panic: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_unveil.c", line 188 Stopped at db_enter+0x1c: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8279bd0a) at panic+0x17b sys/kern/subr_prf.c:198 __assert(ffffffff8281ebaf,ffffffff82823b10,bc,ffffffff827b9c9d) at __assert+0x29 sys/kern/subr_prf.c:157 unveil_destroy(ffff80002e48fac0) at unveil_destroy+0x1a4 sys/kern/kern_unveil.c:188 exit1(ffff8000212c7b68,0,0,1) at exit1+0x3d5 sys/kern/kern_exit.c:220 sys_exit(ffff8000212c7b68,ffff80002e45b630,ffff80002e45b680) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff80002e45b700) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002e45b700) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x780020fcdc30, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> ddb{0}> set $lines = 0 ddb{0}> set $maxwidth = 0 ddb{0}> show panic *cpu0: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/multicore/kernel/sys/kern/kern_unveil.c", line 188 ddb{0}> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8279bd0a) at panic+0x17b sys/kern/subr_prf.c:198 __assert(ffffffff8281ebaf,ffffffff82823b10,bc,ffffffff827b9c9d) at __assert+0x29 sys/kern/subr_prf.c:157 unveil_destroy(ffff80002e48fac0) at unveil_destroy+0x1a4 sys/kern/kern_unveil.c:188 exit1(ffff8000212c7b68,0,0,1) at exit1+0x3d5 sys/kern/kern_exit.c:220 sys_exit(ffff8000212c7b68,ffff80002e45b630,ffff80002e45b680) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff80002e45b700) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002e45b700) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x780020fcdc30, count: -8 ddb{0}> show registers rdi 0 rsi 0x1 rbp 0xffff80002e45b440 rbx 0xffffffff82bbfb9f cpu_info_full_primary+0x2b9f rdx 0 rcx 0xffff8000212c7b68 rax 0xffffffff82bbeff0 cpu_info_full_primary+0x1ff0 r8 0 r9 0x8080808080808080 r10 0x8022a28453b61aa0 r11 0xe6a997a8c91d8f1e r12 0xffffffff82bbf9a0 cpu_info_full_primary+0x29a0 r13 0 r14 0 r15 0x1 rip 0xffffffff8208966c db_enter+0x1c cs 0x8 rflags 0x246 rsp 0xffff80002e45b430 ss 0x10 db_enter+0x1c: addq $0x8,%rsp ddb{0}> show proc PROC (syz-executor.1) pid=68406 stat=onproc flags process=1008 proc=2000 pri=32, usrpri=86, nice=20 forw=0xffffffffffffffff, list=0xffff8000212362e0,0xffff8000212c6300 process=0xffff80002e48fac0 user=0xffff80002e456000, vmspace=0xfffffd806ebef3b0 estcpu=36, cpticks=15, pctcpu=0.0 user=0, sys=1, intr=0 ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 47643 364085 53954 0 2 0 syz-executor.4 5983 436781 24312 0 2 0 syz-executor.6 74364 428289 10868 0 2 0 syz-executor.0 74364 321433 10868 0 2 0x4000000 syz-executor.0 9108 164129 68325 0 3 0x80 nanoslp syz-executor.5 9108 495880 68325 0 3 0x4000080 lockf syz-executor.5 9108 134735 68325 0 3 0x4000080 lockf syz-executor.5 9108 437539 68325 0 3 0x4000080 lockf syz-executor.5 9108 134115 68325 0 3 0x4000080 fsleep syz-executor.5 9108 52285 68325 0 3 0x4000080 fsleep syz-executor.5 41842 495722 78550 0 3 0x82 nanoslp syz-executor.7 68325 166775 78550 0 2 0x482 syz-executor.5 66048 419605 78550 0 2 0x2 syz-executor.3 24312 96706 78550 0 3 0x82 nanoslp syz-executor.6 57270 492059 78550 0 2 0x482 syz-executor.1 77613 84390 78550 0 2 0x2 syz-executor.2 53954 166022 78550 0 3 0x82 nanoslp syz-executor.4 10868 257352 78550 0 3 0x82 nanoslp syz-executor.0 12577 213826 0 0 3 0x14280 nfsidl nfsio 5170 10096 0 0 3 0x14280 nfsidl nfsio 17399 238305 0 0 3 0x14280 nfsidl nfsio 29904 308228 0 0 3 0x14280 nfsidl nfsio 93272 517723 0 0 3 0x14280 nfsidl nfsio 7669 286680 0 0 3 0x14280 nfsidl nfsio 1654 28864 0 0 3 0x14280 nfsidl nfsio 42797 292215 0 0 3 0x14280 nfsidl nfsio 47727 388655 0 0 3 0x14280 nfsidl nfsio 88863 292266 0 0 3 0x14280 nfsidl nfsio 84861 502817 0 0 3 0x14280 nfsidl nfsio 85869 129827 0 0 3 0x14280 nfsidl nfsio 68792 246323 0 0 3 0x14280 nfsidl nfsio 71881 311425 0 0 3 0x14280 nfsidl nfsio 40443 487115 0 0 3 0x14280 nfsidl nfsio 48133 321973 0 0 3 0x14280 nfsidl nfsio 62987 395558 0 0 3 0x14280 nfsidl nfsio 19716 98784 0 0 3 0x14280 nfsidl nfsio 49860 300141 0 0 3 0x14280 nfsidl nfsio 87941 163030 0 0 3 0x14280 nfsidl nfsio 23047 86019 0 0 3 0x14200 bored sosplice 78550 32996 84395 0 3 0x2000082 thrsleep syz-fuzzer 78550 338991 84395 0 2 0x6000482 syz-fuzzer 78550 296233 84395 0 3 0x6000082 thrsleep syz-fuzzer 78550 424717 84395 0 3 0x6000082 wait syz-fuzzer 78550 515305 84395 0 3 0x6000082 thrsleep syz-fuzzer 78550 231964 84395 0 3 0x6000082 thrsleep syz-fuzzer 78550 200598 84395 0 3 0x6000082 wait syz-fuzzer 78550 494875 84395 0 3 0x6000082 wait syz-fuzzer 78550 259541 84395 0 3 0x6000082 thrsleep syz-fuzzer 78550 406863 84395 0 3 0x6000082 wait syz-fuzzer 78550 398271 84395 0 3 0x6000082 thrsleep syz-fuzzer 78550 498970 84395 0 3 0x6000082 kqread syz-fuzzer 78550 221635 84395 0 3 0x6000082 wait syz-fuzzer 78550 125265 84395 0 3 0x6000082 wait syz-fuzzer 78550 473500 84395 0 3 0x6000082 wait syz-fuzzer 78550 366669 84395 0 3 0x6000082 wait syz-fuzzer 84395 38981 74623 0 3 0x10008a sigsusp ksh 74623 158531 78967 0 3 0x9a kqread sshd 78954 224158 1 0 3 0x100083 ttyin getty 78967 34480 1 0 3 0x88 kqread sshd 60759 269306 14969 74 3 0x1100092 bpf pflogd 14969 208050 1 0 3 0x80 netio pflogd 89782 208730 8573 73 3 0x1100090 kqread syslogd 8573 20506 1 0 3 0x100082 netio syslogd 10169 36672 1 0 3 0x100080 kqread resolvd 84455 2599 63012 77 3 0x100092 kqread dhcpleased 57407 522254 63012 77 3 0x100092 kqread dhcpleased 63012 143802 1 0 3 0x80 kqread dhcpleased 66638 384830 0 0 3 0x14200 bored smr 8244 62857 0 0 2 0x14200 zerothread 46895 330428 0 0 3 0x14200 aiodoned aiodoned 62020 2230 0 0 3 0x14200 syncer update 86690 285888 0 0 3 0x14200 cleaner cleaner 82194 362580 0 0 2 0x14200 reaper 19610 480848 0 0 3 0x14200 pgdaemon pagedaemon 98331 474750 0 0 3 0x14200 bored viomb 59813 195044 0 0 3 0x40014200 acpi0 acpi0 41568 258685 0 0 7 0x40014200 idle1 63128 259536 0 0 3 0x14200 bored softnet3 68529 281810 0 0 3 0x14200 bored softnet2 38749 126260 0 0 3 0x14200 bored softnet1 84592 514992 0 0 3 0x14200 bored softnet0 95625 161567 0 0 3 0x14200 bored systqmp 15787 291348 0 0 3 0x14200 bored systq 50324 345595 0 0 3 0x40014200 bored softclock 8562 122576 0 0 3 0x40014200 idle0 1 8625 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show all locks Process 47643 (syz-executor.4) thread 0xffff800021236dc0 (364085) Process 66048 (syz-executor.3) thread 0xffff8000211e4848 (419605) Process 77613 (syz-executor.2) thread 0xffff8000212c6860 (84390) Process 82194 (reaper) thread 0xffff8000211ad310 (362580) ddb{0}> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10241 6500K 7534K 78643K 20579 0 pcb 13 14K 16K 78643K 324 0 rtable 237 7K 7K 78643K 1163 0 pf 35 10K 10K 78643K 242 0 ifaddr 46 16K 16K 78643K 213 0 ifgroup 60 2K 2K 78643K 384 0 sysctl 2 0K 0K 78643K 2 0 counters 62 36K 36K 78643K 242 0 ioctlops 0 0K 4K 78643K 1622 0 iov 0 0K 16K 78643K 412 0 mount 1 1K 1K 78643K 1 0 log 0 0K 0K 78643K 4 0 vnodes 1459 91K 92K 78643K 5008 0 UFS quota 1 32K 32K 78643K 1 0 UFS mount 5 36K 36K 78643K 5 0 shm 3 5K 13K 78643K 59 0 VM map 2 1K 1K 78643K 2 0 sem 12 0K 0K 78643K 690 0 dirhash 12 2K 2K 78643K 12 0 ACPI 1697 195K 286K 78643K 12548 0 file desc 15 53K 89K 78643K 6988 0 sigio 0 0K 0K 78643K 565 0 proc 74 115K 127K 78643K 1451 0 subproc 104 6K 7K 78643K 403 0 NFS srvsock 1 0K 0K 78643K 1 0 NFS daemon 1 16K 16K 78643K 1 0 ip_moptions 0 0K 0K 78643K 245 0 in_multi 99 7K 7K 78643K 408 0 ether_multi 1 0K 0K 78643K 7 0 mrt 1 0K 0K 78643K 4 0 ISOFS mount 1 32K 32K 78643K 1 0 MSDOSFS mount 1 16K 16K 78643K 1 0 ttys 319 1420K 1420K 78643K 319 0 exec 0 0K 1K 78643K 1715 0 tdb 3 0K 0K 78643K 3 0 pagedep 1 8K 8K 78643K 1 0 inodedep 1 32K 32K 78643K 1 0 newblk 1 0K 0K 78643K 1 0 VM swap 8 62K 64K 78643K 10 0 UVM amap 443 98K 103K 78643K 72639 0 UVM aobj 131 4K 5K 78643K 146 0 memdesc 1 4K 4K 78643K 1 0 crypto data 1 1K 1K 78643K 1 0 ip6_options 0 0K 0K 78643K 141 0 NDP 13 0K 1K 78643K 165 0 temp 76 5920K 6048K 78643K 57537 0 kqueue 12 18K 28K 78643K 456 0 SYN cache 2 16K 24K 78643K 3 0 ddb{0}> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle plcache 128 22 0 0 1 0 1 1 0 8 0 rtpcb 120 268 0 265 3 2 1 2 0 8 0 rtentry 112 395 0 285 4 0 4 4 0 8 0 unpcb 144 6232 0 6217 90 89 1 10 0 8 0 syncache 296 41 0 41 13 13 0 1 0 8 0 tcpqe 32 251 0 251 11 11 0 1 0 8 0 tcpcb 808 1904 0 1900 88 87 1 11 0 8 0 arp 120 66 0 48 1 0 1 1 0 8 0 inpcb 368 4332 0 4325 115 114 1 14 0 8 0 nd6 136 101 0 77 1 0 1 1 0 8 0 pkpcb 40 3 0 3 1 1 0 1 0 8 0 kcovpl 48 31 0 23 1 0 1 1 0 8 0 ppxss 1256 26 0 26 9 8 1 1 0 8 1 pffrag 232 52 0 49 4 3 1 1 0 482 0 pffrnode 88 52 0 49 4 3 1 1 0 8 0 pffrent 40 231 0 228 4 3 1 1 0 8 0 pfosfp 40 1428 0 1005 5 0 5 5 0 8 0 pfosfpen 112 1428 0 714 21 0 21 21 0 8 0 pfstitem 24 241 0 230 1 0 1 1 0 8 0 pfstkey 128 241 0 230 2 0 2 2 0 8 0 pfstate 376 241 0 230 7 4 3 4 0 8 0 pfrule 1344 21 0 16 2 1 1 2 0 8 0 art_heap8 4096 1 0 0 1 0 1 1 0 8 0 art_heap4 256 1513 0 1049 32 2 30 30 0 8 0 art_table 32 1514 0 1049 4 0 4 4 0 8 0 art_node 16 373 0 273 1 0 1 1 0 8 0 sysvmsgpl 40 9 0 3 1 0 1 1 0 8 0 semupl 112 3 0 3 1 1 0 1 0 8 0 semapl 112 686 0 676 1 0 1 1 0 8 0 shmpl 112 143 0 15 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino2pl 256 10345 0 8873 93 0 93 93 0 8 0 ffsino 272 10345 0 8873 99 0 99 99 0 8 0 nchpl 144 20822 0 19169 64 0 64 64 0 8 0 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 71549 0 71548 13 8 5 5 0 8 4 percpumem 16 134 0 90 1 0 1 1 0 8 0 kstatmem 264 206 0 180 2 0 2 2 0 8 0 scxspl 216 56618 0 56618 18 17 1 8 1 8 1 plimitpl 152 463 0 447 1 0 1 1 0 8 0 sigapl 424 7287 0 7219 10 2 8 8 0 8 0 futexpl 64 61651 0 61649 4 3 1 1 0 8 0 knotepl 120 745 0 0 18 1 17 17 0 8 0 kqueuepl 216 1378 0 1370 37 36 1 5 0 8 0 pipepl 320 2334 0 2306 54 51 3 9 0 8 0 fdescpl 496 7245 0 7217 6 2 4 5 0 8 0 filepl 152 46345 0 46101 163 152 11 22 0 8 1 lockfpl 104 5537 0 5521 22 21 1 3 0 8 0 lockfspl 48 1891 0 1878 2 1 1 2 0 8 0 sessionpl 144 47 0 30 1 0 1 1 0 8 0 pgrppl 48 101 0 84 1 0 1 1 0 8 0 ucredpl 104 5301 0 5289 1 0 1 1 0 8 0 zombiepl 144 10669 0 10667 2 1 1 1 0 8 0 processpl 1072 7287 0 7219 5 0 5 5 0 8 0 procpl 696 20528 0 20438 28 18 10 12 0 8 1 srpgc 96 2 0 2 1 1 0 1 0 8 0 sosppl 168 53 0 53 13 13 0 1 0 8 0 sockpl 488 10875 0 10850 352 344 8 34 0 8 4 mcl64k 65536 17 0 0 3 0 3 3 0 8 0 mcl16k 16384 21 0 0 3 1 2 3 0 8 0 mcl12k 12288 18 0 0 2 0 2 2 0 8 0 mcl9k 9216 15 0 0 2 0 2 2 0 8 0 mcl8k 8192 28 0 0 3 0 3 3 0 8 0 mcl4k 4096 28 0 0 3 0 3 3 0 8 0 mcl2k2 2112 5 0 0 1 0 1 1 0 8 0 mcl2k 2048 337 0 0 31 7 24 31 0 8 0 mtagpl 96 1201 0 0 29 2 27 29 0 8 0 mbufpl 256 1569 0 0 86 0 86 86 0 8 0 bufpl 288 15201 0 8874 454 1 453 453 0 8 0 anonpl 24 776231 0 764282 122 26 96 102 0 186 2 amapchunkpl 152 227558 0 226684 97 56 41 45 0 158 2 amappl16 200 13778 0 13345 44 20 24 31 0 8 0 amappl15 192 46 0 46 1 1 0 1 0 8 0 amappl14 184 230 0 216 2 1 1 2 0 8 0 amappl13 176 20 0 19 1 0 1 1 0 8 0 amappl12 168 8268 0 8234 4 1 3 3 0 8 0 amappl11 160 60 0 46 1 0 1 1 0 8 0 amappl10 152 78 0 67 1 0 1 1 0 8 0 amappl9 144 243 0 242 1 0 1 1 0 8 0 amappl8 136 595 0 446 6 0 6 6 0 8 0 amappl7 128 132 0 117 2 0 2 2 0 8 0 amappl6 120 484 0 456 2 1 1 2 0 8 0 amappl5 112 438 0 426 1 0 1 1 0 8 0 amappl4 104 880 0 832 3 1 2 3 0 8 0 amappl3 96 45023 0 44943 4 1 3 3 0 8 0 amappl2 88 7704 0 7632 3 1 2 3 0 8 0 amappl1 80 35553 0 35002 24 11 13 23 0 8 0 amappl 88 71733 0 71476 7 0 7 7 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 18 0 17 1 0 1 1 0 8 0 aobjpl 72 145 0 15 3 0 3 3 0 8 0 uaddrrnd 24 7244 0 7216 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 7244 0 7216 1 0 1 1 0 8 0 vmmpekpl 168 64855 0 64775 4 0 4 4 0 8 0 vmmpepl 168 450444 0 448007 357 219 138 139 0 357 17 vmsppl 464 7244 0 7216 5 1 4 5 0 8 0 rwobjpl 56 118599 0 110914 114 4 110 110 0 8 0 pdppl 4096 14496 0 14432 626 556 70 82 0 8 6 pvpl 32 2084780 0 2066750 459 281 178 361 0 265 2 pmappl 248 7243 0 7216 3 0 3 3 0 8 0 extentpl 40 56 0 38 1 0 1 1 0 8 0 phpool 112 1665 0 786 26 0 26 26 0 8 0 ddb{0}> machine ddbcpu 0 Invalid cpu 0 ddb{0}> trace db_enter() at db_enter+0x1c sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff8279bd0a) at panic+0x17b sys/kern/subr_prf.c:198 __assert(ffffffff8281ebaf,ffffffff82823b10,bc,ffffffff827b9c9d) at __assert+0x29 sys/kern/subr_prf.c:157 unveil_destroy(ffff80002e48fac0) at unveil_destroy+0x1a4 sys/kern/kern_unveil.c:188 exit1(ffff8000212c7b68,0,0,1) at exit1+0x3d5 sys/kern/kern_exit.c:220 sys_exit(ffff8000212c7b68,ffff80002e45b630,ffff80002e45b680) at sys_exit+0x1a sys/kern/kern_exit.c:89 syscall(ffff80002e45b700) at syscall+0x5e2 mi_syscall sys/sys/syscall_mi.h:110 [inline] syscall(ffff80002e45b700) at syscall+0x5e2 sys/arch/amd64/amd64/trap.c:623 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x780020fcdc30, count: -8 ddb{0}> machine ddbcpu 1 Stopped at x86_ipi_db+0x1e: addq $0x8,%rsp x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020d58ff0) at sched_idle+0x41e sys/kern/kern_sched.c:199 end trace frame: 0x0, count: 10 ddb{1}> trace x86_ipi_db(ffff800020d58ff0) at x86_ipi_db+0x1e sys/arch/amd64/amd64/db_interface.c:393 x86_ipi_handler() at x86_ipi_handler+0xb7 sys/arch/amd64/amd64/ipi.c:106 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x27 acpicpu_idle() at acpicpu_idle+0x312 sys/dev/acpi/acpicpu.c:1206 sched_idle(ffff800020d58ff0) at sched_idle+0x41e sys/kern/kern_sched.c:199 end trace frame: 0x0, count: -5