panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/vfs_biomem.c", line 329 Stopped at db_enter+0xa: popq %rbp TID PID UID PRFLAGS PFLAGS CPU COMMAND *400665 61826 65534 0x10 0 1K syz-executor1 db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 __assert(ffffffff813e52b4,ffff80002118b670,ffffffff81ee05d8,ffffff0068381200) at __assert+0x24 sys/kern/subr_prf.c:155 buf_free_pages(ffff800020a97000) at buf_free_pages+0x167 sys/kern/vfs_biomem.c:318 buf_dealloc_mem(ffffff0068381100) at buf_dealloc_mem+0xb6 sys/kern/vfs_biomem.c:194 buf_put(ffffff0068381200) at buf_put+0x11f sys/kern/vfs_bio.c:130 brelse(2) at brelse+0x19f sys/kern/vfs_bio.c:921 vinvalbuf(0,ffffff007a8db2d8,ffffff007a8db2f0,0,ffff80000066f800,11) at vinvalbuf+0x2e2 sys/kern/vfs_subr.c:1925 ffs_truncate(ffffff006815ca08,ffffff007a9860d0,ffffff006a289a50,ffffff007a8db2d8) at ffs_truncate+0xc93 sys/ufs/ffs/ffs_inode.c:325 ufs_rmdir(ffffff006815ca08) at ufs_rmdir+0x277 sys/ufs/ufs/ufs_vnops.c:1354 VOP_RMDIR(0,ffffff007a9860d0,8) at VOP_RMDIR+0x6a sys/kern/vfs_vops.c:469 dounlinkat(890,ffff8000210a3788,0,ffff80002118bbe0) at dounlinkat+0xf5 sys/kern/vfs_syscalls.c:1695 syscall(0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,89,7f7ffffcaf00,89,cb8bb132080,7f7ffffcb350) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffcb340, count: 1 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/vfs_biomem.c", line 329 ddb{1}> trace db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 __assert(ffffffff813e52b4,ffff80002118b670,ffffffff81ee05d8,ffffff0068381200) at __assert+0x24 sys/kern/subr_prf.c:155 buf_free_pages(ffff800020a97000) at buf_free_pages+0x167 sys/kern/vfs_biomem.c:318 buf_dealloc_mem(ffffff0068381100) at buf_dealloc_mem+0xb6 sys/kern/vfs_biomem.c:194 buf_put(ffffff0068381200) at buf_put+0x11f sys/kern/vfs_bio.c:130 brelse(2) at brelse+0x19f sys/kern/vfs_bio.c:921 vinvalbuf(0,ffffff007a8db2d8,ffffff007a8db2f0,0,ffff80000066f800,11) at vinvalbuf+0x2e2 sys/kern/vfs_subr.c:1925 ffs_truncate(ffffff006815ca08,ffffff007a9860d0,ffffff006a289a50,ffffff007a8db2d8) at ffs_truncate+0xc93 sys/ufs/ffs/ffs_inode.c:325 ufs_rmdir(ffffff006815ca08) at ufs_rmdir+0x277 sys/ufs/ufs/ufs_vnops.c:1354 VOP_RMDIR(0,ffffff007a9860d0,8) at VOP_RMDIR+0x6a sys/kern/vfs_vops.c:469 dounlinkat(890,ffff8000210a3788,0,ffff80002118bbe0) at dounlinkat+0xf5 sys/kern/vfs_syscalls.c:1695 syscall(0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,89,7f7ffffcaf00,89,cb8bb132080,7f7ffffcb350) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffcb340, count: -14 ddb{1}> show registers rdi 0xffffffff81e291a8 kprintf_mutex rsi 0x5 rbp 0xffff80002118b5d0 rbx 0xffff80002118b670 rdx 0x3fd rcx 0 rax 0 r8 0xffff80002118b5a0 r9 0x8080808080808080 r10 0xd96e072616acd64e r11 0xffffffff813a7780 x86_bus_space_io_read_1 r12 0x3000000008 r13 0xffff80002118b5e0 r14 0x100 r15 0xffffffff81bf3c19 cmd0646_9_tim_udma+0x20790 rip 0xffffffff81a8b5ca db_enter+0xa cs 0x8 rflags 0x246 rsp 0xffff80002118b5d0 ss 0x10 db_enter+0xa: popq %rbp ddb{1}> show proc PROC (syz-executor1) pid=400665 stat=onproc flags process=10 proc=0 pri=17, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000210a2978,0xffffffff81edc2c0 process=0xffff8000210b7c80 user=0xffff800021186000, vmspace=0xffffff007f125738 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND *61826 400665 1 65534 7 0x10 syz-executor1 86660 408216 1 65534 3 0x10 biowait syz-executor0 63253 9342 0 0 3 0x14200 bored sosplice 236 114025 34901 0 3 0x82 thrsleep syz-fuzzer 236 49873 34901 0 3 0x4000082 thrsleep syz-fuzzer 236 155923 34901 0 3 0x4000082 thrsleep syz-fuzzer 236 517270 34901 0 3 0x4000082 thrsleep syz-fuzzer 236 213068 34901 0 3 0x4000082 thrsleep syz-fuzzer 236 328995 34901 0 3 0x4000082 thrsleep syz-fuzzer 236 388526 34901 0 3 0x4000082 thrsleep syz-fuzzer 236 477948 34901 0 3 0x4000082 thrsleep syz-fuzzer 236 453652 34901 0 3 0x4000082 kqread syz-fuzzer 236 101530 34901 0 3 0x4000082 thrsleep syz-fuzzer 34901 273595 64629 0 3 0x10008a pause ksh 64629 118960 97309 0 3 0x92 select sshd 46319 313549 1 0 3 0x100083 ttyin getty 97309 224281 1 0 3 0x80 select sshd 32807 17625 13828 73 3 0x100010 ffs_fsync syslogd 13828 379658 1 0 3 0x100082 netio syslogd 7541 437434 1 77 3 0x100090 poll dhclient 76993 343249 1 0 3 0x80 poll dhclient 86093 418653 0 0 3 0x14200 pgzero zerothread 85911 208652 0 0 3 0x14200 aiodoned aiodoned 30437 514306 0 0 3 0x14200 syncer update 42024 180596 0 0 3 0x14200 cleaner cleaner 9782 333839 0 0 3 0x14200 reaper reaper 57405 176098 0 0 3 0x14200 pgdaemon pagedaemon 66014 448084 0 0 3 0x14200 bored crynlk 14680 419461 0 0 3 0x14200 bored crypto 10324 92402 0 0 3 0x40014200 acpi0 acpi0 87416 161894 0 0 3 0x40014200 idle1 59281 251091 0 0 3 0x14200 bored softnet 6416 340926 0 0 3 0x14200 bored systqmp 59992 185646 0 0 3 0x14200 bored systq 57536 436857 0 0 3 0x40014200 bored softclock 60433 441224 0 0 7 0x40014200 idle0 1 305146 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper