panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/vfs_biomem.c", line 329
Stopped at      db_enter+0xa:   popq    %rbp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
*510546  66097  65534        0x10          0    1K syz-executor0
db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x147 sys/kern/subr_prf.c:208
__assert(ffffffff81791f54,ffff8000211692a0,ffffffff81ecbca0,ffffff00798e0700) at __assert+0x24 sys/kern/subr_prf.c:155
buf_free_pages(ffff800020c17000) at buf_free_pages+0x167 sys/kern/vfs_biomem.c:318
buf_dealloc_mem(ffffff00798e0200) at buf_dealloc_mem+0xb6 sys/kern/vfs_biomem.c:194
buf_put(ffffff00798e0700) at buf_put+0x11f sys/kern/vfs_bio.c:130
brelse(2) at brelse+0x19f sys/kern/vfs_bio.c:921
vinvalbuf(0,ffffff0069c196a0,ffffff0069c196b8,0,ffff80000066f800,11) at vinvalbuf+0x2e2 sys/kern/vfs_subr.c:1934
ffs_truncate(ffffff0065fc3098,ffffff0075825ae0,ffffff006f56b780,ffffff0069c196a0) at ffs_truncate+0xc93 sys/ufs/ffs/ffs_inode.c:325
ufs_rmdir(ffffff0065fc3098) at ufs_rmdir+0x277 sys/ufs/ufs/ufs_vnops.c:1357
VOP_RMDIR(0,ffffff0075825ae0,8) at VOP_RMDIR+0x6a sys/kern/vfs_vops.c:469
dounlinkat(890,ffff8000210a2978,0,ffff800021169810) at dounlinkat+0xf5 sys/kern/vfs_syscalls.c:1694
syscall(0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:99 [inline]
syscall(0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:583
Xsyscall(6,89,7f7ffffdf200,89,259d1a66240,7f7ffffdf650) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffdf640, count: 1
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{1}> 
ddb{1}> set $lines = 0
ddb{1}> show panic
kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/vfs_biomem.c", line 329
ddb{1}> trace
db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x147 sys/kern/subr_prf.c:208
__assert(ffffffff81791f54,ffff8000211692a0,ffffffff81ecbca0,ffffff00798e0700) at __assert+0x24 sys/kern/subr_prf.c:155
buf_free_pages(ffff800020c17000) at buf_free_pages+0x167 sys/kern/vfs_biomem.c:318
buf_dealloc_mem(ffffff00798e0200) at buf_dealloc_mem+0xb6 sys/kern/vfs_biomem.c:194
buf_put(ffffff00798e0700) at buf_put+0x11f sys/kern/vfs_bio.c:130
brelse(2) at brelse+0x19f sys/kern/vfs_bio.c:921
vinvalbuf(0,ffffff0069c196a0,ffffff0069c196b8,0,ffff80000066f800,11) at vinvalbuf+0x2e2 sys/kern/vfs_subr.c:1934
ffs_truncate(ffffff0065fc3098,ffffff0075825ae0,ffffff006f56b780,ffffff0069c196a0) at ffs_truncate+0xc93 sys/ufs/ffs/ffs_inode.c:325
ufs_rmdir(ffffff0065fc3098) at ufs_rmdir+0x277 sys/ufs/ufs/ufs_vnops.c:1357
VOP_RMDIR(0,ffffff0075825ae0,8) at VOP_RMDIR+0x6a sys/kern/vfs_vops.c:469
dounlinkat(890,ffff8000210a2978,0,ffff800021169810) at dounlinkat+0xf5 sys/kern/vfs_syscalls.c:1694
syscall(0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:99 [inline]
syscall(0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:583
Xsyscall(6,89,7f7ffffdf200,89,259d1a66240,7f7ffffdf650) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffdf640, count: -14
ddb{1}> show registers
rdi               0xffffffff81e3c100    kprintf_mutex
rsi                              0x5
rbp               0xffff800021169200
rbx               0xffff8000211692a0
rdx                            0x3fd
rcx                                0
rax                                0
r8                0xffff8000211691d0
r9                0x8080808080808080
r10               0xc457f0b0759f65a6
r11               0xffffffff810f4fa0    x86_bus_space_io_read_1
r12                     0x3000000008
r13               0xffff800021169210
r14                            0x100
r15               0xffffffff81bf7167    cmd0646_9_tim_udma+0x1fe4a
rip               0xffffffff81511eaa    db_enter+0xa
cs                               0x8
rflags                         0x246
rsp               0xffff800021169200
ss                              0x10
db_enter+0xa:   popq    %rbp
ddb{1}> show proc
PROC (syz-executor0) pid=510546 stat=onproc
    flags process=10<SUGID> proc=0
    pri=17, usrpri=50, nice=20
    forw=0xffffffffffffffff, list=0xffff8000210a2018,0xffffffff81eb2248
    process=0xffff800021070fd0 user=0xffff800021164000, vmspace=0xffffff00657ca110
    estcpu=30, cpticks=1, pctcpu=0.0
    user=0, sys=1, intr=0
ddb{1}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
*66097  510546      1  65534  7        0x10                syz-executor0
 72223  497781      1  65534  3        0x10  biowait       syz-executor1
 85233  305003      0      0  3     0x14200  bored         sosplice
    59  134677  37545      0  3        0x82  thrsleep      syz-fuzzer
    59  308673  37545      0  3   0x4000082  thrsleep      syz-fuzzer
    59  423152  37545      0  3   0x4000082  thrsleep      syz-fuzzer
    59   92097  37545      0  3   0x4000082  thrsleep      syz-fuzzer
    59  446041  37545      0  3   0x4000082  thrsleep      syz-fuzzer
    59  198366  37545      0  3   0x4000082  thrsleep      syz-fuzzer
    59   18442  37545      0  3   0x4000082  thrsleep      syz-fuzzer
    59  300913  37545      0  3   0x4000082  thrsleep      syz-fuzzer
    59  461082  37545      0  3   0x4000082  thrsleep      syz-fuzzer
    59  212055  37545      0  3   0x4000082  kqread        syz-fuzzer
 37545   23025  11165      0  3    0x10008a  pause         ksh
 11165   61233  57508      0  3        0x92  select        sshd
 67723  405039      1      0  3    0x100083  ttyin         getty
 57508  254284      1      0  3        0x80  select        sshd
  9312  511077  21537     73  3    0x100010  ffs_fsync     syslogd
 21537  409310      1      0  3    0x100082  netio         syslogd
 78499  315962      1     77  3    0x100090  poll          dhclient
 19058  381155      1      0  3        0x80  poll          dhclient
  5830   35817      0      0  3     0x14200  pgzero        zerothread
 42443  109806      0      0  3     0x14200  aiodoned      aiodoned
 45384  515116      0      0  3     0x14200  syncer        update
 50855  362326      0      0  3     0x14200  cleaner       cleaner
 74129  495561      0      0  3     0x14200  reaper        reaper
 93268   42054      0      0  3     0x14200  pgdaemon      pagedaemon
 59516  273676      0      0  3     0x14200  bored         crynlk
  9919   12584      0      0  3     0x14200  bored         crypto
 21560  225375      0      0  3  0x40014200  acpi0         acpi0
 81279  306352      0      0  3  0x40014200                idle1
 36072  384156      0      0  3     0x14200  bored         softnet
 60760  154284      0      0  3     0x14200  bored         systqmp
 57229  393513      0      0  3     0x14200  bored         systq
 48128   36326      0      0  3  0x40014200  bored         softclock
 58400  474042      0      0  7  0x40014200                idle0
     1  178984      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper