panic: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_unveil.c", line 195
Stopped at      db_enter+0xa:   popq    %rbp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
 501748  52923      0     0x14000      0x200    0  reaper
db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x147 sys/kern/subr_prf.c:208
__assert(ffffffff81886774,ffff8000211aef10,ffff800004b59000,30) at __assert+0x24 sys/kern/subr_prf.c:155
unveil_destroy(ffff8000210b6018) at unveil_destroy+0x158 sys/kern/kern_unveil.c:195
exit1(10,ffff8000210a2e28,0) at exit1+0x280 sys/kern/kern_exit.c:215
sys_exit(ffffffff8147c203,ffff8000211aefc0,10) at sys_exit+0x13 sys/kern/kern_exit.c:94
syscall(0) at syscall+0x466 mi_syscall sys/sys/syscall_mi.h:99 [inline]
syscall(0) at syscall+0x466 sys/arch/amd64/amd64/trap.c:583
Xsyscall(0,1,0,1,0,7f7fffff4120) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff40d0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{1}> 
ddb{1}> set $lines = 0
ddb{1}> show panic
kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_unveil.c", line 195
ddb{1}> trace
db_enter() at db_enter+0xa sys/arch/amd64/amd64/db_interface.c:399
panic() at panic+0x147 sys/kern/subr_prf.c:208
__assert(ffffffff81886774,ffff8000211aef10,ffff800004b59000,30) at __assert+0x24 sys/kern/subr_prf.c:155
unveil_destroy(ffff8000210b6018) at unveil_destroy+0x158 sys/kern/kern_unveil.c:195
exit1(10,ffff8000210a2e28,0) at exit1+0x280 sys/kern/kern_exit.c:215
sys_exit(ffffffff8147c203,ffff8000211aefc0,10) at sys_exit+0x13 sys/kern/kern_exit.c:94
syscall(0) at syscall+0x466 mi_syscall sys/sys/syscall_mi.h:99 [inline]
syscall(0) at syscall+0x466 sys/arch/amd64/amd64/trap.c:583
Xsyscall(0,1,0,1,0,7f7fffff4120) at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7fffff40d0, count: -8
ddb{1}> show registers
rdi               0xffffffff81e34180    kprintf_mutex
rsi                              0x5
rbp               0xffff8000211aee70
rbx               0xffff8000211aef10
rdx                            0x3fd
rcx                                0
rax                                0
r8                0xffff8000211aee40
r9                0x8080808080808080
r10                0x2087013eb45d8d5
r11                                0
r12                     0x3000000008
r13               0xffff8000211aee80
r14                            0x100
r15               0xffffffff81b7f681    cmd0646_9_tim_udma+0x1f80e
rip               0xffffffff8149721a    db_enter+0xa
cs                               0x8
rflags                         0x246
rsp               0xffff8000211aee70
ss                              0x10
db_enter+0xa:   popq    %rbp
ddb{1}> show proc
PROC (syz-executor0) pid=482130 stat=onproc
    flags process=1018<EXITING,SUGID,SINGLEEXIT> proc=2000<WEXIT>
    pri=60, usrpri=60, nice=20
    forw=0xffffffffffffffff, list=0xffff8000210a39e0,0xffffffff81ee21d8
    process=0xffff8000210b6018 user=0xffff8000211aa000, vmspace=0xffffff0065a74740
    estcpu=10, cpticks=5, pctcpu=0.23
    user=0, sys=1, intr=0
ddb{1}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 31063  358494  28883  65534  3        0x90  nanosleep     syz-executor0
 28883   27038  50747      0  3        0x82  wait          syz-executor0
 13987  394200      0      0  3     0x14200  bored         sosplice
 50747  232310  83459      0  3        0x82  thrsleep      syz-fuzzer
 50747  515792  83459      0  3   0x4000082  thrsleep      syz-fuzzer
 50747  473811  83459      0  3   0x4000082  thrsleep      syz-fuzzer
 50747  309102  83459      0  3   0x4000082  kqread        syz-fuzzer
 50747  117608  83459      0  3   0x4000082  thrsleep      syz-fuzzer
 50747  175832  83459      0  3   0x4000082  thrsleep      syz-fuzzer
 50747  261670  83459      0  3   0x4000082  thrsleep      syz-fuzzer
 50747  496985  83459      0  3   0x4000082  thrsleep      syz-fuzzer
 50747    5321  83459      0  3   0x4000082  thrsleep      syz-fuzzer
 50747  348189  83459      0  3   0x4000082  thrsleep      syz-fuzzer
 50747  169634  83459      0  3   0x4000082  thrsleep      syz-fuzzer
 83459  108382  62635      0  3    0x10008a  pause         ksh
 62635  396530  42345      0  3        0x92  select        sshd
 91440  146224      1      0  3    0x100083  ttyin         getty
 42345  503571      1      0  3        0x80  select        sshd
 78082  484492  92280     73  3    0x100090  kqread        syslogd
 92280   86782      1      0  3    0x100082  netio         syslogd
 20725   10580      1     77  3    0x100090  poll          dhclient
 23223  357557      1      0  3        0x80  poll          dhclient
 66884   94176      0      0  3     0x14200  pgzero        zerothread
 85217  192132      0      0  3     0x14200  aiodoned      aiodoned
  1295  291922      0      0  3     0x14200  syncer        update
 98153  389402      0      0  3     0x14200  cleaner       cleaner
 52923  501748      0      0  7     0x14200                reaper
 99154  321425      0      0  3     0x14200  pgdaemon      pagedaemon
 82944   25756      0      0  3     0x14200  bored         crynlk
 17881  424130      0      0  3     0x14200  bored         crypto
 95371  146901      0      0  3  0x40014200  acpi0         acpi0
 14969  249271      0      0  3  0x40014200                idle1
 22759   47583      0      0  3     0x14200  bored         softnet
  5951   67628      0      0  3     0x14200  bored         systqmp
 78836  482149      0      0  3     0x14200  bored         systq
 73679  265830      0      0  3  0x40014200  bored         softclock
 32523  299167      0      0  3  0x40014200                idle0
     1    8095      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper