panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/vfs_biomem.c", line 329 Stopped at db_enter+0xa: popq %rbp TID PID UID PRFLAGS PFLAGS CPU COMMAND 381514 2963 65534 0x10 0 1 syz-executor0 * 89922 21981 65534 0x10 0 0K syz-executor1 db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 __assert(ffffffff817b7e64,ffff80002115b2a0,ffffffff81ecdc10,ffffff0072087e00) at __assert+0x24 sys/kern/subr_prf.c:155 buf_free_pages(ffff80001dae7000) at buf_free_pages+0x167 sys/kern/vfs_biomem.c:318 buf_dealloc_mem(ffffff0072087c00) at buf_dealloc_mem+0xb6 sys/kern/vfs_biomem.c:194 buf_put(ffffff0072087e00) at buf_put+0x11f sys/kern/vfs_bio.c:130 brelse(2) at brelse+0x19a sys/kern/vfs_bio.c:921 vinvalbuf(0,ffffff00710b1b48,ffffff00710b1b60,0,ffff80000066f800,11) at vinvalbuf+0x2e2 sys/kern/vfs_subr.c:1934 ffs_truncate(ffffff006afedd60,ffffff00721099a0,ffffff00710b13c8,ffffff00710b1b48) at ffs_truncate+0xc73 sys/ufs/ffs/ffs_inode.c:325 ufs_rmdir(ffffff006afedd60) at ufs_rmdir+0x271 sys/ufs/ufs/ufs_vnops.c:1357 VOP_RMDIR(0,ffffff00721099a0,8) at VOP_RMDIR+0x64 sys/kern/vfs_vops.c:469 dounlinkat(890,ffff8000210a3080,0,ffff80002115b810) at dounlinkat+0xf5 sys/kern/vfs_syscalls.c:1700 syscall(0) at syscall+0x466 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(0) at syscall+0x466 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,89,7f7ffffdfc00,89,3ae6ef31e00,7f7ffffe0050) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe0040, count: 1 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> show panic kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/vfs_biomem.c", line 329 ddb{0}> trace db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 __assert(ffffffff817b7e64,ffff80002115b2a0,ffffffff81ecdc10,ffffff0072087e00) at __assert+0x24 sys/kern/subr_prf.c:155 buf_free_pages(ffff80001dae7000) at buf_free_pages+0x167 sys/kern/vfs_biomem.c:318 buf_dealloc_mem(ffffff0072087c00) at buf_dealloc_mem+0xb6 sys/kern/vfs_biomem.c:194 buf_put(ffffff0072087e00) at buf_put+0x11f sys/kern/vfs_bio.c:130 brelse(2) at brelse+0x19a sys/kern/vfs_bio.c:921 vinvalbuf(0,ffffff00710b1b48,ffffff00710b1b60,0,ffff80000066f800,11) at vinvalbuf+0x2e2 sys/kern/vfs_subr.c:1934 ffs_truncate(ffffff006afedd60,ffffff00721099a0,ffffff00710b13c8,ffffff00710b1b48) at ffs_truncate+0xc73 sys/ufs/ffs/ffs_inode.c:325 ufs_rmdir(ffffff006afedd60) at ufs_rmdir+0x271 sys/ufs/ufs/ufs_vnops.c:1357 VOP_RMDIR(0,ffffff00721099a0,8) at VOP_RMDIR+0x64 sys/kern/vfs_vops.c:469 dounlinkat(890,ffff8000210a3080,0,ffff80002115b810) at dounlinkat+0xf5 sys/kern/vfs_syscalls.c:1700 syscall(0) at syscall+0x466 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(0) at syscall+0x466 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,89,7f7ffffdfc00,89,3ae6ef31e00,7f7ffffe0050) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffe0040, count: -14 ddb{0}> show registers rdi 0xffffffff81e2c0b8 kprintf_mutex rsi 0x5 rbp 0xffff80002115b200 rbx 0xffff80002115b2a0 rdx 0x3fd rcx 0 rax 0 r8 0xffff80002115b1d0 r9 0x8080808080808080 r10 0 r11 0xffffffff81260d40 copy_fault r12 0x3000000008 r13 0xffff80002115b210 r14 0x100 r15 0xffffffff81b8037c cmd0646_9_tim_udma+0x21e20 rip 0xffffffff811921aa db_enter+0xa cs 0x8 rflags 0x246 rsp 0xffff80002115b200 ss 0x10 db_enter+0xa: popq %rbp ddb{0}> show proc PROC (syz-executor1) pid=89922 stat=onproc flags process=10 proc=0 pri=17, usrpri=61, nice=20 forw=0xffffffffffffffff, list=0xffff8000210a2720,0xffff8000210a3c48 process=0xffff8000210b6660 user=0xffff800021156000, vmspace=0xffffff00662ac850 estcpu=11, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 2963 381514 1 65534 7 0x10 syz-executor0 *21981 89922 1 65534 7 0x10 syz-executor1 77026 356486 0 0 3 0x14200 bored sosplice 31193 70159 97328 0 3 0x82 thrsleep syz-fuzzer 31193 468142 97328 0 3 0x4000082 nanosleep syz-fuzzer 31193 209758 97328 0 3 0x4000082 thrsleep syz-fuzzer 31193 114956 97328 0 3 0x4000082 thrsleep syz-fuzzer 31193 92627 97328 0 3 0x4000082 thrsleep syz-fuzzer 31193 321186 97328 0 3 0x4000082 thrsleep syz-fuzzer 31193 462141 97328 0 3 0x4000082 thrsleep syz-fuzzer 31193 191157 97328 0 3 0x4000082 thrsleep syz-fuzzer 31193 451861 97328 0 3 0x4000082 kqread syz-fuzzer 31193 47111 97328 0 3 0x4000082 thrsleep syz-fuzzer 31193 328251 97328 0 3 0x4000082 thrsleep syz-fuzzer 31193 170953 97328 0 3 0x4000082 thrsleep syz-fuzzer 97328 523135 28957 0 3 0x10008a pause ksh 28957 431255 63054 0 3 0x92 select sshd 70775 338129 1 0 3 0x100083 ttyin getty 63054 270 1 0 3 0x80 select sshd 22345 236862 13808 73 3 0x100010 ffs_fsync syslogd 13808 331225 1 0 3 0x100082 netio syslogd 72823 256294 1 77 3 0x100090 poll dhclient 90347 503077 1 0 3 0x80 poll dhclient 59791 162502 0 0 3 0x14200 pgzero zerothread 9157 302461 0 0 3 0x14200 aiodoned aiodoned 57906 186823 0 0 3 0x14200 syncer update 41945 96160 0 0 3 0x14200 cleaner cleaner 85865 410154 0 0 3 0x14200 reaper reaper 15951 382429 0 0 3 0x14200 pgdaemon pagedaemon 89497 386206 0 0 3 0x14200 bored crynlk 11131 95439 0 0 3 0x14200 bored crypto 29408 311624 0 0 3 0x40014200 acpi0 acpi0 10819 349910 0 0 3 0x40014200 idle1 22592 73782 0 0 3 0x14200 bored softnet 75519 113706 0 0 3 0x14200 bored systqmp 85342 159430 0 0 3 0x14200 bored systq 24975 83561 0 0 3 0x40014200 bored softclock 54184 43284 0 0 3 0x40014200 idle0 1 318075 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper