panic: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_unveil.c", line 200 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821db7e1,ffffffff82183fef,c8,ffffffff8219a56f) at __assert+0x2e sys/kern/subr_prf.c:154 unveil_destroy(ffff8000ffff7450) at unveil_destroy+0x19f sys/kern/kern_unveil.c:200 exit1(ffff800014915160,0,1) at exit1+0x38f sys/kern/kern_exit.c:218 sys_exit(ffff800014915160,ffff80001488cc40,ffff80001488ccb0) at sys_exit+0x17 sys/kern/kern_exit.c:94 syscall(ffff80001488cd10) at syscall+0x508 Xsyscall(6,1,0,1,0,7f7fffffae64) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffae30, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_unveil.c", line 200 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821db7e1,ffffffff82183fef,c8,ffffffff8219a56f) at __assert+0x2e sys/kern/subr_prf.c:154 unveil_destroy(ffff8000ffff7450) at unveil_destroy+0x19f sys/kern/kern_unveil.c:200 exit1(ffff800014915160,0,1) at exit1+0x38f sys/kern/kern_exit.c:218 sys_exit(ffff800014915160,ffff80001488cc40,ffff80001488ccb0) at sys_exit+0x17 sys/kern/kern_exit.c:94 syscall(ffff80001488cd10) at syscall+0x508 Xsyscall(6,1,0,1,0,7f7fffffae64) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffae30, count: -8 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80001488ca50 rbx 0xffff80001488cb00 rdx 0x2 rcx 0 rax 0 r8 0xffff80001488ca10 r9 0x1 r10 0 r11 0x2dc9627b8a3e48d2 r12 0x3000000008 r13 0xffff80001488ca60 r14 0x100 r15 0x1 rip 0xffffffff81f7c338 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80001488ca40 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=313645 stat=onproc flags process=1008 proc=2000 pri=32, usrpri=70, nice=20 forw=0xffffffffffffffff, list=0xffff800014914290,0xffffffff82588530 process=0xffff8000ffff7450 user=0xffff800014887000, vmspace=0xfffffd803f014dd0 estcpu=20, cpticks=15, pctcpu=0.13 user=0, sys=2, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 66296 126221 0 0 3 0x14200 acct acct 39633 216349 0 0 3 0x14200 bored sosplice 19986 501220 1 0 3 0x82 nanosleep getty 93146 306443 41695 0 2 0x482 syz-executor.1 41695 351659 38308 0 3 0x82 kqread syz-fuzzer 41695 444223 38308 0 3 0x4000082 thrsleep syz-fuzzer 41695 406323 38308 0 3 0x4000082 thrsleep syz-fuzzer 41695 20291 38308 0 3 0x4000082 thrsleep syz-fuzzer 41695 186306 38308 0 3 0x4000082 thrsleep syz-fuzzer 41695 118909 38308 0 3 0x4000082 thrsleep syz-fuzzer 41695 82862 38308 0 3 0x4000082 thrsleep syz-fuzzer 38308 410232 7377 0 3 0x10008a pause ksh 7377 443634 45303 0 3 0x92 select sshd 45303 8895 1 0 3 0x80 select sshd 38526 123623 73756 73 3 0x100090 kqread syslogd 73756 305643 1 0 3 0x100082 netio syslogd 44312 295829 1 77 3 0x100090 poll dhclient 51233 454508 1 0 3 0x80 poll dhclient 83072 42174 0 0 2 0x14200 zerothread 16047 373611 0 0 3 0x14200 aiodoned aiodoned 43166 448983 0 0 3 0x14200 syncer update 29723 429979 0 0 3 0x14200 cleaner cleaner 80142 14663 0 0 3 0x14200 reaper reaper 77319 404293 0 0 3 0x14200 pgdaemon pagedaemon 37691 401018 0 0 3 0x14200 bored crynlk 66443 31803 0 0 3 0x14200 bored crypto 74568 236765 0 0 3 0x40014200 acpi0 acpi0 89255 281284 0 0 3 0x14200 bored softnet 32921 203029 0 0 3 0x14200 bored systqmp 77836 341755 0 0 3 0x14200 bored systq 76853 251918 0 0 2 0x40014200 softclock 34392 190928 0 0 3 0x40014200 idle0 10999 276113 0 0 3 0x14200 bored smr 1 42896 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9495 6348K 7123K 78643K 12545 0 0 pcb 13 8K 8K 78643K 73 0 0 rtable 86 3K 4K 78643K 334 0 0 ifaddr 49 11K 13K 78643K 124 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 45 0 0 iov 0 0K 28K 78643K 93 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1212 76K 77K 78643K 1845 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 5K 78643K 10 0 0 VM map 2 0K 0K 78643K 2 0 0 sem 12 0K 0K 78643K 56 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 3 5K 25K 78643K 699 0 0 sigio 0 0K 0K 78643K 8 0 0 proc 44 38K 54K 78643K 432 0 0 subproc 16 1K 2K 78643K 34 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 59 0 0 in_multi 22 1K 2K 78643K 54 0 0 ether_multi 1 0K 0K 78643K 6 0 0 mrt 0 0K 0K 78643K 5 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 66 291K 291K 78643K 66 0 0 exec 0 0K 1K 78643K 230 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 95 13K 22K 78643K 2492 0 0 UVM aobj 18 2K 2K 78643K 22 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 0K 78643K 16 0 0 NDP 10 0K 0K 78643K 33 0 0 temp 140 3522K 3587K 78643K 14528 0 0 kqueue 0 0K 0K 78643K 6 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 6 0 2 1 0 1 1 0 8 0 rtpcb 80 47 0 45 1 0 1 1 0 8 0 rtentry 112 45 0 12 2 0 2 2 0 8 0 unpcb 120 317 0 309 1 0 1 1 0 8 0 syncache 264 4 0 4 1 1 0 1 0 8 0 tcpqe 32 1798 0 1798 1 1 0 1 0 8 0 tcpcb 544 92 0 88 1 0 1 1 0 8 0 inpcb 280 296 0 289 1 0 1 1 0 8 0 nd6 48 6 0 3 1 0 1 1 0 8 0 pkpcb 40 6 0 6 2 1 1 1 0 8 1 swfcl 56 2 0 0 1 0 1 1 0 8 0 ppxss 1128 13 0 13 3 2 1 1 0 8 1 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 188 0 44 12 0 12 12 0 8 1 art_table 32 189 0 44 2 0 2 2 0 8 0 art_node 16 44 0 14 1 0 1 1 0 8 0 sysvmsgpl 40 16 0 5 1 0 1 1 0 8 0 semapl 112 54 0 44 1 0 1 1 0 8 0 shmpl 112 20 0 4 1 0 1 1 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 2515 0 1099 47 0 47 47 0 8 0 ffsino 240 2515 0 1099 85 0 85 85 0 8 0 nchpl 144 3731 0 2108 64 2 62 62 0 8 1 uvmvnodes 72 2999 0 0 55 0 55 55 0 8 0 vnodes 200 2999 0 0 158 0 158 158 0 8 0 namei 1024 10836 0 10836 3 1 2 2 0 8 2 scsiplug 64 3 0 3 2 1 1 1 0 8 1 scxspl 192 11750 0 11750 12 11 1 7 0 8 1 plimitpl 152 84 0 78 1 0 1 1 0 8 0 sigapl 432 872 0 860 2 0 2 2 0 8 0 futexpl 56 11530 0 11530 1 0 1 1 0 8 1 knotepl 112 132 0 119 1 0 1 1 0 8 0 kqueuepl 104 120 0 118 1 0 1 1 0 8 0 pipepl 112 504 0 491 3 2 1 2 0 8 0 fdescpl 424 873 0 861 2 0 2 2 0 8 0 filepl 120 5040 0 4970 4 0 4 4 0 8 1 lockfpl 104 258 0 258 2 1 1 1 0 8 1 lockfspl 48 88 0 88 2 1 1 1 0 8 1 sessionpl 112 18 0 10 1 0 1 1 0 8 0 pgrppl 48 32 0 24 1 0 1 1 0 8 0 ucredpl 96 821 0 814 1 0 1 1 0 8 0 zombiepl 144 863 0 862 2 1 1 1 0 8 0 processpl 864 891 0 862 4 0 4 4 0 8 0 procpl 632 1781 0 1746 4 0 4 4 0 8 0 sosppl 128 2 0 2 1 1 0 1 0 8 0 sockpl 384 668 0 651 3 0 3 3 0 8 1 mcl64k 65536 30 0 30 1 0 1 1 0 8 1 mcl16k 16384 4 0 4 2 1 1 1 0 8 1 mcl12k 12288 11 0 11 1 1 0 1 0 8 0 mcl9k 9216 4 0 4 2 2 0 1 0 8 0 mcl8k 8192 9 0 9 2 1 1 1 0 8 1 mcl4k 4096 45 0 45 3 2 1 1 0 8 1 mcl2k2 2112 15 0 15 3 3 0 1 0 8 0 mcl2k 2048 59331 0 59288 15 8 7 12 0 8 0 mtagpl 80 24 0 10 2 1 1 1 0 8 0 mbufpl 256 97441 0 97349 13 3 10 10 0 8 0 bufpl 256 7907 0 3268 291 0 291 291 0 8 0 anonpl 16 85903 0 76269 67 2 65 65 0 62 15 amapchunkpl 152 3674 0 3553 10 5 5 8 0 158 0 amappl16 192 3649 0 2979 51 9 42 46 0 8 8 amappl15 184 669 0 666 1 0 1 1 0 8 0 amappl14 176 712 0 706 1 0 1 1 0 8 0 amappl13 168 7 0 7 1 1 0 1 0 8 0 amappl12 160 11 0 10 1 0 1 1 0 8 0 amappl11 152 51 0 39 1 0 1 1 0 8 0 amappl10 144 61 0 61 4 3 1 1 0 8 1 amappl9 136 551 0 549 1 0 1 1 0 8 0 amappl8 128 129 0 112 1 0 1 1 0 8 0 amappl7 120 30 0 26 1 0 1 1 0 8 0 amappl6 112 53 0 46 1 0 1 1 0 8 0 amappl5 104 153 0 142 1 0 1 1 0 8 0 amappl4 96 438 0 411 1 0 1 1 0 8 0 amappl3 88 1520 0 1506 1 0 1 1 0 8 0 amappl2 80 6235 0 6172 4 2 2 3 0 8 0 amappl1 72 24282 0 23863 26 17 9 19 0 8 0 amappl 80 2007 0 1965 1 0 1 1 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma64 64 259 0 259 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 21 0 4 1 0 1 1 0 8 0 uaddrrnd 24 873 0 860 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 873 0 860 1 0 1 1 0 8 0 vmmpekpl 168 9955 0 9932 2 0 2 2 0 8 0 vmmpepl 168 107429 0 105759 113 25 88 90 0 357 9 vmsppl 272 872 0 860 2 1 1 2 0 8 0 pdppl 4096 1752 0 1720 6 1 5 6 0 8 0 pvpl 32 252796 0 240076 167 9 158 158 0 265 31 pmappl 200 872 0 860 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 442 0 20 13 0 13 13 0 8 0