login: panic: kernel diagnostic assertion "tname->un_flags & UNVEIL_USERSET" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_unveil.c", line 879 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND 188076 83230 0 0 0 0 syz-executor0542 *379251 6072 0 0 0x4000000 1K syz-executor0542 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x174 sys/kern/subr_prf.c:208 __assert(ffffffff81f7e6d6,ffffffff81f80d6e,36f,ffffffff81f8ba8b) at __assert+0x2e sys/kern/subr_prf.c:155 unveil_check_final(ffff800020b14008,ffff800020bd7178) at unveil_check_final+0x81d sys/kern/kern_unveil.c:879 namei(ffff800020bd7178) at namei+0x88b sys/kern/vfs_lookup.c:232 domknodat(ffff800020b14008,ffffff9c,20000000,1,9) at domknodat+0xa1 sys/kern/vfs_syscalls.c:1405 syscall(ffff800020bd7440) at syscall+0x5b8 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(ffff800020bd7440) at syscall+0x5b8 sys/arch/amd64/amd64/trap.c:574 Xsyscall(6,0,95d8b67d0c8,0,95d8b67d0a8,95d8b67d0a0) at Xsyscall+0x128 end of kernel end trace frame: 0x960770bbee0, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{1}> ddb{1}> set $lines = 0 ddb{1}> set $maxwidth = 0 ddb{1}> show panic kernel diagnostic assertion "tname->un_flags & UNVEIL_USERSET" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_unveil.c", line 879 ddb{1}> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x174 sys/kern/subr_prf.c:208 __assert(ffffffff81f7e6d6,ffffffff81f80d6e,36f,ffffffff81f8ba8b) at __assert+0x2e sys/kern/subr_prf.c:155 unveil_check_final(ffff800020b14008,ffff800020bd7178) at unveil_check_final+0x81d sys/kern/kern_unveil.c:879 namei(ffff800020bd7178) at namei+0x88b sys/kern/vfs_lookup.c:232 domknodat(ffff800020b14008,ffffff9c,20000000,1,9) at domknodat+0xa1 sys/kern/vfs_syscalls.c:1405 syscall(ffff800020bd7440) at syscall+0x5b8 mi_syscall sys/sys/syscall_mi.h:99 [inline] syscall(ffff800020bd7440) at syscall+0x5b8 sys/arch/amd64/amd64/trap.c:574 Xsyscall(6,0,95d8b67d0c8,0,95d8b67d0a8,95d8b67d0a0) at Xsyscall+0x128 end of kernel end trace frame: 0x960770bbee0, count: -8 ddb{1}> show registers rdi 0 rsi 0x1 rbp 0xffff800020bd6f10 rbx 0xffff800020bd6fc0 rdx 0xffffffff81f8c339 apollo_pio_rec+0x95b5 rcx 0x201 rax 0x1 r8 0xffffffff818d1a13 kprintf+0x183 r9 0x1 r10 0x3232519bc764dc44 r11 0xe56f57608e673e4e r12 0x3000000008 r13 0xffff800020bd6f20 r14 0x100 r15 0x1 rip 0xffffffff814367b8 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800020bd6f00 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb{1}> show proc PROC (syz-executor0542) pid=379251 stat=onproc flags process=0 proc=4000000 pri=86, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff800020b14710,0xffff800020b14270 process=0xffff800020b8c6a8 user=0xffff800020bd2000, vmspace=0xfffffd807effd9d8 estcpu=36, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb{1}> ps PID TID PPID UID S FLAGS WAIT COMMAND 83230 188076 44139 0 7 0 syz-executor0542 83230 345039 44139 0 3 0x4000080 fsleep syz-executor0542 83230 349846 44139 0 2 0x4000000 syz-executor0542 6072 454353 47238 0 3 0x80 nanosleep syz-executor0542 * 6072 379251 47238 0 7 0x4000000 syz-executor0542 6072 271292 47238 0 3 0x4000080 fsleep syz-executor0542 47238 315434 77280 0 3 0x80 nanosleep syz-executor0542 44139 406235 77280 0 3 0x80 nanosleep syz-executor0542 77280 278559 71955 0 3 0x82 nanosleep syz-executor0542 71955 266104 20907 0 3 0x10008a pause ksh 20907 31238 36118 0 3 0x92 select sshd 31050 197132 1 0 3 0x100083 ttyin getty 36118 116573 1 0 3 0x80 select sshd 25921 327829 29210 74 3 0x100092 bpf pflogd 29210 404171 1 0 3 0x80 netio pflogd 21566 249392 52849 73 3 0x100090 kqread syslogd 52849 333698 1 0 3 0x100082 netio syslogd 51467 281946 1 77 3 0x100090 poll dhclient 62264 471633 1 0 3 0x80 poll dhclient 75477 175140 0 0 3 0x14200 pgzero zerothread 20816 48725 0 0 3 0x14200 aiodoned aiodoned 88077 189037 0 0 3 0x14200 syncer update 95269 511677 0 0 3 0x14200 cleaner cleaner 51447 472680 0 0 3 0x14200 reaper reaper 68653 410278 0 0 3 0x14200 pgdaemon pagedaemon 56912 501566 0 0 3 0x14200 bored crynlk 20691 408393 0 0 3 0x14200 bored crypto 58819 452524 0 0 3 0x40014200 acpi0 acpi0 53679 292271 0 0 3 0x40014200 idle1 47393 487042 0 0 3 0x14200 bored softnet 51817 114847 0 0 3 0x14200 bored systqmp 48541 263023 0 0 3 0x14200 bored systq 97155 170841 0 0 3 0x40014200 bored softclock 58083 492715 0 0 3 0x40014200 idle0 65770 365599 0 0 3 0x14200 bored smr 1 231513 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{1}> show all locks Process 6072 (syz-executor0542) thread 0xffff800020b14008 (379251) exclusive rrwlock inode r = 0 (0xfffffd806d9fc0a0) locked @ /syzkaller/managers/multicore/kernel/sys/ufs/ufs/ufs_vnops.c:1547 #0 witness_lock+0x594 sys/kern/subr_witness.c:1201 #1 _rw_enter+0x45d sys/kern/kern_rwlock.c:280 #2 _rrw_enter+0x60 sys/kern/kern_rwlock.c:410 #3 VOP_LOCK+0x57 sys/kern/vfs_vops.c:602 #4 vn_lock+0x6e sys/kern/vfs_vnops.c:549 #5 vfs_lookup+0xf5 sys/kern/vfs_lookup.c:387 #6 namei+0x4b2 sys/kern/vfs_lookup.c:224 #7 domknodat+0xa1 sys/kern/vfs_syscalls.c:1405 #8 syscall+0x5b8 mi_syscall sys/sys/syscall_mi.h:99 [inline] #8 syscall+0x5b8 sys/arch/amd64/amd64/trap.c:574 #9 Xsyscall+0x128 exclusive kernel_lock &kernel_lock r = 0 (0xffffffff82349ce8) locked @ /syzkaller/managers/multicore/kernel/sys/sys/syscall_mi.h:90 #0 witness_lock+0x594 sys/kern/subr_witness.c:1201 #1 syscall+0x48b mi_syscall sys/sys/syscall_mi.h:91 [inline] #1 syscall+0x48b sys/arch/amd64/amd64/trap.c:574 #2 Xsyscall+0x128 ddb{1}>