panic: vrele: v_writecount != 0 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *303675 11116 0 0 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 vrele(fffffd80385ccde8) at vrele+0x188 sys/kern/vfs_subr.c:797 diskmapioctl(5a00,c0106477,ffff8000159d6300,1,ffff8000ffff2ee8) at diskmapioctl+0x2a8 sys/dev/diskmap.c:140 VOP_IOCTL(fffffd803740d710,c0106477,ffff8000159d6300,1,fffffd803f7c6a80,ffff8000ffff2ee8) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 vn_ioctl(fffffd802f85ff10,c0106477,ffff8000159d6300,ffff8000ffff2ee8) at vn_ioctl+0xb6 sys/kern/vfs_vnops.c:519 sys_ioctl(ffff8000ffff2ee8,ffff8000159d6418,ffff8000159d6480) at sys_ioctl+0x5b8 syscall(ffff8000159d64e0) at syscall+0x508 Xsyscall(6,0,ffffffffffffff1f,0,3,c7418dce010) at Xsyscall+0x128 end of kernel end trace frame: 0xc764be27770, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic vrele: v_writecount != 0 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 vrele(fffffd80385ccde8) at vrele+0x188 sys/kern/vfs_subr.c:797 diskmapioctl(5a00,c0106477,ffff8000159d6300,1,ffff8000ffff2ee8) at diskmapioctl+0x2a8 sys/dev/diskmap.c:140 VOP_IOCTL(fffffd803740d710,c0106477,ffff8000159d6300,1,fffffd803f7c6a80,ffff8000ffff2ee8) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 vn_ioctl(fffffd802f85ff10,c0106477,ffff8000159d6300,ffff8000ffff2ee8) at vn_ioctl+0xb6 sys/kern/vfs_vnops.c:519 sys_ioctl(ffff8000ffff2ee8,ffff8000159d6418,ffff8000159d6480) at sys_ioctl+0x5b8 syscall(ffff8000159d64e0) at syscall+0x508 Xsyscall(6,0,ffffffffffffff1f,0,3,c7418dce010) at Xsyscall+0x128 end of kernel end trace frame: 0xc764be27770, count: -9 ddb> show registers rdi 0xffffffff81126a97 db_enter+0x17 rsi 0x78c1 __ALIGN_SIZE+0x68c1 rbp 0xffff8000159d5ec0 rbx 0xffff8000159d5f70 rdx 0x78c2 __ALIGN_SIZE+0x68c2 rcx 0xffff800016bed000 rax 0xffff800016bed000 r8 0xffff8000159d5e80 r9 0x1 r10 0xffff800000997cc0 r11 0x309f0f4244c76523 r12 0x3000000008 r13 0xffff8000159d5ed0 r14 0x100 r15 0x1 rip 0xffffffff81126a98 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000159d5eb0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) pid=303675 stat=onproc flags process=0 proc=4000000 pri=24, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff29f8,0xffff8000ffff38d8 process=0xffff8000ffff6370 user=0xffff8000159d1000, vmspace=0xfffffd803f014ee0 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 50085 406481 31721 0 2 0 syz-executor.1 50085 337967 31721 0 3 0x4000080 fsleep syz-executor.1 11116 479834 61769 0 2 0 syz-executor.0 *11116 303675 61769 0 7 0x4000000 syz-executor.0 11116 126867 61769 0 2 0x4000000 syz-executor.0 71524 63138 1 0 3 0x100083 ttyin getty 32358 350295 0 0 3 0x14200 bored sosplice 61769 414319 38951 0 2 0x482 syz-executor.0 31721 405245 38951 0 2 0x482 syz-executor.1 38951 106930 9919 0 3 0x82 thrsleep syz-fuzzer 38951 93204 9919 0 2 0x4000482 syz-fuzzer 38951 491788 9919 0 3 0x4000082 thrsleep syz-fuzzer 38951 486457 9919 0 3 0x4000082 thrsleep syz-fuzzer 38951 145121 9919 0 3 0x4000082 kqread syz-fuzzer 38951 524161 9919 0 3 0x4000082 thrsleep syz-fuzzer 38951 508589 9919 0 3 0x4000082 thrsleep syz-fuzzer 9919 449877 77818 0 3 0x10008a pause ksh 77818 179782 98823 0 3 0x92 select sshd 98823 176627 1 0 3 0x80 select sshd 40123 319270 75454 73 2 0x100090 syslogd 75454 245080 1 0 3 0x100082 netio syslogd 16869 355801 1 77 3 0x100090 poll dhclient 77952 225985 1 0 3 0x80 poll dhclient 65058 273900 0 0 2 0x14200 zerothread 83425 420943 0 0 3 0x14200 aiodoned aiodoned 40098 202392 0 0 3 0x14200 syncer update 21666 22083 0 0 3 0x14200 cleaner cleaner 25860 185625 0 0 3 0x14200 reaper reaper 90472 417868 0 0 3 0x14200 pgdaemon pagedaemon 38342 62983 0 0 3 0x14200 bored crynlk 62266 350406 0 0 3 0x14200 bored crypto 65001 124741 0 0 3 0x40014200 acpi0 acpi0 39166 298294 0 0 3 0x14200 bored softnet 42230 147951 0 0 3 0x14200 bored systqmp 2085 355556 0 0 3 0x14200 bored systq 39763 165132 0 0 2 0x40014200 softclock 3570 123024 0 0 3 0x40014200 idle0 39509 11908 0 0 3 0x14200 bored smr 1 318964 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9527 6370K 7105K 78643K 17293 0 0 pcb 13 8K 8K 78643K 204 0 0 rtable 117 4K 5K 78643K 620 0 0 ifaddr 60 13K 14K 78643K 251 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 153 0 0 iov 0 0K 24K 78643K 342 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1214 76K 77K 78643K 3517 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 41 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 0K 0K 78643K 288 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 6 17K 25K 78643K 2537 0 0 sigio 1 0K 0K 78643K 50 0 0 proc 42 30K 54K 78643K 595 0 0 subproc 32 2K 2K 78643K 34 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 212 0 0 in_multi 33 2K 2K 78643K 97 0 0 ether_multi 1 0K 0K 78643K 8 0 0 mrt 0 0K 0K 78643K 17 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 102 450K 450K 78643K 102 0 0 exec 0 0K 1K 78643K 422 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 85 20K 25K 78643K 6767 0 0 UVM aobj 113 3K 3K 78643K 133 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 84 0 0 NDP 13 0K 0K 78643K 67 0 0 temp 178 2727K 2799K 78643K 10772 0 0 kqueue 0 0K 0K 78643K 21 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 7 0 0 1 0 1 1 0 8 0 rtpcb 80 142 0 140 1 0 1 1 0 8 0 rtentry 112 54 0 9 2 0 2 2 0 8 0 unpcb 120 865 0 855 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 1136 0 1136 1 1 0 1 0 8 0 tcpcb 544 351 0 347 1 0 1 1 0 8 0 inpcb 280 1057 0 1048 5 4 1 2 0 8 0 nd6 48 6 0 0 1 0 1 1 0 8 0 pkpcb 40 20 0 20 4 4 0 1 0 8 0 ppxss 1128 45 0 45 6 5 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 190 0 0 12 0 12 12 0 8 0 art_table 32 191 0 0 2 0 2 2 0 8 0 art_node 16 45 0 4 1 0 1 1 0 8 0 sysvmsgpl 40 18 0 9 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 286 0 276 1 0 1 1 0 8 0 shmpl 112 131 0 20 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 5482 0 4073 46 0 46 46 0 8 0 ffsino 240 5482 0 4073 84 0 84 84 0 8 0 nchpl 144 9217 0 7584 62 1 61 62 0 8 0 uvmvnodes 72 6803 0 0 124 0 124 124 0 8 0 vnodes 200 6803 0 0 359 0 359 359 0 8 0 namei 1024 28331 0 28331 1 0 1 1 0 8 1 scsiplug 64 4 0 4 3 3 0 1 0 8 0 scxspl 192 29255 0 29255 19 18 1 6 0 8 1 plimitpl 152 253 0 246 1 0 1 1 0 8 0 sigapl 432 2711 0 2697 2 0 2 2 0 8 0 futexpl 56 41583 0 41582 1 0 1 1 0 8 0 knotepl 112 523 0 504 1 0 1 1 0 8 0 kqueuepl 104 593 0 591 1 0 1 1 0 8 0 pipepl 112 1596 0 1577 2 1 1 2 0 8 0 fdescpl 424 2712 0 2697 2 0 2 2 0 8 0 filepl 120 16285 0 16188 5 1 4 5 0 8 1 lockfpl 104 945 0 945 3 2 1 1 0 8 1 lockfspl 48 327 0 327 3 2 1 1 0 8 1 sessionpl 112 20 0 10 1 0 1 1 0 8 0 pgrppl 48 50 0 40 1 0 1 1 0 8 0 ucredpl 96 3271 0 3264 1 0 1 1 0 8 0 zombiepl 144 2697 0 2697 1 0 1 1 0 8 1 processpl 864 2727 0 2697 4 0 4 4 0 8 0 procpl 632 5965 0 5926 4 0 4 4 0 8 0 sosppl 128 43 0 43 9 8 1 1 0 8 1 sockpl 384 2111 0 2092 4 1 3 4 0 8 1 mcl64k 65536 1606 0 1606 130 129 1 65 0 8 1 mcl16k 16384 5 0 5 4 4 0 1 0 8 0 mcl12k 12288 56 0 56 6 5 1 1 0 8 1 mcl9k 9216 38 0 38 9 8 1 1 0 8 1 mcl8k 8192 36 0 36 9 8 1 1 0 8 1 mcl4k 4096 126 0 126 3 2 1 1 0 8 1 mcl2k2 2112 16 0 16 7 6 1 1 0 8 1 mcl2k 2048 57852 0 57804 16 9 7 13 0 8 0 mtagpl 80 79 0 25 3 1 2 2 0 8 0 mbufpl 256 105365 0 105194 98 85 13 38 0 8 1 bufpl 256 14550 0 7684 430 0 430 430 0 8 0 anonpl 16 245019 0 233318 137 73 64 65 0 62 16 amapchunkpl 152 11448 0 11339 37 29 8 14 0 158 2 amappl16 192 12666 0 12022 100 59 41 45 0 8 8 amappl15 184 1271 0 1268 1 0 1 1 0 8 0 amappl14 176 1288 0 1280 1 0 1 1 0 8 0 amappl13 168 14 0 13 1 0 1 1 0 8 0 amappl12 160 4 0 2 1 0 1 1 0 8 0 amappl11 152 54 0 43 1 0 1 1 0 8 0 amappl10 144 64 0 64 4 4 0 1 0 8 0 amappl9 136 1761 0 1756 1 0 1 1 0 8 0 amappl8 128 1399 0 1384 1 0 1 1 0 8 0 amappl7 120 32 0 28 1 0 1 1 0 8 0 amappl6 112 50 0 44 1 0 1 1 0 8 0 amappl5 104 291 0 281 1 0 1 1 0 8 0 amappl4 96 2966 0 2937 1 0 1 1 0 8 0 amappl3 88 274 0 264 1 0 1 1 0 8 0 amappl2 80 22194 0 22116 3 1 2 3 0 8 0 amappl1 72 55297 0 54871 25 16 9 19 0 8 0 amappl 80 6218 0 6180 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 132 0 20 2 0 2 2 0 8 0 uaddrrnd 24 2712 0 2697 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2712 0 2697 1 0 1 1 0 8 0 vmmpekpl 168 21356 0 21332 2 0 2 2 0 8 0 vmmpepl 168 316473 0 314686 142 52 90 96 0 357 12 vmsppl 272 2711 0 2697 2 1 1 2 0 8 0 pdppl 4096 5430 0 5394 6 1 5 6 0 8 0 pvpl 32 774671 0 759844 323 129 194 236 0 265 71 pmappl 200 2711 0 2697 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 802 0 241 19 1 18 19 0 8 0