panic: vrele: v_writecount != 0 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 43198 65392 0 0 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 vrele(fffffd802c233600) at vrele+0x188 sys/kern/vfs_subr.c:797 diskmapioctl(5a00,c0106477,ffff8000159eedc0,1,ffff8000149deee8) at diskmapioctl+0x2a8 sys/dev/diskmap.c:140 VOP_IOCTL(fffffd803740f580,c0106477,ffff8000159eedc0,1,fffffd803f7c6960,ffff8000149deee8) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 vn_ioctl(fffffd802cbba540,c0106477,ffff8000159eedc0,ffff8000149deee8) at vn_ioctl+0xb6 sys/kern/vfs_vnops.c:519 sys_ioctl(ffff8000149deee8,ffff8000159eeed8,ffff8000159eef40) at sys_ioctl+0x5b8 syscall(ffff8000159eefa0) at syscall+0x508 Xsyscall(6,0,ffffffffffffff1f,0,3,e660f4e8010) at Xsyscall+0x128 end of kernel end trace frame: 0xe68e1514160, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic vrele: v_writecount != 0 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 vrele(fffffd802c233600) at vrele+0x188 sys/kern/vfs_subr.c:797 diskmapioctl(5a00,c0106477,ffff8000159eedc0,1,ffff8000149deee8) at diskmapioctl+0x2a8 sys/dev/diskmap.c:140 VOP_IOCTL(fffffd803740f580,c0106477,ffff8000159eedc0,1,fffffd803f7c6960,ffff8000149deee8) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 vn_ioctl(fffffd802cbba540,c0106477,ffff8000159eedc0,ffff8000149deee8) at vn_ioctl+0xb6 sys/kern/vfs_vnops.c:519 sys_ioctl(ffff8000149deee8,ffff8000159eeed8,ffff8000159eef40) at sys_ioctl+0x5b8 syscall(ffff8000159eefa0) at syscall+0x508 Xsyscall(6,0,ffffffffffffff1f,0,3,e660f4e8010) at Xsyscall+0x128 end of kernel end trace frame: 0xe68e1514160, count: -9 ddb> show registers rdi 0xffffffff81cd5737 db_enter+0x17 rsi 0x75e3 __ALIGN_SIZE+0x65e3 rbp 0xffff8000159ee980 rbx 0xffff8000159eea30 rdx 0x75e4 __ALIGN_SIZE+0x65e4 rcx 0xffff800016bf1000 rax 0xffff800016bf1000 r8 0xffff8000159ee940 r9 0x1 r10 0xffff800000997dc0 r11 0xda0817f2b5501de7 r12 0x3000000008 r13 0xffff8000159ee990 r14 0x100 r15 0x1 rip 0xffffffff81cd5738 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000159ee970 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) pid=43198 stat=onproc flags process=0 proc=4000000 pri=24, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000149dec70,0xffff8000149de518 process=0xffff8000ffff77b0 user=0xffff8000159ea000, vmspace=0xfffffd803f013440 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 65392 396120 22575 0 2 0 syz-executor.0 *65392 43198 22575 0 7 0x4000000 syz-executor.0 65392 515167 22575 0 2 0x4000000 syz-executor.0 38290 249551 59279 0 2 0 syz-executor.1 38290 398952 59279 0 3 0x4000080 ttyin syz-executor.1 38290 209559 59279 0 3 0x4000080 fsleep syz-executor.1 81476 196381 1 0 3 0x100083 ttyin getty 59279 454242 51846 0 2 0x482 syz-executor.1 36482 444715 0 0 3 0x14200 bored sosplice 22575 223878 51846 0 2 0x482 syz-executor.0 51846 133179 87354 0 3 0x82 thrsleep syz-fuzzer 51846 4492 87354 0 3 0x4000082 thrsleep syz-fuzzer 51846 478128 87354 0 3 0x4000082 thrsleep syz-fuzzer 51846 59440 87354 0 3 0x4000082 thrsleep syz-fuzzer 51846 231632 87354 0 3 0x4000082 thrsleep syz-fuzzer 51846 498388 87354 0 3 0x4000082 kqread syz-fuzzer 51846 378964 87354 0 3 0x4000082 thrsleep syz-fuzzer 87354 320455 56256 0 3 0x10008a pause ksh 56256 279535 98044 0 3 0x92 select sshd 98044 217824 1 0 3 0x80 select sshd 54276 101278 53619 73 2 0x100090 syslogd 53619 230000 1 0 3 0x100082 netio syslogd 35090 71087 1 77 3 0x100090 poll dhclient 9025 78807 1 0 3 0x80 poll dhclient 97404 362802 0 0 2 0x14200 zerothread 13894 268995 0 0 3 0x14200 aiodoned aiodoned 39380 124687 0 0 3 0x14200 syncer update 2525 178194 0 0 3 0x14200 cleaner cleaner 75894 107745 0 0 3 0x14200 reaper reaper 9170 347006 0 0 3 0x14200 pgdaemon pagedaemon 46627 35925 0 0 3 0x14200 bored crynlk 20256 301087 0 0 3 0x14200 bored crypto 26384 401799 0 0 3 0x40014200 acpi0 acpi0 60355 303939 0 0 3 0x14200 bored softnet 54106 173427 0 0 3 0x14200 bored systqmp 8075 502756 0 0 3 0x14200 bored systq 52507 326230 0 0 3 0x40014200 bored softclock 39022 510361 0 0 3 0x40014200 idle0 8918 196438 0 0 3 0x14200 bored smr 1 395486 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9558 6366K 7123K 78643K 19332 0 0 pcb 13 8K 8K 78643K 249 0 0 rtable 115 4K 4K 78643K 735 0 0 ifaddr 73 16K 16K 78643K 311 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 164 0 0 iov 0 0K 28K 78643K 458 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1216 76K 77K 78643K 4297 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 36 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 0K 0K 78643K 397 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 6 17K 25K 78643K 3323 0 0 sigio 0 0K 0K 78643K 38 0 0 proc 42 30K 54K 78643K 764 0 0 subproc 32 2K 2K 78643K 55 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 310 0 0 in_multi 33 2K 2K 78643K 160 0 0 ether_multi 1 0K 0K 78643K 15 0 0 mrt 0 0K 0K 78643K 11 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 108 477K 477K 78643K 108 0 0 exec 0 0K 1K 78643K 566 0 0 pfkey data 0 0K 0K 78643K 3 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 90 20K 30K 78643K 8724 0 0 UVM aobj 130 4K 4K 78643K 148 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 110 0 0 NDP 17 0K 0K 78643K 86 0 0 temp 206 2728K 3355K 78643K 13343 0 0 kqueue 0 0K 0K 78643K 29 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 10 0 2 1 0 1 1 0 8 0 rtpcb 80 141 0 139 1 0 1 1 0 8 0 rtentry 112 64 0 17 2 0 2 2 0 8 0 unpcb 120 1053 0 1043 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 843 0 843 1 1 0 1 0 8 0 tcpcb 544 489 0 485 1 0 1 1 0 8 0 inpcb 280 1367 0 1356 3 1 2 2 0 8 1 nd6 48 9 0 3 1 0 1 1 0 8 0 pkpcb 40 22 0 22 8 7 1 1 0 8 1 swfcl 56 4 0 0 1 0 1 1 0 8 0 ppxss 1128 44 0 44 9 9 0 1 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 238 0 44 13 0 13 13 0 8 0 art_table 32 239 0 44 2 0 2 2 0 8 0 art_node 16 58 0 16 1 0 1 1 0 8 0 sysvmsgpl 40 10 0 6 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 393 0 383 1 0 1 1 0 8 0 shmpl 112 146 0 18 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 6834 0 5427 46 0 46 46 0 8 0 ffsino 240 6834 0 5427 84 0 84 84 0 8 0 nchpl 144 11716 0 10100 61 0 61 61 0 8 0 uvmvnodes 72 7762 0 0 142 0 142 142 0 8 0 vnodes 200 7762 0 0 409 0 409 409 0 8 0 namei 1024 36794 0 36794 1 0 1 1 0 8 1 scsiplug 64 7 0 7 3 3 0 1 0 8 0 scxspl 192 36271 0 36271 28 25 3 6 0 8 3 plimitpl 152 317 0 308 1 0 1 1 0 8 0 sigapl 432 3496 0 3482 2 0 2 2 0 8 0 futexpl 56 55572 0 55571 1 0 1 1 0 8 0 knotepl 112 752 0 733 1 0 1 1 0 8 0 kqueuepl 104 816 0 814 1 0 1 1 0 8 0 pipepl 112 1998 0 1977 5 4 1 2 0 8 0 fdescpl 424 3497 0 3482 2 0 2 2 0 8 0 filepl 120 21140 0 21039 4 0 4 4 0 8 0 lockfpl 104 1292 0 1292 2 1 1 1 0 8 1 lockfspl 48 445 0 445 2 1 1 1 0 8 1 sessionpl 112 23 0 13 1 0 1 1 0 8 0 pgrppl 48 55 0 45 1 0 1 1 0 8 0 ucredpl 96 4569 0 4562 1 0 1 1 0 8 0 zombiepl 144 3482 0 3482 1 0 1 1 0 8 1 processpl 864 3512 0 3482 4 0 4 4 0 8 0 procpl 632 7832 0 7792 4 0 4 4 0 8 0 sosppl 128 28 0 28 10 10 0 1 0 8 0 sockpl 384 2613 0 2594 4 1 3 3 0 8 1 mcl64k 65536 1385 0 1385 158 94 64 64 0 8 64 mcl16k 16384 9 0 9 6 6 0 1 0 8 0 mcl12k 12288 52 0 52 8 8 0 1 0 8 0 mcl9k 9216 55 0 55 7 6 1 1 0 8 1 mcl8k 8192 53 0 53 8 8 0 1 0 8 0 mcl4k 4096 164 0 162 3 2 1 1 0 8 0 mcl2k2 2112 28 0 28 9 9 0 1 0 8 0 mcl2k 2048 58477 0 58434 16 10 6 12 0 8 0 mtagpl 80 74 0 44 2 1 1 1 0 8 0 mbufpl 256 109461 0 109317 87 68 19 41 0 8 8 bufpl 256 19970 0 12207 486 0 486 486 0 8 0 anonpl 16 335743 0 323893 133 68 65 65 0 62 16 amapchunkpl 152 14850 0 14742 39 34 5 14 0 158 0 amappl16 192 19761 0 19106 145 104 41 45 0 8 8 amappl15 184 11 0 11 2 2 0 1 0 8 0 amappl14 176 67 0 60 1 0 1 1 0 8 0 amappl13 168 7 0 6 1 0 1 1 0 8 0 amappl12 160 1037 0 1033 1 0 1 1 0 8 0 amappl11 152 61 0 49 1 0 1 1 0 8 0 amappl10 144 698 0 697 1 0 1 1 0 8 0 amappl9 136 2203 0 2198 1 0 1 1 0 8 0 amappl8 128 1766 0 1747 1 0 1 1 0 8 0 amappl7 120 654 0 651 1 0 1 1 0 8 0 amappl6 112 52 0 46 1 0 1 1 0 8 0 amappl5 104 1183 0 1172 1 0 1 1 0 8 0 amappl4 96 3754 0 3728 1 0 1 1 0 8 0 amappl3 88 291 0 280 1 0 1 1 0 8 0 amappl2 80 27137 0 27062 3 1 2 3 0 8 0 amappl1 72 68746 0 68316 26 17 9 19 0 8 0 amappl 80 8116 0 8078 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 147 0 18 3 0 3 3 0 8 0 uaddrrnd 24 3497 0 3482 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3497 0 3482 1 0 1 1 0 8 0 vmmpekpl 168 20762 0 20736 2 0 2 2 0 8 0 vmmpepl 168 411067 0 409262 173 84 89 95 0 357 10 vmsppl 272 3496 0 3482 2 1 1 2 0 8 0 pdppl 4096 7000 0 6964 6 1 5 6 0 8 0 pvpl 32 986138 0 971094 326 167 159 237 0 265 35 pmappl 200 3496 0 3482 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 877 0 192 21 0 21 21 0 8 0