panic: vrele: v_writecount != 0 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 90320 98740 0 0 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 vrele(fffffd8029779288) at vrele+0x188 sys/kern/vfs_subr.c:797 diskmapioctl(5a00,c0106477,ffff800016be4d40,2,ffff8000ffff2290) at diskmapioctl+0x2a8 sys/dev/diskmap.c:140 VOP_IOCTL(fffffd803740f198,c0106477,ffff800016be4d40,2,fffffd803f7c6a80,ffff8000ffff2290) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 vn_ioctl(fffffd803615c698,c0106477,ffff800016be4d40,ffff8000ffff2290) at vn_ioctl+0xb6 sys/kern/vfs_vnops.c:519 sys_ioctl(ffff8000ffff2290,ffff800016be4e58,ffff800016be4ec0) at sys_ioctl+0x5b8 syscall(ffff800016be4f20) at syscall+0x508 Xsyscall(6,0,ffffffffffffff1f,0,3,d21569fa0e0) at Xsyscall+0x128 end of kernel end trace frame: 0xd238bc20dd0, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic vrele: v_writecount != 0 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 vrele(fffffd8029779288) at vrele+0x188 sys/kern/vfs_subr.c:797 diskmapioctl(5a00,c0106477,ffff800016be4d40,2,ffff8000ffff2290) at diskmapioctl+0x2a8 sys/dev/diskmap.c:140 VOP_IOCTL(fffffd803740f198,c0106477,ffff800016be4d40,2,fffffd803f7c6a80,ffff8000ffff2290) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 vn_ioctl(fffffd803615c698,c0106477,ffff800016be4d40,ffff8000ffff2290) at vn_ioctl+0xb6 sys/kern/vfs_vnops.c:519 sys_ioctl(ffff8000ffff2290,ffff800016be4e58,ffff800016be4ec0) at sys_ioctl+0x5b8 syscall(ffff800016be4f20) at syscall+0x508 Xsyscall(6,0,ffffffffffffff1f,0,3,d21569fa0e0) at Xsyscall+0x128 end of kernel end trace frame: 0xd238bc20dd0, count: -9 ddb> show registers rdi 0xffffffff81972197 db_enter+0x17 rsi 0x725e __ALIGN_SIZE+0x625e rbp 0xffff800016be4900 rbx 0xffff800016be49b0 rdx 0x725f __ALIGN_SIZE+0x625f rcx 0xffff800016ded000 rax 0xffff800016ded000 r8 0xffff800016be48c0 r9 0x1 r10 0xffff800000997e80 r11 0x9e06de698f83454e r12 0x3000000008 r13 0xffff800016be4910 r14 0x100 r15 0x1 rip 0xffffffff81972198 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800016be48f0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) pid=90320 stat=onproc flags process=0 proc=4000000 pri=24, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff2c70,0xffffffff82296468 process=0xffff8000ffff7450 user=0xffff800016bdf000, vmspace=0xfffffd803f014cc0 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 98740 452263 72275 0 2 0 syz-executor.0 98740 117432 72275 0 2 0x4000000 syz-executor.0 *98740 90320 72275 0 7 0x4000000 syz-executor.0 77792 201721 1 0 3 0x100083 ttyin getty 68411 420341 0 0 3 0x14200 bored sosplice 72275 350104 84747 0 2 0x482 syz-executor.0 97276 394933 84747 0 2 0x482 syz-executor.1 84747 237148 3989 0 3 0x82 thrsleep syz-fuzzer 84747 115751 3989 0 3 0x4000082 thrsleep syz-fuzzer 84747 205770 3989 0 3 0x4000082 kqread syz-fuzzer 84747 108903 3989 0 3 0x4000082 thrsleep syz-fuzzer 84747 467969 3989 0 3 0x4000082 thrsleep syz-fuzzer 84747 374159 3989 0 3 0x4000082 thrsleep syz-fuzzer 84747 102004 3989 0 3 0x4000082 thrsleep syz-fuzzer 3989 239488 57364 0 3 0x10008a pause ksh 57364 455827 38476 0 3 0x92 select sshd 38476 49907 1 0 3 0x80 select sshd 49205 362943 14104 73 2 0x100090 syslogd 14104 277904 1 0 3 0x100082 netio syslogd 95055 347191 1 77 3 0x100090 poll dhclient 41696 189068 1 0 3 0x80 poll dhclient 81770 272319 0 0 2 0x14200 zerothread 87377 397170 0 0 3 0x14200 aiodoned aiodoned 99585 218350 0 0 3 0x14200 syncer update 24972 398706 0 0 3 0x14200 cleaner cleaner 53056 415957 0 0 3 0x14200 reaper reaper 94063 198830 0 0 3 0x14200 pgdaemon pagedaemon 88269 3853 0 0 3 0x14200 bored crynlk 30942 298454 0 0 3 0x14200 bored crypto 61081 488321 0 0 3 0x40014200 acpi0 acpi0 60121 149612 0 0 3 0x14200 bored softnet 44917 56289 0 0 3 0x14200 bored systqmp 97839 523161 0 0 3 0x14200 bored systq 67827 170033 0 0 3 0x40014200 bored softclock 42546 494083 0 0 3 0x40014200 idle0 10139 104126 0 0 3 0x14200 bored smr 1 344548 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9537 6383K 14531K 78643K 16798 0 0 pcb 13 8K 8K 78643K 187 0 0 rtable 120 4K 4K 78643K 553 0 0 ifaddr 66 14K 14K 78643K 223 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 113 0 0 iov 0 0K 16K 78643K 279 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1214 76K 77K 78643K 3320 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 32 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 1K 1K 78643K 231 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 2262 0 0 sigio 0 0K 0K 78643K 29 0 0 proc 42 30K 54K 78643K 612 0 0 subproc 32 2K 2K 78643K 40 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 191 0 0 in_multi 33 2K 2K 78643K 119 0 0 ether_multi 1 0K 0K 78643K 15 0 0 mrt 0 0K 0K 78643K 6 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 72 318K 318K 78643K 72 0 0 exec 0 0K 1K 78643K 394 0 0 pfkey data 0 0K 0K 78643K 2 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 90 21K 29K 78643K 6185 0 0 UVM aobj 81 3K 3K 78643K 94 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 97 0 0 NDP 15 0K 0K 78643K 61 0 0 temp 192 2728K 2855K 78643K 9955 0 0 kqueue 0 0K 0K 78643K 14 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 8 0 0 1 0 1 1 0 8 0 rtpcb 80 123 0 121 1 0 1 1 0 8 0 rtentry 112 53 0 6 2 0 2 2 0 8 0 unpcb 120 699 0 689 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 1834 0 1834 1 1 0 1 0 8 0 tcpcb 544 336 0 332 1 0 1 1 0 8 0 inpcb 280 931 0 918 6 4 2 2 0 8 1 nd6 48 6 0 0 1 0 1 1 0 8 0 pkpcb 40 18 0 18 6 5 1 1 0 8 1 ppxss 1128 30 0 30 10 9 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 191 0 0 12 0 12 12 0 8 0 art_table 32 192 0 0 2 0 2 2 0 8 0 art_node 16 47 0 5 1 0 1 1 0 8 0 sysvmsgpl 40 14 0 5 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 229 0 219 1 0 1 1 0 8 0 shmpl 112 92 0 13 3 0 3 3 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 5050 0 3641 46 0 46 46 0 8 0 ffsino 240 5050 0 3641 84 0 84 84 0 8 0 nchpl 144 8442 0 6798 62 0 62 62 0 8 0 uvmvnodes 72 6510 0 0 119 0 119 119 0 8 0 vnodes 200 6510 0 0 343 0 343 343 0 8 0 namei 1024 26058 0 26058 4 3 1 1 0 8 1 scsiplug 64 4 0 4 3 3 0 1 0 8 0 scxspl 192 24770 0 24770 19 18 1 6 0 8 1 plimitpl 152 245 0 238 1 0 1 1 0 8 0 sigapl 432 2437 0 2424 2 0 2 2 0 8 0 futexpl 56 37191 0 37191 3 2 1 1 0 8 1 knotepl 112 399 0 380 1 0 1 1 0 8 0 kqueuepl 104 501 0 499 1 0 1 1 0 8 0 pipepl 112 1180 0 1161 4 3 1 2 0 8 0 fdescpl 424 2438 0 2424 2 0 2 2 0 8 0 filepl 120 14419 0 14322 4 0 4 4 0 8 1 lockfpl 104 822 0 822 4 3 1 1 0 8 1 lockfspl 48 281 0 281 4 3 1 1 0 8 1 sessionpl 112 21 0 11 1 0 1 1 0 8 0 pgrppl 48 61 0 51 1 0 1 1 0 8 0 ucredpl 96 2897 0 2890 1 0 1 1 0 8 0 zombiepl 144 2424 0 2423 2 1 1 1 0 8 0 processpl 864 2453 0 2423 4 0 4 4 0 8 0 procpl 632 5387 0 5349 4 0 4 4 0 8 0 sosppl 128 28 0 28 7 6 1 1 0 8 1 sockpl 384 1802 0 1783 5 2 3 3 0 8 1 mcl64k 65536 604 0 604 39 38 1 33 0 8 1 mcl16k 16384 9 0 9 5 4 1 1 0 8 1 mcl12k 12288 39 0 39 9 8 1 1 0 8 1 mcl9k 9216 43 0 43 8 7 1 1 0 8 1 mcl8k 8192 28 0 28 7 7 0 1 0 8 0 mcl4k 4096 114 0 110 2 1 1 1 0 8 0 mcl2k2 2112 14 0 14 6 6 0 1 0 8 0 mcl2k 2048 56970 0 56923 19 12 7 13 0 8 0 mtagpl 80 54 0 29 2 1 1 1 0 8 0 mbufpl 256 101669 0 101514 35 22 13 24 0 8 1 bufpl 256 13553 0 6939 414 0 414 414 0 8 0 anonpl 16 225973 0 214091 110 46 64 65 0 62 15 amapchunkpl 152 10440 0 10337 32 26 6 15 0 158 1 amappl16 192 12992 0 12330 103 62 41 46 0 8 7 amappl15 184 2 0 2 2 2 0 1 0 8 0 amappl14 176 63 0 56 1 0 1 1 0 8 0 amappl13 168 7 0 7 1 1 0 1 0 8 0 amappl12 160 9 0 9 1 1 0 1 0 8 0 amappl11 152 1146 0 1133 1 0 1 1 0 8 0 amappl10 144 64 0 63 2 1 1 1 0 8 0 amappl9 136 1682 0 1678 1 0 1 1 0 8 0 amappl8 128 1260 0 1245 1 0 1 1 0 8 0 amappl7 120 32 0 27 1 0 1 1 0 8 0 amappl6 112 1153 0 1143 1 0 1 1 0 8 0 amappl5 104 156 0 146 1 0 1 1 0 8 0 amappl4 96 2692 0 2665 1 0 1 1 0 8 0 amappl3 88 255 0 243 1 0 1 1 0 8 0 amappl2 80 18815 0 18747 4 2 2 3 0 8 0 amappl1 72 50773 0 50366 24 15 9 19 0 8 0 amappl 80 5660 0 5625 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 93 0 13 2 0 2 2 0 8 0 uaddrrnd 24 2438 0 2424 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2438 0 2424 1 0 1 1 0 8 0 vmmpekpl 168 18344 0 18321 2 0 2 2 0 8 0 vmmpepl 168 287612 0 285914 147 58 89 97 0 357 12 vmsppl 272 2437 0 2424 2 1 1 2 0 8 0 pdppl 4096 4882 0 4848 6 1 5 6 0 8 0 pvpl 32 675444 0 660526 281 122 159 259 0 265 37 pmappl 200 2437 0 2424 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 636 0 91 16 0 16 16 0 8 0