panic: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_unveil.c", line 188 Stopped at db_enter+0x25: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830bd0f8) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83076404,ffffffff8304895b,bc,ffffffff82ffb8e3) at __assert+0x29 unveil_destroy(ffff8000327f5580) at unveil_destroy+0x1dd sys/kern/kern_unveil.c:188 exit1(ffff80002a5a9c08,0,0,1) at exit1+0x60f sys/kern/kern_exit.c:233 sys_exit(ffff80002a5a9c08,ffff80002a54b880,ffff80002a54b7d0) at sys_exit+0x1a syscall(ffff80002a54b880) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7d281cba4450, count: 7 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic *cpu0: kernel diagnostic assertion "ps->ps_uvncount == 0" failed: file "/syzkaller/managers/main/kernel/sys/kern/kern_unveil.c", line 188 ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830bd0f8) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83076404,ffffffff8304895b,bc,ffffffff82ffb8e3) at __assert+0x29 unveil_destroy(ffff8000327f5580) at unveil_destroy+0x1dd sys/kern/kern_unveil.c:188 exit1(ffff80002a5a9c08,0,0,1) at exit1+0x60f sys/kern/kern_exit.c:233 sys_exit(ffff80002a5a9c08,ffff80002a54b880,ffff80002a54b7d0) at sys_exit+0x1a syscall(ffff80002a54b880) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7d281cba4450, count: -8 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff80002a54b5d0 rbx 0xffff8000327f5580 rdx 0 rcx 0 rax 0xffff80002a5a9c08 r8 0x101010101010101 r9 0x8080808080808080 r10 0xc3a1766167c03097 r11 0xdfbfbebccbc8c6bc r12 0 r13 0x2 r14 0 r15 0x1 rip 0xffffffff822483c5 db_enter+0x25 cs 0x8 rflags 0x246 rsp 0xffff80002a54b5c0 ss 0x10 db_enter+0x25: addq $0x8,%rsp ddb> show proc PROC (syz-executor) tid=266280 pid=72924 tcnt=0 stat=onproc flags process=1008 proc=2000 runpri=32, usrpri=84, slppri=32, nice=20 wchan=0x0, wmesg=, ps_single=0xffff80002a5a9c08 scnt=-1 ecnt=1 forw=0xffffffffffffffff, list=0xffff80002f3e76f0,0xffff80002a5b7488 process=0xffff8000327f5580 user=0xffff80002a546000, vmspace=0xfffffd806c38a850 estcpu=34, cpticks=6, pctcpu=0.26, user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 77675 9891 55107 0 2 0 syz-executor 77675 241353 55107 0 3 0x4000080 fsleep syz-executor 77675 293766 55107 0 2 0x4000000 syz-executor 23156 218261 52021 0 2 0x10 syz-executor 23156 353493 52021 0 3 0x4000090 fsleep syz-executor 23156 122149 52021 0 2 0x4000010 syz-executor 65350 36350 70188 0 2 0 syz-executor 65350 12468 70188 0 2 0x4000000 syz-executor 62514 250228 62501 0 2 0 syz-executor 62514 61053 62501 0 2 0x4000000 syz-executor 62514 468115 62501 0 2 0x4000000 syz-executor 80177 467720 69805 0 2 0 syz-executor 80177 390398 69805 0 3 0x4000080 fsleep syz-executor 58058 228420 49001 60928 2 0x10 syz-executor 58058 149474 49001 60928 2 0x4000010 syz-executor 58058 275824 49001 60928 3 0x4000090 fsleep syz-executor 91052 149881 0 0 3 0x14200 acct acct 52021 450121 88363 0 3 0x82 nanoslp syz-executor 70188 371032 88363 0 3 0x82 nanoslp syz-executor 71008 501734 0 0 3 0x14280 nfsidl nfsio 61277 36531 0 0 3 0x14280 nfsidl nfsio 67908 238098 0 0 3 0x14280 nfsidl nfsio 81325 483625 0 0 3 0x14280 nfsidl nfsio 71780 52207 0 0 3 0x14280 nfsidl nfsio 40051 258975 0 0 3 0x14280 nfsidl nfsio 82414 207721 0 0 3 0x14280 nfsidl nfsio 75564 458062 0 0 3 0x14280 nfsidl nfsio 82281 337173 0 0 3 0x14280 nfsidl nfsio 2746 436552 0 0 3 0x14280 nfsidl nfsio 37583 442053 0 0 3 0x14280 nfsidl nfsio 32607 381129 0 0 3 0x14280 nfsidl nfsio 84669 278189 0 0 3 0x14280 nfsidl nfsio 60952 346125 0 0 3 0x14280 nfsidl nfsio 94244 77662 0 0 3 0x14280 nfsidl nfsio 94433 85361 0 0 3 0x14280 nfsidl nfsio 96367 173249 0 0 3 0x14280 nfsidl nfsio 2427 203086 0 0 3 0x14280 nfsidl nfsio 3722 504004 0 0 3 0x14280 nfsidl nfsio 48355 493173 0 0 3 0x14280 nfsidl nfsio 49001 58583 88363 0 3 0x82 nanoslp syz-executor 56220 498672 0 0 3 0x14200 bored sosplice 14523 295160 88363 0 3 0x82 nanoslp syz-executor 21884 1262 88363 0 3 0x82 nanoslp syz-executor 55107 187705 88363 0 3 0x82 nanoslp syz-executor 69805 411133 88363 0 3 0x82 nanoslp syz-executor 62501 280701 88363 0 3 0x82 nanoslp syz-executor 88363 469986 20412 0 3 0x82 kqread syz-executor 20412 347344 19525 0 3 0x10008a sigsusp ksh 19525 163137 28155 0 3 0x98 kqread sshd-session 28155 319732 1649 0 3 0x92 kqread sshd-session 59944 439398 1 0 3 0x100083 ttyin getty 1649 338670 1 0 3 0x88 kqread sshd 55450 180237 24503 73 3 0x1100090 kqread syslogd 24503 184829 1 0 3 0x100082 sbwait syslogd 96358 51579 1 0 3 0x100080 kqread resolvd 35042 123860 67703 77 3 0x100092 kqread dhcpleased 85875 425473 67703 77 3 0x100092 kqread dhcpleased 67703 417988 1 0 3 0x80 kqread dhcpleased 78995 89667 0 0 3 0x14200 bored smr 45364 371924 0 0 2 0x14200 zerothread 72016 276138 0 0 3 0x14200 aiodoned aiodoned 28787 356564 0 0 3 0x14200 syncer update 43796 428293 0 0 3 0x14200 cleaner cleaner 94428 356228 0 0 3 0x14200 reaper reaper 35873 453439 0 0 3 0x14200 pgdaemon pagedaemon 87187 346403 0 0 3 0x14200 bored viomb 46544 510465 0 0 3 0x40014200 acpi0 acpi0 53748 248002 0 0 3 0x14200 bored softnet3 15338 96127 0 0 3 0x14200 bored softnet2 44088 7109 0 0 3 0x14200 bored softnet1 20765 520062 0 0 3 0x14200 bored softnet0 1256 400704 0 0 3 0x14200 bored systqmp 96768 432265 0 0 3 0x14200 bored systq 935 311952 0 0 2 0x40014200 softclock 79861 271651 0 0 3 0x40014200 idle0 1 351080 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim devbuf 10208 11179K 11513K 166960K 14637 0 pcb 17 15K 17K 166960K 491 0 rtable 177 14K 15K 166960K 806 0 pf 31 13K 269K 166960K 169 0 ifaddr 32 5K 7K 166960K 98 0 ifgroup 46 2K 2K 166960K 149 0 sysctl 3 0K 1K 166960K 6 0 counters 29 17K 17K 166960K 61 0 ioctlops 0 0K 4K 166960K 488 0 iov 0 0K 28K 166960K 247 0 mount 1 1K 1K 166960K 1 0 log 0 0K 0K 166960K 4 0 vnodes 1524 96K 96K 166960K 3278 0 UFS quota 1 32K 32K 166960K 1 0 UFS mount 5 36K 36K 166960K 5 0 shm 2 1K 9K 166960K 35 0 VM map 2 1K 1K 166960K 2 0 sem 12 0K 0K 166960K 147 0 dirhash 12 2K 2K 166960K 36 0 ACPI 1690 195K 286K 166960K 12468 0 file desc 17 61K 97K 166960K 1852 0 sigio 1 0K 0K 166960K 52 0 proc 65 83K 124K 166960K 741 0 subproc 104 6K 6K 166960K 158 0 NFS srvsock 1 0K 0K 166960K 1 0 NFS daemon 1 16K 16K 166960K 1 0 ip_moptions 0 0K 0K 166960K 311 0 in_multi 69 5K 7K 166960K 208 0 ether_multi 1 0K 0K 166960K 9 0 mrt 0 0K 0K 166960K 5 0 ISOFS mount 1 32K 32K 166960K 1 0 MSDOSFS mount 1 16K 16K 166960K 1 0 ttys 223 996K 996K 166960K 223 0 exec 0 0K 1K 166960K 1135 0 fusefs mount 1 32K 32K 166960K 1 0 pfkey data 0 0K 0K 166960K 2 0 tdb 3 0K 0K 166960K 3 0 VM swap 8 62K 64K 166960K 10 0 UVM amap 229 72K 90K 166960K 18611 0 UVM aobj 55 3K 3K 166960K 62 0 pinsyscall 39 78K 96K 166960K 2984 0 memdesc 1 4K 4K 166960K 1 0 crypto data 1 1K 1K 166960K 1 0 ip6_options 0 0K 0K 166960K 67 0 NDP 10 0K 2K 166960K 69 0 temp 77 6820K 6886K 166960K 69355 0 kqueue 13 20K 31K 166960K 297 0 SYN cache 2 16K 16K 166960K 2 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle rtpcb 120 280 0 277 5 2 3 3 0 8 2 rtentry 112 247 0 172 4 0 4 4 0 8 0 unpcb 144 2149 0 2130 19 15 4 11 0 8 3 syncache 336 4 0 4 2 1 1 1 0 8 1 tcpqe 32 1 0 1 1 0 1 1 0 8 1 tcpcb 808 757 0 753 14 10 4 8 0 8 3 arp 88 28 0 15 1 0 1 1 0 8 0 ipq 40 3 0 3 1 0 1 1 0 8 1 ipqe 40 50 0 50 1 0 1 1 0 8 1 inpcb 336 2187 0 2179 18 14 4 10 0 8 3 nd6 104 46 0 28 1 0 1 1 0 8 0 pkpcb 40 10 0 10 3 2 1 1 0 8 1 kcovpl 48 12 0 4 1 0 1 1 0 8 0 ppxss 1072 16 0 16 2 1 1 1 0 8 1 pfstscr 40 2 0 2 1 1 0 1 0 8 0 pfrktable 1344 4 0 4 1 1 0 1 0 8 0 pfanchor 1288 3 0 1 1 0 1 1 0 8 0 pftag 88 2 0 1 1 0 1 1 0 8 0 pfstitem 24 2 0 0 1 0 1 1 0 8 0 pfstkey 128 9 0 7 1 0 1 1 0 8 0 pfstate 344 5 0 4 1 0 1 1 0 8 0 pfrule 1344 17 0 13 1 0 1 1 0 8 0 art_heap8 4096 4 0 0 4 0 4 4 0 8 0 art_heap4 256 822 0 473 36 12 24 29 0 8 1 art_table 32 826 0 473 4 0 4 4 0 8 0 art_node 16 179 0 112 1 0 1 1 0 8 0 sysvmsgpl 40 14 0 9 1 0 1 1 0 8 0 semapl 112 145 0 135 1 0 1 1 0 8 0 shmpl 112 59 0 7 2 0 2 2 0 8 0 dirhash 1024 33 0 16 3 0 3 3 0 8 0 dino2pl 256 4679 0 3184 95 0 95 95 0 8 0 ffsino 240 4679 0 3184 89 0 89 89 0 8 0 nchpl 144 7393 0 6875 63 32 31 63 0 8 8 uvmvnodes 80 5926 0 0 121 0 121 121 0 8 0 vnodes 216 5926 0 0 330 0 330 330 0 8 0 namei 1024 26668 0 26668 3 2 1 2 0 8 1 pfiaddrpl 120 1 0 1 1 1 0 1 0 8 0 kstatmem 264 84 0 64 2 0 2 2 0 8 0 scsiplug 72 10 0 10 2 1 1 1 0 8 1 scxspl 216 20836 0 20836 10 8 2 8 1 8 2 plimitpl 152 502 0 486 1 0 1 1 0 8 0 sigapl 424 2150 0 2082 8 0 8 8 0 8 0 futexpl 64 27050 0 27046 2 1 1 1 0 8 0 knotepl 120 74369 0 74322 51 42 9 17 0 8 6 kqueuepl 184 557 0 548 4 3 1 4 0 8 0 pipepl 288 319 0 292 7 4 3 7 0 8 0 fdescpl 432 2109 0 2080 5 1 4 5 0 8 0 filepl 120 15390 0 15148 20 9 11 16 0 8 0 lockfpl 104 532 0 530 1 0 1 1 0 8 0 lockfspl 48 183 0 181 1 0 1 1 0 8 0 sessionpl 144 26 0 18 1 0 1 1 0 8 0 pgrppl 48 90 0 74 1 0 1 1 0 8 0 ucredpl 104 2593 0 2580 1 0 1 1 0 8 0 zombiepl 144 2384 0 2382 2 1 1 1 0 8 0 processpl 1096 2150 0 2082 5 0 5 5 0 8 0 procpl 648 4834 0 4755 8 0 8 8 0 8 0 sosppl 168 11 0 11 1 1 0 1 0 8 0 sockpl 504 4861 0 4831 85 72 13 37 0 8 8 mcl64k 65536 21 0 21 2 1 1 1 0 8 1 mcl16k 16384 6 0 6 2 2 0 1 0 8 0 mcl8k 8192 31 0 31 3 2 1 1 0 8 1 mcl4k 4096 5047 0 4995 21 13 8 19 0 8 0 mcl2k2 2112 1 0 1 1 0 1 1 0 8 1 mcl2k 2048 1959 0 1955 6 4 2 4 0 8 0 mtagpl 96 60 0 37 1 0 1 1 0 8 0 mbufpl 256 23454 0 23343 53 32 21 40 0 8 8 bufpl 280 5372 0 107 377 0 377 377 0 8 0 anonpl 24 334426 0 330840 117 46 71 71 0 187 40 amapchunkpl 152 64229 0 63728 56 23 33 36 0 158 12 amappl16 200 7311 0 7279 55 43 12 15 0 8 8 amappl15 192 6 0 6 1 1 0 1 0 8 0 amappl14 184 112 0 102 1 0 1 1 0 8 0 amappl13 176 7 0 7 1 1 0 1 0 8 0 amappl12 168 2791 0 2760 3 1 2 3 0 8 0 amappl11 160 47 0 37 1 0 1 1 0 8 0 amappl10 152 9 0 8 1 0 1 1 0 8 0 amappl9 144 116 0 116 1 1 0 1 0 8 0 amappl8 136 24 0 22 1 0 1 1 0 8 0 amappl7 128 120 0 110 1 0 1 1 0 8 0 amappl6 120 205 0 203 1 0 1 1 0 8 0 amappl5 112 147 0 137 1 0 1 1 0 8 0 amappl4 104 328 0 312 1 0 1 1 0 8 0 amappl3 96 11432 0 11339 3 0 3 3 0 8 0 amappl2 88 2395 0 2313 2 0 2 2 0 8 0 amappl1 80 12851 0 12336 14 2 12 13 0 8 0 amappl 88 18096 0 17921 5 0 5 5 0 92 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma1024 1024 1 0 0 1 0 1 1 0 8 0 dma256 256 7 0 7 1 1 0 1 0 8 0 dma128 128 257 0 257 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 19 0 18 1 0 1 1 0 8 0 aobjpl 72 61 0 7 1 0 1 1 0 8 0 uaddrrnd 24 2109 0 2079 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 2109 0 2079 1 0 1 1 0 8 0 vmmpekpl 168 16467 0 16418 3 0 3 3 0 8 0 vmmpepl 168 131880 0 130078 102 13 89 90 0 357 5 vmsppl 352 2108 0 2079 4 1 3 4 0 8 0 rwobjpl 24 41355 0 34517 43 0 43 43 0 8 0 pdppl 4096 4224 0 4158 119 53 66 82 0 8 0 pvpl 32 889583 0 880479 210 58 152 152 0 265 56 pmappl 216 2108 0 2079 3 0 3 3 0 8 0 extentpl 40 55 0 38 1 0 1 1 0 8 0 phpool 112 565 0 224 11 0 11 11 0 8 0 ddb> machine ddbcpu 0 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830bd0f8) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83076404,ffffffff8304895b,bc,ffffffff82ffb8e3) at __assert+0x29 unveil_destroy(ffff8000327f5580) at unveil_destroy+0x1dd sys/kern/kern_unveil.c:188 exit1(ffff80002a5a9c08,0,0,1) at exit1+0x60f sys/kern/kern_exit.c:233 sys_exit(ffff80002a5a9c08,ffff80002a54b880,ffff80002a54b7d0) at sys_exit+0x1a syscall(ffff80002a54b880) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7d281cba4450, count: -8 ddb> machine ddbcpu 1 No such command ddb> trace db_enter() at db_enter+0x25 sys/arch/amd64/amd64/db_interface.c:437 panic(ffffffff830bd0f8) at panic+0x1cf sys/kern/subr_prf.c:198 __assert(ffffffff83076404,ffffffff8304895b,bc,ffffffff82ffb8e3) at __assert+0x29 unveil_destroy(ffff8000327f5580) at unveil_destroy+0x1dd sys/kern/kern_unveil.c:188 exit1(ffff80002a5a9c08,0,0,1) at exit1+0x60f sys/kern/kern_exit.c:233 sys_exit(ffff80002a5a9c08,ffff80002a54b880,ffff80002a54b7d0) at sys_exit+0x1a syscall(ffff80002a54b880) at syscall+0x97e sys/arch/amd64/amd64/trap.c:577 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7d281cba4450, count: -8