login: panic: kernel diagnostic assertion "tname->un_flags & UNVEIL_USERSET" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_unveil.c", line 879
Stopped at      db_enter+0x18:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
 152900  88482      0           0          0    1  syz-executor7631
*201929  43954      0           0  0x4000000    0K syz-executor7631
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x174 sys/kern/subr_prf.c:208
__assert(ffffffff81f7c61c,ffffffff81f2d7dd,36f,ffffffff81f8730a) at __assert+0x2e sys/kern/subr_prf.c:155
unveil_check_final(ffff800020b14710,ffff800020bc5930) at unveil_check_final+0x81d sys/kern/kern_unveil.c:879
namei(ffff800020bc5930) at namei+0x88b sys/kern/vfs_lookup.c:232
vn_open(ffff800020bc5930,212,0) at vn_open+0x157 sys/kern/vfs_vnops.c:103
doopenat(ffff800020b14710,ffffff9c,20000000,611,0,ffff800020bc5b70) at doopenat+0x2ca sys/kern/vfs_syscalls.c:1045
syscall(ffff800020bc5c20) at syscall+0x5b8 mi_syscall sys/sys/syscall_mi.h:99 [inline]
syscall(ffff800020bc5c20) at syscall+0x5b8 sys/arch/amd64/amd64/trap.c:574
Xsyscall(6,0,c23b4f350c8,0,c23b4f350a8,c23b4f350a0) at Xsyscall+0x128
end of kernel
end trace frame: 0xc2602cf33a0, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{0}> 
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
kernel diagnostic assertion "tname->un_flags & UNVEIL_USERSET" failed: file "/syzkaller/managers/setuid/kernel/sys/kern/kern_unveil.c", line 879
ddb{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x174 sys/kern/subr_prf.c:208
__assert(ffffffff81f7c61c,ffffffff81f2d7dd,36f,ffffffff81f8730a) at __assert+0x2e sys/kern/subr_prf.c:155
unveil_check_final(ffff800020b14710,ffff800020bc5930) at unveil_check_final+0x81d sys/kern/kern_unveil.c:879
namei(ffff800020bc5930) at namei+0x88b sys/kern/vfs_lookup.c:232
vn_open(ffff800020bc5930,212,0) at vn_open+0x157 sys/kern/vfs_vnops.c:103
doopenat(ffff800020b14710,ffffff9c,20000000,611,0,ffff800020bc5b70) at doopenat+0x2ca sys/kern/vfs_syscalls.c:1045
syscall(ffff800020bc5c20) at syscall+0x5b8 mi_syscall sys/sys/syscall_mi.h:99 [inline]
syscall(ffff800020bc5c20) at syscall+0x5b8 sys/arch/amd64/amd64/trap.c:574
Xsyscall(6,0,c23b4f350c8,0,c23b4f350a8,c23b4f350a0) at Xsyscall+0x128
end of kernel
end trace frame: 0xc2602cf33a0, count: -9
ddb{0}> show registers
rdi                                0
rsi                              0x1
rbp               0xffff800020bc5570
rbx               0xffff800020bc5620
rdx               0xffffffff81f1e360    cmd0646_9_tim_udma+0x129e0
rcx                            0x201
rax                              0x1
r8                0xffffffff813481d3    kprintf+0x183
r9                               0x1
r10               0x1c4d0ddc370497cc
r11               0x2f7ef1034f66fa98
r12                     0x3000000008
r13               0xffff800020bc5580
r14                            0x100
r15                              0x1
rip               0xffffffff81266358    db_enter+0x18
cs                               0x8
rflags                         0x246
rsp               0xffff800020bc5560
ss                              0x10
db_enter+0x18:  addq    $0x8,%rsp
ddb{0}> show proc
PROC (syz-executor7631) pid=201929 stat=onproc
    flags process=0 proc=4000000<THREAD>
    pri=66, usrpri=66, nice=20
    forw=0xffffffffffffffff, list=0xffff800020b15520,0xffff800020b14bd0
    process=0xffff800020b3a358 user=0xffff800020bc0000, vmspace=0xfffffd806e926b48
    estcpu=36, cpticks=1, pctcpu=0.0
    user=0, sys=1, intr=0
ddb{0}> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 88482  152900  54740      0  7           0                syz-executor7631
 88482  514709  54740      0  2   0x4000000                syz-executor7631
 88482  357068  54740      0  2   0x4000000                syz-executor7631
 43954  407203  44113      0  3        0x80  nanosleep     syz-executor7631
*43954  201929  44113      0  7   0x4000000                syz-executor7631
 43954   50772  44113      0  3   0x4000080  fsleep        syz-executor7631
 54740  381142  63189      0  3        0x80  nanosleep     syz-executor7631
 44113  384815  63189      0  3        0x80  nanosleep     syz-executor7631
 63189  515357  26489      0  3        0x82  nanosleep     syz-executor7631
 26489   42264  86796      0  3    0x10008a  pause         ksh
 86796  184689  93217      0  3        0x92  select        sshd
 83005  186881      1      0  3    0x100083  ttyin         getty
 93217  329001      1      0  3        0x80  select        sshd
 17882  463197   2492     73  3    0x100090  kqread        syslogd
  2492   93388      1      0  3    0x100082  netio         syslogd
 21845  316095      1     77  3    0x100090  poll          dhclient
 15722   71616      1      0  3        0x80  poll          dhclient
 17708  159004      0      0  2     0x14200                zerothread
 27693  189949      0      0  3     0x14200  aiodoned      aiodoned
 51608   61558      0      0  3     0x14200  syncer        update
   758  426718      0      0  3     0x14200  cleaner       cleaner
 70808  382555      0      0  3     0x14200  reaper        reaper
 41140  175598      0      0  3     0x14200  pgdaemon      pagedaemon
 43279  173203      0      0  3     0x14200  bored         crynlk
 54515  450218      0      0  3     0x14200  bored         crypto
 61623  198302      0      0  3  0x40014200  acpi0         acpi0
 86810  444973      0      0  3  0x40014200                idle1
 36439    9786      0      0  3     0x14200  bored         softnet
 53971  421171      0      0  3     0x14200  bored         systqmp
 93126  159034      0      0  3     0x14200  bored         systq
 61886  513204      0      0  2  0x40014200                softclock
 92339  147684      0      0  3  0x40014200                idle0
  7787  201342      0      0  3     0x14200  bored         smr
     1  137160      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb{0}> show all locks
Process 43954 (syz-executor7631) thread 0xffff800020b14710 (201929)
exclusive rrwlock inode r = 0 (0xfffffd806dbb7e70) locked @ /syzkaller/managers/setuid/kernel/sys/ufs/ufs/ufs_vnops.c:1547
#0  witness_lock+0x594 sys/kern/subr_witness.c:1201
#1  _rw_enter+0x45d sys/kern/kern_rwlock.c:280
#2  _rrw_enter+0x60 sys/kern/kern_rwlock.c:410
#3  VOP_LOCK+0x57 sys/kern/vfs_vops.c:602
#4  vn_lock+0x6e sys/kern/vfs_vnops.c:549
#5  vget+0x1c3 sys/kern/vfs_subr.c:672
#6  cache_lookup+0x300 sys/kern/vfs_cache.c:224
#7  ufs_lookup+0x1d7 sys/ufs/ufs/ufs_lookup.c:162
#8  VOP_LOOKUP+0x67 sys/kern/vfs_vops.c:90
#9  vfs_lookup+0x556 sys/kern/vfs_lookup.c:523
#10 namei+0x4b2 sys/kern/vfs_lookup.c:224
#11 vn_open+0x157 sys/kern/vfs_vnops.c:103
#12 doopenat+0x2ca sys/kern/vfs_syscalls.c:1045
#13 syscall+0x5b8 mi_syscall sys/sys/syscall_mi.h:99 [inline]
#13 syscall+0x5b8 sys/arch/amd64/amd64/trap.c:574
#14 Xsyscall+0x128
exclusive rrwlock inode r = 0 (0xfffffd806ee07708) locked @ /syzkaller/managers/setuid/kernel/sys/ufs/ufs/ufs_vnops.c:1547
#0  witness_lock+0x594 sys/kern/subr_witness.c:1201
#1  _rw_enter+0x45d sys/kern/kern_rwlock.c:280
#2  _rrw_enter+0x60 sys/kern/kern_rwlock.c:410
#3  VOP_LOCK+0x57 sys/kern/vfs_vops.c:602
#4  vn_lock+0x6e sys/kern/vfs_vnops.c:549
#5  vfs_lookup+0xf5 sys/kern/vfs_lookup.c:387
#6  namei+0x4b2 sys/kern/vfs_lookup.c:224
#7  vn_open+0x157 sys/kern/vfs_vnops.c:103
#8  doopenat+0x2ca sys/kern/vfs_syscalls.c:1045
#9  syscall+0x5b8 mi_syscall sys/sys/syscall_mi.h:99 [inline]
#9  syscall+0x5b8 sys/arch/amd64/amd64/trap.c:574
#10 Xsyscall+0x128
exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82397440) locked @ /syzkaller/managers/setuid/kernel/sys/sys/syscall_mi.h:90
#0  witness_lock+0x594 sys/kern/subr_witness.c:1201
#1  syscall+0x48b mi_syscall sys/sys/syscall_mi.h:91 [inline]
#1  syscall+0x48b sys/arch/amd64/amd64/trap.c:574
#2  Xsyscall+0x128
ddb{0}>