syzbot


panic: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_

Status: closed as dup on 2018/12/31 16:38
Reported-by: syzbot+09848fd94b475dfb2e90@syzkaller.appspotmail.com
First crash: 1929d, last: 1924d
Duplicate of
Title Repro Cause bisect Fix bisect Count Last Reported
assert "ps->ps_uvncount == 0" failed in kern_unveil.c syz 226 1646d 1913d

Sample crash report:
panic: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_unveil.c", line 195
Stopped at      db_enter+0xa:   popq    %rbp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x147 sys/kern/subr_prf.c:208
__assert(ffffffff81603364,ffff8000211697b0,ffff800000ac0000,30) at __assert+0x24 sys/kern/subr_prf.c:155
unveil_destroy(ffff8000210b7308) at unveil_destroy+0x158 sys/kern/kern_unveil.c:195
exit1(10,ffff8000210a2978,0) at exit1+0x280 sys/kern/kern_exit.c:215
sys_exit(ffffffff8170ee63,ffff800021169860,10) at sys_exit+0x13 sys/kern/kern_exit.c:94
syscall(0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:99 [inline]
syscall(0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:583
Xsyscall(6,1,0,1,0,7f7ffffdaeb0) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffdae60, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{1}> 
ddb{1}> set $lines = 0
ddb{1}> show panic
kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_unveil.c", line 195
ddb{1}> trace
db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x147 sys/kern/subr_prf.c:208
__assert(ffffffff81603364,ffff8000211697b0,ffff800000ac0000,30) at __assert+0x24 sys/kern/subr_prf.c:155
unveil_destroy(ffff8000210b7308) at unveil_destroy+0x158 sys/kern/kern_unveil.c:195
exit1(10,ffff8000210a2978,0) at exit1+0x280 sys/kern/kern_exit.c:215
sys_exit(ffffffff8170ee63,ffff800021169860,10) at sys_exit+0x13 sys/kern/kern_exit.c:94
syscall(0) at syscall+0x489 mi_syscall sys/sys/syscall_mi.h:99 [inline]
syscall(0) at syscall+0x489 sys/arch/amd64/amd64/trap.c:583
Xsyscall(6,1,0,1,0,7f7ffffdaeb0) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffdae60, count: -8
ddb{1}> show registers
rdi               0xffffffff81e32f30    kprintf_mutex
rsi                              0x5
rbp               0xffff800021169710
rbx               0xffff8000211697b0
rdx                            0x3fd
rcx                                0
rax                                0
r8                0xffff8000211696e0
r9                0x8080808080808080
r10                                0
r11               0xffffffff810fe130    x86_bus_space_io_read_1
r12                     0x3000000008
r13               0xffff800021169720
r14                            0x100
r15               0xffffffff81bf37d3    cmd0646_9_tim_udma+0x1f579
rip               0xffffffff819edafa    db_enter+0xa
cs                               0x8
rflags                         0x246
rsp               0xffff800021169710
ss                              0x10
db_enter+0xa:   popq    %rbp
ddb{1}> show proc
PROC (syz-executor0) pid=107684 stat=onproc
    flags process=1018<EXITING,SUGID,SINGLEEXIT> proc=2000<WEXIT>
    pri=50, usrpri=86, nice=20
    forw=0xffffffffffffffff, list=0xffff8000210a3080,0xffff8000210a3798
    process=0xffff8000210b7308 user=0xffff800021164000, vmspace=0xffffff007f125738
    estcpu=36, cpticks=7, pctcpu=0.0
    user=0, sys=2, intr=0
ddb{1}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
  9727  288340   1641      0  3         0x2  biowait       syz-executor1
 94685  193562  82511  65534  3        0x90  nanosleep     syz-executor0
 82511  340790   1641      0  3        0x82  wait          syz-executor0
 53705  281492      0      0  3     0x14200  bored         sosplice
  1641  248598  55279      0  3        0x82  thrsleep      syz-fuzzer
  1641  132993  55279      0  3   0x4000082  nanosleep     syz-fuzzer
  1641  495026  55279      0  3   0x4000082  thrsleep      syz-fuzzer
  1641   33425  55279      0  3   0x4000082  thrsleep      syz-fuzzer
  1641  421350  55279      0  3   0x4000082  thrsleep      syz-fuzzer
  1641  499276  55279      0  3   0x4000082  thrsleep      syz-fuzzer
  1641  217771  55279      0  3   0x4000082  thrsleep      syz-fuzzer
  1641  370680  55279      0  3   0x4000082  nanosleep     syz-fuzzer
  1641   72250  55279      0  3   0x4000082  kqread        syz-fuzzer
  1641  369937  55279      0  3   0x4000082  thrsleep      syz-fuzzer
  1641  158596  55279      0  3   0x4000082  thrsleep      syz-fuzzer
 55279  257773  78377      0  3    0x10008a  pause         ksh
 78377   71903  32355      0  3        0x92  select        sshd
 98445   31070      1      0  3    0x100083  ttyin         getty
 32355  212538      1      0  3        0x80  select        sshd
 18642  394093  75898     73  3    0x100090  kqread        syslogd
 75898  447222      1      0  3    0x100082  netio         syslogd
 42585  206649      1     77  3    0x100090  poll          dhclient
 17789  227990      1      0  3        0x80  poll          dhclient
 74406  160916      0      0  3     0x14200  pgzero        zerothread
 32689  470118      0      0  3     0x14200  aiodoned      aiodoned
 74991  222562      0      0  3     0x14200  syncer        update
 45115  439896      0      0  3     0x14200  cleaner       cleaner
 32401  162569      0      0  3     0x14200  reaper        reaper
 40876  391783      0      0  3     0x14200  pgdaemon      pagedaemon
  5520  166945      0      0  3     0x14200  bored         crynlk
 71272  349688      0      0  3     0x14200  bored         crypto
 93933   97878      0      0  3  0x40014200  acpi0         acpi0
 67845  128627      0      0  3  0x40014200                idle1
 22475   92141      0      0  3     0x14200  bored         softnet
 94955  154909      0      0  3     0x14200  bored         systqmp
 82534    6470      0      0  3     0x14200  bored         systq
 43339  262819      0      0  3  0x40014200  bored         softclock
 12110  179573      0      0  7  0x40014200                idle0
     1   25246      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/12/20 11:43 openbsd de353310588d 02e69052 .config console log report ci-openbsd-setuid
2018/12/15 12:30 openbsd ff5089e6ea58 c9128939 .config console log report ci-openbsd-setuid
* Struck through repros no longer work on HEAD.