kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd. starting local daemons:. Tue Mar 26 03:46:21 PDT 2019 OpenBSD/amd64 (ci-openbsd-multicore-1.c.syzkaller.internal) (tty00) Warning: Permanently added '10.128.10.49' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program login: panic: kernel diagnostic assertion "tname->un_flags & UNVEIL_USERSET" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_unveil.c", line 879 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 188076 83230 0 0 0 0 syz-executor0542 *379251 6072 0 0 0x4000000 1K syz-executor0542 db_enter() at db_enter+0x18 panic() at panic+0x174 __assert(ffffffff81f7e6d6,ffffffff81f80d6e,36f,ffffffff81f8ba8b) at __assert+0x2e unveil_check_final(ffff800020b14008,ffff800020bd7178) at unveil_check_final+0x81d namei(ffff800020bd7178) at namei+0x88b domknodat(ffff800020b14008,ffffff9c,20000000,1,9) at domknodat+0xa1 syscall(ffff800020bd7440) at syscall+0x5b8 Xsyscall(6,0,95d8b67d0c8,0,95d8b67d0a8,95d8b67d0a0) at Xsyscall+0x128 end of kernel end trace frame: 0x960770bbee0, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic kernel diagnostic assertion "tname->un_flags & UNVEIL_USERSET" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_unveil.c", line 879 ddb{1}> trace db_enter() at db_enter+0x18 panic() at panic+0x174 __assert(ffffffff81f7e6d6,ffffffff81f80d6e,36f,ffffffff81f8ba8b) at __assert+0x2e unveil_check_final(ffff800020b14008,ffff800020bd7178) at unveil_check_final+0x81d namei(ffff800020bd7178) at namei+0x88b domknodat(ffff800020b14008,ffffff9c,20000000,1,9) at domknodat+0xa1 syscall(ffff800020bd7440) at syscall+0x5b8 Xsyscall(6,0,95d8b67d0c8,0,95d8b67d0a8,95d8b67d0a0) at Xsyscall+0x128 end of kernel end trace frame: 0x960770bbee0, count: -8 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff800020bd6f10 rbx 0xffff800020bd6fc0 rdx 0xffffffff81f8c339 apollo_pio_rec+0x95b5 rcx 0x201 rax 0x1 r8 0xffffffff818d1a13 kprintf+0x183 r9 0x1 r10 0x3232519bc764dc44 r11 0xe56f57608e673e4e r12 0x3000000008 r13 0xffff800020bd6f20 r14 0x100 r15 0x1 rip 0xffffffff814367b8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020bd6f00 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor0542) pid=379251 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800020b14710,0xffff800020b14270 process=0xffff800020b8c6a8 user=0xffff800020bd2000, vmspace=0xfffffd807effd9d8 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 83230 188076 44139 0 7 0 syz-executor0542 83230 345039 44139 0 3 0x4000080 fsleep syz-executor0542 83230 349846 44139 0 2 0x4000000 syz-executor0542 6072 454353 47238 0 3 0x80 nanosleep syz-executor0542 * 6072 379251 47238 0 7 0x4000000 syz-executor0542 6072 271292 47238 0 3 0x4000080 fsleep syz-executor0542 47238 315434 77280 0 3 0x80 nanosleep syz-executor0542 44139 406235 77280 0 3 0x80 nanosleep syz-executor0542 77280 278559 71955 0 3 0x82 nanosleep syz-executor0542 71955 266104 20907 0 3 0x10008a pause ksh 20907 31238 36118 0 3 0x92 select sshd 31050 197132 1 0 3 0x100083 ttyin getty 36118 116573 1 0 3 0x80 select sshd 25921 327829 29210 74 3 0x100092 bpf pflogd 29210 404171 1 0 3 0x80 netio pflogd 21566 249392 52849 73 3 0x100090 kqread syslogd 52849 333698 1 0 3 0x100082 netio syslogd 51467 281946 1 77 3 0x100090 poll dhclient 62264 471633 1 0 3 0x80 poll dhclient 75477 175140 0 0 3 0x14200 pgzero zerothread 20816 48725 0 0 3 0x14200 aiodoned aiodoned 88077 189037 0 0 3 0x14200 syncer update 95269 511677 0 0 3 0x14200 cleaner cleaner 51447 472680 0 0 3 0x14200 reaper reaper 68653 410278 0 0 3 0x14200 pgdaemon pagedaemon 56912 501566 0 0 3 0x14200 bored crynlk 20691 408393 0 0 3 0x14200 bored crypto 58819 452524 0 0 3 0x40014200 acpi0 acpi0 53679 292271 0 0 3 0x40014200 idle1 47393 487042 0 0 3 0x14200 bored softnet 51817 114847 0 0 3 0x14200 bored systqmp 48541 263023 0 0 3 0x14200 bored systq 97155 170841 0 0 3 0x40014200 bored softclock 58083 492715 0 0 3 0x40014200 idle0 65770 365599 0 0 3 0x14200 bored smr 1 231513 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 6072 (syz-executor0542) thread 0xffff800020b14008 (379251) exclusive rrwlock inode r = 0 (0xfffffd806d9fc0a0) locked @ /syzkaller/managers/multicore/kernel/sys/ufs/ufs/ufs_vnops.c:1547 #0 witness_lock+0x594 #1 _rw_enter+0x45d #2 _rrw_enter+0x60 #3 VOP_LOCK+0x57 #4 vn_lock+0x6e #5 vfs_lookup+0xf5 #6 namei+0x4b2 #7 domknodat+0xa1 #8 syscall+0x5b8 #9 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82349ce8) locked @ /syzkaller/managers/multicore/kernel/sys/sys/syscall_mi.h:90 #0 witness_lock+0x594 #1 syscall+0x48b #2 Xsyscall+0x128 ddb{1}>