panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/vfs_biomem.c", line 329 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *387681 80801 32767 0x10 0 1K syz-executor1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 __assert(ffffffff812dbf84,ffff800021141190,ffffffff81f9d9b0,ffffff007705d200) at __assert+0x24 sys/kern/subr_prf.c:155 buf_free_pages(bbad57e478e2e49a) at buf_free_pages+0x18c sys/kern/vfs_biomem.c:318 buf_dealloc_mem(64a599b8e6b6159) at buf_dealloc_mem+0xc2 sys/kern/vfs_biomem.c:194 buf_put(1ca2c06818316c76) at buf_put+0x12d sys/kern/vfs_bio.c:130 brelse(2) at brelse+0x19f sys/kern/vfs_bio.c:921 vinvalbuf(427389d67ac77ff3,0,ffffff00754e0010,ffffff00754e0028,0,ffff80000066f800) at vinvalbuf+0x2f2 sys/kern/vfs_subr.c:1934 ffs_truncate(b843d233f8550fa8,ffffff00677a29d8,ffffff0068fbe600,ffffff00754e0100) at ffs_truncate+0xcb3 sys/ufs/ffs/ffs_inode.c:325 ufs_rmdir(fa6bf280efda2f69) at ufs_rmdir+0x290 sys/ufs/ufs/ufs_vnops.c:1357 VOP_RMDIR(b72dae2e768a9b7,0,ffffff0068fbe600) at VOP_RMDIR+0x77 sys/kern/vfs_vops.c:469 dounlinkat(a60e56308260b420,890,ffff80002108a018,0) at dounlinkat+0x102 sys/kern/vfs_syscalls.c:1700 syscall(83151b39a328523b) at syscall+0x496 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(83151b39a328523b) at syscall+0x496 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,89,7f7ffffc6ef0,89,1a882285c40,7f7ffffc7340) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc7330, count: 1 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/vfs_biomem.c", line 329 ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 __assert(ffffffff812dbf84,ffff800021141190,ffffffff81f9d9b0,ffffff007705d200) at __assert+0x24 sys/kern/subr_prf.c:155 buf_free_pages(bbad57e478e2e49a) at buf_free_pages+0x18c sys/kern/vfs_biomem.c:318 buf_dealloc_mem(64a599b8e6b6159) at buf_dealloc_mem+0xc2 sys/kern/vfs_biomem.c:194 buf_put(1ca2c06818316c76) at buf_put+0x12d sys/kern/vfs_bio.c:130 brelse(2) at brelse+0x19f sys/kern/vfs_bio.c:921 vinvalbuf(427389d67ac77ff3,0,ffffff00754e0010,ffffff00754e0028,0,ffff80000066f800) at vinvalbuf+0x2f2 sys/kern/vfs_subr.c:1934 ffs_truncate(b843d233f8550fa8,ffffff00677a29d8,ffffff0068fbe600,ffffff00754e0100) at ffs_truncate+0xcb3 sys/ufs/ffs/ffs_inode.c:325 ufs_rmdir(fa6bf280efda2f69) at ufs_rmdir+0x290 sys/ufs/ufs/ufs_vnops.c:1357 VOP_RMDIR(b72dae2e768a9b7,0,ffffff0068fbe600) at VOP_RMDIR+0x77 sys/kern/vfs_vops.c:469 dounlinkat(a60e56308260b420,890,ffff80002108a018,0) at dounlinkat+0x102 sys/kern/vfs_syscalls.c:1700 syscall(83151b39a328523b) at syscall+0x496 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(83151b39a328523b) at syscall+0x496 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,89,7f7ffffc6ef0,89,1a882285c40,7f7ffffc7340) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffc7330, count: -14 ddb{1}> show registers rdi 0xffffffff81eee870 kprintf_mutex rsi 0x5 rbp 0xffff8000211410f0 rbx 0xffff800021141190 rdx 0x3fd rcx 0 rax 0 r8 0xffff8000211410c0 r9 0x8080808080808080 r10 0x4f0d35c9f08f2efc r11 0x5e3233c8930932c9 r12 0x3000000008 r13 0xffff800021141100 r14 0x100 r15 0xffffffff81c8f899 cmd0646_9_tim_udma+0x1da08 rip 0xffffffff8158b248 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000211410e0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor1) pid=387681 stat=onproc flags process=10 proc=0 pri=17, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff80002108a720,0xffffffff81faa2e0 process=0xffff800021064d30 user=0xffff80002113c000, vmspace=0xffffff00659c5638 estcpu=30, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND *80801 387681 85885 32767 7 0x10 syz-executor1 85885 194791 24186 0 3 0x82 wait syz-executor1 89166 265267 1 32767 3 0x10 biowait syz-executor0 17623 397610 0 0 3 0x14200 bored sosplice 24186 53599 21001 0 3 0x82 thrsleep syz-fuzzer 24186 141800 21001 0 3 0x4000082 thrsleep syz-fuzzer 24186 298741 21001 0 3 0x4000082 thrsleep syz-fuzzer 24186 151875 21001 0 3 0x4000082 thrsleep syz-fuzzer 24186 73937 21001 0 3 0x4000082 thrsleep syz-fuzzer 24186 439970 21001 0 3 0x4000082 thrsleep syz-fuzzer 24186 390254 21001 0 3 0x4000082 thrsleep syz-fuzzer 24186 198757 21001 0 3 0x4000082 kqread syz-fuzzer 24186 148216 21001 0 3 0x4000082 thrsleep syz-fuzzer 24186 137661 21001 0 3 0x4000082 thrsleep syz-fuzzer 21001 490562 15143 0 3 0x10008a pause ksh 15143 224196 98177 0 3 0x92 select sshd 51823 131719 1 0 3 0x100083 ttyin getty 98177 351697 1 0 3 0x80 select sshd 25330 227006 92255 73 3 0x100010 ffs_fsync syslogd 92255 177659 1 0 3 0x100082 netio syslogd 16008 266112 1 77 3 0x100090 poll dhclient 8237 205147 1 0 3 0x80 poll dhclient 83465 454239 0 0 3 0x14200 pgzero zerothread 62957 208949 0 0 3 0x14200 aiodoned aiodoned 97879 22982 0 0 3 0x14200 syncer update 96742 58202 0 0 3 0x14200 cleaner cleaner 40550 473751 0 0 3 0x14200 reaper reaper 11619 459188 0 0 3 0x14200 pgdaemon pagedaemon 28979 84751 0 0 3 0x14200 bored crynlk 59079 322181 0 0 3 0x14200 bored crypto 42458 254090 0 0 3 0x40014200 acpi0 acpi0 62609 240505 0 0 3 0x40014200 idle1 28242 203799 0 0 3 0x14200 bored softnet 65827 53682 0 0 3 0x14200 bored systqmp 38956 464235 0 0 3 0x14200 bored systq 2035 398643 0 0 3 0x40014200 bored softclock 77165 377504 0 0 7 0x40014200 idle0 1 49380 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper