panic: vrele: v_writecount != 0
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
* 43198 65392 0 0 0x4000000 0 syz-executor.0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
vrele(fffffd802c233600) at vrele+0x188 sys/kern/vfs_subr.c:797
diskmapioctl(5a00,c0106477,ffff8000159eedc0,1,ffff8000149deee8) at diskmapioctl+0x2a8 sys/dev/diskmap.c:140
VOP_IOCTL(fffffd803740f580,c0106477,ffff8000159eedc0,1,fffffd803f7c6960,ffff8000149deee8) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290
vn_ioctl(fffffd802cbba540,c0106477,ffff8000159eedc0,ffff8000149deee8) at vn_ioctl+0xb6 sys/kern/vfs_vnops.c:519
sys_ioctl(ffff8000149deee8,ffff8000159eeed8,ffff8000159eef40) at sys_ioctl+0x5b8
syscall(ffff8000159eefa0) at syscall+0x508
Xsyscall(6,0,ffffffffffffff1f,0,3,e660f4e8010) at Xsyscall+0x128
end of kernel
end trace frame: 0xe68e1514160, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
vrele: v_writecount != 0
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
vrele(fffffd802c233600) at vrele+0x188 sys/kern/vfs_subr.c:797
diskmapioctl(5a00,c0106477,ffff8000159eedc0,1,ffff8000149deee8) at diskmapioctl+0x2a8 sys/dev/diskmap.c:140
VOP_IOCTL(fffffd803740f580,c0106477,ffff8000159eedc0,1,fffffd803f7c6960,ffff8000149deee8) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290
vn_ioctl(fffffd802cbba540,c0106477,ffff8000159eedc0,ffff8000149deee8) at vn_ioctl+0xb6 sys/kern/vfs_vnops.c:519
sys_ioctl(ffff8000149deee8,ffff8000159eeed8,ffff8000159eef40) at sys_ioctl+0x5b8
syscall(ffff8000159eefa0) at syscall+0x508
Xsyscall(6,0,ffffffffffffff1f,0,3,e660f4e8010) at Xsyscall+0x128
end of kernel
end trace frame: 0xe68e1514160, count: -9
ddb> show registers
rdi 0xffffffff81cd5737 db_enter+0x17
rsi 0x75e3 __ALIGN_SIZE+0x65e3
rbp 0xffff8000159ee980
rbx 0xffff8000159eea30
rdx 0x75e4 __ALIGN_SIZE+0x65e4
rcx 0xffff800016bf1000
rax 0xffff800016bf1000
r8 0xffff8000159ee940
r9 0x1
r10 0xffff800000997dc0
r11 0xda0817f2b5501de7
r12 0x3000000008
r13 0xffff8000159ee990
r14 0x100
r15 0x1
rip 0xffffffff81cd5738 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff8000159ee970
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (syz-executor.0) pid=43198 stat=onproc
flags process=0 proc=4000000<THREAD>
pri=24, usrpri=86, nice=20
forw=0xffffffffffffffff, list=0xffff8000149dec70,0xffff8000149de518
process=0xffff8000ffff77b0 user=0xffff8000159ea000, vmspace=0xfffffd803f013440
estcpu=36, cpticks=2, pctcpu=0.0
user=0, sys=2, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
65392 396120 22575 0 2 0 syz-executor.0
*65392 43198 22575 0 7 0x4000000 syz-executor.0
65392 515167 22575 0 2 0x4000000 syz-executor.0
38290 249551 59279 0 2 0 syz-executor.1
38290 398952 59279 0 3 0x4000080 ttyin syz-executor.1
38290 209559 59279 0 3 0x4000080 fsleep syz-executor.1
81476 196381 1 0 3 0x100083 ttyin getty
59279 454242 51846 0 2 0x482 syz-executor.1
36482 444715 0 0 3 0x14200 bored sosplice
22575 223878 51846 0 2 0x482 syz-executor.0
51846 133179 87354 0 3 0x82 thrsleep syz-fuzzer
51846 4492 87354 0 3 0x4000082 thrsleep syz-fuzzer
51846 478128 87354 0 3 0x4000082 thrsleep syz-fuzzer
51846 59440 87354 0 3 0x4000082 thrsleep syz-fuzzer
51846 231632 87354 0 3 0x4000082 thrsleep syz-fuzzer
51846 498388 87354 0 3 0x4000082 kqread syz-fuzzer
51846 378964 87354 0 3 0x4000082 thrsleep syz-fuzzer
87354 320455 56256 0 3 0x10008a pause ksh
56256 279535 98044 0 3 0x92 select sshd
98044 217824 1 0 3 0x80 select sshd
54276 101278 53619 73 2 0x100090 syslogd
53619 230000 1 0 3 0x100082 netio syslogd
35090 71087 1 77 3 0x100090 poll dhclient
9025 78807 1 0 3 0x80 poll dhclient
97404 362802 0 0 2 0x14200 zerothread
13894 268995 0 0 3 0x14200 aiodoned aiodoned
39380 124687 0 0 3 0x14200 syncer update
2525 178194 0 0 3 0x14200 cleaner cleaner
75894 107745 0 0 3 0x14200 reaper reaper
9170 347006 0 0 3 0x14200 pgdaemon pagedaemon
46627 35925 0 0 3 0x14200 bored crynlk
20256 301087 0 0 3 0x14200 bored crypto
26384 401799 0 0 3 0x40014200 acpi0 acpi0
60355 303939 0 0 3 0x14200 bored softnet
54106 173427 0 0 3 0x14200 bored systqmp
8075 502756 0 0 3 0x14200 bored systq
52507 326230 0 0 3 0x40014200 bored softclock
39022 510361 0 0 3 0x40014200 idle0
8918 196438 0 0 3 0x14200 bored smr
1 395486 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim
devbuf 9558 6366K 7123K 78643K 19332 0 0
pcb 13 8K 8K 78643K 249 0 0
rtable 115 4K 4K 78643K 735 0 0
ifaddr 73 16K 16K 78643K 311 0 0
counters 19 16K 16K 78643K 19 0 0
ioctlops 0 0K 2K 78643K 164 0 0
iov 0 0K 28K 78643K 458 0 0
mount 1 1K 1K 78643K 1 0 0
vnodes 1216 76K 77K 78643K 4297 0 0
UFS quota 1 32K 32K 78643K 1 0 0
UFS mount 5 36K 36K 78643K 5 0 0
shm 2 1K 5K 78643K 36 0 0
VM map 2 0K 0K 78643K 2 0 0
sem 12 0K 0K 78643K 397 0 0
dirhash 12 2K 2K 78643K 12 0 0
ACPI 1793 195K 288K 78643K 12645 0 0
file desc 6 17K 25K 78643K 3323 0 0
sigio 0 0K 0K 78643K 38 0 0
proc 42 30K 54K 78643K 764 0 0
subproc 32 2K 2K 78643K 55 0 0
NFS srvsock 1 0K 0K 78643K 1 0 0
NFS daemon 1 16K 16K 78643K 1 0 0
ip_moptions 0 0K 0K 78643K 310 0 0
in_multi 33 2K 2K 78643K 160 0 0
ether_multi 1 0K 0K 78643K 15 0 0
mrt 0 0K 0K 78643K 11 0 0
ISOFS mount 1 32K 32K 78643K 1 0 0
MSDOSFS mount 1 16K 16K 78643K 1 0 0
ttys 108 477K 477K 78643K 108 0 0
exec 0 0K 1K 78643K 566 0 0
pfkey data 0 0K 0K 78643K 3 0 0
pagedep 1 8K 8K 78643K 1 0 0
inodedep 1 32K 32K 78643K 1 0 0
newblk 1 0K 0K 78643K 1 0 0
VM swap 7 26K 26K 78643K 7 0 0
UVM amap 90 20K 30K 78643K 8724 0 0
UVM aobj 130 4K 4K 78643K 148 0 0
memdesc 1 4K 4K 78643K 1 0 0
crypto data 1 1K 1K 78643K 1 0 0
ip6_options 0 0K 0K 78643K 110 0 0
NDP 17 0K 0K 78643K 86 0 0
temp 206 2728K 3355K 78643K 13343 0 0
kqueue 0 0K 0K 78643K 29 0 0
SYN cache 2 16K 16K 78643K 2 0 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 10 0 2 1 0 1 1 0 8 0
rtpcb 80 141 0 139 1 0 1 1 0 8 0
rtentry 112 64 0 17 2 0 2 2 0 8 0
unpcb 120 1053 0 1043 1 0 1 1 0 8 0
syncache 264 4 0 4 1 1 0 1 0 8 0
tcpqe 32 843 0 843 1 1 0 1 0 8 0
tcpcb 544 489 0 485 1 0 1 1 0 8 0
inpcb 280 1367 0 1356 3 1 2 2 0 8 1
nd6 48 9 0 3 1 0 1 1 0 8 0
pkpcb 40 22 0 22 8 7 1 1 0 8 1
swfcl 56 4 0 0 1 0 1 1 0 8 0
ppxss 1128 44 0 44 9 9 0 1 0 8 0
art_heap8 4096 1 0 0 1 0 1 1 0 8 0
art_heap4 256 238 0 44 13 0 13 13 0 8 0
art_table 32 239 0 44 2 0 2 2 0 8 0
art_node 16 58 0 16 1 0 1 1 0 8 0
sysvmsgpl 40 10 0 6 1 0 1 1 0 8 0
semupl 112 2 0 2 1 1 0 1 0 8 0
semapl 112 393 0 383 1 0 1 1 0 8 0
shmpl 112 146 0 18 4 0 4 4 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 6834 0 5427 46 0 46 46 0 8 0
ffsino 240 6834 0 5427 84 0 84 84 0 8 0
nchpl 144 11716 0 10100 61 0 61 61 0 8 0
uvmvnodes 72 7762 0 0 142 0 142 142 0 8 0
vnodes 200 7762 0 0 409 0 409 409 0 8 0
namei 1024 36794 0 36794 1 0 1 1 0 8 1
scsiplug 64 7 0 7 3 3 0 1 0 8 0
scxspl 192 36271 0 36271 28 25 3 6 0 8 3
plimitpl 152 317 0 308 1 0 1 1 0 8 0
sigapl 432 3496 0 3482 2 0 2 2 0 8 0
futexpl 56 55572 0 55571 1 0 1 1 0 8 0
knotepl 112 752 0 733 1 0 1 1 0 8 0
kqueuepl 104 816 0 814 1 0 1 1 0 8 0
pipepl 112 1998 0 1977 5 4 1 2 0 8 0
fdescpl 424 3497 0 3482 2 0 2 2 0 8 0
filepl 120 21140 0 21039 4 0 4 4 0 8 0
lockfpl 104 1292 0 1292 2 1 1 1 0 8 1
lockfspl 48 445 0 445 2 1 1 1 0 8 1
sessionpl 112 23 0 13 1 0 1 1 0 8 0
pgrppl 48 55 0 45 1 0 1 1 0 8 0
ucredpl 96 4569 0 4562 1 0 1 1 0 8 0
zombiepl 144 3482 0 3482 1 0 1 1 0 8 1
processpl 864 3512 0 3482 4 0 4 4 0 8 0
procpl 632 7832 0 7792 4 0 4 4 0 8 0
sosppl 128 28 0 28 10 10 0 1 0 8 0
sockpl 384 2613 0 2594 4 1 3 3 0 8 1
mcl64k 65536 1385 0 1385 158 94 64 64 0 8 64
mcl16k 16384 9 0 9 6 6 0 1 0 8 0
mcl12k 12288 52 0 52 8 8 0 1 0 8 0
mcl9k 9216 55 0 55 7 6 1 1 0 8 1
mcl8k 8192 53 0 53 8 8 0 1 0 8 0
mcl4k 4096 164 0 162 3 2 1 1 0 8 0
mcl2k2 2112 28 0 28 9 9 0 1 0 8 0
mcl2k 2048 58477 0 58434 16 10 6 12 0 8 0
mtagpl 80 74 0 44 2 1 1 1 0 8 0
mbufpl 256 109461 0 109317 87 68 19 41 0 8 8
bufpl 256 19970 0 12207 486 0 486 486 0 8 0
anonpl 16 335743 0 323893 133 68 65 65 0 62 16
amapchunkpl 152 14850 0 14742 39 34 5 14 0 158 0
amappl16 192 19761 0 19106 145 104 41 45 0 8 8
amappl15 184 11 0 11 2 2 0 1 0 8 0
amappl14 176 67 0 60 1 0 1 1 0 8 0
amappl13 168 7 0 6 1 0 1 1 0 8 0
amappl12 160 1037 0 1033 1 0 1 1 0 8 0
amappl11 152 61 0 49 1 0 1 1 0 8 0
amappl10 144 698 0 697 1 0 1 1 0 8 0
amappl9 136 2203 0 2198 1 0 1 1 0 8 0
amappl8 128 1766 0 1747 1 0 1 1 0 8 0
amappl7 120 654 0 651 1 0 1 1 0 8 0
amappl6 112 52 0 46 1 0 1 1 0 8 0
amappl5 104 1183 0 1172 1 0 1 1 0 8 0
amappl4 96 3754 0 3728 1 0 1 1 0 8 0
amappl3 88 291 0 280 1 0 1 1 0 8 0
amappl2 80 27137 0 27062 3 1 2 3 0 8 0
amappl1 72 68746 0 68316 26 17 9 19 0 8 0
amappl 80 8116 0 8078 1 0 1 1 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma64 64 259 0 259 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 17 0 17 1 1 0 1 0 8 0
aobjpl 64 147 0 18 3 0 3 3 0 8 0
uaddrrnd 24 3497 0 3482 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 3497 0 3482 1 0 1 1 0 8 0
vmmpekpl 168 20762 0 20736 2 0 2 2 0 8 0
vmmpepl 168 411067 0 409262 173 84 89 95 0 357 10
vmsppl 272 3496 0 3482 2 1 1 2 0 8 0
pdppl 4096 7000 0 6964 6 1 5 6 0 8 0
pvpl 32 986138 0 971094 326 167 159 237 0 265 35
pmappl 200 3496 0 3482 1 0 1 1 0 8 0
extentpl 40 41 0 26 1 0 1 1 0 8 0
phpool 112 877 0 192 21 0 21 21 0 8 0