panic: kernel diagnostic assertion "refs != ~0" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_synch.c", line 959 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 382370 68055 0 0 0 0 syz-executor db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff834bd059) at panic+0x1e5 sys/kern/subr_prf.c:198 __assert(ffffffff834f7f68,ffffffff83509109,3bf,ffffffff83532222) at __assert+0x29 sys/kern/subr_prf.c:-1 refcnt_finalize(ffff80003c3f3778,ffffffff834ab6a2) at refcnt_finalize+0x1e7 sys/kern/kern_synch.c:960 pppx_if_destroy(205b9a,ffff80003c3f3770) at pppx_if_destroy+0x3d sys/net/if_pppx.c:794 pppxclose(205b9a,81,2000,ffff80003c3c5cb8) at pppxclose+0xa0 sys/net/if_pppx.c:541 spec_close(ffff800032b91a00) at spec_close+0x417 sys/kern/spec_vnops.c:-1 VOP_CLOSE(fffff1806c9723a8,81,fffff180097fd340,ffff80003c3c5cb8) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156 vn_closefile(fffff1806cc9ab80,ffff80003c3c5cb8) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffff1806cc9ab80,ffff80003c3c5cb8) at vn_closefile+0x12b sys/kern/vfs_vnops.c:621 fdrop(fffff1806cc9ab80,ffff80003c3c5cb8) at fdrop+0x121 sys/kern/kern_descrip.c:1281 closef(fffff1806cc9ab80,ffff80003c3c5cb8) at closef+0x192 sys/kern/kern_descrip.c:1265 fdfree(ffff80003c3c5cb8) at fdfree+0x116 sys/kern/kern_descrip.c:1196 exit1(ffff80003c3c5cb8,0,0,1) at exit1+0x595 sys/kern/kern_exit.c:215 sys_exit(ffff80003c3c5cb8,ffff800032b91d70,ffff800032b91cc0) at sys_exit+0x1a sys/kern/kern_exit.c:-1 end trace frame: 0xffff800032b91d60, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic *cpu1: kernel diagnostic assertion "refs != ~0" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_synch.c", line 959 ddb{1}> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:438 panic(ffffffff834bd059) at panic+0x1e5 sys/kern/subr_prf.c:198 __assert(ffffffff834f7f68,ffffffff83509109,3bf,ffffffff83532222) at __assert+0x29 sys/kern/subr_prf.c:-1 refcnt_finalize(ffff80003c3f3778,ffffffff834ab6a2) at refcnt_finalize+0x1e7 sys/kern/kern_synch.c:960 pppx_if_destroy(205b9a,ffff80003c3f3770) at pppx_if_destroy+0x3d sys/net/if_pppx.c:794 pppxclose(205b9a,81,2000,ffff80003c3c5cb8) at pppxclose+0xa0 sys/net/if_pppx.c:541 spec_close(ffff800032b91a00) at spec_close+0x417 sys/kern/spec_vnops.c:-1 VOP_CLOSE(fffff1806c9723a8,81,fffff180097fd340,ffff80003c3c5cb8) at VOP_CLOSE+0x132 sys/kern/vfs_vops.c:156 vn_closefile(fffff1806cc9ab80,ffff80003c3c5cb8) at vn_closefile+0x12b vn_close sys/kern/vfs_vnops.c:298 [inline] vn_closefile(fffff1806cc9ab80,ffff80003c3c5cb8) at vn_closefile+0x12b sys/kern/vfs_vnops.c:621 fdrop(fffff1806cc9ab80,ffff80003c3c5cb8) at fdrop+0x121 sys/kern/kern_descrip.c:1281 closef(fffff1806cc9ab80,ffff80003c3c5cb8) at closef+0x192 sys/kern/kern_descrip.c:1265 fdfree(ffff80003c3c5cb8) at fdfree+0x116 sys/kern/kern_descrip.c:1196 exit1(ffff80003c3c5cb8,0,0,1) at exit1+0x595 sys/kern/kern_exit.c:215 sys_exit(ffff80003c3c5cb8,ffff800032b91d70,ffff800032b91cc0) at sys_exit+0x1a sys/kern/kern_exit.c:-1 syscall(ffff800032b91d70) at syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] syscall(ffff800032b91d70) at syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x71cd608eb050, count: -16 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff800032b917c0 rbx 0xffff80002999ee07 rdx 0 rcx 0xffff80003c3c5cb8 rax 0xffff80002999dff0 r8 0x101010101010101 r9 0x8080808080808080 r10 0x1a443e6b46055059 r11 0xf4e7b51b64080e0 r12 0xffff80002999ec08 r13 0 r14 0 r15 0x1 rip 0xffffffff8185fcc5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff800032b917b0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor) tid=432304 pid=68152 tcnt=0 stat=onproc flags process=1018 proc=2000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0xffff80003c3c5cb8 scnt=-1 ecnt=1 forw=0xffffffffffffffff, list=0xffff80003c3c6a88,0xffff80003c3c5500 process=0xffff80002a37dcf8 user=0xffff800032b8c000, vmspace=0xfffff1806f9dd3d8 estcpu=36, cpticks=4, pctcpu=0.0, user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 68055 382370 44448 0 7 0 syz-executor 68055 281974 44448 0 3 0x4000000 biowait syz-executor 1825 52302 56527 0 2 0 syz-executor 1825 249494 56527 0 2 0x4000000 syz-executor 86589 521287 1 0 3 0x82 nanoslp getty 5164 115028 96916 0 3 0x80 nanoslp syz-executor 5164 359031 96916 0 3 0x4000080 kqsel syz-executor 5164 467566 96916 0 3 0x4000080 fsleep syz-executor 49586 270241 53206 0 2 0 syz-executor 49586 90273 53206 0 3 0x4000000 smrbar syz-executor 53792 22069 13120 0 3 0x80 nanoslp syz-executor 53792 507783 13120 0 3 0x4000080 ttyin syz-executor 53792 275272 13120 0 3 0x4000080 fsleep syz-executor 53792 440633 13120 0 3 0x4000080 fsleep syz-executor 88310 497919 44890 0 3 0x82 piperd syz-executor 21053 365246 0 0 3 0x14280 nfsidl nfsio 74374 186547 0 0 3 0x14280 nfsidl nfsio 19175 52251 0 0 3 0x14280 nfsidl nfsio 11459 302165 0 0 3 0x14280 nfsidl nfsio 32309 225184 0 0 3 0x14280 nfsidl nfsio 308 186360 0 0 3 0x14280 nfsidl nfsio 86654 113755 0 0 3 0x14280 nfsidl nfsio 91736 502994 0 0 3 0x14280 nfsidl nfsio 54886 370041 0 0 3 0x14280 nfsidl nfsio 69551 439892 0 0 3 0x14280 nfsidl nfsio 50738 344233 0 0 3 0x14280 nfsidl nfsio 87171 84830 0 0 3 0x14280 nfsidl nfsio 90790 25230 0 0 3 0x14280 nfsidl nfsio 77963 54627 0 0 3 0x14280 nfsidl nfsio 16916 349860 0 0 3 0x14280 nfsidl nfsio 91227 342088 0 0 3 0x14280 nfsidl nfsio 84365 196189 0 0 3 0x14280 nfsidl nfsio 90786 115626 0 0 3 0x14280 nfsidl nfsio 82968 281594 0 0 3 0x14280 nfsidl nfsio 69122 522383 0 0 3 0x14280 nfsidl nfsio 56527 423379 44890 0 3 0x82 nanoslp syz-executor 21409 372676 44890 0 3 0x82 nanoslp syz-executor 13120 478294 44890 0 2 0x2 syz-executor 96916 287593 44890 0 3 0x82 nanoslp syz-executor 53206 285587 44890 0 3 0x82 nanoslp syz-executor 44448 321748 44890 0 3 0x82 nanoslp syz-executor 54167 222472 44890 0 2 0x2 syz-executor 44890 319782 1 0 2 0x2 syz-executor 17270 451543 0 0 3 0x14200 bored smr 40612 321244 0 0 2 0x14200 zerothread 77259 123482 0 0 3 0x14200 aiodoned aiodoned 6196 338718 0 0 3 0x14200 syncer update 78756 167661 0 0 3 0x14200 cleaner cleaner 58502 161368 0 0 3 0x14200 reaper reaper 60134 2282 0 0 3 0x14200 pgdaemon pagedaemon 82879 156267 0 0 3 0x14200 bored viomb 29626 467839 0 0 3 0x40014200 acpi0 acpi0 72849 394072 0 0 3 0x40014200 idle1 68260 361814 0 0 3 0x14200 bored softnet1 1741 435866 0 0 3 0x14200 bored softnet0 54498 349657 0 0 3 0x14200 bored systqmp 3793 410477 0 0 3 0x14200 bored systq 19790 307979 0 0 3 0x14200 tmoslp softclockmp 41902 522806 0 0 3 0x40014200 tmoslp softclock 50928 333292 0 0 3 0x40014200 idle0 1 149316 0 0 3 0x82 wait init 0 0 -1 0 3 0x10010200 scheduler swapper ddb{1}> show all locks Process 68055 (syz-executor) thread 0xffff80003c3c74e8 (281974) exclusive rrwlock inode r = 0 (0xfffff1807ee1b440) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527 #4 ufs_ihashins+0x4f ufs_ihash sys/ufs/ufs/ufs_ihash.c:-1 [inline] #4 ufs_ihashins+0x4f sys/ufs/ufs/ufs_ihash.c:159 #5 ffs_vget+0x187 sys/ufs/ffs/ffs_vfsops.c:1232 #6 ffs_inode_alloc+0x279 sys/ufs/ffs/ffs_alloc.c:393 #7 ufs_makeinode+0xcd sys/ufs/ufs/ufs_vnops.c:1759 #8 ufs_mknod+0x5b sys/ufs/ufs/ufs_vnops.c:167 #9 VOP_MKNOD+0x101 sys/kern/vfs_vops.c:121 #10 domknodat+0x469 sys/kern/vfs_syscalls.c:1578 #11 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #11 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 #12 Xsyscall+0x128 exclusive rrwlock inode r = 0 (0xfffff1807ee1bb30) #0 witness_lock+0x5f1 stacktrace_save sys/sys/stacktrace.h:37 [inline] #0 witness_lock+0x5f1 sys/kern/subr_witness.c:1160 #1 rw_do_enter_write+0x419 sys/kern/kern_rwlock.c:320 #2 rrw_enter+0xc6 sys/kern/kern_rwlock.c:621 #3 VOP_LOCK+0xbd sys/kern/vfs_vops.c:527 #4 vn_lock+0xa4 sys/kern/vfs_vnops.c:576 #5 vfs_lookup+0x12b sys/kern/vfs_lookup.c:431 #6 namei+0x7c5 sys/kern/vfs_lookup.c:250 #7 domknodat+0xb4 sys/kern/vfs_syscalls.c:1530 #8 syscall+0xb17 mi_syscall sys/sys/syscall_mi.h:176 [inline] #8 syscall+0xb17 sys/arch/amd64/amd64/trap.c:783 #9 Xsyscall+0x128 ddb{1}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 11064 12040K 12412K 166960K 12736 0 pcb 19 13K 14K 166960K 120 0 rtable 233 10K 10K 166960K 460 0 pf 43 19K 25K 166960K 241 0 ifaddr 43 7K 7K 166960K 65 0 ifgroup 64 2K 2K 166960K 93 0 sysctl 3 1K 9K 166960K 8 0 counters 76 37K 37K 166960K 114 0 ioctlops 0 0K 4K 166960K 1562 0 iov 0 0K 16K 166960K 12 0 mount 1 1K 1K 166960K 1 0 log 4 4K 4K 166960K 8 0 vnodes 1419 89K 90K 166960K 1921 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 5K 166960K 11 0