panic: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_unveil.c", line 191 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8257048f) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825e3578,ffffffff8256410a,bf,ffffffff8258279f) at __assert+0x25 sys/kern/subr_prf.c:161 unveil_destroy(ffff8000230cf790) at unveil_destroy+0x1a4 sys/kern/kern_unveil.c:191 exit1(ffff800021660548,0,0,1) at exit1+0x3b5 sys/kern/kern_exit.c:225 sys_exit(ffff800021660548,ffff80002e839230,ffff80002e839290) at sys_exit+0x16 sys/kern/kern_exit.c:95 syscall(ffff80002e839300) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffb7d0, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_unveil.c", line 191 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8257048f) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825e3578,ffffffff8256410a,bf,ffffffff8258279f) at __assert+0x25 sys/kern/subr_prf.c:161 unveil_destroy(ffff8000230cf790) at unveil_destroy+0x1a4 sys/kern/kern_unveil.c:191 exit1(ffff800021660548,0,0,1) at exit1+0x3b5 sys/kern/kern_exit.c:225 sys_exit(ffff800021660548,ffff80002e839230,ffff80002e839290) at sys_exit+0x16 sys/kern/kern_exit.c:95 syscall(ffff80002e839300) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffb7d0, count: -8 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002e839050 rbx 0x2 rdx 0 rcx 0 rax 0xffff800021660548 r8 0 r9 0x8080808080808080 r10 0x6bca5dca09d141e2 r11 0x5240f38238dbefba r12 0 r13 0xffff8000230cf790 r14 0 r15 0x1 rip 0xffffffff821edcc8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80002e839040 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.4) pid=487548 stat=onproc flags process=1008 proc=2000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800021661ce8,0xffff800021660a98 process=0xffff8000230cf790 user=0xffff80002e834000, vmspace=0xfffffd80787ad560 estcpu=36, cpticks=5, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 70011 395418 2371 0 2 0 syz-executor.5 70011 392334 2371 0 3 0x4000080 fsleep syz-executor.5 23427 277615 37210 0 2 0 syz-executor.3 23427 467777 37210 0 3 0x4000080 fsleep syz-executor.3 18355 63661 5446 0 2 0 syz-executor.1 18355 305800 5446 0 3 0x4000080 fsleep syz-executor.1 18355 360352 5446 0 3 0x4000080 fsleep syz-executor.1 33864 383605 33882 0 2 0 syz-executor.6 33864 50174 33882 0 3 0x4000080 fsleep syz-executor.6 33839 263319 97972 0 2 0 syz-executor.0 33839 118474 97972 0 3 0x4000080 fsleep syz-executor.0 33839 214806 97972 0 3 0x4000080 fsleep syz-executor.0 97246 498313 56207 0 2 0 syz-executor.2 97246 137715 56207 0 3 0x4000080 fsleep syz-executor.2 5446 427670 7619 0 3 0x82 nanoslp syz-executor.1 17945 456660 7619 0 2 0x482 syz-executor.4 97972 56729 7619 0 2 0x482 syz-executor.0 33882 312247 7619 0 3 0x82 nanoslp syz-executor.6 2371 49526 7619 0 3 0x82 nanoslp syz-executor.5 56207 335510 7619 0 2 0x482 syz-executor.2 37210 199257 7619 0 3 0x82 nanoslp syz-executor.3 83746 297782 7619 0 3 0x82 nanoslp syz-executor.7 28426 18723 0 0 3 0x14280 nfsidl nfsio 94616 169113 0 0 3 0x14280 nfsidl nfsio 71499 409496 0 0 3 0x14280 nfsidl nfsio 69438 243427 0 0 3 0x14280 nfsidl nfsio 15963 332013 0 0 3 0x14280 nfsidl nfsio 22446 439261 0 0 3 0x14280 nfsidl nfsio 80909 55981 0 0 3 0x14280 nfsidl nfsio 4538 413492 0 0 3 0x14280 nfsidl nfsio 42859 311766 0 0 3 0x14280 nfsidl nfsio 17299 18234 0 0 3 0x14280 nfsidl nfsio 94079 289108 0 0 3 0x14280 nfsidl nfsio 26716 222497 0 0 3 0x14280 nfsidl nfsio 79948 166868 0 0 3 0x14280 nfsidl nfsio 16230 423604 0 0 3 0x14280 nfsidl nfsio 48216 85981 0 0 3 0x14280 nfsidl nfsio 64120 198451 0 0 3 0x14280 nfsidl nfsio 80577 426971 0 0 3 0x14280 nfsidl nfsio 47615 240469 0 0 3 0x14280 nfsidl nfsio 51943 235510 0 0 3 0x14280 nfsidl nfsio 21665 198029 0 0 3 0x14280 nfsidl nfsio 7567 101198 1 0 3 0x100083 ttyopn getty 17393 520521 0 0 3 0x14200 bored sosplice 7619 112633 42291 0 3 0x82 thrsleep syz-fuzzer 7619 507753 42291 0 3 0x4000082 nanoslp syz-fuzzer 7619 278625 42291 0 3 0x4000082 kqread syz-fuzzer 7619 205486 42291 0 3 0x4000082 thrsleep syz-fuzzer 7619 293564 42291 0 3 0x4000082 thrsleep syz-fuzzer 7619 321612 42291 0 3 0x4000082 thrsleep syz-fuzzer 7619 450239 42291 0 3 0x4000082 thrsleep syz-fuzzer 7619 171144 42291 0 3 0x4000082 thrsleep syz-fuzzer 7619 24433 42291 0 3 0x4000082 thrsleep syz-fuzzer 42291 489393 54925 0 3 0x10008a sigsusp ksh 54925 113055 2329 0 3 0x9a kqread sshd 2329 137588 1 0 3 0x88 kqread sshd 87139 468583 51936 73 3 0x1100090 kqread syslogd 51936 357390 1 0 3 0x100082 netio syslogd 55970 51416 1 0 3 0x100080 kqread resolvd 24973 74338 8713 77 3 0x100092 kqread dhcpleased 56967 69977 8713 77 3 0x100092 kqread dhcpleased 8713 120542 1 0 3 0x80 kqread dhcpleased 97322 267949 0 0 3 0x14200 bored smr 69584 297184 0 0 2 0x14200 zerothread 44427 168213 0 0 3 0x14200 aiodoned aiodoned 60476 249659 0 0 3 0x14200 syncer update 86880 160505 0 0 3 0x14200 cleaner cleaner 11783 220660 0 0 2 0x14200 reaper 35382 410636 0 0 3 0x14200 pgdaemon pagedaemon 47782 82114 0 0 3 0x14200 bored viomb 51139 88050 0 0 3 0x40014200 acpi0 acpi0 2447 382179 0 0 3 0x14200 bored softnet 28282 509392 0 0 3 0x14200 bored softnet 76284 337723 0 0 3 0x14200 bored softnet 36329 171788 0 0 3 0x14200 bored softnet 35219 445301 0 0 3 0x14200 bored systqmp 3919 50963 0 0 3 0x14200 bored systq 60334 482661 0 0 2 0x40014200 softclock 94805 114180 0 0 3 0x40014200 idle0 1 302131 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10207 6534K 7190K 78643K 43992 0 pcb 13 16K 18K 78643K 2332 0 rtable 187 8K 9K 78643K 4540 0 ifaddr 87 26K 29K 78643K 1637 0 sysctl 3 1K 4K 78643K 13 0 counters 26 17K 17K 78643K 282 0 ioctlops 0 0K 4K 78643K 4130 0 iov 0 0K 32K 78643K 2937 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1458 91K 91K 78643K 14115 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 2 1K 5K 78643K 170 0 VM map 2 0K 0K 78643K 2 0 sem 12 1K 1K 78643K 19 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 16 57K 77K 78643K 17504 0 sigio 0 0K 0K 78643K 539 0 proc 80 76K 84K 78643K 3737 0 subproc 104 6K 6K 78643K 1199 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 556 0 in_multi 68 4K 6K 78643K 1836 0 ether_multi 1 0K 0K 78643K 61 0 mrt 1 0K 0K 78643K 63 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 271 1208K 1208K 78643K 271 0 exec 0 0K 2K 78643K 5336 0 pfkey data 0 0K 1K 78643K 81 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 7 26K 26K 78643K 7 0 UVM amap 621 1677K 1678K 78643K 98387 0 UVM aobj 131 4K 4K 78643K 134 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 737 0 NDP 11 0K 2K 78643K 581 0 temp 127 4736K 21120K 78643K 207914 0 kqueue 12 18K 28K 78643K 1314 0 SYN cache 2 1992K 2000K 78643K 4 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 15320 0 15315 96 95 1 7 0 8 0 rtentry 112 1420 0 1342 7 4 3 4 0 8 0 unpcb 136 12833 0 12818 127 126 1 8 0 8 0 syncache 296 129 0 129 32 32 0 1 0 8 0 sackhl 24 2 0 2 2 2 0 1 0 8 0 tcpqe 32 318 0 318 11 11 0 1 0 8 0 tcpcb 736 6128 0 6123 220 218 2 14 0 8 1 arp 88 197 0 183 1 0 1 1 0 8 0 ipq 40 13 0 13 5 5 0 1 0 8 0 ipqe 40 25 0 25 5 5 0 1 0 8 0 inpcb 312 15161 0 15154 211 208 3 12 0 8 2 ip6q 72 2 0 2 1 1 0 1 0 8 0 ip6af 40 4 0 4 1 1 0 1 0 8 0 nd6 48 442 0 423 1 0 1 1 0 8 0 pkpcb 40 97 0 97 15 14 1 1 0 8 1 kcovpl 48 92 0 84 1 0 1 1 0 8 0 ppxss 1152 47 0 46 11 10 1 1 0 8 0 pfstscr 40 13 0 9 1 0 1 1 0 8 0 pfosfp 40 3 0 2 1 0 1 1 0 8 0 pfosfpen 112 3 0 0 1 0 1 1 0 8 0 pfrktable 1344 106 0 101 1 0 1 1 0 8 0 pftag 88 1 0 0 1 0 1 1 0 8 0 pfstitem 24 16 0 8 1 0 1 1 0 8 0 pfstkey 112 26 0 23 1 0 1 1 0 8 0 pfstate 336 13 0 9 1 0 1 1 0 8 0 pfrule 1360 119 0 113 3 2 1 2 0 8 0 rttmr 64 18 0 18 4 4 0 1 0 8 0 art_heap8 4096 2 0 1 2 1 1 2 0 8 0 art_heap4 256 5827 0 5520 72 49 23 29 0 8 0 art_table 32 5829 0 5521 7 4 3 4 0 8 0 art_node 16 1405 0 1338 1 0 1 1 0 8 0 sysvmsgpl 40 18 0 2 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 13 0 3 1 0 1 1 0 8 0 shmpl 112 131 0 3 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 26711 0 25195 96 0 96 96 0 8 0 ffsino 240 26711 0 25195 90 0 90 90 0 8 0 nchpl 144 51504 0 49870 63 0 63 63 0 8 0 uvmvnodes 80 7190 0 0 147 0 147 147 0 8 0 vnodes 224 7190 0 0 423 0 423 423 0 8 0 namei 1024 195488 0 195488 12 11 1 2 0 8 1 vcpupl 1984 238 0 2 30 0 30 30 0 8 0 vmpool 528 261 0 25 16 0 16 16 0 8 0 pfiaddrpl 120 40 0 34 1 0 1 1 0 8 0 kstatmem 264 534 0 512 3 1 2 3 0 8 0 scsiplug 72 15 0 15 5 5 0 1 0 8 0 scxspl 216 142133 0 142133 48 47 1 8 0 8 1 plimitpl 152 2354 0 2340 1 0 1 1 0 8 0 sigapl 424 17679 0 17613 11 3 8 8 0 8 0 futexpl 64 175195 0 175187 5 4 1 1 0 8 0 knotepl 120 232884 0 232804 95 85 10 11 0 8 5 kqueuepl 184 4187 0 4178 61 60 1 7 0 8 0 pipepl 304 3889 0 3861 96 93 3 8 0 8 0 fdescpl 432 17600 0 17573 6 2 4 4 0 8 0 filepl 120 149129 0 148888 202 191 11 18 0 8 3 lockfpl 104 4821 0 4819 13 11 2 2 0 8 1 lockfspl 48 1310 0 1308 1 0 1 1 0 8 0 sessionpl 144 108 0 92 1 0 1 1 0 8 0 pgrppl 48 258 0 242 1 0 1 1 0 8 0 ucredpl 96 24391 0 24374 1 0 1 1 0 8 0 zombiepl 144 17917 0 17915 1 0 1 1 0 8 0 processpl 1000 17679 0 17613 16 7 9 9 0 8 0 procpl 672 44160 0 44077 28 20 8 9 0 8 0 sosppl 168 131 0 131 24 24 0 1 0 8 0 sockpl 448 43423 0 43389 690 683 7 41 0 8 2 mcl64k 65536 576 0 576 54 53 1 1 0 8 1 mcl16k 16384 173 0 173 47 46 1 1 0 8 1 mcl12k 12288 496 0 496 45 44 1 1 0 8 1 mcl9k 9216 240 0 240 41 41 0 1 0 8 0 mcl8k 8192 934 0 934 47 46 1 1 0 8 1 mcl4k 4096 1921 0 1921 30 29 1 1 0 8 1 mcl2k2 2112 131 0 131 49 48 1 1 0 8 1 mcl2k 2048 100997 0 100942 68 59 9 20 0 8 0 mtagpl 96 4584 0 4118 43 30 13 17 0 8 0 mbufpl 256 309355 0 308677 790 734 56 260 0 8 0 bufpl 288 34817 0 27626 514 0 514 514 0 8 0 anonpl 24 3635848 0 3615786 469 346 123 180 0 188 0 amapchunkpl 152 320390 0 319549 216 182 34 55 0 158 0 amappl16 200 47522 0 46832 208 169 39 54 0 8 1 amappl15 192 2351 0 2348 1 0 1 1 0 8 0 amappl14 184 3070 0 3062 1 0 1 1 0 8 0 amappl13 176 2089 0 2087 1 0 1 1 0 8 0 amappl12 168 1937 0 1932 1 0 1 1 0 8 0 amappl11 160 1312 0 1295 1 0 1 1 0 8 0 amappl10 152 1137 0 1132 1 0 1 1 0 8 0 amappl9 144 4218 0 4213 1 0 1 1 0 8 0 amappl8 136 5022 0 4910 4 0 4 4 0 8 0 amappl7 128 3268 0 3254 1 0 1 1 0 8 0 amappl6 120 4453 0 4428 2 1 1 2 0 8 0 amappl5 112 14041 0 14026 1 0 1 1 0 8 0 amappl4 104 5604 0 5567 4 2 2 2 0 8 0 amappl3 96 54773 0 54715 2 0 2 2 0 8 0 amappl2 88 21121 0 21050 3 1 2 3 0 8 0 amappl1 80 492973 0 492244 26 10 16 19 0 8 0 amappl 88 96018 0 95725 7 0 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 133 0 3 3 0 3 3 0 8 0 uaddrrnd 24 17861 0 17597 2 0 2 2 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 17861 0 17597 2 0 2 2 0 8 0 vmmpekpl 168 122416 0 122332 4 0 4 4 0 8 0 vmmpepl 168 2099629 0 2096067 371 209 162 167 0 357 0 vmsppl 272 17860 0 17597 20 2 18 18 0 8 0 rwobjpl 24 497184 0 487919 65 8 57 57 0 8 0 pdppl 4096 35728 0 35430 1243 943 300 300 0 8 2 pvpl 32 6968121 0 6946413 715 531 184 301 0 265 0 pmappl 216 17860 0 17597 17 2 15 15 0 8 0 extentpl 40 58 0 38 1 0 1 1 0 8 0 phpool 112 4216 0 3086 40 6 34 34 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8257048f) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825e3578,ffffffff8256410a,bf,ffffffff8258279f) at __assert+0x25 sys/kern/subr_prf.c:161 unveil_destroy(ffff8000230cf790) at unveil_destroy+0x1a4 sys/kern/kern_unveil.c:191 exit1(ffff800021660548,0,0,1) at exit1+0x3b5 sys/kern/kern_exit.c:225 sys_exit(ffff800021660548,ffff80002e839230,ffff80002e839290) at sys_exit+0x16 sys/kern/kern_exit.c:95 syscall(ffff80002e839300) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffb7d0, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8257048f) at panic+0x161 sys/kern/subr_prf.c:202 __assert(ffffffff825e3578,ffffffff8256410a,bf,ffffffff8258279f) at __assert+0x25 sys/kern/subr_prf.c:161 unveil_destroy(ffff8000230cf790) at unveil_destroy+0x1a4 sys/kern/kern_unveil.c:191 exit1(ffff800021660548,0,0,1) at exit1+0x3b5 sys/kern/kern_exit.c:225 sys_exit(ffff800021660548,ffff80002e839230,ffff80002e839290) at sys_exit+0x16 sys/kern/kern_exit.c:95 syscall(ffff80002e839300) at syscall+0x44e sys/arch/amd64/amd64/trap.c:585 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7fffffb7d0, count: -8