panic: vrele: v_writecount != 0 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *441003 26504 0 0 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 vrele(fffffd8039825e50) at vrele+0x188 sys/kern/vfs_subr.c:797 diskmapioctl(5a00,c0106477,ffff800015bd4d60,1,ffff8000ffff9b30) at diskmapioctl+0x2a8 sys/dev/diskmap.c:140 VOP_IOCTL(fffffd80374124b8,c0106477,ffff800015bd4d60,1,fffffd803f7c6960,ffff8000ffff9b30) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 vn_ioctl(fffffd802f879e98,c0106477,ffff800015bd4d60,ffff8000ffff9b30) at vn_ioctl+0xb6 sys/kern/vfs_vnops.c:519 sys_ioctl(ffff8000ffff9b30,ffff800015bd4e78,ffff800015bd4ee0) at sys_ioctl+0x5b8 syscall(ffff800015bd4f40) at syscall+0x508 Xsyscall(6,0,ffffffffffffff1f,0,3,b91b93e1010) at Xsyscall+0x128 end of kernel end trace frame: 0xb9465d61700, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic vrele: v_writecount != 0 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 vrele(fffffd8039825e50) at vrele+0x188 sys/kern/vfs_subr.c:797 diskmapioctl(5a00,c0106477,ffff800015bd4d60,1,ffff8000ffff9b30) at diskmapioctl+0x2a8 sys/dev/diskmap.c:140 VOP_IOCTL(fffffd80374124b8,c0106477,ffff800015bd4d60,1,fffffd803f7c6960,ffff8000ffff9b30) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 vn_ioctl(fffffd802f879e98,c0106477,ffff800015bd4d60,ffff8000ffff9b30) at vn_ioctl+0xb6 sys/kern/vfs_vnops.c:519 sys_ioctl(ffff8000ffff9b30,ffff800015bd4e78,ffff800015bd4ee0) at sys_ioctl+0x5b8 syscall(ffff800015bd4f40) at syscall+0x508 Xsyscall(6,0,ffffffffffffff1f,0,3,b91b93e1010) at Xsyscall+0x128 end of kernel end trace frame: 0xb9465d61700, count: -9 ddb> show registers rdi 0xffffffff818b9067 db_enter+0x17 rsi 0x76cc __ALIGN_SIZE+0x66cc rbp 0xffff800015bd4920 rbx 0xffff800015bd49d0 rdx 0x76cd __ALIGN_SIZE+0x66cd rcx 0xffff8000149bf000 rax 0xffff8000149bf000 r8 0xffff800015bd48e0 r9 0x1 r10 0xffff80000005cd80 r11 0x9655e6005d985589 r12 0x3000000008 r13 0xffff800015bd4930 r14 0x100 r15 0x1 rip 0xffffffff818b9068 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800015bd4910 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=441003 stat=onproc flags process=0 proc=4000000 pri=24, usrpri=54, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff89e8,0xffff8000ffff3b50 process=0xffff8000ffff70f0 user=0xffff800015bcf000, vmspace=0xfffffd803f00c110 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 79464 477381 40212 0 2 0 syz-executor.0 79464 119982 40212 0 3 0x4000080 fsleep syz-executor.0 26504 290908 1417 0 2 0 syz-executor.1 *26504 441003 1417 0 7 0x4000000 syz-executor.1 26504 427394 1417 0 2 0x4000000 syz-executor.1 40212 517478 93018 0 2 0x482 syz-executor.0 1417 518147 93018 0 2 0x482 syz-executor.1 93018 284234 22997 0 3 0x82 kqread syz-fuzzer 93018 322964 22997 0 3 0x4000082 thrsleep syz-fuzzer 93018 381968 22997 0 3 0x4000082 thrsleep syz-fuzzer 93018 61435 22997 0 3 0x4000082 thrsleep syz-fuzzer 93018 138525 22997 0 3 0x4000082 thrsleep syz-fuzzer 93018 118906 22997 0 3 0x4000082 thrsleep syz-fuzzer 93018 14921 22997 0 3 0x4000082 thrsleep syz-fuzzer 22997 225613 27247 0 3 0x10008a pause ksh 27247 282085 12923 0 3 0x92 select sshd 747 155759 1 0 3 0x100083 ttyin getty 12923 161039 1 0 3 0x80 select sshd 83249 251610 39866 73 2 0x100090 syslogd 39866 50122 1 0 3 0x100082 netio syslogd 62876 37897 1 77 3 0x100090 poll dhclient 15851 97376 1 0 3 0x80 poll dhclient 80028 357111 0 0 2 0x14200 zerothread 27269 497255 0 0 3 0x14200 aiodoned aiodoned 21383 470218 0 0 3 0x14200 syncer update 85294 184620 0 0 3 0x14200 cleaner cleaner 60728 322074 0 0 3 0x14200 reaper reaper 79374 126488 0 0 3 0x14200 pgdaemon pagedaemon 37605 509997 0 0 3 0x14200 bored crynlk 74155 334306 0 0 3 0x14200 bored crypto 74044 148515 0 0 3 0x40014200 acpi0 acpi0 74405 419931 0 0 3 0x14200 bored softnet 2609 43825 0 0 3 0x14200 bored systqmp 4918 175993 0 0 3 0x14200 bored systq 30506 367464 0 0 3 0x40014200 bored softclock 29240 423043 0 0 3 0x40014200 idle0 82371 473414 0 0 3 0x14200 bored smr 1 384822 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9447 6377K 6441K 78643K 10558 0 0 pcb 13 8K 8K 78643K 17 0 0 rtable 108 3K 4K 78643K 200 0 0 ifaddr 35 10K 10K 78643K 39 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 17 0 0 iov 0 0K 16K 78643K 2 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1218 76K 77K 78643K 1232 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 1K 78643K 2 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 4 0K 0K 78643K 4 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 6 17K 25K 78643K 53 0 0 proc 40 30K 54K 78643K 340 0 0 subproc 32 2K 2K 78643K 34 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 in_multi 33 2K 2K 78643K 33 0 0 ether_multi 1 0K 0K 78643K 1 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 36 159K 159K 78643K 36 0 0 exec 0 0K 1K 78643K 184 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 82 20K 21K 78643K 948 0 0 UVM aobj 4 2K 2K 78643K 4 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 NDP 5 0K 0K 78643K 10 0 0 temp 82 2712K 2776K 78643K 3084 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 0 1 0 1 1 0 8 0 rtpcb 80 21 0 19 1 0 1 1 0 8 0 rtentry 112 45 0 1 2 0 2 2 0 8 0 unpcb 120 31 0 21 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 136 0 136 1 0 1 1 0 8 1 tcpcb 544 14 0 10 1 0 1 1 0 8 0 inpcb 280 38 0 31 1 0 1 1 0 8 0 nd6 48 6 0 0 1 0 1 1 0 8 0 ppxss 1128 1 0 1 1 0 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 189 0 0 12 0 12 12 0 8 0 art_table 32 190 0 0 2 0 2 2 0 8 0 art_node 16 44 0 4 1 0 1 1 0 8 0 semapl 112 2 0 0 1 0 1 1 0 8 0 shmpl 112 2 0 0 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 1475 0 53 46 0 46 46 0 8 0 ffsino 240 1475 0 53 84 0 84 84 0 8 0 nchpl 144 1746 0 105 61 0 61 61 0 8 0 uvmvnodes 72 1523 0 0 28 0 28 28 0 8 0 vnodes 200 1523 0 0 81 0 81 81 0 8 0 namei 1024 4294 0 4294 1 0 1 1 0 8 1 scxspl 192 4080 0 4080 2 1 1 2 0 8 1 plimitpl 152 22 0 15 1 0 1 1 0 8 0 sigapl 432 224 0 210 2 0 2 2 0 8 0 futexpl 56 356 0 355 1 0 1 1 0 8 0 knotepl 112 55 0 36 1 0 1 1 0 8 0 kqueuepl 104 6 0 4 1 0 1 1 0 8 0 pipepl 112 146 0 127 1 0 1 1 0 8 0 fdescpl 424 225 0 210 2 0 2 2 0 8 0 filepl 120 1115 0 1018 4 0 4 4 0 8 1 lockfpl 104 12 0 12 2 1 1 1 0 8 1 lockfspl 48 6 0 6 2 1 1 1 0 8 1 sessionpl 112 17 0 7 1 0 1 1 0 8 0 pgrppl 48 19 0 9 1 0 1 1 0 8 0 ucredpl 96 93 0 86 1 0 1 1 0 8 0 zombiepl 144 210 0 210 1 0 1 1 0 8 1 processpl 864 239 0 210 4 0 4 4 0 8 0 procpl 632 267 0 229 4 0 4 4 0 8 0 sockpl 384 90 0 71 3 0 3 3 0 8 1 mcl12k 12288 2 0 2 1 0 1 1 0 8 1 mcl4k 4096 9 0 9 2 1 1 1 0 8 1 mcl2k 2048 55035 0 54981 18 3 15 15 0 8 7 mtagpl 80 2 0 2 1 1 0 1 0 8 0 mbufpl 256 86813 0 86724 10 1 9 9 0 8 0 bufpl 256 5635 0 1198 278 0 278 278 0 8 0 anonpl 16 33845 0 22760 46 1 45 45 0 62 0 amapchunkpl 152 1080 0 971 7 0 7 7 0 158 2 amappl16 192 788 0 180 31 0 31 31 0 8 0 amappl15 184 9 0 7 1 0 1 1 0 8 0 amappl14 176 52 0 47 1 0 1 1 0 8 0 amappl13 168 8 0 8 1 1 0 1 0 8 0 amappl12 160 9 0 7 1 0 1 1 0 8 0 amappl11 152 50 0 39 1 0 1 1 0 8 0 amappl10 144 59 0 59 1 0 1 1 0 8 1 amappl9 136 550 0 547 1 0 1 1 0 8 0 amappl8 128 123 0 108 1 0 1 1 0 8 0 amappl7 120 37 0 33 1 0 1 1 0 8 0 amappl6 112 59 0 52 1 0 1 1 0 8 0 amappl5 104 149 0 140 1 0 1 1 0 8 0 amappl4 96 439 0 413 1 0 1 1 0 8 0 amappl3 88 170 0 158 1 0 1 1 0 8 0 amappl2 80 1009 0 934 3 0 3 3 0 8 1 amappl1 72 13435 0 13023 26 10 16 19 0 8 7 amappl 80 510 0 472 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 3 0 0 1 0 1 1 0 8 0 uaddrrnd 24 225 0 210 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 225 0 210 1 0 1 1 0 8 0 vmmpekpl 168 5835 0 5810 2 0 2 2 0 8 0 vmmpepl 168 33679 0 31954 101 8 93 93 0 357 18 vmsppl 272 224 0 210 2 0 2 2 0 8 1 pdppl 4096 457 0 420 6 0 6 6 0 8 1 pvpl 32 117278 0 103173 118 0 118 118 0 265 3 pmappl 200 224 0 210 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 420 0 7 12 0 12 12 0 8 0