panic: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_unveil.c", line 200 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff81f92833,ffffffff81f40869,c8,ffffffff81f54fe5) at __assert+0x2e sys/kern/subr_prf.c:154 unveil_destroy(ffff8000ffff6d90) at unveil_destroy+0x19f sys/kern/kern_unveil.c:200 exit1(ffff8000151d3650,0,1) at exit1+0x38f sys/kern/kern_exit.c:218 sys_exit(ffff8000151d3650,ffff8000159ea0b0,ffff8000159ea120) at sys_exit+0x17 sys/kern/kern_exit.c:94 syscall(ffff8000159ea180) at syscall+0x508 Xsyscall(6,1,0,1,0,7f7ffffee334) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffee300, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_unveil.c", line 200 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff81f92833,ffffffff81f40869,c8,ffffffff81f54fe5) at __assert+0x2e sys/kern/subr_prf.c:154 unveil_destroy(ffff8000ffff6d90) at unveil_destroy+0x19f sys/kern/kern_unveil.c:200 exit1(ffff8000151d3650,0,1) at exit1+0x38f sys/kern/kern_exit.c:218 sys_exit(ffff8000151d3650,ffff8000159ea0b0,ffff8000159ea120) at sys_exit+0x17 sys/kern/kern_exit.c:94 syscall(ffff8000159ea180) at syscall+0x508 Xsyscall(6,1,0,1,0,7f7ffffee334) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7ffffee300, count: -8 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff8000159e9ec0 rbx 0xffff8000159e9f70 rdx 0x2 rcx 0 rax 0 r8 0xffff8000159e9e80 r9 0x1 r10 0 r11 0xabfa1eef90d6b6e9 r12 0x3000000008 r13 0xffff8000159e9ed0 r14 0x100 r15 0x1 rip 0xffffffff8150cff8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff8000159e9eb0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=306410 stat=onproc flags process=1008 proc=2000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000151d2ee8,0xffffffff822e3440 process=0xffff8000ffff6d90 user=0xffff8000159e5000, vmspace=0xfffffd803f014ee0 estcpu=36, cpticks=29, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 82514 331344 1 0 3 0x100083 ttyin getty 58581 119320 0 0 3 0x14200 bored sosplice 57011 209949 95047 0 3 0x82 nanosleep syz-executor.1 76773 66378 95047 0 3 0x82 piperd syz-executor.0 95047 104950 69623 0 3 0x82 thrsleep syz-fuzzer 95047 228197 69623 0 3 0x4000082 thrsleep syz-fuzzer 95047 368981 69623 0 3 0x4000082 thrsleep syz-fuzzer 95047 438445 69623 0 3 0x4000082 thrsleep syz-fuzzer 95047 13337 69623 0 3 0x4000082 thrsleep syz-fuzzer 95047 438370 69623 0 3 0x4000082 kqread syz-fuzzer 95047 176056 69623 0 3 0x4000082 thrsleep syz-fuzzer 69623 406713 72679 0 3 0x10008a pause ksh 72679 360194 84045 0 3 0x92 select sshd 84045 311660 1 0 3 0x80 select sshd 48075 131139 15355 73 3 0x100090 kqread syslogd 15355 241932 1 0 3 0x100082 netio syslogd 23687 36843 1 77 3 0x100090 poll dhclient 78440 433352 1 0 3 0x80 poll dhclient 91249 80028 0 0 3 0x14200 pgzero zerothread 17287 143868 0 0 3 0x14200 aiodoned aiodoned 85447 330381 0 0 3 0x14200 syncer update 3692 297873 0 0 3 0x14200 cleaner cleaner 74641 352022 0 0 3 0x14200 reaper reaper 63556 308598 0 0 3 0x14200 pgdaemon pagedaemon 90840 81254 0 0 3 0x14200 bored crynlk 82286 350714 0 0 3 0x14200 bored crypto 20989 94184 0 0 3 0x40014200 acpi0 acpi0 66731 216787 0 0 3 0x14200 bored softnet 57250 282447 0 0 3 0x14200 bored systqmp 42283 317890 0 0 3 0x14200 bored systq 29835 302471 0 0 3 0x40014200 bored softclock 1712 122701 0 0 3 0x40014200 idle0 8679 479418 0 0 3 0x14200 bored smr 1 449499 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9491 6343K 6973K 78643K 12593 0 0 pcb 13 8K 8K 78643K 73 0 0 rtable 113 4K 4K 78643K 333 0 0 ifaddr 53 12K 13K 78643K 115 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 57 0 0 iov 0 0K 28K 78643K 100 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1216 76K 77K 78643K 1891 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 9 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 0K 1K 78643K 60 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 4 9K 25K 78643K 725 0 0 sigio 0 0K 0K 78643K 22 0 0 proc 45 38K 54K 78643K 426 0 0 subproc 32 2K 2K 78643K 34 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 66 0 0 in_multi 33 2K 2K 78643K 43 0 0 ether_multi 1 0K 0K 78643K 2 0 0 mrt 0 0K 0K 78643K 4 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 66 291K 291K 78643K 66 0 0 exec 0 0K 1K 78643K 251 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 90 20K 21K 78643K 2513 0 0 UVM aobj 20 2K 2K 78643K 24 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 37 0 0 NDP 10 0K 0K 78643K 30 0 0 temp 157 2731K 2799K 78643K 5296 0 0 kqueue 0 0K 0K 78643K 4 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 7 0 0 1 0 1 1 0 8 0 rtpcb 80 53 0 51 1 0 1 1 0 8 0 rtentry 112 46 0 1 2 0 2 2 0 8 0 unpcb 120 255 0 247 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 1292 0 1292 1 1 0 1 0 8 0 tcpcb 544 98 0 94 1 0 1 1 0 8 0 inpcb 280 286 0 277 2 0 2 2 0 8 1 nd6 48 6 0 0 1 0 1 1 0 8 0 pkpcb 40 6 0 6 2 2 0 1 0 8 0 ppxss 1128 13 0 13 2 1 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 190 0 0 12 0 12 12 0 8 0 art_table 32 191 0 0 2 0 2 2 0 8 0 art_node 16 45 0 4 1 0 1 1 0 8 0 sysvmsgpl 40 14 0 10 2 1 1 1 0 8 0 semapl 112 58 0 48 1 0 1 1 0 8 0 shmpl 112 22 0 4 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2568 0 1157 46 0 46 46 0 8 0 ffsino 240 2568 0 1157 84 0 84 84 0 8 0 nchpl 144 3791 0 2151 62 0 62 62 0 8 0 uvmvnodes 72 3070 0 0 56 0 56 56 0 8 0 vnodes 200 3070 0 0 162 0 162 162 0 8 0 namei 1024 10843 0 10843 1 0 1 1 0 8 1 scxspl 192 11110 0 11110 13 10 3 7 0 8 3 plimitpl 152 71 0 64 1 0 1 1 0 8 0 sigapl 432 897 0 884 2 0 2 2 0 8 0 futexpl 56 11331 0 11331 1 0 1 1 0 8 1 knotepl 112 190 0 171 1 0 1 1 0 8 0 kqueuepl 104 168 0 166 1 0 1 1 0 8 0 pipepl 112 466 0 447 1 0 1 1 0 8 0 fdescpl 424 898 0 885 2 0 2 2 0 8 0 filepl 120 5032 0 4938 4 0 4 4 0 8 1 lockfpl 104 244 0 244 2 1 1 1 0 8 1 lockfspl 48 83 0 83 2 1 1 1 0 8 1 sessionpl 112 18 0 8 1 0 1 1 0 8 0 pgrppl 48 34 0 24 1 0 1 1 0 8 0 ucredpl 96 918 0 911 1 0 1 1 0 8 0 zombiepl 144 885 0 884 1 0 1 1 0 8 0 processpl 864 913 0 884 4 0 4 4 0 8 0 procpl 632 1830 0 1795 4 0 4 4 0 8 0 sosppl 128 8 0 8 2 2 0 1 0 8 0 sockpl 384 602 0 585 3 0 3 3 0 8 1 mcl64k 65536 249 0 249 29 15 14 29 0 8 14 mcl16k 16384 4 0 4 3 2 1 1 0 8 1 mcl12k 12288 11 0 11 2 1 1 1 0 8 1 mcl9k 9216 11 0 11 2 1 1 1 0 8 1 mcl8k 8192 11 0 11 4 3 1 1 0 8 1 mcl4k 4096 30 0 30 3 2 1 1 0 8 1 mcl2k2 2112 4 0 4 2 2 0 1 0 8 0 mcl2k 2048 54881 0 54838 19 13 6 16 0 8 0 mtagpl 80 26 0 2 2 1 1 1 0 8 0 mbufpl 256 90567 0 90439 26 14 12 21 0 8 3 bufpl 256 8333 0 3514 302 0 302 302 0 8 0 anonpl 16 79605 0 67776 61 10 51 55 0 62 3 amapchunkpl 152 3481 0 3370 8 2 6 7 0 158 0 amappl16 192 4050 0 3394 42 8 34 38 0 8 1 amappl14 176 402 0 395 1 0 1 1 0 8 0 amappl13 168 14 0 13 1 0 1 1 0 8 0 amappl12 160 4 0 2 1 0 1 1 0 8 0 amappl11 152 50 0 39 1 0 1 1 0 8 0 amappl10 144 65 0 62 1 0 1 1 0 8 0 amappl9 136 692 0 687 1 0 1 1 0 8 0 amappl8 128 475 0 459 1 0 1 1 0 8 0 amappl7 120 32 0 27 1 0 1 1 0 8 0 amappl6 112 50 0 44 1 0 1 1 0 8 0 amappl5 104 557 0 547 1 0 1 1 0 8 0 amappl4 96 1124 0 1097 1 0 1 1 0 8 0 amappl3 88 535 0 523 1 0 1 1 0 8 0 amappl2 80 6351 0 6283 3 1 2 3 0 8 0 amappl1 72 24959 0 24537 24 15 9 19 0 8 0 amappl 80 2051 0 2012 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 23 0 4 1 0 1 1 0 8 0 uaddrrnd 24 898 0 884 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 898 0 884 1 0 1 1 0 8 0 vmmpekpl 168 8816 0 8791 2 0 2 2 0 8 0 vmmpepl 168 110823 0 109103 106 26 80 93 0 357 2 vmsppl 272 897 0 884 2 1 1 2 0 8 0 pdppl 4096 1802 0 1768 6 1 5 6 0 8 0 pvpl 32 246496 0 231295 145 10 135 139 0 265 12 pmappl 200 897 0 884 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 498 0 53 14 0 14 14 0 8 0