kern.securelevel: 0 -> 1
creating runtime link editor directory cache.
preserving editor files.
starting network daemons: sshd.
starting local daemons:.
Tue Mar 26 03:46:21 PDT 2019

OpenBSD/amd64 (ci-openbsd-multicore-1.c.syzkaller.internal) (tty00)

Warning: Permanently added '10.128.10.49' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
login: panic: kernel diagnostic assertion "tname->un_flags & UNVEIL_USERSET" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_unveil.c", line 879
Stopped at      db_enter+0x18:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
 188076  83230      0           0          0    0  syz-executor0542
*379251   6072      0           0  0x4000000    1K syz-executor0542
db_enter() at db_enter+0x18
panic() at panic+0x174
__assert(ffffffff81f7e6d6,ffffffff81f80d6e,36f,ffffffff81f8ba8b) at __assert+0x2e
unveil_check_final(ffff800020b14008,ffff800020bd7178) at unveil_check_final+0x81d
namei(ffff800020bd7178) at namei+0x88b
domknodat(ffff800020b14008,ffffff9c,20000000,1,9) at domknodat+0xa1
syscall(ffff800020bd7440) at syscall+0x5b8
Xsyscall(6,0,95d8b67d0c8,0,95d8b67d0a8,95d8b67d0a0) at Xsyscall+0x128
end of kernel
end trace frame: 0x960770bbee0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{1}> 
ddb{1}> set $lines = 0
ddb{1}> set $maxwidth = 0
ddb{1}> show panic
kernel diagnostic assertion "tname->un_flags & UNVEIL_USERSET" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_unveil.c", line 879
ddb{1}> trace
db_enter() at db_enter+0x18
panic() at panic+0x174
__assert(ffffffff81f7e6d6,ffffffff81f80d6e,36f,ffffffff81f8ba8b) at __assert+0x2e
unveil_check_final(ffff800020b14008,ffff800020bd7178) at unveil_check_final+0x81d
namei(ffff800020bd7178) at namei+0x88b
domknodat(ffff800020b14008,ffffff9c,20000000,1,9) at domknodat+0xa1
syscall(ffff800020bd7440) at syscall+0x5b8
Xsyscall(6,0,95d8b67d0c8,0,95d8b67d0a8,95d8b67d0a0) at Xsyscall+0x128
end of kernel
end trace frame: 0x960770bbee0, count: -8
ddb{1}> show registers
rdi                                0
rsi                              0x1
rbp               0xffff800020bd6f10
rbx               0xffff800020bd6fc0
rdx               0xffffffff81f8c339    apollo_pio_rec+0x95b5
rcx                            0x201
rax                              0x1
r8                0xffffffff818d1a13    kprintf+0x183
r9                               0x1
r10               0x3232519bc764dc44
r11               0xe56f57608e673e4e
r12                     0x3000000008
r13               0xffff800020bd6f20
r14                            0x100
r15                              0x1
rip               0xffffffff814367b8    db_enter+0x18
cs                               0x8
rflags                         0x246
rsp               0xffff800020bd6f00
ss                              0x10
db_enter+0x18:  addq    $0x8,%rsp
ddb{1}> show proc
PROC (syz-executor0542) pid=379251 stat=onproc
    flags process=0 proc=4000000<THREAD>
    pri=86, usrpri=86, nice=20
    forw=0xffffffffffffffff, list=0xffff800020b14710,0xffff800020b14270
    process=0xffff800020b8c6a8 user=0xffff800020bd2000, vmspace=0xfffffd807effd9d8
    estcpu=36, cpticks=1, pctcpu=0.0
    user=0, sys=1, intr=0
ddb{1}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 83230  188076  44139      0  7           0                syz-executor0542
 83230  345039  44139      0  3   0x4000080  fsleep        syz-executor0542
 83230  349846  44139      0  2   0x4000000                syz-executor0542
  6072  454353  47238      0  3        0x80  nanosleep     syz-executor0542
* 6072  379251  47238      0  7   0x4000000                syz-executor0542
  6072  271292  47238      0  3   0x4000080  fsleep        syz-executor0542
 47238  315434  77280      0  3        0x80  nanosleep     syz-executor0542
 44139  406235  77280      0  3        0x80  nanosleep     syz-executor0542
 77280  278559  71955      0  3        0x82  nanosleep     syz-executor0542
 71955  266104  20907      0  3    0x10008a  pause         ksh
 20907   31238  36118      0  3        0x92  select        sshd
 31050  197132      1      0  3    0x100083  ttyin         getty
 36118  116573      1      0  3        0x80  select        sshd
 25921  327829  29210     74  3    0x100092  bpf           pflogd
 29210  404171      1      0  3        0x80  netio         pflogd
 21566  249392  52849     73  3    0x100090  kqread        syslogd
 52849  333698      1      0  3    0x100082  netio         syslogd
 51467  281946      1     77  3    0x100090  poll          dhclient
 62264  471633      1      0  3        0x80  poll          dhclient
 75477  175140      0      0  3     0x14200  pgzero        zerothread
 20816   48725      0      0  3     0x14200  aiodoned      aiodoned
 88077  189037      0      0  3     0x14200  syncer        update
 95269  511677      0      0  3     0x14200  cleaner       cleaner
 51447  472680      0      0  3     0x14200  reaper        reaper
 68653  410278      0      0  3     0x14200  pgdaemon      pagedaemon
 56912  501566      0      0  3     0x14200  bored         crynlk
 20691  408393      0      0  3     0x14200  bored         crypto
 58819  452524      0      0  3  0x40014200  acpi0         acpi0
 53679  292271      0      0  3  0x40014200                idle1
 47393  487042      0      0  3     0x14200  bored         softnet
 51817  114847      0      0  3     0x14200  bored         systqmp
 48541  263023      0      0  3     0x14200  bored         systq
 97155  170841      0      0  3  0x40014200  bored         softclock
 58083  492715      0      0  3  0x40014200                idle0
 65770  365599      0      0  3     0x14200  bored         smr
     1  231513      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb{1}> show all locks
Process 6072 (syz-executor0542) thread 0xffff800020b14008 (379251)
exclusive rrwlock inode r = 0 (0xfffffd806d9fc0a0) locked @ /syzkaller/managers/multicore/kernel/sys/ufs/ufs/ufs_vnops.c:1547
#0  witness_lock+0x594
#1  _rw_enter+0x45d
#2  _rrw_enter+0x60
#3  VOP_LOCK+0x57
#4  vn_lock+0x6e
#5  vfs_lookup+0xf5
#6  namei+0x4b2
#7  domknodat+0xa1
#8  syscall+0x5b8
#9  Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82349ce8) locked @ /syzkaller/managers/multicore/kernel/sys/sys/syscall_mi.h:90
#0  witness_lock+0x594
#1  syscall+0x48b
#2  Xsyscall+0x128
ddb{1}>