff8000211c3700,ffffffff81ed6db8,ffffff007eb5b300) at __assert+0x24 sys/kern/subr_prf.c:155
buf_free_pages(ffff800018097000) at buf_free_pages+0x167 sys/kern/vfs_biomem.c:318
buf_dealloc_mem(ffffff007eb65f00) at buf_dealloc_mem+0xb6 sys/kern/vfs_biomem.c:194
buf_put(ffffff007eb5b300) at buf_put+0x11f sys/kern/vfs_bio.c:130
brelse(2) at brelse+0x19f sys/kern/vfs_bio.c:921
vinvalbuf(0,ffffff006a19fd30,ffffff006a19fd48,0,ffff80000066f800,11) at vinvalbuf+0x2e2 sys/kern/vfs_subr.c:1925
ffs_truncate(ffffff007ecf1398,ffffff007682a6c8,ffffff006a19f2e0,ffffff006a19fd30) at ffs_truncate+0xc93 sys/ufs/ffs/ffs_inode.c:325
ufs_rmdir(ffffff007ecf1398) at ufs_rmdir+0x277 sys/ufs/ufs/ufs_vnops.c:1354
VOP_RMDIR(0,ffffff007682a6c8,8) at VOP_RMDIR+0x6a sys/kern/vfs_vops.c:469
dounlinkat(890,ffff8000210a3c38,0,ffff8000211c3c70) at dounlinkat+0xf5 sys/kern/vfs_syscalls.c:1695
syscall(0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:99 [inline]
syscall(0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:583
Xsyscall(6,89,7f7fffff7970,89,27b19346c80,7f7fffff7dc0) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff7db0, count: -14
ddb{1}> show registers
rdi 0xffffffff81e33dc0 kprintf_mutex
rsi 0x5
rbp 0xffff8000211c3660
rbx 0xffff8000211c3700
rdx 0x3fd
rcx 0
rax 0
r8 0xffff8000211c3630
r9 0x8080808080808080
r10 0xa9accf7c45794ada
r11 0xffffffff81969270 x86_bus_space_io_read_1
r12 0x3000000008
r13 0xffff8000211c3670
r14 0x100
r15 0xffffffff81bf49f1 cmd0646_9_tim_udma+0x1f0c6
rip 0xffffffff81bbd8da db_enter+0xa
cs 0x8
rflags 0x246
rsp 0xffff8000211c3660
ss 0x10
db_enter+0xa: popq %rbp
ddb{1}> show proc
PROC (syz-executor0) pid=502942 stat=onproc
flags process=10<SUGID> proc=0
pri=17, usrpri=83, nice=20
forw=0xffffffffffffffff, list=0xffff8000210a3530,0xffffffff81ebe440
process=0xffff8000210b6668 user=0xffff8000211be000, vmspace=0xffffff007f125a50
estcpu=33, cpticks=2, pctcpu=0.0
user=0, sys=2, intr=0
ddb{1}> ps
PID TID PPID UID S FLAGS WAIT COMMAND
*45848 502942 1 65534 7 0x10 syz-executor0
71718 344209 1 65534 3 0x10 biowait syz-executor1
58190 328145 0 0 3 0x14200 bored sosplice
11082 482399 38771 0 3 0x82 thrsleep syz-fuzzer
11082 523209 38771 0 3 0x4000082 thrsleep syz-fuzzer
11082 33585 38771 0 3 0x4000082 thrsleep syz-fuzzer
11082 248053 38771 0 3 0x4000082 thrsleep syz-fuzzer
11082 325354 38771 0 3 0x4000082 thrsleep syz-fuzzer
11082 471505 38771 0 3 0x4000082 thrsleep syz-fuzzer
11082 61392 38771 0 3 0x4000082 thrsleep syz-fuzzer
11082 125171 38771 0 3 0x4000082 kqread syz-fuzzer
11082 171701 38771 0 3 0x4000082 thrsleep syz-fuzzer
11082 472452 38771 0 3 0x4000082 thrsleep syz-fuzzer
11082 88996 38771 0 3 0x4000082 thrsleep syz-fuzzer
38771 317144 80245 0 3 0x10008a pause ksh
80245 385936 90694 0 3 0x92 select sshd
46195 149187 1 0 3 0x100083 ttyin getty
90694 371452 1 0 3 0x80 select sshd
63493 43227 13882 73 3 0x100010 biowait syslogd
13882 482645 1 0 3 0x100082 netio syslogd
17691 335083 1 77 3 0x100090 poll dhclient
6955 102414 1 0 3 0x80 poll dhclient
23854 281909 0 0 3 0x14200 pgzero zerothread
56830 380909 0 0 3 0x14200 aiodoned aiodoned
56197 323628 0 0 3 0x14200 syncer update
20027 172371 0 0 3 0x14200 cleaner cleaner
27498 205464 0 0 3 0x14200 reaper reaper
19114 213445 0 0 3 0x14200 pgdaemon pagedaemon
14843 162211 0 0 3 0x14200 bored crynlk
92312 66998 0 0 3 0x14200 bored crypto
73438 106103 0 0 3 0x40014200 acpi0 acpi0
59053 198097 0 0 3 0x40014200 idle1
60109 405013 0 0 3 0x14200 bored softnet
11190 389804 0 0 3 0x14200 bored systqmp
41040 161282 0 0 3 0x14200 bored systq
83884 190784 0 0 3 0x40014200 bored softclock
57282 240092 0 0 7 0x40014200 idle0
1 9112 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper