panic: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_unveil.c", line 208
Stopped at db_enter+0x18: addq $0x8,%rsp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff821cb89c) at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff8221ef2e,ffffffff821c44ab,d0,ffffffff821daa4b) at __assert+0x2b sys/kern/subr_prf.c:154
unveil_destroy(ffff8000ffffaa90) at unveil_destroy+0x19f sys/kern/kern_unveil.c:208
exit1(ffff80001d35d4f8,0,1,1) at exit1+0x394 sys/kern/kern_exit.c:218
postsig(ffff80001d35d4f8,1) at postsig+0x4a8 sigexit sys/kern/kern_sig.c:1444 [inline]
postsig(ffff80001d35d4f8,1) at postsig+0x4a8 sys/kern/kern_sig.c:1376
userret(ffff80001d35d4f8) at userret+0x159 sys/kern/kern_sig.c:1828
syscall(ffff80001d356750) at syscall+0x42e mi_syscall_return sys/sys/syscall_mi.h:129 [inline]
syscall(ffff80001d356750) at syscall+0x42e sys/arch/amd64/amd64/trap.c:592
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffb230, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_unveil.c", line 208
ddb> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic(ffffffff821cb89c) at panic+0x15c sys/kern/subr_prf.c:207
__assert(ffffffff8221ef2e,ffffffff821c44ab,d0,ffffffff821daa4b) at __assert+0x2b sys/kern/subr_prf.c:154
unveil_destroy(ffff8000ffffaa90) at unveil_destroy+0x19f sys/kern/kern_unveil.c:208
exit1(ffff80001d35d4f8,0,1,1) at exit1+0x394 sys/kern/kern_exit.c:218
postsig(ffff80001d35d4f8,1) at postsig+0x4a8 sigexit sys/kern/kern_sig.c:1444 [inline]
postsig(ffff80001d35d4f8,1) at postsig+0x4a8 sys/kern/kern_sig.c:1376
userret(ffff80001d35d4f8) at userret+0x159 sys/kern/kern_sig.c:1828
syscall(ffff80001d356750) at syscall+0x42e mi_syscall_return sys/sys/syscall_mi.h:129 [inline]
syscall(ffff80001d356750) at syscall+0x42e sys/arch/amd64/amd64/trap.c:592
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffffb230, count: -9
ddb> show registers
rdi 0
rsi 0x1
rbp 0xffff80001d356370
rbx 0xffff80001d356420
rdx 0x2
rcx 0
rax 0
r8 0xffff80001d356330
r9 0x1
r10 0
r11 0xa1f37a668a988c79
r12 0x3000000008
r13 0xffff80001d356380
r14 0x100
r15 0x1
rip 0xffffffff81dfb598 db_enter+0x18
cs 0x8
rflags 0x246
rsp 0xffff80001d356360
ss 0x10
db_enter+0x18: addq $0x8,%rsp
ddb> show proc
PROC (getty) pid=146843 stat=onproc
flags process=10000b<CONTROLT,EXEC,EXITING,PLEDGE> proc=2000<WEXIT>
pri=25, usrpri=51, nice=20
forw=0xffffffffffffffff, list=0xffff80001d339c38,0xffff80001d35eaf8
process=0xffff8000ffffaa90 user=0xffff80001d351000, vmspace=0xfffffd806bc0a770
estcpu=1, cpticks=1, pctcpu=0.0
user=0, sys=1, intr=0
ddb> ps
PID TID PPID UID S FLAGS WAIT COMMAND
66384 15054 90502 0 2 0 syz-executor.0
66384 400976 90502 0 2 0x4000000 syz-executor.0
4491 283854 13332 0 2 0 syz-executor.1
4491 263383 13332 0 3 0x4000080 nanosleep syz-executor.1
49926 396211 0 0 3 0x14200 bored sosplice
90502 399774 35390 0 2 0x482 syz-executor.0
13332 142722 35390 0 3 0x82 nanosleep syz-executor.1
35390 502041 64911 0 3 0x82 thrsleep syz-fuzzer
35390 102867 64911 0 3 0x4000082 thrsleep syz-fuzzer
35390 307204 64911 0 3 0x4000082 kqread syz-fuzzer
35390 106865 64911 0 3 0x4000082 thrsleep syz-fuzzer
35390 81591 64911 0 3 0x4000082 thrsleep syz-fuzzer
35390 402171 64911 0 3 0x4000082 thrsleep syz-fuzzer
35390 486659 64911 0 3 0x4000082 thrsleep syz-fuzzer
35390 409819 64911 0 3 0x4000082 thrsleep syz-fuzzer
64911 48997 34774 0 3 0x10008a pause ksh
34774 13240 63454 0 3 0x92 select sshd
63454 14604 1 0 3 0x80 select sshd
91301 469721 44966 73 3 0x100090 kqread syslogd
44966 501507 1 0 3 0x100082 netio syslogd
39513 426580 1 77 3 0x100090 poll dhclient
99060 143342 1 0 3 0x80 poll dhclient
52186 409324 0 0 3 0x14200 bored smr
60910 211011 0 0 2 0x14200 zerothread
71177 213946 0 0 3 0x14200 aiodoned aiodoned
237 247455 0 0 3 0x14200 syncer update
73758 310973 0 0 3 0x14200 cleaner cleaner
7362 507370 0 0 3 0x14200 reaper reaper
5381 297730 0 0 3 0x14200 pgdaemon pagedaemon
10937 382448 0 0 3 0x14200 bored crynlk
78124 257762 0 0 3 0x14200 bored crypto
31096 443472 0 0 3 0x40014200 acpi0 acpi0
2673 106196 0 0 3 0x14200 bored softnet
73241 278059 0 0 3 0x14200 bored systqmp
6687 96427 0 0 3 0x14200 bored systq
824 28564 0 0 3 0x40014200 bored softclock
56894 466045 0 0 3 0x40014200 idle0
1 154213 0 0 3 0x82 wait init
0 0 -1 0 3 0x10200 scheduler swapper
ddb> show all locks
No such command
ddb> show malloc
Type InUse MemUse HighUse Limit Requests Type Lim
devbuf 9488 6354K 6807K 78643K 10931 0
pcb 13 8K 8K 78643K 67 0
rtable 114 3K 3K 78643K 237 0
ifaddr 65 13K 14K 78643K 77 0
counters 21 16K 16K 78643K 22 0
ioctlops 0 0K 2K 78643K 21 0
iov 0 0K 16K 78643K 116 0
mount 1 1K 1K 78643K 1 0
vnodes 1216 76K 77K 78643K 1334 0
UFS quota 1 32K 32K 78643K 1 0
UFS mount 5 36K 36K 78643K 5 0
shm 2 1K 5K 78643K 4 0
VM map 2 0K 0K 78643K 2 0
sem 12 0K 0K 78643K 78 0
dirhash 12 2K 2K 78643K 12 0
ACPI 1794 195K 288K 78643K 12646 0
file desc 6 17K 25K 78643K 201 0
sigio 0 0K 0K 78643K 4 0
proc 46 38K 55K 78643K 409 0
subproc 32 2K 2K 78643K 34 0
NFS srvsock 1 0K 0K 78643K 1 0
NFS daemon 1 16K 16K 78643K 1 0
ip_moptions 0 0K 0K 78643K 30 0
in_multi 47 2K 3K 78643K 79 0
ether_multi 1 0K 0K 78643K 13 0
mrt 0 0K 0K 78643K 2 0
ISOFS mount 1 32K 32K 78643K 1 0
MSDOSFS mount 1 16K 16K 78643K 1 0
ttys 43 201K 201K 78643K 43 0
exec 0 0K 1K 78643K 200 0
pagedep 1 8K 8K 78643K 1 0
inodedep 1 32K 32K 78643K 1 0
newblk 1 0K 0K 78643K 1 0
VM swap 7 26K 26K 78643K 7 0
UVM amap 101 21K 23K 78643K 1331 0
UVM aobj 24 2K 2K 78643K 26 0
memdesc 1 4K 4K 78643K 1 0
crypto data 1 1K 1K 78643K 1 0
ip6_options 0 0K 0K 78643K 58 0
NDP 10 0K 0K 78643K 15 0
temp 121 3018K 3082K 78643K 7089 0
kqueue 4 6K 14K 78643K 24 0
SYN cache 2 16K 16K 78643K 2 0
ddb> show all pools
Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 64 7 0 0 1 0 1 1 0 8 0
rtpcb 80 29 0 27 1 0 1 1 0 8 0
rtentry 112 50 0 3 2 0 2 2 0 8 0
unpcb 120 221 0 213 1 0 1 1 0 8 0
syncache 264 8 0 8 2 1 1 1 0 8 1
tcpqe 32 369 0 369 2 2 0 1 0 8 0
tcpcb 544 154 0 150 3 0 3 3 0 8 2
inpcb 280 522 0 514 4 0 4 4 0 8 3
rttmr 72 1 0 1 1 0 1 1 0 8 1
nd6 48 6 0 0 1 0 1 1 0 8 0
art_heap8 4096 2 0 0 2 0 2 2 0 8 0
art_heap4 256 206 0 6 13 0 13 13 0 8 0
art_table 32 208 0 6 2 0 2 2 0 8 0
art_node 16 49 0 7 1 0 1 1 0 8 0
sysvmsgpl 40 128 0 103 1 0 1 1 0 8 0
semupl 112 6 0 6 1 0 1 1 0 8 1
semapl 112 76 0 66 1 0 1 1 0 8 0
shmpl 112 24 0 2 1 0 1 1 0 8 0
dirhash 1024 17 0 0 3 0 3 3 0 8 0
dino1pl 128 1680 0 280 46 0 46 46 0 8 0
ffsino 240 1680 0 280 83 0 83 83 0 8 0
nchpl 144 2185 0 587 60 0 60 60 0 8 0
uvmvnodes 72 1802 0 0 33 0 33 33 0 8 0
vnodes 208 1802 0 0 95 0 95 95 0 8 0
namei 1024 5645 0 5645 1 0 1 1 0 8 1
vcpupl 1984 2 0 0 1 0 1 1 0 8 0
vmpool 528 2 0 0 1 0 1 1 0 8 0
scxspl 192 6910 0 6910 1 0 1 1 0 8 1
plimitpl 152 33 0 25 1 0 1 1 0 8 0
sigapl 424 389 0 359 4 0 4 4 0 8 0
futexpl 56 5694 0 5694 1 0 1 1 0 8 1
knotepl 112 77 0 57 1 0 1 1 0 8 0
kqueuepl 144 49 0 46 1 0 1 1 0 8 0
pipelkpl 16 112 0 102 1 0 1 1 0 8 0
pipepl 120 224 0 205 1 0 1 1 0 8 0
fdescpl 432 374 0 360 2 0 2 2 0 8 0
filepl 120 2650 0 2548 5 0 5 5 0 8 1
lockfpl 104 62 0 61 1 0 1 1 0 8 0
lockfspl 48 25 0 24 1 0 1 1 0 8 0
sessionpl 112 18 0 8 1 0 1 1 0 8 0
pgrppl 48 18 0 8 1 0 1 1 0 8 0
ucredpl 96 241 0 234 1 0 1 1 0 8 0
zombiepl 144 360 0 359 1 0 1 1 0 8 0
processpl 896 389 0 359 4 0 4 4 0 8 0
procpl 624 644 0 605 4 0 4 4 0 8 0
sosppl 128 8 0 8 2 1 1 1 0 8 1
sockpl 400 781 0 763 8 1 7 7 0 8 5
mcl64k 65536 27 0 27 1 0 1 1 0 8 1
mcl16k 16384 5 0 5 1 0 1 1 0 8 1
mcl12k 12288 3 0 3 2 1 1 1 0 8 1
mcl9k 9216 5 0 5 2 1 1 1 0 8 1
mcl8k 8192 15 0 15 1 0 1 1 0 8 1
mcl4k 4096 27 0 27 3 2 1 1 0 8 1
mcl2k 2048 64262 0 64199 21 12 9 18 0 8 0
mtagpl 80 25 0 2 2 1 1 1 0 8 0
mbufpl 256 104241 0 104045 15 1 14 14 0 8 1
bufpl 280 4696 0 156 325 0 325 325 0 8 0
anonpl 16 61533 0 44672 87 4 83 83 0 107 13
amapchunkpl 152 1845 0 1708 15 4 11 14 0 158 5
amappl16 192 2465 0 1533 65 7 58 58 0 8 11
amappl15 184 1 0 0 1 0 1 1 0 8 0
amappl14 176 170 0 165 2 1 1 1 0 8 0
amappl13 168 24 0 23 1 0 1 1 0 8 0
amappl12 160 6 0 6 1 1 0 1 0 8 0
amappl11 152 65 0 52 1 0 1 1 0 8 0
amappl10 144 15 0 10 1 0 1 1 0 8 0
amappl9 136 379 0 375 1 0 1 1 0 8 0
amappl8 128 273 0 254 1 0 1 1 0 8 0
amappl7 120 108 0 98 1 0 1 1 0 8 0
amappl6 112 24 0 19 1 0 1 1 0 8 0
amappl5 104 151 0 139 1 0 1 1 0 8 0
amappl4 96 611 0 578 1 0 1 1 0 8 0
amappl3 88 283 0 274 1 0 1 1 0 8 0
amappl2 80 2197 0 2124 3 1 2 3 0 8 0
amappl1 72 16302 0 15876 26 17 9 20 0 8 0
amappl 80 872 0 828 2 0 2 2 0 84 0
dma4096 4096 1 0 1 1 1 0 1 0 8 0
dma256 256 6 0 6 1 1 0 1 0 8 0
dma128 128 253 0 253 1 1 0 1 0 8 0
dma64 64 6 0 6 1 1 0 1 0 8 0
dma32 32 7 0 7 1 1 0 1 0 8 0
dma16 16 18 0 17 1 0 1 1 0 8 0
aobjpl 64 25 0 2 1 0 1 1 0 8 0
uaddrrnd 24 376 0 359 1 0 1 1 0 8 0
uaddrbest 32 2 0 0 1 0 1 1 0 8 0
uaddr 24 376 0 359 1 0 1 1 0 8 0
vmmpekpl 168 6680 0 6654 2 0 2 2 0 8 0
vmmpepl 168 52243 0 50118 122 19 103 110 0 357 10
vmsppl 272 375 0 359 3 1 2 2 0 8 0
pdppl 4096 758 0 720 6 1 5 6 0 8 0
pvpl 32 175975 0 156577 197 3 194 194 0 265 37
pmappl 200 375 0 359 1 0 1 1 0 8 0
extentpl 40 46 0 29 1 0 1 1 0 8 0
phpool 112 170 0 20 5 0 5 5 0 8 0