panic: kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/vfs_biomem.c", line 329 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 153738 2033 32767 0x10 0 0 syz-executor0 * 81232 92106 32767 0x10 0 1K syz-executor1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 __assert(ffffffff811f9774,ffff800021144cf0,ffffffff81f8c970,ffffff0077d6a300) at __assert+0x24 sys/kern/subr_prf.c:155 buf_free_pages(cc620b67ad98c312) at buf_free_pages+0x18c sys/kern/vfs_biomem.c:318 buf_dealloc_mem(6a71ae9708d7089c) at buf_dealloc_mem+0xc2 sys/kern/vfs_biomem.c:194 buf_put(be17a529b5fddde4) at buf_put+0x12d sys/kern/vfs_bio.c:130 brelse(2) at brelse+0x19f sys/kern/vfs_bio.c:921 vinvalbuf(44da6e58cba1deae,0,ffffff0077def0f8,ffffff0077def110,0,ffff80000066f800) at vinvalbuf+0x2f2 sys/kern/vfs_subr.c:1934 ffs_truncate(2f7dcf4b49cadb90,ffffff00694954f0,ffffff0077eafc40,ffffff0077def3c8) at ffs_truncate+0xcb3 sys/ufs/ffs/ffs_inode.c:325 ufs_rmdir(42cbab9f9581897) at ufs_rmdir+0x290 sys/ufs/ufs/ufs_vnops.c:1357 VOP_RMDIR(c2ff1a55662c9015,0,ffffff0077eafc40) at VOP_RMDIR+0x77 sys/kern/vfs_vops.c:469 dounlinkat(c2ff1a5566f2d021,890,ffff80002108a018,0) at dounlinkat+0x102 sys/kern/vfs_syscalls.c:1700 syscall(a88062a7e17124d3) at syscall+0x496 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(a88062a7e17124d3) at syscall+0x496 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,89,7f7fffff7ff0,89,82249172580,7f7fffff8440) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffff8430, count: 1 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> show panic kernel diagnostic assertion "pg->wire_count == 1" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/vfs_biomem.c", line 329 ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:399 panic() at panic+0x147 sys/kern/subr_prf.c:208 __assert(ffffffff811f9774,ffff800021144cf0,ffffffff81f8c970,ffffff0077d6a300) at __assert+0x24 sys/kern/subr_prf.c:155 buf_free_pages(cc620b67ad98c312) at buf_free_pages+0x18c sys/kern/vfs_biomem.c:318 buf_dealloc_mem(6a71ae9708d7089c) at buf_dealloc_mem+0xc2 sys/kern/vfs_biomem.c:194 buf_put(be17a529b5fddde4) at buf_put+0x12d sys/kern/vfs_bio.c:130 brelse(2) at brelse+0x19f sys/kern/vfs_bio.c:921 vinvalbuf(44da6e58cba1deae,0,ffffff0077def0f8,ffffff0077def110,0,ffff80000066f800) at vinvalbuf+0x2f2 sys/kern/vfs_subr.c:1934 ffs_truncate(2f7dcf4b49cadb90,ffffff00694954f0,ffffff0077eafc40,ffffff0077def3c8) at ffs_truncate+0xcb3 sys/ufs/ffs/ffs_inode.c:325 ufs_rmdir(42cbab9f9581897) at ufs_rmdir+0x290 sys/ufs/ufs/ufs_vnops.c:1357 VOP_RMDIR(c2ff1a55662c9015,0,ffffff0077eafc40) at VOP_RMDIR+0x77 sys/kern/vfs_vops.c:469 dounlinkat(c2ff1a5566f2d021,890,ffff80002108a018,0) at dounlinkat+0x102 sys/kern/vfs_syscalls.c:1700 syscall(a88062a7e17124d3) at syscall+0x496 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(a88062a7e17124d3) at syscall+0x496 sys/arch/amd64/amd64/trap.c:583 Xsyscall(6,89,7f7fffff7ff0,89,82249172580,7f7fffff8440) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffff8430, count: -14 ddb{1}> show registers rdi 0xffffffff81f00128 kprintf_mutex rsi 0x5 rbp 0xffff800021144c50 rbx 0xffff800021144cf0 rdx 0x3fd rcx 0 rax 0 r8 0xffff800021144c20 r9 0x8080808080808080 r10 0x19f498f12d61ee64 r11 0x32386d9877a30502 r12 0x3000000008 r13 0xffff800021144c60 r14 0x100 r15 0xffffffff81c902e2 cmd0646_9_tim_udma+0x1b590 rip 0xffffffff81150e08 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800021144c40 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor1) pid=81232 stat=onproc flags process=10 proc=0 pri=17, usrpri=56, nice=20 forw=0xffffffffffffffff, list=0xffff80002108b2d8,0xffff80002108a4d8 process=0xffff80002109b710 user=0xffff800021140000, vmspace=0xffffff007f123d68 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 2033 153738 39516 32767 7 0x10 syz-executor0 2033 221977 39516 32767 3 0x4000090 fsleep syz-executor0 *92106 81232 1 32767 7 0x10 syz-executor1 39516 404491 1 32767 3 0x90 nanosleep syz-executor0 84782 382735 0 0 3 0x14200 bored sosplice 44316 239093 93697 0 3 0x82 thrsleep syz-fuzzer 44316 464596 93697 0 3 0x4000082 thrsleep syz-fuzzer 44316 240371 93697 0 3 0x4000082 thrsleep syz-fuzzer 44316 356161 93697 0 3 0x4000082 thrsleep syz-fuzzer 44316 319627 93697 0 3 0x4000082 thrsleep syz-fuzzer 44316 359707 93697 0 3 0x4000082 thrsleep syz-fuzzer 44316 104450 93697 0 3 0x4000082 thrsleep syz-fuzzer 44316 183249 93697 0 3 0x4000082 thrsleep syz-fuzzer 44316 340805 93697 0 3 0x4000082 kqread syz-fuzzer 44316 316197 93697 0 3 0x4000082 thrsleep syz-fuzzer 93697 449967 58302 0 3 0x10008a pause ksh 58302 129910 88411 0 3 0x92 select sshd 47836 378487 1 0 3 0x100083 ttyin getty 88411 508395 1 0 3 0x80 select sshd 7412 260121 98814 73 2 0x100010 syslogd 98814 103040 1 0 3 0x100082 netio syslogd 19060 196182 1 77 3 0x100090 poll dhclient 83915 405846 1 0 3 0x80 poll dhclient 86490 327035 0 0 2 0x14200 zerothread 75996 140340 0 0 3 0x14200 aiodoned aiodoned 8275 333850 0 0 3 0x14200 syncer update 72115 96045 0 0 3 0x14200 cleaner cleaner 464 395703 0 0 3 0x14200 reaper reaper 3189 158013 0 0 3 0x14200 pgdaemon pagedaemon 57659 403549 0 0 3 0x14200 bored crynlk 80876 332335 0 0 3 0x14200 bored crypto 27206 283228 0 0 3 0x40014200 acpi0 acpi0 60514 162440 0 0 3 0x40014200 idle1 83206 263909 0 0 3 0x14200 bored softnet 99021 15629 0 0 3 0x14200 bored systqmp 70282 314677 0 0 3 0x14200 bored systq 35745 54074 0 0 3 0x40014200 bored softclock 20526 304390 0 0 3 0x40014200 idle0 1 475492 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper