panic: vrele: v_writecount != 0 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND * 73132 44571 0 0 0x4000000 0 syz-executor.0 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 vrele(fffffd803988c310) at vrele+0x188 sys/kern/vfs_subr.c:797 diskmapioctl(5a00,c0106477,ffff8000149d28e0,1,ffff800014941160) at diskmapioctl+0x2a8 sys/dev/diskmap.c:140 VOP_IOCTL(fffffd8037405648,c0106477,ffff8000149d28e0,1,fffffd803f7c6a80,ffff800014941160) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 vn_ioctl(fffffd80361648f0,c0106477,ffff8000149d28e0,ffff800014941160) at vn_ioctl+0xb6 sys/kern/vfs_vnops.c:519 sys_ioctl(ffff800014941160,ffff8000149d29f8,ffff8000149d2a60) at sys_ioctl+0x5b8 syscall(ffff8000149d2ac0) at syscall+0x508 Xsyscall(6,0,ffffffffffffff1f,0,3,427e41ba010) at Xsyscall+0x128 end of kernel end trace frame: 0x42a2ee666a0, count: 6 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic vrele: v_writecount != 0 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 vrele(fffffd803988c310) at vrele+0x188 sys/kern/vfs_subr.c:797 diskmapioctl(5a00,c0106477,ffff8000149d28e0,1,ffff800014941160) at diskmapioctl+0x2a8 sys/dev/diskmap.c:140 VOP_IOCTL(fffffd8037405648,c0106477,ffff8000149d28e0,1,fffffd803f7c6a80,ffff800014941160) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:290 vn_ioctl(fffffd80361648f0,c0106477,ffff8000149d28e0,ffff800014941160) at vn_ioctl+0xb6 sys/kern/vfs_vnops.c:519 sys_ioctl(ffff800014941160,ffff8000149d29f8,ffff8000149d2a60) at sys_ioctl+0x5b8 syscall(ffff8000149d2ac0) at syscall+0x508 Xsyscall(6,0,ffffffffffffff1f,0,3,427e41ba010) at Xsyscall+0x128 end of kernel end trace frame: 0x42a2ee666a0, count: -9 ddb> show registers rdi 0xffffffff81877897 db_enter+0x17 rsi 0x6d5e __ALIGN_SIZE+0x5d5e rbp 0xffff8000149d24a0 rbx 0xffff8000149d2550 rdx 0x6d5f __ALIGN_SIZE+0x5d5f rcx 0xffff800016bf1000 rax 0xffff800016bf1000 r8 0xffff8000149d2460 r9 0x1 r10 0xffff800000983c40 r11 0x4792985da2ec81c2 r12 0x3000000008 r13 0xffff8000149d24b0 r14 0x100 r15 0x1 rip 0xffffffff81877898 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000149d2490 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.0) pid=73132 stat=onproc flags process=0 proc=4000000 pri=24, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800014941650,0xffff800014940790 process=0xffff800014943458 user=0xffff8000149cd000, vmspace=0xfffffd803f00b990 estcpu=36, cpticks=2, pctcpu=0.0 user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 44571 207858 50171 0 2 0 syz-executor.0 *44571 73132 50171 0 7 0x4000000 syz-executor.0 44571 50913 50171 0 2 0x4000000 syz-executor.0 50171 37549 17000 0 2 0x482 syz-executor.0 45118 78483 1 0 3 0x100083 ttyin getty 37866 142365 17000 0 2 0x482 syz-executor.1 77642 267862 0 0 3 0x14200 bored sosplice 17000 106540 21586 0 3 0x82 thrsleep syz-fuzzer 17000 422418 21586 0 3 0x4000082 thrsleep syz-fuzzer 17000 322913 21586 0 3 0x4000082 kqread syz-fuzzer 17000 376242 21586 0 3 0x4000082 thrsleep syz-fuzzer 17000 324992 21586 0 3 0x4000082 thrsleep syz-fuzzer 17000 164910 21586 0 3 0x4000082 thrsleep syz-fuzzer 17000 159640 21586 0 3 0x4000082 thrsleep syz-fuzzer 21586 492055 31018 0 3 0x10008a pause ksh 31018 264265 20610 0 3 0x92 select sshd 20610 304850 1 0 3 0x80 select sshd 77566 427354 28887 73 2 0x100090 syslogd 28887 178922 1 0 3 0x100082 netio syslogd 10658 274386 1 77 3 0x100090 poll dhclient 61670 334884 1 0 3 0x80 poll dhclient 27100 155791 0 0 2 0x14200 zerothread 43194 116850 0 0 3 0x14200 aiodoned aiodoned 1247 143600 0 0 3 0x14200 syncer update 46851 7908 0 0 3 0x14200 cleaner cleaner 8029 358987 0 0 3 0x14200 reaper reaper 27138 283922 0 0 3 0x14200 pgdaemon pagedaemon 44146 121862 0 0 3 0x14200 bored crynlk 17288 358565 0 0 3 0x14200 bored crypto 30379 257943 0 0 3 0x40014200 acpi0 acpi0 9287 379902 0 0 3 0x14200 bored softnet 54308 362290 0 0 3 0x14200 bored systqmp 31379 138029 0 0 3 0x14200 bored systq 26892 515794 0 0 3 0x40014200 bored softclock 8190 460766 0 0 3 0x40014200 idle0 82264 223889 0 0 2 0x14200 smr 1 381565 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9615 6651K 7148K 78643K 47698 0 0 pcb 13 8K 8K 78643K 869 0 0 rtable 122 12K 13K 78643K 2535 0 0 ifaddr 86 23K 26K 78643K 1128 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 709 0 0 iov 0 0K 24K 78643K 1727 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1193 75K 77K 78643K 14112 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 175 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 1K 1K 78643K 1316 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 13404 0 0 sigio 1 0K 0K 78643K 228 0 0 proc 43 30K 54K 78643K 1979 0 0 subproc 32 2K 2K 78643K 171 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 1222 0 0 in_multi 33 2K 2K 78643K 472 0 0 ether_multi 1 0K 0K 78643K 53 0 0 mrt 0 0K 0K 78643K 25 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 108 477K 477K 78643K 108 0 0 exec 0 0K 1K 78643K 1524 0 0 pfkey data 0 0K 0K 78643K 2 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 99 21K 34K 78643K 32273 0 0 UVM aobj 130 4K 4K 78643K 150 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 510 0 0 NDP 21 0K 1K 78643K 314 0 0 temp 233 2729K 3368K 78643K 45194 0 0 kqueue 0 0K 0K 78643K 90 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 26 0 20 1 0 1 1 0 8 0 rtpcb 80 578 0 576 1 0 1 1 0 8 0 rtentry 112 152 0 107 2 0 2 2 0 8 0 unpcb 120 4501 0 4491 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 1245 0 1245 1 1 0 1 0 8 0 tcpcb 544 1840 0 1836 1 0 1 1 0 8 0 inpcb 280 5311 0 5302 25 23 2 2 0 8 1 nd6 48 27 0 21 1 0 1 1 0 8 0 pkpcb 40 74 0 74 27 26 1 1 0 8 1 swfcl 56 2 0 0 1 0 1 1 0 8 0 ppxss 1128 205 0 205 45 44 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 527 0 330 14 1 13 13 0 8 0 art_table 32 528 0 330 2 0 2 2 0 8 0 art_node 16 128 0 88 1 0 1 1 0 8 0 sysvmsgpl 40 14 0 6 1 0 1 1 0 8 0 semupl 112 2 0 2 1 1 0 1 0 8 0 semapl 112 1314 0 1304 1 0 1 1 0 8 0 shmpl 112 148 0 20 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 22921 0 21522 46 0 46 46 0 8 0 ffsino 240 22921 0 21522 84 0 84 84 0 8 0 nchpl 144 41852 0 40224 62 0 62 62 0 8 0 uvmvnodes 72 7776 0 0 142 0 142 142 0 8 0 vnodes 200 7776 0 0 410 0 410 410 0 8 0 namei 1024 136103 0 136103 6 5 1 1 0 8 1 scsiplug 64 18 0 18 15 15 0 1 0 8 0 scxspl 192 135340 0 135340 73 70 3 6 0 8 3 plimitpl 152 1143 0 1136 1 0 1 1 0 8 0 sigapl 432 13565 0 13552 2 0 2 2 0 8 0 futexpl 56 223588 0 223588 10 9 1 1 0 8 1 knotepl 112 2442 0 2423 2 1 1 2 0 8 0 kqueuepl 104 3253 0 3251 1 0 1 1 0 8 0 pipepl 112 7810 0 7791 18 17 1 2 0 8 0 fdescpl 424 13566 0 13552 2 0 2 2 0 8 0 filepl 120 82949 0 82853 11 7 4 6 0 8 1 lockfpl 104 4663 0 4663 11 10 1 1 0 8 1 lockfspl 48 1586 0 1586 11 10 1 1 0 8 1 sessionpl 112 35 0 25 1 0 1 1 0 8 0 pgrppl 48 135 0 125 1 0 1 1 0 8 0 ucredpl 96 18431 0 18424 1 0 1 1 0 8 0 zombiepl 144 13552 0 13551 3 2 1 1 0 8 0 processpl 864 13581 0 13551 4 0 4 4 0 8 0 procpl 632 30641 0 30603 5 1 4 5 0 8 0 sosppl 128 162 0 162 40 39 1 1 0 8 1 sockpl 384 10609 0 10590 20 17 3 5 0 8 1 mcl64k 65536 4263 0 4263 335 308 27 65 0 8 27 mcl16k 16384 41 0 41 30 30 0 1 0 8 0 mcl12k 12288 249 0 249 35 34 1 1 0 8 1 mcl9k 9216 172 0 172 36 35 1 1 0 8 1 mcl8k 8192 217 0 217 45 44 1 1 0 8 1 mcl4k 4096 652 0 652 9 8 1 1 0 8 1 mcl2k2 2112 86 0 86 38 37 1 1 0 8 1 mcl2k 2048 76047 0 76000 24 17 7 12 0 8 0 mtagpl 80 412 0 338 5 3 2 3 0 8 0 mbufpl 256 188449 0 188241 201 178 23 50 0 8 8 bufpl 256 51326 0 43552 488 1 487 487 0 8 0 anonpl 16 1261096 0 1249429 344 280 64 66 0 62 9 amapchunkpl 152 57398 0 57295 118 113 5 18 0 158 0 amappl16 192 76212 0 75553 435 393 42 46 0 8 8 amappl15 184 3322 0 3322 2 2 0 1 0 8 0 amappl14 176 4959 0 4955 1 0 1 1 0 8 0 amappl13 168 623 0 622 1 0 1 1 0 8 0 amappl12 160 13 0 10 1 0 1 1 0 8 0 amappl11 152 388 0 375 1 0 1 1 0 8 0 amappl10 144 2824 0 2821 1 0 1 1 0 8 0 amappl9 136 3100 0 3097 1 0 1 1 0 8 0 amappl8 128 2653 0 2627 1 0 1 1 0 8 0 amappl7 120 2797 0 2791 1 0 1 1 0 8 0 amappl6 112 400 0 385 1 0 1 1 0 8 0 amappl5 104 305 0 294 1 0 1 1 0 8 0 amappl4 96 14493 0 14463 1 0 1 1 0 8 0 amappl3 88 2207 0 2196 1 0 1 1 0 8 0 amappl2 80 111089 0 111021 3 1 2 3 0 8 0 amappl1 72 238678 0 238271 27 18 9 19 0 8 0 amappl 80 31151 0 31116 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 149 0 20 3 0 3 3 0 8 0 uaddrrnd 24 13566 0 13552 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 13566 0 13552 1 0 1 1 0 8 0 vmmpekpl 168 93501 0 93481 2 0 2 2 0 8 0 vmmpepl 168 1566058 0 1564343 385 295 90 102 0 357 12 vmsppl 272 13565 0 13552 3 2 1 2 0 8 0 pdppl 4096 27139 0 27104 7 2 5 6 0 8 0 pvpl 32 3359915 0 3345111 737 579 158 265 0 265 28 pmappl 200 13565 0 13552 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 1253 0 598 22 1 21 21 0 8 0