panic: kernel diagnostic assertion "ps->ps_uvncount == 0" faile d: file "/syzkaller/managers/main/kernel/sys/kern/kern_unveil.c ", line 188 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b4120) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83068a43,ffffffff83037d30,bc,ffffffff82fead27) at __assert+0x29 unveil_destroy(ffff80002a4659b8) at unveil_destroy+0x1dd sys/kern/kern_unveil.c:188 exit1(ffff80002a5b5968,0,0,1) at exit1+0x60f sys/kern/kern_exit.c:233 sys_exit(ffff80002a5b5968,ffff8000374258e0,ffff800037425830) at sys_exit+0x1a syscall(ffff8000374258e0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7902a3e61d20, count: 7 https://www.openbsd.org/ddb.html describes the minimum info req uired in bug reports. Insufficient info makes it difficult to find and fix b ugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_unveil.c", line 188 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b4120) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83068a43,ffffffff83037d30,bc,ffffffff82fead27) at __assert+0x29 unveil_destroy(ffff80002a4659b8) at unveil_destroy+0x1dd sys/kern/kern_unveil.c:188 exit1(ffff80002a5b5968,0,0,1) at exit1+0x60f sys/kern/kern_exit.c:233 sys_exit(ffff80002a5b5968,ffff8000374258e0,ffff800037425830) at sys_exit+0x1a syscall(ffff8000374258e0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7902a3e61d20, count: -8 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800037425630 rbx 0xffff80002a4659b8 rdx 0 rcx 0 rax 0xffff80002a5b5968 r8 0 r9 0x8080808080808080 r10 0x5f773ccd95e75857 r11 0xed2fdc44fdf44982 r12 0 r13 0x2 r14 0 r15 0x1 rip 0xffffffff81cf7a65 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff800037425620 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=329082 pid=10858 tcnt=0 stat=onproc flags process=1008 proc=2000 runpri=32, usrpri=86, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0xffff80002a5b5968 scnt=-1 ecnt=1 forw=0xffffffffffffffff, list=0xffff80002a5b4a38,0xffff80003766b708 process=0xffff80002a4659b8 user=0xffff800037420000, vmspace=0xfffffd807eb95810 estcpu=36, cpticks=19, pctcpu=0.1, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 4359 496101 58855 0 2 0 syz-executor 70676 5765 16994 0 2 0 syz-executor 70676 53321 16994 0 3 0x4000080 fsleep syz-executor 70676 114526 16994 0 2 0x4000000 syz-executor 34771 141857 40416 0 2 0x480 syz-executor 34771 72964 40416 0 3 0x4000080 fsleep syz-executor 86564 40466 47569 0 2 0x100002 sh 84034 301299 60049 0 2 0 syz-executor 84034 57940 60049 0 2 0x4000000 syz-executor 84034 438250 60049 0 2 0x4000000 syz-executor 72851 106397 73766 0 2 0 syz-executor 72851 283772 73766 0 3 0x4000080 fsleep syz-executor 72851 410634 73766 0 3 0x4000080 fsleep syz-executor 72851 471889 73766 0 3 0x4000080 fsleep syz-executor 27681 431462 67114 0 2 0x2 syz-executor 52077 420016 67114 0 2 0x482 syz-executor 47569 520277 67114 0 3 0x82 wait syz-executor 40416 115513 67114 0 2 0x482 syz-executor 16994 352292 67114 0 2 0x482 syz-executor 60049 289563 67114 0 2 0x482 syz-executor 58855 405260 67114 0 2 0x482 syz-executor 73766 407876 67114 0 2 0x482 syz-executor 44702 259125 1 0 3 0x100083 ttyin getty 11989 293280 0 0 3 0x14200 acct acct 88296 371341 0 0 3 0x14200 bored sosplice 67114 102136 20928 0 3 0x82 kqread syz-executor 20928 109940 83356 0 3 0x10008a sigsusp ksh 83356 29207 88766 0 3 0x98 kqread sshd-session 88766 93072 82406 0 3 0x92 kqread sshd-session 82406 302147 1 0 3 0x88 kqread sshd 69833 212789 67959 73 2 0x1100010 syslogd 67959 83781 1 0 3 0x100082 sbwait syslogd 48247 428329 1 0 3 0x100080 kqread resolvd 27679 277635 71026 77 3 0x100092 kqread dhcpleased 10056 98554 71026 77 3 0x100092 kqread dhcpleased 71026 108823 1 0 3 0x80 kqread dhcpleased 85547 158267 0 0 3 0x14200 bored smr 46098 487627 0 0 2 0x14200 zerothread 52400 416746 0 0 3 0x14200 aiodoned aiodoned 49831 356410 0 0 3 0x14200 syncer update 98751 124594 0 0 3 0x14200 cleaner cleaner 80919 161665 0 0 2 0x14200 reaper 61120 210718 0 0 3 0x14200 pgdaemon pagedaemon 13062 174594 0 0 3 0x14200 bored viomb 72711 438120 0 0 3 0x40014200 acpi0 acpi0 35181 439453 0 0 3 0x14200 bored softnet3 11136 425589 0 0 3 0x14200 bored softnet2 7815 426393 0 0 3 0x14200 bored softnet1 56806 41896 0 0 3 0x14200 bored softnet0 79762 291606 0 0 3 0x14200 bored systqmp 84230 352471 0 0 3 0x14200 bored systq 83648 95234 0 0 3 0x40014200 tmoslp softclock 43592 41273 0 0 3 0x40014200 idle0 1 97338 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10209 11123K 11514K 166960K 13845 0 pcb 17 18K 20K 166960K 460 0 rtable 186 6K 8K 166960K 2838 0 pf 34 13K 22K 166960K 395 0 ifaddr 37 7K 8K 166960K 387 0 ifgroup 50 2K 2K 166960K 429 0 sysctl 4 1K 3K 166960K 9 0 counters 30 17K 17K 166960K 128 0 ioctlops 0 0K 4K 166960K 423 0 iov 0 0K 16K 166960K 242 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1500 94K 95K 166960K 3891 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 68K 72K 166960K 32 0 VM map 2 1K 1K 166960K 2 0 sem 16 32K 32K 166960K 129 0 dirhash 15 2K 3K 166960K 48 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 16 57K 97K 166960K 2804 0 sigio 0 0K 0K 166960K 202 0 proc 64 75K 124K 166960K 2683 0 subproc 104 6K 7K 166960K 1067 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 304 0 in_multi 81 5K 7K 166960K 1033 0 ether_multi 1 0K 0K 166960K 21 0 mrt 1 0K 0K 166960K 6 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 247 1102K 1102K 166960K 247 0 exec 0 0K 1K 166960K 1646 0 pfkey data 0 0K 0K 166960K 3 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 213 72K 92K 166960K 22796 0 UVM aobj 52 4K 4K 166960K 61 0 pinsyscall 38 76K 104K 166960K 5747 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 103 0 NDP 11 0K 2K 166960K 279 0 temp 77 6816K 6909K 166960K 58705 0 kqueue 13 20K 29K 166960K 315 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 422 0 418 3 2 1 2 0 8 0 rtentry 112 1021 0 939 5 1 4 4 0 8 0 unpcb 144 1536 0 1519 10 9 1 7 0 8 0 syncache 336 6 0 6 2 1 1 1 0 8 1 tcpqe 32 3 0 3 2 1 1 1 0 8 1 tcpcb 808 466 0 462 6 4 2 4 0 8 1 arp 88 182 0 168 1 0 1 1 0 8 0 ipq 40 9 0 8 2 1 1 1 0 8 0 ipqe 40 89 0 88 2 1 1 1 0 8 0 inpcb 336 2740 0 2729 25 23 2 15 0 8 1 nd6 104 275 0 256 1 0 1 1 0 8 0 pkpcb 40 79 0 79 3 2 1 1 0 8 1 kcovpl 48 82 0 74 1 0 1 1 0 8 0 ppxss 1072 11 0 11 2 2 0 1 0 8 0 pfstscr 40 2 0 2 2 2 0 1 0 8 0 pfrktable 1344 1 0 1 1 1 0 1 0 8 0 pfanchor 1288 6 0 6 1 1 0 1 0 8 0 pftag 88 1 0 1 1 1 0 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 5 0 3 1 0 1 1 0 8 0 pfstate 344 3 0 2 1 0 1 1 0 8 0 pfrule 1344 7 0 7 1 1 0 1 0 8 0 art_heap8 4096 2 0 0 2 0 2 2 0 8 0 art_heap4 256 4185 0 3820 33 3 30 32 0 8 5 art_table 32 4187 0 3820 5 1 4 5 0 8 0 art_node 16 1014 0 941 1 0 1 1 0 8 0 sysvmsgpl 40 18 0 8 1 0 1 1 0 8 0 semupl 112 1 0 1 1 1 0 1 0 8 0 semapl 112 124 0 110 1 0 1 1 0 8 0 shmpl 112 58 0 9 2 0 2 2 0 8 0 dirhash 1024 41 0 22 3 0 3 3 0 8 0 dino2pl 256 4751 0 3116 103 0 103 103 0 8 0 ffsino 240 4751 0 3116 98 0 98 98 0 8 1 nchpl 144 7347 0 6704 66 39 27 66 0 8 0 uvmvnodes 80 6692 0 0 137 0 137 137 0 8 0 vnodes 216 6692 0 0 372 0 372 372 0 8 0 namei 1024 32916 0 32915 5 3 2 2 0 8 1 kstatmem 264 218 0 196 2 0 2 2 0 8 0 scsiplug 72 1 0 1 1 1 0 1 0 8 0 scxspl 216 56847 0 56847 11 10 1 8 1 8 1 plimitpl 152 735 0 718 1 0 1 1 0 8 0 sigapl 424 2985 0 2938 9 3 6 8 0 8 0 futexpl 64 25477 0 25472 2 1 1 1 0 8 0 knotepl 120 65012 0 64965 34 30 4 17 0 8 2 kqueuepl 184 668 0 658 4 3 1 4 0 8 0 pipepl 288 555 0 528 5 2 3 5 0 8 0 fdescpl 432 2923 0 2895 5 1 4 5 0 8 0 filepl 120 17020 0 16774 19 10 9 15 0 8 1 lockfpl 104 621 0 617 1 0 1 1 0 8 0 lockfspl 48 200 0 196 1 0 1 1 0 8 0 sessionpl 144 98 0 90 1 0 1 1 0 8 0 pgrppl 48 215 0 199 1 0 1 1 0 8 0 ucredpl 104 2789 0 2778 1 0 1 1 0 8 0 zombiepl 144 3031 0 3030 2 1 1 1 0 8 0 processpl 1096 2986 0 2938 6 2 4 6 0 8 0 procpl 648 5426 0 5369 8 2 6 7 0 8 0 sosppl 168 13 0 13 3 2 1 1 0 8 1 sockpl 504 4815 0 4784 78 72 6 34 0 8 1 mcl64k 65536 105 0 105 3 2 1 1 0 8 1 mcl16k 16384 6 0 6 2 2 0 1 0 8 0 mcl12k 12288 3 0 3 2 2 0 1 0 8 0 mcl8k 8192 64 0 64 2 2 0 1 0 8 0 mcl4k 4096 5158 0 5109 19 12 7 18 0 8 0 mcl2k2 2112 3 0 3 2 2 0 1 0 8 0 mcl2k 2048 3433 0 3428 9 6 3 5 0 8 2 mtagpl 96 83 0 83 3 2 1 1 0 8 1 mbufpl 256 30097 0 29945 42 27 15 34 0 8 3 bufpl 280 10259 0 3254 501 0 501 501 0 8 0 anonpl 24 417789 0 414509 113 63 50 80 0 187 17 amapchunkpl 152 74454 0 74004 63 32 31 44 0 158 10 amappl16 200 6611 0 6598 49 47 2 15 0 8 1 amappl15 192 11 0 11 1 1 0 1 0 8 0 amappl14 184 261 0 251 1 0 1 1 0 8 0 amappl13 176 6 0 5 1 0 1 1 0 8 0 amappl12 168 4709 0 4679 3 1 2 3 0 8 0 amappl11 160 51 0 41 1 0 1 1 0 8 0 amappl10 152 8 0 8 1 1 0 1 0 8 0 amappl9 144 106 0 106 1 1 0 1 0 8 0 amappl8 136 17 0 16 1 0 1 1 0 8 0 amappl7 128 247 0 236 1 0 1 1 0 8 0 amappl6 120 898 0 895 1 0 1 1 0 8 0 amappl5 112 424 0 414 1 0 1 1 0 8 0 amappl4 104 503 0 489 1 0 1 1 0 8 0 amappl3 96 14733 0 14630 5 1 4 4 0 8 1 amappl2 88 1693 0 1629 2 0 2 2 0 8 0 amappl1 80 19793 0 19275 14 2 12 14 0 8 1 amappl 88 21742 0 21583 6 1 5 5 0 92 0 dma65536 65536 1 0 1 1 1 0 1 0 8 0 dma4096 4096 2 0 2 2 2 0 1 0 8 0 dma1024 1024 3 0 2 1 0 1 1 0 8 0 dma256 256 8 0 8 2 2 0 1 0 8 0 dma128 128 254 0 254 1 1 0 1 0 8 0 dma64 64 7 0 7 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 60 0 9 1 0 1 1 0 8 0 uaddrrnd 24 2923 0 2894 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2923 0 2894 1 0 1 1 0 8 0 vmmpekpl 168 22772 0 22721 3 0 3 3 0 8 0 vmmpepl 168 179655 0 177973 99 20 79 88 0 357 2 vmsppl 344 2922 0 2894 4 1 3 4 0 8 0 rwobjpl 24 54832 0 47253 46 0 46 46 0 8 0 pdppl 4096 5852 0 5788 211 141 70 82 0 8 6 pvpl 32 1503048 0 1493404 585 362 223 348 0 265 126 pmappl 216 2922 0 2894 3 1 2 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 654 0 305 12 0 12 12 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b4120) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83068a43,ffffffff83037d30,bc,ffffffff82fead27) at __assert+0x29 unveil_destroy(ffff80002a4659b8) at unveil_destroy+0x1dd sys/kern/kern_unveil.c:188 exit1(ffff80002a5b5968,0,0,1) at exit1+0x60f sys/kern/kern_exit.c:233 sys_exit(ffff80002a5b5968,ffff8000374258e0,ffff800037425830) at sys_exit+0x1a syscall(ffff8000374258e0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7902a3e61d20, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830b4120) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83068a43,ffffffff83037d30,bc,ffffffff82fead27) at __assert+0x29 unveil_destroy(ffff80002a4659b8) at unveil_destroy+0x1dd sys/kern/kern_unveil.c:188 exit1(ffff80002a5b5968,0,0,1) at exit1+0x60f sys/kern/kern_exit.c:233 sys_exit(ffff80002a5b5968,ffff8000374258e0,ffff800037425830) at sys_exit+0x1a syscall(ffff8000374258e0) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7902a3e61d20, count: -8